Add critical-section 1.0 implementation, fix multicore unsoundness.

[Dirbaio]

Requires #109

This adds a critical-section implementation for single-core chips, based on disabling all interrupts.

interrupt::free is is unsound on multicore systems because it only disables interrupts in the
current core. For multicore chips, a chip-specific critical section implementationis needed instead. Unsoundness is fixed by not returning the CriticalSection token.

This is a breaking change.

This is the riscv equivalent of rust-embedded/cortex-m#447 and rust-embedded/cortex-m#448

[dkhayes117]

Thank you! Looks good. but I will defer to disasm for final review.

[Disasm]

Make it optional maybe?

[Dirbaio]

It's required unconditionally by the singleton! macro

(and the macro can still be used if critical-section-single-core is not enabled, if the user supplies a c-s implementation from somewhere else, such as a chip-specific impl for a multicore chip, from its HAL crate)

[Disasm]

The goal is to release it in 0.8.x so critical-section becomes usable without having to wait for 0.9.

Next release will be "breaking" anyways because one breaking change is already merged. I'd prefer to have this change together with other critical-section-related changes.

[Dirbaio]

Next release will be "breaking" anyways because one breaking change is already merged. I'd prefer to have this change together with other critical-section-related changes.

Oh okay, hadn't noticed that. I've folded PR #111 into this one.

[almindor]

@Dirbaio sorry I complicated this a bit, we released 0.9 due to a botched 0.8.1 (which contained some other breaking changes and we had to yank it). Could you please bump the changelog? I think that's the only blocker here.

[Dirbaio]

Rebased

[almindor]

LGTM, but I think we might want to look at core vs hart terminlogy and meaning before proceeding.

[almindor]

I wonder if we should specify what core means in RISC-V context here. e.g. is it a hard or an actual core with its own fetching unit.

[almindor]

Same as below, I wonder if this should be critical-section-single-hart instead. TBF I'm not quite sure on this myself, I didn't use interrupts much yet, will review the spec a bit better.

[Dirbaio]

I'm afraid I don't know enough about riscv to know what's the difference between "core" and "hart" so I'll do whatever you guys choose :)

[almindor]

I'm afraid I don't know enough about riscv to know what's the difference between "core" and "hart" so I'll do whatever you guys choose :)

Heh sadly neither do I. My current understanding is that a core is a 1+ hard (hardware thread) that has its own fetch instructions mechanism. A hard is a separate execution environment but it does not include the fetcher.

Interrupts seem to be mixed between these two, some seem to be core-wide and some seem to be hard-specific but maybe I'm misunderstanding this. I'll try to get a better understanding first so we don't have to fix some UB later.

[FawazTirmizi]

In this case, I think hart is the correct term to use over core. The acquire() and release() functions disable/enable interrupts for the hart by flipping mstatus::mie.

Interrupts seem to be mixed between these two, some seem to be core-wide and some seem to be hard-specific but maybe I'm misunderstanding this.

As far as I am aware, there is nothing ratified that defines "core-wide" interrupts, although an interrupt controller like the PLIC could be configured to route a set of interrupts to all of the harts on a core. This eventually may not always be true, as Section 2 of the Smclic extension does say:

While the current CLIC provides only hart-local interrupt control, future additions might also support directing interrupts to harts within a core, hence the name ...

However, there isn't any further mention of this in the spec so far.

It's entirely possible that I've missed something here; there are a lot of specs relating to interrupts.

[almindor]

In this case, I think hart is the correct term to use over core. The acquire() and release() functions disable/enable interrupts for the hart by flipping mstatus::mie.

Interrupts seem to be mixed between these two, some seem to be core-wide and some seem to be hard-specific but maybe I'm misunderstanding this.

As far as I am aware, there is nothing ratified that defines "core-wide" interrupts, although an interrupt controller like the PLIC could be configured to route a set of interrupts to all of the harts on a core. This eventually may not always be true, as Section 2 of the Smclic extension does say:

While the current CLIC provides only hart-local interrupt control, future additions might also support directing interrupts to harts within a core, hence the name ...

However, there isn't any further mention of this in the spec so far.

It's entirely possible that I've missed something here; there are a lot of specs relating to interrupts.

I think you are correct, we should probably rename things to be hart specific.

[Dirbaio]

Changed core -> hart.

[almindor]

Thank you!

[almindor]

bors r+

[bors]

Build succeeded:

• build-other (macOS-latest)
• build-other (windows-latest)
• ci-linux (1.59.0)
• ci-linux (stable)
• Rustfmt