A serious use for a "comefrom" instruction.

Programming, for all ages and all languages.
Post Reply
linguofreak
Member
Member
Posts: 510
Joined: Wed Mar 09, 2011 3:55 am

A serious use for a "comefrom" instruction.

Post by linguofreak »

At times, a "comefrom" (or CMFRM) instruction has been jokingly suggested for inclusion in a computer instruction set (for example, in this list: http://homepage.ntlworld.com/brook.stre ... /pdp11.htm).

But it seems to me that a CMFRM instruction could actually be useful as a protection mechanism: Instead of the jokingly suggested format:

Code: Select all

CMFRM address
one could have:

Code: Select all

CMFRM constraints
constraints would be a field specifying certain constraints on processor state that must be met on executing the CMFRM instruction, with an exception being generated if the constraints weren't met.

On making certain types of control transfers (for example, far jumps and calls on an x86-like machine, or on all control transfers, if desired) the processor would check to see if the instruction at the destination address was a CMFRM, and would generate an exception if it weren't, or if processor state didn't match the constraints.

Depending on the constraints implemented in the processor in question, we might see:

Code: Select all

CMFRM between addr1, addr2
A control transfer to this CMFRM instruction will only succeed if the address of the control transfer instruction is between addr1 and addr2. Might be useful for ensuring that a function is only called by other functions in the same module.

Code: Select all

CMFRM within offset
Similar to the above, a control transfer to this instruction will only succeed if the distance between the control transfer instruction and the CMFRM instruction is less than offset.

Code: Select all

CMFRM local
Once again similar to the above (but allowing more room in the constraints field for other constraints, as it only takes one bit), a control transfer to this instruction will only succeed if the distance between the control transfer instruction and the CMFRM instruction is within a preset offset.

Code: Select all

CMFRM minpriv, maxpriv
A control transfer to this instruction will only succeed if the processor is at a privilege level between minpriv and maxpriv (inclusive). This could be further extended by adding constraints on the privilege level coming out of the CMFRM instruction. For example:

Code: Select all

CMFRM minprivin, maxprivin, minprivout, maxprivout
or, to make the syntax a bit more obvious to humans:

Code: Select all

CMFRM minprivin, maxprivin TO minprivout, maxprivout
Would allow execution to proceed if the privilege level preceding the control transfer was between minprivin and maxprivin, but would make sure that the privilege level was between minprivout and maxprivout before continuing (by raising the current privilege level to minprivout or lowering it to maxprivout as needed).

If Intel had implemented a CMFRM instruction with the above four privilege constraints in designing x86 protected mode, call gates and the conforming/nonconforming code segment distinction would not have been necessary. Something like a call gate allowing a call from any privilege level to a function in a nonconforming DPL 0 code segment could be done as follows:

Code: Select all

CMFRM priv3, priv0 TO priv0, priv0
Something like a conforming code segment with a DPL of 2 (except applying to just one entry point instead of a whole segment) could be implemented like this:

Code: Select all

CMFRM priv3, priv2 TO priv3, priv2
And something like a non-conforming code segment with a DPL of 1 and no call gate could be implemented by having all four fields specify privilege level 1.

Thoughts?
AndrewBuckley
Member
Member
Posts: 95
Joined: Thu Jan 29, 2009 9:13 am

Re: A serious use for a "comefrom" instruction.

Post by AndrewBuckley »

Why could you not just check these things at the beginning of the function? The cost of adding a mandatory header instruction to every function being called would be very high, and this sort of thing messes with modular programming.

What do you gain by adding this in hardware that would be worth it?
chaoscode
Posts: 7
Joined: Thu Dec 13, 2012 3:24 am

Re: A serious use for a "comefrom" instruction.

Post by chaoscode »

Well, this kind of instruction is not often used, usually you use the Stack.
But for special needs are Special registers;-)
Intel Provides some MSR's for that (http://download.intel.com/products/proc ... 325384.pdf Section 17)
and AMD provides these Kinds of MSR's, too.
User avatar
Combuster
Member
Member
Posts: 9301
Joined: Wed Oct 18, 2006 3:45 am
Libera.chat IRC: [com]buster
Location: On the balcony, where I can actually keep 1½m distance
Contact:

Re: A serious use for a "comefrom" instruction.

Post by Combuster »

Who needs assert() anyway... :roll:
"Certainly avoid yourself. He is a newbie and might not realize it. You'll hate his code deeply a few years down the road." - Sortie
[ My OS ] [ VDisk/SFS ]
Gigasoft
Member
Member
Posts: 856
Joined: Sat Nov 21, 2009 5:11 pm

Re: A serious use for a "comefrom" instruction.

Post by Gigasoft »

This would not work well, because the middle of an instruction or a data item could accidentally encode such an instruction.

It would be better to have the ability to mark a page as containing nothing but call gates that could be invoked with a normal call instruction.
linguofreak
Member
Member
Posts: 510
Joined: Wed Mar 09, 2011 3:55 am

Re: A serious use for a "comefrom" instruction.

Post by linguofreak »

Gigasoft wrote:This would not work well, because the middle of an instruction or a data item could accidentally encode such an instruction.
Ooh. I'd thought of the potential for CMFRM to show up in data, but not in the middle of instructions. Good point.
User avatar
JamesM
Member
Member
Posts: 2935
Joined: Tue Jul 10, 2007 5:27 am
Location: York, United Kingdom
Contact:

Re: A serious use for a "comefrom" instruction.

Post by JamesM »

Just as a sidepoint, a "comefrom" instruction might actually be useful, and is commonly used in compilers (as a phi node): http://en.wikipedia.org/wiki/Static_sin ... nment_form
Post Reply