Re: Are pages allowed to cross PMA regions?

Tariq Kurd

>In particular, a portion of a misaligned store that passes the PMP check may become visible, even if another portion fails the PMP check

I had no idea this was in the spec - so I'm glad you added that comment Allen.

yes - between MMU pages, PMP regions and PMA regions it's all pretty complex.

In systems with an MMU do people typically also implement the PMP? And if so why?

As the granularity of PMA and PMP regions are implementation defined - I'm wondering if a nice simplification would be to specify them both with 64-byte granularity, and 64-byte alignment to match the cache-block size for the CMOs. At least then the PMAs can't cross the boundary of a TLB page.


On Sat, 13 Aug 2022 at 09:02, Allen Baum <allen.baum@...> wrote:
There are at least 3 potential boundaries: MMU pages, PMP regions, and PMA regions.
All bytes of an access must be contained within a single PMP region. The operative word there is "access", because a misaligned load /store may be (and is typically) split into two separate accesses.
Ordering of those accesses is not spec'ed, so it's possible to get various exceptions with either the lower or upper part of the load/store, (or both).
When that happens on a store, the trap may occur after either the low hor high alf has been written. (non-determinsitically even, so it's a bear to test).

I don't know if that specific rule applies to PMA's or MMU page crossings, 
but if a misaligned access is split into two (or more, eventually) accesses that don't cross a boundary, then it's moot;
you treat them individually. .That split is hard to avoid

But an implementation isn't required to split a misaligned address, and outside of the PMP spec, I don't think that case is mentioned
An implementation is free to always trap on a misaligned access and perform it byte-by-byte (while ensuring no interrupt can occur in the middle, lest someone see a stale value) 
I believe it is also legal to handle it entirely in HW excecpt when it crosses a various boundaries (e.g. cacheline, page, etc), and  signal a misalign exception if it does.
Or even signal a misalign exception depending on the phase of the moon (or other non-architecural state).

Personally, I'd be really happy if we could tighten those rules up a lot.

On Fri, Aug 12, 2022 at 2:28 PM Greg Favor <gfavor@...> wrote:
It would be nice if it was architecturally defined/permitted for such straddling accesses to be performed a byte at a time.

That could be ok for accesses to idempotent memory, but would likely be problematic for a non-idempotent location (e.g. a memory-mapped I/O register), and byte accesses to a word MMIO register might not even be allowed by the PMAs for that location.


Tariq Kurd | Lead IP Architect | Codasip UK Design Centre |

Join { to automatically receive all group messages.