Again, speculation can be a very complicated and nuanced technique to get right, so processor designers can be reluctant to share all the details. As with branch prediction, if the assumption proves incorrect when the test finally completes, then nothing extra is lost: the processor restores its state to the checkpoint and carries on. Rather than wait for that result, the processor assumes what it might be, checkpoints how it's set up at the point of the test, and carries on. Sometimes that test can take some time to complete, especially if it involves retrieving data from external memory. Typically, a program does a calculation or logical test that sets up how the subsequent instructions behave. Speculative execution is a more general form of the ideas behind branch prediction. The details of how it works are often vague, although common techniques include keeping a statistical track of how a branch has proceeded in the past. There's no extra performance loss from a failed branch prediction, and a large benefit if it's right, so branch prediction is a big advantage.įurthermore, the better branch prediction is, the better the chip performs, so it's an area where chip vendors can profitably spend a lot of engineering time and also where trade secrets are very important. At some point further down the pipeline, when the branch has been evaluated and the actual result computed, the processor either just carries on - it got the guess right - or stalls the pipeline and starts anew. If the branch is conditional - jump if some data has a certain value, don't jump otherwise, or jump to a computed value - the processor attempts to guess which path will be followed and uses that to fill its pipeline. To offset that, when the processor first encounters a branch instruction entering the pipeline it immediately starts to load in the new instructions from the branch destination. When that happens, all of the instructions within the pipeline that happen after the branch instruction are no longer valid, because execution is starting afresh from a different area of memory. This realisation leads to two major design features of contemporary processors, branch prediction and speculative execution, and these are at the heart of the new class of security vulnerability.Įvery program jumps about or branches within its execution, switching from one chain of instructions to another. Two things reliably stall a pipeline: branches and tests. If for whatever reason it has to be flushed out and processing started afresh - a pipeline stall - this is very expensive in wasted time. Keeping the pipeline full is very important.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |