Hacker News new | ask | show | jobs
by dekhn 3082 days ago
I don't agree. If a spec leaves out details, the impelmentors are free to make reasonable decisions on how to implement it. It's more likely the spec didn't really have much to say about promises on the visible effects of speculative execution (the specs are often highly detailed about what side effects can be visible, this is a consequence of modern complex processors, which have very subtle designs).

A bug would occur in the case where the specification specified that there were no visible side effects from these mispredicted speculative executions, and the processor implementor failed to implement that part of the specification. This is a big deal because if it's a bug, Intel is liable.

It's likely all processors with these kinds of features, the specs will get updated to be more specific about these kinds of side effects.
3 comments
rnhmjoj 3082 days ago
I think the specification has a problem if a conformant implementation has a problem, particularly if it's a security one. There should be as little as possible left free to the implementors.

The KRACK attack from a couple months ago it's due to the fact the WPA2 specification was ambiguous about what values to accept. Most implementations allowed decrypting traffic and a few even hosts impersonating other hosts but they were perfectly conformant. I would say there is a flaw in the WPA2 specification.

There are always going to be unintended consequences but this one about effects of branch prediction seems, ironically, quite predictable.

link
dekhn 3082 days ago
Every design is a tradeoff and spec authors don't want implementators to have their hands tied fixing every last problem.
link
dmannorreys 3082 days ago
Are you saying a bug cannot exist unless some functionality is specifically mentioned in the specification, and broken in reality?
link
dekhn 3082 days ago
From the perspective of Intel, as well as most of the microprocessor industry, yeah. Even "broken in reality" is arguable: while this is indeed an exploit, choosing performance over security (when the resources to implement a chip are finite) is a legitimate design tradeoff.
link
stcredzero 3081 days ago
Are you saying a bug cannot exist unless some functionality is specifically mentioned in the specification, and broken in reality?

That's a philosophical stance known as "positivism."

link
jsjohnst 3082 days ago
> If a spec leaves out details

Who do you think wrote the spec here?

link
dekhn 3082 days ago
system architects at intel, obviously.
link
jsjohnst 3082 days ago
Ok, so your saying Intel wrote a poor spec and implemented to that spec, so no fault of theirs because “we implemented to the spec”?
link
dekhn 3082 days ago
I didn't say it was no fault of theirs. But it does really matter, to Intel, and their (large-scale) customers in terms of liability.
link
erikj 3082 days ago
So Intel is still liable then.
link