[webkit-dev] Disabling the 32-bit JITs by default.
Keith Miller
keith_miller at apple.com
Fri Feb 16 14:58:07 PST 2018
I recently created a patch to disable the 32-bit JITs by default. https://bugs.webkit.org/show_bug.cgi?id=182886.
The last time this was discussed was before the discovery of Spectre. In the interim, there have been a number of changes made to JavaScriptCore in an attempt to mitigate Spectre. Nobody has proposed a mitigation plan for 32-bit WebKit. For example, pointer poisoning only works for 64-bit processors as they currently have a number of high bits that will never be set in a valid pointer. In 32-bit code the full address space is mappable so pointer poisoning is not guaranteed to be effective.
Given the importance of developing mitigations for Spectre in a timely manner I think we should disable 32-bit JITs, in the near term, but more likely permanently.
Thoughts?
Keith
More information about the webkit-dev
mailing list