[go: up one dir, main page]

TWI789183B - Checker and checking method for processor circuit - Google Patents

Checker and checking method for processor circuit Download PDF

Info

Publication number
TWI789183B
TWI789183B TW110148982A TW110148982A TWI789183B TW I789183 B TWI789183 B TW I789183B TW 110148982 A TW110148982 A TW 110148982A TW 110148982 A TW110148982 A TW 110148982A TW I789183 B TWI789183 B TW I789183B
Authority
TW
Taiwan
Prior art keywords
data
branch prediction
processor circuit
execution state
judging
Prior art date
Application number
TW110148982A
Other languages
Chinese (zh)
Other versions
TW202314485A (en
Inventor
陳盈如
丁之正
黃煜庭
陳嘉怡
Original Assignee
瑞昱半導體股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 瑞昱半導體股份有限公司 filed Critical 瑞昱半導體股份有限公司
Priority to US17/844,671 priority Critical patent/US20230078985A1/en
Application granted granted Critical
Publication of TWI789183B publication Critical patent/TWI789183B/en
Publication of TW202314485A publication Critical patent/TW202314485A/en

Links

Images

Landscapes

  • Memory System Of A Hierarchy Structure (AREA)
  • Advance Control (AREA)
  • Hardware Redundancy (AREA)

Abstract

The present disclosure provides a checker and a checking method for a processor circuit. The checking method includes: determining whether a data cache send a data refill request under a branch prediction executing status for obtaining a first result; determining whether data requested by the data refill request is wrote into a register and calculated under the branch prediction executing status for obtaining a second result; and determining whether the processor circuit has a vulnerability according to the first result and the second result.

Description

用於處理器電路之檢測器及檢測方法 Detector and detection method for processor circuit

本發明係關於一種用於檢測器及檢測方法,尤其是關於一種用於處理器電路之檢測器及檢測方法。 The present invention relates to a detector and a detection method, in particular to a detector and a detection method used in a processor circuit.

習知之處理器架構中,引入亂序執行(out-of-order execution)及分支預測(branch prediction)之功能,以提升指令處理效能。惟具有亂序執行及分支預測功能之處理器存在資訊安全漏洞,容易被駭客攻擊並竊取其中資料。其中,幽靈漏洞攻擊(spectre attack)為相當常見之一種攻擊模式。 In conventional processor architectures, functions of out-of-order execution and branch prediction are introduced to improve instruction processing performance. However, processors with out-of-order execution and branch prediction functions have information security loopholes, which are easy to be attacked by hackers and steal their data. Among them, the specter attack (spectre attack) is a fairly common attack mode.

為了避免受到幽靈漏洞攻擊,現有之解決辦法主要有:(1)使用軟體解法為關掉分支預測功能;或(2)在有資訊安全疑慮之程式片段插入屏障指令(barrier instruction)。然而,這類解決辦法將嚴重影響處理器執行效能。 In order to avoid being attacked by the Specter vulnerability, the existing solutions mainly include: (1) use a software solution to turn off the branch prediction function; or (2) insert a barrier instruction (barrier instruction) in the program segment that has information security concerns. However, such solutions will seriously affect the performance of the processor.

本發明的目的在於提供一種用於處理器電路之檢測方法,處理器電路包含亂序執行(out-of-order execution)及分支預測(branch prediction)單元,檢測方法包含:判斷資料快取是否於分支預測執行狀 態下發送資料回填請求,以得到第一判斷結果;判斷資料回填請求要求之資料是否於分支預測執行狀態下被寫入暫存器且被運算,以得到第二判斷結果;以及根據第一判斷結果以及第二判斷結果,判斷處理器電路是否具有攻擊漏洞。 The object of the present invention is to provide a detection method for a processor circuit. The processor circuit includes an out-of-order execution (out-of-order execution) and a branch prediction (branch prediction) unit. The detection method includes: judging whether the data cache is in Branch Prediction Execution Status Send a data backfill request in the state to obtain the first judgment result; judge whether the data required by the data backfill request is written into the temporary register and calculated in the branch prediction execution state to obtain the second judgment result; and according to the first judgment As a result and the second judgment result, it is judged whether the processor circuit has an attack vulnerability.

本發明另提供一種用於處理器電路之檢測器,處理器電路包含亂序執行及分支預測單元,檢測器包含第一檢測模組、第二檢測模組以及判斷模組。第一檢測模組用以判斷處理器電路之資料快取是否於分支預測執行狀態下發送資料回填請求,以得到第一判斷結果。第二檢測模組用以判斷資料回填請求要求之資料是否於分支預測執行狀態下被寫入處理器電路之暫存器且被運算,以得到第二判斷結果。判斷模組用以根據第一判斷結果以及第二判斷結果,判斷處理器電路是否具有攻擊漏洞。 The present invention further provides a detector for a processor circuit. The processor circuit includes an out-of-order execution and branch prediction unit, and the detector includes a first detection module, a second detection module, and a judgment module. The first detection module is used for judging whether the data cache of the processor circuit sends a data backfill request in the state of branch prediction execution, so as to obtain a first judging result. The second detection module is used for judging whether the data required by the data backfill request is written into the temporary register of the processor circuit under the execution state of the branch prediction and operated, so as to obtain the second judging result. The judging module is used for judging whether the processor circuit has an attack vulnerability according to the first judging result and the second judging result.

1:檢測器 1: detector

11:第一檢測模組 11: The first detection module

13:第二檢測模組 13: Second detection module

15:判斷模組 15: Judgment module

2:檢測器 2: detector

21:第一檢測模組 21: The first detection module

23:第二檢測模組 23: The second detection module

25:判斷模組 25: Judgment module

7:下層記憶體 7: Lower layer memory

8:處理器電路 8: Processor circuit

81:亂序執行及分支預測單元 81: Out-of-order execution and branch prediction unit

811:重排序緩衝器 811:Reorder buffer

83:暫存器 83: scratchpad

85:資料快取 85: Data cache

850:資料回填請求 850: Data backfill request

851:MSHR 851:MSHR

852:資料 852: data

87:記憶體存取單元 87: Memory access unit

89:運算單元 89: Operation unit

9:處理器電路 9: Processor circuit

91:亂序執行及分支預測單元 91: Out-of-order execution and branch prediction unit

93:暫存器 93: scratchpad

95:資料快取 95:Data cache

950:資料回填請求 950: Data backfill request

952:資料 952: data

S301~S304:步驟 S301~S304: steps

S401~S406:步驟 S401~S406: steps

結合附圖閱讀以下詳細描述會最佳地理解本發明之態樣。應注意,各種特徵可能未按比例繪製。事實上,可出於論述清楚起見,而任意地增大或減小各種特徵之尺寸。 Aspects of the present invention are best understood from the following detailed description when read in conjunction with the accompanying drawings. It should be noted that various features may not be drawn to scale. In fact, the dimensions of the various features may be arbitrarily increased or reduced for clarity of discussion.

圖1A為本發明之一些實施例之檢測器之方塊圖。 Figure 1A is a block diagram of a detector of some embodiments of the present invention.

圖1B為本發明之一些實施例之檢測器之方塊圖。 Figure IB is a block diagram of a detector of some embodiments of the invention.

圖2A為本發明之一些實施例之檢測器之方塊圖。 Figure 2A is a block diagram of a detector of some embodiments of the present invention.

圖2B為本發明之一些實施例之檢測器之方塊圖。 Figure 2B is a block diagram of a detector of some embodiments of the present invention.

圖3為本發明之一些實施例之檢測方法之流程圖。 Fig. 3 is a flow chart of the detection method of some embodiments of the present invention.

圖4為本發明之一些實施例之檢測方法之流程圖。 Fig. 4 is a flow chart of the detection method of some embodiments of the present invention.

在下文更詳細地論述本發明之實施例。然而,應瞭解,本 發明提供可在廣泛多種特定情境中體現之許多適用的概念。所論述特定實施例僅為說明性的且並不限制本發明之範疇。 Embodiments of the invention are discussed in more detail below. However, it should be understood that the The invention provides many applicable concepts that can be embodied in a wide variety of specific contexts. The specific embodiments discussed are illustrative only and do not limit the scope of the invention.

請參閱圖1A,其係本發明一些實施例之一檢測器1之方塊圖。檢測器1用於檢測一處理器電路9是否具攻擊漏洞(例如:幽靈攻擊,spectre attack)。於一些實施例中,處理器電路9包含:一亂序執行(out-of-order execution)及分支預測(branch prediction)單元91、一暫存器93以及一資料快取95。亂序執行及分支預測單元91用以將指令解碼,並將解碼之指令以亂序之方式執行。亂序執行及分支預測單元91具有分支預測之功能,並可記錄分支預測狀態,例如:分支預測執行狀態(分支預測未解開狀態)以及分支預測未執行狀態(分支預測解開狀態)。 Please refer to FIG. 1A , which is a block diagram of a detector 1 according to some embodiments of the present invention. The detector 1 is used to detect whether a processor circuit 9 has an attack vulnerability (for example: ghost attack, spectre attack). In some embodiments, the processor circuit 9 includes: an out-of-order execution and branch prediction unit 91 , a register 93 and a data cache 95 . The out-of-order execution and branch prediction unit 91 is used for decoding instructions and executing the decoded instructions in an out-of-order manner. The out-of-order execution and branch prediction unit 91 has the function of branch prediction, and can record the state of branch prediction, such as: branch prediction execution state (branch prediction unlocked state) and branch prediction unexecuted state (branch prediction unlocked state).

於一些實施例中,檢測器1包含一第一檢測模組11、一第二檢測模組13以及一判斷模組15。具體而言,第一檢測模組11用以判斷處理器電路9之資料快取95是否於分支預測執行狀態下發送一資料回填請求(data refill request),以得到一第一判斷結果。第二檢測模組13用以判斷資料回填請求要求之一資料是否於分支預測執行狀態下被寫入處理器電路9之暫存器93且被運算,以得到一第二判斷結果。判斷模組15用以根據第一判斷結果以及第二判斷結果,判斷處理器電路9是否具有攻擊漏洞。 In some embodiments, the detector 1 includes a first detection module 11 , a second detection module 13 and a judgment module 15 . Specifically, the first detection module 11 is used to judge whether the data cache 95 of the processor circuit 9 sends a data refill request (data refill request) in the state of branch prediction execution, so as to obtain a first judgment result. The second detection module 13 is used for judging whether one of the data required by the data backfill request is written into the register 93 of the processor circuit 9 in the state of branch prediction execution and operated to obtain a second judging result. The judging module 15 is used for judging whether the processor circuit 9 has an attack vulnerability according to the first judging result and the second judging result.

請參閱圖1B,於一些實施例中,當第一檢測模組11判斷處理器電路9之資料快取95於分支預測執行狀態下發送一資料回填請求950,則第二檢測模組13進一步判斷資料回填請求950要求之資料是否於分支預測執行狀態下被寫入處理器電路9之暫存器93且被運算。當第二檢測模組13判斷資料回填請求950要求之一資料952於分支預測執行狀態下 被寫入處理器電路9之暫存器93且被運算,則判斷模組15根據前述第一檢測模組11以及第二檢測模組13之檢測結果,判斷處理器電路9可能具有攻擊漏洞。 Please refer to FIG. 1B. In some embodiments, when the first detection module 11 determines that the data cache 95 of the processor circuit 9 sends a data backfill request 950 under the branch prediction execution state, the second detection module 13 further judges Whether the data requested by the data backfill request 950 is written into the register 93 of the processor circuit 9 and operated on in the branch prediction execution state. When the second detection module 13 judges that one of the data 952 required by the data backfill request 950 is in the state of branch prediction execution After being written into the temporary register 93 of the processor circuit 9 and calculated, the judgment module 15 judges that the processor circuit 9 may have an attack vulnerability according to the detection results of the first detection module 11 and the second detection module 13 .

於一些實施例中,當:(1)第一檢測模組11判斷處理器電路9之資料快取95並未於分支預測執行狀態下發送任何資料回填請求;(2)當第二檢測模組13判斷資料回填請求950要求之資料952並未於分支預測執行狀態下被寫入處理器電路9之暫存器93;或(3)當第二檢測模組13判斷資料952未於分支預測執行狀態下被運算,則判斷模組15根據前述第一檢測模組11以及第二檢測模組13之檢測結果,判斷處理器電路9可能不具有攻擊漏洞。 In some embodiments, when: (1) the first detection module 11 determines that the data cache 95 of the processor circuit 9 has not sent any data backfill request in the branch prediction execution state; (2) when the second detection module 13. Judging that the data 952 required by the data backfill request 950 has not been written into the temporary register 93 of the processor circuit 9 in the state of branch prediction execution; or (3) when the second detection module 13 judges that the data 952 is not in the state of branch prediction execution state is calculated, then the judging module 15 judges that the processor circuit 9 may not have an attack vulnerability according to the detection results of the aforementioned first detection module 11 and the second detection module 13 .

需特別說明,於一些實施例中,前述之處理器電路以及檢測器可包含硬體電路,處理器電路之元件(例如:亂序執行及分支預測單元、暫存器以及資料快取)以及檢測器之元件(第一檢測模組、第二檢測模組以及判斷模組)間透過電性連結傳遞資料及訊號。於一些實施例中,前述之處理器電路、檢測器及元件間之訊號及資料傳遞,亦可透過軟體(例如:Electronic Design Automation,EDA)模擬。 In particular, in some embodiments, the aforementioned processor circuits and detectors may include hardware circuits, elements of processor circuits (such as out-of-order execution and branch prediction units, registers, and data caches) and detectors. The components of the device (the first detection module, the second detection module and the judgment module) transmit data and signals through electrical connections. In some embodiments, the signal and data transmission among the aforementioned processor circuit, detector and components can also be simulated by software (eg Electronic Design Automation, EDA).

請參閱圖2A,其係本發明一些實施例之一檢測器2之方塊圖。檢測器2用於檢測一處理器電路8是否具攻擊漏洞。於一些實施例中,處理器電路8包含:一亂序執行及分支預測單元81、一暫存器83、一資料快取85、一記憶體存取單元(load-store unit)87以及一運算單元89。亂序執行及分支預測單元81用以將指令解碼,並將解碼之指令以亂序之方式執行。亂序執行及分支預測單元81具有分支預測之功能,並可將分支預測狀態(例如:分支預測執行狀態以及分支預測未執行狀態)記錄於一重排 序緩衝器(reorder buffer)811。資料快取85具有一未命中狀態保持暫存器(miss status holding register,MSHR)851。 Please refer to FIG. 2A , which is a block diagram of a detector 2 according to some embodiments of the present invention. The detector 2 is used to detect whether a processor circuit 8 has an attack vulnerability. In some embodiments, the processor circuit 8 includes: an out-of-order execution and branch prediction unit 81, a register 83, a data cache 85, a memory access unit (load-store unit) 87, and an operation Unit 89. The out-of-order execution and branch prediction unit 81 is used for decoding instructions and executing the decoded instructions in an out-of-order manner. The out-of-order execution and branch prediction unit 81 has the function of branch prediction, and can record the branch prediction state (for example: branch prediction execution state and branch prediction non-execution state) in a rearrangement Reorder buffer (reorder buffer) 811. The data cache 85 has a miss status holding register (MSHR) 851 .

於一些實施例中,檢測器2包含一第一檢測模組21、一第二檢測模組23以及一判斷模組25。具體而言,第一檢測模組21用以判斷處理器電路8之資料快取85於分支預測執行狀態下發生快取未命中(cache miss)。由於快取未命中,因此,可能產生資料回填請求。第一檢測模組21用以判斷資料快取85之MSHR 851是否於分支預測執行狀態下向一下層記憶體7(例如:第二級快取L2 cache、匯流排連接之記憶體等)發送一資料回填請求,以得到一第一判斷結果。 In some embodiments, the detector 2 includes a first detection module 21 , a second detection module 23 and a judgment module 25 . Specifically, the first detection module 21 is used to determine that a cache miss occurs in the data cache 85 of the processor circuit 8 in the state of branch prediction execution. Due to a cache miss, a data backfill request may be generated. The first detection module 21 is used to determine whether the MSHR 851 of the data cache 85 sends a message to the lower-level memory 7 (for example: second-level cache L2 cache, bus-connected memory, etc.) in the state of branch prediction execution. The data backfill request is used to obtain a first judgment result.

第二檢測模組23用以判斷記憶體存取單元87是否於分支預測執行狀態下將資料回填請求要求之一資料寫入至暫存器83且判斷運算單元89是否於分支預測執行狀態下存取暫存器83之資料,以得到一第二判斷結果。判斷模組25用以根據第一判斷結果以及第二判斷結果,判斷處理器電路8是否具有攻擊漏洞。 The second detection module 23 is used to determine whether the memory access unit 87 writes one of the data required by the data backfill request to the temporary register 83 under the branch prediction execution state and whether the operation unit 89 stores the data under the branch prediction execution state. Get the data of the temporary register 83 to obtain a second judgment result. The judging module 25 is used for judging whether the processor circuit 8 has an attack vulnerability according to the first judging result and the second judging result.

請參閱圖2B,於一些實施例中,當第一檢測模組21判斷處理器電路8之資料快取85於分支預測執行狀態下發生快取未命中,並判斷處理器電路8之資料快取85於分支預測執行狀態下發送一資料回填請求850,則第二檢測模組23進一步判斷資料回填請求850要求之資料是否於分支預測執行狀態下被寫入處理器電路8之暫存器83且被運算。 Please refer to FIG. 2B. In some embodiments, when the first detection module 21 judges that a cache miss occurs in the data cache 85 of the processor circuit 8 in the state of branch prediction execution, and judges that the data cache of the processor circuit 8 85 sends a data backfill request 850 under the branch prediction execution state, then the second detection module 23 further judges whether the data required by the data backfill request 850 is written into the register 83 of the processor circuit 8 under the branch prediction execution state and is computed.

更進一步來說,當第二檢測模組23判斷記憶體存取單元87於分支預測執行狀態下將資料回填請求850要求之一資料852自資料快取85寫入處理器電路8之暫存器83,且判斷運算單元89於分支預測執行狀態下存取暫存器83之資料852,則判斷模組85根據前述第一檢測模組81以及 第二檢測模組83之檢測結果,判斷處理器電路8可能具有攻擊漏洞。 Furthermore, when the second detection module 23 judges that the memory access unit 87 is in the branch prediction execution state, one of the data 852 required by the data backfill request 850 is written from the data cache 85 to the temporary register of the processor circuit 8 83, and the judging operation unit 89 accesses the data 852 of the temporary register 83 under the branch prediction execution state, then the judging module 85 is based on the aforementioned first detecting module 81 and The detection result of the second detection module 83 determines that the processor circuit 8 may have an attack vulnerability.

於一些實施例中,當:(1)第一檢測模組21判斷處理器電路8之資料快取85並未於分支預測執行狀態下發送任何資料回填請求;(2)當第二檢測模組23判斷資料回填請求850要求之資料852並未於分支預測執行狀態下被記憶體存取單元87寫入處理器電路8之暫存器83;或(3)當第二檢測模組23判斷資料852未於分支預測執行狀態下被運算單元89存取,則判斷模組85根據前述第一檢測模組81以及第二檢測模組83之檢測結果,判斷處理器電路8可能不具有攻擊漏洞。 In some embodiments, when: (1) the first detection module 21 determines that the data cache 85 of the processor circuit 8 has not sent any data backfill request in the branch prediction execution state; (2) when the second detection module 23 Judging that the data 852 required by the data backfill request 850 has not been written into the temporary register 83 of the processor circuit 8 by the memory access unit 87 in the branch prediction execution state; or (3) when the second detection module 23 judges the data 852 is not accessed by the computing unit 89 in the branch prediction execution state, then the judging module 85 judges that the processor circuit 8 may not have an attack vulnerability according to the detection results of the aforementioned first detection module 81 and the second detection module 83 .

於一些實施例中,處理器電路8之亂序執行及分支預測單元81除了重排序緩衝器811外,可進一步包含:指令擷取及分支預測(instruction fetch/branch prediction)單元、指令解碼(instruction decode)單元以及暫存器重新命名、分派與指令退休(register renaming/dispatch/retire)單元。 In some embodiments, in addition to the reordering buffer 811, the out-of-order execution and branch prediction unit 81 of the processor circuit 8 may further include: an instruction fetch/branch prediction (instruction fetch/branch prediction) unit, an instruction decoding (instruction decode) unit and register renaming, dispatch and instruction retirement (register renaming/dispatch/retire) unit.

需特別說明,前述各種操作是否於分支預測執行狀態下執行,可在操作執行之時間點根據重排序緩衝器851之資料決定。另外,於一些實施例中,前述之處理器電路、檢測器及下層記憶體可包含硬體電路,處理器電路之元件(例如:亂序執行及分支預測單元、暫存器、資料快取、記憶體存取單元、運算單元)、檢測器之元件(第一檢測模組、第二檢測模組以及判斷模組)以及下層記憶體間透過電性連結傳遞資料及訊號。於一些實施例中,前述之處理器電路、檢測器、下層記憶體及元件間之訊號及資料傳遞,亦可透過軟體(例如:EDA)模擬。 It should be specially noted that whether the aforementioned various operations are performed in the branch prediction execution state can be determined according to the data of the reordering buffer 851 at the time point of operation execution. In addition, in some embodiments, the aforementioned processor circuits, detectors, and lower-layer memory may include hardware circuits, elements of processor circuits (such as: out-of-order execution and branch prediction units, registers, data caches, memory access unit, computing unit), components of the detector (the first detection module, the second detection module and the judgment module) and the lower layer memory to transmit data and signals through electrical connection. In some embodiments, the aforementioned processor circuit, detector, lower-level memory, and signal and data transmission between components can also be simulated by software (eg: EDA).

本發明之一些實施例包含用於一處理器電路之檢測方法,其流程圖如圖3所示。處理器電路包含一亂序執行及分支預測單元。這些 實施例之檢測方法由一檢測器(如前述實施例之檢測器)實施,方法之詳細操作如下。首先,執行步驟S301,判斷處理器電路之一資料快取是否於一分支預測執行狀態下發送一資料回填請求,以得到一第一判斷結果。若第一判斷結果為否,則執行步驟S304,判斷處理器電路不具有攻擊漏洞。若第一判斷結果為是,則執行步驟S302,判斷資料回填請求要求之一資料是否於分支預測執行狀態下被寫入一暫存器且被運算,以得到一第二判斷結果。若第二判斷結果否,則執行步驟S304。若第二判斷結果為是,則執行步驟S303,判斷處理器電路具有攻擊漏洞。 Some embodiments of the present invention include a detection method for a processor circuit, the flowchart of which is shown in FIG. 3 . The processor circuit includes an out-of-order execution and branch prediction unit. These The detection method of the embodiment is implemented by a detector (such as the detector of the aforementioned embodiment), and the detailed operation of the method is as follows. Firstly, step S301 is executed to determine whether a data cache of the processor circuit sends a data backfill request in a branch prediction execution state, so as to obtain a first determination result. If the first judgment result is no, step S304 is executed to judge that the processor circuit has no attack vulnerability. If the first judgment result is yes, then step S302 is executed to judge whether a data required by the data backfill request is written into a register and operated in the branch prediction execution state to obtain a second judgment result. If the second judgment result is negative, step S304 is executed. If the second judgment result is yes, execute step S303 to judge that the processor circuit has an attack vulnerability.

本發明之一些實施例包含用於一處理器電路之檢測方法,其流程圖如圖4所示。處理器電路包含一亂序執行及分支預測單元。這些實施例之檢測方法由一檢測器(如前述實施例之檢測器)實施,方法之詳細操作如下。首先,執行步驟S401,判斷處理器電路之一資料快取是否於一分支預測執行狀態下發生快取未命中。若否,重複執行步驟S401。 Some embodiments of the present invention include a detection method for a processor circuit, the flowchart of which is shown in FIG. 4 . The processor circuit includes an out-of-order execution and branch prediction unit. The detection methods of these embodiments are implemented by a detector (such as the detector of the aforementioned embodiments), and the detailed operation of the method is as follows. Firstly, step S401 is executed to determine whether a cache miss occurs in a data cache of the processor circuit in a branch prediction execution state. If not, repeat step S401.

若步驟S401結果為是,執行步驟S402,判斷資料快取之一MSHR是否於分支預測執行狀態下向一下層記憶體發送一資料回填請求,以得到一第一判斷結果。若第一判斷結果為否,執行步驟S406,判斷處理器電路不具攻擊漏洞。若第一判斷結果為是,執行步驟S403,判斷處理器電路之一記憶體存取單元是否於分支預測執行狀態下將資料回填請求要求之資料自資料快取寫入暫存器。若否,執行步驟S406,判斷處理器電路不具攻擊漏洞。 If the result of step S401 is yes, execute step S402 to determine whether one of the data caches, MSHR, sends a data backfill request to the lower-level memory in the state of branch prediction execution, so as to obtain a first determination result. If the first determination result is negative, step S406 is executed to determine that the processor circuit has no attack vulnerability. If the first judgment result is yes, step S403 is executed to judge whether a memory access unit of the processor circuit writes the data required by the data backfill request from the data cache into the register in the state of branch prediction execution. If not, step S406 is executed to determine that the processor circuit has no attack vulnerability.

若步驟S403結果為是,執行步驟S404,判斷處理器電路之一運算單元是否於分支預測執行狀態下存取暫存器之資料,以得到一第二判斷結果。若第二判斷結果為否,執行步驟S406,判斷處理器電路不具 攻擊漏洞。若第二判斷結果為是,則執行步驟S405,判斷處理器電路具有攻擊漏洞。 If the result of step S403 is yes, step S404 is executed to determine whether an operation unit of the processor circuit is accessing the data of the temporary register in the state of branch prediction execution, so as to obtain a second determination result. If the second judgment result is no, execute step S406, and judge that the processor circuit does not have Attack vulnerabilities. If the second judgment result is yes, execute step S405 to judge that the processor circuit has an attack vulnerability.

綜上所述,本發明提供之用於處理器電路之檢測器及檢測方法,可透過檢測步驟判斷特定之攻擊操作模式(例如:幽靈漏洞攻擊模式)是否可能存在,俾利後續調整修改處理器電路。 In summary, the detector and detection method for processor circuits provided by the present invention can determine whether a specific attack operation mode (for example: Specter vulnerability attack mode) may exist through the detection steps, so as to facilitate subsequent adjustment and modification of the processor circuit.

上文的敘述簡要地提出了本發明某些實施例之特徵,而使得本發明所屬技術領域包含通常知識者能夠更全面地理解本發明內容的多種態樣。本發明所屬技術領域包含通常知識者當可明瞭,其可輕易地利用本發明內容作為基礎,來設計或更動其他製程與結構,以實現與此處該之實施方式相同的目的和/或達到相同的優點。本發明所屬技術領域包含通常知識者應當明白,這些均等的實施方式仍屬於本發明內容之精神與範圍,且其可進行各種變更、替代與更動,而不會悖離本發明內容之精神與範圍。 The above description briefly presents the features of some embodiments of the present invention, so that those skilled in the art of the present invention can more fully understand various aspects of the content of the present invention. Those with ordinary knowledge in the technical field of the present invention should understand that they can easily use the content of the present invention as a basis to design or modify other processes and structures to achieve the same purpose and/or achieve the same as the embodiment here The advantages. Those with ordinary knowledge in the technical field of the present invention should understand that these equivalent embodiments still belong to the spirit and scope of the present invention, and various changes, substitutions and changes can be made without departing from the spirit and scope of the present invention. .

2:檢測器 2: detector

21:第一檢測模組 21: The first detection module

23:第二檢測模組 23: The second detection module

25:判斷模組 25: Judgment module

7:下層記憶體 7: Lower layer memory

8:處理器電路 8: Processor circuit

81:亂序執行及分支預測單元 81: Out-of-order execution and branch prediction unit

811:重排序緩衝器 811:Reorder buffer

83:暫存器 83: scratchpad

85:資料快取 85: Data cache

850:資料回填請求 850: Data backfill request

851:MSHR 851:MSHR

852:資料 852: data

87:記憶體存取單元 87: Memory access unit

89:運算單元 89: Operation unit

Claims (9)

一種用於一處理器電路之檢測方法,該處理器電路包含一亂序執行(out-of-order execution)及分支預測(branch prediction)單元以及一運算單元,該檢測方法包含:判斷一資料快取是否於一分支預測執行狀態下發送一資料回填請求,以得到一第一判斷結果,其中,該分支預測執行狀態係由該亂序執行及分支預測單元記錄,該資料回填請求係用於向該資料快取之一下層記憶體發送;判斷該資料回填請求要求之一資料是否於該分支預測執行狀態下被寫入一暫存器且被該運算單元運算,以得到一第二判斷結果;以及根據該第一判斷結果以及該第二判斷結果,判斷該處理器電路是否具有攻擊漏洞。 A detection method for a processor circuit, the processor circuit includes an out-of-order execution (out-of-order execution) and branch prediction (branch prediction) unit and an operation unit, the detection method includes: judging a data block Whether to send a data backfill request in a branch prediction execution state to obtain a first judgment result, wherein, the branch prediction execution state is recorded by the out-of-order execution and branch prediction unit, and the data backfill request is used to send sending from the lower layer memory of the data cache; judging whether a data required by the data backfill request is written into a temporary register and operated by the operation unit in the branch prediction execution state, so as to obtain a second judging result; And according to the first judgment result and the second judgment result, it is judged whether the processor circuit has an attack vulnerability. 如請求項1所述之檢測方法,其中,當該第一判斷結果係該資料快取於該分支預測執行狀態下發送該資料回填請求,以及該第二判斷結果係該資料於該分支預測執行狀態下被寫入該暫存器且被運算時,判斷該處理器電路具有攻擊漏洞。 The detection method according to claim 1, wherein the data backfill request is sent when the first judgment result is that the data cache is in the branch prediction execution state, and the second judgment result is that the data is in the branch prediction execution state When the state is written into the register and operated, it is judged that the processor circuit has an attack vulnerability. 如請求項1所述之檢測方法,更包含:判斷該資料快取於該分支預測執行狀態下發生快取未命中(cache miss)。 The detection method as described in Claim 1 further includes: judging that a cache miss occurs in the data cache in the branch prediction execution state. 如請求項3所述之檢測方法,其中,判斷該資料快取是否於該分支預測執行狀態下發送該資料回填請求之步驟更包含:判斷該資料快取之一未命中狀態保持暫存器(miss status holding register,MSHR)是否於該分支預測執行狀態下發送該資料回填請求,以得到該第一判斷結果。 The detection method as described in claim 3, wherein the step of judging whether the data cache sends the data backfill request in the branch prediction execution state further includes: judging a miss state holding register of the data cache ( miss status holding register (MSHR) whether to send the data backfill request in the branch prediction execution state to obtain the first judgment result. 一種用於一處理器電路之檢測器,該處理器電路包含一亂序執行(out-of-order execution)及分支預測(branch prediction)單元以及一運算單元,該檢測器包含:一第一檢測模組,用以:判斷該處理器電路之一資料快取是否於一分支預測執行狀態下發送一資料回填請求,以得到一第一判斷結果,其中,該分支預測執行狀態係由該亂序執行及分支預測單元記錄,該資料回填請求係用於向該資料快取之一下層記憶體發送;一第二檢測模組,用以:判斷該資料回填請求要求之一資料是否於該分支預測執行狀態下被寫入該處理器電路之一暫存器且被該運算單元運算,以得到一第二判斷結果;以及一判斷模組,用以:根據該第一判斷結果以及該第二判斷結果,判斷該處理器電路是否具有攻擊漏洞。 A detector for a processor circuit comprising an out-of-order execution and branch prediction unit and an arithmetic unit, the detector comprising: a first detector A module for: judging whether a data cache of the processor circuit sends a data backfill request in a branch prediction execution state to obtain a first judgment result, wherein the branch prediction execution state is determined by the out-of-order The execution and branch prediction unit records that the data backfill request is used to send to a lower layer memory of the data cache; a second detection module is used to: determine whether the data requested by the data backfill request is in the branch prediction It is written into a temporary register of the processor circuit in the execution state and is operated by the arithmetic unit to obtain a second judgment result; and a judgment module is used for: according to the first judgment result and the second judgment As a result, it is judged whether or not the processor circuit has an attack vulnerability. 如請求項5所述之檢測器,其中,當該第一判斷結果係該資料快取於該分支預測執行狀態下發送該資料回填請求,以及該第二判斷結果係該資料於該分支預測執行狀態下被寫入該暫存器且被運算時,該判斷模組判斷該處理器電路具有攻擊漏洞。 The detector according to claim 5, wherein the data backfill request is sent when the first judgment result is that the data cache is in the branch prediction execution state, and the second judgment result is that the data is in the branch prediction execution state When the state is written into the temporary register and operated, the judging module judges that the processor circuit has an attack vulnerability. 如請求項5所述之檢測器,其中,該第一檢測模組更用以:判斷該資料快取於該分支預測執行狀態下發生快取未命中(cache miss)。 The detector according to claim 5, wherein the first detection module is further used for: judging that a cache miss (cache miss) occurs in the data cache in the execution state of the branch prediction. 如請求項7所述之檢測器,其中,該第一檢測模組更用以:判斷該資料快取之一未命中狀態保持暫存器(miss status holding register,MSHR)是否於該分支預測執行狀態下向該下層記憶體發送該資料回填請求,以得到該第一判斷結果。 The detector according to claim 7, wherein the first detection module is further used to: determine whether a miss status holding register (miss status holding register, MSHR) of the data cache is executed in the branch prediction In this state, the data backfill request is sent to the lower memory to obtain the first judgment result. 如請求項5所述之檢測器,其中,該第二檢測模組更用以:判斷該資料回填請求要求之該資料是否於該分支預測執行狀態下自該資料快取寫入該暫存器;以及判斷該暫存器之該資料是否於該分支預測執行狀態下被運算,以得到該第二判斷結果。 The detector as described in claim 5, wherein the second detection module is further used to: determine whether the data required by the data backfill request is written into the register from the data cache in the branch prediction execution state ; and judging whether the data in the register is operated in the branch prediction execution state, so as to obtain the second judging result.
TW110148982A 2021-09-15 2021-12-27 Checker and checking method for processor circuit TWI789183B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US17/844,671 US20230078985A1 (en) 2021-09-15 2022-06-20 Checker and checking method for prossor circuit

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202163244271P 2021-09-15 2021-09-15
US63/244,271 2021-09-15

Publications (2)

Publication Number Publication Date
TWI789183B true TWI789183B (en) 2023-01-01
TW202314485A TW202314485A (en) 2023-04-01

Family

ID=85482147

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110148982A TWI789183B (en) 2021-09-15 2021-12-27 Checker and checking method for processor circuit

Country Status (2)

Country Link
CN (1) CN115811408A (en)
TW (1) TWI789183B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI864746B (en) * 2023-05-11 2024-12-01 瑞昱半導體股份有限公司 Detection method and related detection device for out-of-order execution central processing unit circuit

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112596792A (en) * 2020-12-17 2021-04-02 海光信息技术股份有限公司 Branch prediction method, apparatus, medium, and device
CN113127880A (en) * 2021-03-25 2021-07-16 华东师范大学 Method for detecting channel vulnerability of speculative execution side in first-level data cache
CN113221119A (en) * 2021-05-13 2021-08-06 中金金融认证中心有限公司 Embedded processor branch prediction vulnerability detection method, computer device and medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011156021A2 (en) * 2010-03-01 2011-12-15 The Trustees Of Columbia University In The City Of New York Systems and methods for detecting design-level attacks against a digital circuit
WO2017061079A1 (en) * 2015-10-09 2017-04-13 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Security device, attack detection method, and program
US11169805B2 (en) * 2018-04-30 2021-11-09 Hewlett Packard Enterprise Development Lp Dynamic processor cache to avoid speculative vulnerability
US11113065B2 (en) * 2019-04-03 2021-09-07 Advanced Micro Devices, Inc. Speculative instruction wakeup to tolerate draining delay of memory ordering violation check buffers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112596792A (en) * 2020-12-17 2021-04-02 海光信息技术股份有限公司 Branch prediction method, apparatus, medium, and device
CN113127880A (en) * 2021-03-25 2021-07-16 华东师范大学 Method for detecting channel vulnerability of speculative execution side in first-level data cache
CN113221119A (en) * 2021-05-13 2021-08-06 中金金融认证中心有限公司 Embedded processor branch prediction vulnerability detection method, computer device and medium

Also Published As

Publication number Publication date
CN115811408A (en) 2023-03-17
TW202314485A (en) 2023-04-01

Similar Documents

Publication Publication Date Title
Lipp et al. Meltdown
CN108427576A (en) A kind of high-performance from Spectre attacks, which speculates, executes algorithm
EP2503460B1 (en) Hardware acceleration for a software transactional memory system
US12189479B2 (en) Apparatus and method for detecting and recovering from data fetch errors
KR102664370B1 (en) Dynamic designation of instructions as sensitive
CN111936980A (en) Apparatus and method for controlling allocation of data into cache memory
TWI476580B (en) Method, apparatus, and computer system for detecting and recovering from instruction fetch errors
KR20170039212A (en) Multicore memory data recorder for kernel module
JP2003511756A (en) Mechanisms for improving fault isolation and diagnosis in computers
TWI789183B (en) Checker and checking method for processor circuit
US8549235B2 (en) Method for detecting address match in a deeply pipelined processor design
TW202411864A (en) Mitigating pointer authentication code (pac) attacks in processor-based devices
Chen et al. Prime+ reset: Introducing a novel cross-world covert-channel through comprehensive security analysis on arm trustzone
US20050149781A1 (en) System and method for soft error handling
US8495452B2 (en) Handling corrupted background data in an out of order execution environment
US20240012948A1 (en) Efficient processing of masked memory accesses
CN113392407A (en) High-performance processor-oriented architecture optimization method for preventing Spectre attack
US20230078985A1 (en) Checker and checking method for prossor circuit
CN111241551A (en) Identification method of false security dependency conflict in processor chip based on cache hit status
CN115380273A (en) Fetch stage handling of indirect jumps in a processor pipeline
TWI864746B (en) Detection method and related detection device for out-of-order execution central processing unit circuit
JP7751953B2 (en) HARDWARE SUPPORT FOR SOFTWARE POINTER AUTHENTICATION IN A COMPUTING SYSTEM - Patent application
US9558119B2 (en) Main memory operations in a symmetric multiprocessing computer
CN119051838B (en) Side channel attack protection method, device, storage medium and electronic device
CN120743604B (en) A high-performance bus transmission security assurance method and system