297 lines
6.1 KiB
Markdown
297 lines
6.1 KiB
Markdown
# PR-5.1 — Define Canonical Syscall Metadata Table
|
|
|
|
### Briefing
|
|
|
|
Syscalls must follow a unified, function-like ABI based on slot counts and capabilities. This PR introduces the canonical metadata table describing every syscall.
|
|
|
|
### Target
|
|
|
|
* Define a single authoritative metadata structure for syscalls.
|
|
* Ensure all syscalls are described in terms of slot-based ABI.
|
|
|
|
### Work items
|
|
|
|
* Introduce a `SyscallMeta` struct containing:
|
|
|
|
* Syscall identifier.
|
|
* `arg_slots`.
|
|
* `ret_slots`.
|
|
* Capability flags.
|
|
* Determinism flags (if defined in spec).
|
|
* Create a canonical syscall table/registry.
|
|
* Ensure all existing syscalls are registered in this table.
|
|
* Document the structure in code comments (English).
|
|
|
|
### Acceptance checklist
|
|
|
|
* [ ] All syscalls have a `SyscallMeta` entry.
|
|
* [ ] Metadata includes arg and return slot counts.
|
|
* [ ] No syscall is invoked without metadata.
|
|
* [ ] `cargo test` passes.
|
|
|
|
### Tests
|
|
|
|
* Add a test ensuring all registered syscalls have metadata.
|
|
|
|
### Junie instructions
|
|
|
|
**You MAY:**
|
|
|
|
* Introduce a syscall metadata struct.
|
|
* Add a central registry for syscalls.
|
|
|
|
**You MUST NOT:**
|
|
|
|
* Change existing syscall semantics.
|
|
* Add new syscalls.
|
|
|
|
**If unclear:**
|
|
|
|
* Ask before defining metadata fields.
|
|
|
|
---
|
|
|
|
# PR-5.2 — Implement Slot-Based Syscall Calling Convention
|
|
|
|
### Briefing
|
|
|
|
Syscalls must behave like functions using the stack-based slot ABI. This PR implements the unified calling convention.
|
|
|
|
### Target
|
|
|
|
* Ensure syscalls read arguments from the stack.
|
|
* Ensure syscalls push return values based on `ret_slots`.
|
|
|
|
### Work items
|
|
|
|
* Modify the VM syscall dispatch logic to:
|
|
|
|
* Look up `SyscallMeta`.
|
|
* Pop `arg_slots` from the stack.
|
|
* Invoke the syscall.
|
|
* Push `ret_slots` results.
|
|
* Remove any legacy argument handling paths.
|
|
|
|
### Acceptance checklist
|
|
|
|
* [ ] All syscalls use slot-based calling convention.
|
|
* [ ] Argument and return slot counts are enforced.
|
|
* [ ] No legacy calling paths remain.
|
|
* [ ] `cargo test` passes.
|
|
|
|
### Tests
|
|
|
|
* Add tests:
|
|
|
|
* Syscall with correct arg/ret slots → passes.
|
|
* Syscall with insufficient args → trap or verifier failure.
|
|
|
|
### Junie instructions
|
|
|
|
**You MAY:**
|
|
|
|
* Refactor syscall dispatch code.
|
|
* Use metadata to enforce slot counts.
|
|
|
|
**You MUST NOT:**
|
|
|
|
* Change the stack model.
|
|
* Add compatibility layers.
|
|
|
|
**If unclear:**
|
|
|
|
* Ask before modifying dispatch semantics.
|
|
|
|
---
|
|
|
|
# PR-5.3 — Enforce Capability Checks in Syscall Dispatch
|
|
|
|
### Briefing
|
|
|
|
Syscalls must be capability-gated. The runtime must verify that the current program has permission to invoke each syscall.
|
|
|
|
### Target
|
|
|
|
* Enforce capability checks before syscall execution.
|
|
|
|
### Work items
|
|
|
|
* Extend `SyscallMeta` with capability requirements.
|
|
* Add capability data to the VM or execution context.
|
|
* In syscall dispatch:
|
|
|
|
* Check capabilities.
|
|
* If missing, trigger `TRAP_INVALID_SYSCALL` or equivalent.
|
|
|
|
### Acceptance checklist
|
|
|
|
* [ ] Capability checks occur before syscall execution.
|
|
* [ ] Missing capability leads to deterministic trap.
|
|
* [ ] Valid capabilities allow execution.
|
|
* [ ] `cargo test` passes.
|
|
|
|
### Tests
|
|
|
|
* Add tests:
|
|
|
|
* Syscall without capability → trap.
|
|
* Syscall with capability → success.
|
|
|
|
### Junie instructions
|
|
|
|
**You MAY:**
|
|
|
|
* Add capability checks in dispatch.
|
|
* Extend metadata with capability fields.
|
|
|
|
**You MUST NOT:**
|
|
|
|
* Change trap semantics.
|
|
* Introduce dynamic or nondeterministic permission systems.
|
|
|
|
**If unclear:**
|
|
|
|
* Ask before defining capability behavior.
|
|
|
|
---
|
|
|
|
# PR-5.4 — Verifier Integration for Syscall Slot Rules
|
|
|
|
### Briefing
|
|
|
|
The verifier must ensure that syscall calls respect argument and return slot counts before runtime.
|
|
|
|
### Target
|
|
|
|
* Extend verifier to validate syscall usage.
|
|
|
|
### Work items
|
|
|
|
* At syscall call sites:
|
|
|
|
* Look up `SyscallMeta`.
|
|
* Ensure enough argument slots are available.
|
|
* Ensure stack shape after call matches `ret_slots`.
|
|
* Emit verifier errors for mismatches.
|
|
|
|
### Acceptance checklist
|
|
|
|
* [ ] Verifier rejects incorrect syscall slot usage.
|
|
* [ ] Correct programs pass.
|
|
* [ ] Runtime traps are not required for verifier-detectable cases.
|
|
* [ ] `cargo test` passes.
|
|
|
|
### Tests
|
|
|
|
* Add tests:
|
|
|
|
* Too few args for syscall → verifier error.
|
|
* Correct args/returns → passes.
|
|
|
|
### Junie instructions
|
|
|
|
**You MAY:**
|
|
|
|
* Extend verifier with syscall checks.
|
|
|
|
**You MUST NOT:**
|
|
|
|
* Change runtime trap logic.
|
|
* Add new trap categories.
|
|
|
|
**If unclear:**
|
|
|
|
* Ask before enforcing slot rules.
|
|
|
|
---
|
|
|
|
# PR-5.5 — Remove Legacy Syscall Entry Paths
|
|
|
|
### Briefing
|
|
|
|
Any old or experimental syscall entry paths must be removed so that the slot-based ABI is the only supported mechanism.
|
|
|
|
### Target
|
|
|
|
* Ensure only the new unified syscall dispatch path exists.
|
|
|
|
### Work items
|
|
|
|
* Search for legacy or alternate syscall invocation logic.
|
|
* Remove or refactor them to use the canonical dispatch.
|
|
* Update modules and exports accordingly.
|
|
|
|
### Acceptance checklist
|
|
|
|
* [ ] Only one syscall dispatch path remains.
|
|
* [ ] No legacy syscall logic is present.
|
|
* [ ] `cargo test` passes.
|
|
|
|
### Tests
|
|
|
|
* Existing tests only.
|
|
|
|
### Junie instructions
|
|
|
|
**You MAY:**
|
|
|
|
* Remove legacy syscall code paths.
|
|
* Refactor callers to use the unified dispatch.
|
|
|
|
**You MUST NOT:**
|
|
|
|
* Introduce new syscall semantics.
|
|
* Keep compatibility shims.
|
|
|
|
**If unclear:**
|
|
|
|
* Ask before deleting anything that looks externally visible.
|
|
|
|
---
|
|
|
|
# PR-5.6 — Syscall Multi-Return Tests
|
|
|
|
### Briefing
|
|
|
|
We must ensure multi-return syscalls behave correctly with the slot-based ABI.
|
|
|
|
### Target
|
|
|
|
* Add deterministic tests covering multi-return behavior.
|
|
|
|
### Work items
|
|
|
|
* Create or adapt at least one syscall with `ret_slots > 1`.
|
|
* Add tests:
|
|
|
|
* Verify correct stack results after syscall.
|
|
* Verify incorrect caller expectations fail verification.
|
|
|
|
### Acceptance checklist
|
|
|
|
* [ ] Multi-return syscalls behave correctly.
|
|
* [ ] Verifier catches mismatches.
|
|
* [ ] `cargo test` passes.
|
|
|
|
### Tests
|
|
|
|
* New multi-return syscall tests.
|
|
|
|
### Junie instructions
|
|
|
|
**You MAY:**
|
|
|
|
* Add deterministic tests.
|
|
* Use existing syscalls or create a simple test-only syscall.
|
|
|
|
**You MUST NOT:**
|
|
|
|
* Modify syscall semantics to satisfy tests.
|
|
* Add nondeterministic behavior.
|
|
|
|
**If unclear:**
|
|
|
|
* Ask before introducing new test syscalls.
|
|
|
|
|