[Cryptography] Does RISC V solve Spectre ?

[Dennis E. Hamilton]

-----Original Message-----
From: cryptography <cryptography-bounces+dennis.hamilton=acm.org at metzdowd.com> 
On Behalf Of jamesd at echeque.com
Sent: Saturday, March 24, 2018 22:53
To: cryptography at metzdowd.com
Subject: Re: [Cryptography] Does RISC V solve Spectre ?

On 3/24/2018 3:37 PM, Nico Williams wrote:
> It definitely is more complex: for the compiler writers.  They now
> have to repeat this exercise for every release of a CPU.  And software
> needs to be recompiled for each CPU release, or else JITed -- which
> means it's more complex for others too.

Changing the compiler is easier than changing the CPU.

 [orcmid]

This is the malleability of software illusion that hardware engineers have 
relied upon for far too long.  I don't think modern developers of hardware 
fall for that any more.  There have been too many lessons-learned on that 
road.  (Although over-optimization may have happened with 
compilers/assembly-code first, as I recall.)

I don't see that licensing has anything to do with it.   I do think there is a 
big misunderstanding here about the packaging of software distributions and 
when either *install-time* or *run-time* specialization (Bill Frantz' term) is 
required.  And don't be surprised that different implementations of components 
to exploit special hardware capabilities are selected during application 
start-up.

This is all very painful and necessary for commodity distributions of 
high-performance software, whether open-source or not.

And we haven't talked about testing and verification and ways of attacking the 
distributed code along with the software update/release processes, dependency 
management, etc., of applications, not just compilers and their libraries.

This is not a trade-off free situation.

 - Dennis
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography