Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make all CSR writes unsafe by default #251

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

romancardenas
Copy link
Contributor

Closes #209

Work in Progress! I added a safe pattern to opt out of unsafety in cases where we consider there to be no safety issues. I will list all the different registers where we use this macro and nominate some to maintain write safety.

@romancardenas romancardenas requested a review from a team as a code owner December 19, 2024 08:19
@rmsyn
Copy link
Contributor

rmsyn commented Dec 20, 2024

Since most of these registers are WARL, what are we using for safe vs. unsafe criteria? Is it going to be related to side-effects, e.g. mtvec pointing to a potentially invalid memory region only triggered by an interrupt/exception?

Whatever criteria we come up with, maybe we should also add a blurb to the top-level register module about them?

Adding the safe opt-out is a good approach in my opinion. I agree that the CSR writes should be unsafe by default.

@romancardenas
Copy link
Contributor Author

what are we using for safe vs. unsafe criteria? Is it going to be related to side-effects, e.g. mtvec pointing to a potentially invalid memory region only triggered by an interrupt/exception?

Yes, let us leave all writes of CSRs that might trigger invalid states unsafe. mtvec is a good example. I guess that mstatus must also be unsafe, as it can break critical sections, for instance.

@romancardenas
Copy link
Contributor Author

romancardenas commented Jan 10, 2025

Registers built with write_csr_as_usize that could be write-safe

  • mepc
  • mhpmcounterx
  • mhpmeventx
  • mscratch
  • pmpaddrx
  • pmpcfgx
  • satp
  • sepc
  • sscratch

I personally think that all these registers should be unsafe to write

@romancardenas
Copy link
Contributor Author

I have been reading the ISA and I feel like most of the registers should be unsafe to write. I think it would be a better idea force all write functions to be unsafe and open a new issue/RFC to nominate registers to be safe. What do you think @rust-embedded/riscv ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

riscv: All the CSR write operations should be unsafe by default
2 participants