Rich Freeman <ri...@gentoo.org> wrote: > > Higher-level languages will probably become nearly immune to Spectre just > as most are nearly immune to buffer overflows.
Quite the opposite: Higher-level languages *always* do some checks for array-length etc, and it is the _checks_ which are vulnerable. You can only make them non-vulnerable by making them horribly slow (by omitting speculative execution completely for the corresponding conditionals). The same omission could also be arranged automatically for _every_ C-code (security at the price of a hugh speed cost). I still do not understand why such an option is not yet implemented in gcc: AFAIK, none of the current options -mindirect-branch* -mfunction-return* -fcf-protection=full (though I am not completely sure about the latter) would protect you automatically against speculative exection for bound-checking conditional tests. I am aware that this would cost a lot of speed, but for certain systems/applications this might be worth.
