CN115618336A - Cache and operation method thereof, computer device - Google Patents

Abstract

The embodiment of the disclosure provides a cache, an operation method thereof and a computer device comprising the cache. The cache includes: a data array, a tag array, and a tag array. The data array is configured to store a plurality of cache lines; the tag array configured to store a plurality of tags; the tag array is configured to store a plurality of tag rows. The memory tag comprises a plurality of cache lines, a plurality of tags and a plurality of tag lines, wherein the plurality of cache lines, the plurality of tags and the plurality of tag lines correspond to one another one to one, each tag line is used for storing a second number of memory tags associated with a first number of tag storage unit entries stored in the corresponding cache line, and the memory tags stored in the tag lines have a mapping relation with the memory addresses of the associated tag storage unit entries. The cache may be used to improve the security of memory accesses of the computer system.

Description

Cache and operation method thereof, computer device

technical field

Embodiments of the present disclosure relate to a cache, an operation method thereof, and a computer device including the cache.

Background technique

With the rapid development of computer science and technology, people not only expect computer systems to execute program operations accurately and quickly, but also put forward certain requirements for the security performance of computer systems. In recent years, the C/C++ language has been widely used in modern system programming, but the current mainstream compilers and runtime environments (Runtime) do not perform static or dynamic security checks on the C/C++ program pointers, making the use of C/C++ Programs programmed in C++ are vulnerable.

The current method to solve the memory security problem is to protect it by modifying the hardware, compiler and runtime environment (Runtime). On the other hand, for some types of attacks, the hardware architecture cannot directly handle them. The best solution in this case is to use some common security measures, such as memory protection through virtualized partitions.

Memory vulnerability attacks can use the violations constructed by the attacker to form the first stage of the attack, and then use the vulnerability to guide the program to the malicious program prepared by the attacker for execution, so as to gain control of the system or leak system privileged information. According to the type of illegal pointer access, memory fine-grained security violations are mainly divided into two categories: spatial safety violation and temporal safety violation.

Space security violation: When the pointer access object is outside the scope of the program, the memory space security will be violated. The most common example is to use the buffer overflow on the stack to overwrite the return address of the function with the value designed by the attacker to guide the execution flow direction of the program; or directly use the overflow to rewrite important variables or important information.

Temporal safety violation: Memory temporal safety is violated when a reference to an object is used outside of the specified time frame, usually after the instantiated object's memory has been reallocated without strict memory initialization. For example, temporal safety violations due to dereferencing a pointer to invalid (usually unallocated or freed) memory.

In order to alleviate the threat of memory security violations, some corresponding defense technologies have been researched. The typical one is the Data Execution Prevention (DEP) mechanism. The basic principle is to mark the memory page where the data is located as unexecutable. When the program overflows When the shell code (shellcode) is successfully transferred, the program will try to execute instructions on the data page. At this time, the CPU will throw an exception instead of executing malicious instructions. By enabling DEP, data pages (such as the default heap page, various stack pages, and memory pool pages) can be effectively prevented from executing code.

Another effective defense mechanism is the Stack Canary mechanism. Its principle is to insert cookie (cache) information at the bottom of the stack when the function is executed. When the function returns, it will verify whether the cookie information is legal. If it is not legal, the program will stop running.

The ASLR mechanism, DEP (NX/XD) or Stack Canary mechanism implemented through the virtual memory system all make it impossible for attackers to inject and execute arbitrary attack codes at will, so these preventive mechanisms protect the safe operation of the program to a certain extent .

However, in the face of more complex attack codes and means, these protection mechanisms will face the result of failure. For example, in return-oriented programming (ROP) attacks, arbitrary code execution is achieved by corrupting code pointers (such as return addresses) and chaining together the execution of multiple gadgets. Sequences in these raw binary codes are combined to implement the malicious attack code envisioned by the attacker.

Contents of the invention

At least one embodiment of the present disclosure provides a cache, which includes: a data array, a tag array, and a tag array. The data array is configured to store multiple cache lines; the tag array is configured to store multiple tags; and the tag array is configured to store multiple tag lines. A plurality of cache lines, a plurality of tags, and a plurality of tag rows are in one-to-one correspondence with each other, and each tag row is used to store a second number of memory tags associated with the first number of tag storage unit items stored in the corresponding cache line , the memory tag stored in the tag row has a mapping relationship with the memory address of the associated tag storage unit item.

At least one embodiment of the present disclosure also provides a computer device, the computer device includes: at least one cache, processor core memory, the at least one cache adopts the cache of the above embodiment; the processor is coupled to the cache; the memory is connected to the cache The processor and the cache are coupled and configured to provide a memory space during the operation of the computer device, wherein the memory address is located in the memory space.

At least one embodiment of the present disclosure further provides an operation method of the cache in the above embodiment, the operation method includes: receiving a memory access request, wherein the memory access request includes a memory access address, and the memory access address includes a first memory tag; Responsive to the case of querying the cache hit using the access address, obtaining a second memory tag corresponding to the access address from the tag array; comparing the obtained first memory tag with the obtained second memory tag to determine the first memory tag and the second memory tag Whether the two memory tags match.

Description of drawings

In order to illustrate the technical solutions of the embodiments of the present disclosure more clearly, the accompanying drawings of the embodiments will be briefly introduced below. Obviously, the accompanying drawings in the following description only relate to some embodiments of the present disclosure, rather than limiting the present disclosure .

Fig. 1 shows a schematic diagram of a memory space in a computer system including a secure memory space and a non-secure memory space;

Figure 2 shows a schematic diagram of pointers used in embodiments of the present disclosure;

FIG. 3 shows a flow chart of protecting access to a memory space using a memory tag according to an embodiment of the present disclosure;

FIG. 4 shows an example of a memory address including a memory tag according to at least one embodiment of the present disclosure;

Fig. 5 shows the binary encoding format of 6 exemplary mark memory instructions;

FIG. 6A shows a schematic frame diagram of a processor according to at least one embodiment of the present disclosure;

6B shows a schematic diagram of a marker generation unit according to at least one embodiment of the present disclosure;

FIG. 6C shows a schematic diagram of a hardware random number generator according to at least one embodiment of the present disclosure;

7 shows a schematic diagram of a computer device according to at least one embodiment of the present disclosure;

FIG. 8 shows a schematic diagram of a cache according to at least one embodiment of the present disclosure;

FIG. 9 shows an exemplary cache structure according to at least one embodiment of the present disclosure;

Fig. 10 shows a schematic diagram of another exemplary cache according to at least one embodiment of the present disclosure.

FIG. 11 shows a flow chart of a memory access instruction involving a memory mark according to at least one embodiment of the present disclosure;

Fig. 12 is a schematic block diagram of an electronic device provided by at least one embodiment of the present disclosure.

detailed description

In order to make the purpose, technical solutions and advantages of the embodiments of the present disclosure clearer, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below in conjunction with the accompanying drawings of the embodiments of the present disclosure. Apparently, the described embodiments are some of the embodiments of the present disclosure, but not all of them. Based on the described embodiments of the present disclosure, all other embodiments obtained by persons of ordinary skill in the art without creative effort fall within the protection scope of the present disclosure.

Unless otherwise defined, the technical terms or scientific terms used herein shall have the usual meanings understood by those having ordinary skill in the art to which the present disclosure belongs. "First", "second" and similar words used in the present disclosure do not indicate any order, quantity or importance, but are only used to distinguish different components. Likewise, "comprising" or "comprises" and similar words mean that the elements or items appearing before the word include the elements or items listed after the word and their equivalents, and do not exclude other elements or items. Words such as "connected" or "connected" are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "Up", "Down", "Left", "Right" and so on are only used to indicate the relative positional relationship. When the absolute position of the described object changes, the relative positional relationship may also change accordingly.

In order to deal with the memory security problem faced by the computer, multiple embodiments of the present disclosure provide a marked memory solution, which uses the marked memory and the fine-grained memory protection provided, for example, through software and hardware co-processing to protect the memory of the computer. Access to protect computer systems at a lower cost to mitigate or avoid threats from memory security violations.

FIG. 1 shows a schematic diagram of memory spaces in a computer device including secure memory spaces and non-secure memory spaces. In the marked memory solution provided by at least one embodiment of the present disclosure, as shown in FIG. 1 , the memory space 10 of the computer system includes a secure memory space 100 and a non-secure memory space 200, for example, the memory space 10 of the computer system is divided into secure memory Space 100 and non-secure memory space 200.

In the secure memory space 100, the corresponding memory space is divided into a plurality of memory subspaces 101_n etc. according to a predetermined size, and each memory subspace 101 is marked and given a memory label (label), so the secure memory space 100 is in this It is also referred to as "marked memory space" or "marked memory" in the public, that is, a memory space that has been given a memory mark.

As shown in FIG. 1 , in the secure memory space 100 , a label La1 is given to the memory subspace 101_1 , a label La2 is given to the memory subspace 101_2 , . . . . Thus, the memory subspaces 101_1, 101_2, etc. have a mapping relationship with the corresponding memory tags La1, La2, etc., that is, one or more memory addresses pointing to the memory subspace 101_1 have the mapping relationship with the corresponding memory tag La1, One or more memory addresses pointing to the memory subspace 101_2 have the mapping relationship with the corresponding memory label La2,  … .

The values of the memory tags La1, La2, etc. are obtained based on random numbers, for example, and the default initialization value of each memory tag is 0; for example, the values of the tags of at least adjacent memory subspaces are different from each other, or within a predetermined space size range ( For example, in an address segment composed of consecutively adjacent 4, 8, 16, etc. memory subspaces), the values of the memory tags of each memory subspace are different from each other, or, for example, the tags of all memory subspaces in the secure memory space The values for are all different from each other (although this requires memory for the large number of possible values for the tag itself). In the non-secure memory space 200 , it is the same as the conventional memory space, neither divided by share nor marked.

The minimum granularity of the secure memory space 100 (that is, the predetermined size of a memory subspace 101_n, also referred to as "label granularity" (LG, Label Grain)) can be selected according to needs, for example, it can be determined according to the hardware specifications of the processor, for example , the minimum granularity of the memory space can be set to one word, or can be set to 2 words, 4 words, 8 words, etc., for example, the minimum granularity can be set according to the cache line (cache line or cache block) to set, for example set to be equal to the size of the cache line, or set to 1/2 the size of the cache line, or set to the size obtained by the size of the cache line × way (way) (a group in the cache ( set)); the minimum granularity is usually 2 ⁿ times the size of a word (n is an integer greater than or equal to 0).

In at least one embodiment of the present disclosure, physical address mapping is used between the tag memory and the memory tag. This mapping method can limit tag metadata to a fixed proportion of available memory, for example, physical address 0x8000000 corresponds to tag 0x1, 0x8000008 corresponds to tag 0x2, .... The virtual address is translated by the memory management unit (MMU) of the processor to obtain the physical address, and the reading and writing of the memory tag is based on the physical address.

The marking granularity of the secure memory space of the computer system can be fixed, or can also be flexibly set according to needs; the marking granularity is saved in a predetermined location or a predetermined register in the system, for example, to be called by the processor as needed during operation. The size of the storage space occupied by the memory tag itself (that is, the tag size (LS, Label Size) or tag width) is determined according to the number of possible values of the tag itself, for example, it can be set to 5 bits (bit) (for example , which corresponds to 31 non-zero tag values, others similar), 6 bits, 1 byte (i.e. 8 bits) or 2 bytes (i.e. 16 bits). The size of the memory tag is usually fixed during the running of the system, or in some embodiments, the size of the memory tag can also be set according to needs; the size of the tag is stored in a predetermined location or a predetermined register, for example, for the processor Called when needed.

For example, in at least one embodiment of the present disclosure, a security register (SEC register) is set, and the security register is set as a control and status register (CSR) for controlling hardware such as Runtime. This register is used to hold the security switch (XS) for tag matching in the system as well as tag granularity (LG) and tag memory granularity (LS). For example, the minimum marking granularity is 4 bits, and a total width of 2 bits is designed, and finally a marking granularity of 4+2 ^sec[LG] is obtained; the minimum marking memory granularity is 8 bytes. In the embodiments of the present disclosure, various mark granularities, mark memory granularities, and security switches may be rewritten and set during hardware generation and/or subsequent program Runtime.

For example, the XS field in the SEC register has a 2-bit width, and the specific meaning is shown in Table 1 below. The XS field in the register can only be used in M mode (Machine Mode, machine mode) and S mode (Supervisor Mode, monitoring mode). access. When a process in the system performs a context switch, it is necessary to check the XS field of the SEC register to quickly determine whether the state needs to be saved or restored.

Table 1

state meaning 0 Security extensions are not enabled 1 Security extensions are enabled but all states are initial 2 Registers may have non-initial values, but these values were saved before 3 register has an unsaved value

As shown in Figure 1, for the multiple memory tags allocated by the secure memory space 100, another memory space can be opened up separately (that is, independent of the secure memory space 100 and the non-secure memory space 200) in the memory as a storage tag Alternatively, a tag store 300 can be provided independently of the memory, for example, the memory uses a dynamic random access memory (DRAM), and the tag store 300 can use a static random access memory (SRAM). For example, the tag store 300 has a plurality of tag entries, and each tag entry is aligned with each memory subspace in the secure memory space 200 . It should be pointed out that, in the first case above, the physical addresses of these tag items in the tag storage 300 do not need to be continuous.

In the embodiments of the present disclosure, for example, each memory space in the secure memory space can be marked with a custom instruction, and the memory addresses, pointers, etc. Collectively referred to as "memory access address") to mark, that is, to mark the memory address, pointer, etc., this memory mark given to the memory access address can also be called "safety mark". Figure 2 shows a schematic diagram of pointers used in embodiments of the present disclosure. As shown in FIG. 2 , the pointer Px includes the corresponding effective address Addrx, and the pointer Px also includes the assigned memory label Lax.

In a computer system (such as a processor), memory addresses, pointers, etc. are classified into safe (memory flags are not 0) and non-safe (memory flags are 0) by identifying whether the memory flags corresponding to memory addresses, pointers, etc. are 0, Also distinguish safe space from non-safe space. For example, when setting a program to run in a secure memory space (such a program can be called a "safe program"), the system can create a secure memory space when starting the process of the program, and access to the program The memory address, pointer, etc. used by the store instruction, etc. are assigned the memory tag corresponding to the target address, and then when the memory address, pointer, etc. are used, the memory tag assigned to the memory address, pointer, etc. is obtained from the target address corresponding to the safe memory space Compared with the memory tags of the attackers, it can be judged whether the memory addresses, pointers, etc. have been modified by the attacker and illegally accessed addresses that should not be accessed, thereby improving the security of the computer system.

Fig. 3 shows a flow chart of using the memory tag of the embodiment of the present disclosure to protect the access to the memory space. As shown in Figure 3, the process of protecting access to the memory space includes:

Step 310, obtaining the target memory address to be accessed by the marked memory access address;

Step 320, using the memory access address to request memory access;

Step 330, extracting the memory tag of the memory access address itself, and obtaining the memory tag of the accessed target memory address, and comparing the two memory tags to determine whether they match;

Step 340, if the two match, perform subsequent operations, access the target memory address and feedback that the memory access is successful;

Step 350, if the two do not match, the processing is terminated and exception processing is performed.

The exception handling includes alarming, etc., which are not limited in the embodiments of the present disclosure. Whether there is a memory safety violation is detected through the tag matching process shown in FIG. 3 , thereby improving the security of the computer system.

In conjunction with FIG. 3 , referring again to FIG. 2 , when the pointer Px is used to access the corresponding target address Addrx, the memory mark Lax of the pointer Px itself assumes that the target address is located in the memory subspace 101_1 and the memory mark of the target address is La1, then obtain the memory label Lax and the memory label La1 respectively, compare the memory label Lax and the memory label La1, if the two match, you can perform subsequent operations, if they do not match, stop processing and return an exception.

The memory tag assigned to the memory address, pointer, etc. can be stored separately, or the memory tag can be integrated with the memory address, pointer, etc., for example, by multiplexing the redundant bits in the memory address set by the system to save each memory address , pointers and other corresponding memory tags. For example, in a 64-bit processor architecture, the system bit width is 64 bits (bit), but the virtual address in the system usually does not use all 64 bits; for example, the virtual address in the RISC-V instruction set usually uses sv32, sv39 and sv48 has three paging modes, so in a 64-bit system, in the above three paging modes, the lower 32 bits, lower 39 bits and lower 48 bits of the virtual address record all effective addresses (page table number + page offset) . Therefore, in the virtual address of the system, there are useless bits in the high bits (for example, these useless bits are usually 0), while the low bits have already recorded all valid address information. Therefore, the memory mark corresponding to the address can be recorded by using the high-order margin in the virtual address in the 64-bit architecture.

Fig. 4 shows an example of a memory address including a memory tag according to at least one embodiment of the present disclosure; as shown in Fig. 4, an address includes a high part and a low part, for example, for a 64-bit address, if corresponding In the sv48 paging mode, you can select the high part as the highest 16 bits (ie [63:48]), and the rest of the low part as the lowest 48 bits (ie [47:0]). For example, all or part of the high part is used to record the memory mark, for example, select 8 bits in the highest 16 bits as the memory mark bit, for example, select [63:56] as the memory mark bit to record the corresponding memory mark; the low part It is used to record the effective address, and the effective address part has ⁴⁸ bits in total, corresponding to a memory space of up to 248 bytes in theory.

For example, the memory access address or pointer is marked as 0 by default, which is used to access the non-safe space; mark. In the micro-architecture of the processor, by identifying whether the memory flag bits of an access address or pointer are all 0, memory addresses, pointers, etc. are divided into those used for safe memory space (flags other than 0) and those used for non-safe memory. In the memory space (the flags are all 0), these two types cannot be mixed, that is, the access address or pointer used for the safe memory space cannot be used to access the non-safe memory space, and vice versa. Furthermore, in at least one example, the memory flags recorded in the high bits of the virtual address not only cannot be all 0s, but also cannot all be 1s.

As mentioned above, in the embodiments of the present disclosure, memory tags in the system are operated by one or more customized tag memory instructions, for example, these tag memory instructions include generating tags, storing tags, reading tags , granting tags, accessing instructions, modifying tags, etc., for example, accessing instructions include using memory addresses with memory tags, pointers, etc. to access memory, and are used to read data from the target address in the memory or store data to the target address .

The safety program uses the marked memory instruction to protect the safe memory access address, safe pointer (referring to the marked memory address, pointer, etc.) Custom tagged memory instructions, but cannot be created and modified by conventional non-labeled memory instructions.

At least one embodiment of the present disclosure provides at least six self-defined extension instructions as shown below, and FIG. 5 shows the binary encoding format of the six exemplary operation instructions. For example, these exemplary operation instructions conform to the instruction format requirements in the RISC-V standard, with a total of 32 bits, where:

[6:0] is the opcode field of the instruction;

The rd field is the destination register;

The rs2 field is the second source register;

The rs1 field is the first source register;

·[14:12] indicates the 3-digit function code for the funct3 field;

·Offset[11:0] or Offset[11:5] represent the immediate data needed to calculate the address.

In the embodiments of the present disclosure, these marked memory instructions are not limited to the instruction format shown in FIG. 5 , and corresponding instruction formats may be used in other instruction sets (ISAs) different from RISC-V.

The specific functions of these six mark memory instructions are as follows, here the total length of the address (system bit width) is set to xLen bits, and the highest bit [xLen-1:xLen-LS] in the virtual address is selected to record the memory mark .

IRL (Insert Random Label, Insert Random Label): Write the label value generated by a random number generator (such as a hardware random number generator) into the high bit x[rd][xLen-1:xLen-LS] of the destination register (that is, the memory flag), and the low bit x[rd][xLen-LS-1:0] of the destination register is set to 0, and the value of the final destination register is written back by the execution unit of the pipeline.

LDL (Read Label, Load Label): Read eight bytes from the memory address x[rs1]+sign-extend(offset), and write to the destination register x[rd]. At this time, the high address x[rs1][xLen -1:xLen-LS] has been stripped in the memory address calculation unit, stored in the micro-op code in the decoding stage, and the matching check of the memory tag is performed in the write-back stage.

SDL (store label, Store Label): store the label in the second source register x[rs2] (obtained by stripping x[rs2][xLen-1:xLen-LS] in the memory address calculation unit) into the memory address x[ rs1]+sign-extend(offset) corresponds to the tag item, that is, the tag value or 0 value generated by a hardware random number generator is bound to the memory address.

SDDL (store data in the tag memory, Store Data Label): first check whether the tag retrieved by the memory address x[rs1]+sign-extend(offset) is the same as the tag carried by the instruction (stored in the micro-operation, at x[ rs1] address is calculated and enters the memory address calculation unit to perform stripping) matching. If the mark matching is successful, store the content of the second source register x[rs2] into the memory address x[rs1]+sign-extend(offset).

MVL (Move Label): Splice the label value generated by a random number generator (such as a hardware random number generator) with the value of the low bit x[rs1][xLen-LS-1:0] of the first source register , the spliced value is sent to the destination register x[rd], and the value of the final destination register is written back by the execution unit of the pipeline.

ADDL (additional label, Add Label): realize the inheritance and transfer function of the pointer, used to copy and transfer the high-order label bit of the pointer, by stripping the high-order x[rs1][xLen-1:xLen-LS] of the first source register Splice with the low bit x[rs2][xLen-LS-1:0] of the second source register, and copy the splicing result to the destination register x[rd].

In the following, for example, the format of the command shown in FIG. 5 will be described by taking the LDL command and the SDDL command as examples.

In the example shown, the LDL instruction is encoded as an I-type instruction with an opcode (opcode) of 000001 and funct3 of 010 (indicating a read instruction) for adding the value of the rs1 register (rs1) to the sign bit The memory tag corresponding to the effective address (located in the safe memory space) obtained by the extended 12-bit immediate value (offset[11:0]) is copied to the destination register (rd).

The SDDL instruction is encoded into an S-type instruction, its opcode (opcode) is 0100011, and funct3 is 011 (representing a storage instruction), which is used to write the value of the rs2 register (rs2) and sign the value of the rs1 register (rs1) Bit-extended 12-bit immediate (offset[11:5]+offset[4:0]) at the effective address (in secure memory space).

According to at least one embodiment of the present disclosure, some exemplary application scenarios of the above six custom instructions are described as follows:

(1) For the target memory sub-area in the safe memory space, write the memory tag generated by the random number generator, for example, into the register Xd through the IRL instruction, and write the memory tag in the register Xd into the target memory through the SDL instruction In the sub-area-aligned mark item;

(2) For the memory mark written in the register Xd by the above-mentioned IRL instruction, the memory mark in the register Xd is combined with the virtual address to be marked (such as a memory access address or pointer) through the ADDL instruction, and the memory mark is written into the virtual address in the high position;

(3) For the virtual address to be marked, combine the memory mark generated by the random number generator with the virtual address to be marked through the MVL instruction, thereby assigning the memory mark to the virtual address to be marked.

(4) When there is a read or write operation to the marked memory, such as the operation of executing the LDL instruction and the SDDL instruction, as mentioned above, the system will compare the tag carried in the memory access address in the instruction with the memory access address (effective address part) to match the memory tag of the target tag memory corresponding to it, and if the match fails, an exception will be triggered, thereby falling into the exception handling mechanism and, for example, aborting the execution of the program.

(5) If the tag memory is released, for example, the execution of the process ends, the tag of the tag memory is written into a default value of 0 to reset, and the reset operation is performed by the SDL instruction.

(6) In at least one embodiment of the present disclosure, when the system is implemented, the heap allocator is modified in software, and SDL instructions are used to mark when allocating initialization memory, and at the same time set the return pointer for the allocation memory index corresponding address tag.

For example, for the following example:

Pointer P1 to be protected: 0x80000000; destination register 1 (rd1); destination register 2 (rd2); destination register 3 (rd3); destination register 4 (rd4), with the following instructions:

(1) IRL rd1, which means to generate a memory mark (0x01, assuming that LS is 8-bit wide, the same below) and store it in the destination register rd1, wherein the high-order part of the data stored in the destination register rd1 ([xLen- 1:xLen-LS]) is the generated memory mark, and the low part ([xLen-LS-1:0]) is 0, at this time the content stored in the register rd1 is rd1=0x0100_0000_0000_0000;

(2) MVL rd2 P1, which means to generate a memory mark (0x01) and write it into the high part of the pointer P1 ([xLen-1:xLen-LS]), and the low part of the pointer P1 ([xLen-LS-1 :0]) remains unchanged, and the modified pointer P1 is stored in the destination register rd2, and the content stored in the register rd2 is rd2=0x0100_0000_8000_0000 at this moment;

(3) ADDL rd3 rd1 P1, indicating that the memory mark stored in the destination register rd1 of the IRL instruction (that is, the high-order part ([xLen-1:xLen-LS])) is written into the high-order part of the pointer P1 ([xLen-LS]) 1:xLen-LS]), while the low part of the pointer P1 ([xLen-LS-1:0]) remains unchanged, and the modified pointer P1 is stored in the destination register rd3, and the content stored in the register rd3 is rd3 = 0x0100_0000_8000_0000;

(4) SDL p1 0(rd1), which means binding the memory mark stored in the destination register rd1 of the IRL instruction (that is, the high part ([xLen-1:xLen-LS])) to the address pointed to by the pointer P1;

(5) LDL rd4 0(rd3), means to read the memory tag stored in the destination register rd3 of the ADDL instruction (that is, the high part ([xLen-1:xLen-LS])) into the destination register rd4, here The content stored in the register rd4 is rd4=0x0100_0000_0000_0000.

For example, in at least one embodiment, when all secure memory spaces are allocated, when the allocated space does not meet the tag granularity of the self-defined tag memory, for example, expand according to the tag granularity of the custom tag memory , the allocated space is finally an integer multiple of the size of the custom marked memory granularity.

In the embodiments of the present disclosure, only a part of the memory space is defined as the secure memory space, so there are operations such as label matching between the secure pointer and the non-secure memory space, and between the non-secure pointer and the secure memory space. It should be noted that, in at least one embodiment, when a custom marked memory instruction uses a pointer whose memory is marked as 0 to access a secure memory space whose memory is marked as 0, it will also trigger a matching failure, thereby triggering a hardware exception, which is Because custom tag memory instructions only match against safe pointer addresses. The rest of the situation is shown in Table 2 below.

Table 2

At least one embodiment of the present disclosure provides a processor or a processor core. The processor may be a single-core processor including a single processor core or a multi-core processor including multiple processor cores. For simplicity, the following will Processors or processor cores are collectively referred to as "processors." The processor in the embodiment of the present disclosure may be used to execute the above tag memory and corresponding operations. FIG. 6A shows a schematic diagram of the framework of the processor provided in the above embodiment.

As shown in FIG. 6A , the processor 60 includes a front-end module 61 , a decoding and renaming unit 62 , a transmitting unit 63 , a register file 64 , an execution module 65 , a reorder buffer (ROB) 66 and the like.

The addresses used by the processor to execute applications are virtual addresses. When the operating system allocates memory to a process, it needs to map the used virtual address to a physical address, and the physical address is the real physical memory access address. Programs need to convert virtual addresses to physical addresses before actually accessing memory. The process of converting a virtual address to a physical address is called address translation. Processors use a Memory Management Unit (MMU) for address translation. Moreover, in order to save the time of address translation, a translation lookaside buffer (TLB) is provided for the processor core to store a part of previously used page table entries (PTE). When address translation is required, first use the virtual address to be translated to query the TLB to see if there is a required page table entry, otherwise use the virtual address to be translated to query the page table to obtain the required page table entry, through the page table entry and page By using the internal address offset, the physical address corresponding to the virtual address to be translated can be obtained. This physical address can then be used to access memory.

For example, when performing address translation on a virtual address with a memory tag, first strip off the high-order memory tag, use 0 to fill the high-order bit to obtain a modified virtual address, and then use the modified virtual address for address translation, or do not perform memory In the case of tag stripping, only the effective bits located in the lower bits are used for address translation, thereby obtaining the translated physical address, and if necessary, combining the memory tag with the physical address to obtain the physical address to be tagged.

Here, the front-end module 61 may include an instruction fetch unit, a branch prediction unit, etc. (not shown in the figure), which may be the same as front-end modules of a conventional processor, and details will not be described here.

In addition to decoding conventional instructions and renaming the registers involved in the instructions, the decoding and renaming unit 62 also includes a tag memory instruction table 621, which can be used to execute the above-mentioned custom tag memory instructions Decoding operations to obtain the micro-ops corresponding to these marked memory instructions for subsequent use by the execution units in the execution module.

The execution module 65 includes various execution units, for example, a memory access unit (load/store unit, LSU) 651, a label generation unit 652, an arithmetic logic unit (ALU), a multiplication unit (MVL), etc., which are respectively used to perform memory access operations , Flag generation operations, arithmetic logic operations, multiplication operations, etc.

FIG. 6B shows a schematic diagram of a marker generating unit according to at least one embodiment of the present disclosure. In the embodiment of the present disclosure, as shown in FIG. 6B , the mark generation unit 652 includes a random number generation subunit 6521 and a mark qualification detection subunit 6522, which are used to execute the above-mentioned IRL, MVL and other instructions to generate memory marks. tag value.

The random number generating subunit 6521 is, for example, a random number generator, and the random number generator is a hardware random number generator (Hardware Random Number Generator, HRNG). FIG. 6C shows a schematic diagram of a hardware random number generator according to at least one embodiment of the present disclosure. As shown in Figure 6C, for example, in at least one example, the hardware random number generator includes: an oscillation ring (COR, Chained Oscillation Ring) based on an inverter chain, a flip-flop array, an XOR array and an output unit; in Figure 6C The output unit includes four output ports [0]~[3]. Embodiments of the present disclosure do not limit the implementation manner and specific structure of the random number generator.

For example, the hardware random number generator 6521 can have at least one random number generation source, for example, two random number generation sources, and these two random number generation sources are respectively COR and a flip-flop Uncertain output due to metastable state during sampling. Due to the influence of process, temperature, voltage, etc., the output of COR circuit has a certain fluctuation with time, and is in an indeterminate state. Moreover, the output of the COR circuit is used as the input of the flip-flop array, which cannot maintain the setup time and hold time required for the normal operation of the flip-flop, so the flip-flop finally works in a metastable state, and the output of the flip-flop is in a non-human controlled random status value. The sampling point of the hardware random number generator contains at least one oscillation region, so the output data can guarantee its randomness.

The flag qualified detection subunit 6522 performs matching verification on the true random value generated by the hardware random number generator 6521. If the obtained random value is 0, a new random number needs to be regenerated, and then the matching verification is performed on it. If the matching verification is passed, the tag generation unit 652 may send a valid (valid) signal, indicating that the obtained random number can be used for memory tags. The aforementioned matching verification ensures that zero (0) memory tags will not be generated, that is, the memory tags are all non-zero, thus making the non-memory tag (non-safe) memory address and the effective part of the memory address and the memory tag The (safe) memory address when integrated into one is different. Furthermore, in at least one example, in addition to detecting whether the flag is 0 as described above, the flag qualification detection subunit 6522 also detects whether each bit of the generated flag is 1, and if so, it is also set to match verification Fail.

In at least one embodiment of the present disclosure, the memory access unit (LSU) 651 is used to execute conventional memory access instructions for non-secure memory space, to read data from the target address or write data to the target address, etc. , the memory access unit 651 can access the first level (L1) data cache 67 and the second level (L2) cache 68 and so on. Memory access instructions are used to transfer data between memory and registers, for example, to perform read (Load) and store (Store) operations. For example, conventional memory access instructions in RISC-V include lw instructions and sw instructions, lb instructions and sb command, etc.

In the embodiment of the present disclosure, the memory access unit 651 is also used to execute the above-mentioned self-defined LDL instruction, SDL instruction, SDDL instruction, etc. It is used to store data into the tag memory corresponding to the target address, etc.

The execution mode of the processor in at least one embodiment of the present disclosure may be sequential execution or out-of-order execution. In the process of out-of-order execution, the processor allows multiple instructions to be sent separately to each corresponding execution unit for processing without following the instruction fetch order. A reorder buffer (ROB) is provided so that instructions executed out of order are committed sequentially. Specifically, after an instruction is decoded and renamed, it will be dispatched to the ROB, enter the launch unit (launch queue), and its status will be marked as "executing"; after the instruction is executed Afterwards, the ROB will be notified and mark the status of the instruction as "execution completed"; later, when the position of the instruction in the ROB is shifted to the head of the ROB, the instruction will be submitted (the "commit" here refers to The purpose is to modify the processor state, such as modifying the logical register file), and the result of this instruction will be "observed" externally. That is, ROB records the order of each instruction in the currently executing program, and an instruction will not be submitted immediately after execution, but will wait in ROB first, and can only be submitted after all previous instructions are submitted. The result goes to the register file. For example, in the processing pipeline of a processor core (such as a BOOM processor core), in each entry (Entry) of the reordering buffer (ROB), the state of the entry is recorded through, for example, the following status registers, such as these Status registers include (but are not limited to):

val(valid): whether the entry is valid;

bsy(busy): whether the command of this entry is being executed;

exc(exception): whether the entry is an exception;

br_mask: The instruction of this entry belongs to which branch is in prediction.

At least one embodiment of the present disclosure provides a computer device, which includes the above-mentioned processor and a multi-level cache cooperating with the processor. FIG. 7 shows a schematic diagram of the computer device of this embodiment. As shown in FIG. 7 , a computer device 700 includes at least one processor (or processor core) 710 , a first-level cache (L1 cache), a second-level cache (L2 cache) 730 , a memory 740 and a tag store 750 . The first-level cache (L1 cache) can be divided into, for example, a first-level instruction cache (L1 instruction cache) 721 and a first-level data cache (L1 data cache) 722; divided. For example, memory 740 employs DRAM and tag store 750 employs SRAM. As in the embodiment described in detail below, the L1 data cache and the L2 cache also include a part (indicated by L in the figure) for processing memory tags.

The processor 710 includes a Memory Management Unit (MMU) 711 and a Translation Lookaside Buffer (TLB) 712 for performing address translation on memory addresses, so as to translate virtual addresses into corresponding physical addresses.

Embodiments of the present disclosure do not limit the architecture of the processor (or processor core), for example, it may be a microarchitecture for RISC-V instruction set, ARM instruction set, for example, for a microarchitecture for RISC-V instruction set , may be a BOOM processor core (such as a SonicBoom processor core) and the like. In the above computer device, the L1 cache and the L2 cache are connected through the bus 701 ; the L2 cache is also connected with the internal memory and tag storage through the bus 701 . The bus 701 is, for example, a TileLink bus. The TileLink bus supports the cache coherence protocol.

In the embodiment of the present disclosure, for example, the above-mentioned LDL and SDL instructions need to read the memory tag from the tag storage 750 and write the memory tag in the tag storage 750 respectively. Similarly, in order to speed up the processing of the memory tag, it is necessary to The cache for the memory mark is provided in the level cache, for example, the memory mark is treated as a type of data. However, as mentioned earlier, the size (LS) of the memory tag itself can be chosen to be less than 1 byte (such as 5 bits or 6 bits), then the size of the memory tag is the same as the cache line (or called "cache block"). ") cannot be aligned, and the storage address of the memory tag (the storage address of the tag item) may be different from the addressing method of the secure memory space, so it is necessary to modify the conventional access logic for the L1 cache and L2 cache, which will lead to changes in system implementation. It's complicated.

At least one embodiment of the present disclosure provides a cache for a computer device. The cache cooperates with a processor and can be used for a first-level cache, a second-level cache, and the like.

According to the cache provided by at least one embodiment of the present disclosure, the cache includes a data array, a tag array and a tag array. The data array is configured to store multiple cache lines; the tag array is configured to store multiple tags; and the tag array is configured to store multiple tag lines. A plurality of cache lines, a plurality of tags, and a plurality of tag rows are in one-to-one correspondence with each other, and each tag row is used to store a second number of memory tags associated with the first number of tag storage unit items stored in the corresponding cache line , the memory tag stored in the tag row has a mapping relationship with the memory address of the associated tag storage unit item. Through this association relationship, the memory tag can provide verification and protection for the access of the associated tag storage unit item. For example, the first quantity and the second quantity may be the same or different.

In at least one embodiment of the present disclosure, for example, the data array, tag array, and tag array have the same logical organization structure.

In at least one embodiment of the present disclosure, the cache further includes at least one address decoder configured to perform an index on the data array, the tag array, and the tag according to the index recorded in the access address input to the cache. array to determine the target cache line, target tag, and target tag line in the data array, tag array, and tag array.

In at least one embodiment of the present disclosure, the at least one address decoder includes a first address decoder and a second address decoder, and the first address decoder searches the data array and the tag array according to the index, so as to The target cache line group where the target cache line is located and the target tag line group where the target tag line is located are determined, and the first address decoder searches the tag array according to the index to determine the target tag group where the target tag line is located.

In at least one embodiment of the present disclosure, the cache further includes a comparator, a first multiplexer, and a second multiplexer. The comparator is configured to compare the tag recorded in the memory access address input to the cache with the target tag group to determine whether it is a hit, and in response to the hit, provide the way number of the tag recorded in the memory access address in the target tag group; The first multiplexer is configured to output the target cache line from the target cache line group according to the way number; the second multiplexer is configured to output the target tag line from the target tag line group according to the way number.

In at least one embodiment of the present disclosure, the cache further includes a first calibrator and a second calibrator. The first aligner is configured to select the target data item from the target cache line according to the offset recorded in the access address input to the cache; the second aligner is configured to select the target data item from the target cache line according to the offset recorded in the access address input to the cache. Select the target tag item in the tag row.

In at least one embodiment of the present disclosure, the cache further includes a match detector configured to compare the first memory tag recorded in the access address input to the cache with the second memory tag recorded in the target tag entry Compare to determine if the first memory tag and the second memory tag match.

In at least one embodiment of the present disclosure, the cache further includes a data buffer and a tag buffer; the data buffer is configured to store the target data item; the tag buffer is configured to store the target tag item.

In at least one embodiment of the present disclosure, the above-mentioned cache further includes a missing state processing register, and the missing state processing register is configured to record a cache miss when an access request processed by the cache causes a cache miss, and release the cache miss after the cache miss is processed. Logged cache misses.

In at least one embodiment of the present disclosure, the cache further includes a request buffer configured to temporarily store memory access requests received by the cache, so as to wait for the cache to process the memory access requests.

In at least one embodiment of the present disclosure, the request buffer is further configured for processing memory access requests involving data, and for processing memory access requests involving memory tags.

In at least one embodiment of the present disclosure, the above-mentioned cache further includes a response buffer configured to temporarily store the response to the memory access request when the cache misses the memory access request, so as to wait for the cache to respond to the memory access request. The processing of the response.

In at least one embodiment of the present disclosure, the response buffer is also configured to process memory access requests involving data, and to process memory access requests involving memory tags.

In at least one embodiment of the present disclosure, the cache further includes at least one interface unit configured for the cache to communicate with a processor or other caches.

In at least one embodiment of the present disclosure, the cache further includes a control unit configured to: receive a memory access request, wherein the memory access request includes a memory access address, and the memory access address includes a first memory tag; in response to In the case of using the access address to query the cache hit, obtain the second memory tag corresponding to the access address from the tag array; compare the obtained first memory tag and the obtained second memory tag to determine the first memory tag and the second memory tag Whether the tag matches.

At least one embodiment of the present disclosure further provides a computer device, which includes a processor, at least one cache and memory. The at least one cache adopts the cache in any of the above-mentioned embodiments; the processor is coupled to the at least one cache; the memory is coupled to the processor and the cache and is configured to provide memory space during the operation of the computer device, wherein the The memory addresses referred to by the cache are located in the memory space.

In at least one embodiment of the present disclosure, the at least one cache includes a first-level cache and a second-level cache.

In at least one embodiment of the present disclosure, the L1 cache and the L2 cache are connected through a bus, and the bus has a flag bit for transmitting whether the current transaction is a memory tag related transaction during the operation of the computer device.

In at least one embodiment of the present disclosure, the computer device further includes a tag storage, the tag storage is coupled to the processor and the memory, and is configured to store a plurality of memory tags, wherein the plurality of memory tags stored in the tag storage The tags respectively have a mapping relationship with multiple memory addresses allocated in the memory space.

In the computer device of at least one embodiment of the present disclosure, the processor includes a flag generating unit configured to generate a random value for a memory flag according to an instruction input to the processor during operation of the computer device.

At least one embodiment of the present disclosure further provides an operation method of the above-mentioned cache, the operation method includes: receiving a memory access request, wherein the memory access request includes a memory access address, and the memory access address includes a first memory tag; In the case of a memory address query cache hit, the second memory tag corresponding to the memory access address is obtained from the tag array; the first memory tag obtained and the second memory tag obtained are compared to determine whether the first memory tag and the second memory tag are match.

Fig. 8 shows a schematic diagram of a cache according to an embodiment of the present disclosure. As shown in FIG. 8 , the cache 80 includes a data array (data array) 81 , a tag array (tag array) 82 and a label array (label array) 83 .

In one example of this embodiment, the three arrays have the same logical organization structure and correspond to each other, for example, for each item in the data array, there is a corresponding item in the tag array, and there is a corresponding item in the tag array. of an item. For example, the logical organization structure of the data array can be direct associative mapping, group associative mapping or full associative mapping, then correspondingly, label array 82 and tag array 83 can be direct associative mapping, grouping associative mapping or full associative mapping. Associative mapping method.

In the description below, group associative mapping is taken as an example for illustration. Embodiments of the present disclosure do not specifically limit the structure of the packet associative mapping, for example, each set (set) may include 2 ways, 4 ways, and so on. Figure 8 shows the logical organizational structure for 2-way groups, each group in the data array has two cache lines (for example, cache lines 811, 812), corresponding to 2-way W1 and W2 respectively; correspondingly, each label The set has two tags (e.g., tags 821, 822) corresponding to 2-way W1 and W2 respectively and two cache lines (e.g., cache lines 811, 812); correspondingly, each tag line has two Memory tag lines (eg, tag lines 831, 832) respectively correspond to 2-way W1 and W2 and respectively correspond to two cache lines (eg, cache lines 811, 812).

For example, the size of a cache line can be 32 bytes or 64 bytes, and a memory block in the memory is also 32 bytes or 64 bytes accordingly, and the secure memory subspace in the secure memory space is aligned with the memory block. Depending on the tag granularity (LG) of the tagged memory, the number of memory tags in each tag row in the tag array may vary; for example, when the size of the cache line is 64 bytes and the tag granularity of the secure memory space is also 64 Bytes, each cache line stores a tag storage unit item corresponding to a secure memory subspace (that is, a memory space with a tag granularity size), and correspondingly only includes one memory tag in each tag line; when the cache When the line size is 64 bytes and the tag granularity is 32 bytes, each cache line stores two tag storage unit items corresponding to the secure memory subspace, correspondingly, each tag row includes two memory tags, The tag storage unit items corresponding to the first 32 bytes in the corresponding cache line and the tag storage unit items corresponding to the last 32 bytes respectively.

In another example of this embodiment, the data array and the label array have the same logical organization structure, however the label array and the data array do not have the same logical organization structure but still correspond to each other, for example, for each item in the data array , there is a corresponding item in the labels array and a corresponding item in the tags array. For example, the logical organization structure of the data array 81 is group-associative mapping, while the logical organization structure of the tag array 83 may adopt a direct associative mapping method. Each tag line in the tag array corresponds to a group in the data array, and each tag row includes only one memory tag. In this case, the size of the tag granularity is equal to the size of the cache line × way (way) For example, when the size of the cache line is 64 bytes and the data array 81 adopts the logical organization structure of 2-way group, the marking granularity is 64*2, that is, 128 bytes, that is, two in the same group in the data array The cache lines are all mapped to the same memory tag, and each cache line stores 1/2 tag storage unit entries. In this embodiment, the logical organization structure of the tag array 83 may adopt a group-associated mapping method, except that multiple tag rows in a group are identical to each other.

As mentioned above, in different embodiments of the present disclosure, the number of tag storage unit items stored in the cache line (the first number) is the same as the number of tag items (memory tags) stored in the tag line (the second number) or different.

Figure 9 shows the structure of an exemplary cache according to at least one embodiment, the cache 90 includes a data array 91, a tag array 92 and a tag array 93, all three having a logical organization of packet associative mapping, for example, as described above structure, or data array 91 and tag array 92 have a logical organization of group-associative mapping while tag array 93 has a direct-adjacent mapping. This cache 90 also includes two address decoders 941 and 942, two multiplexers (Mux) 951 and 952, two aligners (Aligner) 961 and 962, a comparator 98, and a match detector (Check) 99 .

The address decoder 941 is used for the data array 91 and the tag array 93, and the address decoder 942 is used for the tag array 92. These two address decoders decode the same input (ie, the index described below). In other examples, the two address decoders can also be combined into a single address decoder that provides decoded output to the data array, tag array, and tag array simultaneously. The address decoders 941 and 942 retrieve the data array, tag array, and tag array according to the index recorded in the access address input to the cache 90, so as to determine the target cache line and target tag in the data array, tag array, and tag array. and the target tag line. More specifically, the address decoder 941 retrieves the data array and the tag array according to the index to determine the target cache line group where the target cache line is located and the target tag line group where the target tag line is located; The tags array is searched to determine the target tag group in which the target tag is located.

The comparator 98 is used to compare the label (tag) recorded in the access address of the input with a plurality of labels in the target label group retrieved from the label array according to the input (ie index), respectively, so as to determine whether the cache hits (CacheHit ) or cache miss (Cache Miss), if the cache hits, provide the way number of the tag recorded in the access address in the target tag group (for example, way W1 or way W2 shown in FIG. 8 ).

The multiplexer 951 is used in the data array 91 to output the target cache line from the target cache line group of the data array 91 according to the input selection signal (ie, the above-mentioned way number); the multiplexer 952 is used in the tag array 93 to output the target cache line according to the The input selection signal (ie, the above-mentioned way number) outputs the target mark row from the target mark row group of the mark array 93 .

The calibrator 961 is used for the data array 91 to select in the target cache line selected in the data array 91 according to the offset recorded in the access address to obtain the target data item, and the selection result is stored in the data buffer (DataBuffer ) 971; the calibrator 962 is used for the label array 93, to select again according to the offset in the target label row selected in the label array 93, to obtain the target label item, and the selection result is stored in the label buffer (Label Buffer) 972 .

Since the cache line and tag line must be organized in the same way, the aligner 961 and aligner 962 do not necessarily use the same offset. For example, in one example, the size of the cache line is 64 bytes (comprising 8 words on a 64-bit system), the tag granularity of the secure memory space is also 64 bytes, and each cache line stores 1 tag storage unit Item, correspondingly only 1 memory tag is included in each tag line, when the instruction set (ISA) is based on word addressing (for example, the size of the target data item is word), then the offset can be used to relocate in the cache line One of the 8 words to get the target data item, and at this time there is only one memory mark in the mark line, so there is actually no need to use the offset. As another example, in another example, the size of the cache line is 64 bytes, and the tag granularity is 32 bytes, and each cache line stores 2 tag storage unit items, correspondingly, each tag line includes 2 memory tag, then the offset can be used to relocate one of the 8 words in the cache line to get the target data item, and one of the 2 memory tags in the tag line to get the target tag item.

The matching checker 99 is used to record the memory label (label) recorded in the access memory address of the input and the memory label recorded in the target label item that is retrieved from the label array according to the input (ie index) (that is, the label stored in the label buffer) memory tag) to determine whether the two match.

The cache 90 also includes a control module (or control logic, not shown in the figure), the control module is configured to control the operations of the cache space, and these operations include, for example: receiving a memory access request, wherein the memory access request includes A memory access address, where the memory access address includes a first memory tag; in response to using the memory access address to query a cache hit, obtain a second memory tag corresponding to the memory access address from the tag array; compare the acquired first memory tag with the obtained to determine if the first and second memory tags match.

Further, in the above-mentioned cache in the embodiment of the present disclosure, it is also necessary to be able to distinguish instructions with memory tags from normal instructions (ie, instructions without memory tags), thereby implementing operations corresponding to memory tags, for example, tag matching, Exception report after matching failure, etc. It should be noted that, of course, the cache in the embodiments of the present disclosure can also execute normal instructions.

The cache in the embodiments of the present disclosure may also include other circuit parts as required, and these circuit parts include, for example, valid bit arrays, prefetch units for L2 cache, directory organization, etc. For example, the valid bit arrays correspond to tag arrays, It is used to record whether the corresponding cache line is valid (for example: 1 means valid; 0 means invalid). Comparing tags is only meaningful if a cache line is valid; if it is invalid, it can be directly determined that the cache is missing. The embodiments of the present disclosure do not limit the composition, functions, etc. of other circuit parts, so details will not be repeated here.

The access to the cache uses the physical address obtained by address translation of the virtual address. For instructions that operate marked memory, after translating the virtual address with memory mark, the translated physical address and the memory mark stripped from the high bit of the virtual address are provided together (for example, combining the two to obtain the physical address with memory mark) to cache. Therefore, when the marked access address for memory access enters the cache, it will be divided into four parts: tag, index, offset, and label (the first three are obtained from the translation physical address):

The offset (offset) is used to identify which word or byte in the cache line or tag line the target data item corresponding to the memory access address and the target tag item are stored in (this depends on the instruction set used by the processor ( ISA) is word-based or byte-based);

The index (index) is used to determine which set (set) the target cache line, target tag and target tag line are stored in or should be looked up from;

The tag (tag) is used to compare with multiple tags stored in the target tag group of the tag array to determine whether the access request is a cache hit (hit) and in the case of a hit, which way (way) in the current set (set) hit;

The label (label) is used to match and compare with the memory label recorded in the memory label item of the data item corresponding to the selected memory access address in the data array in the label array in the case of a cache hit.

As shown in FIG. 9 , as described above, when the processor executes a memory access instruction, for example, when executing a read instruction and needs to access the cache, the memory access instruction uses the marked memory access address to secure memory The marked physical address is obtained after address translation, and the marked physical address is split into a label, a tag, and an index when it enters the cache. ), offset (offset), the mark is sent into the matching checker 99, the label is sent into the comparator 98, the index is sent into the address decoder 941 and the address decoder 942; the offset is sent into the calibrator 961 and the calibration device 962.

As mentioned above, the address decoder 411 and the address decoder 9422 decode the index to obtain the groups (set) that need to be selected respectively in the data array 91, the tag array 92 and the tag array 93; the data array 91 and the tag array The contents of the selected groups in the array 93 are respectively sent to the multiplexer 951 and the multiplexer 952, and the contents of the selected groups in the tag array 92 are respectively sent to the comparator 98, and the comparator will access the address After the label of itself is compared with a plurality of labels in the selected group in the label array 92 respectively, if the comparator 98 determines that the label of itself in the memory access address is identical to a certain label in the selected group in the label array 92 ( That is, a cache hit), then in the case of a hit, the way number of the way where the tag being hit is located is output, and the comparator 98 sends the way number to the multiplexer 951 and the multiplexer 952 as a selection signal, if different (that is, a cache miss), the miss signal is returned.

When the comparator determines a hit, the multiplexer 951 and the multiplexer 952 select the corresponding way in the selected group in the data array 91 and the tag array 93 according to the selection signal (ie, the way number) output by the comparator. The cache lines and tag lines in the output are correspondingly output to the aligner 961 and the aligner 962 respectively.

The calibrator 961 and the calibrator 962 respectively select the target data item and the target tag item in the cache line and the tag line output by the multiplexer 1 and the multiplexer 2 according to the offset, and store them in the data buffer respectively 971 and tag buffer 972.

Matching checker 99 compares the label (label) received with the label stored in the label buffer 972 to determine whether the two match, and in the case of matching, a signal of successful matching is fed back to the processor, otherwise in the case of no match , feedback signal of matching failure. The processor reads the data items in the data buffer 971 according to the signal of matching success, or enters into exception processing according to the signal of matching failure.

The cache of the embodiment of the present disclosure is compatible with the memory access operation of the conventional non-marked memory access address, and the non-marked memory access address does not have a mark part, so correspondingly, the mark array 93, the multiplexer 952, and the calibrator in the cache 962. The tag buffer 972 and the matching checker 99 are not activated, so they do not participate in the caching process. And, in the process of using the above-mentioned cache, the replacement strategy adopted when using the most recently accessed data to fill multiple items of the cached data array may include recently used (Least Recently Used, LRU), least frequently used (Least- Frequently Used (LFU), etc. Correspondingly, the same strategy is adopted when filling multiple items of the tag array in the cache, and the embodiments of the present disclosure do not limit the specific adopted strategy.

Moreover, when a write cache is required for executing a store instruction, for example, various write strategies may be adopted, including write through, post write, and write back. Among them, in the write-through mode, when the processor writes data to the cache, it also writes a copy to the memory at the same time, so that the data in the cache and the memory are consistent; in the write-behind mode, when the processor updates the cache data, the updated The data is written into an update buffer, and the updated data is written into the memory at an appropriate time to update the memory; in the write-back mode, when the processor writes data to the cache, the updated data is only written to the cache, and then only written to memory when the modified cache line is replaced.

Moreover, when writing object data to the cache, if there is a cache miss during the write operation, there are two processing methods at this time. The first method is write allocation (Write allocate). The object data at the write address is read from the memory into a cache line in the cache, and then the write operation is executed (or woken up) again. At this time, the query cache must be Cache hit, and then write the object data in the corresponding cache line. The second method is the No-write allocate method. This method does not read the object data written to the address into the cache, but directly writes the object data into the memory. Therefore, after this method is executed, the cache does not A copy of the object's data.

If there are only data arrays, tag arrays, tag arrays, etc. in the cache, then the cache will not be able to accept new cache misses (such as read or store misses) when encountering cache misses (or request misses), such caches are It's called a blocking cache. Blocking the cache in an out-of-order processor will prevent the memory access unit (LSU) from issuing more storage or read access requests to it, thus affecting the operating speed of the entire processor.

For this purpose, a Miss Status Holding Register (MSHR) may be added to the cache. A cache with MSHR can accept multiple cache misses pending and is therefore called a non-blocking cache. When an access request causes a cache miss, MSHR will record the cache miss in an item, and the cache can continue to respond to other access requests. After the cache miss is processed, the MSHR item will be released. MSHR is usually implemented by filling buffers.

Fig. 10 shows a schematic diagram of another exemplary cache according to at least one embodiment of the present disclosure. As shown in Figure 10, this cache memory 50 also comprises control unit 51, missing state processing except having the structure of cache memory as shown in Figure 9 (for example data array, tag array, tag array (not shown in the figure)). A register (MSHR) 52 , a request buffer (RequestBuffer) 53 , a response buffer (Response Buffer) 54 , an interface unit 551 and an interface unit 552 .

In at least one example, the cache 50 shown in FIG. 10 can be used as a first-level cache or a second-level cache. In the case that the cache 50 is implemented as a first-level cache (ie, a first-level data cache), the interface unit 551 is used to communicate with the processor, and the interface unit 552 is used to communicate with the second-level cache; when the cache 50 is implemented as a second-level cache , the interface unit 551 is used to communicate with the first level cache, and the interface unit 552 is used to communicate with the next level cache (such as the third level cache (L3 cache)) or memory and tag storage (the situation without L3 cache). As mentioned above, the caches are connected through a TileLink bus, for example.

Any memory access instruction with a memory mark will make an access request to the second-level cache through the bus after a cache miss occurs during the access to the first-level cache. Therefore, the communication bus between the first-level cache and the second-level cache has at least Some ports are also modified and encapsulated accordingly to match the operation of the memory tag memory access instruction. For example, the bus between caches (such as between the first-level cache and the second-level cache) provides an is_lable flag that identifies whether the current data is normal data or tagged data. For example, when the is_lable flag is high ("1"), it means The currently processed object is marked data, otherwise it indicates that the currently processed object is normal data.

The control unit 51 is the control module of the cache, which is used to control the operation of the cache space, these operations include but not limited to conventional processing of memory access requests, writing back, filling, implementing the consistency protocol, etc., and can also distinguish memory tags Instructions and normal instructions (that is, instructions without memory tags) implement operations corresponding to memory tags. For example, when processing a memory access request, the control unit compares the data read request/tag read request with the tags corresponding to each cache line or tag line currently cached according to a received data read request/tag read request to determine Whether the requested data/tag is in the cache, if the requested data/tag is in the cache, the corresponding data/tag is returned, if the requested data/tag misses the cache (that is, the cache is missing), the The data read request/tag read request is filled in the MSHR and waits for the requested data/tag to be returned.

The request buffer 53 is used to temporarily store memory access requests received by the cache from the previous level (such as processor or level 1 cache, etc.) to wait for the cache to process, thereby avoiding request back pressure caused when there are many requests. The response buffer 54 is used to temporarily store, for example, the response to the memory access request received from the next level (such as the second level cache or the third level cache, etc.) For the processing of the response, data back pressure caused when there are many responses can thus be avoided.

For example, the request buffer 53 and the response buffer 54 can be used for both normal data request processing and request processing involving memory tags. For example, the request buffer 53 and the response buffer 54 may store normal requests and requests involving memory marks in different queues, or store them in the same queue.

After receiving the response to the memory access request from the latter stage, the second-level cache judges whether it is normal data or a memory mark to return by, for example, the attributes of the memory access request stored in the response buffer 54, and then returns the returned data or The memory tag is written to the corresponding location in the data array or tag array.

At least one embodiment of the present disclosure provides a computer device, the computer device includes a first-level cache, a second-level cache, etc., for example, the first-level cache is implemented as the above-mentioned exemplary cache, or the second-level cache is implemented as the above-mentioned exemplary cache , or both the first-level cache and the second-level cache are implemented as the above-mentioned exemplary cache, thereby realizing the protection of the memory space and improving the security of the system.

An embodiment of the present disclosure also provides a memory access method for a computer device, where the computer device includes a memory, and the memory access method includes: receiving a memory access request, wherein the memory access request is used to store object data in the memory access request The target address in the memory pointed to by the memory access address involved, the target address has a mapping relationship with the first memory mark, and the memory access address includes the second memory mark; use the memory access address to obtain the first memory mark; compare the obtained first memory mark and the second memory tag acquired from the memory access address; in response to the comparison result indicating that the first memory tag matches the second memory tag, storing the object data to the target address, otherwise triggering an exception. For example, the memory access method corresponds to the process of executing the above SDDL instruction.

In the memory access method of at least one embodiment of the present disclosure, the memory access address is composed of a high-order part and a low-order part, the second memory mark is stored in the high-order part, and the effective address of the memory access address is stored in the low-order part.

In at least one embodiment of the embodiments of the present disclosure, the above memory access method further includes: after receiving the memory access request, extracting the second memory tag from the memory access address.

In at least one embodiment of the embodiments of the present disclosure, the above memory access method further includes: after receiving the memory access request, performing address translation on the memory access address to obtain the memory access physical address; wherein, using the memory access physical address to obtain the first Memory tag.

In the memory access method of at least one embodiment of the embodiments of the present disclosure, the computer device further includes a tag store, and the tag store includes a plurality of memory tags, and the memory tags have mappings with the memory addresses of the multiple tag storage unit items in the memory relationship, the multiple memory tags include a first memory tag; using the access address to obtain the first memory tag includes: obtaining the first memory tag from a tag storage according to the memory access address.

In the memory access method of at least one embodiment of the embodiments of the present disclosure, the computer device includes a cache, and the cache is configured to store the cache data and the memory tag item corresponding to the memory address of the cache data; obtain the first memory tag according to the physical address of the memory access , including: accessing the cache by using the memory access physical address, and obtaining the first memory tag from the cache.

In the memory access method of at least one embodiment of the embodiments of the present disclosure, the first memory tag is obtained according to the memory access physical address, and further includes: when the memory access physical address is used to access the cache and a cache miss occurs, using the memory access physical address The object data is read from the memory and the first memory mark is obtained, and the object data and the first memory mark are filled into the cache.

In the memory access method of at least one embodiment of the embodiments of the present disclosure, the memory access request corresponds to the first instruction, and the first instruction indicates to store the object data into the target address in the memory pointed to by the memory access address; the memory access method also includes : Decoding the first instruction to obtain multiple micro-operations corresponding to the first instruction. For example, the first instruction corresponds to the above-mentioned SDDL instruction.

In the memory access method of at least one embodiment of the embodiments of the present disclosure, the above-mentioned multiple micro-operations include: one or more first micro-operations for obtaining the second memory tag from the memory access address; using the memory access address to obtain One or more second micro-operations of the first memory tag; one or more third micro-operations of comparing the obtained first memory tag with the second memory tag obtained from the memory access address; in response to the result of the comparison indicating the first The memory tag and the second memory tag match, one or more fourth micro-operations that store the object data to the target address; in response to the result of the comparison indicating that the first memory tag and the second memory tag do not match, trigger one or more of the exception a fifth micro-operation. For example, the above one or more second micro-operations are equivalent to one or more micro-operations obtained by decoding the LDL instruction.

In the memory access method of at least one embodiment of the embodiments of the present disclosure, after the first instruction is decoded, the first instruction is filled into the reordering buffer, and multiple micro-operations are sent to the memory access unit for execution Multiple micro-operations.

In at least one embodiment of the embodiments of the present disclosure, the memory access method further includes: in response to the result of the comparison indicating that the first memory tag matches the second memory tag, modifying the state corresponding to the first instruction in the reordering buffer to Allowing the reorder buffer to commit the first instruction, wherein storing the object data at the target address includes committing the first instruction.

In at least one embodiment of the embodiments of the present disclosure, the memory access method further includes: using an execution state register to record one or more states in the plurality of micro-operations executing the first instruction.

At least one embodiment of the present disclosure provides a computer device, the computer device includes a processor and a memory, wherein the processor includes a memory access unit (LSU). The memory access unit is configured to: receive a memory access request, wherein the memory access request is used to store object data to a target address in the memory pointed to by the memory access address involved in the memory access request, and the target address has a mapping relationship with the first memory tag , the access address includes a second memory tag; using the access address to obtain the first memory tag; comparing the acquired first memory tag with the second memory tag obtained from the access address; in response to the result of the comparison indicating the first memory tag and If the second memory tag matches, the object data is stored at the target address, otherwise an exception is triggered.

In the computer device of at least one embodiment of the embodiments of the present disclosure, the memory access unit is further configured to: extract the second memory tag from the memory access address after obtaining the memory access request.

In at least one embodiment of the embodiments of the present disclosure, the computer device further includes a storage management unit (MMU), which is configured to perform address translation on the memory access address to obtain the physical address of the memory access, wherein the memory access unit is also configured Get the first memory tag for using the fetch physical address.

In at least one embodiment of the embodiments of the present disclosure, the computer device further includes a tag store, wherein the tag store includes multiple memory tags, and the multiple memory tags have a mapping relationship with the memory addresses of the multiple tag storage unit items in the memory, The multiple memory tags include a first memory tag; the memory access unit is further configured to use the memory access address to obtain the first memory tag from the tag storage.

In at least one embodiment of the embodiments of the present disclosure, the computer device further includes a cache configured to store cache data and a memory tag item corresponding to a memory address of the cache data, wherein the memory access unit is further configured to: use the memory access The physical address accesses the cache, and obtains the first memory tag from the cache.

In the computer device of at least one embodiment of the embodiments of the present disclosure, the processor further includes a decoding unit and a reordering buffer; the decoding unit is configured to decode the first instruction corresponding to the memory access request to obtain A plurality of micro-operations corresponding to the first instruction; the reorder buffer is configured to fill the first instruction in the reorder buffer after the first instruction is decoded, so as to wait for the first instruction to be executed by the memory access unit.

In the computer device of at least one embodiment of the embodiments of the present disclosure, the memory access unit is further configured to: in response to the result of the comparison indicating that the first memory tag matches the second memory tag, modify the memory corresponding to the first instruction in the reordering buffer state to allow the reorder buffer to commit the first instruction; the reorder buffer is further configured to commit the first instruction in response to the state being modified.

In at least one of the embodiments of the present disclosure, the computer device further includes an execution state register configured to record one or more states in the plurality of micro-operations executing the first instruction.

At least one embodiment of the embodiments of the present disclosure provides a processing device, including a processing unit and a memory; one or more computer program modules are stored on the memory; wherein, the one or more computer program modules are configured to be executed by the processing unit When implementing the memory access method in any one of the above embodiments.

At least one embodiment of the embodiments of the present disclosure provides a non-transitory readable storage medium, wherein computer instructions are stored on the non-transitory readable storage medium, wherein when the computer instructions are executed by a processor, the implementation of any of the above embodiments access method.

Taking the above-mentioned LDL instruction, SDL instruction, SDDL instruction and L1 cache as examples, the execution flow of the above-mentioned custom instruction in the computer device including the cache with the above-mentioned structure in the embodiment of the present disclosure will be described below.

When the processor executes an LDL instruction, it needs to read the memory label La of the memory address Ad specified in the instruction, and first perform address translation to obtain the physical address PAd corresponding to the memory address Ad, and use the physical address PAd (that is, the memory address The middle and low effective address part, and the high address x[rs1][xLen-1:xLen-LS] has been stripped in the memory address calculation unit, and stored in the micro-op code in the decoding stage) to access the L1 cache. If the cache hits, that is, the data Da corresponding to the physical address PAd has been stored in the data array of the first-level cache, and the label La corresponding to the physical address PAd has been stored in the corresponding tag array, so the data Da corresponding to the physical address PAd can be obtained. Mark La, and return the memory mark La to the processor (write to the destination register). If the cache is missing, that is, the data Da corresponding to the physical address PAd has not been stored in the data array of the first-level cache, and the label La corresponding to the physical address PAd has not been stored in the corresponding tag array, then request to the lower-level cache (ie, the second-level cache) Read the memory tag La of the physical address PAd; when the lower-level cache returns the memory tag La of the physical address PAd, and also returns the data Da corresponding to the physical address PAd, the first-level cache will return the memory tag La of the physical address PAd and the data Da. Correspondingly fill in the tag array and data array, and return the memory tag La to the processor (write to the destination register).

When the processor executes an SDL instruction, it needs to store the memory label La specified for the memory address Ad in the instruction into the label item corresponding to the memory address Ad. Taking the direct write method as an example, the address translation is first performed to obtain the memory The physical address PAd corresponding to the address Ad uses the physical address PAd (that is, the low-order effective address part of the memory address, and the address high-order x[rs1][xLen-1:xLen-LS] has been stripped in the memory address calculation unit, in The decoding stage is stored in the micro-operation code) to access the first-level cache and the tag storage (see FIG. 7 ), and write the memory tag La into the memory tag entry corresponding to the physical address PAd in the tag storage. When accessing the first-level cache, if the cache hits, the memory tag La is written into the tag array, and the item of the memory tag La in the tag array corresponds to the item of the data Da storing the memory address Ad in the data array. If the cache is missing, that is, the data Da corresponding to the physical address PAd has not been stored in the data array of the first-level cache, then the physical address PAd and its current memory mark (if the memory mark has not been allocated for the physical address PAd, the default is 0) Read into the first-level cache, create an item corresponding to the physical address PAd in the data array and tag array of the first-level cache to save the corresponding data Da and the current memory tag respectively, and then wake up the SDL instruction again to access the first-level cache, The memory label La is written into the label array, and the item of the memory label La in the label array corresponds to the item of the data Da storing the memory address Ad in the data array.

Corresponding to the above-mentioned SDDL instruction, a store instruction, such as an SB or SW instruction, is used to perform a corresponding write operation in the non-secure memory space. For the write operation in the non-secure memory space, these instructions can be executed and submitted after the source operand is ready, and the data corresponding to the source operand is written to the destination address in the memory. However, the above-mentioned SDDL instruction in the embodiment of the present disclosure will not be executed and submitted immediately after the source operand is ready, but memory tag matching must be performed first to determine whether the current write operation is a safe operation. Therefore, in at least one embodiment of the present disclosure, when decoding SDDL instructions to generate micro-operations, in addition to the conventional micro-operations of address calculation, the micro-operations of obtaining the flag in the memory address, and the micro-operation of comparing whether the flags match operations, micro-operations that write memory, micro-operations that trigger exceptions, etc. (that is, examples of the first micro-operation to the fifth micro-operation above), and an operation equivalent to the above-mentioned LDL instruction is also split. The operation includes one or The multiple micro-operations are equivalent to one or more micro-operations obtained by decoding the LDL instruction, that is, reading the memory label La corresponding to the memory address Ad specified in the SDDL instruction. Then, the memory label La can be further compared with the memory label La' carried by the memory address Ad itself specified in the instruction to determine whether the two match, and if they match, submit the execution result of the SDDL instruction, otherwise trigger abnormal.

FIG. 11 shows a flowchart of a memory fetch instruction (data storage instruction) involving a memory tag according to at least one embodiment of the present disclosure. First, the SDDL instruction is sent to the processor, and after being decoded and renamed, it enters the reorder buffer (ROB) and the launch queue to wait for execution. Set the bsy state of the entry corresponding to the SDDL instruction in the ROB to "executing" "in" to wait for submission, after the data (source operand) in the source register involved in the SDDL instruction is ready, as shown in Figure 11, in step 1101, the SDDL instruction is sent into the processor from the emission queue Memory Fetch Unit (LSU).

Then, the memory address Ad included in the SDDL instruction as the destination address is processed. At first, in step 1102, address translation is started to obtain the physical address PAd corresponding to the memory address Ad. When performing address translation, the address high bit x[rs1][xLen-1:xLen-LS] is stripped to obtain the memory label La' recorded in the memory address Ad itself, and the address low x[rs1][xLen-LS-1:0] (that is, the effective address part) to perform actual address translation, thus obtaining the translated physical address PAd with memory tags. In the address translation process, at first in step 1103, query whether the TLB (translation look-aside buffer) has a corresponding page table entry (PTE) in cache, if the TLB query is missing, you need to further query the page table to obtain the corresponding physical address PAd, first fill the page table entry obtained by querying the page table into the TLB, then in step 1104, resend the address request, re-enter the address translation process, query the TLB again, and at this time, the TLB query is hit; if the TLB query hits, Then the physical address PAd corresponding to the memory address Ad can be directly returned.

As shown in Figure 11, next, in step 1105, use this physical address PAd to carry out the micro-operation of one or more micro-instructions that are equivalent to the LDL instruction split (hereinafter described for simplicity, also referred to as "class LDL") Instruction"), that is, to obtain the memory label La corresponding to the physical address PAd according to the physical address PAd. Use the physical address PAd corresponding to this type of LDL instruction to access the L1 cache. In step 1106, if the first-level cache hits, that is, the data Da corresponding to the physical address PAd has been stored in the data array of the first-level cache, correspondingly, the tag array has also stored the memory tag La corresponding to the physical address PAd, so The memory label La corresponding to the physical address PAd may be obtained, and in step 1108, the memory label La is returned to the LSU of the processor. If the first-level cache is missing, that is, the data Da corresponding to the physical address PAd has not been stored in the data array of the first-level cache, and the corresponding tag array does not store the internal label La corresponding to the physical address PAd, then to the lower-level cache (ie, the second level) Cache) requests to read the memory label La of the physical address PAd. At this time, the second-level cache can perform operations similar to the first-level cache. If the second-level cache is still missing, it is necessary to read the corresponding memory mark La from a lower-level cache or memory. When the lower-level cache returns the memory tag La corresponding to the physical address PAd, and also returns the data Da corresponding to the physical address PAd, the first-level cache fills the returned memory tag La and the data Da of the physical address PAd into its own tag array and In the data array; in step 1107, the above-mentioned LDL instruction is resent to access the cache, and at this time the cache is hit, and in step 1108, the memory label La obtained from the cache is returned to the LSU of the processor.

Next, in step 1109, the LSU compares the memory label La' with the memory label La, and if the two are the same, it is considered that the memory address Ad to be operated by the SDDL instruction matches the target address in the memory, and the write operation is safe. There is no security violation; instead, if they are different, there is no match, and in step 1120, the processor enters exception handling. In the case that the memory label La' and the memory label La match each other, in step 1110, the processor sends a bsy state clearing operation to the ROB, that is, the bsy state of the SDDL in the ROB is changed to "completed", thus, in step In 1111, the ROB indicates that the SDDL instruction can be submitted. When the SDDL is located at the head of the ROB, the data storage operation is actually performed, that is, the source operand is written to the destination address in the memory sink (that is, the memory address Ad).

According to the adopted write operation strategy, as mentioned above, methods such as write-through, write-behind, and write-back can be used. For example, taking the write-through mode as an example, the source operand is also written into the cache (such as the first-level cache) while writing the source operand to the destination address. In step 1112, when the source operand is written into the cache, the above-mentioned physical address PAd is used to query the cache, and if the cache hits, the source operand is written into the queried cache line. At this time, there is no need to compare The stored memory mark and the aforementioned memory mark La'; if the cache is missing, the write allocation or non-write allocation can be selected as described above, for example, taking the write allocation as an example, in step 1113, the physical address is read from the memory For the data corresponding to PAd, select a free cache line in the cache or replace a non-free cache line to write the data, then wake up the SDDL instruction, and perform the above-mentioned direct write operation again, so that the physical address of the memory PAd and the cache Writes the source operand in the corresponding cache line. So far, at step 1130, the SDDL instruction in the embodiment is executed.

In at least one embodiment of the present disclosure, for the above-mentioned SDDL instruction, a status register is also provided to record the status of the instruction execution, and the register may be referred to as an executed (executed) register. For example, examples of these statuses are shown in Table 3 below:

table 3

Execution Register Flags illustrate 000 Initialization status (Invalid) 001 Instruction splitting can be sent into the cache to get the label (Get Label) 010 Failed to get the label, prepare to send again (Label Wakeup) 011 Complete tag reading (Done) 100 Wait after sending a label get request (Fired Get Label) 101 Wait after resending the request (Fired Label Wakeup)

Figure 11 also shows the value of the flag bit of the execution register (shown as "ES"), for example, when the SDDL instruction is sent into the LSU, the value of the flag bit of the execution register is b000, and in When the SDDL instruction splits into an LDL instruction, the value of the flag bit of the execution register is b001, and so on.

Through the above methods and devices, the embodiments of the present disclosure can prevent attackers from using buffer overflow or UAF to change the direction of program control flow, and finally realize malicious code segments prepared in advance and a series of similar attack methods.

For example, there are mechanisms under which an attacker can discover the tags allocated to memory, enabling non-contiguous memory accesses, arbitrary memory accesses, and use of freed memory that has been reallocated as part of the initial violation, possibly with in subsequent primitives. However, in the embodiment of the present disclosure, the given memory mark is a true random number, and an attacker cannot obtain the value of the hardware generator that generates the true random number. In the face of the freed memory space, in the embodiment of the present disclosure, the protected safe memory space mark is assigned a value of 0 through the above SDL instruction, and the memory mark of the safe pointer allocated by any program through the custom mark memory instruction is a non-zero mark value , so it can well avoid the problem of a random probability collision when the pointer accesses a long-distance unallocated data space, thereby improving the security of the system.

Although the number of tags used by the tag generation unit for random allocation is limited by the size of the tag granularity, the tag memory provides a considerable degree of probabilistic protection for various programs, and in embodiments of the present disclosure, for example, makes each tag match If it fails, the program is aborted for exception handling, and the memory mark assigned again in the new program has only a small probability in theory to be the same as the previously allocated memory mark, so the embodiment of the present disclosure greatly protects the security of the system. protect against such attacks.

Some embodiments of the present disclosure further provide an electronic device, the electronic device includes the above-mentioned computer device, the above-mentioned computer device includes the above-mentioned cache device, or can execute the above-mentioned memory access operation method.

Fig. 12 is a schematic block diagram of an electronic device provided by at least one embodiment of the present disclosure. Electronic devices in embodiments of the present disclosure may include, but are not limited to, devices such as mobile phones, notebook computers, digital broadcast receivers, PDAs (Personal Digital Assistants), PADs (Tablet Computers), PMPs (Portable Multimedia Players), vehicle-mounted terminals (such as mobile terminals such as car navigation terminals) and fixed terminals such as digital TVs, desktop computers and the like. The electronic device 1000 shown in FIG. 12 is only an example, and should not limit the functions and application scope of the embodiments of the present disclosure.

For example, as shown in FIG. 12 , in some examples, the electronic device 1000 includes a processing device, which may include the processing device of any of the above-mentioned embodiments, which may be stored in a read-only memory (ROM) 1002 according to a program or Various appropriate operations and processes are executed by programs loaded from the storage device 1008 into the random access memory (RAM) 1003 . In RAM 1003, various programs and data necessary for the operation of the computer system are also stored. The processor 1001 , ROM 1002 , and RAM 1003 are connected thereto via a bus 1004 . An input/output (I/O) interface 1005 is also connected to the bus 1004 .

For example, the following components can be connected to the I/O interface 1005: input devices 1006 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 1007 such as a computer; a storage device 1008 including, for example, a magnetic tape, a hard disk, etc.; and a communication device 1009 such as a network interface card such as a LAN card or a modem, for example. The communication device 1009 may allow the electronic device 1000 to perform wireless or wired communication with other devices to exchange data, perform communication processing via a network such as the Internet. A drive 1010 is also connected to the I/O interface 1005 as needed. A removable storage medium 1011, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is mounted on the drive 1010 as needed so that a computer program read therefrom is installed into the storage device 1008 as needed. While FIG. 12 shows electronic device 1000 including various devices, it should be understood that implementing or including all of the devices shown is not a requirement. Additional or fewer devices may alternatively be implemented or included.

For example, the electronic device 1000 may further include a peripheral interface (not shown in the figure) and the like. The peripheral interface may be various types of interfaces, for example, a USB interface, a lightning (lightning) interface, and the like. The communication means 1009 may communicate with networks and other devices by wireless communication, such as the Internet, an intranet and/or a wireless network such as a cellular telephone network, a wireless local area network (LAN) and/or a metropolitan area network ( MAN). Wireless communications can use any of a variety of communications standards, protocols, and technologies, including but not limited to Global System for Mobile Communications (GSM), Enhanced Data GSM Environment (EDGE), Wideband Code Division Multiple Access (W-CDMA) , Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), Bluetooth, Wi-Fi (e.g. based on IEEE 802.11a, IEEE 802.11b, IEEE 802.11g and/or IEEE 802.11n standards), Voice over Internet Protocol (VoIP), Wi-MAX, protocols for email, instant messaging and/or Short Message Service (SMS), or any other suitable communication protocol.

For example, the electronic device 1000 can be any device such as a mobile phone, a tablet computer, a notebook computer, an e-book, a game console, a television set, a digital photo frame, a navigator, a home appliance, a communication base station, an industrial controller, a server, or any The combination of the data processing device and hardware is not limited by the embodiments of the present disclosure.

For this disclosure, the following points need to be explained:

(1) The drawings of the embodiments of the present disclosure only relate to the structures involved in the embodiments of the present disclosure, and other structures may refer to general designs.

(2) In the case of no conflict, the embodiments of the present disclosure and the features in the embodiments can be combined with each other to obtain new embodiments.

The above are only exemplary implementations of the present disclosure, and are not intended to limit the protection scope of the present disclosure, which is determined by the appended claims.

Claims (19)

1. A cache comprising: a data array configured to store a plurality of cache lines; a tag array configured to store a plurality of tags; and marker array, configured to store multiple marker rows, Wherein, the plurality of cache lines, the plurality of tags, and the plurality of tag rows correspond to each other one-to-one, and each tag row is used to store items related to the first number of tag storage unit items stored in the corresponding cache line. The memory tags stored in the tag row have a mapping relationship with the memory address of the associated tag storage unit item. 2. The cache according to claim 1, wherein the data array, the tag array and the tag array have the same logical organization structure. 3. The cache according to claim 1, further comprising: At least one address decoder configured to retrieve the data array, the tag array, and the tag array according to the index recorded in the memory access address input to the cache, so as to determine the data array, the A target cache line, a target tag and a target tag line in the tag array and said tag array. 4. The cache of claim 3, wherein the at least one address decoder comprises a first address decoder and a second address decoder, The first address decoder retrieves the data array and the tag array according to the index to determine the target cache line group where the target cache line is located and the target tag line group where the target tag line is located , The second address decoder searches the tag array according to the index to determine the target tag group where the target tag is located. 5. The cache according to claim 3, further comprising: a comparator configured to compare the tag recorded in the memory access address input to the cache with the target tag group to determine whether there is a hit, and in response to the hit, provide the tag recorded in the memory access address in the the way number in the target label group; a first multiplexer configured to output the target cache line from the target cache line group according to the way number; and The second multiplexer is configured to output the target marker row from the target marker row group according to the way number. 6. The cache according to claim 5, further comprising: A first aligner configured to select a target data item from the target cache line according to an offset recorded in a memory access address input to the cache; The second calibrator is configured to select a target tag item from the target tag line according to the offset recorded in the memory access address input to the cache. 7. The cache according to claim 6, further comprising: a match detector, configured to compare the first memory tag recorded in the memory access address input to the cache with the second memory tag recorded in the target tag entry, to determine the first memory tag and the second memory tag Whether the two memory tags match. 8. The cache of claim 6, further comprising: a data buffer configured to hold the target data item; a marker buffer configured to hold the target marker entry. 9. The cache according to any one of claims 1-8, further comprising: The miss state processing register is configured to record the cache miss when the access request processed by the cache causes a cache miss, and release the recorded cache miss after the cache miss is processed. 10. The cache according to any one of claims 1-8, further comprising: The request buffer is configured to temporarily store the memory access request received by the cache, so as to wait for the cache to process the memory access request. 11. The cache of claim 10, wherein the request buffer is further configured for processing access requests involving data, and for processing access requests involving memory tags. 12. The cache according to any one of claims 1-8, further comprising: The response buffer is configured to temporarily store the response to the memory access request received by the cache when the cache misses the memory access request, so as to wait for the cache to process the response. 13. The cache of claim 12, wherein the response buffer is further configured for processing access requests involving data, and for processing access requests involving memory tags. 14. The cache according to any one of claims 1-8, further comprising: A control unit, wherein the control unit is configured as: receiving a memory access request, wherein the memory access request includes a memory access address, and the memory access address includes a first memory tag; Obtaining a second memory tag corresponding to the memory access address from the tag array in response to querying the cache hit using the memory access address; comparing the obtained first memory tag with the obtained second memory tag to determine whether the first memory tag and the second memory tag match. 15. A computer device comprising: At least one buffer, adopting the buffer according to any one of claims 1-14; The processor is coupled to the cache; The memory is coupled with the processor and the cache and is configured to provide a memory space during the operation of the computer device, wherein the memory address is located in the memory space. 16. The computer device according to claim 15, wherein said at least one cache comprises a level 1 cache and a level 2 cache; The first-level cache and the second-level cache are connected through a bus, The bus has a flag bit for transmitting whether the current transaction is a memory tag-related transaction during the operation of the computer device. 17. The computer apparatus of claim 15, further comprising: a tag store, coupled to the processor and the memory, and configured to store a plurality of memory tags, wherein the plurality of memory tags stored in the tag store are respectively associated with the memory tags allocated in the memory space Multiple memory addresses have the mapping relationship. 18. The computer apparatus of claim 15 , wherein the processor comprises a token generation unit, Wherein, the flag generating unit is configured to generate a random value for the memory flag according to an instruction input to the processor during the operation of the computer device. 19. A cache operation method according to claim 1, comprising: receiving a memory access request, wherein the memory access request includes a memory access address, and the memory access address includes a first memory tag; Obtaining a second memory tag corresponding to the memory access address from the tag array in response to querying the cache hit using the memory access address; comparing the obtained first memory tag with the obtained second memory tag to determine whether the first memory tag and the second memory tag match.

Images