Open Bug 1904546 Opened 1 year ago Updated 5 months ago

Support ARM PAC in the JIT

Categories

(Core :: JavaScript Engine: JIT, enhancement, P3)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
enhancement

Tracking

()

People

(Reporter: gcp, Unassigned)

References

(Blocks 3 open bugs)

Details

https://developer.apple.com/documentation/browserenginekit/protecting-code-compiled-just-in-time

"Additionally, your JIT compiler needs to emit arm64e code that uses PAC-protected pointers. Your browser engine needs to adopt PAC for any pointer that influences control flow in your interpreter code."

The prototype can work without JIT, but we'll need to support this for a full fledged browser. There's some similarities with the CET work in bug 1902244.

Blocks: sm-security, sm-jits
Severity: -- → N/A
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.