After reading about Spectre & Meltdown vulnerabilities, I learned about speculative execution.
Given the following simple C++ program:
#include <stdlib.h>
void mallocBranch(int i) {
if (i < 500) {
malloc(i);
}
}
int main(int argc, char** argv){
for (i := 0; i < 5000; i++) {
mallocBranch(1);
}
mallocBranch(500000000);
return 0;
}
- I am assuming that the
malloc
calls are not optimized out by the compiler.
Q: What happens when mallocBranch(500000000)
is called? Will the CPU look at the branch-prediction cache and see that past calls to if (i < 500)
succeeded and speculatively execute the branch with malloc(500000000)
? Would the number of branches in malloc
overwrite the entire contents of the branch-prediction cache each time? If malloc(500000000)
is actually speculatively executed, would 500million bytes of memory be allocated to the process, if only temporarily?