The Intel Manuals say the following about canonical addresses and general protection exception:
From (Vol 1, Pg. 3-13):
"If a linear-memory reference is not in canonical form, the implementation should generate an exception. In most cases, a general-protection exception (#GP) is generated. ..."
From (Vol 3A, Pg. 6-52):
"The following conditions cause general-protection exceptions in 64-bit mode:
- If the memory address is in a non-canonical form.
- If a segment descriptor memory address is in non-canonical form. ..."
I am interested to know whether the contents of the RIP are also classified as a "memory address", as mentioned in the above quote. Or is it the case that the RIP can contain a non-canonical address but #GP will not be raised till the RIP is used to refer to a location in the memory?
[EDIT]
I read the manuals more carefully now, especially the pseudocode for the CALL, RET and JMP instructions (since they are at liberty to change the RIP). I noticed that in 64-bit mode, the check of canonicity of an address is done before it is stored in the RIP, as a result of which #GP is raised before RIP gets a non-canonical address. So, the answer to my question is that the RIP can never contain an non-canonical address.
The situation I was concerned about --- that #GP will be raised because the RIP containing a non-canonical address is used to refer to a memory location --- does not arise at all.