Photo by @joshbrown

Speculative Execution of Code

Flaws in most computer chips the last twenty years

Reading in the book Python for Everyone within a small section called Bugs in Silicon I read: “In 2018, security researchers found flaws that are present in nearly every computer chip manufactured in the previous twenty years. These chips exploit an optimization called ‘speculative execution’– computing results ahead of time and discarding those that are not needed.” An adversary can make the program read data speculatively. Think of this article as study notes prior to completion.

What is speculative execution?

We can consider three varieties.

  1. Eager execution is a form of speculative execution where both sides of the conditional branch are executed; however, the results are committed only if the predicate is true. With unlimited resources, eager execution (also known as oracle execution) would in theory provide the same performance as perfect branch prediction. With limited resources eager execution should be employed carefully since the number of resources needed grows exponentially with each level of branch executed eagerly.
  2. Predictive execution is a form of speculative execution where some outcome is predicted and execution proceeds along the predicted path until the actual result is known. If the prediction is true, the predicted execution is allowed to commit, however if there is a misprediction, execution has to be unrolled and re-executed. Common forms of this include branch predictions, and memory dependence prediction. A generalized form is sometimes referred to as value prediction.
  3. Lazy execution does not involve speculation. The incorporation of speculative execution into implementations of the Haskell programming language is a current research topic. Eager Haskell is designed around the idea of speculative execution. A 2003 PhD thesis made GHC support a kind of speculative execution with an abortion mechanism to back out in case of a bad choice called optimistic execution. It was deemed too complicated.

Starting in 2017 a series of security vulnerabilities were found in the implementations of speculative execution on common processor architectures which effectively enabled an elevation of privileges.

Spectres in the Machine

A timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input.




Microarchitectural Data Sampling

There are likely more. Which I have not covered, but this is what I get from a preliminary search and through Wikipedia. Of course this is only surface information.

This is day 91 of #500daysofAI. My current focus for day 50–100 is on AI Safety. If you enjoy this please give me a response as I do want to improve my writing or discover new research, companies and projects.