[webkit-dev] Disabling the 32-bit JITs by default.

Keith Miller keith_miller at apple.com
Fri Feb 16 14:58:07 PST 2018

I recently created a patch to disable the 32-bit JITs by default. https://bugs.webkit.org/show_bug.cgi?id=182886. 

The last time this was discussed was before the discovery of Spectre. In the interim, there have been a number of changes made to JavaScriptCore in an attempt to mitigate Spectre. Nobody has proposed a mitigation plan for 32-bit WebKit. For example, pointer poisoning only works for 64-bit processors as they currently have a number of high bits that will never be set in a valid pointer. In 32-bit code the full address space is mappable so pointer poisoning is not guaranteed to be effective.

Given the importance of developing mitigations for Spectre in a timely manner I think we should disable 32-bit JITs, in the near term, but more likely permanently.


More information about the webkit-dev mailing list