-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathchap-isaref-x86-64.tex
310 lines (282 loc) · 9.16 KB
/
chap-isaref-x86-64.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
\chapter{The CHERI-x86-64 Instruction-Set Reference}
\label{chap:isaref-x86-64}
\newcolumntype{Y}{>{\centering\arraybackslash}X}
\newcolumntype{Z}{>{\raggedright\arraybackslash}X}
\newenvironment{x86opcodetable}{%
\tabularx{\textwidth}{| l | l | p{2.0em} | p{2.5em} | p{2.5em} | Z |} \hline
\textbf{Opcode} & \textbf{Instruction} & \textbf{Op/ En} &
\textbf{Cap Mode} & \textbf{64-bit Mode} & \textbf{Description}\\
\hline
}{%
\endtabularx
}
\newcommand{\xopcode}[6]{%
#1 & #2 & #3 & #4 & #5 & #6\\
\hline
}
\newenvironment{x86opentable}{%
\bigskip
\noindent
\tabularx{\textwidth}{| c | Y | Y | Y | Y |}
\multicolumn{5}{c}{\bfseries Instruction Operand Encoding}\\
\hline
Op/En & Operand 1 & Operand 2 & Operand 3 & Operand 4\\
\hline
}{%
\endtabularx
}
\newcommand{\xopen}[5]{%
#1 & #2 & #3 & #4 & #5\\
\hline
}
In this chapter, we specify new CHERI instructions as well as
extensions to existing instructions to support capability-sized
operands. Instructions are described using similar syntax to Volume 2
of Intel's Software Developer's Manual~\cite{intel-sdm-vol2} with a
few extensions.
An additional symbol is defined to represent object code in the
``Opcode'' column:
\begin{itemize}
\item \textbf{CAP} { }---{ } Indicates the use of the capability
operand prefix.
\item \textbf{+rc} { }---{ } Indicates the lower 3 bits of the
opcode byte is used to encode the register operand without a
modR/M byte.
\end{itemize}
Additional symbols are defined to represent operands in the
``Instruction'' column:
\begin{itemize}
\item \textbf{rc} { }---{ } One of the general-purpose capability
registers: \CAX{}, \CBX{}, \CCX{}, \CDX{}, \CDI{}, \CSI{}, \CBP{},
\CSP{}, \creg{8}-\creg{15}.
\item \textbf{r/mc} { }---{ } A capability operand that is either
the contents of one of the capability registers for \textbf{rc} or
a capability in memory.
\item \textbf{m2c} { }---{ } A pair of adjacent capabilities in
memory.
\item \textbf{mcs} { }---{ } An aligned stride of capabilities in
memory.
\end{itemize}
In addition, all of these instructions are either invalid or not
encodable in Compatibility/Legacy mode, so that column is omitted from
opcode tables. However, a new column is added to describe capability
mode support using one of the following annotations:
\begin{itemize}
\item \textbf{V} { }---{ } Supported.
\item \textbf{I} { }---{ } Not supported.
\item \textbf{N. E.} { }---{ } Not encodable in capability mode.
\end{itemize}
\clearpage
\section{Extensions to x86-64 Instructions}
This section contains extensions to existing instructions to support
capability operands. For each of these instructions, the instruction
description should be treated as an extension to the description of
the existing instruction in Volume 2 of Intel's Software Developer's
Manual. Many of the instruction descriptions in this section reuse
language from Intel's manual to highlight the similarity in semantics
between the base instructions and their CHERI extensions.
\input{insn-x86-64/add}
\input{insn-x86-64/and}
\input{insn-x86-64/call}
\input{insn-x86-64/cmov}
\input{insn-x86-64/cmp}
\input{insn-x86-64/cmpxchg}
\input{insn-x86-64/cmpxchg2c}
\input{insn-x86-64/dec}
\input{insn-x86-64/inc}
\input{insn-x86-64/jmp}
\input{insn-x86-64/lea}
\input{insn-x86-64/lods}
\input{insn-x86-64/mov}
\input{insn-x86-64/movnti}
\input{insn-x86-64/movs}
\input{insn-x86-64/or}
\input{insn-x86-64/pop}
\input{insn-x86-64/push}
\input{insn-x86-64/ret}
\input{insn-x86-64/stos}
\input{insn-x86-64/sub}
\input{insn-x86-64/xadd}
\input{insn-x86-64/xchg}
\input{insn-x86-64/xor}
\clearpage
\section{CHERI-x86-64 Instructions}
This section contains new instructions added to support operations on
capabilities. The opcode assignments in this section are tentative
and subject to change. Single byte opcodes have been used for
instructions which we believe may either be used frequently or in
frequently-accessed code paths.
\input{insn-x86-64/andcperm}
\input{insn-x86-64/buildcap}
\input{insn-x86-64/cinvoke}
\input{insn-x86-64/clctag}
\input{insn-x86-64/clctags}
\input{insn-x86-64/cpytype}
\input{insn-x86-64/cram}
\input{insn-x86-64/crrl}
\input{insn-x86-64/cseal}
\input{insn-x86-64/gcbase}
\input{insn-x86-64/gcflags}
\input{insn-x86-64/gchi}
\input{insn-x86-64/gclen}
\input{insn-x86-64/gclim}
\input{insn-x86-64/gcoff}
\input{insn-x86-64/gcperm}
\input{insn-x86-64/gctag}
\input{insn-x86-64/gctype}
\input{insn-x86-64/lctags}
\input{insn-x86-64/movcap}
\input{insn-x86-64/scaddr}
\input{insn-x86-64/scbnd}
\input{insn-x86-64/scbnde}
\input{insn-x86-64/scflags}
\input{insn-x86-64/schi}
\input{insn-x86-64/scoff}
\input{insn-x86-64/seal}
\input{insn-x86-64/sentry}
\input{insn-x86-64/unseal}
\clearpage
\section{Summary of New Opcodes}
The following new opcodes are added in 64-bit mode and are also
available in capability mode.
\bigskip
\noindent
\begin{tabular}{| l | l |} \hline
\textbf{Opcode} & \textbf{Instruction}\\
\hline
06 & Capability Operand (Prefix) \\
\hline
07 & Capability Address (Prefix) \\
\hline
0E /0 & \insnxesref{SENTRY} \emph{r/mc}\\
\hline
0E /1 & \insnxesref{CLCTAG} \emph{r/mc}\\
\hline
0E /2 & \insnxesref{CLCTAGS} \emph{mcs}\\
\hline
0E /3 & \insnxesref{GCTAG} \emph{r/mc}\\
\hline
16 \emph{/r} & \insnxesref{SCADDR} \emph{r/mc, r64}\\
\hline
17 \emph{/r} & \insnxesref{SCBND} \emph{r/mc, r64}\\
\hline
1E \emph{/r} & \insnxesref{CRRL} \emph{r64, r/m64}\\
\hline
1F \emph{/r} & \insnxesref{CRAM} \emph{r64, r/m64}\\
\hline
27 \emph{/r} & \insnxesref{SCBNDE} \emph{r/mc, r64}\\
\hline
2F \emph{/r} & \insnxesref{LCTAGS} \emph{r64, mcs}\\
\hline
37 /0 \emph{id} & \insnxesref{SCBND} \emph{r/mc, imm32}\\
\hline
37 /1 \emph{id} & \insnxesref{SCBNDE} \emph{r/mc, imm32}\\
\hline
37 /2 \emph{id} & \insnxesref{ANDCPERM} \emph{r/mc, imm32}\\
\hline
37 /3 \emph{id} & \insnxesref{SCFLAGS} \emph{r/mc, imm32}\\
\hline
EA \emph{/r} & \insnxesref{CINVOKE} \emph{rc, r/mc}\\
\hline
NP 0F 0A \emph{/r} & \insnxesref{SCHI} \emph{r/mc, r64}\\
\hline
66 0F 0A \emph{/r} & \insnxesref{SCFLAGS} \emph{r/mc, r64}\\
\hline
NP 0F 0C \emph{/r} & \insnxesref{ANDCPERM} \emph{r/mc, r64}\\
\hline
66 0F 0C \emph{/r} & \insnxesref{SCOFF} \emph{r/mc, r64}\\
\hline
F2 0F 0C \emph{/r} & \insnxesref{SEAL} \emph{r/mc, rc}\\
\hline
F3 0F 0C \emph{/r} & \insnxesref{UNSEAL} \emph{r/mc, rc}\\
\hline
VEX.LZ.0F.W0 0E \emph{/r} & \insnxesref{BUILDCAP} \emph{rca, r/mc, rcb}\\
\hline
VEX.LZ.66.0F.W0 0E \emph{/r} & \insnxesref{CPYTYPE} \emph{rca, r/mc, rcb}\\
\hline
VEX.LZ.F2.0F.W0 0E \emph{/r} & \insnxesref{CSEAL} \emph{rca, r/mc, rcb}\\
\hline
0F 24 \emph{/r} & \insnxesref[movcap]{MOV} \emph{rc,} CFS/CGS/DDC\\
\hline
0F 25 \emph{/r} & \insnxesref[movcap]{MOV} CFS/CGS/DDC\emph{, rc}\\
\hline
NP 0F 7A \emph{/r} & \insnxesref{GCPERM} \emph{r64, r/mc}\\
\hline
66 0F 7A \emph{/r} & \insnxesref{GCTYPE} \emph{r64, r/mc}\\
\hline
F2 0F 7A \emph{/r} & \insnxesref{GCBASE} \emph{r64, r/mc}\\
\hline
F3 0F 7A \emph{/r} & \insnxesref{GCLEN} \emph{r64, r/mc}\\
\hline
NP 0F 7B \emph{/r} & \insnxesref{GCFLAGS} \emph{r64, r/mc}\\
\hline
66 0F 7B \emph{/r} & \insnxesref{GCOFF} \emph{r64, r/mc}\\
\hline
F2 0F 7B \emph{/r} & \insnxesref{GCHI} \emph{r64, r/mc}\\
\hline
F3 0F 7B \emph{/r} & \insnxesref{GCLIM} \emph{r64, r/mc}\\
\hline
\end{tabular}
\clearpage
\section{Instructions Deprecated in Capability Mode}
The following instructions are valid in 64-bit mode but invalid in
capability mode. For conciseness, the placeholder \texttt{XX} in the
table below indicates any valid size for the instruction (i.e. 8, 16, 32,
or 64).
\bigskip
\noindent
\begin{tabularx}{\textwidth}{| l | l | Z |} \hline
\textbf{Opcode} & \textbf{Instruction} &
\textbf{Description}\\
\hline
26 & SEG=ES & ES segment prefix.\\
\hline
2E & SEG=CS & CS segment prefix.\\
\hline
36 & SEG=SS & SS segment prefix.\\
\hline
3E & SEG=DS & DS segment prefix.\\
\hline
A0 & MOV AL,\emph{moffs8} & Move byte at (\emph{offset}) to AL.\\
\hline
A1 & MOV [ER]AX,\emph{moffsxx} & Move value at (\emph{offset}) to [ER]AX.\\
\hline
A2 & MOV \emph{moffs8},AL & Move AL to (\emph{offset}).\\
\hline
A3 & MOV \emph{moffs8},[ER]AX & Move [ER]AX to (\emph{offset}).\\
\hline
CA & RET \emph{imm16} &
Far return and pop \emph{imm16} bytes from stack.\\
\hline
CB & RET & Far return.\\
\hline
FF /3 & CALL \emph{m16:xx} &
Call far, absolute indirect, address given in \emph{m16:xx}.\\
\hline
FF /5 & JMP \emph{m16:xx} &
Jump far, absolute indirect, address given in \emph{m16:xx}.\\
\hline
0F 02 \emph{/r} & LAR \emph{rxx,rxx/m16} &
Load access rights.\\
\hline
0F 03 \emph{/r} & LSL \emph{rxx,rxx/m16} &
Load segment limit.\\
\hline
0F A0 & PUSH FS & Push FS.\\
\hline
0F A1 & POP FS & Pop FS.\\
\hline
0F A8 & PUSH GS & Push GS.\\
\hline
0F A9 & POP GS & Pop GS.\\
\hline
0F B2 \emph{/r} & LSS \emph{rxx,m16:xx} &
Load SS:\emph{rxx} with far pointer.\\
\hline
0F B4 \emph{/r} & LFS \emph{rxx,m16:xx} &
Load FS:\emph{rxx} with far pointer.\\
\hline
0F B5 \emph{/r} & LGS \emph{rxx,m16:xx} &
Load GS:\emph{rxx} with far pointer.\\
\hline
\end{tabularx}