The Spectre and Meltdown CPU exploits, which permit information to leak from extremely safe components of a pc to essentially wherever, are unhealthy as a result of they need to do with one thing fairly basic in how trendy laptop processors work. This is a characteristic referred to as department prediction, which mainly implies that a CPU would possibly course of information earlier than it is truly wanted in conditions the place a program has to decide to do one factor as a substitute of one other factor, which known as branching.
Here’s an entire factor on how that works by way of Spectre and Meltdown. For now, simply understanding that branching is fairly vital to how laptop packages work however it will probably additionally result in optimizations which can be insecure. One excessive resolution may be eradicating branching from laptop packages altogether. Make software program completely, 100 % deterministic.
That’s what Github consumer xoreaxeaxeax did to Doom. Their model of the sport is branchless and depends on only a single machine instruction. There’s no branching, and even arithmetic: The solely processor command it comprises is “mov”, which scoots information from reminiscence handle to reminiscence handle. It’s truly an illustration of xoreaxeaxeax’s extra common C compiler, the M/o/Vfuscator2, which converts instructions within the C programming language into machine-level directions. Or, on this case, instruction, singular.
The draw back of that is that the ensuing machine directions are spectacularly inefficient. Single-instruction, branchless Doom renders a single body each seven hours on a 386 Intel processor. Security ain’t free.
This article sources info from Motherboard