Method for secure execution of code, including (a) on a CPU, where opcodes for the same executable instructions differ from one memory page to another, depending on memory tag, loading original static instructions from executable module <0> into non-tagged executable memory pages; (b) beginning execution of original static instructions of process <0>; (c) invoking a CPU instruction to start process <i>, where i=1 initially, in process <0>, to create a new memory tag <i>, its set of randomized opcodes and to return memory tag <i> and new randomized set of opcodes to process <0>; (d) loading executable module <i> for process <i> in process <0>, and transforming executable code using new randomized opcodes from step (c); (e) in process <0>, allocating tagged memory with tag <i> to process <i>, loading memory with compiled executable code from step (d) into process <i>, and running compiled code from step (d).

Disclosed embodiments relate to matrix compress/decompress instructions. In one example, a processor includes fetch circuitry to fetch a compress instruction having a format with fields to specify an opcode and locations of decompressed source and compressed destination matrices, decode circuitry to decode the fetched compress instructions, and execution circuitry, responsive to the decoded compress instruction, to: generate a compressed result according to a compress algorithm by compressing the specified decompressed source matrix by either packing non-zero-valued elements together and storing the matrix position of each non-zero-valued element in a header, or using fewer bits to represent one or more elements and using the header to identify matrix elements being represented by fewer bits; and store the compressed result to the specified compressed destination matrix.

Methods of encoding and decoding are described which use a variable number of instruction words to encode instructions from an instruction set, such that different instructions within the instruction set may be encoded using different numbers of instruction words. To encode an instruction, the bits within the instruction are reordered and formed into instruction words based upon their variance as determined using empirical or simulation data. The bits in the instruction words are compared to corresponding predicted values and some or all of the instruction words that match the predicted values are omitted from the encoded instruction.

In one embodiment, a processor includes circuitry to decode an instruction referencing an encoded data pointer that includes a set of plaintext linear address bits and a set of encrypted linear address bits. The processor also includes circuitry to perform a speculative lookup in a translation lookaside buffer (TLB) using the plaintext linear address bits to obtain physical address, buffer a set of architectural predictor state values based on the speculative TLB lookup, and speculatively execute the instruction using the physical address obtained from the speculative TLB lookup. The processor also includes circuitry to determine whether the speculative TLB lookup was correct and update a set of architectural predictor state values of the core using the buffered architectural predictor state values based on a determination that the speculative TLB lookup was correct.

A method comprising responsive to a first instruction requesting a memory heap operation, identifying a data block of a memory heap; accessing a tag history for the data block, the tag history comprising a plurality of tags previously assigned to the data block; assigning a tag to the data block, wherein assigning the tag comprises verification that the tag does not match any of the plurality of tags of the tag history; and providing the assigned tag and a reference to a location of the data block.

An approach is provided in which an information handling system loads a set of encrypted binary code into a processor that has been encrypted based upon a unique key of the processor. The processor includes an instruction decoder that transforms the set of encrypted binary code into a set of instruction control signals using the unique key. In turn, the processor executes a set of instructions based on the set of instruction control signals.

Systems, apparatuses, and methods related to a computer system having a processor and a main memory storing scrambled data are described. The processor may have a cache, a register, an execution unit, and an unscrambler. The processor can load the scrambled data into the cache; and the unscrambler may convert the scrambled data into unscrambled data just in time for the register or the execution unit during instruction execution. The unscrambled data can be an instruction, an address, or an operand of an instruction. Unscrambling can be performed just before loading the data item in a scrambled form from the cache into the register in an unscrambled form, or after the data item leaves the register in the scrambled form as input to the execution unit in the unscrambled form. The unscrambled data and the scrambled data may have the same set of bits arranged in different orders.

A method for securing an integrated circuit chip includes obtaining a first value from a first storage area in the chip, obtaining a second value from a second storage area in the chip, generating a third value based on the first value and the second value, and converting a first opcode command obfuscated as a second opcode command into a non-obfuscated form of the first opcode command based on the third value. The first value corresponds to a physically unclonable function (PUF) of the chip. The second value is a key including information indicating a type of obfuscation performed to obfuscate the first opcode command as the second opcode command. The third value may be an inversion flag indicating a type of obfuscation performed to obfuscate the first opcode command as the second opcode command.

Disclosed herein are methods and devices for defeating buffer overflow problems in multicore processors. In one embodiment, a processor implemented within a multicore processor integrated circuit (IC) is disclosed. The processor includes an instruction register and selection circuitry including a hardware latch operable to thwart a buffer overflow attack. The selection circuitry is electrically coupled with the instruction register. The selection circuitry is configured for: providing decrypted instructions to the instruction register when the hardware latch is in a first state and providing un-decrypted instructions to the instruction register when the hardware latch is in a second state. The coupling of the selection circuitry can be directly to the instruction register of a processor core, or indirectly by directing the output of the selection circuitry to cache memory inside the processor IC so that the instruction register only receives decrypted instructions from the cache memory.

Disclosed embodiments relate to matrix compress/decompress instructions. In one example, a processor includes fetch circuitry to fetch a compress instruction having a format with fields to specify an opcode and locations of decompressed source and compressed destination matrices, decode circuitry to decode the fetched compress instructions, and execution circuitry, responsive to the decoded compress instruction, to: generate a compressed result according to a compress algorithm by compressing the specified decompressed source matrix by either packing non-zero-valued elements together and storing the matrix position of each non-zero-valued element in a header, or using fewer bits to represent one or more elements and using the header to identify matrix elements being represented by fewer bits; and store the compressed result to the specified compressed destination matrix.