[libre-riscv-dev] [Bug 209] New: spectre-proof speculative execution
bugzilla-daemon at libre-riscv.org
bugzilla-daemon at libre-riscv.org
Thu Mar 5 19:21:17 GMT 2020
http://bugs.libre-riscv.org/show_bug.cgi?id=209
Bug ID: 209
Summary: spectre-proof speculative execution
Product: Libre Shakti M-Class
Version: unspecified
Hardware: All
OS: All
Status: CONFIRMED
Severity: enhancement
Priority: ---
Component: Specification
Assignee: programmerjake at gmail.com
Reporter: programmerjake at gmail.com
CC: libre-riscv-dev at lists.libre-riscv.org
NLnet milestone: ---
https://groups.google.com/d/msg/comp.arch/1OvTXelf5TE/EMgX17YEBAAJ
One idea I had for making a spectre-proof speculative execution engine is to
build a theoretical model CPU such that it compares a branch oracle to the
results of it's branch prediction unit and takes the amount of time needed by
the misprediction penalty when the branch predictor mispredicts, but doesn't
actually execute any mispredicted instructions. This makes the model CPU unable
to have spectre-style vulnerabilities since it doesn't do any actual
speculative execution.
Then, a physical CPU is built using the exact same design (where every
instruction and every cache state change completes at the exact same clock
cycle as the corresponding instruction in the theoretical model) but using
speculative execution instead of the branch oracle. This gives a physical cpu
that can be proven to not have any timing vulnerabilities that the model CPU
doesn't have (ruling out spectre-style vulnerabilities) by proving that it
follows the same steps as the model CPU.
I started writing some code to simulate that, but didn't finish.
Jacob
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the libre-riscv-dev
mailing list