2-28 PPC405 Core User’s Manual
Note that when address translation is enabled, attempts to fetch from guarded storage result in
instruction storage exceptions. Guarded memory is in most often needed with peripheral status
registers that are cleared automatically after being read, because an unintended access resulting
from a speculative fetch would cause the loss of status information. Because the MMU provides 64
pages with a wide range of page sizes as small as 1KB, fetching instructions from guarded storage
should be unnecessary.
2.8.1.1 Prefetch Distance Down an Unresolved Branch Path
The fetcher will speculatively access up to 19 instructions down a predicted branch path, whether
taken or sequential, regardless of cachability.
2.8.1.2 Prefetch of Branches to the CTR and Branches to the LR
When the instruction fetcher predicts that a bctr or blr instruction will be taken, the fetcher does not
attempt to fetch an instruction from the target address in the CTR or LR if an executing instruction
updates the register ahead of the branch. (See “Instruction Processing” on page 2-23 for a
description of the instruction pipeline). The fetcher recognizes that the CTR or LR contains data left
from an earlier use and that such data is probably not valid.
In such cases, the fetcher does not fetch the instruction at the target address until the instruction that
is updating the CTR or LR completes. Only then are the “correct” CTR or LR contents known. This
prevents the fetcher from speculatively accessing a completely “random” address. After the CTR or
LR contents are known to be correct, the fetcher accesses no more than five instructions down the
sequential or taken path of an unresolved branch, or at the address contained in the CTR or LR.
2.8.2 Preventing Inappropriate Speculative Accesses
A memory-mapped I/O peripheral, such as a serial port having a status register that is automatically
reset when read provides a simple example of storage that should not be speculatively accessed. If
code is in memory at an address adjacent to the peripheral (for example, code goes from
0x0000 0000 to 0x0000 0FFF, and the peripheral is at 0x0000 1000), prefetching past the end of the
code will read the peripheral.
Guarding storage also prevents prefetching past the end of memory. If the highest memory address is
left unguarded, the fetcher could attempt to fetch past the last valid address, potentially causing
machine checks on the fetches from invalid addresses. While the machine checks do not actually
cause an exception until the processor attempts to execute an instruction at an invalid address, some
systems could suffer from the attempt to access such an invalid address. For example, an external
memory controller might log an error.
System designers can avoid problems from speculative fetching without using the guarded storage
attributes. The rest of this section describes ways to prevent speculative instruction fetches to
sensitive addresses in unguarded memory regions.
2.8.2.1 Fetching Past an Interrupt-Causing or Interrupt-Returning Instruction
Suppose a bctr or blr instruction closely follows an interrupt-causing or interrupt-returning instruction
(sc, rfi, or rfci). The fetcher does not prevent speculatively fetching past one of these instructions. In
other words, the fetcher does not treat the interrupt-causing and interrupt-returning instructions
specially when deciding whether to predict down a branch path. Instructions after an rfi, for example,
are considered to be on the determined branch path.