DOCSLIB.ORG

Analysis of X86 Application and System Programs Via Machine-Code Verification

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Analysis of X86 Application and System Programs Via Machine-Code Verification Analysis of x86 Application and System Programs via Machine-Code Verification Shilpi Goel The University of Texas at Austin Ph.D. Dissertation Proposal 29th April, 2015 Outline ๏ Motivation ๏ State of the Art ๏ Proposed Dissertation Project ‣ [Task 1] Developing an x86 ISA Model ‣ [Task 2] Building a Machine-Code Analysis Framework ‣ [Task 3] Verifying Application and System Programs ๏ Future Work ๏ Expected Contributions 2 /33 Motivation • Software systems are ubiquitous. • Cost of incorrect software is extremely high. • Formal verification can increase software quality. • Approach: Machine-code verification for x86 platforms Motivation 3 /33 Motivation • Why not high-level code verification? X High-level verification frameworks do not address compiler bugs ✓ Verified/verifying compilers can help X But these compilers typically generate inefficient code X Need to build verification frameworks for many high-level languages X Sometimes, high-level code is unavailable • Why x86? ✓ x86 is in widespread use — our approach will have immediate practical application Motivation 4 /33 State of the Art: x86 Machine-Code Analysis [Morrisett et al.] Formal x86 ISA Security policy violation checks in specification browsers [Reps et al.] Control & data flow Point tools; approximation of analysis program behavior [Myreen] Decompilation-in-Logic Analysis of application programs [Moore] Codewalker [Klein et al.] SeL4 Clean-slate development of [Shao et al.] Certified OS kernels verified software State of the Art 5 /33 State of the Art: x86 Machine-Code Analysis We need more! Security policy violation checks in General analysis browsers Precisely capture Point tools; approximation of program behavior program behavior Analyze application Analysis of application programs and system programs Verify existing Clean-slate development of software verified software State of the Art 5 /33 Example: Analysis of a Data-Copy Program Specification: Copy data x from linear (virtual) memory location l0 to disjoint linear memory location l1. l0 x Verification Objective: After a successful copy, l0 and l1 contain x. p x Implementation: l1 x Include the copy-on-write technique: l0 and l1 can be mapped to the same physical memory location p. Linear Physical ‣ System calls Memory Memory ‣ Modifications to address mapping ‣ Access control management Example 6 /33 Proposed Dissertation Project • Goal: Build robust tools to increase software reliability ‣ Verify critical properties of application and system programs ‣ Correctness with respect to behavior, security, & resource usage • Plan of Action: 1. Build a formal, executable x86 ISA model using ACL2, 2. Develop a machine-code analysis framework based on this model, and 3. Employ this framework to verify application and system programs. Proposed Dissertation Project 7 /33 Expected Contributions Briefly: • A new tool: general-purpose analysis framework for x86 machine-code • Program verification taking memory management into account: analysis of programs, including low-level system & ISA features • Reasoning strategies: insight into low-level code verification in general • Foundation for future research: target for verified/verifying compilers Expected Contributions 8 /33 Outline ๏ Motivation ๏ State of the Art ๏ Proposed Dissertation Project ‣ [Task 1] Developing an x86 ISA Model ‣ [Task 2] Building a Machine-Code Analysis Framework ‣ [Task 3] Verifying Application and System Programs ๏ Future Work ๏ Expected Contributions 9 /33 Model Development Obtaining the x86 ISA Specification Task 1 | x86 ISA Model | Model Development 10/33 Model Development Obtaining the x86 ISA Specification ~3400 pages Task 1 | x86 ISA Model | Model Development 10/33 Model Development Obtaining the x86 ISA Specification All AMD manuals: ~3000 pages ~3400 pages Task 1 | x86 ISA Model | Model Development 10/33 Model Development Obtaining the x86 ISA Specification __asm__ volatile ("stc\n\t" // Set CF. "mov $0, %%eax\n\t" // Set EAX = 0. "mov $0, %%ebx\n\t" // Set EBX = 0. "mov $0, %%ecx\n\t" // Set ECX = 0. "mov %4, %%ecx\n\t" // Set CL = rotate_by. "mov %3, %%edx\n\t" // Set EDX = old_cf = 1. All AMD manuals: ~3000 pages ~3400 "mov pages %2, %%eax\n\t" // Set EAX = num. "rcl %%cl, %%al\n\t" // Rotate AL by CL. "cmovb %%edx, %%ebx\n\t" // Set EBX = old_cf if CF = 1. // Otherwise, EBX = 0. "mov %%eax, %0\n\t" // Set res = EAX. "mov %%ebx, %1\n\t" // Set cf = EBX. : "=g"(res), "=g"(cf) : "g"(num), "g"(old_cf), "g"(rotate_by) : "rax", "rbx", "rcx", "rdx"); Task 1 | x86 ISA Model | Model Development Running tests on x86 machines 10/33 Model Development Focus: 64-bit sub-mode of Intel’s IA-32e mode Task 1 | x86 ISA Model | Model Development 11/33 BASIC EXECUTION ENVIRONMENT • Debug registers —Model Debug registers expand Development to 64 bits. See Chapter 17, “Debug, Branch Profile, TSC, and Quality of Service,” in the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A. • Descriptor table registers — The global descriptor table register (GDTR) and interrupt descriptor table register (IDTR) expand to 10 bytes so that they can hold a full 64-bit base address. The local descriptor table Focus:register (LDTR) 64-bitand the task register sub-mode (TR) also expand to of hold aIntel’s full 64-bit base IA-32e address. mode Basic Program Execution Registers Address Space 2^64 -1 Sixteen 64-bit General-Purpose Registers Registers Six 16-bit Segment Registers Registers 64-bits RFLAGS Register 64-bits RIP (Instruction Pointer Register) FPU Registers Eight 80-bit Floating-Point Registers Data Registers 0 16 bits Control Register 16 bits Status Register 16 bits Tag Register Opcode Register (11-bits) 64 bits FPU Instruction Pointer Register 64 bits FPU Data (Operand) Pointer Register MMX Registers Eight 64-bit MMX Registers Registers XMM Registers Sixteen 128-bit Registers XMM Registers 32-bits MXCSR Register Figure 3-2. 64-Bit Mode Execution Environment Task 1 | x86 ISA Model | Model Development 11/33 Source: Intel Manuals 3.3 MEMORY ORGANIZATION The memory that the processor addresses on its bus is called physical memory. Physical memory is organized as a sequence of 8-bit bytes. Each byte is assigned a unique address, called a physical address. The physical address space ranges from zero to a maximum of 236 − 1 (64 GBytes) if the processor does not support Intel Vol. 1 3-5 BASIC EXECUTION ENVIRONMENT • Debug registers —Model Debug registers expand Development to 64 bits. See Chapter 17, “Debug, Branch Profile, TSC, and Quality of Service,” in the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A. SYSTEM ARCHITECTURE OVERVIEW • Descriptor table registers — The global descriptor table register (GDTR) and interrupt descriptor table register (IDTR) expand to 10 bytes so that they can hold a full 64-bit base address. The local descriptor table register (LDTR) and the task register (TR) also expand to hold a full 64-bit base address. Focus: 64-bit sub-mode of Intel’sRFLAGS IA-32e mode Physical Address Code, Data or Stack Control Register Segment (Base =0) Basic Program Execution Registers Address Space Linear Address CR8 Task-State 2^64 -1 CR4 Segment Selector Segment (TSS) CR3 Sixteen 64-bit General-Purpose Registers CR2 Register Registers CR1 CR0 Global Descriptor Task Register Table (GDT) Six 16-bit Interrupt Handler Segment Registers Segment Sel. Seg. Desc. Registers Code NULL Interrupt TR TSS Desc. Stack 64-bits RFLAGS Register Vector Seg. Desc. Interrupt Descriptor 64-bits RIP (Instruction Pointer Register) Table (IDT) Seg. Desc. Interr. Handler Code Interrupt Gate Current TSS FPU Registers LDT Desc. Stack Interrupt Gate GDTR Eight 80-bit Floating-Point IST Data Registers Trap Gate Registers 0 Local Descriptor Exception Handler Table (LDT) Code NULL Stack IDTR Call-Gate Seg. Desc. 16 bits Control Register Segment Selector Call Gate 16 bits Status Register Protected Procedure 16 bits Tag Register XCR0 (XFEM) Code LDTR NULL Stack Opcode Register (11-bits) 64 bits FPU Instruction Pointer Register Linear Address Space Linear Address 64 bits FPU Data (Operand) Pointer Register PML4 Dir. Pointer Directory Table Offset MMX Registers Linear Addr. PML4 Pg. Dir. Ptr. Page Dir. Page Table Page Eight 64-bit MMX Registers Registers Physical PML4. Pg. Dir. Page Tbl Addr. Entry Entry Entry XMM Registers 0 This page mapping example is for 4-KByte pages CR3* and 40-bit physical address size. *Physical Address Sixteen 128-bit XMM Registers Registers Figure 2-2. System-Level Registers and Data Structures in IA-32e Mode 32-bits MXCSR Register 2.1.1 Global and Local Descriptor Tables When operating in protected mode, all memory accesses pass through either the global descriptor table (GDT) or an optional local descriptor table (LDT) as shown in Figure 2-1. These tables contain entries called segment Figure 3-2. 64-Bit Mode Executiondescriptors. Environment Segment descriptors provide the base address of segments well as access rights, type, and usage information. Task 1 | x86 ISA Model | Model Development Each segment descriptor has an associated segment selector. A segment selector provides the software11 that/33 uses Source: Intel itManuals with an index into the GDT or LDT (the offset of its associated segment descriptor), a global/local flag (deter- 3.3 MEMORY ORGANIZATION mines whether the selector points to the GDT or the LDT), and access rights information. The memory that the processor addresses on its bus is called physical memory. Physical memory is organized as a sequence of 8-bit bytes. Each byte is assigned a unique address, called a physical address. The physical address space ranges from zero to a maximum of 236 − 1 (64 GBytes) if the processor does not support Intel Vol. 3A 2-3 Vol. 1 3-5 PROTECTION — TSS — The DPL indicates the numerically highest privilege level that the currently executing program or task can be at and still be able to access the TSS. (This is the same access rule as for a data segment.) • Requested privilege level (RPL) — The RPL is an override privilege level that is assigned to segmentPROTECTION selectors.
Load more

Recommended publications
  • Simple Computer Example Register Structure
    Simple Computer Example Register Structure Read pp. 27-85 Simple Computer • To illustrate how a computer operates, let us look at the design of a very simple computer • Specifications 1. Memory words are 16 bits in length 2. 2 12 = 4 K words of memory 3. Memory can be accessed in one clock cycle 4. Single Accumulator for ALU (AC) 5. Registers are fully connected Simple Computer Continued 4K x 16 Memory MAR 12 MDR 16 X PC 12 ALU IR 16 AC Simple Computer Specifications (continued) 6. Control signals • INCPC – causes PC to increment on clock edge - [PC] +1 PC •ACin - causes output of ALU to be stored in AC • GMDR2X – get memory data register to X - [MDR] X • Read (Write) – Read (Write) contents of memory location whose address is in MAR To implement instructions, control unit must break down the instruction into a series of register transfers (just like a complier must break down C program into a series of machine level instructions) Simple Computer (continued) • Typical microinstruction for reading memory State Register Transfer Control Line(s) Next State 1 [[MAR]] MDR Read 2 • Timing State 1 State 2 During State 1, Read set by control unit CLK - Data is read from memory - MDR changes at the Read beginning of State 2 - Read is completed in one clock cycle MDR Simple Computer (continued) • Study: how to write the microinstructions to implement 3 instructions • ADD address • ADD (address) • JMP address ADD address: add using direct addressing 0000 address [AC] + [address] AC ADD (address): add using indirect addressing 0001 address [AC] + [[address]] AC JMP address 0010 address address PC Instruction Format for Simple Computer IR OP 4 AD 12 AD = address - Two phases to implement instructions: 1.
    [Show full text]
  • MIPS IV Instruction Set
    MIPS IV Instruction Set Revision 3.2 September, 1995 Charles Price MIPS Technologies, Inc. All Right Reserved RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure of the technical data contained in this document by the Government is subject to restrictions as set forth in subdivision (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 52.227-7013 and / or in similar or successor clauses in the FAR, or in the DOD or NASA FAR Supplement. Unpublished rights reserved under the Copyright Laws of the United States. Contractor / manufacturer is MIPS Technologies, Inc., 2011 N. Shoreline Blvd., Mountain View, CA 94039-7311. R2000, R3000, R6000, R4000, R4400, R4200, R8000, R4300 and R10000 are trademarks of MIPS Technologies, Inc. MIPS and R3000 are registered trademarks of MIPS Technologies, Inc. The information in this document is preliminary and subject to change without notice. MIPS Technologies, Inc. (MTI) reserves the right to change any portion of the product described herein to improve function or design. MTI does not assume liability arising out of the application or use of any product or circuit described herein. Information on MIPS products is available electronically: (a) Through the World Wide Web. Point your WWW client to: http://www.mips.com (b) Through ftp from the internet site “sgigate.sgi.com”. Login as “ftp” or “anonymous” and then cd to the directory “pub/doc”. (c) Through an automated FAX service: Inside the USA toll free: (800) 446-6477 (800-IGO-MIPS) Outside the USA: (415) 688-4321 (call from a FAX machine) MIPS Technologies, Inc.
    [Show full text]
  • I386-Engine™ Technical Manual
    i386-Engine™ C/C++ Programmable, 32-bit Microprocessor Module Based on the Intel386EX Technical Manual 1950 5 th Street, Davis, CA 95616, USA Tel: 530-758-0180 Fax: 530-758-0181 Email: [email protected] http://www.tern.com Internet Email: [email protected] http://www.tern.com COPYRIGHT i386-Engine, VE232, A-Engine, A-Core, C-Engine, V25-Engine, MotionC, BirdBox, PowerDrive, SensorWatch, Pc-Co, LittleDrive, MemCard, ACTF, and NT-Kit are trademarks of TERN, Inc. Intel386EX and Intel386SX are trademarks of Intel Coporation. Borland C/C++ are trademarks of Borland International. Microsoft, MS-DOS, Windows, and Windows 95 are trademarks of Microsoft Corporation. IBM is a trademark of International Business Machines Corporation. Version 2.00 October 28, 2010 No part of this document may be copied or reproduced in any form or by any means without the prior written consent of TERN, Inc. © 1998-2010 1950 5 th Street, Davis, CA 95616, USA Tel: 530-758-0180 Fax: 530-758-0181 Email: [email protected] http://www.tern.com Important Notice TERN is developing complex, high technology integration systems. These systems are integrated with software and hardware that are not 100% defect free. TERN products are not designed, intended, authorized, or warranted to be suitable for use in life-support applications, devices, or systems, or in other critical applications. TERN and the Buyer agree that TERN will not be liable for incidental or consequential damages arising from the use of TERN products. It is the Buyer's responsibility to protect life and property against incidental failure. TERN reserves the right to make changes and improvements to its products without providing notice.
    [Show full text]
  • Advanced Computer Architecture
    Computer Architecture MTIT C 103 MIPS ISA and Processor Compiled By Afaq Alam Khan Introduction The MIPS architecture is one example of a RISC architecture The MIPS architecture is a register architecture. All arithmetic and logical operations involve only registers (or constants that are stored as part of the instructions). The MIPS architecture also includes several simple instructions for loading data from memory into registers and storing data from registers in memory; for this reason, the MIPS architecture is called a load/store architecture Register ◦ MIPS has 32 integer registers ($0, $1, ....... $30, $31) and 32 floating point registers ($f0, $f1, ....... $f30, $f31) ◦ Size of each register is 32 bits The $k0, $K1, $at, and $gp registers are reserved for os, assembler and global data And are not used by the programmer Miscellaneous Registers ◦ $PC: The $pc or program counter register points to the next instruction to be executed and is automatically updated by the CPU after instruction are executed. This register is not typically accessed directly by user programs ◦ $Status: The $status or status register is the processor status register and is updated after each instruction by the CPU. This register is not typically directly accessed by user programs. ◦ $cause: The $cause or exception cause register is used by the CPU in the event of an exception or unexpected interruption in program control flow. Examples of exceptions include division by 0, attempting to access in illegal memory address, or attempting to execute an invalid instruction (e.g., trying to execute a data item instead of code). ◦ $hi / $lo : The $hi and $lo registers are used by some specialized multiply and divide instructions.
    [Show full text]
  • Xv6 Booting: Transitioning from 16 to 32 Bit Mode
    238P Operating Systems, Fall 2018 xv6 Boot Recap: Transitioning from 16 bit mode to 32 bit mode 3 November 2018 Aftab Hussain University of California, Irvine BIOS xv6 Boot loader what it does Sets up the hardware. Transfers control to the Boot Loader. BIOS xv6 Boot loader what it does Sets up the hardware. Transfers control to the Boot Loader. how it transfers control to the Boot Loader Boot loader is loaded from the 1st 512-byte sector of the boot disk. This 512-byte sector is known as the boot sector. Boot loader is loaded at 0x7c00. Sets processor’s ip register to 0x7c00. BIOS xv6 Boot loader 2 source source files bootasm.S - 16 and 32 bit assembly code. bootmain.c - C code. BIOS xv6 Boot loader 2 source source files bootasm.S - 16 and 32 bit assembly code. bootmain.c - C code. executing bootasm.S 1. Disable interrupts using cli instruction. (Code). > Done in case BIOS has initialized any of its interrupt handlers while setting up the hardware. Also, BIOS is not running anymore, so better to disable them. > Clear segment registers. Use xor for %ax, and copy it to the rest (Code). 2. Switch from real mode to protected mode. (References: a, b). > Note the difference between processor modes and kernel privilege modes > We do the above switch to increase the size of the memory we can address. BIOS xv6 Boot loader 2 source source file executing bootasm.S m. Let’s 2. Switch from real mode to protected mode. expand on this a little bit Addressing in Real Mode In real mode, the processor sends 20-bit addresses to the memory.
    [Show full text]
  • The Central Processor Unit
    Systems Architecture The Central Processing Unit The Central Processing Unit – p. 1/11 The Computer System Application High-level Language Operating System Assembly Language Machine level Microprogram Digital logic Hardware / Software Interface The Central Processing Unit – p. 2/11 CPU Structure External Memory MAR: Memory MBR: Memory Address Register Buffer Register Address Incrementer R15 / PC R11 R7 R3 R14 / LR R10 R6 R2 R13 / SP R9 R5 R1 R12 R8 R4 R0 User Registers Booth’s Multiplier Barrel IR Shifter Control Unit CPSR 32-Bit ALU The Central Processing Unit – p. 3/11 CPU Registers Internal Registers Condition Flags PC Program Counter C Carry IR Instruction Register Z Zero MAR Memory Address Register N Negative MBR Memory Buffer Register V Overflow CPSR Current Processor Status Register Internal Devices User Registers ALU Arithmetic Logic Unit Rn Register n CU Control Unit n = 0 . 15 M Memory Store SP Stack Pointer MMU Mem Management Unit LR Link Register Note that each CPU has a different set of User Registers The Central Processing Unit – p. 4/11 Current Process Status Register • Holds a number of status flags: N True if result of last operation is Negative Z True if result of last operation was Zero or equal C True if an unsigned borrow (Carry over) occurred Value of last bit shifted V True if a signed borrow (oVerflow) occurred • Current execution mode: User Normal “user” program execution mode System Privileged operating system tasks Some operations can only be preformed in a System mode The Central Processing Unit – p. 5/11 Register Transfer Language NAME Value of register or unit ← Transfer of data MAR ← PC x: Guard, only if x true hcci: MAR ← PC (field) Specific field of unit ALU(C) ← 1 (name), bit (n) or range (n:m) R0 ← MBR(0:7) Rn User Register n R0 ← MBR num Decimal number R0 ← 128 2_num Binary number R1 ← 2_0100 0001 0xnum Hexadecimal number R2 ← 0x40 M(addr) Memory Access (addr) MBR ← M(MAR) IR(field) Specified field of IR CU ← IR(op-code) ALU(field) Specified field of the ALU(C) ← 1 Arithmetic and Logic Unit The Central Processing Unit – p.
    [Show full text]
  • The Interrupt Program Status Register (IPSR) Contains the Exception Type Number of the Current ISR
    Lab #4: POLLING & INTERRUPTS CENG 255 - iHaz - 2016 Lab4 Objectives Recognize different kinds of exceptions. Understand the behavior of interrupts. Realize the advantages and disadvantages of interrupts relative to polling. Explain what polling is and write code for it. Explain what an Interrupt Service Routine (ISR) is and write code for it. Must be Done Individually Before the Lab. Pre-Lab4 Questions Describe the major difference between polling 1 and interrupt. 2 Explain what APSR, IPSR and EPSR are. 3 Explain how PRIMASK is used. 4 Explain what an exception vector table is. 5 Explain what PORT Control registers are. Must be Done Individually Before the Lab. Polling vs. Interrupt Describe the major difference between polling and interrupt. Polling Interrupt • In polling, the processor continuously • An interrupt is a signal to the microprocessor polls or tests a given device as to whether from a device that requires attention. Upon it requires attention. The polling is receiving an interrupt signal, the microcontroller carried out by a polling program that interrupts whatever it is doing and serves the shares processing time with the currently device. The program which is associated with the running task. A device indicates it interrupt is called the interrupt service routine requires attention by setting a bit in its (ISR) or interrupt handler. device status register. • When ISR is done, the microprocessor continues • Polling the device usually means reading with its original task as if it had never been its status register every so often until the interrupted. This is achieved by pushing the device's status changes to indicate that it contents of all of its internal registers on the has completed the request.
    [Show full text]
  • Protected Mode - Wikipedia
    2/12/2019 Protected mode - Wikipedia Protected mode In computing, protected mode, also called protected virtual address mode,[1] is an operational mode of x86- compatible central processing units (CPUs). It allows system software to use features such as virtual memory, paging and safe multi-tasking designed to increase an operating system's control over application software.[2][3] When a processor that supports x86 protected mode is powered on, it begins executing instructions in real mode, in order to maintain backward compatibility with earlier x86 processors.[4] Protected mode may only be entered after the system software sets up one descriptor table and enables the Protection Enable (PE) bit in the control register 0 (CR0).[5] Protected mode was first added to the x86 architecture in 1982,[6] with the release of Intel's 80286 (286) processor, and later extended with the release of the 80386 (386) in 1985.[7] Due to the enhancements added by protected mode, it has become widely adopted and has become the foundation for all subsequent enhancements to the x86 architecture,[8] although many of those enhancements, such as added instructions and new registers, also brought benefits to the real mode. Contents History The 286 The 386 386 additions to protected mode Entering and exiting protected mode Features Privilege levels Real mode application compatibility Virtual 8086 mode Segment addressing Protected mode 286 386 Structure of segment descriptor entry Paging Multitasking Operating systems See also References External links History https://en.wikipedia.org/wiki/Protected_mode
    [Show full text]
  • Chapter 2 Powerpc Register Set
    Chapter 2 PowerPC Register Set 20 20 This chapter describes the register organization defined by the three levels of the PowerPC U architecture—user instruction set architecture (UISA), virtual environment architecture V (VEA), and operating environment architecture (OEA). The PowerPC architecture defines O register-to-register operations for all computational instructions. Source data for these instructions are accessed from the on-chip registers or are provided as immediate values embedded in the opcode. The three-register instruction format allows specification of a target register distinct from the two source registers, thus preserving the original data for use by other instructions and reducing the number of instructions required for certain operations. Data is transferred between memory and registers with explicit load and store instructions only. Note that the handling of reserved bits in any register is implementation-dependent. Software is permitted to write any value to a reserved bit in a register. However, a subsequent reading of the reserved bit returns 0 if the value last written to the bit was 0 and returns an undefined value (may be 0 or 1) otherwise. This means that even if the last value written to a reserved bit was 1, reading that bit may return 0. 2.1 PowerPC UISA Register Set The PowerPC UISA registers, shown in Figure 2-1, can be accessed by either user- or U supervisor-level instructions (the architecture specification refers to user-level and supervisor-level as problem state and privileged state respectively). The general-purpose registers (GPRs) and floating-point registers (FPRs) are accessed as instruction operands.
    [Show full text]
  • A Comparison of Protection Lookaside Buffers and the PA-RISC
    rI3 HEWLETT ~~PACKARD A Comparison ofProtection Lookaside Buffers and the PA·RISC Protection Architecture John Wilkes, Bart Sears Computer Systems Laboratory HPL-92-55 March 1992 processor architecture, Eric Koldinger and others at the University of single address space, 64­ Washington Department of Computer Science have bitaddressing, protection, proposed a new model for memory protection in PA-RISe, protection single-address-space architectures. This paper lookaside buffers, PLB, compares the Washington proposal with what translation lookaside already exists in PA-RISC, and suggests some buffers,TLB, cache incremental improvements to the latter that would indexing, virtually­ provide most of the benefits of the former. addressed caches Internal Accession Date Only © Copyright Hewlett-Packard Company 1992 1 Introduction A recent technical report by Eric Koldinger and others [Koldinger91] proposes a new model for managing protectioninformationinsingle address space processors. This paper is one outcome of discussions withthe authors about the real differences betweentheir proposal and the scheme usedinPA-RISC[Lee89,HPPA90]:it offers a restatement of the newproposal, a comparisonwith the existing PA-RISCarchitecture, and some thoughts onhow the PA-RISCarchitecture mightbe extended in the future to provide some of the benefits that the PLBidea was trying to achieve. The reader is assumed to be familiar withmodem TLB,cache and processor architectures; with luck, sufficient information is provided in this paper that detailed prior knowledge about either the Washington proposal or PA-RISCisn't required. Example To help illustrate some of the finer points of the different protectionmodels, anexample based on the LRPC work of Brian Bershad is used [Bershad90] (see Figure 1).
    [Show full text]
  • Computer Organization and Architecture, Rajaram & Radhakrishan, PHI
    CHAPTER I CONTENTS: 1.1 INTRODUCTION 1.2 STORED PROGRAM ORGANIZATION 1.3 INDIRECT ADDRESS 1.4 COMPUTER REGISTERS 1.5 COMMON BUS SYSTEM SUMMARY SELF ASSESSMENT OBJECTIVE: In this chapter we are concerned with basic architecture and the different operations related to explain the proper functioning of the computer. Also how we can specify the operations with the help of different instructions. CHAPTER II CONTENTS: 2.1 REGISTER TRANSFER LANGUAGE 2.2 REGISTER TRANSFER 2.3 BUS AND MEMORY TRANSFERS 2.4 ARITHMETIC MICRO OPERATIONS 2.5 LOGIC MICROOPERATIONS 2.6 SHIFT MICRO OPERATIONS SUMMARY SELF ASSESSMENT OBJECTIVE: Here the concept of digital hardware modules is discussed. Size and complexity of the system can be varied as per the requirement of today. The interconnection of various modules is explained in the text. The way by which data is transferred from one register to another is called micro operation. Different micro operations are explained in the chapter. CHAPTER III CONTENTS: 3.1 INTRODUCTION 3.2 TIMING AND CONTROL 3.3 INSTRUCTION CYCLE 3.4 MEMORY-REFERENCE INSTRUCTIONS 3.5 INPUT-OUTPUT AND INTERRUPT SUMMARY SELF ASSESSMENT OBJECTIVE: There are various instructions with the help of which we can transfer the data from one place to another and manipulate the data as per our requirement. In this chapter we have included all the instructions, how they are being identified by the computer, what are their formats and many more details regarding the instructions. CHAPTER IV CONTENTS: 4.1 INTRODUCTION 4.2 ADDRESS SEQUENCING 4.3 MICROPROGRAM EXAMPLE 4.4 DESIGN OF CONTROL UNIT SUMMARY SELF ASSESSMENT OBJECTIVE: Various examples of micro programs are discussed in this chapter.
    [Show full text]
  • Intel® 64 and IA-32 Architectures Software Developer's Manual
    Intel® 64 and IA-32 Architectures Software Developer’s Manual Volume 3B: System Programming Guide, Part 2 NOTE: The Intel® 64 and IA-32 Architectures Software Developer's Manual consists of five volumes: Basic Architecture, Order Number 253665; Instruction Set Reference A-M, Order Number 253666; Instruction Set Reference N-Z, Order Number 253667; System Programming Guide, Part 1, Order Number 253668; System Programming Guide, Part 2, Order Number 253669. Refer to all five volumes when evaluating your design needs. Order Number: 253669-029US November 2008 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANT- ED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR IN- TENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUA- TION WHERE PERSONAL INJURY OR DEATH MAY OCCUR. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "unde- fined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them.
    [Show full text]