Sujet : Re: Reverse engineering of Intel branch predictors
De : mitchalsup (at) *nospam* aol.com (MitchAlsup1)
Groupes : comp.archDate : 23. Oct 2024, 22:06:41
Autres entêtes
Organisation : Rocksolid Light
Message-ID : <c517f562a19a0db2f3d945a1c56ee2e6@www.novabbs.org>
References : 1
User-Agent : Rocksolid Light
On Wed, 23 Oct 2024 18:36:16 +0000, Thomas Koenig wrote:
Seems like Intel branch predictors have been pretty completely
reverse-engineered. The following paper promises to for very
interesting reading:
>
https://www.usenix.org/conference/usenixsecurity24/presentation/li-luyi
>
I wonder what you think of this...
A couple of points (likely perinate only to me)::
In MY 66000 ISA::
a) RET is not predicted
b) switch() is not predicted
c) method calls are not predicted
d) GOT calls are not predicted
Which pretty much gets rid of the problem.
c+d) GOT calls and method calls use the CALX instruction which
loads IP from memory--thus not needing prediction--and not using
a trampoline, either.
a) When RET is seen in the instruction stream more than 1 cycle
in front of the DECODE point, various mechanisms are used to
fetch instructions at the return address.
b) switch() is the JTT instruction