Apparatus and method for controlling use of bounded pointers

US 10,650,136 B2
Filed: 09/30/2016
Issued: 05/12/2020
Est. Priority Date: 11/12/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a plurality of bounded pointer storage elements, each bounded pointer storage element to store a bounded pointer and associated permission attributes indicative of allowed uses of the bounded pointer, said associated permission attributes comprising a copy permission attribute indicating whether the bounded pointer is allowed to be subjected to a copy operation; and

processing circuitry, responsive to at least one instruction that specifies the copy operation, to generate, from a source bounded pointer and associated permission attributes of a source bounded pointer storage element, a destination bounded pointer and associated permission attributes to be stored in a destination bounded pointer storage element, and to mark the source bounded pointer storage element as storing an invalid bounded pointer dependent on whether the copy permission attribute of the source bounded pointer has a first value indicating that the source bounded pointer is to be prevented from being subjected to the copy operation, whereas when the copy permission attribute has a second value indicating that the source bounded pointer is allowed to be subjected to the copy operation, the processing circuitry is arranged to retain the source bounded pointer storage element as storing a valid bounded pointer;

whereineach bounded pointer storage element has a validity field associated therewith to indicate whether the bounded pointer storage element stores a valid bounded pointer, and the processing circuitry is arranged to mark the source bounded pointer storage element as storing an invalid bounded pointer by updating the validity field associated with the source bounded pointer storage element to identify that the source bounded pointer is invalid.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method are provided for controlling use of bounded pointers. The apparatus has a plurality of bounded pointer storage elements, each bounded pointer storage element being used to store a bounded pointer and associated permission attributes indicative of allowed uses of the bounded pointer. In accordance with the present technique, the associated permission attributes include a copy permission attribute indicating whether the bounded pointer is allowed to be subjected to a copy operation. Processing circuitry is then responsive to at least one instruction that specifies the copy operation, to generate, from a source bounded pointer and associated permission attributes of a source bounded pointer storage element, a destination bounded pointer and associated permission attributes to be stored in a destination bounded pointer storage element. Furthermore, the processing circuitry marks the source bounded pointer storage element as storing an invalid bounded pointer dependent on whether the copy permission attribute of the source bounded pointer indicates that the source bounded pointer is to be prevented from being subjected to the copy operation. This provides an effective mechanism for inhibiting the subversion of control flow integrity when executing software on the apparatus.

10 Citations

20 Claims

1. An apparatus, comprising:
- a plurality of bounded pointer storage elements, each bounded pointer storage element to store a bounded pointer and associated permission attributes indicative of allowed uses of the bounded pointer, said associated permission attributes comprising a copy permission attribute indicating whether the bounded pointer is allowed to be subjected to a copy operation; and
  
  processing circuitry, responsive to at least one instruction that specifies the copy operation, to generate, from a source bounded pointer and associated permission attributes of a source bounded pointer storage element, a destination bounded pointer and associated permission attributes to be stored in a destination bounded pointer storage element, and to mark the source bounded pointer storage element as storing an invalid bounded pointer dependent on whether the copy permission attribute of the source bounded pointer has a first value indicating that the source bounded pointer is to be prevented from being subjected to the copy operation, whereas when the copy permission attribute has a second value indicating that the source bounded pointer is allowed to be subjected to the copy operation, the processing circuitry is arranged to retain the source bounded pointer storage element as storing a valid bounded pointer;
  
  whereineach bounded pointer storage element has a validity field associated therewith to indicate whether the bounded pointer storage element stores a valid bounded pointer, and the processing circuitry is arranged to mark the source bounded pointer storage element as storing an invalid bounded pointer by updating the validity field associated with the source bounded pointer storage element to identify that the source bounded pointer is invalid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. An apparatus as claimed in claim 1, wherein the validity field is a tag field identifying a data type of content of the associated bounded pointer storage element, when the tag field has a first value the content forming a bounded pointer and associated permission attributes, and when the tag value has a value other than said first value the content being treated as data other than a bounded pointer and associated permission attributes.
  - 3. An apparatus as claimed in claim 1, wherein the processing circuitry is arranged, when executing said at least one instruction that specifies the copy operation, to mark the source bounded pointer storage element as storing an invalid bounded pointer when the copy permission attribute of the source bounded pointer has the first value indicating that the source bounded pointer is to be prevented from being subjected to the copy operation.
  - 4. An apparatus as claimed in claim 1, wherein:
    - said associated permission attributes comprise a sharing attribute indicating whether the bounded pointer is shared between multiple threads; and
      
      the processing circuitry is arranged, when executing said at least one instruction that specifies the copy operation, to mark the source bounded pointer storage element as storing an invalid bounded pointer when the copy permission attribute of the source bounded pointer has the first value indicating that the source bounded pointer is to be prevented from being subjected to the copy operation and the sharing attribute indicates that the bounded pointer is not shared between multiple threads.
  - 5. An apparatus as claimed in claim 1, wherein:
    - the source bounded pointer comprises a pointer value and associated range information, and during the copy operation a modification of the pointer value is prohibited.
  - 6. An apparatus as claimed in claim 5, wherein the source bounded pointer is used to determine a function pointer.
  - 7. An apparatus as claimed in claim 1, wherein the copy operation causes the destination bounded pointer and associated permission attributes to be a replica of the source bounded pointer and associated permission attributes.
  - 8. An apparatus as claimed in claim 1, wherein the copy operation causes at least one of the destination bounded pointer and associated permission attributes to be a modified version of the source bounded pointer and associated permission attributes.
  - 9. An apparatus as claimed in claim 8, wherein during the copy operation extension of the bounds of the bounded pointer is prohibited.
  - 10. An apparatus as claimed in claim 8, wherein during the copy operation modification of the associated permission attributes to increase the allowed uses of the bounded pointer is prohibited.
  - 11. An apparatus as claimed in claim 1, wherein at least one of the source bounded pointer storage element and the destination bounded pointer storage element is a bounded pointer register.
  - 12. An apparatus as claimed in claim 1, wherein at least one of the source bounded pointer storage element and the destination bounded pointer storage element is a memory location.
  - 13. An apparatus as claimed in claim 1, wherein said at least one instruction comprises a first instruction that is a “
    - no copy”
      
      variant of a second instruction, and the processing circuitry is responsive to execution of said second instruction in an instance where the copy permission attribute of the source bounded pointer indicates that the source bounded pointer is to be prevented from being subjected to the copy operation, to implement a predetermined action to prevent a copy of the source bounded pointer being created.
  - 14. An apparatus as claimed in claim 13, wherein said predetermined action comprises aborting execution of the second instruction.
  - 15. An apparatus as claimed in claim 13, wherein said predetermined action comprises marking the destination bounded pointer storage element as storing an invalid bounded pointer.
  - 16. An apparatus as claimed in claim 1, wherein:
    - said at least one instruction comprises a branch instruction, and the source bounded pointer is used to generate a target address for storage as a new program counter value within a program counter bounded pointer storage element.
  - 17. An apparatus as claimed in claim 16, wherein said branch instruction is a branch with link instruction, during execution of the branch with link instruction the processing circuitry being arranged to store a current content of the program counter bounded pointer storage element within a link register bounded pointer storage element to identify a return address bounded pointer, and to set the copy permission attribute within the link register bounded pointer storage element to indicate that the return address bounded pointer is to be prevented from being subjected to the copy operation.
  - 18. An apparatus as claimed in claim 1, wherein each bounded pointer storage element comprises a first sub-element to store the bounded pointer and a second sub-element to store the associated permission attributes.

19. A method of controlling use of bounded pointers within an apparatus having a plurality of bounded pointer storage elements, each bounded pointer storage element storing a bounded pointer and associated permission attributes indicative of allowed uses of the bounded pointer, the method comprising:
- providing a copy permission attribute within said associated permission attributes, the copy permission attribute indicating whether the bounded pointer is allowed to be subjected to a copy operation; and
  
  responsive to at least one instruction that specifies the copy operation, generating, from a source bounded pointer and associated permission attributes of a source bounded pointer storage element, a destination bounded pointer and associated permission attributes to be stored in a destination bounded pointer storage element, and marking the source bounded pointer storage element as storing an invalid bounded pointer dependent on whether the copy permission attribute of the source bounded pointer has a first value indicating that the source bounded pointer is to be prevented from being subjected to the copy operation, whereas when the copy permission attribute has a second value indicating that the source bounded pointer is allowed to be subjected to the copy operation, retaining the source bounded pointer storage element as storing a valid bounded pointer;
  
  providing each bounded pointer storage element with a validity field associated therewith to indicate whether the bounded pointer storage element stores a valid bounded pointer; and
  
  marking the source bounded pointer storage element as storing an invalid bounded pointer by updating the validity field associated with the source bounded pointer storage element to identify that the source bounded pointer is invalid.

20. An apparatus, comprising:
- a plurality of bounded pointer storage element means, each bounded pointer storage element means for storing a bounded pointer and associated permission attributes indicative of allowed uses of the bounded pointer, said associated permission attributes comprising a copy permission attribute indicating whether the bounded pointer is allowed to be subjected to a copy operation; and
  
  processing means for generating from a source bounded pointer and associated permission attributes of a source bounded pointer storage element means, in response to at least one instruction that specifies the copy operation, a destination bounded pointer and associated permission attributes to be stored in a destination bounded pointer storage element means, and for marking the source bounded pointer storage element means as storing an invalid bounded pointer dependent on whether the copy permission attribute of the source bounded pointer has a first value indicating that the source bounded pointer is to be prevented from being subjected to the copy operation, whereas when the copy permission attribute has a second value indicating that the source bounded pointer is allowed to be subjected to the copy operation, the processing means is arranged to retain the source bounded pointer storage element means as storing a valid bounded pointer;
  
  whereineach bounded pointer storage element means has a validity field associated therewith to indicate whether the bounded pointer storage element means stores a valid bounded pointer, and the processing means is arranged to mark the source bounded pointer storage element means as storing an invalid bounded pointer by updating the validity field associated with the source bounded pointer storage element means to identify that the source bounded pointer is invalid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arm Limited (SoftBank Group Corp.)
Original Assignee
Arm Limited (SoftBank Group Corp.)
Inventors
Barnes, Graeme Peter
Primary Examiner(s)
Mehedi, Morshed

Application Number

US15/770,560
Publication Number

US 20190012455A1
Time in Patent Office

1,320 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 2221/033   Test or assess software

G06F 9/30105   Register structure

G06F 9/3013   according to data content, ...

G06F 9/30192   according to data descripto...

G06F 9/35   Indirect addressing

Apparatus and method for controlling use of bounded pointers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for controlling use of bounded pointers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links