assemblyx86emu8086rdrand

x86 assembly: Looking for examples of loops that can break under very technical\specific conditions


In my previous question ( x86 Assembly: Having hard time finding ideas for an infinite loop challenge ) Somebody showed this little code that can be broken under very specific conditions:

safe: 
    rdrand 
    jc safe

This code obviously doesn't work on the emulator that I'm working on, but I really liked that idea. So I wanted to see if anybody knows anything similar to that that does work on the emu8086. Thanks!


Solution

  • This "breaks" by exhausting the hardware RNG using other cores running the same loop (or one that's not conditional on the RDRAND return value).

    This is only even possible on some CPUs with the RDRAND feature, not including the first gen with it, IvyBridge. What are the exhaustion characteristics of RDRAND on Ivy Bridge?

    emu8086 emulates a single-core 8086 so there aren't multiple cores that can run simultaneously anyway. It also doesn't have any shared resources like that. There's no remotely similar equivalent, I don't think.

    Other than RDRAND, a modern x86 could maybe run a timing-sensitive loop that checks the interval between back-to-back rdtsc results (time-stamp counter), or that uses rdtsc to time the latency of a long chain of imul. Then competition from another logical core (hyperthread) on the same physical core could break it. That would give you the same kind of shared-resource effect. Or even contention to atomically increment a memory location could be sensitive to contention between physical cores.

    These ideas are still useless for 8086, though. It doesn't do SMP, only a single-processor system. Nothing even like that idea can work on 8086, unless you consider things like device interrupts. e.g. program an interrupt controller to fire a timer interrupt very frequently.