06. January 2019

Alignment Checking & Meltdown

Here is some interesting news for compiler writers worried about Meltdown. I have previously described a way to get hardware-based type checks (think branchless car, cdr, vector-ref, etc.) using alignment checks. It now appears that this technique may be immune to Meltdown-type attacks:

Alignment Faults.

Upon detecting an unaligned memory operand, the processor can (optionally) generate an alignment check exception (#AC). We found that the results of unaligned memory accesses never reach the transient execution. We suspect that this is because #AC is generated early-on (even before the operand’s virtual address is translated to a physical one). Thus, Meltdown-AC is not possible.

A Systematic Evaluation of Transient Execution Attacks and Defenses (2018, Canella, et al.)

The kernel unfortunately can’t use it because #AC does not work at CPL=0, but for user space it could be a great way to avoid some Meltdown vulnerabilities.

18. November 2018

Design Your Low-Bit Tagging with Z3Py

Low-bit tagging is a technique where the low bits of values are used to store type information. There are numerous benefits that come with this technique and it is quite popular in implementations of Scheme, JavaScript and other languages. But once you start down the road of bit-twiddling it is hard to stop and the design of the tagging system may become difficult to understand. So that’s when you look in your tool box and pull out something like Z3, which this article explores.


22. June 2018

R7RS versus R6RS

InPhase asked today on #scheme about the R7RS vs R6RS debate. I followed the original debate closely and have experience both using and implementing R6RS. I also recently added R7RS support in Akku.scm 0.3.0, so I feel like I can weigh in on this. It’s a topic that many feel passionately about, and I’m also firmly on one side of the debate, but I will try to keep my own opinions and hyperbole out of it this time.