Random tag set instructions for tag protected memory systems
阅读说明:本技术 用于标签保护的存储器系统的随机标签设定指令 (Random tag set instructions for tag protected memory systems ) 是由 格雷姆·彼得·巴尔内斯 贾森·米洛夫·鲍里索夫 于 2019-02-12 设计创作,主要内容包括:一种装置具有:处理电路(4);存储器存取电路(15),该存储器存取电路针对具有相关联的地址标签的标签检查目标地址执行保护标签检查,保护标签检查包括将地址标签与存储在存储器系统中的保护标签进行比较,保护标签与具有一个或多个存储器位置的区块相关联,这一个或多个存储器位置包括由目标地址所标识的寻址位置;以及指令译码器(6),该指令译码器响应于指定标签设定目标地址的随机标签设定指令,控制处理电路(4)将与标签设定目标地址相关联的地址标签设定为从一组候选标签值中随机选择的随机标签值。(An apparatus has: a processing circuit (4); memory access circuitry (15) to perform a protection tag check for a tag check target address having an associated address tag, the protection tag check comprising comparing the address tag to a protection tag stored in the memory system, the protection tag being associated with a block having one or more memory locations, the one or more memory locations including an addressed location identified by the target address; and an instruction decoder (6) that controls the processing circuit (4) to set an address tag associated with the tag setting target address to a random tag value selected at random from a group of candidate tag values in response to a random tag setting instruction that specifies the tag setting target address.)
1. An apparatus, comprising:
a processing circuit;
memory access circuitry to perform a protection tag check for a tag check target address having an associated address tag, the protection tag check comprising comparing the address tag to a protection tag stored in a memory system, the protection tag associated with a block having one or more memory locations, the one or more memory locations including an addressed location identified by the target address; and
an instruction decoder that controls the processing circuit to set an address tag associated with a tag set target address to a random tag value randomly selected from a set of candidate tag values in response to a random tag setting instruction specifying the tag set target address.
2. The apparatus of claim 1, wherein in response to the random tag set instruction, the instruction decoder is configured to: control the processing circuitry to prevent at least one exclusion value of the set of candidate tag values from being selected as the random tag value, and to randomly select the random tag value from a remaining subset of the candidate tag values.
3. The apparatus of claim 2, wherein the at least one exclusion tag value comprises one or more exclusion tag values identified by at least one register specified by the random tag set instruction.
4. The apparatus of any of claims 2 and 3, wherein the at least one exclusion tag value comprises a tag value corresponding to an address tag of: the address tag is associated with an address specified in a source register or a destination register of the random tag setting instruction.
5. The apparatus according to any of claims 2 and 3, wherein the random tag set instruction specifies at least one source register storing randomly selected state information;
the random selection status information comprises a bit field comprising a plurality of bits corresponding to at least a subset of the set of candidate tag values, each bit of the bit field indicating whether a corresponding candidate tag value is one of the at least one exclusion tag value.
6. The device of claim 5, wherein the instruction decoder, in response to a tag value exclusion instruction specifying a tag exclusion target address and a destination register for the bit field storing the random selection state information, controls the processing circuitry to update a bit in the bit field corresponding to an address tag associated with the tag exclusion target address to indicate that a corresponding tag value is one of the at least one exclusion tag value.
7. The apparatus of any of claims 5 and 6, wherein the bit field includes bits corresponding to the entire set of candidate tag values.
8. The apparatus of any of claims 5 and 6, wherein the bit field comprises bits corresponding to a suitable subset of candidate tag values, and the random selection state information further comprises tag values of the suitable subset of candidate tag values.
9. The device of claim 8, wherein tag values of the appropriate subset of candidate tag values are specified in the same register as the bit field.
10. Apparatus as claimed in any one of claims 8 and 9, wherein said instruction decoder is responsive to a random tag selection instruction specifying a destination register for storing tag values of said randomly selected state information to control said processing circuitry to randomly select said appropriate subset of candidate tag values from said set of candidate tag values and to write tag values of said selected appropriate subset of candidate tag values to said destination register.
11. The apparatus of any of claims 2 to 10, wherein the at least one exclusion tag value comprises one or more exclusion tag values identified by configuration data stored in a configuration register.
12. The apparatus of any of claims 2 to 11, wherein the at least one exclusion tag value comprises one or more hardware-defined exclusion tag values.
13. The apparatus according to any one of claims 2 to 12, wherein the at least one exclude tag value comprises a maximum of N exclude tag values, and, in response to the random tag setting instruction, the instruction decoder is configured to control the processing circuitry to:
randomly selecting at least N +1 tag values of the set of candidate tag values;
comparing each of the selected tag values to the at least one excluded tag value; and
selecting one of the selected tag values that does not match all of the at least one excluded tag value as the random tag value to be set to an address tag associated with the tag set target address.
14. The apparatus of any of claims 2 to 12, wherein the at least one exclude tag value comprises a predetermined exclude tag value and an additional exclude tag value specified by the random tag set instruction; and is
In response to the random tag setting instruction, the instruction decoder is configured to control the processing circuitry to:
randomly selecting one of the set of candidate tag values as a selection tag value;
performing a comparison of the additional exclusion tag value to an intermediate value, the intermediate value being one of:
when the selected tag value does not match either the predetermined excluded tag value or another predetermined tag value of the set of candidate tag values, the intermediate value is the selected tag value; and is
When the selected tag value matches one of the predetermined tag value and the other tag value, the intermediate value is a value obtained by inverting a randomly selected bit of the selected tag value;
when the comparison detects a mismatch between the additional exclusion tag value and the intermediate value, outputting the intermediate value as the random tag value to be set to an address tag associated with the tag setting target address; and is
When the comparison detects a match between the additional exclusion tag value and the intermediate value, outputting the other predetermined tag value as the random tag value to be set to an address tag associated with the tag setting target address.
15. The device of claim 14, wherein one of the predetermined exclusion tag value and the another predetermined tag value comprises a value having all bits equal to 0 and the other of the predetermined exclusion tag value and the another predetermined tag value comprises a value having all bits equal to 1.
16. The apparatus according to any preceding claim, wherein the processing circuitry is configured to pseudo-randomly select the random tag value from the set of candidate tag values.
17. The apparatus of any preceding claim, wherein in response to the random tag set instruction, the instruction decoder is further configured to control the memory access circuitry to update the protection tag stored in a memory system to the random tag value, the protection tag being associated with a block having one or more memory locations including an addressed location identified by the tag set target address.
18. The apparatus of any preceding claim, wherein the protection tag check comprises: returning a fault status indication when a mismatch is detected between the address tag and the protection tag.
19. The apparatus of any preceding claim, wherein an address tag associated with the tag check target address is represented by a subset of bits of the tag check target address; and is
In response to the random tag set instruction, the instruction decoder is configured to control the processing circuitry to update a subset of bits of the tag set target address based on the random tag value.
20. The apparatus of claim 19, wherein the subset of bits of the tag-set target address is updated to a transformed tag value, the transformed tag value corresponding to a transformation of the random tag value, the transformation based on at least one other bit of the tag-set target address.
21. The apparatus of any preceding claim, wherein in the protection tag check, the addressing location is selected independently of an address tag associated with the tag check target address.
22. A method, comprising:
performing a protection tag check for a tag check target address having an associated address tag, the protection tag check comprising comparing the address tag to a protection tag stored in a memory system, the protection tag associated with a block having one or more memory locations, the one or more memory locations including an addressed location identified by the target address; and is
In response to decoding of a random tag set instruction that sets a target address for a specified tag, an address tag associated with the tag set target address is set to a random tag value randomly selected from a set of candidate tag values.
23. A computer program for controlling a host data processing apparatus to provide an instruction execution environment for executing instructions of object program code, the computer program comprising:
memory access program logic to perform a protection tag check for a tag check target address having an associated address tag, the protection tag check comprising comparing the address tag to a protection tag stored in a memory system, the protection tag associated with a block having one or more memory locations, the one or more memory locations including an addressed location identified by the target address; and
tag setting program logic that sets an address tag associated with a tag setting target address to a random tag value randomly selected from a set of candidate tag values in response to a random tag setting instruction specifying the tag setting target address.
24. A storage medium storing a computer program according to claim 23.
Background
Software to be executed by a data processing apparatus may typically be written in a high-level programming language and then compiled into code according to an instruction set architecture supported by the apparatus on which the software is to be executed. For example, software may be initially written in a higher level language (such as Java, C, or C + +), and then compiled into a natively supported instruction set architecture (such as x86 or C + +))。
Some higher level programming languages, such as Java, are considered memory security languages because these languages include runtime error detection checks to check for certain errors regarding memory accesses. In contrast, memory insecure languages (such as C and C + +) do not include such runtime error checking. The persistent prevalence of using memory-insecure languages means that in compiled code according to a given instruction set architecture, there may be a large number of memory-related errors that may be readily exploited by attackers or other malicious parties. These errors may include:
a boundary violation, where the array index supplied by the code is outside the legal boundaries of the array;
use-after-release errors, where a memory location is accessed after it has been deallocated or released;
post-return use, where memory accesses to addresses related to variables used within the function (such as values on the stack) are performed after returning from the function;
out-of-range use errors, where variables are accessed outside of the range declaring them; and
a pre-initialization use error, where a memory address associated with a variable is accessed before the variable is initialized.
These are just some examples of memory-related errors that may result in unpredictable behavior and may provide a way for attackers to take advantage of. It may therefore be desirable to provide architectural support within the instruction set architecture supported by a given processing device to facilitate runtime detection of certain classes of memory errors.
Disclosure of Invention
At least some examples provide an apparatus comprising: a processing circuit; memory access circuitry to perform a protection tag check for a tag check target address having an associated address tag, the protection tag check comprising comparing the address tag to a protection tag stored in a memory system, the protection tag associated with a block having one or more memory locations, the one or more memory locations including an addressed location identified by the target address; and an instruction decoder that controls the processing circuit to set an address tag associated with the tag set target address to a random tag value randomly selected from a set of candidate tag values in response to a random tag setting instruction specifying the tag set target address.
At least some examples provide a method comprising: performing a protection tag check against a tag check target address having an associated address tag, the protection tag check comprising comparing the address tag to a protection tag stored in the memory system, the protection tag being associated with a block having one or more memory locations, the one or more memory locations including an addressing location identified by the target address; and in response to decoding of a random tag set instruction that sets a target address for the specified tag, setting the address tag associated with the tag set target address to a random tag value randomly selected from a set of candidate tag values.
At least some examples provide a computer program for controlling a host data processing apparatus to provide an instruction execution environment for executing instructions of object program code, the computer program comprising: memory access program logic to perform a protection tag check for a tag check target address having an associated address tag, the protection tag check comprising comparing the address tag to a protection tag stored in a memory system, the protection tag associated with a block having one or more memory locations, the one or more memory locations including an addressed location identified by the target address; and tag setting program logic that sets an address tag associated with the tag setting target address to a random tag value randomly selected from a set of candidate tag values in response to a random tag setting instruction specifying the tag setting target address.
A storage medium may store the computer program described above. The storage medium may be a non-transitory storage medium.
Drawings
Further aspects, features and advantages of the disclosed technology will become apparent from the following description of examples, read in conjunction with the accompanying drawings, in which:
fig. 1 schematically shows an example of a data processing apparatus;
FIG. 2 illustrates an example of a tag-protected memory access operation that includes checking whether an address tag matches a protection tag;
FIG. 3 is a flow chart illustrating a method of performing tag protected memory access operations;
fig. 4 shows a first example of a random tag setting instruction;
FIG. 5 illustrates a second example of a random tag set instruction in which at least one exclusion value of a set of candidate tag values is prevented from being selected as the random tag value of an address tag to be assigned to a given address;
FIG. 6 shows a first example of randomly selected state information for indicating at least some exclusion values;
FIG. 7 illustrates an example of a tag value exclusion instruction to update bits of a bit field in random selection status information to indicate that a tag value extracted from an address tag of an input address is to be excluded from subsequent random tag value selections;
8-10 illustrate example hardware implementations for selecting a random tag value from a set of candidate values while excluding at least one exclusion value from being selected;
FIG. 11 illustrates a second example of randomly selected state information specifying values of a subset of candidate tag values and corresponding bit fields indicating whether to exclude each of these values;
FIG. 12 illustrates an example of a random tag selection instruction for populating a subset of candidate tag values with randomly selected values;
fig. 13 shows a second example of a tag value exclusion instruction for determining whether any candidate tag value in the subset of candidate tag values indicated by the random selection state information should be excluded based on an address tag of the input address;
FIG. 14 illustrates another example of a random tag set instruction for updating a tag value associated with a given address to a randomly selected value based on the randomly selected state information illustrated in FIG. 11;
FIG. 15 illustrates a method of processing a random tag set instruction; and
fig. 16 shows an example of a simulator supporting a random tag setting instruction.
Detailed Description
One approach for preventing certain memory usage errors of the types discussed above may be to provide protection tags stored in the memory system that are associated with blocks of one or more memory locations. Protection tag checking may be performed when a tag protected memory access operation is requested based on a target address identifying a particular addressed location in a memory system. In the protection tag check, the memory access circuitry may compare an address tag associated with the target address to protection tags stored in the memory system associated with a block of one or more memory locations that includes the addressed location identified by the target address. In some examples, the memory access circuitry may generate an indication of whether a match is detected between the protection tag and the address tag. This indication may be used to control whether the memory access is allowed to succeed, or whether subsequent operations may succeed, or to report only when the memory access is allowed to continue as normal.
This may be useful in the following cases: for example, a compiler that compiles code based on a memory insecure language (such as C or C + +) may set the protection tags of blocks of code in memory that are expected to be accessed to particular values when initializing memory regions, and may associate corresponding address tag values with target addresses that point to these blocks. If a memory use error occurs and an address pointer is used, for example, outside the range of the initialized valid range or outside the limits of the range, it is likely that the protection tag associated with the addressed location may not match the address tag associated with the target address, and in this case, an error handling response or error reporting mechanism may be triggered. The particular response taken may depend on the particular needs of the software being executed or on the particular microarchitectural implementation of the architecture. Thus, even if a high-level language does not have a means for performing runtime error checking to prevent memory access errors, the Instruction Set Architecture (ISA) for compiled code may include architectural features for performing such checking.
In the techniques discussed below, a data processing apparatus may have an instruction decoder that supports a random tag set instruction that specifies a tag set target address. In response to a random tag setting instruction, the instruction decoder controls the processing circuit to set an address tag associated with a tag setting target address to a random tag value selected at random from a set of candidate tag values.
This form of instruction may be useful for a variety of reasons. In practice, to limit the storage overhead of storing protection tags for each block of memory locations, the number of bits in each protection tag may be relatively small, e.g., 4 bits in some implementations. The fewer the number of tag bits, the greater the chance that an erroneous memory access passes the protection tag check, simply because it happens to match a memory block with the same protection tag value, even though it was not originally intended to access that memory block. For example, for a 4-bit protection tag, there is a chance of 1/16 accidentally matching the protection tag of a region of memory that should actually be flagged as a false access to a given address.
By providing instructions for setting the address tag associated with a given target address to a random tag value randomly selected from a set of candidate tag values, it is meant that if one class of devices each execute the same code, they may assign different random tag values to the same address. First, this may improve error detection because even if one device in the class happens to select a tag value that matches an erroneously accessed region in memory, other devices in the class have selected a different value as the random tag value, and thus may detect a protection tag mismatch and report an error. Thus, by crowd sourcing error reports from a class of devices, it is possible that at least some devices in the class may detect errors due to the diffusion of randomly selected values for addresses at a given portion of program code. Thus, the use of random tag setting instructions may improve the likelihood that an error with respect to memory is detected in a group of devices.
Furthermore, by randomly selecting the value to be assigned to the address tag, it is made more difficult for an attacker to successfully launch an attack that is available to a large group of devices. Even if an attacker happens to be able to guess the correct tag value on one device, the attacker's successful attack may not be feasible on the other device because the other device uses a different randomly selected tag value for memory access at the same point in the program. This is particularly useful because, in practice, in order to launch a useful attack, an attacker may not only need to be able to guess the protection tag for a single memory access, but may instead have to serially string many successful guesses in order to be able to cause the program to perform some undesired operation or to provide an effect that is not desired by the author of the program code. Thus, if each of a series of memory allocations sets the corresponding address tag to a random value, the number of permutations of different pattern tag values assigned to each successive allocation may be increased, so that the overall population of devices is divided into many smaller subgroups, each subgroup having a different combination of random tag values for a given set of memory allocations, making attacks more difficult and limiting any successful attack to a smaller subset of the population of devices.
It will be appreciated that the random tag setting instruction need not be the only way to set the address tag associated with a given target address. The instruction decoder may also support a tag set instruction that allows the address tag associated with the target address to be set to some software defined value that is provided by the software itself and is deterministic (i.e., the same across all devices executing the same program), rather than being randomly selected by hardware in a non-deterministic manner as for a random tag set instruction. This allows the software developer to select whether to use the random tag set instruction or the fixed value tag set instruction as a preference.
In some examples of random tag setting instructions, a random tag value may be randomly selected from the entire set of candidate tag values. For example, an N-bit tag value may have a2NA different value, and thus can be taken from these 2NAny of the values randomly selects a random tag value.
However, in response to a variant of the random tag setting instruction, the instruction decoder may control the processing circuitry to prevent at least one exclusion value of a set of candidate tag values from being selected as the random tag value, and to randomly select the random tag value from a remaining subset of the candidate tag values. For a number of reasons, it may be useful to be able to exclude the ability to select certain values as random tag values, but then randomly select random tag values from the remaining subset. First, some tag values may be reserved for special purposes. For example, one tag value of the candidate set may be retained as an "all match" value that is considered to match any other tag value (e.g., which may be useful for effectively disabling protected tag checking for addresses of certain memory accesses having low security requirements). When address tags are set for addresses for which "all match" behavior may be inappropriate, it may therefore be desirable to exclude "all match" values from the subset of candidate tag values that may be selected as random tag values. Other special tag values may also be assigned. Thus, in some cases, the at least one exclusion tag value may include one or more hardware-defined exclusion tag values fixed by hardware. In another example, the set of at least one exclusion tag value may include one or more exclusion tag values identified by configuration data stored in the configuration register. For example, some functions of the device may be optional, and the configuration register may specify whether such functions are enabled. Depending on the enabled features, it may then be desirable to exclude certain tag values. For example, the configuration register may define whether the "all match" function discussed above is enabled or disabled in order to select whether to exclude the corresponding all match values from the selection. The configuration register may be a register not specified by the random tag setting instruction itself, such as a status register or other control register provided by the architecture of the processing device.
In other examples, it may be desirable to allow software to specify certain values of a set of candidate tag values that are excluded from being selected as random tag values. For example, the at least one exclusive tag value may comprise one or more exclusive tag values identified by at least one register specified by the random tag set instruction. Further, a variation of the random tag set instruction may be provided that specifies the exclusion tag value as the immediate value directly indicated by the instruction encoding of the random tag set instruction. Another approach may be that the random tag set instruction specifies a source register or a destination register (or both) that includes an address having a corresponding address tag, and the tag value of the address tag of this address may be extracted and determined as one of the at least one exclusion tag value.
Regardless of which method is used to allow software to indicate which value should be excluded, the ability to exclude certain software defined values from being selected may be useful because software may desire to ensure that consecutive allocations of blocks of memory use different tag values, such that different protection tags will allow a boundary violation to be detected if a memory access that actually should target one area of memory spills over to the immediate area associated with a different tag allocation. Thus, if memory is allocated on a heap or other data structure that allocates regions of memory between two existing allocations, software may wish to ensure that the protection label set for the new allocation is different from both the protection label associated with the previous allocation and the protection label associated with the subsequent allocation. Another example may be that when allocating regions on a stack data structure, it may be desirable to exclude the values of tags assigned to addresses where stack allocations were previously made.
Some examples may allow only one of these ways of identifying an exclusion value. Other combinations of these techniques may be supported, for example, the instructions may specify some software-defined exclusion tag values, but may also permanently exclude some hardware-defined values, or may selectively exclude such hardware-defined tag values depending on the information specified by the configuration registers.
Where at least some of the at least one exclusion tag value is identified by a register of the random tag setting instruction, the information may be represented differently within the register. Generally, the random tag set instruction may specify at least one source register that stores randomly selected state information.
In one example, the random selection status information may include a bit field including a plurality of bits corresponding to at least a subset of a set of candidate tag values, wherein each bit of the bit field indicates whether the corresponding candidate tag value is one of a set of at least one excluded tag values. The bits of the bit field may be set by previous instructions of the software being executed.
Although in some cases software may determine the values of the bits of a bit field directly depending on which values are to be excluded, if it is desired to exclude certain values used by a previously assigned address tag (which values themselves may have been determined by random selection, rather than by deterministic selection by software), the software may not know in advance which values should be excluded. Therefore, it may be useful for the instruction decoder to also support a tag value exclusion instruction that specifies a tag exclusion target address and a destination register for storing a bit field of randomly selected state information. In response to the tag value exclusion instruction, the instruction decoder may control the processing circuitry to update a bit in the bit field corresponding to an address tag associated with the tag exclusion target address to indicate that the corresponding tag value is one of a set of at least one exclusion tag value. This allows the programmer/compiler to include as the tag exclusion target address one or more instances of any address in the tag value exclusion instruction that specifies a tag value that should be excluded in subsequent random selections. This causes the corresponding bits in the bit field corresponding to the value to be excluded to be filled, and then a subsequent random tag set instruction may use this bit field to control the random selection of address tags to be set for different addresses designated as tag set addresses.
In some examples, the bit field of the randomly selected state information may include bits corresponding to the entire set of tag values.
However, in other cases, the bit field may include only bits for an appropriate subset of candidate tag values. For example, if certain candidate tag values are defined by hardware as being permanently excluded, it may not be necessary to provide bits for those candidate tag values.
Another reason the bit field may not include bits for all possible candidate tag values may be that selecting a suitable subset of candidate tag values from the entire candidate set may have been done by an earlier instruction, and then randomly selecting the state information may include the tag values selected as the suitable subset of candidate tag values. The tag values for the appropriate subset of candidate tag values may be specified in the same register or in a different register than the bit field indicating which values to exclude. However, it may be useful to specify both the tag value and the bit field in the same register in order to reduce the number of register reads required by the random tag set instruction. With this implementation, the instruction decoder may support a random tag selection instruction that specifies a destination register for storing a tag value of the random selection state information. In response to a random tag selection instruction, the instruction decoder may control the processing circuitry to randomly select an appropriate subset of candidate tag values from a set of candidate tag values (e.g., without regard to whether any values are excluded) and write the tag values of the selected appropriate subset of candidate tag values to a destination register that stores randomly selected state information.
With this approach, the overall operation of selecting a random tag value while excluding certain exclusion values can be split into multiple separate instructions, which can simplify hardware implementation. This may be accomplished, for example, using an instance of a random tag selection instruction, then using one or more instances of the tag value exclusion instruction described above (to extract tag values from corresponding addresses and update a bit field of the random selection state to indicate that these values are excluded), and then using a random tag set instruction that selects candidate tag values in the appropriate subset of candidate tag values that are not excluded. For example, if the random selection status information indicates T candidate tag values as a proper subset of tag values, the method will allow a maximum of T-1 candidate values to be excluded, so that there always remains at least one of the proper subset of candidate tag values, which can still be selected by the random tag setting instruction as a random tag value. The method simplifies the hardware implementation making it simpler to meet timing requirements because the random tag selection instruction can select T values based on random sources without regard to whether to exclude any values, while the random tag setting instruction and tag value exclusion instruction can be implemented using simple logic operations and/or multiplexers for selection without regard to random number sources. Furthermore, this approach may limit the number of source registers required per instruction, which may be useful because in general the number of register read ports may be limited in typical microprocessor designs.
However, other approaches may provide a hardware implementation that supports both random number source-based selection and the exclusion of some values being executed in response to the same instruction. In this case, there is a challenge to implement the instruction in a hardware efficient manner while still ensuring a uniform probability distribution of each remaining candidate value except for at least one exclusion value is selected.
In one approach for supporting a hardware implementation that excludes up to N exclude tag values, the instruction decoder may control the processing circuit to:
randomly selecting at least N +1 tag values of a set of candidate tag values;
comparing each selected tag value to each excluded tag value; and
selecting one of the selected tag values that does not match all of the at least one excluded tag values as a random tag value to set to an address tag associated with the tag-set target address. For example, the selection of the N +1 random values may be implemented using a look-up table (LUT) and a Linear Feedback Shift Register (LFSR) or other circuit that provides random seed selection values that may be used to select which portion of the sequence provided by the LUT is extracted and used as the N +1 tag values that define the values of some pseudo-random sequence. The comparing and selecting steps may be implemented using comparators, logic gates, and multiplexers in order to select one of the N +1 tag values that is not excluded.
An alternative way to perform the global select/exclude operation in a single random tag set instruction while implementing the hardware is to allow at most two values to be excluded from the random selection: a predetermined exclusion tag value (which may be fixed in hardware or configurable based on configuration registers, but which may be selected independently of the instruction encoding of the random tag setting instruction) and an additional exclusion tag value specified by the random tag setting instruction. In this case, in response to the random tag set instruction, the instruction decoder may control the processing circuit to:
randomly selecting one of a set of candidate tag values as a selection tag value;
performing a comparison of the additional exclusion tag value with a median value, the median value being one of:
when the selected tag value does not match both the predetermined excluded tag value and another predetermined tag value of the set of candidate tag values, the intermediate value is the selected tag value; and
when the selected tag value matches one of the predetermined tag value and the other tag value, the intermediate value is a value obtained by inverting the random selection bits of the selected tag value;
when the comparison detects a mismatch between the additional exclusion tag value and the intermediate value, outputting the intermediate value as a random tag value to be set to the address tag associated with the tag setting target address; and
when the comparison detects a match between the additional exclusion tag value and the intermediate value, another predetermined tag value is output as a random tag value to be set to the address tag associated with the tag setting target address.
Similar to the predetermined exclude tag value, the other predetermined tag value may be hardwired (fixed) in hardware independent of the random tag set instruction encoding or designated as configurable by a control register.
Thus, by selecting a random value and outputting an intermediate value that matches the selected value or has an inverted random selected bit (e.g., if the selected value matches one of the predetermined exclusion tag value or another predetermined tag value), the intermediate value never matches the predetermined exclusion tag value or another predetermined tag value, although any other value may be employed. The intermediate value may then be compared to the additional (software-specified) exclusion tag value, and if there is a match in the comparison, another predetermined tag value may be substituted for the intermediate value to provide the final output random tag value, otherwise the intermediate value itself may be used as the output random tag value. This approach may help limit hardware complexity because only a single random value needs to be selected based on a random number source and compared to the exclusion values, which limits the number of comparators and the complexity of the selection (multiplexing) circuit, while still achieving a relatively uniform probability distribution when selecting between non-exclusion values.
Although the predetermined exclusion tag value and the further predetermined tag value may be any two members of the entire set of candidate tag values, it may be particularly useful for one of the predetermined exclusion tag value and the further predetermined tag value to be a value having all bits equal to 0 and the other to be a value having all bits equal to 1 (whichever way), as this may map to possible uses of "special" tag values (e.g., "all match" values) that are not selected as random tag values. In some implementations, the values defined as the predetermined exclusion tag value and the another predetermined tag value may be hardwired (permanently fixed), or alternatively they may be defined by state values in a configuration register (e.g., selecting values in which there are "all 0" and "all 1" values as exclusion values).
Thus, it will be appreciated from the above that there are a range of different ways in which the actual hardware of the processing circuitry may effect a random selection from a set of candidate values, while at the same time excluding at least one excluded value from the selection. This may be done in response to a single instruction or in response to a sequence of instructions. The architectural advantages of the random tag set instruction (with the increased probability of error detection and robustness discussed above) are realized regardless of the specific hardware implementation chosen at the microarchitecture level.
The random selection from the set of candidate tag values (or the set of candidate tag values excluding the at least one exclusion value) may be made based on a true random value or a pseudo random value. Accordingly, it will be appreciated that the provision of a true random number generator is not essential to the techniques discussed above. In some cases, the random selection may be based on a pseudo-random number generator. For example, the random selection may be based on values extracted from a linear feedback shift register.
In practice, a given random value has been assigned to the address tag associated with a given address, and it is often also desirable to store the same random tag value to the protection tag of the block of memory locations that includes the addressed location identified by that address. In some implementations, this may be done by a separate instruction from the random tag set instruction. For example, a subsequent protection tag set instruction may employ a tag set target address for which the random tag set instruction has previously set an address tag, and use the random tag value of that address as the value of the corresponding protection tag written to the block of the corresponding memory location.
However, in other implementations, a combined address tag and protection tag set instruction may be provided that both randomly updates the address tag associated with the tag set target address and also controls the memory access circuitry to update the protection tag stored in the memory system associated with the block of memory locations that includes the addressed location identified by the tag set target address to a random tag value. This may avoid the need to execute a second instruction, thus reducing code density.
In protection tag checking, when a mismatch is detected between the address tag and the protection tag for a given memory access, the mismatch may be reported by returning some form of fault status indication. The particular form of the indication of whether a match is detected between the protection tag and the address tag that is generated may vary depending on the implementation. In some cases, the tag protected memory access operation may include controlling whether memory access to the addressed location is allowed, depending on whether a match is detected between the protection tag and the address tag. However, in other examples, a memory access that triggers the protection tag check may be performed regardless of whether a match is detected between the protection tag and the address tag. For example, the protection tags associated with a given block of memory locations may be stored in different blocks of memory locations within the memory system, and thus access to the protection tags may require separate read operations. Thus, if an actual memory access is delayed until the protection tag and address tag have been compared, processing of the actual memory access may be delayed, so it may be desirable to perform a memory access to the addressed location before the protection tag is available, and whether or not any match is detected between the protection tag and address tag, and then generate a separate indication of whether or not a match is detected once the protection tag has been obtained and compared to the address tag.
In one example, the indication of whether a match is detected may be a signal indicative of a fault condition, which is generated when a mismatch is detected between the protection tag and the address tag. For example, the memory access circuitry may signal a similar memory fault similar to a fault generated if access permissions are violated or if an unmapped address is accessed, or may indicate a different type of fault condition. The fault signal may trigger the processing circuitry to execute an exception handling routine for responding to the detected fault.
Alternatively, when the protection tag does not match the address tag for a given memory access, a status indication may be recorded within a control register accessible to processing circuitry of the device to indicate whether a match or mismatch was detected in the comparison of the protection tag and the address tag. The status information may then be read by a subsequent instruction to check whether the memory access is valid.
Another option for reporting whether the address tag and the protection tag match or do not match in the protection tag check may be to record information in an error log associated with the executing code segment that tracks any protection tag errors detected throughout the code segment. For example, instruction addresses of instructions that trigger a mismatched target address or a mismatched memory access may be recorded in the error log in response to a mismatched protection tag and address tag. In this case, rather than performing any particular action that prevents the code from operating, the error may simply be logged in an error log. The error log may then be provided to a software provider of the code to assist the provider in resolving errors in subsequent versions of the software.
Thus, it will be appreciated that there are a range of ways in which the protection tag match/no match indication may be generated by the memory access circuitry when the protection tag check is performed.
In some embodiments, the memory locations of the blocks having corresponding protection tags may each comprise a single memory location. In this case, each individual memory location may have a different protection tag, which may provide good granularity in setting the protection tags so that a greater range of memory errors may be detected.
However, in practice, the overhead of setting a separate protection tag for each addressed location may be too high, and it may be more efficient to associate each protection tag with a block having multiple memory locations. In this case, many adjacent memory locations may share the same protection tag, which is sufficient for detecting common forms of memory-related errors.
The protection tag associated with a given block of memory locations may be stored in any other memory location within the memory system. The particular manner in which the location of the protection tag in the memory system is selected may vary significantly depending on the implementation or at runtime. In some examples, the location where the protection tag is stored may be architecturally accessible by the processing circuitry, e.g., the protection tag memory location may be a location that maps to a portion of the same address space as the addressed location. In this case, the mapping between the addressed locations themselves and the addresses of the corresponding tag memory locations may be fixed or hardwired, or may be variable, e.g., tracked in a tracking table maintained by the memory access circuitry or in a translation look-aside buffer. Alternatively, other implementations may store the protection tag associated with a given addressed location in another memory location that is architecturally inaccessible to the processing circuitry, e.g., in an additional memory provided in the microarchitecture that does not map to an address space that is addressable by instructions executed by the processing circuitry. In this case, the memory access circuitry may determine a particular internal address for pointing to the corresponding tag storage location based on the address of the addressed location and trigger any additional memory accesses that require reading tag data from the tag storage location. The tag value may also be cached within a cache (either within the same cache used for the data value or within a dedicated tag cache) for faster access regardless of whether the tag storage location is architecturally accessible to the processing circuit.
In some cases, the protection tags may be relatively small, such as 4-bits or 8-bits, and thus multiple protection tags, each associated with a different block of memory locations, may fit within the same memory location.
The address tag may be associated with the target address in different ways. In some cases, the address tag may be specified separately from the target address, e.g., using a separate register specified by the memory access instruction, which triggers the memory access operation and protection tag check. However, in other examples, the address tag may be determined as a function of one or more select bits of the target address. That is, the address tag may comprise the slave target address itselfThe partial derived information of (1). Typically, although an instruction set architecture may support addresses having a certain number of bits (e.g., 64 bits), in practice a given hardware device may not require so much memory capacity that it will use all possible addresses that can be represented using that number of bits. For example, depending on the current trend in the use of the device, it is not yet necessary to provide 264A single addressable location. Thus, in general, some bits of a memory address may not be effectively used, and may always have the same value, or be set to the sign extension of the most significant "real" address bits (so that the unused portion is set to all 0's or all 1's). Thus, the unused portion may be reused to represent an address tag or a value used to derive an address tag to avoid the need to access a separate register to obtain an address tag, and also to make it easier to track the correspondence between an address and a corresponding address tag, since by definition an address tag may be transmitted with an address whenever the address is manipulated or moved between registers.
In embodiments where a portion of the target address is used to determine the address tag, it is noted that the address tag is distinct from the tag portion of the target address, which may be used by the cache to determine whether information from the addressed location identified by the target address is stored within the cache. Many caching schemes may store a tag portion of an address of a cached data segment with data within a cache such that when a given address is sought in the cache, the partial address may be compared to the tag stored with the cached data to determine whether the cached data actually corresponds to the desired address. However, in this case, the tag portion of the address (which is compared to the tags in the cache) will be part of the portion of the address that actually defines the particular addressing location where the data is needed, i.e., changing the cache tag portion of the address will cause the address to point to a different addressing location within the memory system, by definition. Conversely, with an address tag for tag protected memory operations, the memory access circuitry can select an addressed location that requires data independently of the address tag. That is, even if the address tags have different values, the addressed locations pointed to by the target address may still be the same, as the selection of addressed locations may depend only on other portions of the target address. This enables the compiler to freely set the address tag associated with a particular address to any value (e.g., the randomly selected value discussed above) to match the corresponding protection tag value that has been assigned to the associated data block in the memory system.
Where a subset of bits of the address are used to represent the address tag, in some implementations, a randomly selected value (excluding any excluded values) selected in response to the random tag set instruction may be translated based on at least another bit of the address in order to determine a value to be written to the subset of bits of the tag set target address. This is useful for compatibility with traditional address space allocations, where a "special value" of a tag value to be interpreted in a special way (e.g., for an "all match" behavior) may need to have different values for different portions of the address space. For example, because the address may be sign extended, it may be desirable that the top unused bits may all be 1's if the top "true" (significant) bit of the address actually used to select the addressed memory location is 1, and that the top unused bits be set to 0's if the top "true" bit is 0. To ensure that legacy code that has allocated these unused bits (and has not been written to use the protection tag function) to this problem continues to function properly, an "all match" value may be an "all 1" for addresses with a top "true" bit of 1, and an "all 0" for addresses with a top "true" bit of 0. This can be achieved by: designating one of all 0's and all 1's as an exclusion value, randomly selecting from the remaining values of the candidate set (possibly excluding other exclusion values as well), and then determining whether to translate the selection value based on the most significant "true" bits of the address (e.g., by inverting all bits) in order to determine the value to be written to the tag portion of the address such that the exclusion value will map to the correct "all match" value whether the top "true" bit is a 1 or a 0. It will be appreciated that other conversions of randomly selected values based on one or more bits of the address may also be applied, not just inverted bits.
In some implementations, the instruction decoder may trigger the protection tag check in response to all memory access instructions. Alternatively, the instruction decoder may support separate non-tag protected and tag protected variants of memory access instructions. In this case, the protection tag check may be triggered in response to a variant of tag protection of the memory access instruction. Conversely, a non-tag protected memory access instruction may simply trigger an access to the addressed location identified by the target address specified by the instruction, without performing a protected tag check. Therefore, it is not necessary to perform protection tag checking in response to all memory access instructions. In some cases, instructions for triggering a protection tag check may also be supported (without any corresponding memory access to the location identified by the tag check target address).
However, even if all memory access instructions are interpreted as tag protected memory access instructions, there may be other ways in which the instruction set architecture may support selective disabling of protected tag checking for certain operations. For example, a control parameter within a control register of the processing device may selectively disable tag comparison. As discussed above, another option is to interpret certain values of the address tag in a special way so that they indicate that the address tag should be treated as matching any possible value of the protection tag, again this effectively disables the effect of the tag comparison so that no error is reported whether or not the address tag matches the protection tag.
Fig. 1 schematically shows an example of a
Fig. 2 schematically illustrates the concept of tag protected memory access. The physical address space used to represent memory locations within a memory system may be logically divided into a plurality of
Thus, when a tag-protected memory access is required, the address tag 40 (which is associated with the
Thus, when performing tag-protected memory accesses, load/store unit 15 compares
FIG. 3 shows a flow diagram for handling tag protected memory accesses. The instruction that triggers the memory access may specify an address tag and a target address. As shown in FIG. 2, in some cases, the address tag may actually be derived from a subset of the bits of the target address itself, although in other examples it may be specified in a separate register. At step 50, an instruction is encountered that triggers a tag protected memory access. In response, memory access circuitry 15 triggers a memory access to the addressed
Fig. 4 shows a first example of a random tag setting instruction (InsertRandomTag ) that specifies a single source register Xn and destination register Xd. The source register Xn specifies a tag set
Fig. 5 shows a second example of a random tag setting instruction (InsertRandomTag ) that allows to eliminate some exclusion values from selection as random tag values. Again, the random tag setting instruction specifies the same source register Xn and destination register Xd as in fig. 4. Optionally, the random tag setting instruction may also specify a second source register Xm, which may define state information that may indicate one or more of a set of exclusion values. The exclusion value may also be identified in other ways independent of Xm. For example, if the destination register Xd already includes an address prior to execution of the instruction, the previous tag associated with that address may be fetched and used as one of the exclusion values. Similarly, the
Thus, using the example of figure 5, in response to a random tag set instruction, the
Fig. 6 shows a first example in which a register Xm defining a random selection state indicating an exclusion value is implemented as an exclusion mask comprising a bit field containing a plurality of
As shown in fig. 7, the
Based on the form of randomly selected state information shown in FIG. 6, the random tag set instruction of FIG. 5 may thus select a random tag value that is not one of the excluded values for which bit 64 of the bit field in register Xn is set to 1.
An alternative to using such a bit field may be to provide, in turn, a source register Xm that provides a series of fields that explicitly define the binary value to be excluded from selection. For example, if a maximum of N values can be excluded and each tag value has a certain number of bits (e.g., 4), then 4N bits of the register may specify the value to be excluded.
Regardless of exactly how the values to be excluded are specified, the hardware may then fetch the excluded values and compare them to the values output by the random number generator or
Figures 8 to 10 illustrate various methods for achieving this. The object is to provide a hardware efficient way to generate a 4-bit pseudo-random value, which should not be equal to a specific input value. In particular, this includes how such outputs are derived from non-differentiated random sources (which allow all possible outputs). This may be a simple LFSR seed register or a more complex pseudo random number generator ((P) RNG). For simplicity, the random source is referred to as the "LFSR," but other random sources may be used instead of the LFSR. Two possible implementations are described. The first method described uses a predefined pseudo-random sequence (look-up table or LUT 70) in addition to LFSR72, which may be hard-wired and can exclude any number of input values (while the hardware complexity increases depending on the maximum number of inputs). A second approach is also described, which is limited to excluding only 1 input value and either of "1111" and "0000". The method derives its output from the LFSR only.
The first method is illustrated in fig. 8 and 9. The design concept can be constructed to exclude any number of input modes ("N"). First, assume that there is a look-up table (LUT) register 70 that contains every possible output value that is output only once and chaotic in a pseudo-random order. For 4-bit outputs (16 combinations), the
Details of how each stage is implemented are described below. This is an example implementation. Alternative implementations are possible.
Randomizer 80 (phase 1)
Let "pos" be the 4 bits extracted from
Comparator 82 (stage 2)
Each of the "N" inputs from
Selector 84 (stage 3)
The selector 90 may simply select the first randomizer output allowed by the mask 88.
Properties of implementation
This implementation provides a uniform probability distribution for all outputs, including if some inputs are the same. This means that a single hardware circuit constructed to exclude N values can be reused to exclude fewer values without affecting the probability distribution by simply providing some inputs multiple times.
Fig. 8 shows a specific example configuration of 3 exclusions (N-3). This implementation provides a uniform probability distribution for all outputs, including if some inputs are the same. This means that by simply providing the same input multiple times, a single hardware circuit constructed to exclude 3 values can be used to exclude 1 or 2 values without affecting the probability distribution. If the value to be excluded is "1111", then how the probability distribution is affected is as follows:
value of
0000
0001
0010
0011
0100
0101
0110
0111
%
6.26
6.59
7.03
6.43
6.30
6.26
6.94
7.28
Value of
1000
1001
1010
1011
1100
1101
1110
1111
%
6.39
7.62
6.73
6.26
6.34
6.25
7.32
0.00
(statistics obtained using a LUT of "0 x61fd50b4c83a2e 97")
Fig. 9 shows a specific example configuration of 4 exclusions (N-4). Note how the last multiplexer is selected to subdivide into two multiplexers 74-a, 74-B in order to provide 5 outputs from
If the value to be excluded is "1111", how the probability distribution is affected is as follows:
value of
0000
0001
0010
0011
0100
0101
0110
0111
%
6.27
6.58
7.01
6.49
6.33
6.25
6.91
7.22
Value of
1000
1001
1010
1011
1100
1101
1110
1111
%
6.44
7.54
6.75
6.28
6.39
6.25
7.28
0.00
If the added value to be excluded is "0000", how the probability distribution is affected is as follows:
value of
0000
0001
0010
0011
0100
0101
0110
0111
%
0.00
7.97
7.31
6.52
6.30
6.60
8.11
8.23
Value of
1000
1001
1010
1011
1100
1101
1110
1111
%
6.42
8.33
6.92
6.26
6.35
6.95
7.72
0.00
(statistics obtained using a LUT of "0 x61fd50b4c83a2e 97")
Fig. 10 shows a second method that excludes a fixed pattern that can be either "1111" or "0000" and an input value that is an arbitrary variable. This is sufficient to "recolor"/change the existing value. The output is derived from only LFSR 72. The LFSR should have at least 6 bits.
In the design shown in fig. 10, 4 bits are extracted from the LFSR state to be used as a tentative output value ("select tag value") 102. If all bits are the same (pattern "0000", "1111"), then 2 more bits from the LFSR are extracted and applied to the multiplexer/shifter to select exactly one bit in the output to be inverted (using an exclusive OR (XOR) operation) to generate the intermediate value of 100. This ensures that the "0000" and "1111" modes never occur for the
This generates an
value of
0000
0001
0010
0011
0100
0101
0110
0111
%
0.0
7.8
7.8
6.3
7.8
6.3
6.3
7.8
Value of
1000
1001
1010
1011
1100
1101
1110
1111
%
7.8
6.3
6.3
7.8
6.3
7.8
7.8
0.0
To more easily explain the next part of the system, assume that the fixed pattern to be excluded is "1111" and "0000" is a valid output. Because "0000" is the active mode, it can be swapped with the input variable. Therefore, the equality of the
The final output statistical distribution is:
value of
0000
0001
0010
0011
0100
0101
0110
0111
%
6.7
7.3
7.3
5.8
7.3
5.8
5.8
7.3
Value of
1000
1001
1010
1011
1100
1101
1110
1111
%
7.3
5.8
5.8
7.3
5.8
7.3
7.3
0.0
The roles of "0000" and "1111" may be swapped to disable "0000" as an output and instead use "1111" as a valid replacement for the variable input. Furthermore, any arbitrary pattern (not just "0000" or "1111") may be selected as the predetermined exclusion tag value (corresponding to "1111" in the example of fig. 10) and the further predetermined tag value (corresponding to "0000" in fig. 10), such as the further predetermined tag value replacing the
In the above method, a single random tag setting instruction is able to take an indication of an exclusion value among the entire set of candidate values, and a random value is selected from the remaining values in response to the single instruction. This may provide a relatively code efficient way of implementing the selection when pairing with additional instructions of the form shown in fig. 7 to define an exclusion value.
However, to further simplify the hardware, it may also be useful to split the operations for selecting a random tag value and excluding the value in the selection into multiple instructions. Fig. 11 to 14 show an example of this method. Fig. 11 shows an alternative form of randomly selected state information for defining an exclusion value of a random tag setting instruction. For example, the register Xm shown for the random tag set instruction of FIG. 5 may specify the form of the randomly selected state information shown in FIG. 11, rather than the bit field shown in FIG. 6. In the example of fig. 11, rather than defining an exclusion value in the entire set of candidate values, a
With this approach, the random selection operation can be divided into a number of instructions: a first instruction that selects a subset of the random values as a set of working values that can be selected by a subsequent random tag setting instruction, as shown in fig. 12; a second instruction that checks the values of the previously selected subset according to the exclusion values and if there is a match, sets an exclusion mask, as shown in fig. 13; a third instruction (random tag set instruction), as shown in fig. 14, which uses the random selection state shown in fig. 11 to select one of the subset of random tag values 72 that is not indicated as being excluded by the exclusion mask.
Fig. 12 shows a beginnrandomtag instruction (random tag selection instruction) specifying a destination register Xd, which selects a small group of random tags based on the output of the random number generator or
Fig. 13 shows an excluder random tag instruction (tag value exclusion instruction) specifying two source registers Xn, Xm and a destination register Xd, which may be executed to ensure that a particular tag value defined by software is not selected by a subsequent random tag setting instruction as a random tag value. The instruction may be similar to that shown in FIG. 7 in that it requires a register specifying an address that already has the
Fig. 14 shows a random tag setting instruction (EndRandomTag) that selects one of the remaining tags that are not excluded by the ExcludeRandomTag instruction of fig. 13 based on the random selection state stored in the source register Xm, inserts the selected tag into the address specified in the source register Xn, and writes the result to the destination register Xd. Thus,
Thus, by splitting the operation into a number of instructions, it is easier to build processing hardware that meets timing requirements, and it ensures that each instruction only needs to specify a maximum of 2 source registers (which is useful for efficient use of the register read port), while still allowing more than 2 values extracted from the respective address tag of the input address to be excluded from selection.
It will be appreciated that all of the example implementations shown above are examples only, and that other hardware implementations may also be used to implement the architectural functionality of the random tag setting instruction that excludes certain values from being selected.
Fig. 15 shows a flow chart illustrating a method of processing a random tag setting instruction. At
Optionally, at
Fig. 16 shows a simulator implementation that may be used. Although the previously described embodiments implement the present invention in terms of apparatus and methods for operating specific processing hardware in support of the techniques involved, it is also possible to provide an instruction execution environment implemented via use of a computer program according to the embodiments described herein. Such a computer program is often referred to as a simulator, as long as it provides a software-based implementation of the hardware architecture. Variations of simulator computer programs include emulators, virtual machines, models, and binary converters (including dynamic binary converters). Typically, the simulator implementation may run on a host processor 230, the host processor 230 optionally running a host operating system 220, supporting the simulator program 210. In some arrangements, there may be multiple layers of emulation between hardware and the provided instruction execution environment and/or between multiple different instruction execution environments provided on the same host processor. Historically, powerful processors have been required to provide simulator implementations that execute at reasonable speeds, but such an approach may prove reasonable in certain situations, such as when code native to another processor needs to be run to achieve compatibility, or for re-use reasons. For example, simulator implementations may provide an instruction execution environment with additional functionality not supported by the host processor hardware, or provide an instruction execution environment typically associated with a different hardware architecture. An overview of the simulations is given in the Winter 1990USENIX Conference, pages 53 to 63, "Some efficiency Architecture Simulation Techniques", written by RobertBindeche.
For embodiments that have been previously described in the context of simulation with reference to particular hardware configurations or features, equivalent functionality may be provided by appropriate software configurations or features. For example, certain circuitry may be implemented as computer program logic in analog embodiments. Similarly, memory hardware (such as registers or caches) may be implemented as software data structures in an emulated embodiment. One or more of the hardware elements mentioned in the previously described embodiments are presented in an arrangement on host hardware (e.g., host processor 230), which some analog embodiments may utilize as appropriate.
Simulator program 210 may be stored on a computer-readable storage medium 212 (which may be a non-transitory medium) and provides object code 200 (which may include an application program, an operating system, and a hypervisor) with a program interface (an instruction execution environment) that is identical to the application program interface of the hardware architecture modeled by simulator program 210. Thus, the program instructions of object code 200 (including the random tag setting instructions described above) may be executed within the instruction execution environment using simulator program 210 so that host computer 230, which does not actually have the hardware features of
In this application, the word "configured to … …" is used to mean that an element of an apparatus has a configuration capable of performing the defined operation. In this context, "configuration" means an arrangement or manner of interconnection of hardware or software. For example, the apparatus may have dedicated hardware providing the defined operations, or the processor or other processing device may be programmed to perform the functions. "configured to" does not imply that the device elements need to be changed in any way in order to provide the defined operation.
Although illustrative embodiments of the present invention have been described in detail herein with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments, and that various changes and modifications can be effected therein by one of ordinary skill in the pertinent art without departing from the scope or spirit of the present invention as defined by the appended claims.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:用于虚拟计算资源的部署前安全分析器服务