So I was looking up everywhere and could not find any mitigations for Spectre attack by the Kotlin compiler! Do you know if there are any mitigations for different kinds of Spectre attacks Specter v1 (Spectre-PHT), v2 (Spectre-BTB), v4 (Spectre-STL) and v5 (Spectre-RSB) at the compiler level for Kotlin?
Looking forward to hearing from you guys 
1 Like
What platform?
Honestly, I’m not thinking about anything specific. I’m just curious about it generally. @fvasco Do you think different platforms result in different behaviour?
To be honest I don’t think this is really a kotlin issue. Maybe this is relevant for native, you would need to ask someone who knows more about how that platform works.
Kotlin JS and JVM however shouldn’t have any issues with spectre. As I understand it specter is a low level attack on branch prediction on some CPUs. Since both JVM and JS are running in a VM this is not something that can be done with kotlin. There might be some small issues with the underlying JVM but I doubt it in this case, but even if there is, this would need to be fixed by the JVM guys. Nothing kotlin can do here.
Regarding kotlin native this might be a small issue, but I also doubt it. From my understanding the memory access kotlin native allows does not give enough flexibility to use the spectre attack, but I honestly don’t know enough to make any real statements about this so take this with a big grain of salt. I’m neither a security expert nor do I know much of how kotlin native works.
1 Like
It is a backend issue. The only place where it is relevant is native. Native uses llvm as backend. I would be very surprised if it doesn’t have the capability to mitigate spectre by different code generation. It probably needs to be enabled specially as it reduces speed and isn’t an issue for most software.
1 Like