I wonder whether having the language know about array bounds (i.e. memory safety) makes it easier to deploy mitigations against Spectre…
-
Show this thread
-
In C bounds checks aren’t tightly coupled to the underlying guarded data. But in a safe PL, check+load is conceptually a single atomic op.
3 replies 1 retweet 5 likesShow this thread -
So, in theory, if we had a “load without speculation” CPU insn, a safe language could use it precisely for bounds checked data.
3 replies 8 retweets 18 likesShow this thread -
Replying to @pcwalton
The first thing that came to mind was .get(i).cloned() - it's easier when it's a panic or abort, but you can just as well go through libraries and rely on optimizations to place the instructions close together.
1 reply 0 retweets 0 likes -
Replying to @eddyb_r
I’m not sure what you’re saying here. Presumably .get(i) would also load without speculation, right?
1 reply 0 retweets 0 likes -
Replying to @pcwalton
Well, .get(i) doesn't load (returns Option<&T>), but .cloned() and .map(|x| *x) do when combined with it, and while they can be separated in the source, LLVM can still optimize it into the problematic instruction patterns.
1 reply 0 retweets 0 likes -
Replying to @eddyb_r
Well, presumably LLVM’s optzns would need to become aware of “load nospeculate”. Or maybe nospeculate should be a flag on pointer types?
1 reply 0 retweets 0 likes -
Actually, bleh, having a flag on pointer types obviously doesn’t work for interprocedural reasons. This is nasty…
1 reply 0 retweets 2 likes -
Replying to @pcwalton
@rocallahan linked https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/ … on IRC and made me realize <[T]>::get *could* use the same index mangling trick before returning Some/None, so the effective out-of-bounds address is *never* computed, not even speculatively.1 reply 0 retweets 1 like
We should file a bug to do this in Rust! Would be great to be able to comprehensively deploy this fix across the ecosystem.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.