lang (target | target_feature | attributes)
This RFC proposes a new function attribute, #[instruction_set(set)] which allows you to declare the instruction set to be used when compiling the function. It also proposes two initial allowed values for the ARM arch (arm::a32 and arm::t32). Other allowed values could be added to the language later.
Starting with ARMv4T, many ARM CPUs support two separate instruction sets. At the time they were called "ARM code" and "Thumb code", but with the development of AArch64, they're now called a32 and t32. Unlike with the x86_64 architecture, where the CPU can run both x86 and x86_64 code, but a single program still uses just one of the two instruction sets, on ARM you can have a single program that intersperses both a32 and t32 code. A particular form of branch instruction allows for the CPU to change between the two modes any time it branches, and so code can be designated as being either a32 or t32 on a per-function basis.
In LLVM, selecting that code should be a32 or t32 is done by either disabling (for a32) or enabling (for t32) the thumb-mode target feature. Previously, Rust was able to do this using the target_feature attribute because it was able to either add or subtract an LLVM target feature during a function. However, when RFC 2045 was accepted, its final form did not allow for the subtraction of target features. Its final form is primarily designed around always opting in to additional features, and it's no longer the correct tool for an "either A or B, but not both" situation like a32/t32 is.
Some platforms support having more than one instruction set used within a single program. Generally, each one will be better for specific parts of a program. Every target has a default instruction set, based on the target triple. If you would like to set a specific function to use an alternate instruction set you use the #[instruction_set(set)] attribute.
Currently this is only of use on ARM family CPUs, which support both the arm::a32 and arm::t32 instruction sets. Targets starting with arm (eg: arm-linux-androideabi) default to arm::a32 and targets starting with thumb (eg: thumbv7neon-linux-androideabi) default to arm::t32.
// this uses the default instruction set for your target
fn add_one(x: i32) -> i32 {
x + 1
}
// This will compile as `a32` code on both `arm` and thumb` targets
#[instruction_set(arm::a32)]
fn add_five(x: i32) -> i32 {
x + 5
}
It is a compile time error to specify an instruction set that is not available on the target you're compiling for. Users wishing for their code to be as portable as possible should use cfg_attr to only enable the attribute when using the appropriate targets.
// This will fail to build if `arm::a32` isn't available
#[instruction_set(arm::a32)]
fn add_five(x: i32) -> i32 {
x + 5
}
// This will build on all platforms, and apply the `instruction_set` attribute
// only on ARM targets.
#[cfg_attr(target_cpu="arm", instruction_set(arm::a32))]
fn add_six(x: i32) -> i32 {
x + 6
}
As you can see it can get a little verbose, so projects which plan to use the instruction_set attribute might want to consider writing a proc-macro with a shorter name.
The specifics of when you should specify a non-default instruction set on a function are platform specific. Unless a piece of platform documentation has indicated a specific requirement, you do not need to think about adding this attribute at all.
Every target is now considered to have one default instruction set (for functions that lack the instruction_set attribute), as well as possibly supporting specific additional instruction sets:
arm default to arm::a32, but can also use arm::t32.thumb default to arm::t32, but can also use arm::a32.instruction_set attribute is not currently defined for use with any other arch.a32) is prefixed with the name of the arch it goes with (eg: arm).Where can this attribute be used:
fn item that has a body: Free functions, inherent methods, trait default methods, and trait impl methods.extern block declarations.What is a Compile Error:
Guarantees:
instruction_set guarantee vary by target.instruction_set attribute is most likely to interact (in a target specific way) with function inlining and use of inline assembly.(this portion is a little extra technical, and very platform specific)
On ARM, there are two different instruction encodings. In textual/assembly form, Thumb assembly is written as a subset of ARM assembly, but the actual bit patterns produced when the text is assembled are entirely different. The CPU has a bit within the Program Status Register that indicates if the CPU should read 4 bytes at the Program Counter address and interpret them as an a32 opcode, or if it should read 2 bytes at the Program Counter address and interpret them as a t32 opcode. Because the amount of data read and the interpretation of the data is totally dissimilar, attempting to read one form of code while the CPU's flag is set for the other form of code is Undefined Behavior.
The outside world can tell what type of code a given function is based on the address of the function: a32 code has an even address, and t32 code has an odd address. The Program Counter ignores the actual value of the low bit, so t32 code is still considered to be "aligned to 2". When a branch-exchange (bx) or branch-link-exchange (blx) instruction is used then the target address's lowest bit is used to determine the CPU's new code state. When a branch (b) or branch-link (bl) instruction are used, the CPU's code state is not changed.
Thus, what we have to ensure with a32 and t32 is that the code generated for the marked function has the right encoding and also that the address is correctly even or odd:
Backend support:
thumb-mode target feature on a particular function.a32/t32 interworking can be achieved simply by simply placing all a32 code in one translation unit, all t32 code in another, and then telling the linker to sort it out. Currently, Cranelift does not support ARM chips at all, but they can easily work towards this over time.a32 and t32 code. If a user is writing their own assembly and then linking that with Rust code manually they might have to adjust their flags appropriately. This is mostly an implementation detail, though we can do our best to document that in the reference, and to provide any "good defaults" on our end.Inlining:
instruction_set attribute is inlined into the caller, there's no further effect for the attribute to have.instruction_set attribute also contains an inline assembly block things are complicated. Even if the assembly text were valid within the instruction set it was inlined into, checking if that's the case or not would involve inspecting the assembly string and then making decisions based on that, which is explicitly against the design intent of the inline assembly feature (that the compiler should generally not inspect the assembly string).Here's a simple but complete-enough program of how this would be used in practice. In this example, the program is for the Game Boy Advance (GBA). I have attempted to limit it to the essentials, so all the MMIO definitions, as well as the assembly runtime you'd need to boot and call main, are still omitted from the example.
// The GBA's BIOS provides some functionality available via software
// interrupt. We expose them to Rust in our assumed assembly "runtime".
extern "C" fn {
/// Puts the CPU into a low-power state until a vblank interrupt,
/// and then returns after the interrupt handler completes.
VBlankInterWait(isize, isize);
}
// We assume that the MMIO stuff is imported from somewhere.
// The exact addresses and constant values aren't important.
mod all_the_gba_mmio_definitions;
use all_the_gba_mmio_definitions::*;
fn main() {
// All of the `write_volatile` calls here refer to
// the method of the `*mut T` type. Proper safe abstractions
// for all of this would complicate the example, so we
// simply use raw pointers and one large `unsafe` block.
unsafe {
// set the interrupt function to be our handler
INTR_FN_ADDR.write_volatile(core::transmute(my_inter_fn));
// enable vblank interrupts
DISPSTAT.write_volatile(DISPSTAT_VBLANK);
IME.write_volatile(IME_VBLANK);
IE.write_volatile(true);
// set the device for a basic display mode.
DISPCNT.write_volatile(MODE3_BG2);
let mut x = 0;
loop {
// wait in a low-power state for the vertical blank to start.
VBlankInterWait(0, 0);
// draw one new red pixel per frame along the top.
VRAM_MODE3.row(0).col(x).write(RED);
x += 1;
// loop our position as necessary so that we don't
// go out of bounds.
if x >= VRAM_MODE3::WIDTH { x = 0 }
}
}
}
/// Responds to any interrupt by clearing all interrupt flags
/// and then immediately returning with no other effect.
#[instruction_set(arm::a32)]
fn my_inter_fn() {
INTER_BIOS_FLAGS.write_volatile(ALL_INTER_FLAGS);
INTER_STANDARD_FLAGS.write_volatile(ALL_INTER_FLAGS);
}
In the case of this particular device, the hardware interrupts go to the device's BIOS, which then calls your interrupt handler function. However, because the BIOS is a32 code and uses a b branch instead of a bx branch-exchange, it jumps to the handler with the CPU in an a32 state. If the handler were written as t32 code it would immediately trigger UB.
Extending target_feature to allow #[target_feature(disable = "...")] and adding thumb-mode to the whitelist would support this functionality without adding another distinct attribute; however, this does not fit with the target_feature attribute's current focus on features such as AVX and SSE whose absence is not necessarily compensated for by the presence of something else.
Doing nothing is an option; it is currently possible to incorporate code using other instruction sets through means such as external assembly and build scripts. However, this has greatly reduced ergonomics.
Of note is the fact that this is a feature that mostly improves Rust's support for the more legacy end of ARM devices. Newer devices, with much larger amounts of memory (relatively), don't usually benefit as much. They could simply compile the entire program as a32, without needing to gain the space savings of t32 code.
In C you can use __attribute__((target("arm"))) and __attribute__((target("thumb"))) to access similar functionality. It's a compiler-specific extension, but it's supported by both GCC and Clang (this PR appears to be the one that added this feature to LLVM/clang).
instruction_set and inline assembly always interact correctly? This isn't an implementation blocker but needs to be resolved before Stabilization of the attribute.
a32 functions into t32 functions and vice versa, because they count as different code targets. However, this is not necessarily a guarantee from LLVM, it could just be the current implementation, so more investigation is needed.If Rust gains support for the 65C816, the #[instruction_set(?)] attribute might be extended to allow shifting into its 65C02 compatibility mode and back again.
MIPS has a 16-bit encoding which uses a similar scheme as ARM, where the low bit of a function's address is set when the 16-bit encoding is in use for that function.
It might become possible to apply this attribute to trait prototypes in a future versions, in which case all impls of the method would take on the attribute. The main problems are properly specifying it and also that it would add additional compiler complexity for very minimal gain.
LLVM might eventually gain support for inter-instruction-set calls that allow calls between two arches (eg: a hybrid PowerPC/RISC-V).