Hacker News new | past | comments | ask | show | jobs | submit login

Here's the big takeaway.

At first, I thought I had the wrong version of the compiler, since I wasn't seeing any LFENCEs. Finally, I tried compiling my example code from the Appendix of the Spectre paper, and saw LFENCEs appearing. Still, even small variations in the source code resulted in unprotected code being emitted, with no warning to developers.

Theres some explanation for why this is the case, but it's not looking all that good for Microsoft's implementation, IMO.




The actual conclusion is fairly clear also "Developers and users cannot rely on Microsoft's current compiler mitigation to protect against the conditional branch variant of Spectre."

"Speculation barriers are only an effective defense if they are applied to all vulnerable code patterns in a process" Which they are not, since that would be a huge performance hit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: