Wow... A speculative branch prediction path actually get's preemptively executed despite the branch outcome? No matter if the execution has side-affects??? That's quite amazing. Are modern CPUs doing speculative execution like this and just put extra safeguards around affects or do they just prefetch / decode instructions now-a-days?
Author here: This is not a common problem. I think I was told that Alpha had basically the same bug but it is a bug, for sure. Speculative execution causing problematic side effects is a deal killer.
Speculative execution, however, can cause less problematic side effects. For instance, a speculatively executed load or prefetch will usually actually prefetch which will pollute the cache, TLB, etc., and reveal side-band information, but that is a performance problem and perhaps a subtle security flaw, not a correctness bug like this was.
I remember reading this many years ago, it was great.
In the last week Raymond Chen on his The Old New Thing mentioned the concept of delay slots on some CPUs.
It sounds like a similar thing, just formalized so it’s not a bug. Knowing that the instruction after a branch always executes, regardless of if the branch is taken.
I think that is correct, but yes, a delay-slot instruction that is always executed is easy to reason about. Speculative execution that gets real? shudder
