Spectre looked more nuanced: a side effect of other optimizations. Meltdown to me looked trivial to exploit, just a straight up bug in the design of the pipeline. And it was found that the speculative load occurred before security checks were performed, allowing one to figure out the content of memory that would have been trapped if read directly.ĪIUI the chap who found Meltdown - a Googler straight out of uni - read the Intel soft dev manual, saw the part that said if a branch is taken, the CPU won't execute the instructions that follow immediately after the branch, and thought, 'yeah but I wonder if it does?' Whereas, Meltdown was as simple as placing a load after a branch instruction and seeing if the load was speculatively executed even if the branch was taken.
Spectre's a bit different IMHO because while it could be exploited to leak data, it was more like discerning info through instrumentation.
IMHO it's possible to argue that Meltdown was a defect because Intel trivially broke one or more of the data security guarantees it gave in its documentation (IIRC, it's been a while so ICBW).
