Path: ...!eternal-september.org!feeder2.eternal-september.org!newsfeed.bofh.team!paganini.bofh.team!not-for-mail From: antispam@fricas.org (Waldek Hebisch) Newsgroups: comp.arch Subject: Re: Reverse engineering of Intel branch predictors Date: Fri, 1 Nov 2024 19:04:38 -0000 (UTC) Organization: To protect and to server Message-ID: References: Injection-Date: Fri, 1 Nov 2024 19:04:38 -0000 (UTC) Injection-Info: paganini.bofh.team; logging-data="1782254"; posting-host="WwiNTD3IIceGeoS5hCc4+A.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A"; User-Agent: tin/2.6.2-20221225 ("Pittyvaich") (Linux/6.1.0-9-amd64 (x86_64)) X-Notice: Filtered by postfilter v. 0.9.3 Bytes: 2330 Lines: 30 Thomas Koenig wrote: > Seems like Intel branch predictors have been pretty completely > reverse-engineered. The following paper promises to for very > interesting reading: > > https://www.usenix.org/conference/usenixsecurity24/presentation/li-luyi > > I wonder what you think of this... There are more papers on this topic. There were several papers on variations of Spectre. I think that there is simple condition which guarantees that nothing Spectre-related affects given processor: the sequence of microarchitecutral operations (incuding speculative operations) should depend only on architecturaly executed instructions. So, processor may do widely speculative things, but only base speculation on architecturaly executed instructions. Some people try to just close single hole at a time, IMO it is hopeless, there are too many possible variations. And weaker conditions, like "cancelling" effects of speculative instructions are likely to fail. My impression is that it is relatively easy to modify Intel scheme to depend only on architectural state. Impact of such restriction on performance is not clear. In case of branch predictor itself it means delay feedback by some number of clocks, which looks like minor cost. OTOH delaying fetches from speculatively fetched addresses will increase latency on critical path, possibly leading to significant slowdown. -- Waldek Hebisch