Posted on Thursday, February 15 2018 @ 13:30 CET by Thomas De Maesschalck
ARS Technica investigated a fix for Microsoft's compiler and notes this is a good example that the Spectre CPU vulnerability isn't easy to solve. The site notes that the patch doesn't even fix Spectre variant 1 entirely, most Spectre-vulnerable code will likely still escape. Full details
over here.
The work done on the compiler and the limitations faced underscore what a complex problem Spectre poses for the computing industry. The processors are working as they're supposed to. We can't do without speculative execution of this kind—we need the performance it offers—but equally, we have no good way of systematically addressing the security concerns it creates. Compiler changes of the kind Microsoft has made are well-meaning, but as Kocher's investigation has shown, they're a long way short of offering a complete solution.
