Fix a number of issues in CMSE examples

- Use CLRM to clear registers instead of a sequence of mov rX, #0. - Save and restore FPCXTS in transitions from Secure to Non-secure and vice-versa. - Use VSCCLRM to clear floating-point registers if necessary.
ARM-software · Jun 12, 2023 · 090fa6a · 090fa6a
1 parent 9e4c66a
commit 090fa6a
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 38 deletions.
diff --git a/cmse/cmse.md b/cmse/cmse.md
@@ -160,8 +160,13 @@ Anticipated changes to this document include:
   [Arguments on the stack and floating point handling](#arguments-on-the-stack-and-floating-point-handling).
 * Removed incorrect information about the floating-point ABI used in
   [Arguments on the stack and floating point handling](#arguments-on-the-stack-and-floating-point-handling).
+* Replaced a conditional clearing of floating-point registers by the `VSCCLRM`
+  instruction in the example in
+  [Arguments on the stack and floating point handling](#arguments-on-the-stack-and-floating-point-handling).
 * Corrected description and example in section
   [Non-secure function pointers](#non-secure-function-pointer).
+* Corrected examples to save and restore `FPCXT` in Security state transitions.
+* Replaced sequences of `mov rX, #0` by the `CLRM` instruction in examples.
 
 ## References
 
@@ -1592,20 +1597,23 @@ bar:
     @ protect the FP context if used by secure state
     sub     sp, sp, #0x88
     vlstm   sp
+    @ save FPCXTS. LR is stacked only for alignment purposes
+    vmrs    r2, fpcxts
+    push    {r2, lr}
     @ save callee-saved integer registers
     push    {r4-r12, lr}
     @ clear all integer registers (except for function pointer and arguments)
-    mov     r2,  #0
-    mov     r3,  #0
-    …
-    mov     r12, #0
+    clrm    {r2-r12}
     @ clear the integer status flags
     msr     APSR_nzcvqg, r2
     @ perform the call to the non-secure function 
     bic     r1, r1, #1
     blxns   r1
     @ restore the callee-saved registers 
     pop     {r4-r12, lr}
+    @ restore FPCXTS
+    pop     {r2, lr}
+    vmsr    fpcxts, r2
     @ unprotect the FP context and restore it if it was pushed
     vlldm   sp
     add     sp, sp, #0x88
@@ -1642,10 +1650,7 @@ bar:
     @ setup floating point arguments of the call
     vmov    s0, r1
     @ clear all integer registers (except for function pointer and arguments)
-    mov     r2,  #0
-    mov     r3,  #0
-    …
-    mov     r12, #0
+    clrm    {r2-r12}
     @ clear the integer status flags
     msr     APSR_nzcvqg, r2
     @ perform the call to the non-secure function 
@@ -1723,10 +1728,7 @@ bar:
     @ load the function pointer
     ldr     r4, =foo
     @ clear all integer registers (except for function pointer and arguments)
-    mov     r6,  #0
-    mov     r7,  #0
-    …
-    mov     r12, #0
+    clrm    {r6-r12}
     @ clear the integer status flags
     msr     APSR_nzcvqg, r6
     @ perform the call to the non-secure function 
@@ -1808,12 +1810,14 @@ foo:
 __acle_se_foo:
     @ 1: if called from non-secure reserve secure stack space for the arguments
     tst     lr, #1
-    it      eq
+    ittt    eq
     subeq   sp, sp, #8
+    @ 3: save FPCXTNS if called from non-secure. LR is stacked only for alignment purposes
+    vmrseq  r12, fpcxtns
+    pusheq  {r12, lr}
     @ 2: push used callee-saved register onto the stack
     push    {r4-r6, lr}
     @ 3: if called from secure the arguments are already in the correct place
-    tst     lr, #1
     bne     .LdoneARGS
     @ 4: get the non-secure stack pointer
     mrs     r4, SP_NS
@@ -1842,29 +1846,20 @@ __acle_se_foo:
     bl      bar
     @11: restore used callee-saved registers
     pop     {r4-r6, lr}
-    @12: if called from secure, we are done
+    @12: restore FPCXTNS if called from non-secure
     tst     lr, #1
-    it      ne
+    itte    eq
+    popeq   {r12, lr}
+    vmsreq  fpcxtns, r12
+    @12: if called from secure, we are done
     bxne    lr
     @13: pop secure stack space
     add     sp, sp, #8
-    @14: check SFPA bit to see if FP is used
-    mrs     r1, control
-    tst     r1, #8
-    bne     .LdoneFP
-    @15: clear floating point caller-saved registers
-    mov     r1, #0
-    vmov    s0, s1, r1, r1
-    vmov    s2, s3, r1, r1
-    ...
-    vmov    s30, s31, r1, r1
-    @16: clear floating point flags
-    vmsr    fpscr, r1
+    @14: clear floating point caller-saved registers if a FP context is active
+    vscclrm {s0-s31}
 .LdoneFP:
-    @17: clear integer caller-saved registers except for return value
-    mov     r1, #0
-    mov     r2, #0
-    mov     r3, #0
+    @15: clear integer caller-saved registers except for return value
+    clrm    {r1-r3}
     @18: clear other registers and the integer status flags
     mov     r12, #0
     msr     APSR_nzcvqg, r3

diff --git a/main/acle.md b/main/acle.md
@@ -341,12 +341,7 @@ Armv8.4-A [[ARMARMv84]](#ARMARMv84). Support is added for the Dot Product intrin
 * Fixes for [Function Multi Versioning](#function-multi-versioning):
   * Renamed features to `sme-f64f64` and `sme-i16i64`
   * Corrected register name to `ID_AA64SMFR0_EL1.I16I64`
-* Removed incorrect optimisation remark in [CMSE](#CMSE-ACLE)'s floating-point
-  register clearing.
-* Removed incorrect information about the floating-point ABI used in
-  [CMSE](#CMSE-ACLE)'s Arguments on the stack and floating point handling.
-* Corrected description and example in [CMSE](#CMSE-ACLE)'s section about
-  non-secure function pointers.
+* Several fixes in [CMSE](#CMSE-ACLE).
 
 ### References