Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!ginosko!uunet!lotus!esegue!johnl
From: johnl@esegue.segue.boston.ma.us (John R. Levine)
Newsgroups: comp.arch
Subject: Re: Self-modifying code
Message-ID: <1989Oct12.014402.1937@esegue.segue.boston.ma.us>
Date: 12 Oct 89 01:44:02 GMT
References: <6481@pt.cs.cmu.edu> <9175@etana.tut.fi>
Reply-To: johnl@esegue.segue.boston.ma.us (John R. Levine)
Organization: Segue Software, Cambridge MA
Lines: 38

In article <9175@etana.tut.fi> pl@etana.tut.fi (Lehtinen Pertti) writes:
>From article <6481@pt.cs.cmu.edu>, by koopman@a.gp.cs.cmu.edu (Philip Koopman):
>	I've been lately wondering if there is any architecture
>	with possibility to execute instruction indirectly.

Lots of architectures do.  The IBM 370 has an execute instruction, as
does the DEC-20, GE 635 or whatever they call it these days (Bull DPS-8,
perhaps) and many other more antique or obscure machines.

Each has its own quirks.  On the 370, EX takes two operands, the address of
the instruction to execute and a register.  The low byte of the register is
logically or-ed with the instruction before it is executed (in the
instruction decoder, not in memory.)  In memory-to-memory move or compare
instructions, the second byte is the length, so this is how you faked
variable length string instructions on the 360.  The success of this approach
can be appreciated by noting that one of the changes in the 370 was to add
variable length string compare and move instructions.  It is expressly
forbidden to execute another execute instruction.

On the DEC-20, you can execute anything you want, including another execute
instruction.  On the '20 the execute instruction again takes two operands,
the location of the instruction to be executed and a register.  In early
implementations of the PDP-6 and PDP-10 the register was ignored, but later
they used the register field to mean things like "interpret the source
address in user context" to make it easier to fetch and store user data while
executing a system call in kernel mode.  The -20 also takes interrupts by
executing instructions in fixed addresses.  You can use a "read (or write)
word and increment pointer," thereby implementing a poor man's DMA.

I haven't seen execute instructions on any more modern machines; I guess that
the same arguments that give us read-only code say that the hackery to
implement execute isn't worth it either.  i can't see how you could implement
it on a pipelined machine without totally draining the pipeline, thus causing
a terrible performance hit.
-- 
John R. Levine, Segue Software, POB 349, Cambridge MA 02238, +1 617 864 9650
johnl@esegue.segue.boston.ma.us, {ima|lotus|spdcc}!esegue!johnl
Massachusetts has over 100,000 unlicensed drivers.  -The Globe