Spectre
can someone summarize what Spectre consists of? and what exactly causes it?
thanks
It's simple. These problems are caused by speculative execution (for example, predicting the outcome of a conditional branch) that turns out to be incorrect AND THEN not 100% reversing changes made by the instructions that shouldn't have been executed.
Obviously every CPU with branch prediction will correctly undo things such as changes to CPU registers or stores to memory. If they didn't then nothing would ever work.
But there are more subtle things. For example if a load instruction is killed, it might have already caused a cache miss, and loaded that data into the cache, displacing some other data from the cache. If you carefully pre-load the cache with known data then run a load instruction after a branch, you can detect afterwards whether the branch was mispredicted by checking how long it takes to load data items that you know were in the cache.
Similar things happen for branch predictors. A conditional branch that is itself speculatively executed might update the branch prediction flags for that branch, even if the branch itself ends up being undone.
It's actually not very difficult to eliminate these things, using exactly the same kinds of techniques that are used for updating memory and registers: things like store queues or reorder buffers that don't update the real resource until the instruction is no longer speculative, and that are thrown away in the event of a misprediction. It's pretty easy and cheap to do this for loads into the cache, updated to branch predictors etc, with little or no performance penalty -- mostly it's just a small amount extra circuitry and so area&power, and maybe a couple of extra gate delays. I doubt whether it's even a 1% hit.
The only hard thing is realising that you SHOULD do that.
Preferably *before* you ship billions of processors where you didn't do that, like Intel and ARM have.
That's where RISC-V has an opportunity. There is nothing inherent about RISC-V, it just happens to be lucky timing that no one shipped a RISC-V processor with speculative execution before designers became aware of Spectre and Meltdown. (BOOM doesn't count, since no one except Chris Celio has ever used it)
Note: branch prediction by itself doesn't cause problems in an in-order processor because although incorrect instructions get fetched and decoded, they don't get to the execution or writeback pipe stage before the branch misprediction is discovered.