[Cryptography] Speculation considered harmful?
Nico Williams
nico at cryptonector.com
Mon Jan 8 23:58:22 EST 2018
On Mon, Jan 08, 2018 at 06:35:36AM -0500, John Levine wrote:
> In article <7f4174cb-b842-1314-587a-dd32711a81bf at symas.com> you write:
> >> One of them is VLIW, or "Very Long Instruction Word," which exploits
> >> deliberately explicit instruction level parallelism rather than implicit
> >> (speculative) instruction parallelism.
> >
> >Intel EPIC -> Itanium -> nobody liked that path.
>
> There is room for debate about what was wrong with Itanium.
>
> I know the guys who invented VLIW. It speculates all over the place,
> with part of the idea being that some of the work the long
> instructions do is thrown away if it turns out that it's on a path
> that turns out not to be taken. I have no idea whether its flavor of
> speculation can be used for the same kind of attacks.
Provided it doesn't speculate behind the compiler's back, you could just
disable speculation by having the compiler emit slower, more sequential
code. That's the real idea of VLIW: let the compiler do more of the
work. That was also the problem with VLIW: it's difficult to make the
compiler do that work. But maybe LLVM and friends have become advanced
enough that it could work now, and maybe bitcode could be the new object
code so we could have non-stable VLIW ABIs. In any case, it seems a bit
late for a second look at Itanium.
More information about the cryptography
mailing list