split MODESW into MODESW.CAP and MODESW.INT

src/csv/CHERI_ISA.csv

@@ -52,8 +52,8 @@
 "GCTYPE","✔","✔","","","","✔","✔","Both","","","","","","","","","","","","","","","","","OP","1-src 1-dst","","","Get capability type","","","","","","","",""
 "SCMODE","✔","✔","","","","✔","","Both","","","","","","","","","","","","","","","","","OP","1-src 1-dst","","","Set the mode bit of a capability, no permissions required","","","","","","","",""
 "GCMODE","✔","✔","","","","✔","","Both","","","","","","","","","","","","","","","","","OP","1-src 1-dst","","","Get the mode bit of a capability, no permissions required","","","","","","","",""
-"MODESW","✔","✔","","","","✔","","Both","","","","","","","","","","","","","","","","","OP","no operands","","","Directly switch mode ({cheri_int_mode_name}/ {cheri_cap_mode_name})","mode==D (optional)","","","","","","",""
-"C.MODESW","✔","✔","","","","✔","","Both","","","","","","","","","","","","","","","","","C1","no operands","","","Directly switch mode ({cheri_int_mode_name}/ {cheri_cap_mode_name})","mode==D (optional)","","","","","","",""
+"MODESW.CAP","✔","✔","","","","✔","","Both","","","","","","","","","","","","","","","","","OP","no operands","","","Directly switch mode into {cheri_cap_mode_name}","mode==D (optional)","","","","","","",""
+"MODESW.INT","✔","✔","","","","✔","","Both","","","","","","","","","","","","","","","","","OP","no operands","","","Directly switch mode into {cheri_int_mode_name}","mode==D (optional)","","","","","","",""
 "C.ADDI16SP","✔","✔","","","","✔","✔","Both","","","","✔","","","","","","","","","","","","","C0","","","","ADD immediate to stack pointer, CADD in Capability Mode","","","","","","","",""
 "C.ADDI4SPN","✔","✔","","","","✔","✔","Both","","","","✔","","","","","","","","","","","","","C0","","","","ADD immediate to stack pointer, CADDI in Capability Mode","","","","","","","",""
 "C.MV","✔","✔","","","","✔","✔","Both","","","","✔","","","","","","","","","","","","","C2","","","","Register Move, cap reg move in Capability Mode","","","","","","","",""

src/debug-integration.adoc

@@ -108,8 +108,8 @@ include::img/dpccreg.edn[]
 Upon entry to debug mode, cite:[riscv-debug-spec], does not specify how to
 update the PC, and says PC relative instructions may be illegal. This concept
 is extended to include any instruction which reads or updates <<pcc>>, which refers to
-all jumps, conditional branches and <<AUIPC>>. The exception is <<MODESW>>
-which _is_ supported if {cheri_default_ext_name} is implemented, see <<dinfc>>
+all jumps, conditional branches and <<AUIPC>>. The exceptions are <<MODESW_CAP>> and <<MODESW_INT>>
+which _are_ supported if {cheri_default_ext_name} is implemented, see <<dinfc>>
 for details.
 
 As a result, the value of <<pcc>> is UNSPECIFIED in debug mode according
@@ -180,8 +180,8 @@ The reset value is the <<infinite-cap>> capability.
 If {cheri_default_ext_name} is implemented:
 
 * The <<m_bit>> is reset to {cheri_int_mode_name} ({INT_MODE_VALUE}).
-* The debugger can set the <<m_bit>> to {cheri_cap_mode_name} ({CAP_MODE_VALUE}) by executing <<MODESW>> from the program buffer
-** if <<MODESW>> is not supported in debug mode then the same can be done by reading the CSR, using <<SCMODE>> and then writing the CSR.
+* The debugger can set the <<m_bit>> to {cheri_cap_mode_name} ({CAP_MODE_VALUE}) by executing <<MODESW_CAP>> from the program buffer
+** if <<MODESW_CAP>> is not supported in debug mode then the same can be done by reading the CSR, using <<SCMODE>> and then writing the CSR.
 ** This only needs doing once after resetting the core.
 * The <<m_bit>> is used on debug mode entry to determine which CHERI execution mode to enter.
 

src/insns/modesw_32bit.adoc

@@ -1,20 +1,33 @@
 <<<
 
-[#MODESW,reftext="MODESW"]
-==== MODESW
+[#MODESW_INT,reftext="MODESW.INT"]
+==== MODESW.INT
+See <<MODESW_CAP>>.
 
-include::new_encoding_note.adoc[]
+[#MODESW_CAP,reftext="MODESW.CAP"]
+==== MODESW.CAP
 
 Synopsis::
-{cheri_cap_mode_name}/{cheri_int_mode_name} switching (MODESW), 32-bit encoding
+Switch execution mode to {cheri_cap_mode_name} (MODESW.CAP), or {cheri_int_mode_name} (MODESW.INT), 32-bit encodings
 
 Mnemonic::
-`modesw`
+`modesw.cap` +
+`modesw.int`
 
 Encoding::
 include::wavedrom/modesw_32bit.adoc[]
 
-include::modesw_common.adoc[]
+Description::
+Set the hart's current CHERI execution mode in <<pcc>>.
++
+* MODESW.CAP: If the current mode in <<pcc>> is {cheri_int_mode_name} ({INT_MODE_VALUE}), then the <<m_bit>> in <<pcc>> is set to {cheri_cap_mode_name} ({CAP_MODE_VALUE}). Otherwise no effect.
+* MODESW.INT: If the current mode in <<pcc>> is {cheri_cap_mode_name} ({CAP_MODE_VALUE}), then the <<m_bit>> in <<pcc>> is set to {cheri_int_mode_name} ({INT_MODE_VALUE}). Otherwise no effect.
+
+NOTE: Implementations may optionally support executing <<MODESW_CAP>> and <<MODESW_INT>> from the
+program buffer while in debug mode. If supported them the <<m_bit>> in
+<<dinfc>> is set accordingly and used to control which mode to enter next time debug
+mode is entered. The CHERI execution mode is only controlled by the <<m_bit>>
+of <<dinfc>> in debug mode.
 
 Exceptions::
 include::require_cre.adoc[]

src/insns/wavedrom/modesw_32bit.adoc

@@ -7,6 +7,6 @@
   {bits: 3,  name: 'funct3',  attr: ['3', 'MSW=001'], type: 8},
   {bits: 5,  name: 'funct5',  attr: ['5', 'MSW=00000'], type: 4},
   {bits: 5,  name: 'funct5',  attr: ['5', 'MSW=00000'], type: 3},
-  {bits: 7,  name: 'funct7',  attr: ['7', 'MSW=0001001'], type: 3},
+  {bits: 7,  name: 'funct7',  attr: ['7', 'MSW.CAP=0001001', 'MSW.INT=0001010'], type: 3},
 ]}
 ....

src/insns/zcmt_cmjalt.adoc

@@ -25,7 +25,7 @@ Encoding::
 
 [NOTE]
 
-  For this encoding to decode as <<<CM.JALT>>, _index>=32_, otherwise it decodes as <<CM.JT>>.
+  For this encoding to decode as <<CM.JALT>>, _index&#8805;32_, otherwise it decodes as <<CM.JT>>.
 
 {cheri_cap_mode_name} Description::
 Redirect instruction fetch via the jump table defined by the indexing via `jvtc.address+ index*XLEN/8`, checking every byte of the jump table access against <<jvtc>> bounds (not against <<pcc>>) and requiring <<x_perm>>. Link to `cra`.

src/instructions.adoc

@@ -212,8 +212,6 @@ include::insns/addi16sp_16bit.adoc[]
 
 include::insns/addi4spn_16bit.adoc[]
 
-include::insns/modesw_16bit.adoc[]
-
 include::insns/jalr_16bit.adoc[]
 
 include::insns/jr_16bit.adoc[]

src/riscv-hybrid-integration.adoc

@@ -151,11 +151,12 @@ unprivileged *x* register.
 
 ==== Mode Change Instructions
 
-A new CHERI execution mode switch (<<MODESW>>) instruction allows software
-to toggle the hart's current CHERI execution mode. If the current mode in the
-<<pcc>> is {cheri_int_mode_name}, then the mode after executing <<MODESW>> is {cheri_cap_mode_name}
-and vice-versa. This instruction effectively writes the CHERI execution mode
-bit M of the capability currently installed in the <<pcc>>.
+New CHERI execution mode switch instructions, <<MODESW_CAP>> and
+<<MODESW_INT>>, allow software
+to change the hart's current <<m_bit>> in <<pcc>>. If the current mode in the
+<<pcc>> is {cheri_int_mode_name}, then the mode after executing <<MODESW_CAP>> is {cheri_cap_mode_name}
+and similarly for <<MODESW_INT>> when in {cheri_cap_mode_name}. This instruction effectively writes the CHERI execution mode
+<<m_bit>> of the capability currently installed in the <<pcc>>.
 
 === Existing RISC-V Instructions
 
@@ -277,17 +278,17 @@ All CSR instructions cause CHERI exceptions if the <<pcc>> does not grant
 A new debug default data capability (<<dddc>>) CSR is added at the CSR number
 shown in xref:default-csrnames-added[xrefstyle=short].
 
-{cheri_default_ext_name} optionally allows <<MODESW>> to execute in debug mode.
+{cheri_default_ext_name} optionally allows <<MODESW_CAP>> and <<MODESW_INT>> to execute in debug mode.
 
 When entering debug mode, whether the core enters {cheri_int_mode_name} or
 {cheri_cap_mode_name} is controlled by the <<m_bit>> in <<dinfc>>.
 Implementations may optionally support switching CHERI execution mode by
-executing <<MODESW>> from the program buffer.
+executing <<MODESW_CAP>> or <<MODESW_INT>> from the program buffer.
 
 The current mode can be read from <<dinfc>>.
 
 ifdef::cheri_v9_annotations[]
-NOTE: *CHERI v9 Note:* The mode change instruction <<MODESW>> is new
+NOTE: *CHERI v9 Note:* The mode change instructions <<MODESW_CAP>> and <<MODESW_INT>> are new
 and the requirement to optionally support it in debug mode is also new.
 endif::[]
 

src/summary.adoc

@@ -55,7 +55,7 @@ Instruction fetch is also authorised by a capability: the program counter capabi
 This allows code fetch to be bounded, preventing a wide range of attacks that subvert control flow with integer data.
 Where {cheri_default_ext_name} is supported, the <<pcc>> also contains the <<m_bit,mode bit>> indicating whether the processor is running in integer or capability pointer mode.
 Changing the bounds used for instruction fetch or the pointer mode can be as easy as performing a capability-based jump (<<JALR>> in capability pointer mode).
-A <<MODESW>> instruction and compressed version is also added to allow cheap mode switching.
+<<MODESW_CAP>> and <<MODESW_INT>> instructions are also added to allow cheap mode switching.
 
 Exception codes are added for CHERI-specific exceptions on fetch, jumps, and memory access.
 No other exception paths are added: in particular, capability manipulations do not trap, but may clear the tag on the result capability if the operation is not permitted.

src/tables.adoc

@@ -171,7 +171,7 @@ include::generated/legacy_mnemonic_insns_table_body.adoc[]
 include::generated/xlen_dependent_encoding_insns_table_body.adoc[]
 |==============================================================================
 
-NOTE: <<MODESW>> and <<SCMODE>> only exist in {cheri_cap_mode_name} if
+NOTE: <<MODESW_CAP>>, <<MODESW_INT>> and <<SCMODE>> only exist in {cheri_cap_mode_name} if
 {cheri_int_mode_name} is _also_ present. A hart does not support the <<m_bit>>
 if it does not implement the {cheri_default_ext_name} extension.