Processing metadata, policies, and composite tags
First Claim
1. A method of processing instructions comprising:
- receiving, for metadata processing, a plurality of metadata tags associated with a current instruction, said metadata processing being performed in a metadata processing domain isolated from a code execution domain including the current instruction, each of the plurality of metadata tags relating to a respective component policy of a composite policy;
processing the plurality of metadata tags in parallel by respective rule cache miss handlers comprising a plurality of hardware rule handlers, wherein processing, for each metadata tag of the plurality of metadata tags, comprises;
determining, by a respective rule cache miss handler, in the metadata processing domain and in accordance with the metadata tag and the current instruction, whether a rule exists in a rule cache for the current instruction, said rule cache including rules on metadata used by said metadata processing to define allowed instructions; and
providing a respective output;
generating a composite result tag by combining the respective outputs into a single metadata Lag for the composite policy including each respective policy; and
simultaneously enforcing, by the plurality of hardware rule cache miss handlers, each of the policies for the current instruction, each of the policies enforced by a respective hardware rule cache miss handler.
2 Assignments
0 Petitions
Accused Products
Abstract
A method includes receiving, for metadata processing, a current instruction with a associated metadata tags. The metadata processing is performed in a metadata processing domain isolated from a code execution domain including the current instruction. Each respective associated metadata tag representing a respective policy of the composite policy. The associated metadata tags further including pointers to tags of a component policy of the composite policy. For each respective metadata tag, the method includes determining, in the metadata processing domain and in accordance with the metadata tag and the current instruction, whether a rule exists in a rule cache for the current instruction. The rule cache including rules on metadata used by said metadata processing to define allowed instructions. The determination of whether a rule exists resulting in a respective output. The method further includes generating a composite result tag by combining the respective outputs into a single metadata tag representing the composite policy including each respective policy.
-
Citations
14 Claims
-
1. A method of processing instructions comprising:
-
receiving, for metadata processing, a plurality of metadata tags associated with a current instruction, said metadata processing being performed in a metadata processing domain isolated from a code execution domain including the current instruction, each of the plurality of metadata tags relating to a respective component policy of a composite policy; processing the plurality of metadata tags in parallel by respective rule cache miss handlers comprising a plurality of hardware rule handlers, wherein processing, for each metadata tag of the plurality of metadata tags, comprises; determining, by a respective rule cache miss handler, in the metadata processing domain and in accordance with the metadata tag and the current instruction, whether a rule exists in a rule cache for the current instruction, said rule cache including rules on metadata used by said metadata processing to define allowed instructions; and providing a respective output; generating a composite result tag by combining the respective outputs into a single metadata Lag for the composite policy including each respective policy; and simultaneously enforcing, by the plurality of hardware rule cache miss handlers, each of the policies for the current instruction, each of the policies enforced by a respective hardware rule cache miss handler. - View Dependent Claims (2, 3, 4, 5, 6, 14)
-
-
7. A system for processing instructions comprising:
-
at least one hardware rule cache miss handler configured to; receive, for metadata processing, a plurality of metadata tags associated with a current instruction, said metadata processing being performed in a metadata processing domain isolated from a code execution domain including the current instruction, each of the plurality of metadata tags relating to a respective component policy of a composite policy, and processing the plurality of metadata tags in parallel by respective rule cache miss handlers comprising a plurality of hardware rule handlers, wherein processing, for each metadata tag of the plurality of metadata tags, comprises; determining, by a respective rule cache miss handler, in the metadata processing domain and in accordance with the metadata tag and the current instruction, whether a rule exists in a rule cache for the current instruction, said rule cache including rules on metadata used by said metadata processing to define allowed instructions, and providing a respective output; a hardware concatenation module configured to generate a composite result tag by combining the respective outputs into a single metadata tag for the composite policy including each respective policy; and simultaneously enforcing, by the plurality of hardware rule cache miss handlers, each of the policies for the current instruction, each of the policies enforced by a respective hardware rule cache miss handler. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification