RISC-V: The New Architecture on the Block (opens in new tab)

(klarasystems.com)

45 pointsjohnblood4y ago34 comments

34 comments

At least one of the points in this article isn't true. The article states "RISC-V is not affected by the Meltdown and Spectre vulnerabilities... [because it does] not perform any speculative memory accesses" -- but that's only true for some designs, not anything done by the ISA.

Many of the higher performance RISC-V designs do, in fact, do speculation. RISC-V BOOM[0], by Berkeley, is vulnerable to Spectre[1][2]. One of the attempts to create an extension to the RISC-V ISA that has integrated security features (CHERI, [3]) itself was shown to be vulnerable to Spectre-like attacks[4].

The fact that most RISC-V chips were not vulnerable to Spectre is simply because they hadn't implemented a particular kind of performance optimization, not because there was anything intrinsic to the ISA that prevented them from being so.

[0]: https://boom-core.org/

[1]: https://github.com/abejgonzalez/boom-attacks

[2]: https://boom-core.org/docs/replicating_mitigating_spectre_ca...

[3]: https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/cheri...

[4]: https://kth.diva-portal.org/smash/get/diva2:1538245/FULLTEXT...

brucehoult4y ago

What you say is true, but it's not the end of the story. Higher performance RISC-V CPU cores that do speculation are under development or in some cases have been announced but not yet shipped. They have the opportunity to design to avoid those vulnerabilities from the start, which is a lot easier than fixing things up afterwards -- or simply losing a lot of performance on already-shipped CPUs by turning features off.

It's not actually very hard to avoid these kids of vulnerabilities. All that is needed is to not permanently update state until the instruction is no longer speculative.

For example:

- don't update the branch prediction tables until the branch is proven to execute

- if loading a cache line causes another cache line to be evicted, keep both until it is known whether the load is supposed to execute

This requires provisioning a few more of these kinds of resources than you might previously have had, which costs a little silicon area, but it doesn't cost speed. Sometimes particularly demanding code might cause you to run out of these speculation resources and then you have to stall until an entry is freed up. This can already happen with things such as store buffers. If it never happens then you've probably over-provisioned :-)

oldnews1934y ago

> - don't update the branch prediction tables until the branch is proven to execute

> - if loading a cache line causes another cache line to be evicted, keep both until it is known whether the load is supposed to execute

This sounds interesting. How do these countermeasures actually prevent Spectre V1? And if they do, why didn't Intel implement them? Seems like they are fully microarchitectural, and therefore opaque to the software world.

1 more reply

ncmncm4y ago

Yes, it is a fundamentally misleading assertion.

johnbloodOP4y ago

I made that statement in the article because that is what my research showed.

1MachineElf4y ago

Lately I find myself upvoting every submission from Klara Systems[0]. Focus of the articles seems to be consistently good. I'm not affiliated with them, just an impressed onlooker.

[0] https://news.ycombinator.com/from?site=klarasystems.com

ncmncm4y ago

I do not. This article is fluff, with at least one glaring falsehood noted in a sibling comment.

cepher4y ago

I’ve recently gained an interest in computer architecture and systems programming in general after some high performance computing projects. Have been hearing about RISC-V from a distance, and am wondering if delving into it would be one of the best ways to satisfy this interest and gain some valuable knowledge/skills at the same time.

ncmncm4y ago

RISC-V is an OK design, but quite atypical. So, being simpler than others, it will be easier to understand; but for the same reason, does not acquaint you with details seen in designs currently used industrially.

Some of the design decisions, and their expressed rationale, are considered unpersuasive by many involved with other architectures. For example, a status register, cited as interfering with optimal out-of-order execution, turns out not to be a problem in actual chips (where they rename it like other registers), so was omitted from the RISC-V design on what amounts to superstition. Some instruction sequences that would need to be "fused" to match performance of common chips involve many more instructions than are fused in any extant design, so it is unclear that such fusion would be practically achievable.

Symmetry4y ago

If you're working on a student or hobby project then simplifying the scoreboard or whatever OoO scheduling structure you use by having all instructions be 2 inputs and 1 output is a big help. Compared to the complexity of a modern core that's a drop in the bucket but for a single person or a few friends or grad students it can be a big deal. And by doing that project you're still learning the important things. So for someone in the position OP is in I'd certainly recommend RISC-V. Don't ask "Is RISC-V good or bad?" but rather "For what purposes is RISC-V suited?"

1 more reply

brucehoult4y ago

Newsflash: people who made different decisions on their own designs think they made the right decision. Update at 9.

ISAs without condition codes have been around for a long time, and very technically successful. MIPS and DEC Alpha, for example. (both killed by clueless management, not any technical issue)

The vast vast majority of condition code updates are either never used at all or are used by the very next instruction. In either case, there is little point in reifying them and no point in saving them.

Generating a condition a few instructions before it is used happens from time to time, at least on ISAs where only some instruction types update the condition codes, or there is a flag in the instruction to indicate whether to or not. An ISA without condition codes but with plenty of registers can do the same thing using SLT/SLTU (Set if Less Than [Unsigned]) to generate a 0 or 1 in a normal register. Or a simple XOR or SUB for equality tests.

Historically, use of condition codes is because your instructions aren't big enough to contain two source operands, a test, and a reasonable branch offset. Now it's because you're descended from such an ISA.

Similarly, many early ISAs did conditional skip instead of conditional branch because their instructions weren't big enough to test a condition and also hold a useful branch offset. Some of them could integrate a compare with the skip, but some of them needed three instructions: compare -> CCs; skip based on CCs; jump. Not high performance.

Compare and branch, all in one instruction, is best most of the time if you have the opcode space for it.

2 more replies

Symmetry4y ago

Depends on your background I guess? If you've taken a course like Computation Structures sure!

https://ocw.mit.edu/courses/electrical-engineering-and-compu...

cepher4y ago

That class looks amazing. Took a higher level computer systems course in undergrad that roughly followed http://csapp.cs.cmu.edu/ (great course).

hulitu4y ago

Will be nice to see some affordable motherbords and processors with this architecture.

j / k navigate · click thread line to collapse

34 comments

hlieberman4y ago

[0]: https://boom-core.org/

[1]: https://github.com/abejgonzalez/boom-attacks

[2]: https://boom-core.org/docs/replicating_mitigating_spectre_ca...

[3]: https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/cheri...

[4]: https://kth.diva-portal.org/smash/get/diva2:1538245/FULLTEXT...

brucehoult4y ago

It's not actually very hard to avoid these kids of vulnerabilities. All that is needed is to not permanently update state until the instruction is no longer speculative.

For example:

- don't update the branch prediction tables until the branch is proven to execute

- if loading a cache line causes another cache line to be evicted, keep both until it is known whether the load is supposed to execute

oldnews1934y ago

> - don't update the branch prediction tables until the branch is proven to execute

> - if loading a cache line causes another cache line to be evicted, keep both until it is known whether the load is supposed to execute

1 more reply

ncmncm4y ago

Yes, it is a fundamentally misleading assertion.

johnbloodOP4y ago

I made that statement in the article because that is what my research showed.

1MachineElf4y ago

Lately I find myself upvoting every submission from Klara Systems[0]. Focus of the articles seems to be consistently good. I'm not affiliated with them, just an impressed onlooker.

[0] https://news.ycombinator.com/from?site=klarasystems.com

ncmncm4y ago

I do not. This article is fluff, with at least one glaring falsehood noted in a sibling comment.

cepher4y ago

ncmncm4y ago

Symmetry4y ago

1 more reply

brucehoult4y ago

Newsflash: people who made different decisions on their own designs think they made the right decision. Update at 9.

ISAs without condition codes have been around for a long time, and very technically successful. MIPS and DEC Alpha, for example. (both killed by clueless management, not any technical issue)

Compare and branch, all in one instruction, is best most of the time if you have the opcode space for it.

2 more replies

Symmetry4y ago

Depends on your background I guess? If you've taken a course like Computation Structures sure!

https://ocw.mit.edu/courses/electrical-engineering-and-compu...

cepher4y ago

That class looks amazing. Took a higher level computer systems course in undergrad that roughly followed http://csapp.cs.cmu.edu/ (great course).

hulitu4y ago

Will be nice to see some affordable motherbords and processors with this architecture.

j / k navigate · click thread line to collapse