From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30059.outbound.protection.outlook.com [40.107.3.59]) by sourceware.org (Postfix) with ESMTPS id BA3303892449 for ; Thu, 22 Jul 2021 16:00:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org BA3303892449 Received: from AS8PR04CA0019.eurprd04.prod.outlook.com (2603:10a6:20b:310::24) by AM8PR08MB5604.eurprd08.prod.outlook.com (2603:10a6:20b:1d5::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.29; Thu, 22 Jul 2021 16:00:56 +0000 Received: from AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:310:cafe::f7) by AS8PR04CA0019.outlook.office365.com (2603:10a6:20b:310::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.26 via Frontend Transport; Thu, 22 Jul 2021 16:00:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; gcc.gnu.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;gcc.gnu.org; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT009.mail.protection.outlook.com (10.152.16.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.24 via Frontend Transport; Thu, 22 Jul 2021 16:00:55 +0000 Received: ("Tessian outbound 664b93226e0b:v99"); Thu, 22 Jul 2021 16:00:54 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 43659f04f2d221bf X-CR-MTA-TID: 64aa7808 Received: from 68dffddd86ee.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 17189E00-3D99-4638-BA66-92074F3A2E03.1; Thu, 22 Jul 2021 16:00:35 +0000 Received: from EUR02-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 68dffddd86ee.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 22 Jul 2021 16:00:35 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cpUl6X/gzjyPwTMUUF2XXKMXtfS2KWYjju9MMl18/7tVBDbUrpH4zTLjv9yDzE1UhsxK4mwiu2eOVu7LyNpKx9FMFnEOwamZeAC/JB7e0p+FxWSH5T4zdteS7GglcXGsJXNTB97R+n8WNNhB7rFU+ZY99QPDBbUE9kG04LmdNd4fn63QmoI8+3YZh2NlgJ4BOIV/QEnGn0ylbEJtfsPl1W7Hd7lpBpHFc+K8MLUczLCt7b01ZpyCnFzU72vnVxZF1im9wjZ+7bxz5L6sf1TnCQ6UUmfmzkmGPum0oLiQqquxU3BC2JDeHZik+0ei0/h26XvyfxbAYFAQ5SHn5QTh5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uAB8risF/SmLOUKWfEnFZpgnRodPkgw4hIl9a5h+ugg=; b=BT0+pVA2JTqyIag0wTFCOq4HxvMpDJCEGasc1YZ1TZZUmCGndoLoiSwD5w9A0oGpQEtS2wg20FY8CYrpvnLyUai5HTSB2AgFzkU+FrixGjkeiyHUmtMisS+ZaST1F1IVgNXw9twHaUKoJN1RZ/vcpimOGm7ec43vcwd0A+y5HCKVoaQvF0JANO0s48sowKsyRjfi2Zkd7+8Se1y+9BMV75P6c2CQ0HuJgP4mQQESEELTUrbO9kSQcSS+3OApwZk2v8HX3h86FUi/TgRXbThwr+HzE0EjHODGoE5VC8nZkhtY0DTG0OvsdIB6X2W0b2S7WntHNZqEzFgajodSdXcuQQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none Received: from DB9PR08MB6761.eurprd08.prod.outlook.com (2603:10a6:10:2a6::9) by DBBPR08MB4837.eurprd08.prod.outlook.com (2603:10a6:10:d9::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.24; Thu, 22 Jul 2021 16:00:33 +0000 Received: from DB9PR08MB6761.eurprd08.prod.outlook.com ([fe80::a8ce:78e6:fe85:3474]) by DB9PR08MB6761.eurprd08.prod.outlook.com ([fe80::a8ce:78e6:fe85:3474%6]) with mapi id 15.20.4331.034; Thu, 22 Jul 2021 16:00:33 +0000 From: Matthew Malcomson To: "gcc@gcc.gnu.org" CC: Kyrylo Tkachov , Richard Earnshaw , Vidya Praveen , Luis Machado , Richard Sandiford , Szabolcs Nagy , Carlos Seo , Luis Machado , Silviu Baranga , Alex Coplan , Stam Markianos-Wright , "jessica.clarke@cl.cam.ac.uk" , "robert.watson@cl.cam.ac.uk" , Ruben Ayrapetyan , "alexander.richardson@cl.cam.ac.uk" Subject: [WIP][not for GCC main branch] CHERI/Morello capabilities in GCC Thread-Topic: [WIP][not for GCC main branch] CHERI/Morello capabilities in GCC Thread-Index: AQHXfwojQRUohL0fEEGAS+RnZBXB5A== Date: Thu, 22 Jul 2021 16:00:33 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: Authentication-Results-Original: gcc.gnu.org; dkim=none (message not signed) header.d=none;gcc.gnu.org; dmarc=none action=none header.from=arm.com; x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: c6ca29d1-118b-40a9-40c1-08d94d29e375 x-ms-traffictypediagnostic: DBBPR08MB4837:|AM8PR08MB5604: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: pydO0iesILwg9zxG4TUcc2G7C/fU+Mn4Ae2pCXvcfxoJS49tKon8pwr9ojmlJ8ouAakyfjmsNNVHlNB/bD3xU5ikqjmtlKPJsEDcQJhUVEsiAgciCYYYgQSmdZKneY9boVqowJNWD7Po2kfDg6MXACofUd6pwnWw4T1rHTBEKswHDrfyc697jTGKlbF2ej4GiwBvx4ccZWCGEVRxFqXvzdgdH5Awjfxx0d76r+5jyOEeUnFfHt1wytfLVkNoSYRDc5L8c0ToPTT40dNVDVUrACxJTla3VuYzsfBllyUG1ZcxofC9f55lSb5HNuBrCxBwgTCF2OCP5B1NylacxUFT0FOlYASsVDpU2FPva+KIuyJBA/LGkiZEOrOTo17Z+ECc4F+fCS4RCsre23KB110CjA3p233ONRVd8JfDx0A7H8gIKiu6x12pSuafn6pjIRojuNo7rEXJRei/Qhqb9Up3T9l4Z5+xvO3uylXbFQIp4GEAAJY3QimN7Z8BDV5hkvVtcwGo59T3LtRmN99F8HRWFjTk/2/IvpytwCpYc1qQtXj/bJeSELr0J29u1kdH/NsMuo1UTrBRHdgjspFzTwDlpFRWXCyS6gVu4oQCdKWMs7Ce/I1wIusZTLimVPJmd52CTMQhtsJ+ye/YwRVyXfl/lWsmGdo/U2QjzF2XGvFoPO5JDi8ZfkbG53JnHAabrlNgL/gAg6otUg/6gdtiNKXTJ25rMy3VEgC7BG/A6XkRvb7dNSLIMO2xN2gbojLym/kJULfbypK6LZS1NnFKHsqK9c704Wd4QRtdAq6ncLQHpGxXpKSzcpZ3k1UmX/j4oGle5Iom6HJCJPduM0OZyu7xpw== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR08MB6761.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(366004)(376002)(346002)(39850400004)(6916009)(66476007)(6506007)(38100700002)(83380400001)(33656002)(5660300002)(316002)(54906003)(64756008)(4326008)(66556008)(186003)(52536014)(2906002)(122000001)(66446008)(91956017)(66946007)(7696005)(966005)(19627405001)(71200400001)(9686003)(86362001)(478600001)(26005)(8676002)(8936002)(55016002)(76116006)(38070700004); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?4VLRxIFkDToR7ZQJB6GhiAN7KxPBm+MYByJZy2wyjp6Fo/R85lBUAR2Mlz?= =?iso-8859-1?Q?ZYdEX+dcaF7zAzzLoND3jFvn7TeePv1tc/iRoVs2HAxIhCc0wDTlB6izao?= =?iso-8859-1?Q?raHPa9phMhhxRIzO1lCeOTfz11AxUPtwJkgwi7+ghb+5SmoP6Rr8ZOdzK5?= =?iso-8859-1?Q?KRRSU2zZekV6tnt3Tj66JAymyMNguP3yERaJqIYkEB9dSoaGam6yRWAxJE?= =?iso-8859-1?Q?MhR3+mmMUzS/tC+mxrb7SoFoNlgHYXQraT5agMQgbBBPQu4oMUKxpBoK48?= =?iso-8859-1?Q?MrtKQfeiG057lqdY20/QmhbgmCm7Smwi5CcZ4oS2XzXiQ+gslPWdE6eGAK?= =?iso-8859-1?Q?u2RpQNzqtUzdLqStxI6u5KkHzlWHxsK6/opihI+r7X6N+KGK3iimQwU5Ge?= =?iso-8859-1?Q?F+5ZncByM/1P6oWKFF6Qzrw0F/QyO76dZtSERyuEZFIUhQTaY6yc2Eo4kG?= =?iso-8859-1?Q?sCl4AwJA45Q4RnSdlhTWvMVuiMGqENmxM0zQpfEyA45BMUBAjwllr/cpRJ?= =?iso-8859-1?Q?ASH6dklMdjFjW35I9RhGPQUytRePjMpBs0byOHDrRqQMSaMzzOxSm1rrD4?= =?iso-8859-1?Q?oPkmwMmvt9fTAixGb3W/Eq5V+cJvqjZ03dpXFZx8beap2Q9ey6lWUMGuYk?= =?iso-8859-1?Q?pU069fLQmj8aCCWwFKhIwiv6GHtpLDetBuQ4lOxx9doBtDCzGCFUSts68u?= =?iso-8859-1?Q?63ZV8vFcwsZj3JIaof9+H5fZ4a+2X3KzRkGOj9eXX3+6dCDgHp8JTHl15A?= =?iso-8859-1?Q?D69VMB8nYSeLHYvWj27f406HvcMVo4RdbXn7/MvagcFVyXH/SLfadx3fll?= =?iso-8859-1?Q?n5YQqMCMsXZYr+mVWLQ7dLmMupyIVNMllY8MTEbyBxF8Os15iqcAssZX7U?= =?iso-8859-1?Q?242aM4xna2afJw2dyESZM6xBTNnZtscdeSG2nDe8Qr4pnwTfkBAxZCn+vN?= =?iso-8859-1?Q?PZAc2zDqsnzMZ5QoQJf4RU6dGf7rw+KeW3PMpBr18l2GjQ2GgTeYcNExca?= =?iso-8859-1?Q?iVuPqqIxMyv+NavPb/PwmX0NTx9NYqLSqKUpAX9qQE/gAH0gepDpxWryF9?= =?iso-8859-1?Q?t6qGUZ5OpRmN8lFow9enwYhSZM9kswr1ct9q9XZvQf0wBwEfhWDJp1zKsa?= =?iso-8859-1?Q?IMgOnEb8tWGJG44qNn8rFM43VXHsHqNocTd+KDHeqT6EeiOjC3QjNs/pia?= =?iso-8859-1?Q?cd0m7lxv1W0mjiX8cxNDaAlAcy5V16UtAwtKUWcB3+NlQnnQ+P915nQmGI?= =?iso-8859-1?Q?JooSE4+wIHKjd22wXiR3MjzvBhyQtbb1K8tL63kL8yYeNRk7HfHF9jLmG6?= =?iso-8859-1?Q?dfAzfVwd0bMGeqlG4JyJrFnWFBhLl9BOT1b/PlcAM04nuoA=3D?= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4837 Original-Authentication-Results: gcc.gnu.org; dkim=none (message not signed) header.d=none;gcc.gnu.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 8b298c72-df39-4427-a579-08d94d29d696 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: FZfzY6h4yR8I7+tC/WLpydwF4/mImy/83Ts4t/TpjTPYIkGrgQmVY4m+XW3TGh38Z/oSslxLQQCmEFGjVkyHlVpuv9byt/RM7WO6kCKijv3NtqCaaRqKTTUIjjAzEWbRX2XtGHkDdjCzl6daTM+dCboJ5hIb0jMGLK1MrSKzgyHFoEv/qdJQ+avOMdUAQ6uhV419xxSVxn22QVwrzxLRiitbOd3/2JQuvfOos+2CZCH14fsjB7j8YSlqZO0rvkH54ifJZJ1duE9uJVmk+nDu+9g0aWEQogjQZvCtWSb2VD418PbS4HCApW9BIh23srb5QQ8HGUabOD3gQ/yf0hv/cNLXxxIEheMOkpOBH8GbtxNys0h93B1w0enOa33zzj8BgcBayhw80al3IdeNNbTlvm6iSfxHlSnM2MIzjLAEOabjs1Bgkzu0cxzvGcUaZPV8lZjwyGxy5/l5so9NkTHR9upzeOHJS2IAJDrBflTmGrdWGnBy+5/FcW6D+v9ZjZSqk55rzU3pScgp/j4ocH4kyqVFztkZ1zCadMPo6Kaq3wwvu+R2Bf/berSyEahnxkqZS3huBW9XnQdk9QA7toqaGuUoB2axDRUmnkk8S0Nv5vdxFl+aPJKAFdlOwVFNDhYZN/RaG5UgoYgQ4hUaIt+9K1gEFmJfqzbdYHoCE+k+w0BKj+kJaMZ2QGZjyS5T8BtLBIIw54S1ch+777etc9HiC9XDwxekOTTNmJBYJ65tkXjULkk/D8NCYo+/ciyqCLcWxfObQ/kUB1DxNsEauJ+hl0q11l4J4qo2BreoXqK3ib1o2AFo4vf+0l66LwhkYegVweNU7D8gI3LV3Jp2EHo4xQ== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(39860400002)(376002)(136003)(346002)(396003)(46966006)(36840700001)(9686003)(81166007)(316002)(186003)(6916009)(5660300002)(47076005)(19627405001)(336012)(55016002)(356005)(26005)(7696005)(2906002)(86362001)(6506007)(478600001)(52536014)(4326008)(82310400003)(966005)(36860700001)(82740400003)(70586007)(70206006)(33656002)(54906003)(8676002)(83380400001)(8936002); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jul 2021 16:00:55.4056 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c6ca29d1-118b-40a9-40c1-08d94d29e375 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB5604 X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, HTML_MESSAGE, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: gcc@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jul 2021 16:01:05 -0000 Hello, We're working on adding CHERI capability support to GCC, specifically focus= ing on targetting the experimental Morello architecture. The eventual aim is to help bring up a GNU system on the upcoming Morello boards. Morello is an integration of the CUCL CHERI (Capability Hardware Enhanced R= ISC Instructions) protection model into the ARMv8-A architecture. https://www.arm.com/blogs/blueprint/digital-security-by-design https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ Our current status is very much work-in-progress, but to add visibility abo= ut the project to those that are interested, and to ease collaboration with th= ose we're working closely with, we are pushing the work to a branch in the ARM vendor area of the GCC main repo. It is under refs/vendors/ARM/heads/morello. We do intend to split this into a coherent patch series at some point in th= e future as we would appreciate feedback on our approach from the community, = but are not focusing on this yet. This email is just about mentioning that we = are working on such a project rather than asking for opinions on the approach (= since we have other goals for the short term and creating a meaningful sequence o= f commits that communicates intention is quite a bit of work). To mention, we are notably further along on this project than our first com= mit would indicate. There is a delay between our internal work and making thin= gs public. For those that are interested we present a *very* high-level description of= our implementation below: - Capabilities are new hardware features. They are logically an integral value, a hardware-maintained validity bit,= and some metadata. This is usually a pointer where the integral value is an address value (that is not always the case for uintptr_t and intptr_t). If the validity bit is not set then no capability pointer can be used (no matter what the metadata). This validity bit can not be set by software directly, rather the only way to get a capability with a set validity bit= is to derive it from another valid capability. - Our first step is to introduce the concept of capabilities. We are most of the way towards this goal. Here we can act as if generati= ng code for a capability-enabled AArch64 architecture before emitting plain AArch64 code at the very last step. This is enabled by a target-specific= flag `-mfake-capability`. - A capability is indicated by having a capability MODE (which is a new mod= e class). (either as the mode of the value in RTL, or under the TYPE_MODE of a type= in TREE/Gimple). Hence a pointer under TREE is described in the same way as = usual except for having a TYPE_MODE of CADImode (CApability-DImode). - Some operations do not make sense for capabilities. These operations are disabled for capabilities. E.g. a basic PLUS can not be made on a capability in RTL since the operat= ion requires all modes of operands to be the same and there is no concept of adding two capabilities together. - Most complex operations on address values should be via casting to an integral. To do more complex arithmetic on capabilities it is expected that the compiler should extract the address value from the capability, perform = the operations on that address value (which is just an integral value), and finally generate a new capability with the old metadata and new value. Authors of the branch so far: Alex Coplan Dennis Zhang Matthew Malcomson Stam Markianos-Wright GCC Implementation Design: Richard Sandiford