Mill Computing, Inc. › Forums › The Mill › Tools › Compilers › ensuring bounds of arrays
- AuthorPosts
- #1162 |
Hi, many times that discussion came on the table and I would like to put it here again under the spotlight. It would be great to have array bounds checked by the hardware. I saw the presentation on security and how a caller can ‘pass’ a temporary memory controlled segment (i don’t find here the exacts terms or description, please imagine what lacks).
I’m writing a compiler and studying a kernel for implementing security by software (here again looking for performance). The concepts for the Mill are really good and ‘turfs’ are also great. But what would be really great is to have arrays with bounds checked by the hardware.
This kind of request isn’t new and had been debated many times. So the question is just: do you intend to provide it?
- This topic was modified 10 years, 4 months ago by jobol. Reason: orthograf
We plan to have hardware-checked “bounded” pointers, yes 🙂
Bounded pointers are pointers with special flags in them so the hardware knows to extract bounds as well as offset from the pointer and enforce them.
However, as these bound pointers are still 64-bit, and as the address space is 64-bit, its not possible to encode every combination of bounds and offset into so few bits. Bounded pointers compromise precision for truly humongous arrays.
(Here is a link to an old post on the Mill bounded pointers in comp.arch. The Mill mechanism has been refined somewhat since that post, but it gives the gist.)
On the Mill, which is wider-issue than other architectures, there are likely enough free slots so a compiler can also pipeline exact bounds checks that will likely have no performance penalty in the common case.
Looks like bounded pointers would frequently miss the relatively common array access one past the end. But it would seem likely to trigger if someone attempted to exploit a bug similar to heartbleed, especially if they got greedy trying to grab a larger amount of data.
Any bounding scheme would have to support the language standards, which explicitly permit one-past-the-end addresses, though not actual access at that address.
- AuthorPosts
You must be logged in to reply to this topic.