[Webkit-unassigned] [Bug 181453] Spectre bound check mitigation efficiency

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 9 19:02:43 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=181453

Filip Pizlo <fpizlo at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #1 from Filip Pizlo <fpizlo at apple.com> ---
This doesn’t completely fix Spectre since the CPU will sometimes verify the branch after the leaking load. There is nothing in your code snippet that prevents this. 

So, although this probably performs great, it’s too risky since it still leaves Spectre as a theoretical possibility.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180110/225e11a3/attachment.html>


More information about the webkit-unassigned mailing list