I do not believe that it's impossible to fix Spectre in hardware without disabling speculation. How about we fix the state changes that Spectre detects. For example, we could have a buffer that stores evicted cache lines during speculation and restores them if a rollback is necessary. Yeah, it wouldn't be free, but it would be faster than disabling all speculation.
> For example, we could have a buffer that stores evicted cache lines during speculation and restores them if a rollback is necessary
The problem is that with pure software isolation, as being discussed here, every access is observable within the "same program", so every speedup would need to be rolled back.
With hardware boundaries, you know which speculations to roll back (or just avoid doing), so you can put a fix in silicon.
I understand that. You cannot make this work, because in the case of pure software isolation, any instruction can theoretically be used to snoop on any other instruction. That means speculation can theoretically be detectable if it speeds up anything.
