有谁知道是否有一个地方可以让我了解有关 Spectre V4(推测存储绕过)漏洞的更多信息?我已经知道 V1-V3 和 Foreshadow。我发现 英特尔的描述有点混乱,尤其是他们的示例代码(我在这里复制了它)
X = &K; // Attacker manages to get variable with address of K stored into pointer X
<at some later point>
X = &M; // Does a store of address of M to pointer X
Y = Array[*X & 0xFFFF]; // Dereferences address of M which is in pointer X in order to
// load from array at index specified by M[15:0]
由于最后两条指令之间存在真正的依赖关系,处理器如何推测性地执行最后一次加载。(我认为乱序执行仍然应该尊重真正的依赖,对吧?)