Re: Capabilities, Anybody?

Liste des GroupesRevenir à c arch 
Sujet : Re: Capabilities, Anybody?
De : robfi680 (at) *nospam* gmail.com (Robert Finch)
Groupes : comp.arch
Date : 13. Mar 2024, 23:37:15
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <ust9qt$16buu$1@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10 11 12 13
User-Agent : Mozilla Thunderbird
On 2024-03-13 2:29 p.m., BGB wrote:
On 3/12/2024 10:31 PM, Robert Finch wrote:
Can capabilities be applied to address ranges?
>
Segmentation similar to the PowerPC 32-bit segmentation is being used in the current project. Where the upper address bits select a segment register which provides more address bits. I would like to use the same descriptors for capabilities and the address range segmentation.
>
 Something like a segmentation scheme could also work.
 Though, these seem like two different approaches, so there wouldn't be as much value in a shared descriptor. Segmentation also tends to be more coarse grained, rather than something applied to individual memory objects.
 
Segmentation and capabilities look similar to me. They both have base / bounds and permissions / access rights. The difference is the capability carries along the pointer value and a segment descriptor does not. There is the object type too, more specific than just code or data.

Of these two, I am left to suspect that segmented addressing may actually be the less painful of the two...
   But, yeah, I was looking into a possible "Bounds Check Enforced" mode:
   Will require using XMOV.x instructions to access memory;
   Will check and enforce the use of tag bits.
     The tag bits will be ignored in the normal mode.
 ISA level changes:
Will need a flag-bit, and a few more instructions for working with pointers / capabilities;
Will require a Tag-RAM area in DRAM.
One thought I had was to use whole bytes instead of just a tag bit. That would make tag "bits" accessible with regular load and store instructions. But also had considered using a second bit to indicate a pointer store for garbage collection. If using one bit, why not use two?
One BRAM can handle a lot of tag bits.

 If the enforced mode is not supported, probably setting this flag will be No-Op, and the Tag-RAM will not be used.
  Micro-arch changes:
   Registers are extended from 64 to 66 bits;
   Load/Store operations also have 2 extra bits;
     Will only apply to 128-bit MOV.X and XMOV.X ops.
   Most operations will just set these bits to 0.
 
What is the second extra bit for?

Unlike in the normal memory protection, handling of capability enforcement will be done in the EX-stage logic, rather than in the L1 cache.
Hm, I was going to handle capabilities in the MEM stage logic.
 Other effects:
ISR handling will now need to be more careful so as to not mess up the tag bits for registers (specifics TBD);
The role of GBR/GP will need to be moved over into a GPR.
 May or may not consider making the register tag-bits accessible to privileged code as CR's, but this is likely to have a higher cost. The currently considered option is to have the ISR handler save the registers with MOV.X instructions and then copy the corresponding register tag bits out of Tag-RAM (and then restore these bits before restoring the registers), but this will be fiddly.
  Thus far:
Of the parts added thus far, seems to have a fairly small impact on LUT budget.
As for whether or not this idea will be DOA, this is yet to be seen.
It requires effectively reviving the 128-bit ABI, which was also another likely DOA feature.
 Only real incentive is for untrusted code, where security is more important than performance (and one can live with a world where integer->pointer casting is either not allowed or painfully slow, ...).
In the document IIRC they said performance was an issue for capabilities in the past. Implying maybe that with the performance of a modern machine it may not be as painfully slow. Having an MMU was painfully slow too, adding a clock cycle onto all the memory access.
  More likely, the use of optional bounds-checking with 64-bit pointers will remain as the more practical option, with the MMU and ACL checks serving as the primary security mechanisms.
 ...
 

Date Sujet#  Auteur
9 Mar 24 * Capabilities, Anybody?78Lawrence D'Oliveiro
9 Mar 24 +* Re: Capabilities, Anybody?74mitchalsup@aol.com (MitchAlsup1)
9 Mar 24 i+- Re: Capabilities, Anybody?1BGB
9 Mar 24 i+* Re: Capabilities, Anybody?71BGB
9 Mar 24 ii+* Re: Capabilities, Anybody?61Robert Finch
9 Mar 24 iii+- Re: Capabilities, Anybody?1Lawrence D'Oliveiro
10 Mar 24 iii`* Re: Capabilities, Anybody?59BGB
10 Mar 24 iii +- Re: Capabilities, Anybody?1Chris M. Thomasson
10 Mar 24 iii `* Re: Capabilities, Anybody?57Theo Markettos
10 Mar 24 iii  +* Re: Capabilities, Anybody?4John Dallman
11 Mar 24 iii  i`* Re: Capabilities, Anybody?3Theo
17 Mar 24 iii  i `* Re: Capabilities, Anybody?2John Dallman
18 Mar 24 iii  i  `- Re: Capabilities, Anybody?1Robert Finch
10 Mar 24 iii  +* Re: Capabilities, Anybody?19MitchAlsup1
11 Mar 24 iii  i`* Re: Capabilities, Anybody?18Theo Markettos
11 Mar 24 iii  i +* Re: Capabilities, Anybody?10MitchAlsup1
11 Mar 24 iii  i i`* Re: Capabilities, Anybody?9Theo Markettos
11 Mar 24 iii  i i +- Re: Capabilities, Anybody?1George Neuner
11 Mar 24 iii  i i `* Re: Capabilities, Anybody?7Michael S
11 Mar 24 iii  i i  +- Re: Capabilities, Anybody?1Michael S
11 Mar 24 iii  i i  `* Re: Capabilities, Anybody?5Michael S
11 Mar 24 iii  i i   `* Broken Date formats4Michael S
11 Mar 24 iii  i i    `* Re: Broken Date formats3Michael S
11 Mar 24 iii  i i     `* Re: Broken Date formats2Michael S
11 Mar 24 iii  i i      `- Re: Broken Date formats1Michael S
11 Mar 24 iii  i `* Re: Capabilities, Anybody?7Chris M. Thomasson
12 Mar 24 iii  i  `* Re: Capabilities, Anybody?6Chris M. Thomasson
13 Mar 24 iii  i   `* Re: Capabilities, Anybody?5BGB
14 Mar 24 iii  i    `* Re: Capabilities, Anybody?4Chris M. Thomasson
14 Mar 24 iii  i     `* Re: Capabilities, Anybody?3BGB
14 Mar 24 iii  i      `* Re: Capabilities, Anybody?2Chris M. Thomasson
16 Mar 24 iii  i       `- Re: Capabilities, Anybody?1BGB
10 Mar 24 iii  `* Re: Capabilities, Anybody?33BGB
11 Mar 24 iii   `* Re: Capabilities, Anybody?32Robert Finch
11 Mar 24 iii    `* Re: Capabilities, Anybody?31BGB
13 Mar 24 iii     `* Re: Capabilities, Anybody?30Robert Finch
13 Mar 24 iii      +* Re: Capabilities, Anybody?24MitchAlsup1
13 Mar 24 iii      i`* Re: Capabilities, Anybody?23Robert Finch
13 Mar 24 iii      i +* Re: Capabilities, Anybody?21MitchAlsup1
14 Mar 24 iii      i i`* Re: Capabilities, Anybody?20Robert Finch
14 Mar 24 iii      i i +- Re: Capabilities, Anybody?1Lawrence D'Oliveiro
14 Mar 24 iii      i i `* Re: Capabilities, Anybody?18MitchAlsup1
14 Mar 24 iii      i i  `* Re: Capabilities, Anybody?17Lawrence D'Oliveiro
14 Mar 24 iii      i i   +* Re: Capabilities, Anybody?10MitchAlsup1
14 Mar 24 iii      i i   i`* Re: Capabilities, Anybody?9Lawrence D'Oliveiro
15 Mar 24 iii      i i   i `* Re: Capabilities, Anybody?8MitchAlsup1
15 Mar 24 iii      i i   i  +* Re: Capabilities, Anybody?2Chris M. Thomasson
15 Mar 24 iii      i i   i  i`- Re: Capabilities, Anybody?1Chris M. Thomasson
15 Mar 24 iii      i i   i  `* Re: Capabilities, Anybody?5Lawrence D'Oliveiro
15 Mar 24 iii      i i   i   `* Re: Capabilities, Anybody?4Chris M. Thomasson
15 Mar 24 iii      i i   i    `* Re: Capabilities, Anybody?3Lawrence D'Oliveiro
15 Mar 24 iii      i i   i     `* Re: Capabilities, Anybody?2Lawrence D'Oliveiro
15 Mar 24 iii      i i   i      `- Re: Capabilities, Anybody?1Chris M. Thomasson
14 Mar 24 iii      i i   +* Re: Capabilities, Anybody?5Lawrence D'Oliveiro
15 Mar 24 iii      i i   i`* Re: Capabilities, Anybody?4MitchAlsup1
15 Mar 24 iii      i i   i +- Re: Capabilities, Anybody?1Lawrence D'Oliveiro
18 Mar 24 iii      i i   i +- Re: Capabilities, Anybody?1Paul A. Clayton
18 Mar 24 iii      i i   i `- Re: Capabilities, Anybody?1MitchAlsup1
15 Mar 24 iii      i i   `- Re: Capabilities, Anybody?1MitchAlsup1
14 Mar 24 iii      i `- Re: Capabilities, Anybody?1Theo Markettos
13 Mar 24 iii      `* Re: Capabilities, Anybody?5BGB
14 Mar 24 iii       `* Re: Capabilities, Anybody?4Robert Finch
14 Mar 24 iii        `* Re: Capabilities, Anybody?3BGB
14 Mar 24 iii         +- Re: Capabilities, Anybody?1Lawrence D'Oliveiro
15 Mar 24 iii         `- Re: Capabilities, Anybody?1MitchAlsup1
10 Mar 24 ii`* Re: Capabilities, Anybody?9Theo Markettos
11 Mar 24 ii `* Re: Capabilities, Anybody?8BGB
11 Mar 24 ii  +* Re: Capabilities, Anybody?2Robert Finch
12 Mar 24 ii  i`- Re: Capabilities, Anybody?1BGB
12 Mar 24 ii  +* Re: Capabilities, Anybody?2BGB
12 Mar 24 ii  i`- Re: Capabilities, Anybody?1MitchAlsup1
14 Mar 24 ii  `* Re: Capabilities, Anybody?3Theo Markettos
14 Mar 24 ii   +- Re: Capabilities, Anybody?1MitchAlsup1
14 Mar 24 ii   `- Re: Capabilities, Anybody?1BGB
9 Mar 24 i`- Re: Capabilities, Anybody?1Lawrence D'Oliveiro
9 Mar 24 `* Re: Capabilities, Anybody?3Robert Finch
9 Mar 24  `* Re: Capabilities, Anybody?2Lawrence D'Oliveiro
9 Mar 24   `- Re: Capabilities, Anybody?1Robert Finch

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal