Reply To: array bound checking

In my own time, have started to revisit the topic of different schemes for “Safe” C, and “Software fault isolation” systems such as WebAssembly, and I think that having hardware support for bounds-checking quickly might be a good thing. Several SFI systems such as WASM runtimes work around having to do bounds-checking by splicing 32 or 33 address bits, which reserves 4GB or 8GB of address spaces, no matter how memory the sandbox actually needs, and that’s quite wasteful.

I had a silly idea a couple years ago that I almost posted. We have had so little activity in the forum lately, so why not:

How about having indexed address modes (base+index or base+immediate) for loads and stores, but have the look-up in the PLB be by the base address instead of the effective address, and then bounds-check against the PLB entry’s bounds.
In other words, check that base+index is within a PLB entry’s base + size.

It would be up to a compiler to use base+index instead of pointers whenever bounds-checking is desired. A WebAssembly sandbox would have a single PLB entry.
It would also work with C semantics, which are based on memory allocations: and an allocation is likely to fit within a protection boundary by default.

Also, vector gather/scatter instructions with n elements would need to do only one PLB lookup for all n elements.