FLOP - Breaking the Apple M3 CPU via False Load Output Predictions

202502281400
Status: #idea
Tags: CSL Seminar

Arch vs $μ$ -Arch

Arch is the interface between the computer and the CPU
Out-of-order execution, speculation, etc. exist only primarily in $μ$ -arch
Spectre
- Speculative execution has no change in arch state
- But it has side effects in the $μ$ -arch
- This can leak out into the arch state via timing changes

Predicts the value of a LOAD instruction
In the below example, the LVP predicts that the value will be foo
It simultaneously runs the the real LOAD as well, while continuing with the predicted value in a different path
- Once the LOAD finishes and does not match, then the instruction is re-issued with the correct value

for (i = 0; i < N; i++)
	val = arr[val];
// i=0    val=foo
// i=...  val=foo
// i=10   val=foo

Section 4.1 and 4.2 dive into how they work out the properties of the LVP
They use a non-inline function (gadget()) which returns a value from an array full of foo.
- They run it a couple of 100x in order to train the LVP
They then change the value to bar in the entire array
They flush the array from the cache
- This allows them to have a large speculation window
They use frTransmit(val) to encode the value into the cache
The frRecv() function gives us the specific value (not just a boolean if the value we guessed is correct)

Only 32 bits at a time can be predicted
- So, they make a string, which allows for more than 32 bits
The typeVar is evicted from the cache, so even tho its not a string, speculatively the code is executed.
They do some data management to ensure that the fields they are actually interested in are found in a different cache line that that of the typeVar

How does speculative execution compare to branch prediction (in pipelined processors)?
- It does go ahead and EX the instruction, but uses techniques like register renaming to amortise the cost of a misprediction
What is register renaming?
- Answer from Perplexity