公开(公告)号：US20190012455A1

公开(公告)日：2019-01-10

申请号：US15770560

申请日：2016-09-30

Applicant: ARM LIMITED

Inventor： Graeme Peter BARNES

IPC: G06F21/52

Abstract: An apparatus and method are provided for controlling use of bounded pointers. The apparatus has a plurality of bounded pointer storage elements, each bounded pointer storage element being used to store a bounded pointer and associated permission attributes indicative of allowed uses of the bounded pointer. In accordance with the present technique, the associated permission attributes include a copy permission attribute indicating whether the bounded pointer is allowed to be subjected to a copy operation. Processing circuitry is then responsive to at least one instruction that specifies the copy operation, to generate, from a source bounded pointer and associated permission attributes of a source bounded pointer storage element, a destination bounded pointer and associated permission attributes to be stored in a destination bounded pointer storage element. Furthermore, the processing circuitry marks the source bounded pointer storage element as storing an invalid bounded pointer dependent on whether the copy permission attribute of the source bounded pointer indicates that the source bounded pointer is to be prevented from being subjected to the copy operation. This provides an effective mechanism for inhibiting the subversion of control flow integrity when executing software on the apparatus.

公开(公告)号：US20180225120A1

公开(公告)日：2018-08-09

申请号：US15749806

申请日：2016-07-21

Applicant: ARM LIMITED

Inventor： Graeme Peter BARNES

IPC: G06F9/30 ,  G06F9/46 ,  G06F9/32 ,  G06F9/38

Abstract: An apparatus and method are provided for controlling instruction execution behaviour. The apparatus includes a set of data registers for storing data values, and a set of bounded pointer storage elements, where each bounded pointer storage element stores a pointer having associated range information indicative of an allowable range of addresses when using that pointer. A control storage element stores a current instruction context, and that current instruction context is used to influence the behaviour of at least one instruction executed by processing circuitry, that at least one instruction specifying a pointer reference for a required pointer, where the pointer reference is within at least a first subset of values (in one embodiment the behaviour is influenced irrespective of the value of the required pointer). In particular, when the current instruction context identifies a default state, the processing circuitry uses the pointer reference to identify one of the data registers whose stored data value forms the required pointer. However, when the current instruction context identifies a bounded pointer state, the processing circuitry instead uses the pointer reference to identify one of the bounded pointer storage elements whose stored pointer forms the required pointer. This allows an instruction set to be provided that can be used for both bounded pointer aware code and bounded pointer unaware code, without significantly increasing the pressure on instruction set encoding space.

公开(公告)号：US20210109755A1

公开(公告)日：2021-04-15

申请号：US16971755

申请日：2019-02-13

Applicant: Arm Limited

Inventor： Graeme Peter BARNES ,  Richard Roy GRISENTHWAITE

IPC: G06F9/30 ,  G06F9/32

Abstract: An apparatus (2) comprises an instruction decoder (6) and processing circuitry (4). The instruction decoder (6) supports branch instructions for triggering a non-sequential change of program flow to an instruction at a target address, including: a branch-with-link instruction for which a return address is set for a subsequent return of program flow; and at least one target-checking type of branch instruction, for which when the branch is taken an error handling response is triggered when the instruction at the target address is an instruction other than at least one permitted type of branch target instruction. For at least a subset of the at least one target-checking type of branch instruction, a branch target variant of the branch-with-link instruction is a permitted type of branch target instruction.

公开(公告)号：US20200272575A1

公开(公告)日：2020-08-27

申请号：US16647661

申请日：2019-01-25

Applicant: ARM LIMITED

Inventor： Graeme Peter BARNES

IPC: G06F12/1009

Abstract: An apparatus comprises address translation circuitry to perform a translation of virtual addresses into physical addresses in dependence on stored page table mappings between the virtual addresses and the physical addresses. The stored page table mappings comprise tag-guard control information. The apparatus comprises memory access circuitry to perform a tag-guarded memory access in response to a target physical address, the tag-guarded memory access comprising a guard-tag check of comparing an address tag associated with the target physical address with a guard tag stored in association with a block of one or more memory locations comprising an addressed location identified by the target physical address. The memory access circuitry is arranged to perform a non-tag-guarded memory access to the addressed location in response to the target physical address without performing the guard-tag check in dependence on the tag-guard control information.

公开(公告)号：US20190034664A1

公开(公告)日：2019-01-31

申请号：US16073497

申请日：2016-12-23

Applicant: ARM LIMITED

Inventor： Graeme Peter BARNES ,  Richard Roy GRISENTHWAITE

IPC: G06F21/64 ,  G06F12/14 ,  G06F21/60 ,  G06F21/12

Abstract: An apparatus and method are provided for controlling use of bounded pointers. The apparatus includes storage to store bounded pointers, where each bounded pointer comprises a pointer value and associated attributes, with the associated attributes including range information indicative of an allowable range of addresses when using the pointer value. Processing circuitry is used to perform a signing operation on an input bounded pointer in order to generate an output bounded pointer in which a signature generated by the signing operation is contained within the output bounded pointer in place of specified bits of the input bounded pointer. In addition, the associated attributes include signing information which is set by the processing circuitry within the output bounded pointer to identify that the output bounded pointer has been signed. Such an approach provides increase resilience to control flow integrity attack when using bounded pointers.

公开(公告)号：US20210224203A1

公开(公告)日：2021-07-22

申请号：US17259785

申请日：2019-06-07

Applicant: Arm Limited

Inventor： Richard Roy GRISENTHWAITE ,  Graeme Peter BARNES

IPC: G06F12/14 ,  G06F12/1027 ,  G06F11/07 ,  G06F11/14

Abstract: An apparatus comprising memory access circuitry to perform a tag-guarded memory access in response to a received target address and methods of operation of the same are disclosed. In the tag-guarded memory access a guard-tag retrieval operation seeks to retrieve a guard tag stored in association with a block of one or more memory locations comprising an addressed location identified by the received target address, and a guard-tag check operation compares an address tag associated with the received target address with the guard tag retrieved by the guard-tag retrieval operation. When the guard-tag retrieval operation is unsuccessful in retrieving the guard tag, a substitute guard tag value is stored as the guard tag in association with the block of one or more memory locations comprising the addressed location identified by the target address.

公开(公告)号：US20210034503A1

公开(公告)日：2021-02-04

申请号：US16971415

申请日：2019-01-17

Applicant: Arm Limited

Inventor： Michael John WILLIAMS ,  Graeme Peter BARNES ,  John Michael HORLEY

IPC: G06F11/36

Abstract: A technique is provided for accessing metadata when debugging a program to be executed on processing circuitry. The processing circuitry operates on data formed of data granules having associated metadata items. A method of operating a debugger is provided that comprises controlling the performance of metadata access operations when the debugger decides to access a specified number of metadata items. In particular, the specified number is such that the metadata access operation needs to be performed by the processing circuitry multiple times in order to access the specified number of metadata items. Upon deciding to access a specified number of metadata items, the debugger issues at least one command to cause the processing circuitry to perform a plurality of instances of the metadata access operation in order to access at least a subset of the specified number of metadata items. The number of metadata items accessed by each instance of the metadata access operation is non-deterministic by the debugger from the metadata access operation. However, the at least one command is such that the plurality of instances of the metadata access operation are performed by the processing circuitry without the debugger interrogating the processing circuitry between each instance of the metadata access operation to determine progress in the number of metadata items accessed. Such an approach can significantly improve the efficiency of performing such accesses to metadata items under debugger control.

公开(公告)号：US20210019268A1

公开(公告)日：2021-01-21

申请号：US16981816

申请日：2019-02-12

Applicant: Arm Limited

Inventor： Graeme Peter BARNES ,  Jasen Milov BORISOV

IPC: G06F12/14 ,  G06F12/0853 ,  G06F12/0897 ,  G06F12/1027 ,  G06F9/30 ,  G06F21/79 ,  G06F7/58

Abstract: An apparatus has processing circuitry (4); memory access circuitry (15) to perform a guard tag check for a tag checking target address having an associated address tag, the guard tag check comprising comparing the address tag with a guard tag stored in a memory system in association with a block of one or more memory locations comprising an addressed location identified by the target address; and an instruction decoder (6) responsive to a random tag setting instruction specifying a tag setting target address, to control the processing circuitry (4) to set the address tag associated with the tag setting target address to a random tag value randomly selected from a set of candidate tag values.

公开(公告)号：US20200233816A1

公开(公告)日：2020-07-23

申请号：US16647729

申请日：2018-12-10

Applicant: ARM LIMITED

Inventor： Graeme Peter BARNES

IPC: G06F12/14 ,  G06F9/30

Abstract: An apparatus has memory access circuitry to perform a tag-guarded memory access operation in response to a target address. The tag-guarded memory access operation comprises: comparing an address tag associated with the target address with a guard tag stored in a memory system in association with a block of one or more memory locations comprising an addressed location identified by the target address, and generating an indication of whether a match is detected between the guard tag and the address tag. An instruction decoder decodes a multiple guard tag setting instruction to control the memory access circuitry to trigger memory accesses to update the guard tags associated with at least two consecutive blocks of one or more memory locations.

公开(公告)号：US20210334019A1

公开(公告)日：2021-10-28

申请号：US17370291

申请日：2021-07-08

Applicant: Arm Limited

Inventor： Richard Roy GRISENTHWAITE ,  Graeme Peter BARNES

IPC: G06F3/06

Abstract: An apparatus comprises processing circuitry to perform data processing in response to instructions, and memory access circuitry to perform a tag-guarded memory access operation in response to a target address. The tag-guarded memory access operation comprises comparing an address tag associated with the target address with a guard tag stored in a memory system in association with a block of one or more memory locations comprising an addressed location identified by the target address, and generating an indication of whether a match is detected between the guard tag and the address tag. The memory access circuitry determines, according to a programmable mapping, a mapping of guard tag storage locations for storing guard tags for corresponding blocks of memory locations.