310 likes | 422 Views
新たな高信頼アーキテクチャに向けた研究. A First Step Towards A Novel Dependable Architecture. Contents. Background A Novel Architecture Overview Details Code Translation History Consideration Ideas for Dependability Future Works. Background – Requirements and Adhoc supplies. Dependability Requirements
E N D
新たな高信頼アーキテクチャに向けた研究 A First Step Towards A Novel Dependable Architecture
Contents • Background • A Novel Architecture • Overview • Details • Code Translation • History • Consideration • Ideas for Dependability • Future Works
Background – Requirements and Adhoc supplies • Dependability Requirements • Reliability, Availability ,Serviceability (RAS) • Studies of Architecture Level Support • Academic studies • Architecture Support for Defending Against Buffer Overflow Attacks; Jun Xu and Zbigniew Kalbarczyk and Sanjay Patel and Ravishankar K. Iyer; Proceedings of 2nd Workshop on Evaluating and Architecting System dependabilitY (EASY), 2002 • Enlisting Hardware Architecture to Thwart Malicious Code Injection; Ruby B. Lee and David K. Karig and John P. McGregor and Zhijie Sh; Proceedings of 1st International Conference on Security in Pervasive Computing (SPC), 2003 • A Processor Architecture Defense against Buffer Overflow Attacks; John P. McGregor and David K. Karig and Zhijie Shi and Ruby B. Lee; Proceedings of IEEE International Conference on Information Technology: Research and Education (ITRE), 2003 • Commercial products • ARM SecureCore • SmartMIPS ASE • IA-32 NXBit Symptomatic and Imperfect
Contents • Background • A Novel Architecture • Overview • Details • Code Translation • History • Consideration • Ideas for Dependability • Future Works
A Novel Architecture - Overview Data Control Translated Instruction Translation Cache Translation Unit(TU) Translation Request Invalidation Instruction Execution Unit(EU) Data & Tag Instructions forVirtual Machine (VM) Tag Data Cache Tag Memory Data Main Bus Main Memory
A Novel Architecture – Details : Execution Unit • Execution Unit (EU) • Access to Data • Data Cache • Main Memory and Tag Memory • Access to Instruction • Translation Cache
A Novel Architecture – Details : Translation Unit • Translation Unit (TU) • Binary Translation • From ISA for VM • To ISA for EU • Organization • Hardware Processor • Translation Software • Rapid Translation • Optimization of Translation Cache
Contents • Background • A Novel Architecture • Overview • Details • Code Translation • History • Consideration • Ideas for Dependability • Future Works
Code Translation - History : microprogrammed control • IBM System/360 • At April 7, 1964 • Motorola MC680x0 • nanoprogram • nanoarchitecture Sequencer ROM Op.Code Instruction Control Memory (CM) MicroprogramforOp.X Control Memory Address MicroprogramforOp.Y MicroprogramforOp.Z Micro architecture
Code Translation - History : Pentium4 (NetBurst) System Bus Bus Unit 3rd Level Cache (Optional) 2nd Level Cache (8-Way) 1st Level Cache (4-Way) Front End Fetch/Decode Trace CacheMicrocode ROM ExecutionOut-Of-OrderCore Retirement Branch History Update BTBs/Branch Prediction Frequently used paths Less frequently used paths
Code Translation - History : Crusoe/Efficeon IA-32 Inst. A IA-32 Inst. B IA-32 Inst. C IA-32 Inst. D Inst. Aa VLIW Inst. Aa VLIW Inst. Ab Inst. Ab VLIW Inst. Ba Inst. Ba VLIW Inst. Ca Inst. Cb VLIW Inst. Cb Inst. Da VLIW Inst. Da Memory System Fetch Atom Molecule convert Inst. Aa Inst. Ab Inst. Ba Inst. Cb Light Optimization pack Inst. Da ・・・ Hot Spot Core Morphing Software Maximum Optimization & Cache VLIW Execution core
Code Translation - History : Itanium series IA-32 Execution Layer (IA-32 EL) IA-64 Application IA-32 Application IA-32 Application IA-32 Application Optimizer Cold Code Translation On Execution Time IA-32 Execution Layer Operation System Runtime Information Hot Code Translation Hot Spot IA-64 VLIW core IA-32 Decoder Cache Translation and Runtime Information Runtime Information Translated Code Block
Code Translation - History : Parrot Fetch Selector Trace Cache Branch Predict Trace Predict I-Cache Optimizer Trace Fill Cold Exec Hot Exec Hot Filter BlazingFilter Trace Select Synchronized Commit
Code Translation - Considerations • Requirements • ISA for Software (ISAS) • High Level Language oriented • More Information with Instructions • For Dynamic Optimizations • Performance & Reduced Power Supply • For Dynamic Validations • Dependability • ISA for Hardware (ISAH) • Design Level Optimization • Fixed ISA restricts Hardware Design • Impact • Answer the Above Requirements
Contents • Background • A Novel Architecture • Overview • Details • Code Translation • History • Consideration • Ideas for Dependability • Future Works
Ideas for Dependability – Call Stack Protection • Return Address Stack is divided from Common Stack • Permission to touch Return Address Stack is limited to … • Call instruction (tacit push) • Return instruction (tacit pop) • Specified Push/Pop instructions for Return Address Stack • Only address value can be pushed into Return Address Stack Local Variables of Function int a; Stack Frame of Function Local Variables of Function int b; int a; Stack Frame of Function char buffer[1024]; int b; char buffer[1024]; return address return address
Ideas for Dependability – Boundary Check Acceleration • Register relative indexed addressing • Load a1, r2 ; if (i2 > b2) raise exception else a1←(a2+i2) • Store r1, a2 ; if (i1 > b1) raise exception else (a1+i1)←a2 • Load Reference • Load r1, r2 ; a1←(a2+i2), b1←1(a2+i2) memory Address reg. Index reg. Boundary reg. a1 b1 a1 i1 b1 a1+i1 a2 i2 b2 a3 i3 b3 If (i1 > b1) raise exception a4 i4 b4 … … …
Ideas for Dependability – Data Tagging • Every data is tagged based on data types • Types • Instruction • Address • Value • Reference (A Pair of Address and Value) • NULL • Tag value is updated by specified instructions • ALU update tags automatically after calculation • If PC points a data which is not tagged as instruction, the execution of program is stopped • When data is tagged as instruction, T$ is invalidated
Contents • Background • A Novel Architecture • Overview • Details • Code Translation • History • Consideration • Ideas for Dependability • Future Works
Feature Works • Model of Undependability • Human error leading mechanisms • Essential Realization of Dependable Mechanisms • On ISAH or ISAS? • Which should we implement dependable mechanisms on • More Specification • Details of Execution Unit • Outline of Translation Unit • How Evaluate • SPEC, IPC, …
Background (1) – Moore's Law • Moore's Law • Cramming more components onto integrated circuits;Gordon E. Moore; Electronics, Volume 38, Number 8, April 19, 1965 • The Limits of Moore's Law • No Exponential Is Forever: But “Forever” Can Be Delayed!; Gordon E. Moore; IEEE International Solid-State Circuits Conference 2003 • Limits to binary logic switch scaling – a gedanken model; V.V.Cavin, R.K. Cavin III, J.A.Hutchby, G.I.Bourianoff; Proceedings of The IEEE Volume 91, Issue 11, Nov 2003, p1934-1939 … 16nm • No end in sight for Moore's Law; Craig Barrett(Intel CEO) ; Intel Developer Fortum Spring 2005 Keynote Speech … 5nm
Translated Instruction Translation Cache Translation Unit(TU) Translation Request Invalidation Instruction Execution Unit(EU) Data & Tag Instructions forVirtual Machine (VM) Tag Data Cache Tag Memory Data Main Bus Main Memory
Instruction ROM Op.Code Control Memory (CM) MicroprogramforOp.X Control Memory Address MicroprogramforOp.Y MicroprogramforOp.Z Micro architecture
System Bus Frequently used paths Bus Unit Less frequently used paths 3rd Level Cache (Optional) 2nd Level Cache (8-Way) 1st Level Cache (4-Way) Front End Fetch/Decode Trace CacheMicrocode ROM ExecutionOut-Of-OrderCore Retirement Branch History Update BTBs/Branch Prediction
VLIW Inst. Aa Inst. Aa VLIW Inst. Ba VLIW Inst. Ca VLIW Inst. Cb VLIW Inst. Da Memory System Fetch Atom Molecule convert IA-32 Inst. A VLIW Inst. Ab Inst. Aa Inst. Ab Inst. Ba Inst. Cb Light Optimization Inst. Ab pack IA-32 Inst. B Inst. Ba IA-32 Inst. C Inst. Da ・・・ Inst. Cb IA-32 Inst. D Inst. Da Hot Spot Core Morphing Software Maximum Optimization & Cache VLIW Execution core
IA-64 Application IA-32 Application IA-32 Application IA-32 Execution Layer Operation System IA-64 VLIW core IA-32 Decoder
IA-32 Application Optimizer Cold Code Translation On Execution Time Runtime Information Hot Code Translation Hot Spot Cache Translation and Runtime Information Runtime Information Translated Code Block
Fetch Selector Trace Cache Branch Predict Trace Predict I-Cache Optimizer Trace Fill Cold Exec Hot Exec Hot Filter BlazingFilter Trace Select Synchronized Commit
Address reg. Index reg. Boundary reg. a1 i1 b1 a2 i2 b2 a3 i3 b3 a4 i4 b4 … … … memory a1 b1 a1+i1 If (i1 > b1) raise exception