[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cryptography] Does RISC V solve Spectre ?
- From: Nico Williams <nico AT cryptonector.com>
- Subject: Re: [Cryptography] Does RISC V solve Spectre ?
- Date: Sat, 24 Mar 2018 00:37:22 -0500
- Arc-authentication-results: i=1; mx.google.com; dkim=neutral (body hash did not verify) firstname.lastname@example.org header.s=cryptonector.com header.b=TLKJcYLV; spf=pass (google.com: best guess record for domain of cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com designates 2001:470:30:84:e276:63ff:fe62:3500 as permitted sender) smtp.mailfrom=cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:to:from:date:dkim-signature :delivered-to:arc-authentication-results; bh=yC0Qj8KoAYk0YIXfwNYxkUR6CVVfFcCCrzC8qoT0JRA=; b=Bdb1te+PqNLikeIqlPFdMt/bZw7V4d/4o10OBij5mpgKctye97FB0x2JAeED6EqlC1 eDWvSw1hqLdqZUeL5uI7SJET66bLL5kJF1cLHEJLOl0MQtvEORiSdQTH40KUBLGeiCPE zqqK37OhnbrQf7fLAU8TL1IsHr7k88yNDe7d2/gBDE8paCBtCwLUR7AJ/GNfGE+VzfC4 WIzOLgIgTeoNhWdKrRkdgFSAatuzTXwJUPhCE6wSymJYBK37DszAFZ2NSqQzy8fTLk1q 5Iv0Gpfk7gM3KpaGBQZSKINU8AXm9DY5WH96qXb+alAYVDlpKVkVC+781QRQpyUmZVLT lUHw==
- Arc-seal: i=1; a=rsa-sha256; t=1521925595; cv=none; d=google.com; s=arc-20160816; b=gxAlnUvhAog6ipMLpJ+ljcuf+9nVyvAGrkoAu7hWQrN1GKYfP0Qtfl5iU8+AqWqa2U 37DoSycNB910+DFMEAzmfl2fNnE2vPUx4BoSj6ibaWSJtYaiJOpcRmAsYnEO7E05IOlF 5VN/bBj80xU3NY/aJOmrbEnGQKnp5hEojWvu7838y8Zt1vrwU/FH2hX8B9KGdexLa/xV 5k1UUekWANtCEKeC6vkoTyyL3QV2ryjNeaSv5KBpBq/w6OxwZs0Y78ZCl81hW3ShaYBJ NQBt34WVWdnmaPkGOi0iM2xZVuD1OwgP1kFcLgl55V/woed4GyMQTEdMM+3vfDyHesCz /vog==
- Cc: cryptography AT metzdowd.com, Henry Baker <hbaker1 AT pipeline.com>
- List-archive: <http://www.metzdowd.com/pipermail/cryptography/>
- Sender: "cryptography" <cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com>
- To: Ray Dillinger <bear AT sonic.net>
On Fri, Mar 23, 2018 at 07:40:56PM -0700, Ray Dillinger wrote:
> Determining when to undertake these actions is not too hard for the
> logic overhead expressed in silicon which presently runs during the code
> execution. Moving that overhead to the compiler doesn't make it more
> complex than it already is.
It definitely is more complex: for the compiler writers. They now have
to repeat this exercise for every release of a CPU. And software needs
to be recompiled for each CPU release, or else JITed -- which means it's
more complex for others too.
Also, it's not as trivial as you might think because the time to perform
a load is not predictable because of the various levels of cache, the
time to store isn't either because of cache coherency issues, and the
time to perform memory barriers and atomic memory operations isn't
predictable for the same reasons. Meaning: a compiler can't quite
schedule things correctly. Instead a compiler might have to generate
micro event loops where hopefully work can be found to do while waiting.
Ultimately a compiler might even generate code that speculates, leaving
you roughly at square one (though trading the horrible CPU update
considerations for software update considerations)!
This road is just no fun to travel, and that's probably why we haven't
gone that far on it.
The cryptography mailing list
cryptography AT metzdowd.com