From 01ace1190eafdc28a919c70a9e3d3738ffeb55b8 Mon Sep 17 00:00:00 2001
From: Nathaniel Wesley Filardo <wes.filardo@scisemi.com>
Date: Tue, 12 Nov 2024 21:47:52 +0000
Subject: [PATCH] Abort if trapping with untagged MTCC

This is not going to go well: we'll install an untagged quantity in PCC
and immediately trap again, doing the same thing forever.  Just bail
with a not-implemented error.  That's not the cleanest thing in the
world, but it's what's readily available at the moment.
---
 src/cheri_addr_checks.sail | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/cheri_addr_checks.sail b/src/cheri_addr_checks.sail
index c48fec8..7212a33 100644
--- a/src/cheri_addr_checks.sail
+++ b/src/cheri_addr_checks.sail
@@ -114,7 +114,22 @@ function ext_fetch_check_pc(start_pc, pc) = {
   then {
     /* We need to perform the permission checks only for the first granule. */
     if      not(PCC.tag)
-    then    Ext_FetchAddr_Error(CapEx_TagViolation)
+    then {
+      if MTCC.tag
+      then Ext_FetchAddr_Error(CapEx_TagViolation)
+      else {
+        /*
+         * We're going to infinite loop, installing an untagged MTCC to PCC
+         * and coming right back here.  Much better to just stop now.
+         *
+         * TODO: We'd rather go through the HTIF exit path, but the HTIF
+         * registers are not available to us at this point in the code, and
+         * changing that would require changes in the upstream submodule.
+         * Something to consider when we're rebasing against Zcheripurecap.
+         */
+        not_implemented ("Untagged PCC and MTCC infinite loops; stopping now")
+      }
+    }
     else if isCapSealed(PCC)
     then    internal_error(__FILE__, __LINE__, "PCC should never be sealed")
     else if not(PCC.permit_execute)