2

The Intel Manuals say the following about canonical addresses and general protection exception:

From (Vol 1, Pg. 3-13):

"If a linear-memory reference is not in canonical form, the implementation should generate an exception. In most cases, a general-protection exception (#GP) is generated. ..."

From (Vol 3A, Pg. 6-52):

"The following conditions cause general-protection exceptions in 64-bit mode:
- If the memory address is in a non-canonical form.
- If a segment descriptor memory address is in non-canonical form. ..."

I am interested to know whether the contents of the RIP are also classified as a "memory address", as mentioned in the above quote. Or is it the case that the RIP can contain a non-canonical address but #GP will not be raised till the RIP is used to refer to a location in the memory?

[EDIT]

I read the manuals more carefully now, especially the pseudocode for the CALL, RET and JMP instructions (since they are at liberty to change the RIP). I noticed that in 64-bit mode, the check of canonicity of an address is done before it is stored in the RIP, as a result of which #GP is raised before RIP gets a non-canonical address. So, the answer to my question is that the RIP can never contain an non-canonical address.

The situation I was concerned about --- that #GP will be raised because the RIP containing a non-canonical address is used to refer to a memory location --- does not arise at all.

Bo Persson
  • 90,663
  • 31
  • 146
  • 203
shigoel
  • 447
  • 4
  • 11
  • Of course, nothing can happen when the processor can't read a machine instruction at the RIP address. – Hans Passant Apr 27 '12 at 23:15
  • Yes, definitely. However, for now I am not worried about the processor not being able to read an instruction at the address referred to by the RIP. The _contents of the RIP itself_ and the related exceptions are my concern for now. – shigoel Apr 28 '12 at 22:53

2 Answers2

1

RIP has to contain canonical addresses as well, not just, say RSP or RBX when accessing memory.

EDIT: you can see that RIP isn't excluded from the requirement in:

  • the description of SYSENTER/SYSEXIT and SYSCALL/SYSRET
  • section "Interrupt 13—General Protection Exception (#GP)": If the target offset in a destination operand of a call or jmp is in a non-canonical form.
Alexey Frunze
  • 61,140
  • 12
  • 83
  • 180
  • Thanks for the answer. I edited the question to include what I found out after I read your reply. – shigoel Apr 28 '12 at 22:46
0

What would the difference be? If you try to set RIP via a jump or call instruction, the processor will try to load that address and trap. Does it matter whether or not the trap is specified as being on the register set or load from icache?

Andy Ross
  • 11,699
  • 1
  • 34
  • 31
  • I needed to know where exactly the exception originated. The reason is that I am trying to formally specify some portion of an x86-64 processor and details like these matter. – shigoel Apr 28 '12 at 22:48
  • Relying on that kind of distinction seems dangerous. Remember that it's the AMD specs that are original for this architecture. It seems reasonable to me that an implementation could legally implement **either** a RIP smaller than 64 bits that required canonical addresses **or** a full width register that trapped on load. – Andy Ross Apr 29 '12 at 03:34
  • Thanks for the comment. I agree with you completely (BTW, aside: the AMD manuals are so much more readable than the Intel ones! The language is good, so is the formatting and loads of tables and figures help in faster understanding). Back to the main topic --- part of my goal is to make the formal specifications so "robust" that they represent ideas like canonical addresses without bothering much about their implementation, as long as it can be proved that the implementation satisfy the ideas. To this end, I'm studying the implementations first before I can think up "abstractions" for them. – shigoel Apr 29 '12 at 04:27