Prune stale FLUTE support
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
deleted file mode 100644
index 9cd81d7..0000000
--- a/azure-pipelines.yml
+++ /dev/null
@@ -1,149 +0,0 @@
-trigger:
-- core
-
-resources:
- pipelines:
- - pipeline: LLVM
- project: CHERI-MCU
- source: LLVM
- - pipeline: Flute-TCM
- project: CHERI-MCU
- source: Flute-TCM
- - pipeline: sail-cheri-mcu
- project: CHERI-MCU
- source: sail-cheri-mcu
-
-jobs:
-############################################## Linux Builds
-- job:
- displayName: RTOS tests
- pool:
- vmImage: ubuntu-20.04
- timeoutInMinutes: 300
- strategy:
- matrix:
- HardwareRevokerRelease:
- board: flute
- flags: --debug-loader=n --debug-scheduler=n --debug-allocator=n
- mode: release
- SoftwareRevokerRelease:
- board: flute-software-revoker
- flags: --debug-loader=n --debug-scheduler=n --debug-allocator=n
- mode: release
- SailRelease:
- board: sail
- flags: --debug-loader=n --debug-scheduler=n --debug-allocator=n
- mode: release
- HardwareRevokerDebug:
- board: flute
- flags: --debug-loader=y --debug-scheduler=y --debug-allocator=y
- mode: debug
- SoftwareRevokerDebug:
- board: flute-software-revoker
- flags: --debug-loader=y --debug-scheduler=y --debug-allocator=y
- mode: debug
- SailDebug:
- board: sail
- flags: --debug-loader=y --debug-scheduler=y --debug-allocator=y
- mode: debug
- steps:
- - checkout: self
- submodules: recursive
- - download: LLVM
- - download: Flute-TCM
- - download: sail-cheri-mcu
- - script: |
- set -eo pipefail
- sudo add-apt-repository ppa:xmake-io/xmake
- sudo apt update
- sudo apt install xmake
- displayName: 'Installing dependencies'
- - script: |
- chmod +x $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/bin/* \
- $(Pipeline.Workspace)/$(resources.triggeringAlias)/Flute-TCM/FluteSimulator/* \
- $(Pipeline.Workspace)/$(resources.triggeringAlias)/sail-cheri-mcu/SailSimulator/*
- echo $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM
- echo $(Pipeline.Workspace)
- ls -R $(Pipeline.Workspace)
- displayName: 'See where anything is installed'
- - script: |
- ls $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/bin/
- echo xmake f -P . --board=$(board) --sdk=$(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/ $(flags) -m $(mode)
- xmake f -P . --board=$(board) --sdk=$(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/ $(flags) -m $(mode)
- workingDirectory: 'tests'
- displayName: 'Configure the build'
- - script: |
- xmake -P . -v
- workingDirectory: 'tests'
- displayName: 'Building the test suite'
- - script: |
- $(Pipeline.Workspace)/$(resources.triggeringAlias)/sail-cheri-mcu/SailSimulator/cheriot_sim -p --no-trace build/cheriot/cheriot/$(mode)/test-suite
- condition: startsWith(variables['board'],'sail')
- workingDirectory: 'tests'
- displayName: 'Running the test suite on Sail'
- - script: |
- export PATH=$(Pipeline.Workspace)/$(resources.triggeringAlias)/Flute-TCM/FluteSimulator:$PATH
- for I in `seq 32768` ; do echo 00000000 >> tail.hex ; done
- elf_to_hex build/cheriot/cheriot/$(mode)/test-suite Mem.hex
- hex_to_tcm_hex.sh
- cp tail.hex Mem-TCM-tags-0.hex
- exe_HW_sim +tohost | tee sim.log
- EXIT_CODE=$(expr $(printf '%d' $(grep -E -e 'tohost_value is 0x[0-9a-zA-Z]+' -o sim.log | awk '{print $3}')) / 2)
- echo "Exit code: $EXIT_CODE"
- exit $EXIT_CODE
- condition: startsWith(variables['board'],'flute')
- workingDirectory: 'tests'
- displayName: 'Running the test suite on Flute'
- - script: |
- set -eo pipefail
- for example_dir in $PWD/examples/*/; do
- cd $example_dir
- echo Building $example_dir
- xmake f --board=$(board) --sdk=$(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/ $(flags) -m $(mode)
- xmake
- done
- displayName: 'Building the examples'
- - script: |
- set -eo pipefail
- for example_dir in $PWD/examples/*/; do
- cd $example_dir
- echo Running $example_dir
- example_name=$(basename ${example_dir#*.})
- $(Pipeline.Workspace)/$(resources.triggeringAlias)/sail-cheri-mcu/SailSimulator/cheriot_sim \
- build/cheriot/cheriot/$(mode)/${example_name}
- done
- condition: startsWith(variables['board'],'sail')
- displayName: 'Running the examples'
-
-- job:
- displayName: Check coding style
- pool:
- vmImage: ubuntu-20.04
- timeoutInMinutes: 300
- steps:
- - checkout: self
- submodules: recursive
- - download: LLVM
- - script: |
- chmod +x $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/bin/*
- echo $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM
- echo $(Pipeline.Workspace)
- ls -R $(Pipeline.Workspace)
- displayName: 'See where anything is installed'
- - script: |
- ./scripts/run_clang_tidy_format.sh $(Pipeline.Workspace)/$(resources.triggeringAlias)/LLVM/LLVM/bin/
- displayName: 'Running clang-tidy and clang-format'
-
-- job:
- displayName: Compliance checks
- pool:
- vmImage: windows-latest
- steps:
- - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
- displayName: 'Run CredScan'
- inputs:
- debugMode: false
- - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
- displayName: 'Component Detection'
- - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
- displayName: 'Publish Security Analysis Logs'
diff --git a/docs/WritingADeviceDriver.md b/docs/WritingADeviceDriver.md
index 305a4df..e24ce92 100644
--- a/docs/WritingADeviceDriver.md
+++ b/docs/WritingADeviceDriver.md
@@ -194,11 +194,11 @@
### Platform includes
Each board description contains a set of include paths.
-For example, our Flute prototype platform has this:
+For example, our Ibex prototype platform has this:
```json
"driver_includes" : [
- "../include/platform/flute",
+ "../include/platform/ibex",
"../include/platform/generic-riscv"
],
```
diff --git a/scripts/run-flute.sh b/scripts/run-flute.sh
deleted file mode 100755
index 107c9e3..0000000
--- a/scripts/run-flute.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-if [ -z "${FLUTE_BUILD}" ] ; then
- echo The FLUTE_BUILD environment variable should be set to the flute build directory
- exit 0
-fi
-# This script depends on non-portable GNU extensions, so prefer the g-prefixed
-# versions if they exist
-TAIL=tail
-if which gtail ; then TAIL=gtail ; fi
-HEAD=head
-if which ghead ; then HEAD=ghead ; fi
-PASTE=paste
-if which gpaste ; then PASTE=gpaste ; fi
-echo Using ${TAIL}, ${HEAD}, and ${PASTE}
-
-if [ ! -f tail.hex ] ; then
- for I in $(seq 0 32768) ; do
- echo 00000000 >> tail.hex
- done
-fi
-
-${FLUTE_BUILD}/../../Tests/elf_to_hex/elf_to_hex $1 Mem.hex
-
-awk '{print substr($0,33,8); print substr($0,0,8)}' Mem.hex > 1u-0.hex
-awk '{print substr($0,41,8); print substr($0,9,8)}' Mem.hex > 0u-0.hex
-awk '{print substr($0,49,8); print substr($0,17,8)}' Mem.hex > 1l-0.hex
-awk '{print substr($0,57,8); print substr($0,25,8)}' Mem.hex > 0l-0.hex
-
-${TAIL} -n +3 1u-0.hex > 1u-1.hex
-${TAIL} -n +3 0u-0.hex > 0u-1.hex
-${TAIL} -n +3 1l-0.hex > 1l-1.hex
-${TAIL} -n +3 0l-0.hex > 0l-1.hex
-
-${HEAD} -n -4 1u-1.hex > 1u-2.hex
-${HEAD} -n -4 0u-1.hex > 0u-2.hex
-${HEAD} -n -4 1l-1.hex > 1l-2.hex
-${HEAD} -n -4 0l-1.hex > 0l-2.hex
-
-${PASTE} -d \\n 1l-2.hex 1u-2.hex > 1-0.hex
-${PASTE} -d \\n 0l-2.hex 0u-2.hex > 0-0.hex
-
-cat 1-0.hex tail.hex | ${HEAD} -n 32768 > Mem-TCM-1.hex
-cat 0-0.hex tail.hex | ${HEAD} -n 32768 > Mem-TCM-0.hex
-
-${FLUTE_BUILD}/exe_HW_sim +tohost > /dev/null
diff --git a/sdk/boards/flute-debug-uart.json b/sdk/boards/flute-debug-uart.json
deleted file mode 100644
index b0dd865..0000000
--- a/sdk/boards/flute-debug-uart.json
+++ /dev/null
@@ -1,52 +0,0 @@
-{
- "devices" :
- {
- "clint" : {
- "start" : 0x2000000,
- "length" : 0x10000
- },
- "plic" : {
- "start" : 0xc000000,
- "length" : 0x400000
- },
- "uart" : {
- "start" : 0x10000100,
- "end" : 0x10000200
- },
- "ethernet" : {
- "start" : 0x10000100,
- "end" : 0x10000200
- },
- "shadow" : {
- "start" : 0x40000000,
- "end" : 0x40001000
- },
- "shadowctrl" : {
- "start" : 0x40001000,
- "end" : 0x40001028
- }
- },
- "instruction_memory" : {
- "start" : 0x80000000,
- "end" : 0x80040000
- },
- "heap" : {
- "end" : 0x80040000
- },
- "revoker" : "hardware",
- "stack_high_water_mark" : true,
- "driver_includes" : [
- "../include/platform/flute",
- "../include/platform/generic-riscv"
- ],
- "defines" : [
- "FLUTE",
- "FLUTE_SHADOW_BASE=0x40000000U",
- "FLUTE_SHADOW_SIZE=0x1000U"
- ],
- "timer_hz" : 40000,
- "tickrate_hz" : 10,
- "simulator" : "${sdk}/../scripts/run-flute.sh",
- "simulation" : true
-}
-
diff --git a/sdk/boards/flute-no-revoker.json b/sdk/boards/flute-no-revoker.json
deleted file mode 100644
index aca256b..0000000
--- a/sdk/boards/flute-no-revoker.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
- "devices" :
- {
- "clint" : {
- "start" : 0x2000000,
- "length" : 0x10000
- },
- "plic" : {
- "start" : 0xc000000,
- "length" : 0x400000
- },
- "uart" : {
- "start" : 0x10000100,
- "end" : 0x10000200
- },
- "shadow" : {
- "start" : 0x40000000,
- "end" : 0x40001000
- }
- },
- "instruction_memory" : {
- "start" : 0x80000000,
- "end" : 0x80040000
- },
- "heap" : {
- "end" : 0x80040000
- },
- "defines" : [
- "FLUTE",
- "FLUTE_SHADOW_BASE=0x40000000U",
- "FLUTE_SHADOW_SIZE=0x1000U"
- ],
- "stack_high_water_mark" : false,
- "driver_includes" : [
- "../include/platform/flute",
- "../include/platform/generic-riscv"
- ],
- "timer_hz" : 40000,
- "tickrate_hz" : 10,
- "simulator" : "${sdk}/../scripts/run-flute.sh",
- "simulation" : true
-}
-
diff --git a/sdk/boards/flute-software-revoker.json b/sdk/boards/flute-software-revoker.json
deleted file mode 100644
index 0968fd2..0000000
--- a/sdk/boards/flute-software-revoker.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
- "devices" :
- {
- "clint" : {
- "start" : 0x2000000,
- "length" : 0x10000
- },
- "plic" : {
- "start" : 0xc000000,
- "length" : 0x400000
- },
- "uart" : {
- "start" : 0x10000100,
- "end" : 0x10000200
- },
- "shadow" : {
- "start" : 0x40000000,
- "end" : 0x40001000
- }
- },
- "instruction_memory" : {
- "start" : 0x80000000,
- "end" : 0x80040000
- },
- "heap" : {
- "end" : 0x80040000
- },
- "stack_high_water_mark" : false,
- "driver_includes" : [
- "../include/platform/flute",
- "../include/platform/generic-riscv"
- ],
- "defines" : [
- "FLUTE",
- "FLUTE_SHADOW_BASE=0x40000000U",
- "FLUTE_SHADOW_SIZE=0x1000U"
- ],
- "timer_hz" : 40000,
- "tickrate_hz" : 10,
- "revoker" : "software",
- "simulator" : "${sdk}/../scripts/run-flute.sh",
- "simulation" : true
-}
-
diff --git a/sdk/boards/flute.json b/sdk/boards/flute.json
deleted file mode 100644
index 42586f5..0000000
--- a/sdk/boards/flute.json
+++ /dev/null
@@ -1,51 +0,0 @@
-{
- "devices" :
- {
- "clint" : {
- "start" : 0x2000000,
- "length" : 0x10000
- },
- "plic" : {
- "start" : 0xc000000,
- "length" : 0x400000
- },
- "uart" : {
- "start" : 0x10000000,
- "end" : 0x10000100
- },
- "ethernet" : {
- "start" : 0x10000100,
- "end" : 0x10000200
- },
- "shadow" : {
- "start" : 0x40000000,
- "end" : 0x40001000
- },
- "shadowctrl" : {
- "start" : 0x40001000,
- "end" : 0x40001028
- }
- },
- "instruction_memory" : {
- "start" : 0x80000000,
- "end" : 0x80040000
- },
- "heap" : {
- "end" : 0x80040000
- },
- "driver_includes" : [
- "../include/platform/flute",
- "../include/platform/generic-riscv"
- ],
- "defines" : [
- "FLUTE",
- "FLUTE_SHADOW_BASE=0x40000000U",
- "FLUTE_SHADOW_SIZE=0x1000U"
- ],
- "timer_hz" : 40000,
- "tickrate_hz" : 10,
- "revoker" : "hardware",
- "simulator" : "${sdk}/../scripts/run-flute.sh",
- "simulation" : true
-}
-
diff --git a/sdk/core/loader/boot.S b/sdk/core/loader/boot.S
index ae915cb..953db9e 100644
--- a/sdk/core/loader/boot.S
+++ b/sdk/core/loader/boot.S
@@ -65,7 +65,7 @@
la_abs s0, loader_entry_point
csetaddr cra, cra, s0
// Base and size of the GP of loader
- // Flute doesn't support unaligned loads, so we have to load the base as
+ // Old sails don't support unaligned loads, so we have to load the base as
// bytes
clbu s0, IMAGE_HEADER_LOADER_DATA_START_OFFSET+3(ca1)
sll s0, s0, 8
@@ -157,14 +157,7 @@
ecall
// The idle thread sleeps and only waits for interrupts.
.Lidle_loop:
- // There is a bug in the Flute hardware revoker that means it stops during
- // wfi, but we want it to run here. Flute is simulation only at the
- // moment, so we don't care that the nop is power-inefficient.
-#if defined(TEMPORAL_SAFETY) && defined(FLUTE) && !defined(SOFTWARE_REVOKER)
- nop
-#else
wfi
-#endif
j .Lidle_loop
.Lfill_block:
diff --git a/sdk/core/scheduler/plic.h b/sdk/core/scheduler/plic.h
index 99874d5..246b905 100644
--- a/sdk/core/scheduler/plic.h
+++ b/sdk/core/scheduler/plic.h
@@ -38,7 +38,7 @@
/*
* FIXME: Sail doesn't have an interrupt controller at all, but we pretend
- * it does just like FLUTE build to let things compile. We need tons of
+ * it does just like other builds to let things compile. We need tons of
* #ifdefs or a big rewrite to make the entire external interrupt path
* optional.
*
diff --git a/sdk/include/cheri.hh b/sdk/include/cheri.hh
index 0307cf7..f4d27aa 100644
--- a/sdk/include/cheri.hh
+++ b/sdk/include/cheri.hh
@@ -1065,20 +1065,7 @@
*/
Capability<T> &unseal(void *key)
{
-#ifdef FLUTE
- // Flute still throws exceptions on invalid use. As a temporary
- // work-around, add a quick check that this thing has the sealing
- // type and don't unseal if it hasn't. This isn't a complete test,
- // it's just sufficient to get the tests passing on Flute.
- if (type() != __builtin_cheri_address_get(key))
- {
- ptr = nullptr;
- }
- else
-#endif
- {
- ptr = static_cast<T *>(__builtin_cheri_unseal(ptr, key));
- }
+ ptr = static_cast<T *>(__builtin_cheri_unseal(ptr, key));
return *this;
}
diff --git a/sdk/include/platform/flute/platform-early_boot.inc b/sdk/include/platform/flute/platform-early_boot.inc
deleted file mode 100644
index f8532a5..0000000
--- a/sdk/include/platform/flute/platform-early_boot.inc
+++ /dev/null
@@ -1,12 +0,0 @@
- // Ugly hack. For some reason if I don't give this first load, subsequent mem
- // ops will trap on Flute-TCM.
- li a3, 0x80000000
- cspecialr ca4, mtdc
- csetaddr ca4, ca4, a3
- clc c0, 0(ca4)
- // The shadow memory may not be zeroed, ensure it is before we start or
- // random capability loads will fail.
- li a0, FLUTE_SHADOW_BASE
- csetaddr ca0, ca4, a0
- li a1, FLUTE_SHADOW_BASE + FLUTE_SHADOW_SIZE
- cjal .Lfill_block
diff --git a/sdk/include/platform/flute/platform-hardware_revoker.hh b/sdk/include/platform/flute/platform-hardware_revoker.hh
deleted file mode 100644
index 759db15..0000000
--- a/sdk/include/platform/flute/platform-hardware_revoker.hh
+++ /dev/null
@@ -1,105 +0,0 @@
-// Copyright Microsoft and CHERIoT Contributors.
-// SPDX-License-Identifier: MIT
-
-#pragma once
-
-#include <cdefs.h>
-#include <compartment-macros.h>
-#include <riscvreg.h>
-#include <stddef.h>
-#include <stdint.h>
-
-namespace Flute
-{
- template<typename WordT, size_t TCMBaseAddr>
- class HardwareRevoker
- {
- private:
- // layout of the shadow space control registers
- struct ShadowCtrl
- {
- uint32_t base;
- uint32_t pad0;
- uint32_t top;
- uint32_t pad1;
- uint32_t epoch;
- uint32_t pad2;
- uint32_t go;
- uint32_t pad4;
- };
- static_assert(offsetof(ShadowCtrl, epoch) == 16);
- static_assert(offsetof(ShadowCtrl, go) == 24);
-
- volatile ShadowCtrl *shadowCtrl;
-
- public:
- /**
- * Currently the only hardware revoker implementation is async which
- * sweeps memory in the background.
- */
- static constexpr bool IsAsynchronous = true;
-
- /**
- * Initialise a revoker instance.
- */
- void init()
- {
- /**
- * These two symbols mark the region that needs revocation. We
- * revoke capabilities everywhere from the start of compartment
- * globals to the end of the heap.
- */
- extern char __compart_cgps, __export_mem_heap_end;
-
- auto base = LA_ABS(__compart_cgps);
- auto top = LA_ABS(__export_mem_heap_end);
- shadowCtrl = MMIO_CAPABILITY(ShadowCtrl, shadowctrl);
- shadowCtrl->base = base;
- shadowCtrl->top = top;
- // Clang tidy is checking headers as stand-alone compilation units
- // and so doesn't know what Debug is defined to.
-#ifndef CLANG_TIDY
- Debug::Invariant(base < top,
- "Memory map has unexpected layout, base {} is "
- "expected to be below top {}",
- base,
- top);
-#endif
- }
-
- /**
- * Returns the revocation epoch. This is the number of revocations
- * that have started.
- */
- uint32_t system_epoch_get()
- {
- asm volatile("" ::: "memory");
- return shadowCtrl->epoch;
- }
-
- /**
- * Queries whether the specified revocation epoch has finished.
- */
- template<bool AllowPartial = false>
- uint32_t has_revocation_finished_for_epoch(uint32_t epoch)
- {
- asm volatile("" ::: "memory");
- if (AllowPartial)
- {
- return shadowCtrl->epoch > epoch;
- }
- return shadowCtrl->epoch - epoch >= (2 + (epoch & 1));
- }
-
- // Start a revocation.
- void system_bg_revoker_kick()
- {
- asm volatile("" ::: "memory");
- shadowCtrl->go = 1;
- asm volatile("" ::: "memory");
- }
- };
-} // namespace Flute
-
-template<typename WordT, size_t TCMBaseAddr>
-using HardwareRevoker = Flute::HardwareRevoker<WordT, TCMBaseAddr>;
