Merge pull request #130 from ved-rivos/arc_updates_1

Additional ARC review updates

cfi_backward.adoc

@@ -93,7 +93,7 @@ backward-edge CFI protection as the Zicfiss instructions will revert to their
 Zimop/Zcmop-defined behavior.
 
 On processors that do not support Zimop/Zcmop extensions, all Zimop/Zcmop code
-points including those used for Zicfiss instructions cause an
+points including those used for Zicfiss instructions may cause an
 illegal-instruction exception. Execution of programs that use these
 instructions on such machines is not supported.
 ====
@@ -384,8 +384,6 @@ The operation of the `sspush` and `c.sspush` instructions is as follows:
 If (xBCFIE == 1)
     mem[ssp - (XLEN/8)] = X(src)  # Store src value to ssp - XLEN/8
     ssp = ssp - (XLEN/8)          # decrement ssp by XLEN/8
-else
-    X(dst) = 0
 endif
 ----
 
@@ -409,8 +407,6 @@ The operation of the `sspinc` instruction is as follows:
 ----
 if (xBCFIE == 1)
     ssp = ssp + (nzuimm * XLEN/8)
-else
-    X(dst) = 0
 endif
 ----
 
@@ -429,8 +425,6 @@ if (xBCFIE == 1)
     else
        ssp = ssp + (XLEN/8)    # increment ssp by XLEN/8.
     endif
-else
-    X(dst) = 0
 endif
 ----
 
@@ -695,6 +689,10 @@ cannot be stored to by instructions other than `sspush`, `c.sspush`, and
 `ssamoswap`. The `ssload`, `sspopchk`, and `c.sspopchk` instructions can only
 load from shadow stack memory.
 
+The `sspush` and `c.sspush` instructions perform a store. The `ssamoswap`
+instruction performs an AMO. The `ssload`, `sspopchk`, and `c.sspopchk`
+instructions perfom a load.
+
 The shadow stack can be read using all instructions that load from memory.
 
 Attempting to fetch an instruction from a shadow stack page raises an
@@ -752,7 +750,8 @@ follows:
 3. If `pte.v = 0` or if any bits of encodings that are reserved for future
    standard use are set within `pte`, stop and raise a page-fault exception
    corresponding to the original access type. The encoding `pte.xwr = 010b`
-   is not reserved if `menvcfg.CFIE` is 1 or if `V=1` and `henvcfg.CFIE` is 1.
+   is not reserved if `V=0` and `menvcfg.SBCFIE` is 1 or if `V=1` and
+   `henvcfg.SBCFIE` is 1.
 
 4. Otherwise, the PTE is valid. If `pte.r = 1` or `pte.w = 1` or `pte.x = 1`,
    go to step 5. Otherwise, this PTE is a pointer to the next level of the page

cfi_csrs.adoc

@@ -72,7 +72,7 @@ rules apply when `V=1`.
 * The 32-bit Zicfiss instructions revert to their Zimop defined behavior.
 * The 16-bit Zicfiss instructions revert to their Zcmop defined behavior.
 * The `pte.xwr=010b` encoding in VS-stage page tables is reserved.
-* The `sstatus.UBCFIE` field is read-only zero.
+* The `sstatus.UBCFIE` (really `vsstatus.UBCFIE`) field is read-only zero.
 
 Zicfilp extension introduces the `SFCFIE` field (bit 59) in `henvcfg`. When
 `SFCFIE` field is 1, the Zicfilp extension is active in VS-mode. When `SFCFIE`

cfi_forward.adoc

@@ -15,6 +15,8 @@ indirect call or an indirect jump. The `ELP` state can be one of:
 * 0 - `NO_LP_EXPECTED`
 * 1 - `LP_EXPECTED`
 
+The `ELP` state is initialized to `NO_LP_EXPECTED` by the hardware upon reset.
+
 The Zicfilp extension, when active, determines if an indirect call or an
 indirect jump must land on a landing pad, as specified in <<IND_CALL_JMP>>. If
 `is_lp_expected` is 1, then the hart updates the `ELP` to `LP_EXPECTED`.
@@ -181,7 +183,7 @@ completion of `JALR`/`C.JALR`/`C.JR`, but before the instruction at the target
 of indirect call/jump was decoded, due to:
 
 * Asynchronous interrupts.
-* Synchronous exceptions with priority lower than that of an illegal-instruction
+* Synchronous exceptions with priority higher than that of an illegal-instruction
   exception (See Table 3.7 of Privileged Specification cite:[PRIV]).
 
 The illegal-instruction exception due to the instruction not being an `lpad`

cfi_intro.adoc

@@ -50,9 +50,9 @@ register as destination, i.e., `rd != x0`. Conventionally, the link register is
 `C.JALR` expands to `JALR x1, 0(rs1)` and is a _call_. A _call_ using `JALR` or
 `C.JALR` is termed an _indirect-call_.
 
-The term _return_ is used to refer to a `JALR` instruction with `rs1 == x1` or
-`rs1 == x5` and `rd == x0`. A `C.JR` instruction expands to `JALR x0, 0(rs1)`
-and is a _return_ if `rs1 == x1` or `rs1 == x5`.
+The term _return_ is used to refer to a `JALR` instruction with `rd == x0` and
+with `rs1 == x1` or `rs1 == x5` and `rd == x0`. A `C.JR` instruction expands to
+`JALR x0, 0(rs1)` and is a _return_ if `rs1 == x1` or `rs1 == x5`.
 
 The term _indirect-jump_ is used to refer to a `JALR` instruction with `rd == x0`
 and where the `rs1` is not `x1` or `x5` (i.e., not a return). A `C.JR`