A Second Look at Port Assignment on Intel CPUs (work in progress)
Authors: Yarin Oziel , Tomer Laor , Shlomi Levy , Clémentine Maurice , Yossi Oren , Thomas Rokicki , Gabriel Scalosub
Appeared in: 2nd Microarchitecture Security Conference, 2026
Abstract
Modern superscalar processors, such as Intel’s Core processors, feature multiple ports in their execution engines, allowing each processor core to execute multiple instructions in parallel. Understanding how individual instructions are mapped to the different execution ports in the CPU’s back end is crucial for writing performance-optimized code, and has also been recently found to be useful as a building block for a series of micro-architectural security-related works.
In 2022, Abel and Reineke developed a pipeline model of the Intel Core microarchitecture, specifying a port assignment algorithm. Under this model, µ-ops are assumed to be assigned to the eligible port with the fewest outstanding (non-executed) µ-ops, breaking ties by choosing the port with the least amount of functional units, and alternating between the least-used port and the second least-used port in some cases. In this work, we show that the behavior of the port assignment policies is significantly more complex than previously considered, and that this added complexity has security implication.
Through a series of custom-designed microbench-marks, run on multiple generations of microarchitectures, we show that the port mapping strategy applies complex and dynamic heuristics, which depend on the instruction being decoded, and the micro-architectural generation of the CPU.
To support reproducible research, we publish our code and data in an extensive open repository. Our results highlight the risk of relying on common-case microbenchmarks when trying to understand corner-case micro-architectural behavior, especially of the type used in security research.
Draft version
Artifact Repository