1

The branch that is guessed to be the most likely is then fetched and speculatively executed. If it is later detected that the guess was wrong then the speculatively executed or partially executed instructions are discarded and the pipeline starts over with the correct branch, incurring a delay.

The citation comes from wikipedia.

Why is it possible to always discard executed instructions? For example, what about a situation where the first instruction in mispredicted taken branch is syscall 0x60 ( on Linux it is interruption: "Exit program" ). I know that the program won't be exited in case of misprediction but how the CPU is able to discard?

I know that every instruction ( splitted to micro-ops) must be retired to be finished. Maybe it is important for speculative execution?

Gilgamesz
  • 4,727
  • 3
  • 28
  • 63
  • 2
    The first stages in the instruction pipeline, which do not modify memory or registers, (for example: instruction fetch and decode) can always be performed without any problem about discarding the results. – interjay Jun 06 '16 at 11:34

1 Answers1

1

Speculative execution typically applies to loading registers and branching. These are easily wound back by the CPU using techniques such as register renaming.

Not all instructions can be reliably rolled back. As you've identifier, things like a syscall can't. For example, if you've made a system call to delete a file the CPU isn't going to be able to roll that back! What happens here is that when speculative execution is active certain instruction cause a "stall" in execution whilst the CPU waits to determine the actual outcome of the branch.

Sean
  • 60,939
  • 11
  • 97
  • 136
  • So, the answer is: Only easily wound back instruction can be speculatively executed. **First** not easily wound back instruction stops speculative execution till outcome of brnach is not known. Right? – Gilgamesz Jun 06 '16 at 11:21
  • Why wouldn't `syscall` be easily discarded? It's basically a `jmp`, that only changes the instruction pointer register, right? Any sources on this? – vidstige Jun 06 '16 at 11:27
  • @vidstige - it's not really just a jump, `syscall` is typically a transition from user space to kernel space, whereas a regular `jmp` isn't. – Sean Jun 06 '16 at 11:33
  • @Sean alright, so you have no sources on this, but are just speculating then. – vidstige Jun 06 '16 at 11:54
  • 1
    @vidstige what kind of source are you even looking for? What syscall does is found in [the manual](http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html). That it would be hard to speculate past is a consequence of its semantics. – harold Jun 06 '16 at 13:45