Quantcast

This CPU Exploit-Safe Version of 'Doom' Runs at .00003 FPS

One way to defend against Spectre and Meltdown.

Michael Byrne

Michael Byrne

The Spectre and Meltdown CPU exploits, which allow data to leak from highly secure parts of a computer to really wherever, are bad because they have to do with something pretty fundamental in how modern computer processors work. This is a feature called branch prediction, which basically means that a CPU might process data before it's actually needed in situations where a program has to make a decision to do one thing instead of another thing, which is called branching.

Here's a whole thing on how that works in terms of Spectre and Meltdown. For now, just understanding that branching is pretty important to how computer programs work but it can also lead to optimizations that are insecure. One extreme solution might be removing branching from computer programs altogether. Make software entirely, 100 percent deterministic.

That's what Github user xoreaxeaxeax did to Doom. Their version of the game is branchless and relies on just a single machine instruction. There's no branching, or even arithmetic: The only processor command it contains is "mov", which scoots data from memory address to memory address. It's actually a demonstration of xoreaxeaxeax's more general C compiler, the M/o/Vfuscator2, which converts commands in the C programming language into machine-level instructions. Or, in this case, instruction, singular.

The downside of this is that the resulting machine instructions are spectacularly inefficient. Single-instruction, branchless Doom renders a single frame every seven hours on a 386 Intel processor. Security ain't free.