Morello specifies a conservative behaviour for rrlen; some representable lengths are rounded up even if they are already representable. However, QEMU appears to use a slightly different implementation that doesn't do this. Specifically, QEMU's rrlen appears empirically consistent with setting the bounds (scbnds) on a null capability, then taking its actual length (gclen).
For example:
rrlen of 0x7ff8 should be 0x8000, but QEMU reports 0x7ff8.rrlen of 0xfff0 should be 0x10000, but QEMU reports 0xfff0.rrlen of 0x1ffe0 should be 0x20000, but QEMU reports 0x1ffe0.- ... // Patterns like
0xfff << n, for n >= 3.
I'm taking FVP and Morello hardware as "correct" because they both seem to match the architectural pseudocode.
This is unlikely to break software using rrlen as intended, but may lead to false assumptions.
Morello specifies a conservative behaviour for
rrlen; some representable lengths are rounded up even if they are already representable. However, QEMU appears to use a slightly different implementation that doesn't do this. Specifically, QEMU'srrlenappears empirically consistent with setting the bounds (scbnds) on a null capability, then taking its actual length (gclen).For example:
rrlenof0x7ff8should be0x8000, but QEMU reports0x7ff8.rrlenof0xfff0should be0x10000, but QEMU reports0xfff0.rrlenof0x1ffe0should be0x20000, but QEMU reports0x1ffe0.0xfff << n, forn >= 3.I'm taking FVP and Morello hardware as "correct" because they both seem to match the architectural pseudocode.
This is unlikely to break software using
rrlenas intended, but may lead to false assumptions.