[LLVMdev] Intel Memory Protection Extensions (and types question)
Schoedel, Kevin P
kevin.p.schoedel at intel.com
Tue Sep 10 09:41:51 PDT 2013
Dr D. Chisnall [mailto:dc552 at hermes.cam.ac.uk] wrote:
> I believe that our case and MPX (which is quite close to HardBounds) are
> close to being opposite end of the spectrum, so it would be nice if we could
> come up with a generic design that can support both [...]
I'm sure we'd be interested in participating in this discussion,
and migrating MPX support to use any infrastructure that comes out
of it. I personally favor the St Exupery view of engineering elegance
("perfection is finally attained not when there is no longer anything
to add, but when there is no longer anything to take away") and would
support any simplifying unification.
In the short term, though, since MPX has its pointer fat liposuctioned
and stored in ziploc bags, we can manage quite well without new
infrastructure, and our short term goals are
- being able to generate the machine instructions
- supporting the MPX 'standard model' interoperably with gcc and icc
Pragmatically, it seems that this is most likely to be acceptable to
the LLVM community if the impact is essentially zero outside of where
it's absolutely necessary (X86 code generator and optional MPX pass).
> See the BNDMOV instruction, which allows the bounds to be explicitly loaded
> and stored to bounds registers. Contrast with BNDLDX / BNDSTX, where the
> location is implicit. The BNDMOV instruction is also used for stack spills
> of the bounds registers. This allows MPX to be used for range checking in a
> similar way to the Thumb-2EE extensions.
And similar to the x86 BOUND instruction (80186 forward IIRC) with
the need for the ABI to accommodate passing bounds. Although BNDLDX /
BNDSTX / BNDMOV can be used in this fashion in a system with a new ABI,
that will probably happen just about as often as BOUND actually gets
used, and the meat of the MPX model lies in supporting C/C++-oriented
systems transparently to code using the established ABI.
> I would expect that you'd want to model the BNDCU + BNDCL + MOV sequence as a
> single pseudo for as long as possible to ensure that the bounds checks were
> performed at the correct time and not elided
Actually, we'd like to checks and loads/stores to be split and elided
as much as possible, subject to data dependencies determining the
'correct time' - the canonical example being a loop whose range is
dynamically known at the start. Maybe I'm misunderstanding you.
> MPX is an implementation of the HardBound concept from UPenn, where this was
> a design goal (see also their 'low-fat pointers' work).
There has been some interesting discussion on comp.arch relating to
the background of MPX, which (however fascinating I find the history of
capability architectures) I am not willing to join here or elsewhere;
I've only been personally aware of MPX myself for a matter of months,
and besides, the law-talking guys would probably slap me silly.
Kevin Schoedel, Software Developer, Intel of Canada
<kevin.p.schoedel at intel.com> +1 (519) 772-2580
More information about the llvm-dev