From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 89B591382C5 for ; Tue, 8 May 2018 20:15:56 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E7C7AE084E; Tue, 8 May 2018 20:15:47 +0000 (UTC) Received: from mail-pf0-f196.google.com (mail-pf0-f196.google.com [209.85.192.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 621BEE0815 for ; Tue, 8 May 2018 20:15:47 +0000 (UTC) Received: by mail-pf0-f196.google.com with SMTP id p14so13096478pfh.9 for ; Tue, 08 May 2018 13:15:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ew2staxdgmaA9kiJmZ1f3uWXdJ3ihpi0aL9Ajzt0WxI=; b=MOb/KD3WK2CSYJyoH9SNRgcaOwcjj2ok/CpXVSSKSkuD1ILpoTWgDeKvcR1I59UuwC DAc3y+FgBSHb+9gNqhGdK/U39szri/ntq2XX4RFwB20t3DjXKadjVImhjanltr/bYwgr 6HsqfvGlhsyHdQVcwfNI5QQD+XC+BrCkIy3QD4hnBpzO8Op7njhQ+U1gpzPrSoCXOx3Z ryTgt/r0ZtgF4BS6h7gfDNrKYRTYWq5FaChoKkKuH3CiLu6/32WFdDqzokSYZgvyEa5T ZH1Tz+CGEifqTgj4REb+kvzXLtLJ//e9p23wpt0gGp576wJ3QpCzNS4zLUWkIfwoGtcY a+QA== X-Gm-Message-State: ALQs6tDGHltFEBB7HXeFkUYwmSG2TGI3wx4EhegMSUyf0EDqykteP0+X pbvjAE3Q4UkqULBl2Rzy6COxTA6ehXDAVmpKQILVaA== X-Google-Smtp-Source: AB8JxZpLaiqvTbmTZnUxC/g7IToU0JVZKDjWm5SxayVs2jAlfz2TSFZIuJSe+oRCkP22K9Bbv+UhVgwvTisuw/iVnks= X-Received: by 10.167.130.140 with SMTP id s12mr24642986pfm.136.1525810545914; Tue, 08 May 2018 13:15:45 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 References: <1549166.RPGoRN5ZiQ@dell_xps> In-Reply-To: From: Rich Freeman Date: Tue, 08 May 2018 20:15:35 +0000 Message-ID: Subject: Re: [gentoo-user] Re: Spectre-NG To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 6413f0c8-386c-4f0a-8232-063cba88b624 X-Archives-Hash: 06e92b73b7db3a31672cbe3af961b43c On Tue, May 8, 2018 at 4:19 AM Martin Vaeth wrote: > Rich Freeman wrote: > > > > Higher-level languages will probably become nearly immune to Spectre just > > as most are nearly immune to buffer overflows. > Quite the opposite: Higher-level languages *always* do some checks > for array-length etc, and it is the _checks_ which are vulnerable. > You can only make them non-vulnerable by making them horribly slow > (by omitting speculative execution completely for the corresponding > conditionals). Sure, but my point is that you CAN make them non-vulnerable by changing the compiler. On the other hand, if somebody manually does a range check in C the only way to fix it is to either fix the source code (which is about as likely to work as trying to prevent programmers from create buffer overflows), or use heuristics to figure out what is going on and apply the fixes automatically. That is going to be just as slow, and the compiler might not be able to catch every situation where it applies. The compiler doesn't have to guess where the range checks are in a high-level language because it is the compiler that is doing the range checks in the first place. -- Rich