NaCl documentation: nits on ARM sandbox documentation

native_client_sdk/doc_generated/reference/sandbox_internals/arm-32-bit-sandbox.html

 {{+bindTo:partials.standard_nacl_article}}
 
 <section id="arm-32-bit-sandbox">
 <h1 id="arm-32-bit-sandbox">ARM 32-bit Sandbox</h1>
 <p>Native Client for ARM is a sandboxing technology for running
 programs&#8212;even malicious ones&#8212;safely, on computers that use 32-bit
 ARM processors. The ARM sandbox is an extension of earlier work on
 Native Client for x86 processors. Security is provided with a low
 performance overhead of about 10% over regular ARM code, and as you&#8217;ll
 see in this document the sandbox model is beautifully simple, meaning
@@ skipping 393 matching lines @@
 <h5 id="the-native-client-solution-bundles">The Native Client Solution: &#8220;Bundles&#8221;</h5>
 <p>For <em>indirect branch</em>, we can address the first problem by simply
 masking some high-order bits off the address, like we did for <em>load</em> and
 <em>store</em>. The second problem is more subtle. Detecting every possible
 route that every <em>indirect branch</em> might take is difficult. Instead, we
 take the approach pioneered by the original Native Client: we restrict
 the possible places that any <em>indirect branch</em> can land. On Native
 Client for ARM, <em>indirect branch</em> can target any address that has its
 bottom four bits clear&#8212;any address that&#8217;s <code>0 mod 16</code>. We call these
 16-byte chunks of code &#8220;bundles&#8221;. The validator makes sure that no
-pseudo-instruction straddles a bundle boundary. Compilers must pad with`
-<cite>nop`</cite>s to ensure that every pseudo-instruction fits entirely inside
-one bundle.</p>
+pseudo-instruction straddles a bundle boundary. Compilers must pad with
+<code>nop</code> to ensure that every pseudo-instruction fits entirely inside one
+bundle.</p>
 <p>Here is the <em>indirect branch</em> pseudo-instruction. As you can see, it
 clears the top two and bottom four bits of the address:</p>
 <pre>
 bic  rA,  #0xC000000F
 bx   rA
 </pre>
 <p>This particular pseudo-instruction (a <code>bic</code> followed by a <code>bx</code>) is
 used for computed jumps in switch tables and returning from functions,
 among other uses. Recall that, under ARM&#8217;s modified immediate rules, we
 can fit the constant <code>0xC000000F</code> into the <code>bic</code> instruction&#8217;s
@@ skipping 146 matching lines @@
 <p>As we discussed in the last section, ARM code in Native Client is
 structured in 16-byte bundles. We allow literal pools by putting them in
 special bundles, called data bundles. Each data bundle can contain 12
 bytes of arbitrary data, and the program can have as many data bundles
 as it likes.</p>
 <p>Each data bundle starts with a breakpoint instruction, <code>bkpt</code>. This
 way, if an <em>indirect branch</em> tries to enter the data bundle, the process
 will take a fault and the trusted runtime will intervene (by terminating
 the program). For example:</p>
 <pre>
+.p2align 4
 bkpt #0x5BE0          ; Must be aligned 0 mod 16!
 .word 0xDEADBEEF      ; Arbitrary constants are A-OK.
 svc #30               ; Trying to make a syscall? OK!
 str r0, [r1]          ; Unmasked stores are fine too.
 </pre>
 <p>So, we have a way for programs to create an arbitrary, even dangerous,
 chunk of data within their code. We can prevent <em>indirect branch</em> from
 entering it. We can also prevent fall-through from the code just before
 it, by the <code>bkpt</code>. But what about <em>direct branch</em> straight into the
 middle?</p>
@@ skipping 210 matching lines @@
 <h4 id="validator-code">Validator Code</h4>
 <p>By now you&#8217;re itching to see the sandbox validator&#8217;s code and dissect
 it. You&#8217;ll have a disapointing read: at less that 500 lines of code
 <a class="reference external" href="http://src.chromium.org/viewvc/native_client/trunk/src/native_client/src/trusted/validator_arm/validator.cc">validator.cc</a>
 is quite simple to understand and much shorter than this document. It&#8217;s
 of course dependent on the <a class="reference external" href="http://src.chromium.org/viewvc/native_client/trunk/src/native_client/src/trusted/validator_arm/armv7.table">ARMv7 instruction table definition</a>,
 which teaches it about the ARMv7 instruction set.</p>
 </section></section></section></section>
 
 {{/partials.standard_nacl_article}}