No? Sokoban involves a single agent pushing blocks around a grid. No block can ever move without being pushed, and nothing can ever cross anything else.
In this puzzle, the only way for anything to move is independently, and everything is free to cross anything else.
The USB driver itself can not access arbitrary memory. But it may be able to program the DMA controller of the USB peripheral to access arbitrary memory. So the WebAssembly sandboxing of a driver alone is not enough. You still need some hardware mechanism like an SMMU. Or a trusted module that abstracts the DMA controller.
Indeed we thought this would be a challenge and I didn’t explain this aspect in the blog post. But on this chip, DMA is its own peripheral and the DMA peripheral is not used by the USB driver. Instead, the USB peripheral and the main CPU share a small memory region. The USB peripheral is then programmed in terms of offsets into this shared memory region, rather than physical memory addresses—-the USB peripheral does not have access to all of physical memory. This is discussed at the bottom of page 48 of the thesis itself [1].
This saved a lot of trouble, but in intro work on this I was using another chip (nRF52840) that worked the way you describe. To safely handle DMA in that case, without an IOMMU, we had to add somewhat complex reasoning that looked at each memory read and write to see if it was modifying a DMA control register and reject the write if it could lead to unsafe behavior. More info is on pages 52-55 of the thesis PDF.
This was pretty messy, so it was fortunate that the chip we used had a different plan. Let me know if I’m misunderstanding you!
"performance and control of C" also means that you can make datastructures with arbitrary pointers, right? The simplest example that doesn't work in rust is a linked list.
How can you do that when you only have multiple stacks, but no heap?
