[libre-riscv-dev] [Bug 209] New: spectre-proof speculative execution

bugzilla-daemon at libre-riscv.org bugzilla-daemon at libre-riscv.org
Thu Mar 5 19:21:17 GMT 2020


            Bug ID: 209
           Summary: spectre-proof speculative execution
           Product: Libre Shakti M-Class
           Version: unspecified
          Hardware: All
                OS: All
            Status: CONFIRMED
          Severity: enhancement
          Priority: ---
         Component: Specification
          Assignee: programmerjake at gmail.com
          Reporter: programmerjake at gmail.com
                CC: libre-riscv-dev at lists.libre-riscv.org
   NLnet milestone: ---


One idea I had for making a spectre-proof speculative execution engine is to
build a theoretical model CPU such that it compares a branch oracle to the
results of it's branch prediction unit and takes the amount of time needed by
the misprediction penalty when the branch predictor mispredicts, but doesn't
actually execute any mispredicted instructions. This makes the model CPU unable
to have spectre-style vulnerabilities since it doesn't do any actual
speculative execution.

Then, a physical CPU is built using the exact same design (where every
instruction and every cache state change completes at the exact same clock
cycle as the corresponding instruction in the theoretical model) but using
speculative execution instead of the branch oracle. This gives a physical cpu
that can be proven to not have any timing vulnerabilities that the model CPU
doesn't have (ruling out spectre-style vulnerabilities) by proving that it
follows the same steps as the model CPU.

I started writing some code to simulate that, but didn't finish.


You are receiving this mail because:
You are on the CC list for the bug.

More information about the libre-riscv-dev mailing list