| Deutsch English Français Italiano |
|
<6f26c7df4e339b3c2e85ec4b2291f106@www.novabbs.org> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!news.nk.ca!rocksolid2!i2pn2.org!.POSTED!not-for-mail From: mitchalsup@aol.com (MitchAlsup1) Newsgroups: comp.arch Subject: Re: Reverse engineering of Intel branch predictors Date: Fri, 1 Nov 2024 21:21:53 +0000 Organization: Rocksolid Light Message-ID: <6f26c7df4e339b3c2e85ec4b2291f106@www.novabbs.org> References: <vfbfn0$256vo$1@dont-email.me> <vg38o4$1mcfe$1@paganini.bofh.team> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Info: i2pn2.org; logging-data="506623"; mail-complaints-to="usenet@i2pn2.org"; posting-account="o5SwNDfMfYu6Mv4wwLiW6e/jbA93UAdzFodw5PEa6eU"; User-Agent: Rocksolid Light X-Rslight-Posting-User: cb29269328a20fe5719ed6a1c397e21f651bda71 X-Rslight-Site: $2y$10$KF7XLfF1B0QXjq445h9JIeHe0qQJ6BHzesVWCUWRPQZao.D5TXSyi X-Spam-Checker-Version: SpamAssassin 4.0.0 Bytes: 2683 Lines: 41 On Fri, 1 Nov 2024 19:04:38 +0000, Waldek Hebisch wrote: > Thomas Koenig <tkoenig@netcologne.de> wrote: >> Seems like Intel branch predictors have been pretty completely >> reverse-engineered. The following paper promises to for very >> interesting reading: >> >> https://www.usenix.org/conference/usenixsecurity24/presentation/li-luyi >> >> I wonder what you think of this... > > There are more papers on this topic. There were several papers > on variations of Spectre. I think that there is simple condition > which guarantees that nothing Spectre-related affects given > processor: the sequence of microarchitecutral operations (incuding > speculative operations) should depend only on architecturaly > executed instructions. The easiest way to state this succinctly is:: No microarchitectural state can be updated until the instruction causing said update retires. Caches, TLBs, and all predictor state(s) has to be included in the above. > So, processor may do widely speculative > things, but only base speculation on architecturaly executed > instructions. The processor can maintain look-ahead predictor state and use it at decode/issue but it has to verify said state in order to retire. > Some people try to just close single hole at > a time, IMO it is hopeless, there are too many possible > variations. So far its been almost t10 years of closing one hole after another and they are still closing holes. So, I agree with the hopeless- ness of that line of attack. > And weaker conditions, like "cancelling" effects > of speculative instructions are likely to fail. These also lead to replay-storms.