Search International and National Patent Collections
Some content of this application is unavailable at the moment.
If this situation persists, please contact us atFeedback&Contact
1. (WO2017137713) AN APPARATUS AND METHOD FOR CONTROLLING USE OF BOUNDED POINTERS
Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

CLAIMS

1. An apparatus, comprising:

storage to store bounded pointers, each bounded pointer comprising a pointer value and associated attributes, the associated attributes including range information indicative of an allowable range of addresses when using said pointer value; and

processing circuitry to perform a signing operation on an input bounded pointer in order to generate an output bounded pointer in which a signature generated by the signing operation is contained within the output bounded pointer in place of specified bits of the input bounded pointer; the associated attributes including signing information which is set by the processing circuitry within the output bounded pointer to identify that the output bounded pointer has been signed.

2. An apparatus as claimed in Claim 1, wherein the processing circuitry is arranged, for at least one requested operation requiring use of a bounded pointer within the storage, to determine from the signing information within the associated attributes whether that bounded pointer is signed or unsigned, and to determine processing steps to be taken in response to the requested operation dependent on whether the bounded pointer is identified by the signing information as being signed or unsigned.

3. An apparatus as claimed in Claim 2, wherein the processing circuitry is arranged to be responsive to a requested operation seeking to modify a bounded pointer, to determine from the signing information whether the bounded pointer is signed, and to prevent modification to at least the pointer value when the bounded pointer is determined to be signed.

4. An apparatus as claimed in any of claims 1 to 3, wherein the signing information is a signing bit which is set within the associated attributes to indicate that the bounded pointer is signed, and which is cleared within the associated attributes to indicate that the bounded pointer is unsigned.

5. An apparatus as claimed in any of claims 1 to 3, wherein the signing information is encoded within a multi-bit field also used to identify at least one other property of the bounded pointer.

6. An apparatus as claimed in any preceding claim, wherein the processing circuitry is arranged to prevent the signing operation being performed unless a specified condition is met.

7. An apparatus as claimed in Claim 6, wherein when the specified condition is met, this ensures that a subsequent unsigning of the output bounded pointer will not generate a bounded pointer that differs from the input bounded pointer.

8. An apparatus as claimed in Claim 6 or Claim 7, wherein the processing circuitry is arranged to determine that the specified condition is met when the specified bits of the input bounded pointer comprise information that is reproducible from other bits of the input bounded pointer.

9. An apparatus as claimed in any preceding claim, wherein the processing circuitry is arranged to prohibit a bounded pointer from being used to determine an address to be accessed in memory whilst the bounded pointer is signed.

10. An apparatus as claimed in any preceding claim, wherein during performance of the signing operation the processing circuitry is arranged to generate the signature using at least a portion of the pointer value.

11. An apparatus as claimed in Claim 10, wherein the processing circuitry is arranged to generate the signature using said at least a portion of the pointer value, a signing key, and an item of contextual data.

12. An apparatus as claimed in any preceding claim, wherein the processing circuitry is responsive to an authorisation request to perform an authorisation operation on an input signed bounded pointer in order to generate an output unsigned bounded pointer provided a signature match is detected between the signature contained within the input signed bounded pointer and an authorisation signature generated by the processing circuitry using at least a portion of the pointer value provided within the signed bounded pointer.

13. An apparatus as claimed in Claim 12, wherein the processing circuitry is arranged to generate the authorisation signature using said at least a portion of the pointer value provided within the signed bounded pointer, a signing key, and an item of contextual data.

14. An apparatus as claimed in Claim 12 or Claim 13, wherein when the signature match is detected, the processing circuitry is arranged to generate the output unsigned bounded pointer by replacing the signature with data determined from one or more bits of the input signed bounded

pointer, and clearing the signing information within the associated attributes to identify that the output bounded pointer is unsigned.

15. An apparatus as claimed in any preceding claim when dependent on Claim 6, wherein:

said specified bits of the input bounded pointer contain a portion of the pointer value; and the processing circuitry is arranged to determine that the specified condition is met when said portion of the pointer value is derivable from a remaining portion of the pointer value.

16. An apparatus as claimed in Claim 15, wherein when a bounded pointer is unsigned the processing circuitry is arranged to interpret the pointer value as being specified by a default plurality of bits of the bounded pointer that includes said specified bits, and when a bounded pointer is signed the processing circuitry is arranged to interpret the pointer value as being specified by a reduced plurality of bits that excludes said specified bits.

17. An apparatus as claimed in any preceding claim, wherein said range information is specified relative to the pointer value.

18. An apparatus as claimed in Claim 17, wherein the processing circuitry is responsive to an operation causing the pointer value to be altered to also adjust the range information to ensure that the range specified by the range information is not changed as a result of the alteration to the pointer value.

19. An apparatus as claimed in Claim 18 when dependent on Claim 16, wherein no adjustment to the range information is required when signing and unsigning a bounded pointer due to the change in interpretation of the pointer value adopted by the processing circuitry.

20. An apparatus as claimed in any preceding claim, wherein the processing circuitry is responsive to a strip request to perform a strip operation on an input signed bounded pointer in order to generate an output unsigned bounded pointer provided a strip condition is met, the processing circuitry being arranged, when the strip condition is met, to generate the output unsigned bounded pointer by replacing the signature with data determined from one or more bits of the input signed bounded pointer, and clearing the signing information within the associated attributes to identify that the output bounded pointer is unsigned.

21. An apparatus as claimed in Claim 20, wherein the strip condition is determined to be met if at least one of the following conditions is true:

(i) the processing circuitry is operating in a predetermined privileged state;

(ii) a configuration storage element settable when the processing circuitry is operating in a predetermined privileged state has a value indicating that the strip operation is permitted;

(iii) the strip request identifies a strip capability stored within said storage, and said strip capability indicates that the strip operation is permitted.

22. An apparatus as claimed in any preceding claim, wherein the processing circuitry is arranged to be responsive to determining, from the signing information of the input bounded pointer, that the input bounded pointer is already signed, to prevent the signing operation from being performed.

23. An apparatus as claimed in any preceding claim wherein the processing circuitry is arranged to perform the signing operation when executing a signing instruction within a set of instructions, and is further arranged to perform an authorisation operation to unsign a signed bounded pointer when executing an authorisation instruction within the set of instructions.

24. An apparatus as claimed in Claim 23, wherein at least one of the signing instruction and the authorisation instruction cause the processing circuitry to perform at least one further operation in addition to the signing operation or authorisation operation.

25. An apparatus as claimed in any of claims 1 to 14, 17, 18 or 20 to 24, wherein:

said specified bits of the input bounded pointer contain a portion of the range information; and the processing circuitry is arranged to determine that the specified condition is met when a range specified by the range information is representable within a remaining portion of the range information.

26. A method of controlling use of bounded pointers, comprising:

storing bounded pointers in a storage, each bounded pointer comprising a pointer value and associated attributes, the associated attributes including range information indicative of an allowable range of addresses when using said pointer value;

performing a signing operation on an input bounded pointer in order to generate an output bounded pointer in which a signature generated by the signing operation is contained within the output bounded pointer in place of specified bits of the input bounded pointer; and

setting signing information within the associated attributes of the output bounded pointer to identify that the output bounded pointer has been signed.

27. An apparatus, comprising:

storage means for storing bounded pointers, each bounded pointer comprising a pointer value and associated attributes, the associated attributes including range information indicative of an allowable range of addresses when using said pointer value; and

processing means for performing a signing operation on an input bounded pointer in order to generate an output bounded pointer in which a signature generated by the signing operation is contained within the output bounded pointer in place of specified bits of the input bounded pointer; the processing means further for setting signing information within the associated attributes of the output bounded pointer to identify that the output bounded pointer has been signed.