The Xbox 360’s CPU Had A Meltdown-Like Bug Too
Ah, processor bugs! Spectre and Meltdown are a big deal, affecting a wide range of hardware and software configurations. So all of us, basically. What’s interesting is that this isn’t the first time speculative execution has popped up as a problem — back in 2005, the PowerPC chip in the Xbox 360 had a similar issue.
While he’s now at Google, Bruce Dawson used to work for Microsoft, where he was “the Xbox 360 CPU guy”. In a recent blog post, Dawson reminiscences about an issue he encountered while working with the console’s central processor.
It’s rather technical, but here’s the long and short of it. A special command was added to the instruction set of the Xbox 360 CPU, called xdcbt. It was designed to make memory operations faster. Unfortunately in practise, it could cause the console to crash.
No worries, thought Dawson, just don’t use the instruction. And it worked… until it didn’t. The instruction was being skipped by using an if/else block, so technically it was still in the code and being compiled, which meant the CPU could speculatively execute it as part of branch prediction.
Once the full extent of the problem was understood, Dawson was left with one option:
The branch predictor realization made it clear that this instruction was too dangerous to have anywhere in the code segment of any game – controlling when an instruction might be speculatively executed is too difficult … It was possible to reduce the risk, but not eliminate it, and it just wasn’t worth it. While Xbox 360 architecture discussions continue to mention the instruction I doubt that any games ever shipped with it.
A great catch, to be sure and likely saved many developers from debugging hell. Sadly for Microsoft, a Meltdown-like bug would turn out to be the least of the Xbox 360’s problems.
Finding a CPU Design Bug in the Xbox 360 [Random ASCII]