On 10/23/2025 5:47 PM, Joel Fernandes wrote:
>>>> Finally, for runtime values such as indexes, it could be useful to verify
>>>> once and then allow infallible reads/writes through some kind access token.
>>> Why? The verification is already done at compile-time AFAICS.
>> Well, that's the point. Those are runtime values, and as of now, the only
>> support for those is for arrays of registers when one, when using try_xxx
>> methods, ends up with check being performed each time the method is called.
>> Ah for this part of your email, you are referring to try accessors. For the
> fixed sizes regions at least, to avoid the runtime check, it will be possible
> to
> accept BoundedInt [1] in the future. That type actually came up for the exact
> same reason (keeping the checking light). This cleverly moves the checking to
> the caller side which could be done in a slow path. If the size of the IO
> region
> is fixed, then you don’t need to use try accessors at all if you use
> BoundedInt
> whenever we have it.
To clarify, BoundedInt is supposed to bound the values passed to the APIs, not
the address. Perhaps we can add additional types for the offsets as well.
thanks,
- Joel
