[Simh] VAX + Spectre

Bob Supnik bob at supnik.org
Tue Sep 17 13:55:52 EDT 2019 

Funny you should ask. The short answer is no. No VAX ever did 
speculative or out of order execution.

Three developments had to come together for Spectre-style bugs:

1. Speculative execution that affects the cache or other indirectly 
testable state.
2. A high-precision, user-mode timer (for measuring cache or branch 
table perturbation effects).
3. A 'close-in' entity that can do low-latency measurements - the other 
thread(s) in a hyper-threaded CPU; another core in a multi-core chip; 
another processor on a SMP bus with extremely fast response time.

The VAX lacked all three. Aquarius and NVAX pipelined instruction 
execution, but they did not go out of order. The high-precision timers 
were IPRs only accessible in kernel mode. And the other processors in an 
SMP were very 'distant' in modern terms.

While IBM gets the credit (or blame) for speculative execution, it was 
Intel's decision to allow speculation to perturb the data cache that put 
the cat among the pigeons. Tthe high-precision user mode timer started 
with Alpha's cycle timer. As for close-in entities... the roots are 
tangled. Hyperthreading was in the air in the mid to late 90s; EV8 was a 
four-way threaded design. So was multicore - the WRL chip team proposed 
an eight-core EV56 as a cheaper-to-design-and-build alternative to EV8.

A more interesting question - and one more relevant, since a lot of 
Alphas are still running - is whether Alpha (in particular, EV6) is 
vulnerable. Again, I'm pretty sure the answer is no.  While EV6 did 
speculative execution, it would not allow speculative loads or stores to 
perturb the cache. It would be very difficult to exploit the branch 
prediction or subroutine return prediction tables, because they would be 
massively perturbed by any switch to a measurement thread or process. 
And theAlpha interprocessor SMP buses were too slow to allow effective 
measurements by a different processor.

/Bob

On 9/17/2019 12:00 PM, simh-request at trailing-edge.com wrote:
> Message: 1
> Date: Tue, 17 Sep 2019 09:55:01 -0400
> From: Paul Koning<paulkoning at comcast.net>
> To: SIMH<simh at trailing-edge.com>, "General Discussion: On-Topic and
> 	Off-Topic Posts"<cctalk at classiccmp.org>
> Subject: [Simh] Fwd: VAX + Spectre
> Message-ID:<21F0E611-E49F-422A-9D66-EDBA660AD106 at comcast.net>
> Content-Type: text/plain; charset="utf-8"
>
> "Spectre" is one of two notorious bugs of modern CPUs involving speculative execution.  I rather doubt that VAX is affected by this but I suspect others here have a lot more knowledge.
>
> 	paul

More information about the Simh mailing list