As far as I've been able to learn, the only way to avoid security
vulnerabilities due to Spectre variant 1 (CVE-2017-5753, "bounds check bypass")
is to insert fences to control the relevant speculative reads. I'm interested
in doing this because I work on a numerical modelling library that is used in
many applications, which are used to handle valuable information. There's been
at least one piece of malware that specifically targeted one of those
applications, so I work at a moderate level of paranoia.
I've found information about __builtin_load_no_speculate, but inserting those
by hand into ten million lines of branchy C code that's under active
development is not an attractive prospect.
MSVC has recently gained a /QSpectre option that tries to do this for you
(https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in-msvc/).
While this can't be completely fool-proof, I can well believe that it will do
as good a job as bored humans, and is much cheaper.
Are there any plans to add something equivalent to Clang?
--
John Dallman
-
Siemens Industry Software Limited is a limited company registered in England
and Wales.
Registered number: 3476850.
Registered office: Faraday House, Sir William Siemens Square, Frimley, Surrey,
GU16 8QD.
___
cfe-users mailing list
cfe-users@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-users
