On Abnormal Execution Timing of Conditional Jump Instructions

TL;DR

This paper investigates timing variabilities in conditional jump instructions caused by micro-op cache placement and instruction offset, demonstrating their impact on performance and security across multiple architectures and real-world binaries.

Contribution

It systematically analyzes timing variabilities in conditional jumps, identifies their microarchitectural causes, and proposes alignment strategies to mitigate performance impacts and security vulnerabilities.

Findings

Timing variability is caused by micro-op cache placement and instruction offset.

Aligning instructions to 32-byte boundaries reduces timing variability.

Timing variability can be exploited as a covert channel with 16.14 Mbps throughput.

Abstract

An extensive line of work on modern computing architectures has shown that the execution time of instructions can (i) depend on the operand of the instruction or (ii) be influenced by system optimizations, e.g., branch prediction and speculative execution paradigms. In this paper, we systematically measure and analyze timing variabilities in conditional jump instructions that can be macro-fused with a preceding instruction, depending on their placement within the binary. Our measurements indicate that these timing variations stem from the micro-op cache placement and the jump's offset in the L1 instruction cache of modern processors. We demonstrate that this behavior is consistent across multiple microarchitectures, including Skylake, Coffee Lake, and Kaby Lake, as well as various real-world implementations. We confirm the prevalence of this variability through extensive experiments on a large-scale set of popular binaries, including libraries from Ubuntu 24.04, Windows 10 Pro, and several open-source cryptographic libraries. We also show that one can easily avoid this timing variability by ensuring that macro-fusible instructions are 32-byte aligned - an approach initially suggested in 2019 by Intel in an overlooked short report. We quantify the performance impact of this approach across the cryptographic libraries, showing a speedup of 2.15% on average (and up to 10.54%) when avoiding the timing variability. As a by-product, we show that this variability can be exploited as a covert channel, achieving a maximum throughput of 16.14 Mbps.