Add lazy overflow check to cortexm

[ranjitjhala]

@vrindisbacher -- apparently we didn't have overflow checks on in cortexm (and still not rv32i!)

this PR adds those for cortexm

I had to duplicate a run-time check as otherwise I think there is a legitimate possibility of overflow.

Can you take a look? (Its a couple of lines..)

[ranjitjhala]

@vrindisbacher I also added lazy-overflow to rv32i ... I had to add a check or two, and one silly thing in that "loop" where you setup the PMP-regions to track the iterator there doesn't "overflow" which is unlikely as it is bounded by regions.iter() but we'd have to pull in all the .next() specs and what not. Instead, I just added the

flux_support::assume(i <= (u32::MAX / 2) as usize);

Is that plausible? (The i is in 0..MPU_REGIONS but the latter is a generic param ...)

[vrindisbacher]

Yea I think that assume is fine - that i is a generic param bounded by hardware. In practice I think it's at most 64, if my memory is correct - unfortunately the generic is on the trait right? So we can't just stick an invariant to make sure it's never instantiated some way? Either way, I think this is fine for now.