公开(公告)号：US20170024559A1

公开(公告)日：2017-01-26

申请号：US14807609

申请日：2015-07-23

Applicant: Apple Inc.

Inventor： Gregory D. Hughes ,  Conrado Blasco ,  Gerard R. Williams, III ,  Jacques Anthony Vidrine ,  Jeffry E. Gonion ,  Timothy R. Paaske ,  Tristan F. Schaap

IPC: G06F21/54

CPC classification number: G06F21/54

Abstract: Systems, apparatuses, methods, and computer-readable mediums for preventing return oriented programming (ROP) attacks. A compiler may insert landing pads adjacent to valid return targets in an instruction sequence. When a return instruction is executed, the processor may treat the return as suspicious if the target of the return instruction does not have an adjacent landing pad. Additionally, each landing pad may be encoded with a color, and a colored launch pad may be inserted into the instruction stream next to each return instruction. When a return instruction is executed, the processor may determine if the target of the return has a landing pad with the same color as the launch pad of the return instruction. Return-target pairs with color mismatches may be treated as suspicious and the offending process may be killed.

Abstract translation: 用于防止返回定向编程（ROP）攻击的系统，装置，方法和计算机可读介质。 编译器可以在指令序列中插入与有效返回目标相邻的着陆焊盘。 当执行返回指令时，如果返回指令的目标没有相邻的着陆垫，则处理器可以将返回值视为可疑。 此外，每个着陆垫可以用颜色编码，并且彩色的发射板可以插入每个返回指令旁边的指令流中。 当执行返回指令时，处理器可以确定返回目标是否具有与返回指令的发射台相同颜色的着陆键盘。 具有颜色不匹配的返回目标对可能被视为可疑的，并且违规进程可能被杀死。

公开(公告)号：US09501284B2

公开(公告)日：2016-11-22

申请号：US14502901

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Pradeep Kanapathipillai ,  Richard F. Russo ,  Sandeep Gupta ,  Conrado Blasco

IPC: G06F9/38 ,  G06F9/30

CPC classification number: G06F9/3842 ,  G06F9/30087 ,  G06F9/3834 ,  G06F9/3857

Abstract: A processor includes a mechanism that checks for and flushes only speculative loads and any respective dependent instructions that are younger than an executed wait for event (WEV) instruction, and which also match an address of a store instruction that has been determined to have been executed by a different processor prior to execution of the paired SEV instruction by the different processor. The mechanism may allow speculative loads that do not match the address of any store instruction that has been determined to have been executed by a different processor prior to execution of the paired SEV instruction by the different processor.

Abstract translation: 处理器包括一种机制，其仅检查和刷新推测负载以及比执行的等待事件（WEV）指令更年轻的任何相应的依赖指令，并且还匹配已经被确定已被执行的存储指令的地址 在由不同处理器执行配对SEV指令之前由不同的处理器。 该机制可以允许在由不同的处理器执行配对的SEV指令之前，已经确定已被不同处理器执行的任何存储指令的地址不匹配的推测性负载。

公开(公告)号：US20160092236A1

公开(公告)日：2016-03-31

申请号：US14502901

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Pradeep Kanapathipaillai ,  Richard F. Russo ,  Sandeep Gupta ,  Conrado Blasco

IPC: G06F9/38

CPC classification number: G06F9/3842 ,  G06F9/30087 ,  G06F9/3834 ,  G06F9/3857

Abstract: A processor includes a mechanism that checks for and flushes only speculative loads and any respective dependent instructions that are younger than an executed wait for event (WEV) instruction, and which also match an address of a store instruction that has been determined to have been executed by a different processor prior to execution of the paired SEV instruction by the different processor. The mechanism may allow speculative loads that do not match the address of any store instruction that has been determined to have been executed by a different processor prior to execution of the paired SEV instruction by the different processor.

Abstract translation: 处理器包括一种机制，其仅检查和刷新推测负载以及比执行的等待事件（WEV）指令更年轻的任何相应的依赖指令，并且还匹配已经被确定已被执行的存储指令的地址 在由不同处理器执行配对SEV指令之前由不同的处理器。 该机制可以允许在由不同的处理器执行配对的SEV指令之前，已经确定已被不同处理器执行的任何存储指令的地址不匹配的推测性负载。

公开(公告)号：US20230010948A1

公开(公告)日：2023-01-12

申请号：US17932883

申请日：2022-09-16

Applicant: Apple Inc.

Inventor： Jeffry E. Gonion ,  Ian D. Kountanis ,  Conrado Blasco ,  Steven Andrew Myers ,  Yannick L. Sierra

IPC: G06F9/38 ,  G06F21/60 ,  G06F9/455 ,  G06F9/30

Abstract: A system and method for efficiently protecting branch prediction information. In various embodiments, a computing system includes at least one processor with a branch predictor storing branch target addresses and security tags in a table. The security tag includes one or more components of machine context. When the branch predictor receives a portion of a first program counter of a first branch instruction, and hits on a first table entry during an access, the branch predictor reads out a first security tag. The branch predictor compares one or more components of machine context of the first security tag to one or more components of machine context of the first branch instruction. When there is at least one mismatch, the branch prediction information of the first table entry is not used. Additionally, there is no updating of any branch prediction training information of the first table entry.

公开(公告)号：US11416254B2

公开(公告)日：2022-08-16

申请号：US16705023

申请日：2019-12-05

Applicant: Apple Inc.

Inventor： Deepankar Duggal ,  Kulin N. Kothari ,  Conrado Blasco ,  Muawya M. Al-Otoom

IPC: G06F9/30 ,  G06F9/38

Abstract: Systems, apparatuses, and methods for implementing zero cycle load bypass operations are described. A system includes a processor with at least a decode unit, control logic, mapper, and free list. When a load operation is detected, the control logic determines if the load operation qualifies to be converted to a zero cycle load bypass operation. Conditions for qualifying include the load operation being in the same decode group as an older store operation to the same address. Qualifying load operations are converted to zero cycle load bypass operations. A lookup of the free list is prevented for a zero cycle load bypass operation and a destination operand of the load is renamed with a same physical register identifier used for a source operand of the store. Also, the data of the store is bypassed to the load.

公开(公告)号：US20190286218A1

公开(公告)日：2019-09-19

申请号：US16363517

申请日：2019-03-25

Applicant: Apple Inc.

Inventor： Conrado Blasco ,  Ronald P. Hall ,  Ramesh B. Gunna ,  Ian D. Kountanis ,  Shyam Sundar ,  André Seznec

IPC: G06F1/3237 ,  G06F1/3296 ,  G06F1/3234 ,  G06F1/324 ,  G06F9/38

Abstract: A processor includes a mechanism for disabling a memory array of a branch prediction unit. The processor may include a next fetch prediction unit that may include a number of entries. Each entry may correspond to a next instruction fetch group and may store an indication of whether or not the corresponding the next fetch group includes a conditional branch instruction. In response to an indication that the next fetch group does not include a conditional branch instruction, the fetch prediction unit may be configured to disable, in a next instruction execution cycle, the memory array of the branch prediction unit.

公开(公告)号：US09952863B1

公开(公告)日：2018-04-24

申请号：US14842421

申请日：2015-09-01

Applicant: Apple Inc.

Inventor： Conrado Blasco ,  Deepankar Duggal ,  Richard F. Russo

IPC: G06F9/44 ,  G06F9/45 ,  G06F9/445 ,  G06F9/30 ,  G06F9/38 ,  G06F9/32

CPC classification number: G06F9/3005 ,  G06F9/30079 ,  G06F9/30145 ,  G06F9/327 ,  G06F9/3855 ,  G06F11/30

Abstract: Techniques are disclosed relating to capturing information related to instructions executing on in a processor. In one embodiment, an integrated circuit is disclosed that includes an execution pipeline configured to execute a sequence of instructions. The integrated circuit includes monitoring circuitry configured to monitor the execution pipeline for occurrences of an event associated with the sequence of instructions, and in response to detecting a particular number of occurrences of the event, capture a value of a program counter corresponding to an instruction of the sequence of instructions that is associated with an occurrence of the event. The monitoring circuitry stores the captured value of the program counter in a distinct capture register and signals an interrupt indicating that the captured value of the program counter is retrievable from the capture register. In some embodiments, a debugging application may retrieve the value and present it to a developer attempting perform code profiling.

公开(公告)号：US11379240B2

公开(公告)日：2022-07-05

申请号：US16778939

申请日：2020-01-31

Applicant: Apple Inc.

Inventor： Muawya M. Al-Otoom ,  Ian D. Kountanis ,  Conrado Blasco ,  Haoyan Jia ,  Amit Kumar

IPC: G06F9/38

Abstract: In an embodiment, an indirect branch predictor generates indirect branch predictions based on one or more register values. The register values may be the contents of registers on which the indirect branch instruction is directly or indirectly dependent for generating the branch target address, for example. In an embodiment, at least one of the registers may be a source for a load instruction, and the indirect branch may be dependent (directly or indirectly) on the target of the load. In an embodiment, the indirect branch predictor may be one of at least two indirect branch predictors in a processor. The other indirect branch predictor may be based on a fetch address, or PC, associated with the indirect branch instruction. The other indirect branch predictor may generate a first predicted target address, and the indirect branch predictor may generate a second predicted target address for the same indirect branch instruction.

公开(公告)号：US20210064376A1

公开(公告)日：2021-03-04

申请号：US16551208

申请日：2019-08-26

Applicant: Apple Inc.

Inventor： Deepankar Duggal ,  Conrado Blasco ,  Muawya M. Al-Otoom ,  Richard F. Russo

IPC: G06F9/38

Abstract: Systems, apparatuses, and methods for implementing a physical register last reference scheme are described. A system includes a processor with a mapper, history file, and freelist. When an entry in the mapper is updated with a new architectural register-to-physical register mapping, the processor creates a new history file entry for the given instruction that caused the update. The processor also searches the mapper to determine if the old physical register that was previously stored in the mapper entry is referenced by any other mapper entries. If there are no other mapper entries that reference this old physical register, then a last reference indicator is stored in the new history file entry. When the given instruction retires, the processor checks the last reference indicator in the history file entry to determine whether the old physical register can be returned to the freelist of available physical registers.

公开(公告)号：US10719327B1

公开(公告)日：2020-07-21

申请号：US14716449

申请日：2015-05-19

Applicant: Apple Inc.

Inventor： Muawya M. Al-Otoom ,  Ian D. Kountanis ,  Conrado Blasco

IPC: G06F9/38 ,  G06F9/30

Abstract: In some embodiments, a branch prediction unit includes a plurality of branch prediction circuits and selection logic. At least two of the branch prediction circuits are configured, based on an address of a branch instruction and different sets of history information, to provide a corresponding branch prediction for the branch instruction. At least one storage element of the at least two branch prediction circuits is set associative. The selection logic is configured to select a particular branch prediction output by one of the branch prediction circuits as a current branch prediction output of the branch prediction unit. In some instances, the branch prediction unit may be less likely to replace branch prediction information, as compared to a different branch prediction unit that does not include a set associative storage element. In some embodiments, this arrangement may lead to increased performance of the branch prediction unit.