Last active
December 4, 2024 05:59
-
-
Save lovely-error/8f0d1e3f330ea2c2ee1dd648a8453ab0 to your computer and use it in GitHub Desktop.
The only way to suppress speculation on branches??
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdbool.h> | |
| void lmao (bool cond) { | |
| void* jmp_addr ; | |
| __asm__ goto volatile ( | |
| "mov %[true_label], %[jmp_addr]\n\t" | |
| "mov %[false_label], %%rbx\n\t" | |
| "test %[cond], %[cond]\n\t" | |
| "cmovz %%rbx, %[jmp_addr]\n\t" | |
| "jmp *%[jmp_addr]\n\t" // this compiles to near jump (ff prefix) | |
| "int3\n\t" // intel manual says this after near jump suppreses speculative execution | |
| : [jmp_addr] "+r" (jmp_addr) | |
| : [true_label] "i" (&&if_true_br_1), [false_label] "i" (&&if_false_br_2), [cond] "r" (cond) | |
| : "rbx" | |
| : if_true_br_1, if_false_br_2 | |
| ); | |
| if_true_br_1: { | |
| printf("A\n"); | |
| goto if_end_1; | |
| }; | |
| if_false_br_2: { | |
| printf("B\n"); | |
| goto if_end_1; | |
| }; | |
| if_end_1: {}; | |
| } | |
| // this thing get compiled to different code | |
| void cringe (bool cond) { | |
| void* jmp_addr = cond ? &&if_true_br_1 : &&if_false_br_2; | |
| goto *jmp_addr; | |
| __asm__ volatile ("int3"); | |
| if_true_br_1: { | |
| printf("jopa"); | |
| goto if_end_1; | |
| }; | |
| if_false_br_2: { | |
| printf("piska"); | |
| goto if_end_1; | |
| }; | |
| if_end_1: {}; | |
| } | |
| int main() { | |
| lmao(true); | |
| lmao(false); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment