Alexander Monakov@amonakov@mastodon.gamedev.place
@ptesarik@infosec.exchange no, not 100% at all. Branch prediction needs to work in several stages, the initial stage needs to guess the next fetch block just on the basis of current fetch address, without inspecting the bytes. In the following cycles a more educated guess can resteer the prediction, but return address prediction also happens not so late in the frontend.
(also consider that address calculation for an uncond jump is "cheap" only if it doesn't cross a page, otherwise needs virt->phys address xlat)
Petr TesaΕΓk@ptesarik@infosec.exchange
@amonakov@mastodon.gamedev.place FWIW Intel documentation says:
Branches that do not have a history in the BTB are predicted using a static prediction algorithm.Unconditional jumps are given as an example of a branch that is always predicted as taken.
As for TLB considerations, that's moot. Intel L1 cache is VIPT, so if a TLB entry is missing, this is detected later and reported as an L1 cache stall. I can check L1 stalls if needed. Maybe I should.