pointers - 英特尔 MPX、BNDSTX、BNDLDX

Question

英特尔 MPX，在以下文档中为不熟悉它的人进行了描述:https://software.intel.com/sites/default/files/managed/68/8b/319433-019.pdf

我不确定我是否理解 BNDLDX 和 BNDSTX 是如何工作的。以 BNDSTX 为例。

从文件(第 855 页):

BNDSTX is used to store the bounds associated with a buffer and the “pointer value” of the pointer to that buffer onto a bound table entry via address translation using a two-level structure, see Section 9.3.8. For example, the software has a buffer with bounds stored in BND0, the pointer to the buffer is in ESI, the following sequence will store the “pointer value” (the buffer) and the bounds into a configured bound table entry using address translation from the linear address associated with the base of a SIB-addressing form consisting of a base register and a index register:

MOV ECX, Dword ptr [ESI] ; store the pointer value in the index register ECX
MOV EAX, ESI ; store the pointer in the base register EAX
BNDSTX Dword ptr [EAX+ECX], BND0 ; perform address translation from the linear address of the base EAX and store bounds and pointer value ECX onto a bound table entry.

该示例指出 ESI 包含一些指针，如果是，则第一条指令 mov ecx, dword ptr [esi] 通过间接寻址执行简单的 mov 并获取任何 esi 的双字 指向 进入 ecx，这就是我认为他们的意思 指针值 ，或者他们的意思是什么？这样做的目的是什么，这与 BNDSTX 执行的地址转换有何关系？

第二条指令看起来足够直观，它只是想将此指针存储到缓冲区并复制它。然而，为什么这是严格需要的也有点奇怪。 BND0 不是已经包含缓冲区的开始了吗？它不是简单地复制下限指针吗？再说一次，这究竟是什么目的指针值 我不清楚。

Answer 1

英特尔的例子措辞非常糟糕。 ESI 最初持有一个指向 buf 的指针。检查“指针值”是因为非 MPX 代码可能修改了指针值而不修改边界。如果发生这种情况，边界将被 BNDLNX 指令无效:

来自 https://software.intel.com/sites/default/files/managed/0d/53/319433-022.pdf :

BNDLDX uses the linear address constructed from the base register and displacement of the SIB-addressing form of the memory operand (mib) to perform address translation to access a bound table entry and conditionally load the bounds in the BTE to the destination. The destination register is updated with the bounds in the BTE, if the content of the index register of mib matches the pointer value stored in the BTE.

If the pointer value comparison fails, the destination is updated with INIT bounds (lb = 0x0, ub = 0x0) (note: as articulated earlier, the upper bound is represented using 1's complement, therefore, the 0x0 value of upper bound allows for access to full memory).