Displaying 20 results from an estimated 2094 matches for "speculate".
2014 May 28
2
[LLVMdev] Why does Select have a higher speculation cost than other instructions?
Hi,
The ComputeSpeculationCost() function in
Transforms/Utils/SimplifyCFG.cpp uses a higher speculation cost for
Select than other instructions. Does anyone know why this is?
I would like SimplifyCFG to be able to speculatively execute Select
instructions. Which of these solutions makes the most sense:
1. Change speculation cost of Select from 2 to 1.
2. Add a TargetTransformInfo callback
2019 Sep 17
2
Spectre V1 Mitigation - Internals?
...ecution enters here with a too-large size.
memcpy(local_buffer, untrusted_data_from_caller,
untrusted_size_from_caller);
// The stack has now been smashed, writing an attacker-controlled
// address over the return address.
minor_processing(local_buffer);
return;
// Control will speculate to the attacker-written address.}
During speculative execution, it stores an arbitrary data in the stack
memory (architectural state, I guess).
Doesn't that change the architectural state of the processor? I
learned that all stores are written to register files first and then
if the speculat...
2019 Mar 23
2
GSoC- Speculative compilation support in ORC v2 , looking for mentors!
Hi all,
I would like to propose "Speculative compilation support in ORC v2 JIT
API" for this year GSoC summer project.
Project Description:
Speculative compilation support. One of the selling points of the
concurrent ORC APIs is that you can start compiling a function before
you need it, in the hope that by the time that you do need it it is
already compiled. However, if we just
2020 Jun 08
2
Mitigating straight-line speculation vulnerability CVE-2020-13844
Hi,
A new speculative cache side-channel vulnerability has been published at
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation,
named "straight-line speculation”, CVE-2020-13844.
In this email, I'd like to explain the toolchain mitigation we've prepared
to mitigate against this vulnerability for AArch64.
2005 Jul 28
3
speculative tracing on nevada builds ?
...rt
script. This works fine on s10, but fails with the above error on
nevada builds 14, 17 and 19 (the only builds I have access to).
I set dtrace_err_verbose=1 but didn''t get any more information.
#!/usr/sbin/dtrace -s
syscall::open:entry
{
self->spec = speculation();
speculate(self->spec);
printf("%s", stringof(copyinstr(arg0)));
}
syscall::open:return
/self->spec && errno != 0/
{
commit(self->spec);
self->spec = 0;
}
syscall::open:return
/self->spec && errno == 0/
{
discard(self->spec);...
2019 May 29
2
[RFC] Add support for options -fp-model= and -fp-speculation= : specify floating point behavior
...t floating-point exception semantics are honored.
The ICC option -fp-speculation is described here,
https://software.intel.com/en-us/cpp-compiler-developer-guide-and-reference-fp-speculation-qfp-speculation
These are the meanings of the fp-speculation settings:
fast - Tells the compiler to speculate on floating-point operations. This is equivalent to "fpexcept.ignore" in the constrained intrinsics review D53157.
strict - Tells the compiler to disable speculation on floating-point operations. This is equivalent to "fpexcept.strict" in the constrained intrinsics review...
2006 Sep 20
3
committing multiple speculations in a single probe
While using DTrace to track down a problem recently, we came across an
unexpected restriction: the compiler will not permit different
speculations to be committed in the same instance of a probe identifier.
For instance, consider the following useless D script:
#!/usr/sbin/dtrace -s
#pragma D option nspec=2
BEGIN {
spec1 = speculation();
spec2 = speculation();
}
END {
2019 Sep 17
2
Spectre V1 Mitigation - Internals?
Hi,
Thanks for your email, I understand that the execution stalls until the
predicated state is computed, then we mask pointers with all_zeros_mask if
there is a mis-prediction. But I understand that as soon as the condition
value is available, the processor can check about it's assumptions and
revert back.
That is,
If the branch prediction is correct during speculation, we mask with
2019 Mar 24
2
GSoC- Speculative compilation support in ORC v2 , looking for mentors!
Hi Bekket,
Sorry for the delayed reply.
By appropriate, I mean performance of compiled native code.
I was referring other JIT implementations like LuaJIT & webkit FTL JIT
to see how they implement their JIT. I have gone through the design of
Spider Monkey & Android runtime (ART) JIT. As, you said both region
based and method based compilation unit have their own advantage &
2020 Mar 10
2
[RFC] Speculative Execution Side Effect Suppression for Mitigating Load Value Injection
Hi everyone,
Some Intel processors have a newly disclosed vulnerability named Load Value
Injection.
One pager on Load Value Injection:
https://software.intel.com/security-software-guidance/software-guidance/load-value-injection
Deep dive on Load Value Injection:
https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
I wrote this compiler pass that can
2013 Jul 31
0
[LLVMdev] [Proposal] Speculative execution of function calls
On 31 Jul 2013, at 10:50, "Kuperstein, Michael M" <michael.m.kuperstein at intel.com> wrote:
> This has two main uses:
> 1) Intrinsics, including target-dependent intrinsics, can be marked with this attribute – hopefully a lot of intrinsics that do not have explicit side effects and do not rely on global state that is not currently modeled by “readnone” (e.g. rounding
2019 Sep 16
2
Spectre V1 Mitigation - Internals?
Hi all,
I understand how the speculative information flow attack works. I'm trying
get my head around the spectre v1 mitigation of LLVM.
In the design document here :
https://llvm.org/docs/SpeculativeLoadHardening.html#speculative-load-hardening.
<https://llvm.org/docs/SpeculativeLoadHardening.html#speculative-load-hardening>
Example:
void leak(int data);void example(int* pointer1,
2016 Jul 15
2
RFC: Strong GC References in LLVM
..."blackbox_safety" control dependence. In this case
> we will probably have some optional metadata on loads and
> stores to indicate that the control dependence is actually on
> GC safety.
>
> As a starting point, LLVM will conservatively not speculate such
> loads and stores; and will leave open the potential to upstream
> logic that will have a more precise sense of when these loads and
> stores are safe to speculate.
>
I think you need to define what you mean by control dependence here. If
you mean speculation, you sh...
2013 Jul 31
1
[LLVMdev] [Proposal] Speculative execution of function calls
On 31 July 2013 11:56, David Chisnall <David.Chisnall at cl.cam.ac.uk> wrote:
> The slightly orthogonal question to safety is the cost of execution. For
> most intrinsics that represent CPU instructions, executing them
> speculatively is cheaper than a conditional jump, but this is not the case
> for all (for example, some forms of divide instructions on in-order RISC
>
2020 Mar 20
2
[RFC] Speculative Execution Side Effect Suppression for Mitigating Load Value Injection
Hi everyone!
I want to clarify the purpose and design of SESES. Thus far, I've
characterized it as an LVI mitigation which is somewhat incorrect.
SESES was built as a "big hammer." It is intended to protect against many
side channel vulnerabilities (Spectre v1, Spectre v4, LVI, etc, etc) even
though it was built in response to LVI.
For folks protecting against LVI, this is an
2011 Dec 06
2
[LLVMdev] The nsw story
On Dec 5, 2011, at 7:42 PM, Dan Gohman wrote:
> For example, suppose we want to convert the && to &, and the ?: to a
> select, in this code:
>
> if (a && (b ? (c + d) : e)) {
>
> because we have a CPU architecture with poor branch prediction, or
> because we want more ILP, or because of some other reason. Here's what the
> LLVM IR for that might
2013 Jul 31
4
[LLVMdev] [Proposal] Speculative execution of function calls
Hello,
Chris requested I start a fresh discussion on this, so, here goes. The previous iterations can be found here (and in follow-ups):
http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20130722/182590.html
http://lists.cs.uiuc.edu/pipermail/llvmdev/2013-July/064047.html
Cutting to the chase, the goal is to enhance llvm::isSafeToSpeculativelyExecute() to support call instructions.
2011 Aug 22
4
[LLVMdev] LLVM Concurrency and Undef
Hi all,
I have been trying to understand the use of undef in both sequential
and concurrent programs.
>From the LLVM Language Reference Manual, I see the following
definition of undef.
"Undef can be used anywhere a constant is expected, and indicates that
the user of the value may receive an unspecified bit-pattern".
LLVM Language Reference manual also demonstrates how optimizers
2020 Mar 25
2
[RFC] Speculative Execution Side Effect Suppression for Mitigating Load Value Injection
I'm also a bit unclear on that point. I think one input here has to be:
what are some example, existing codebases we want to mitigate, and what
should the user experience be to mitigate them? I don't think we can make
good engineering tradeoffs without having concrete use cases to evaluate.
Another point: it seems some mitigation options have already been added to
the GNU toolchain
2019 Sep 17
2
ScalarEvolution invariants around wrapping flags
...t with
ScalarEvolution is? I see a few possibilities:
1. Callers are expected to not engage in speculation. ScalarEvolution
itself must only create expressions it knows hold in all cases. This
sounds too restrictive to me.
2. Speculation not allowed outside ScalarEvolution, but
ScalarEvolution can speculate about a specific Loop. I think this
entails making non-AddRec expressions immutable (with Flags included
as part of the FoldingSetID) and ensuring that any modification of an
AddRec is provable within its Loop.
3. Speculation is allowed, and achieved by making all expressions
immutable. Sites curre...