[PATCH] D49073: Introducing __builtin_speculation_safe_value

Kristof Beyls via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon Jul 9 04:49:40 PDT 2018


kristof.beyls created this revision.
Herald added subscribers: cfe-commits, aheejin, dschuff.

This is part of implementing a technique to mitigate against Spectre v1,
similar in spirit to what has been proposed by Chandler for X86_64 at
http://lists.llvm.org/pipermail/llvm-dev/2018-March/122085.html.

This patch adds a new builtin function that provides a mechanism for
limiting the effects of miss-speculation by a CPU.
This patch provides the clang-side of the needed functionality; there is
also an llvm-side patch this patch is dependent on.

We've tried to design this in such a way that it can be used for any
target where this might be necessary. The patch provides a generic
implementation of the builtin, with most of the target-specific
support in the LLVM counter part to this clang patch.

The signature of the new, polymorphic, builtin is:

T __builtin_speculation_safe_value(T v)

T can be any integral type (signed or unsigned char, int, short, long,
etc) or any pointer type.

The builtin assures that value v will be made 0 on execution paths that
are being executed under control flow miss-speculation by the CPU, when
the miss-speculated path originated due to misprediction of a direct
conditional branch.

Whereas this still leaves open the possibility of execution on a
miss-speculated path starting at misprediction of other control flow
instructions, our believe is that the above guarantee is still useful in
mitigating vulnerability to Spectre v1-style attacks and implementable
for most, if not all, target instruction sets.

This also introduces the predefined pre-processor macro
__HAVE_SPECULATION_SAFE_LOAD, that allows users to check if their
version of the compiler supports this intrinsic.


Repository:
  rC Clang

https://reviews.llvm.org/D49073

Files:
  include/clang/Basic/Builtins.def
  include/clang/Basic/DiagnosticSemaKinds.td
  include/clang/Sema/Sema.h
  lib/CodeGen/CGBuiltin.cpp
  lib/Frontend/InitPreprocessor.cpp
  lib/Sema/SemaChecking.cpp
  test/CodeGen/builtin-speculation-safe-value.c
  test/Preprocessor/init.c
  test/Sema/builtin-speculation-safe-value.c
  test/Sema/builtin-speculation-safe-value.cpp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D49073.154575.patch
Type: text/x-patch
Size: 11489 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180709/abfea6cf/attachment-0001.bin>


More information about the cfe-commits mailing list