On Oct 3,
2019, at 8:25 AM, Maciej W. Rozycki <macro at
linux-mips.org
wrote:
On Thu, 3 Oct 2019, Maciej W. Rozycki wrote:
> You need an extremely high resolution timer
to detect slight
> differences in
> execution time of speculatively-executed threads. The VAX
> 11/780 certainly did
> not do speculative execution, and my guess is that all VAXen
> did not, either.
The NVAX and NVAX+ implementations include a branch predictor in
their
microarchitecture[1], so obviously they do execute speculatively.
For the record: in NVAX prediction does not extend beyond the
instruction
fetch unit (I-box in VAX-speak), so there's actually no
speculative
execution, but only speculative prefetch.
That's a key point. These vulnerabilities are quite complex and
details matter. They depend on speculation that goes far enough to
make data references that produce cache fills, and that those fills
persist after the speculative references have been voided.
Branch prediction is only the first step, and as you point out, that
alone is nowhere near enough. For example, if a particular design
did speculative execution but not speculative memory references on
adresses that miss in the cache, you'd still have no issue.