Dynamic Eviction Set Algorithms and Their Applicability to Cache Characterisation

Total Page:16

File Type:pdf, Size:1020Kb

Dynamic Eviction Set Algorithms and Their Applicability to Cache Characterisation UPTEC IT 20036 Examensarbete 30 hp September 2020 Dynamic Eviction Set Algorithms and Their Applicability to Cache Characterisation Maria Lindqvist Institutionen för informationsteknologi Department of Information Technology Abstract Dynamic Eviction Set Algorithms and Their Applicability to Cache Characterisation Maria Lindqvist Teknisk- naturvetenskaplig fakultet UTH-enheten Eviction sets are groups of memory addresses that map to the same cache set. They can be used to perform efficient information-leaking attacks Besöksadress: against the cache memory, so-called cache side channel attacks. In Ångströmlaboratoriet Lägerhyddsvägen 1 this project, two different algorithms that find such sets are implemented Hus 4, Plan 0 and compared. The second of the algorithms improves on the first by using a concept called group testing. It is also evaluated if these algorithms can Postadress: be used to analyse or reverse engineer the cache characteristics, which is a Box 536 751 21 Uppsala new area of application for this type of algorithms. The results show that the optimised algorithm performs significantly better than the previous Telefon: state-of-the-art algorithm. This means that countermeasures developed 018 – 471 30 03 against this type of attacks need to be designed with the possibility of Telefax: faster attacks in mind. The results also shows, as a proof-of-concept, that 018 – 471 30 00 it is possible to use these algorithms to create a tool for cache analysis. Hemsida: http://www.teknat.uu.se/student Handledare: Christos Sakalis Ämnesgranskare: Stefanos Kaxiras Examinator: Lars-Åke Nordén UPTEC IT 20036 Tryckt av: Reprocentralen ITC Acknowledgements I would like to thank my supervisor Christos Sakalis for all the guidance, dis- cussions and feedback during this thesis. I also want to thank Stefanos Kaxiras for the idea of subject and making the project possible. Finally, I would like to thank everyone close to me for all the moral support and patience. 3 Contents 1 Introduction6 1.1 Motivation and Purpose.......................7 1.2 Limitations..............................7 2 Background8 2.1 Cache Memories...........................8 2.1.1 Cache Hierarchy.......................8 2.1.2 Cache Organisation.....................9 2.1.3 Cache Hits and Cache Misses................ 10 2.1.4 Eviction and Replacement Policies............. 10 2.2 Memory Addresses and Virtual Memory.............. 11 2.2.1 Addresses and Cache Indexing............... 11 2.2.2 Virtual Memory....................... 12 2.3 Cache Attacks and Eviction Sets.................. 13 2.3.1 Cache Attacks........................ 14 2.3.2 Prime+Probe, Evict+Time and Flush+Reload...... 14 2.3.3 Eviction Sets......................... 16 2.4 Algorithms for Finding Eviction Sets................ 17 2.4.1 Baseline Algorithm...................... 17 2.4.2 Group Testing........................ 20 2.4.3 Group Testing Algorithm.................. 20 2.4.4 Targeting Last Level Cache - Purpose and Challenges.. 22 2.4.5 Implementation Complications............... 23 3 Related Work 25 3.1 Characterising the Cache - Microbenchmarks........... 26 4 Method 28 4.1 Pin................................... 28 4.2 Implementation Decisions...................... 29 4 4.3 Method to Determine Cache Presence............... 29 4.4 Method of Measuring Number of Memory Accesses........ 30 4.5 Comparing the Algorithms..................... 30 4.5.1 Parameters.......................... 31 4.5.2 Testing Correctness..................... 31 4.5.3 Testing Performance and Scaling.............. 31 4.6 Characterising the Cache...................... 32 4.6.1 Using Baseline Algorithm.................. 32 4.6.2 Using Group Testing Algorithm............... 34 4.6.3 Evaluation.......................... 35 5 Results 36 5.1 Comparing Algorithms........................ 36 5.1.1 Correctness.......................... 36 5.1.2 Scaling............................. 36 5.1.3 Performance......................... 38 5.2 Characterising the Cache...................... 40 5.2.1 Correctness.......................... 40 5.2.2 Scaling............................. 41 6 Discussion 42 6.1 Comparing Algorithms........................ 42 6.2 Characterising the Cache...................... 43 6.3 Problems, Pitfalls and Lessons Learned.............. 44 6.4 Future Work............................. 44 7 Conclusion 46 5 1 Introduction Cache memories are in most computers today used as the bridge between the fast processors, and the slower main memory. While having many great advantages, these caches could also be used in so-called side channel attacks. In a computer system, a side channel could leak information by measuring side effects on the system. By performing a side channel attack that uses the cache memory, it is possible to indirectly retrieve encryption keys, by observing the memory access patterns [1,3, 16, 15]. More recent research has also shown that many modern processors are vulnerable for so-called speculative attacks [9,8]. In that case, traces left in the cache combined with misuse of performance mechanisms leads to the possibility to read other processes private memory content. Cache side channel attacks could also break the separation between virtual machines (VM’s) in a cloud computing setting, if multiple VM’s are hosted on the same physical hardware [6]. Such separation is necessary to preserve the integrity of the users of the cloud environment. To perform such cache side channel attacks, one needs to be able to control and examine the content of the cache. That is, being able to remove data associated with a specific memory address from the cache, and some time later examine if it has been brought back into the cache by some other process. In that case, it could give away information about the actions of the other process. To know if the data is present in the cache, one typically measures the time it takes to access it. A long time to accesses could indicate that it is not in the cache memory. The removal of data from the cache memory is referred to as an eviction. The most straight-forward way to evict a target victim address is to use a flush-based approach [27], where you use an instruction that directly evict the targeted address. While convenient, this type of attack can easily be mitigated and is not available in some environments. The other type of method is called conflict-based [10]. The aim is then to con- struct a so-called eviction set, which is a set of memory addresses. Accessing the addresses that are in the set brings the corresponding data from main memory into the smaller cache memory. Because of the organisation of the cache, the victim data will then be evicted after accessing all the addresses. To be able to use this approach in a practical attack, one want the set to be as small as possible. Another requirement is that it is possible to compute the set in an efficient way. Eviction sets can be derived in a static way. This means to form the set man- ually, using an already known scheme that maps memory addresses to their corresponding location in the cache. However, some countermeasures has been presented that prevents this. One is to randomise this mapping in some time intervals [17], making it harder to use the static approach, since it needs to be re-done after each randomisation. The alternative is instead to use a dynamic method, which requires less information about the system. The main idea is to randomly find a large set of addresses that will evict the target, and then reduce the set to its minimal core. Dynamic methods is what I examine in this thesis. 6 1.1 Motivation and Purpose The previous state-of-the-art algorithm [10] dynamically finds eviction sets in quadratic time. In 2019, a new version of the algorithm was presented [24], that found minimal eviction sets in linear time, which is a significant improvement. When the eviction set can be found in a shorter amount of time, some of the countermeasures against conflict-based attacks are less powerful. Thus, to be able to improve protections against this type of attacks [18], it is necessary to understand and analyse methods for quickly finding eviction sets. The purpose of this thesis project has two parts. The first is to examine these two algorithms that are used for finding minimal eviction sets. This is done by implementing the previous state-of-the-art algorithm as well as the optimised algorithm. The performance and correctness of these two algorithms are then compared. The second part is to explore if the algorithms can be used for a different purpose, namely for characterising a cache memory. That is, to find out the different parameters or settings of the cache, without knowing these in advance. Specifically, these are the questions to be answered: 1. Does the increase in performance conform with the theoretical calcula- tions? 2. What are the impact of different parameters and settings on the effective- ness of the two algorithms? 3. What are the challenges when implementing eviction set algorithms and finding the minimal eviction sets? 4. Can dynamical methods for finding eviction sets be used to characterise/analyse the cache parameters? 1.2 Limitations This project will focus on algorithms for cache-based attacks. It will not cover other types of side-channel attacks, or attacks that targets other types of micro- architectural structures than the cache memories. The attacks that are using the discovered eviction sets will not be implemented. New eviction set algorithms will not be developed. Countermeasures against the methods of finding eviction sets will not be evaluated. This project will use dynamic methods for finding eviction sets. Static methods (reverse engineer the mapping from addresses to cache sets) will not be explored. 7 2 Background This section provides the background necessary to understand the purpose and meaning of eviction sets, as well as the mechanism behind the algorithms. It will first cover the basics of cache memories, memory addresses and conflict-based cache attacks. Then the two algorithms are presented. Some general challenges for the algorithms are also briefly discussed. 2.1 Cache Memories Memory accesses from the CPU to the main memory introduce a long latency.
Recommended publications
  • Branch-Directed and Pointer-Based Data Cache Prefetching
    Branch-directed and Pointer-based Data Cache Prefetching Yue Liu Mona Dimitri David R. Kaeli Department of Electrical and Computer Engineering Northeastern University Boston, MA Abstract The design of the on-chip cache memory and branch prediction logic has become an integral part of a microprocessor implementation. Branch predictors reduce the effects of control hazards on pipeline performance. Branch prediction implementations have been proposed which eliminate a majority of the pipeline stalls associated with branches. Caches are commonly used to reduce the performance gap between microprocessor and memory technology. Caches can only provide this benefit if the requested address is in the cache when requested. To increase the probability that addresses are present when requested, prefetching can be employed. Prefetching attempts to prime the cache with instructions and data which will be accessed in the near future. The work presented here describes two new prefetching algorithms. The first ties data cache prefetching to branches in the instruction stream. History of the data stream is incorporated into a Branch Target Buffer (BTB). Since branch behavior determines program control flow, data access patterns are also dependent upon this behavior. Results indicate that combining this strategy with tagged prefetching can significantly improve cache hit ratios. While improving cache hit rates is important, the resulting memory bus traffic introduced can be an issue. Our prefetching technique can also significantly reduce the overall memory bus traffic. The second prefetching scheme dynamically identifies pointer-based data references in the data stream, and records these references in order to successfully prime the cache with the next element in the linked data structure in advance of its access.
    [Show full text]
  • Non-Sequential Instruction Cache Prefetching for Multiple--Issue Processors
    Non-Sequential Instruction Cache Prefetching for Multiple--Issue Processors Alexander V. Veidenbaum Qingbo Zhao Abduhl Shameer Dept. of Information and DSET Inc. Microsoft Inc. Computer Science University of California Irvine 1 [email protected] Abstract This paper presents a novel instruction cache prefetching mechanism for multiple-issue processors. Such processors at high clock rates often have to use a small instruction cache which can have significant miss rates. Prefetching from secondary cache or even memory can hide the instruction cache miss penalties, but only if initiated sufficiently far ahead of the current program counter. Existing instruction cache prefetching methods are strictly sequential and do not prefetch past conditional branches which may occur almost every clock cycle in wide-issue processors. In this study, multi-level branch prediction is used to overcome this limitation. By keeping branch history and target addresses, two methods are defined to predict a future PC several branches past the current branch. A prefetching architecture using such a mechanism is defined and evaluated with respect to its accuracy, the impact of the instruction prefetching on performance, and its interaction with sequential prefetching. Both PC-based and history- based predictors are used to perform a single-lookup prediction. Targeting an on-chip L2 cache with low latency, prediction for 3 branch levels is evaluated for a 4-issue processor and cache architecture patterned after the DEC Alpha-21164. It is shown that history-based predictor is more accurate, but both predictors are effective. The prefetching unit using them can be effective and succeeds when the sequential prefetcher fails.
    [Show full text]
  • Denial-Of-Service Attacks on Shared Cache in Multicore: Analysis and Prevention
    Denial-of-Service Attacks on Shared Cache in Multicore: Analysis and Prevention Michael G. Bechtel, Heechul Yun University of Kansas, USA. fmbechtel, [email protected] Abstract—In this paper we investigate the feasibility of denial- of the cores can access the cache until it is unblocked, which of-service (DoS) attacks on shared caches in multicore platforms. can take a long time (e.g., hundreds of CPU cycles) as it may With carefully engineered attacker tasks, we are able to cause need to access slow main memory. Therefore, if an attacker more than 300X execution time increases on a victim task running on a dedicated core on a popular embedded multicore platform, can intentionally induce shared cache blocking, it can cause regardless of whether we partition its shared cache or not. Based significant timing impacts to other tasks on different cores. on careful experimentation on real and simulated multicore This is because every shared cache hit access, which would platforms, we identify an internal hardware structure of a non- normally take a few cycles, would instead take a few hundreds blocking cache, namely the cache writeback buffer, as a potential cycles until the cache is unblocked. target of shared cache DoS attacks. We propose an OS-level solution to prevent such DoS attacks by extending a state-of-the- While most prior works on cache isolation focused on art memory bandwidth regulation mechanism. We implement the cache space partitioning, either in software or in hardware [9], proposed mechanism in Linux on a real multicore platform and [16]–[19], [25], [27], [37], [43], [44], these cache partitioning show its effectiveness in protecting against cache DoS attacks.
    [Show full text]
  • Fetch Directed Instruction Prefetching
    In Proceedings of the 32nd Annual International Symposium on Microarchitecture (MICRO-32), November 1999. Fetch Directed Instruction Prefetching y z Glenn Reinmany Brad Calder Todd Austin y Department of Computer Science and Engineering, University of California, San Diego z Electrical Engineering and Computer Science Department, University of Michigan Abstract consumed by the instruction cache. This decoupling allows Instruction supply is a crucial component of processor the branch predictor to run ahead of the instruction fetch. performance. Instruction prefetching has been proposed as This can be beneficial when the instruction cache has a miss, a mechanism to help reduce instruction cache misses, which or when the execution core backs up, thereby filling up the in turn can help increase instruction supply to the processor. connecting buffers and causing the instruction cache to stall. In this paper we examine a new instruction prefetch ar- This second case can occur because of data cache misses or chitecture called Fetch Directed Prefetching, and compare long latency instructions in the pipeline. In this paper we it to the performance of next-line prefetching and streaming examine using the fetch block addresses in the FTQ to pro- buffers. This architecture uses a decoupled branch predic- vide Fetch Directed Prefetching (FDP) for the instruction tor and instruction cache, so the branch predictor can run cache. We use the fetch block addresses stored in the FTQ ahead of the instruction cache fetch. In addition, we ex- to guide instruction prefetching, masking stall cycles due to amine marking fetch blocks in the branch predictor that are instruction cache misses.
    [Show full text]
  • In Using the GNU Compiler Collection (GCC)
    Using the GNU Compiler Collection For gcc version 6.1.0 (GCC) Richard M. Stallman and the GCC Developer Community Published by: GNU Press Website: http://www.gnupress.org a division of the General: [email protected] Free Software Foundation Orders: [email protected] 51 Franklin Street, Fifth Floor Tel 617-542-5942 Boston, MA 02110-1301 USA Fax 617-542-2652 Last printed October 2003 for GCC 3.3.1. Printed copies are available for $45 each. Copyright c 1988-2016 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being \Funding Free Software", the Front-Cover Texts being (a) (see below), and with the Back-Cover Texts being (b) (see below). A copy of the license is included in the section entitled \GNU Free Documentation License". (a) The FSF's Front-Cover Text is: A GNU Manual (b) The FSF's Back-Cover Text is: You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development. i Short Contents Introduction ::::::::::::::::::::::::::::::::::::::::::::: 1 1 Programming Languages Supported by GCC ::::::::::::::: 3 2 Language Standards Supported by GCC :::::::::::::::::: 5 3 GCC Command Options ::::::::::::::::::::::::::::::: 9 4 C Implementation-Defined Behavior :::::::::::::::::::: 373 5 C++ Implementation-Defined Behavior ::::::::::::::::: 381 6 Extensions to
    [Show full text]
  • Gnu Assembler
    Using as The gnu Assembler (Sourcery G++ Lite 2010q1-188) Version 2.19.51 The Free Software Foundation Inc. thanks The Nice Computer Company of Australia for loaning Dean Elsner to write the first (Vax) version of as for Project gnu. The proprietors, management and staff of TNCCA thank FSF for distracting the boss while they gotsome work done. Dean Elsner, Jay Fenlason & friends Using as Edited by Cygnus Support Copyright c 1991, 92, 93, 94, 95, 96, 97, 98, 99, 2000, 2001, 2002, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in the section entitled \GNU Free Documentation License". i Table of Contents 1 Overview :::::::::::::::::::::::::::::::::::::::: 1 1.1 Structure of this Manual :::::::::::::::::::::::::::::::::::::: 14 1.2 The GNU Assembler :::::::::::::::::::::::::::::::::::::::::: 15 1.3 Object File Formats::::::::::::::::::::::::::::::::::::::::::: 15 1.4 Command Line ::::::::::::::::::::::::::::::::::::::::::::::: 15 1.5 Input Files :::::::::::::::::::::::::::::::::::::::::::::::::::: 16 1.6 Output (Object) File:::::::::::::::::::::::::::::::::::::::::: 16 1.7 Error and Warning Messages :::::::::::::::::::::::::::::::::: 16 2 Command-Line Options::::::::::::::::::::::: 19 2.1 Enable Listings: `-a[cdghlns]'
    [Show full text]
  • A Survey on Recent Hardware Data Prefetching Approaches with an Emphasis on Servers
    A Survey on Recent Hardware Data Prefetching Approaches with An Emphasis on Servers MOHAMMAD BAKHSHALIPOUR, Sharif University of Technology MEHRAN SHAKERINAVA, Sharif University of Technology FATEMEH GOLSHAN, Sharif University of Technology ALI ANSARI, Sharif University of Technology PEJMAN LOTFI-KAMRAN, Institute for Research in Fundamental Sciences (IPM) HAMID SARBAZI-AZAD, Sharif University of Technology & Institute for Research in Fundamental Sciences (IPM) Data prefetching, i.e., the act of predicting application’s future memory accesses and fetching those that are not in the on-chip caches, is a well-known and widely-used approach to hide the long latency of memory accesses. e fruitfulness of data prefetching is evident to both industry and academy: nowadays, almost every high-performance processor incorporates a few data prefetchers for capturing various access paerns of applications; besides, there is a myriad of proposals for data prefetching in the research literature, where each proposal enhances the eciency of prefetching in a specic way. In this survey, we discuss the fundamental concepts in data prefetching and study state-of-the-art hardware data prefetching approaches. Additional Key Words and Phrases: Data Prefetching, Scale-Out Workloads, Server Processors, and Spatio- Temporal Correlation. 1 INTRODUCTION Server workloads like Media Streaming and Web Search serve millions of users and are considered an important class of applications. Such workloads run on large-scale data-center infrastructures that are backed by processors which are essentially tuned for low latency and quality-of-service guarantees. ese processors typically include a handful of high-clock frequency, aggressively- speculative, and deeply-pipelined cores so as to run server applications as fast as possible, satisfying arXiv:2009.00715v1 [cs.AR] 1 Sep 2020 end-users’ latency requirements [1–11].
    [Show full text]
  • Optimizations Enabled by a Decoupled Front-End Architecture
    Optimizations Enabled by a Decoupled Front-End Architecture y z Glenn Reinmany Brad Calder Todd Austin y Department of Computer Science and Engineering, University of California, San Diego z Electrical Engineering and Computer Science Department, University of Michigan Abstract In the pursuit of instruction-level parallelism, significant demands are placed on a processor’s instruction de- livery mechanism. Delivering the performance necessary to meet future processor execution targets requires that the performance of the instruction delivery mechanism scale with the execution core. Attaining these targets is a challenging task due to I-cache misses, branch mispredictions, and taken branches in the instruction stream. To counter these challenges, we present a fetch architecture that decouples the branch predictor from the instruc- tion fetch unit. A Fetch Target Queue (FTQ) is inserted between the branch predictor and instruction cache. This allows the branch predictor to run far in advance of the address currently being fetched by the cache. The decou- pling enables a number of architecture optimizations including multi-level branch predictor design, fetch-directed instruction prefetching, and easier pipelining of the instruction cache. For the multi-level predictor, we show that it performs better than a single-level predictor, even when ignoring the effects of cycle-timing issues. We also examine the performance of fetch-directed instruction prefetching using a multi-level branch predictor and show that an av- erage 19% speedup is achieved. In addition, we examine pipelining the instruction cache to achieve a faster cycle time for the processor pipeline, and show that pipelining provides an average 27% speedup over not pipelining the instruction cache for the programs examined.
    [Show full text]
  • Data Locality Optimizations for Multigrid Methods on Structured Grids
    Data Locality Optimizations for Multigrid Methods on Structured Grids Christian Weiß Technische Universitat¨ Munchen¨ Institut fur¨ Informatik Lehrstuhl fur¨ Rechnertechnik und Rechnerorganisation Data Locality Optimizations for Multigrid Methods on Structured Grids Christian Weiß Vollst¨andiger Abdruck der von der Fakult¨at f¨ur Informatik der Technischen Universit¨at M¨unchen zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) genehmigten Dissertation. Vorsitzender: Univ.-Prof. Dr. Hans Michael Gerndt Pr¨ufer der Dissertation: 1. Univ.-Prof. Dr. Arndt Bode 2. Univ.-Prof. Dr. Ulrich R¨ude Friedrich-Alexander-Universit¨at Erlangen-N¨urnberg 3. Univ.-Prof. (komm.) Dr.-Ing. Eike Jessen, em. Die Dissertation wurde am 26. September 2001 bei der Technischen Universit¨at M¨unchen eingereicht und durch die Fakult¨at f¨ur Informatik am 06. Dezember 2001 angenommen. Abstract Beside traditional direct solvers iterative methods offer an efficient alternative for the solution of systems of linear equations which arise in the solution of partial differen- tial equations (PDEs). Among them, multigrid algorithms belong to the most efficient methods based on the number of operations required to achieve a good approximation of the solution. The relevance of the number of arithmetic operations performed by an application as a metric for the complexity of an algorithm wanes since the performance of modern computing systems nowadays is limited by memory latency and bandwidth. Consequently, almost all computer manufacturers nowadays equip their computers with cache–based hierarchical memory systems. Thus, the efficiency of multigrid methods is rather determined by good data locality, i.e. good utilization of data caches, than by the number of arithmetic operations.
    [Show full text]
  • Instruction Cache Prefetching Using Multilevel Branch Prediction
    Instruction Cache Prefetching Using Multilevel Branch Prediction Alexander V. Veidenbaum Dept. Of Electrical Engineering and Computer Science University of Illinois at Chicago [email protected] Abstract This paper presents an instruction cache prefetching mechanism capable of prefetching past branches in multiple-issue processors. Such processors at high clock rates often use small instruction caches which have significant miss rates. Prefetching from secondary cache can hide the instruction cache miss penalties but only if initiated sufficiently far ahead of the current program counter. Existing instruction cache prefetching methods are strictly sequential and cannot do that due to their inability to prefetch past branches. By keeping branch history and branch target addresses we predict a future PC several branches past the current branch. We describe a possible prefetching architecture and evaluate its accuracy, the impact of the instruction prefetching on performance, and its interaction with sequential prefetching. For a 4- issue processor and a cache architecture patterned after the DEC Alpha-21164 we show that our prefetching unit can be more effective than sequential prefetching. The two types of prefetching eliminate different types of misses and thus can be effectively combined to achieve better performance. 1. Introduction Instruction-level parallelism is one of the main factors allowing the high performance delivered by state-of-the-art processors. Such a processor is designed to issue and execute K instructions every cycle. K=4 in today’s typical processor. A processor organization consists of an instruction fetch unit followed by a decode and execution units. The fetch unit’s task is to supply the decode unit with K instructions every cycle.
    [Show full text]
  • Coverstory by Markus Levy, Technical Editor
    coverstory By Markus Levy, Technical Editor ACRONYMS IN DIRECTORY ALU: arithmetic-logic unit AMBA: Advanced Microcontroller Bus Architecture BIU: bus-interface unit CAN: controller-area network CMP: chip-level multiprocessing DMA: direct-memory access EDO: extended data out EJTAG: enhanced JTAG FPU: floating-point unit JVM: Java virtual machine MAC: multiply-accumulate MMU: memory-management unit NOP: no-operation instruction PIO: parallel input/output PLL: phase-locked loop PWM: pulse-width modulator RTOS: real-time operating system SDRAM: synchronous DRAM SOC: system on chip SIMD: single instruction multiple data TLB: translation-look-aside buffer VLIW: very long instruction word Illustration by Chinsoo Chung 54 edn | September 14, 2000 www.ednmag.com EDN’s 27th annual MICROPROCESSOR/MICROCONTROLLER DIRECTORY The party’s at the high end elcome to the year 2000 version of tectural and device features that will help you the EDN Microprocessor/Microcon- quickly compare the important processor dif- troller Directory: It’s the 27th consec- ferences. These processor tables include the Wutive year of this directory, and we standard fare of features and contain informa- certainly have something to celebrate. The en- tion related to EEMBC (EDN Embedded Mi- tire processor industry has seen incredible croprocessor Benchmark Consortium, growth, but the real parties have been happen- www.eembc.org). EEMBC’s goal is to provide ing in the 32-bit, 64-bit, and VLIW fraternities. the certified benchmark scores to help you se- Although a number of new architectures have lect the processor for your next design. Rather sprung up, processor vendors have primarily than fill an entire table with the processor focused on delivering newer versions or up- scores, EDN has indicated which companies grades of their existing architectures.
    [Show full text]
  • Basicblocker: ISA Redesign to Make Spectre-Immune Cpus Faster
    BasicBlocker: ISA Redesign to Make Spectre-Immune CPUs Faster Jan Philipp Thoma Jakob Feldtkeller Markus Krausz [email protected] [email protected] [email protected] Horst-Görtz Institute Horst-Görtz Institute Horst-Görtz Institute Ruhr-University Bochum Ruhr-University Bochum Ruhr-University Bochum Bochum, Germany Bochum, Germany Bochum, Germany Tim Güneysu Daniel J. Bernstein [email protected] [email protected] Horst-Görtz Institute Horst-Görtz Institute Ruhr-University Bochum Ruhr-University Bochum Bochum, Germany Bochum, Germany DFKI GmbH, Cyber-Physical Systems University of Illinois at Chicago Bremen, Germany Chicago, USA ABSTRACT sophisticated branch predictors appeared in several CPUs in the Recent research has revealed an ever-growing class of microar- 1980s, and in Intel’s first Pentium CPU in 1993. chitectural attacks that exploit speculative execution, a standard Software analyses in the 1980s such as [16] reported that pro- feature in modern processors. Proposed and deployed countermea- grams branched every 4–6 instructions. Each branch needed 3 extra sures involve a variety of compiler updates, firmware updates, and cycles on the Pentium, a significant cost on top of 4–6 instructions, hardware updates. None of the deployed countermeasures have especially given that the Pentium could often execute 2 instruc- convincing security arguments, and many of them have already tions per cycle. However, speculative execution removed this cost been broken. whenever the branch was predicted correctly. The obvious way to simplify the analysis of speculative-execution Subsequent Intel CPUs split instructions into more pipeline attacks is to eliminate speculative execution. This is normally dis- stages to support out-of-order execution and to allow higher clock missed as being unacceptably expensive, but the underlying cost speeds.
    [Show full text]