Data processing device and method of controlling the same
US-9223573-B2 · Dec 29, 2015 · US
Instruction and Logic for a Binary Translation Mechanism for Control-Flow Security
US2017242702A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2017242702-A1 |
| Application number | US-201715455886-A |
| Country | US |
| Kind code | A1 |
| Filing date | Mar 10, 2017 |
| Priority date | Mar 27, 2014 |
| Publication date | Aug 24, 2017 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A processor includes a front end, an execution pipeline, and a binary translator. The front end includes logic to receive an instruction and to dispatch the instruction to a binary translator. The binary translator includes logic to determine whether the instruction includes a control-flow instruction, identify a source address of the instruction, identify a target address of the instruction, determine whether the target address is a known destination based upon the source address, and determine whether to route the instruction to the execution pipeline based upon the determination whether the target address is a known destination based upon the source address. The target address includes an address to which execution would indirectly branch upon execution of the instruction.
First claim
Opening claim text (preview).
What is claimed is: 1 . A processor, comprising: an execution unit; and a binary translator including circuitry to: receive an instruction, the instruction to be executed for control flow; identify a source address of the instruction; identify a target address of the instruction, the target address including an address to which execution would indirectly branch upon execution of the instruction; access one or more entries in a control structure, the one or more entries associated with at least one of the source address and the target address; and determine whether to route the instruction to the execution unit based upon the one or more entries in the control structure. 2 . The processor of claim 1 , wherein: the control structure includes references of a set of known destinations for the source address; and the binary translator further includes circuitry to: determine whether the target address is identified with the set of known destinations. 3 . The processor of claim 1 , wherein: the control structure includes no known destinations for the source address; and the binary translator further includes circuitry to: determine to not route the instruction to the execution unit based on a determination that there are no known destinations for the source address. 4 . The processor of claim 1 , wherein: the control structure includes references of a set of known destinations for each of a set of given source addresses; and the binary translator further includes circuitry to: access a default set of known destinations based on a determination that there is no entry in the control structure for the source addresses; and determine whether to route the instruction to the execution unit based upon whether the target address is included in the default set of known destinations. 5 . The processor of claim 1 , wherein: the control structure includes references of a set of known destinations for each of a set of given source addresses; and the binary translation further includes circuitry to: determine that the target address is not within the set of known destinations for the source address; generate an exception based upon the determination that the target address is not within the set of known destinations for the source address. 6 . The processor of claim 1 , wherein the binary translator further includes circuitry to: identify one or more control-flow instructions within a set of instructions to be executed; and record into the control structure one or more associations of source addresses of the identified control-flow instructions and allowed destination addresses of the identified control-flow instructions. 7 . The processor of claim 1 , wherein the binary translator further includes circuitry to: determine whether an updated control structure has been loaded; flush the control structure based on the determination whether the updated control structure has been loaded; and load the updated control structure into the control structure. 8 . A system, comprising: a memory for the storage of instructions; and a processor for the execution of the instructions, the instructions, when executed, to cause the processor to: receive an instruction, the instruction to be executed for control flow; identify a source address of the instruction; identify a target address of the instruction, the target address including an address to which execution would indirectly branch upon execution of the instruction; access one or more entries in a control structure, the one or more entries associated with at least one of the source address and the target address; and determine whether to route the instruction to an execution unit of the processor based upon the one or more entries in the control structure. 9 . The system of claim 8 , wherein: the control structure includes references of a set of known destinations for the source address; and the binary translator further includes circuitry to: determine whether the target address is identified with the set of known destinations. 10 . The system of claim 8 , wherein: the control structure includes no known destinations for the source address; and the binary translator further includes circuitry to: determine to not route the instruction to the execution unit based on a determination that there are no known destinations for the source address. 11 . The system of claim 8 , wherein: the control structure includes references of a set of known destinations for each of a set of given source addresses; the binary translator further includes circuitry to: access a default set of known destinations based on a determination that there is no entry in the control structure for the source addresses; and determine whether to route the instruction to the execution unit based upon whether the target address is included in the default set of known destinations. 12 . The system of claim 8 , wherein: the control structure includes references of a set of known destinations for each of a set of given source addresses the binary translation further includes circuitry to: determine that the target address is not within the set of known destinations for the source address; generate an exception based upon the determination that the target address is not within the set of known destinations for the source address. 13 . The system of claim 8 , wherein the binary translator further includes circuitry to: identify one or more control-flow instructions within a set of instructions to be executed; and record into the control structure one or more associations of source addresses of the identified control-flow instructions and allowed destination addresses of the identified control-flow instructions. 14 . The system of claim 8 , wherein the binary translator further includes circuitry to: determine whether an updated control structure has been loaded; flush the control structure based on the determination whether the updated control structure has been loaded; and load the updated control structure into the control structure. 15 . At least one non-transitory machine readable storage medium, comprising computer-readable instructions carried on the machine readable medium, the instructions, when executed, to cause a hardware processor to: identify a source address of an instruction, the instruction to be executed for control flow; identify a target address of the instruction, the target address including an address to which execution would indirectly branch upon execution of the instruction; access one or more entries in a control structure, the one or more entries associated with at least one of the source address and the target address; and determine whether to allow the instruction to be executed by the processor based upon the one or more entries in the control structure. 16 . The at least one non-transitory machine readable storage medium of claim 15 , wherein: the control structure includes references of a set of known destinations for the source address; and further comprising instructions to cause the processor to: determine whether the target address is identified with the set of known destinations. 17 . The at least one non-transitory machine readable storage medium of claim 15 , wherein: the control structure includes no known destinations for the source address; and further comprising instructions to cause the processor to: determine to not allow the instruction to be executed by the processor based on a determination
Assignees
Inventors
Classifications
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title
using instruction pipelines · CPC title
Instruction issuing, e.g. dynamic instruction scheduling or out of order instruction execution · CPC title
in a hierarchical protection system, e.g. privilege levels, memory rings · CPC title
Security improvement · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2017242702A1 cover?
- A processor includes a front end, an execution pipeline, and a binary translator. The front end includes logic to receive an instruction and to dispatch the instruction to a binary translator. The binary translator includes logic to determine whether the instruction includes a control-flow instruction, identify a source address of the instruction, identify a target address of the instruction, d…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F9/30058. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Aug 24 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).