Systematic Analysis of Programming Languages and Their

Execution Environments for Spectre Attacks

Amir Naseredini1,3 , Stefan Gast2,3 , Martin Schwarzl3 , Pedro Miguel Sousa Bernardo4 , Amel Smajic3 ,
Claudio Canella3 , Martin Berger1,5 , Daniel Gruss2 ,3
1
University of Sussex, United Kingdom
2
Lamarr Security Research, Austria
3
Graz University of Technology, Austria
4
Instituto Superior Técnico, Universidade de Lisboa, Portugal
5
Turing Core, Huawei 2012 Labs, London, UK

Keywords:
Speculative Execution, Spectre Attacks, Programming Languages, Execution Environment

Abstract:
In this paper, we analyze the security of programming languages and their execution environments
(compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out
of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no
mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre
proof-of-concept attacks in 8 programming languages and on code generated by 11 execution envi-
ronments that were previously not known to be affected. Our results highlight some programming
languages that are used to implement security-critical code, but remain entirely unprotected, even
three years after the discovery of Spectre.

1 INTRODUCTION and then rolls back the architectural state, but

In conditional branch instructions, deciding
whether to branch or not requires evaluating the
branch condition, which can depend on a slow
operation, such as main memory access. In most
programs, branches are highly predictable from
information available before the branch condition
has been evaluated, primarily past outcome of re-
lated conditional branches. This predictability
is exploited using branch predictors, adaptively
trained as the CPU executes, on past branch-
ing behavior, see [Mittal, 2018] for an overview.
Branch prediction allows CPUs to execute the
predicted direction of the branch long before the
result of evaluating the branch condition is avail-
able. If the prediction is wrong, the execution of
the predicted branch is rolled back, and the other
branch is executed. Note that only the architec-
tural state is rolled back, but not the microarchi-
tectural state, which remains visible in contem-
porary CPUs. Spectre exploits the mismatch be-
tween architectural and microarchitectural state
by mistraining branch predictors, so victim code
(called gadget) executes a mispredicted branch
not the microarchitectural state. The gadget con-
sists of a sequence of instructions, guarded by a
conditional branch, that encodes a secret from
the victim’s own address space into the microar-
chitectural state, e.g., into the cache by making
cache lines cached or not. This encoded infor-
mation remains accessible to attackers after the
misprediction is rolled back by the CPU.
Spectre attacks have so far been demon-
strated in JavaScript [Kocher et al., 2019], native
code [Kocher et al., 2019, Canella et al., 2019],
Go [Duete, 2018] and Rust [Chládek, 2020]. Con-
sequently, a vast variety of mitigations have
been proposed, and some of them have been de-
ployed in practice. While Meltdown attacks are
mainly mitigated in hardware or microcode, Spec-
tre attacks mainly rely on mitigations on the
operating-system level, or in compilers and JIT
engines. Given the large number of mitigations
and programming languages with associated exe-
cution environments, it has become unclear which
programming languages, interpreters, compilers
and JIT engines, have working mitigations today
and can securely be used to implement security-
critical code, and which do not.
Spectre does not necessarily work in every sin-
gle execution environment. The possibility of be-
ing able to pull off the attack depends on several
factors including (but not limited to) the runtime
environment, whether it is fast enough (e.g., in-
terpreters might be too slow for the attack to be
pulled off), the compiler and the transformations
that it enforces on the code such as optimizations
(e.g., whether it emits the code that is efficient
enough for this purpose), or the language and
its constructs (e.g., do branch-predicted code se-
quences exit on the binary level). Hence, it was
not known which languages, compilers, and en-
vironments need mitigations. We are the first
to systematically study which languages, compil-
ers, and execution environments need mitigations
against Spectre attacks. The result of this study
helps developers of languages, compilers, and en-
vironments to find out whether or not they should
implement mitigations.
In this paper, we systematically analyze the
security against Spectre attacks, of the top 30
most-popular programming languages, which in-
volves an analysis of 42 compilers and execution
environments. We categorize the languages and
their execution environments into three different
categories: interpreted, compiled, and managed
languages. We determine for each of these lan-
guages, compilers and runtimes, whether Spectre
mitigations exist and are implemented. The basis
of this analysis is publicly available documenta-
tion and direct communication with developers.
We discover that only 16 of the analyzed execu-
tion environments have mitigations for at least
one Spectre variant. Based on this initial anal-
ysis, we perform a full-scale analysis of the ex-
istence of Spectre gadgets for each of these lan-
guages and environments. To facilitate our anal-
ysis, we present a novel method and tool, Specon-
nector. Speconnector allows us to evaluate and
exploit Spectre gadgets independent of the pro-
gramming language to validate leakage without
bi-directional interaction. We use Speconnector
to develop Spectre proof-of-concept attacks for 16
programming languages, half of which were previ-
ously not known to be affected. Our results high-
light that programming languages and their exe-
cution environments used to implement security-
critical code remain entirely unprotected, even
three years after the discovery of the issue, and
still continue to leak secrets.
To demonstrate the concrete security impact
of our results, we present two case studies that
exploit security libraries using Spectre attacks.
First, we attack the Alice crypto library, imple-
mented in Java using the OpenJDK compiler. We
demonstrate that we can leak the secret key used
by Alice for encryption purposes by exploiting a
Spectre gadget in it. Second, we attack cryptokit,
implemented in OCaml using the ocamlopt native
compiler. In this case study, we show that by ex-
ploiting a Spectre gadget, we can leak secret data
while it resides in memory.
Our work shows that there are still several
critical security libraries implemented in pro-
gramming languages suffering from the lack of
mitigations. Security-critical code implemented
in these languages remains entirely unprotected
against Spectre-type attacks, even three years af-
ter the discovery of the issue. We responsibly
disclosed our findings to the corresponding ven-
dors and worked with them on solutions. How-
ever, we emphasize that this problem goes be-
yond these specific libraries and is a problem that
must be solved by the corresponding compiler,
runtime, or interpreter. Finally, until mitigations
are available in compilers and runtime environ-
ments, developers should be cautious using these
programming languages for security-critical code,
and users should also be alert using security ap-
plications implemented in such languages.
Contributions. Our contributions are:
1. A systematic analysis of the security of pro-
gramming languages and their execution envi-
ronments with respect to Spectre attacks.
2. We introduce Speconnector, a novel tool to
evaluate and exploit Spectre gadgets indepen-
dent of the programming language.
3. We demonstrate the security impact with two
case studies of security-related libraries, and
show that we can leak secrets from them.
Outline. Section 2 provides background. Sec-
tion 3 systematically analyzes programming lan-
guages for Spectre mitigations. Section 4 presents
our new tool Speconnector and our threat model.
Section 5 presents our systematic analysis of
the Spectre susceptibility of environments using
Speconnector. Section 6 presents two case studies
showcasing our results. We conclude in Section 7.
2 BACKGROUND
In this section, we provide background on spec-
ulative and transient execution with a focus on
Spectre-type attacks, as well as interpreted, com-
piled, and managed programming languages.
Speculative Execution. Because programs
contain conditional branching, CPUs often do
not know which instruction needs to be executed
next. This occurs, for instance, when the out-of-
order execution reaches a not yet completed con-
ditional branch instruction which determines con-
trol flow. With speculative execution, the CPU
can save the current register state, predict the
most likely outcome based on similar events in
the past, and speculatively execute in the pre-
dicted direction. Once the predicted branch in-
struction has completed execution and the cor-
rect path is known, the CPU can decide what
to do with the speculatively executed instruc-
tions. In the case of a correct prediction, the
CPU simply commits (retires) the instructions in
the order of the instruction stream, making the
results visible on the architectural level. How-
ever, if the prediction is not correct, the CPU
rolls back to the saved register state, discards the
result of the wrongly executed instructions, and
continues with the execution of the correct path.
The discarded instructions are commonly re-
ferred to as transient instructions [Kocher, 1996,
Lipp et al., 2018, Canella et al., 2019]. While the
architectural state is rolled back in the case of a
wrong prediction, the microarchitectural state is
not reverted, hence allows to infer results and side
effects of the transiently executed instructions.
To make such predictions and maximize
the performance, CPUs utilize the Branch
Prediction Unit (BPU), which consists of dif-
ferent prediction mechanisms [Mittal, 2018].
One such prediction mechanism is the afore-
mentioned conditional branch prediction
which is done by the Pattern History Table
(PHT) [Canella et al., 2019]. Other mecha-
nisms predict conditional and indirect jump
targets [Kocher, 1996] or return addresses
of functions [Maisuradze and Rossow, 2018,
Koruyeh et al., 2018]. Indirect jumps are pre-
dicted by the Branch Target Buffer (BTB)
[Lee et al., 2017, Evtyushkin et al., 2016,
Kocher et al., 2019], returns by the Return Stack
Buffer (RSB) [Maisuradze and Rossow, 2018,
Koruyeh et al., 2018].
Branch-prediction logic, e.g., BTB and RSB,
is typically not shared across physical cores
1 if (x < length_of_data) {
2 tmp &= lookup_table[data[x] << 12];
3 }
Figure 1: An example of an index gadget.
[Ge et al., 2016], but sometimes among logical
cores [Maisuradze and Rossow, 2018]. Therefore,
the CPU learns only from previous branches ex-
ecuted on the same physical core.
Transient-Execution Attacks. While spec-
ulative and out-of-order execution signifi-
cantly increase the performance of CPUs
[Tomasulo, 1967], these features also have a
significant impact on the security of software
running on the CPU. So-called transient-
execution attacks [Canella et al., 2019] have
demonstrated that the effects of transient
instructions can be reconstructed on the archi-
tectural level as the microarchitectural effects
are not reverted. To bring the effects to the
architectural level, these types of attacks leverage
traditional side-channel attacks, e.g., cache at-
tacks. While the cache has been predominantly
exploited for the transmission of the secret
data [Kocher et al., 2019, Canella et al., 2019,
Maisuradze and Rossow, 2018,
Koruyeh et al., 2018], other channels have
also been shown to be effective, e.g., execution
port contention [Bhattacharyya et al., 2019].
Kocher et al. [Kocher et al., 2019]
first discussed transient-execution attacks
[Canella et al., 2019] using speculative execution
and demonstrated that conditional branches
and indirect jumps are potential elements to be
exploited to leak data. Subsequent work has then
shown that the idea can be extended to func-
tion returns [Maisuradze and Rossow, 2018,
Koruyeh et al., 2018] and store-to-load
forwarding [Horn, 2018]. Canella et al.
[Canella et al., 2019] then systematically an-
alyzed the field and demonstrated that the
necessary mistraining can be done in the same
and a different address space due to some
predictors being shared across hyperthreads.
Additionally, they showed that many of the pro-
posed countermeasures are ineffective and do not
correctly target the root cause of the problem.
More recent work [Canella et al., 2020a] has
then analyzed the commonalities of these attacks
instead of the differences [Canella et al., 2019].
To mitigate all these attacks, various
proposals have been made by industry and
academia. Canella et al. [Canella et al., 2020b]
analyzed the differences between counter-
measures from academia and industry, high-
lighting that academia proposes more radical
countermeasures compared to industry. Pro-
posed mitigations either require hardware
changes [Kiriansky et al., 2018, Yan et al., 2018,
Khasawneh et al., 2019], secret annota-
tion [Schwarz et al., 2020, Palit et al., 2019,
Fustos et al., 2019], new data dependen-
cies [Oleksenko et al., 2018, Carruth, 2018b],
or reduced timer accuracy [Pizlo, 2018,
Chromium Project, 2018, Wagner, 2018].
Gadgets. In transient-execution attacks, a gad-
get is a piece of code used to transfer the secret
information from the victim’s side into a covert
channel from which the attacker can then retrieve
it. Kocher et al. [Kocher et al., 2019] introduced
the first Spectre gadget, which is shown in Fig-
ure 1. In such a gadget, secret information is
stored in memory following the array data. A
global variable tmp is used to prevent optimizing
out the memory access. The attacker controls the
value of x, which allows mistraining the branch
for the length check, i.e., the attacker first sup-
plies values for x that are lower than length of -
data. After mistraining the branch, the attacker
supplies a larger value, accesses the secret during
transient execution, and encodes it in lookup ta-
ble, which is shared between victim and attacker.
From there, the attacker reads using a cache at-
tack. Canella et al. [Canella et al., 2020a] refer
to such a gadget as an index gadget.
Compiled vs Interpreted vs Managed Pro-
gram Execution. An important distinction in
program execution is between interpretation and
compilation. The difference is in whether the pro-
gram is executed directly using an interpreter, or
with an intermediate compilation stage where a
compiler generates a new program to be executed.
A third option are hybrid compilers where the re-
sulting file of the compilation is again interpreted,
combining the other two approaches. We refer
to this as managed program execution. We often
speak of execution environment to mean any of
compilers, interpreters, or their hybrids.
All of these approaches to execute a program
have different advantages and disadvantages. For
instance, compiled languages only incur the over-
head of translating the code once, while inter-
preted languages need to translate it every time
they are being run. Hence, compilers can per-
form more sophisticated optimizations as the time
needed for translation is less important. LLVM
[Lattner and Adve, 2004] is an example of an op-
timizing compiler framework. C and C++ are
examples of programming languages that are usu-
ally executed by compilation, although, in princi-
ple, they can also be interpreted. An advantage
of interpreted languages is that they are more
portable as only the interpreter is platform spe-
cific, which does not hold for compiled languages.
As the interpreter needs to hold more information
about the run-time state of the application, inter-
preted applications typically require more mem-
ory during execution than compiled applications.
Perl is an example of a languages that is usually
interpreted and not compiled.
Hybrid compilers seek to combine the advan-
tages of compiled and interpreted languages. We
distinguish several variants of hybrid compilers:
Figure 2 shows the two common variants. In
the first variant, a compiler first translates the
code into platform-independent code, allowing for
more sophisticated optimizations, as well as al-
lowing for portability. When running the ap-
plication, an interpreter executes this platform-
independent code. An example of such a hybrid
compiler is Ocaml when using ocamlc and ocaml-
run: ocamlc carries out the first part to com-
pile the code implemented by the developer, and
then ocamlrun interprets the code generated by
ocamlc. In the second variant, the compiler again
generates platform-independent code. In the sec-
ond phase, the JIT-compiler uses the platform-
independent code to produce the executable code
which is interpreted by the interpreter. The inter-
preter then provides feedback to the JIT-compiler
on how to improve the generated code. An exam-
ple of such hybrid compilers are OracleJDK and
C# .NET. Figure 2 provides an illustration of all
four aforementioned cases.
3 SPECTRE MITIGATIONS BY
LANGUAGE AND RUNTIME
When it comes to mitigating Spectre-type at-
tacks, compilers and interpreters play a crucial
role as they generate the code that is exploited
later on. In this section, we investigate different
compilers and interpreters to determine whether
they provide methods to mitigate such attacks.
Our systematic analysis considers 42 different ex-
ecution environments which are used to translate
the top 30 most-popular programming languages
according to GitHub in the third quarter of 2020.
The languages encompass compiled, interpreted,
and managed languages.
the 8 interpreters that do not provide any public
information. Unfortunately, this step did not pro-
vide any additional insights. Hence, to complete
our investigation, we contacted the developers of
the respective interpreters to ask for information
about potentially implemented mitigations.
In this step, the developers of Perl confirmed
that their interpreter does indeed not contain any
mitigations for any variant of Spectre 1 . For Ruby
(MRI) and PHP, we unfortunately were not able
to discuss the issue with the developers. Never-
theless, our results gathered in the first two steps
show that we are not aware of any mitigation in
these two interpreters. Our analysis for inter-
preters illustrates that it is unclear for 7 of the
9 analyzed interpreters if they have mitigations
implemented to mitigate Spectre attacks
Compiled Languages. Our analysis of compiled
programming languages shows a different result
compared to the analysis of interpreters. In this
analysis, we used the same approach as for the
interpreted languages and their interpreters, i.e.,
searched public documentation, analyzed com-
mits, and contacted the developers.
Table 2 presents the results of our analysis.
The results show that 13 of the 15 considered
compilers provide information about Spectre, but
only 12 of them claim to have implemented mit-
igations for at least one of the existing variants.
While all 12 provide mitigations against Spectre-
PHT, only 10 provide mitigations for Spectre-
BTB. Interestingly, only Go provides a mitigation
for Spectre-RSB, while none of the compilers doc-
ument mitigations against Spectre-STL. In a con-
versation, the developers of Microsoft’s C/C++
compiler confirmed that, despite missing docu-
mentation, their compiler provides a Spectre-STL
mitigation. The developers of ocamlopt also con-
firmed in direct communication that their com-
piler does not provide any form of mitigation
against any Spectre variant. Unfortunately, we
were not able to get any information about the ex-
istence of mitigations for the two remaining com-
pilers, i.e., DM and Haskell (GHC).
Based on our analysis, the Go compiler has the
best situation regarding its mitigations against
Spectre variants as it contains mitigations for 3 of
the 4 Spectre variants discussed by Canella et al.
[Canella et al., 2020a].
1 28
Dan Book confirmed this via email
9 29
Shayne Hiet-Block from Microsoft confirmed this
via email
Managed Languages. Table 3 shows the results
of our analysis of 13 programming languages and
their 18 respective hybrid compilers. This anal-
ysis provides several interesting insights. For in-
stance, except for the JavaScript compilers Spi-
derMonkey [Wagner, 2018, de Mooij, 2019], V8
[Chromium Project, 2018, Mcilroy et al., 2019],
Chakra [Microsoft, 2018], and the Java compiler
GraalVM [Oracle, 2020], none of the other com-
pilers for managed languages provide any form
of public documentation of mitigations against
at least one of the Spectre variants discussed by
Canella et al. [Canella et al., 2020a]. The first
three mitigate Spectre-PHT and Spectre-BTB
while GraalVM only has mitigations for Spectre-
PHT. Similar to the previous case, we again ob-
serve that the compilers that do have mitigations,
all mitigate Spectre-PHT. While we were able
to find documentation regarding Spectre for the
Java compiler OpenJDK, the documentation in-
dicates that no mitigations are available.
To counteract the lack of publicly available in-
formation on mitigations, we contacted the devel-
opers of the PyPy, C#, Scala, Elixir and OCaml
(ocamlc/ocamlrun) compilers to gather informa-
tion on whether they provide mitigations. In all
5 cases, this discussion showed that none of them
contain any mitigations. In addition, the docu-
mentation for OracleJDK [Oracle, 2021] is hint-
ing at Spectre mitigations, however, it is unclear
if any mitigation is implemented and which Spec-
tre variants are the targets in the potential miti-
gations. Unfortunately, the status of the remain-
ing 7 compilers from this category remain unclear
as we did not receive a response. These 7 compil-
ers are Dart, TypeScript, CoffeeScript, Clojure,
CPython, Groovy and Kotlin.
4 Speconnector
This part describes the goal, tasks, and advan-
tages of the Speconnector tool. Speconnector is
written in C, but works for any target language.30
The goal of Speconnector is to determine, eas-
ily and independent from the target language,
whether a given execution environment is vulner-
able to Spectre.
23
Maciej Fijalkowski confirmed this via email
26
Eric Meadows-Jönsson confirmed this via email
Ilya Pleskunin confirmed this via email
Paul King confirmed this via email
30
We plan to open source the tool.
Table 2: Compiled programming languages and their compilers and which Spectre variants they can mitigate
based on the available documentation and direct responses from the respective compilers’ developers. Symbols
show whether Spectre mitigations are available based on the documentation ( ) or communication with devel-
opers ( ), not available based on the communication with developers ( ), or it was unclear whether there are
any mitigations available ( ).

C
e-
M) iv

t)
) l
LV ct

HC el

op
ca l
LV t
)

(o am
(L st

(L if

(L bje

(G sk

ml
el

M)

el

M)

M)

M)
(G ++

(M +

(I ++

(L +
)

)
PLs

OC
C+

C+

Ru

Sw

Ha
CC

S)

nt

LV

CC

S)

nt

LV

LV
C

O
Go

DM
(G

(M

(I

(L
Attack
3 5 8 10 12 5 8 10 12 12 12 12 14
Spectre-PHT
3 6 9 10 13 6 9 10 13 13 13 13 14
Spectre-BTB
3 7 9 11 7 9 11 14
Spectre-RSB
4 9 11 9 11 14
Spectre-STL

3 6 10 13
[Munday, 2020] [Lu, 2018] [Jiang, 2018] [Carruth, 2018a]
4 7 11 14
[Randall, 2020] [Biener, 2018] [Viet H Intel, 2020] [Bacarella, 2020]
5 8 12
[GCC.GNU.ORG, 2020] [Pardoe, 2018] [Carruth, 2020]

Table 3: Managed programming languages and their compilers and which Spectre variants they can mitigate
based on the available documentation and direct responses from compilers’ developers. Symbols show whether
Spectre mitigations are available based on the documentation ( ), available but partially effective based on the
documentation ( ), not available based on the documentation ( ) or communication with developers ( ), or it
was unclear whether there are any mitigations available ( ).

n)
ru
8) Sc y)

(P yth ipt

in ml
Ja Mon t

pt

Ty ) t
(V va ke
r p

pt
a p
(O ava K)

tl ca
de ri

r
ri

kr ri

ri

Sc
J K)

OC n)
J JD

Ja M)

Ko /o
pi Sc

yP on

Py n
e
ha Sc

o
Sc

ee

ur

vy
ca l
D

o
ir
e

c
(S va

(C th
(O ava

(G ava

(C va

(o am
nJ

y)

th
a
cl

al

ml
pe

ff

oj

oo
rt

al

ix
PLs

Py
Ja
pe
ra

ra

P
Co

Cl

Gr
J
Da

C#

Sc

El
Attack
15 16 17 18 ,19 20 22 23 24 25 26 27 28 29
Spectre-PHT
15 16 18 ,19 20 ,21 22 23 24 25 26 27 28 29
Spectre-BTB
15 16 23 24 25 26 27 28 29
Spectre-RSB
15 16 21 23 24 25 26 27 28 29
Spectre-STL

15 19 24
[Oracle, 2021] [de Mooij, 2019] [Tur, 2020]
16 20 25
[Gross, 2019] [Chromium Project, 2018] [Malak and nilskp, 2018]
17 21 27
[Oracle, 2020] [Mcilroy et al., 2019] [Bacarella, 2020]
18 22
[Wagner, 2018] [Microsoft, 2018]

Threat Model. One of the main tasks of Speconnector is to

Speconnector demonstrates that an attack is
possible under a regular Spectre attack threat
model: The attacker is a co-located program run-
ning under the same operating system and is able
to execute arbitrary code on the victim machine.
The victim code has an interface that we can in-
teract with, e.g., a local API or local server can
be a potential target code. Whether an attack is
possible under this threat model only depends on
whether the victim leaks. Therefore, we focus on
the illegal data leakage and use Speconnector to
measure and evaluate the victim leakage. While
this shows that an attack is possible, crafting a
concrete end-to-end exploit for each language re-
quires further engineering steps.
Algorithm.
establish shared memory between itself and the
victim application. Hence, the target applica-
tion first allocates 256 pages of memory and fills
it with a known magic value while Speconnector
also allocates the same amount of memory in its
own address space, i.e., the lookup table. Then,
Speconnector uses the /proc/[pid]/mem file of
the victim to scan for the pages that contain
the magic value. Once it finds them, Specon-
nector uses the the publicly available PTEditor
[Schwarz et al., 2018] to set the victim pages page
frame numbers to the page frame numbers of its
own lookup table, to establish shared memory be-
tween the two processes. As a result, any vic-
tim access to one of the now shared pages re-
sults in a cache hit when Speconnector performs
Flush+Reload to distinguish between cached and
uncached memory.
The advantage of this approach is simplicity:
instead re-implementing cache attacks in all pro-
gramming languages, we can rely on a well under-
stood primitive written in C, e.g., Flush+Reload.
For the analysis, the only part that needs to be
done in the victim is to implement a victim gad-
get and to allocate 256 pages and fill them with
the known magic value.
5 ATTACK FEASIBILITY BY
LANGUAGE AND RUNTIME
In this section, we present the results of using
Speconnector to determine whether we can es-
tablish a covert channel and exploit speculative
execution in our set of selected programming lan-
guages and their execution environments. To
investigate the potential vulnerabilities, we first
evaluate each compiler/interpreter to determine
whether we can establish a covert channel. Such
a covert channel is a necessary building block for
Spectre attacks as it gives the attacker the capa-
bility of bringing secret data from the microarchi-
tectural state to the architectural level. To deter-
mine whether we can establish a covert channel,
Speconnector establishes shared memory between
itself and the victim application. The victim
then accesses the shared lookup table in a known
pattern which Speconnector tries to reconstruct.
If Speconnector cannot reconstruct the pattern,
then it is not possible to establish a covert chan-
nel. One potential reason for that can be that the
target language uses a different memory layout
than C. Then, we evaluate each compiler/inter-
preter to determine whether we can exploit spec-
ulative execution by adding a gadget, mistrain-
ing the victim, and using Speconnector to leak
the victim’s secret data. Because of the nature
of the vulnerability and the attack, while a pos-
itive result for an execution environment in the
experiments shows that the corresponding execu-
tion environment is vulnerable and exploitable, a
negative result does not guarantee the absence of
the vulnerability nor the exploitability.
The experiments were run using different ma-
chines for different programming languages and
their execution environments. We listed the
CPU, the operating system, and the execution
environment version for each language and its
compiler/interpreter in Table 5 in Appendix A.
Table 4 shows the results of our analysis. For
completeness, we performed the experiments on
the execution environments listed, even if they
were very similar, e.g., the both were using JVM
in their compilation. The reasoning behind this,
is that the construct of each language in its ex-
ecution environment should be protected against
different Spectre variants as well as the composi-
tion of different constructs, as certain mitigations,
e.g., for Spectre-PHT, can only be implemented
on the language level. Therefore, we need to take
a look at the problem at the language level.
We now discuss the results in the previously
outlined categories of interpreted, compiled, and
managed languages individually.
Interpreted Languages. Using the approach
discussed, we evaluate all our interpreted lan-
guages. During this analysis, we were able to ex-
ploit Perl’s interpreter, successfully demonstrat-
ing a covert channel and leaking data using a
Spectre attack. The Perl interpreter does not pro-
vide any mitigations (cf. Section 3), making it
infeasible to protect an application against such
attacks. Out of the 9 interpreters we analyzed (cf.
Table 4), only the Perl interpreter was vulnerable
to both establishing a covert channel and a Spec-
tre attack. A potential explanation is that the
speculation window might have been too small for
the other interpreters to fit the attack in it. In
the remaining 8 interpreters, we were still able to
establish a cache covert channel in 5 of them even
though we were not able to exploit them with a
Spectre attack. We were not able to establish a
covert channel in TSQL, Shell (bash) and Vim
script. However, this does not mean that these
interpreters are safe against Spectre attacks nor
against establishing a covert channel. In total, we
were able to establish a covert channel in 67 % and
exploit 11 % of the analyzed interpreters.
Compiled Languages. In our analysis of covert
channels in compiled languages, we were able to
establish a covert channel in 14 out of 15 (93 %) of
the analyzed combinations of languages and com-
pilers. 12 out of the 15 (80 %) compilers generate
code that is vulnerable against a Spectre attack.
This includes languages and compilers that have
been known to be vulnerable but also ones that
have so far not been analyzed. One example for
such a never before analyzed language and com-
piler is OCaml with the ocamlopt compiler where
we were able to demonstrate both a covert chan-
nel and a Spectre attack. While we were able to
establish a covert channel in Swift (LLVM) and
Haskell (GHC), we were not able to exploit them
using a Spectre attack. Compilers annotated with
Table 4: Programming languages and their compilers/interpreters and the result whether they are vulnerable
to at least one variant of Spectre attack in practice. The first row (depends on settings) shows if compilers/in-
terpreters are not vulnerable (⋆) or are vulnerable (-) if the existing best practices for them are followed.

(ocamlc/ocamlrun)
OCaml (ocamlopt)

Java (OracleJDK)

Python (CPython)
JavaScript (V8)
Java (OpenJDK)
Java (GraalVM)

(SpiderMonkey)
Haskell (GHC)

Python (PyPy)
Swift (LLVM)

CoffeeScript

Shell (Bash)
C++ (Intel)

Rust (LLVM)

Objective-C
C++ (LLVM)

JavaScript

JavaScript

TypeScript

Emacs Lisp
Ruby (MRI)

PowerShell

Vim script
C++ (GCC)

C (Intel)
C++ (MS)

C (LLVM)

(Chakra)
C (GCC)

Clojure
C (MS)

(LLVM)

Elixir

Kotlin
Groovy

(pwsh)
Scala

OCaml
Dart

Perl

TSQL
PHP

Lua
PLs
Go

DM

C#
Attack
Depends on setting ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ - ⋆ - - - - - ⋆ ⋆ ⋆ ⋆ - - - - - - - - - - - - - - - - - - - -
Covert Channel ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✗ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✗ ✓ ✓ ✗✓ ✗
Spectre Attack ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✗ ✗ ✓ ✗ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✗ ✓ ✓ ✗ ✗ ✗ ✓ ✓ ✓ ✗ ✗ ✗ ✗ ✓ ✗ ✗ ✗ ✗

a * in Table 4 are not exploitable or at least less
vulnerable in case the available mitigations are
used and best practices are followed.
Managed Languages. For managed languages,
we were able to demonstrate a functioning covert
channel in all 18 cases (100 %). Out of the 18 lan-
guage and compiler combinations, we were able
to demonstrate a Spectre attack in 14 (78 %)
of them. This includes Dart, Java, C#, Scala
Groovy, Kotlin and OCaml (ocamlc/ocamlrun),
which were so far not known to be vulnerable,
i.e., no Spectre attack on these has been demon-
strated before. Similar as to compiled languages,
there are several instances, again marked with a
* in Table 4, where the usage of the available mit-
igations and following the best practices removes
or at least reduces the impact of the vulnerability.
Our investigation of all three language cate-
gories provides several interesting insights. First,
contrary to interpreted and compiled languages,
we were able to establish a covert channel in
all analyzed managed languages and compilers,
while in the others there was at least one where
we were not able to establish a covert channel.
Second, compilers for compiled languages are the
most vulnerable to Spectre attacks if mitigations
are not used and best practices are not followed.
Third, in all three categories, we were able to
extract data using a Spectre attack in at least
one instance. This further highlights that many
languages and their respective compilers/inter-
preters have not considered Spectre attacks even
3 years after they were introduced to the public.
6 CASE STUDIES
In this section, we present two case studies, each
using one of the vulnerable programming lan-
guages taken from Table 4. For both, we demon-
strate how a Spectre attack can be used to leak
secret information from real-world libraries. Fur-
thermore, we argue that a mitigation at the com-
piler level prevents our attacks.
6.1 Alice - Java
In our first case study, we investigate Alice 8 , a
crypto library written in Java which provides en-
cryption/decryption with AES of byte arrays and
files. Alice supports different key sizes, block
modes and padding schemes. Our goal is to find
and exploit speculative execution vulnerabilities
to leak the secret key which is being used to en-
crypt/decrypt the plaintext in Alice encryption
and decryption methods.
We first performed an in-depth assessment of
this library and the way that it should be used.
The library contains three main Java classes.
Class Alice which is the main API in the li-
brary for encryption purposes. Class AliceCon-
text which provides the context to be passed to
class Alice to create a new object of it. And class
AliceContextBuilder which is used to build the
context. More information about Alice library is
provided on their publicly available documents.
Our attack uses three Java classes, Main, Enc
and Victim. The Main class is responsible for
starting two threads on the same physical core,
one uses Enc while the other uses Victim. Enc
creates an instance of an unmodified Alice and
performs the encryption using the context gen-
erated by AliceContextBuilder and the password
stored within Enc. Our Victim class contains an
index gadget (cf. Figure 1) mistrained and used
by the attacker to leak the secret information.
As a first step in our attack, our Main class
starts both the encryption and the victim con-
taining the gadget. Once this is done, we use
8
https://rockaport.github.io/alice/
Speconnector (cf. Section 4) simply to ease the
exploitation, but note that extracting the data is
also possible directly in Java. Speconnector es-
tablishes a shared memory with the victim by
allocating 256 pages and filling them with the
known magic value. The victim is mistrained
to perform the speculative out-of-bounds access
which causes a secret-dependent cache access on
our shared memory. To extract the password
stored in Enc, Speconnector constantly performs
Flush+Reload on the memory shared with the
victim. As OpenJDK does not contain any Spec-
tre mitigations (cf. Table 3), Speconnector can
successfully extract the password, compromising
the whole encryption system.
6.2 cryptokit - OCaml
Our second case study performs a thorough anal-
ysis of cryptokit [Leroy, 2020], a widely used
OCaml crypto library. As Tables 2 and 3 show,
the documentation of OCaml already indicates
that no mitigations are available against Spectre
attacks. It is an important case study, as so far
OCaml has not been shown to be affected.
In this analysis, we encountered several factors
that complicate the analysis. First, OCaml can
be either compiled into native machine code using
the ocamlopt compiler, or it can be compiled into
bytecode using the ocamlc compiler, which is then
executed by the ocamlrun runtime. Depending on
the compiler being used, it can either be regarded
as a compiled or a managed language. Second,
the environment is important as well since some
gadgets show themselves only in some particu-
lar configurations. For example, while we could
not cause any data leakage with our Spectre in-
dex gadget when using the ocamlc bytecode com-
piler and the ocamlrun runtime on an older In-
tel Core2Duo T9600 CPU, the exact same gad-
get worked well when run on a more modern In-
tel Core I7-6700K CPU. When compiled to na-
tive code using the ocamlopt compiler, the same
source code produces a gadget that works on both
machines. For best reproducibility, we therefore
only used the ocamlopt native compiler in the fol-
lowing case study.
The cryptokit library implements a variety
of cryptographic primitives for use in security-
sensitive applications, including symmetric-key
ciphers, public-key cryptography, and hash func-
tions. Our manual analysis has not shown an
exploitable Spectre gadget within the library it-
self, but the possibility exists that the applica-
tion that uses it leaks the sensitive data pro-
cessed by the library by executing a gadget while
this data is directly used or parts of it remain in
memory. For example, cryptokit has a function
transform_string t s, which applies the given
transform object t to the given string s. The
transform object itself describes the desired cryp-
tographic action, including its parameters. For
AES encryption, these include the key and the
initialization vector (IV). After the transforma-
tion, the internal state of the transform object t
is wiped, but this does not include the key and
the IV. Furthermore, the string s is not wiped,
either. The reason is that, in OCaml, strings are
passed by reference across function calls. This
makes it unsafe for the library function to over-
write these strings as the calling code might still
need them. Therefore, the application itself is re-
sponsible for wiping the key, the IV and the plain-
text. However, it is worth noting that a direct
hint about this is missing in the current documen-
tation (version 1.16.1) of the library [Leroy, 2020]
even though it offers a function wipe_string s
for this purpose. Furthermore, the official OCaml
documentation even states that strings should be
treated as being immutable and advises against
overwriting them [Leroy et al., 2020].
To verify and substantiate this finding, we
performed the following experiment. Follow-
ing a best-practice example of using cryptokit,
we wrote a proof-of-concept application that en-
crypts user-provided plaintext. Similar to the
Java case study in the previous section, we al-
locate 256 contiguous pages using OCaml’s Ar-
ray1 module and fill them with the known magic
value. Then we add a Spectre gadget to the ap-
plication. Using that gadget to perform specula-
tive out-of-bounds accesses on a string and con-
necting Speconnector to it, we were able to suc-
cessfully reconstruct the original plaintext after
encrypting it and after the last reference to the
plaintext went out of scope. To find the actual lo-
cation of the plaintext in memory, we computed
the required offset for the out-of-bounds access
in the proof-of-concept application itself. This
showed that the offset is the same each time the
program is run, making it predictable for the at-
tacker. Obtaining the key or the IV instead of
the plaintext should also be possible using the
same approach. By this, we show that an OCaml
application can leak sensitive data via transient
execution side-channels as long as that data is in
memory. As neither the native compiler (ocam-
lopt) nor the bytecode compiler (ocamlopt) and
runtime (ocamlrun) provide any form of mitiga-
tions, it is the task of the application developer to
ensure that no Spectre gadget is executed while
sensitive data resides in memory. To wipe sensi-
tive data from memory, the programmer has to
overwrite strings which are otherwise considered
to be immutable by the language.
Furthermore, sensitive data can also remain
in internal input or output buffers, which can-
not be overwritten by the application developer.
For example, to read files, OCaml uses channel
objects, which are buffered [OCAML.ORG, 2021]
yet provide no means of wiping that buffer
[Leroy et al., 2020]. We verified that sensitive
data can indeed be leaked from such buffers by
modifying our experiment to leak the data di-
rectly from the input buffer of the standard in-
put channel. Again, we computed the offset for
the out-of-bounds access in the victim. We ob-
served that Address Space Layout Randomiza-
tion (ASLR) leads to different offsets each time
the program is run, because the channel buffer
is stored in another memory mapping than the
OCaml strings. However, the offset of the buffer
within its memory mapping itself is constant.
Turning off ASLR results in a constant offset be-
tween the OCaml string and the channel buffer.
In conclusion, sensitive data might live longer
in memory than the developer might expect and,
therefore, also be susceptible to Spectre attacks
for quite a long time. Hence, it is imperative that
OCaml provides ways for a developer to either
reliably remove data from sensitive buffers or to
hinder transient execution at all.
7 CONCLUSION
We presented a systematic analysis of different
programming languages and their respective com-
pilers/interpreters against Spectre attacks. Our
analysis uncovered Spectre attacks in 16 differ-
ent programming languages with 8 of them not
investigated so far and not known to be vulner-
able. We also demonstrated practical proof-of-
concept attacks and evaluated their applicability
to these programming languages and their respec-
tive execution environments. With Speconnector,
we presented a novel approach and tool that can
be used to quickly verify whether a programming
language and execution environment is vulnera-
ble to Spectre attacks. We further presented two
case studies of real world libraries in two different
programming languages, demonstrating that they
are susceptible to Spectre attacks. Our results in-
dicate that it is necessary to do more research into
mitigations that target a wide range of program-
ming languages and execution environments.
REFERENCES
[Bacarella, 2020] Bacarella, M. (2020). Spectre miti-
gations in ocaml compiler?!
[Bhattacharyya et al., 2019] Bhattacharyya, A.,
Sandulescu, A., Neugschwandt ner, M., Sorniotti,
A., Falsafi, B., Payer, M., and Kurmus, A. (2019).
SMoTherSpectre: exploiting speculative execution
through port contention. In CCS.
[Biener, 2018] Biener, R. (2018). GCC 7.3 released.
[Canella et al., 2020a] Canella, C., Khasawneh,
K. N., and Gruss, D. (2020a). The Evolution of
Transient-Execution Attacks. In GLSVLSI.
[Canella et al., 2020b] Canella, C., Pudukotai Di-
nakarrao, S. M., Gruss, D., and Khasawneh, K. N.
(2020b). Evolution of Defenses against Transient-
Execution Attacks. In GLSVLSI.
[Canella et al., 2019] Canella, C., Van Bulck, J.,
Schwarz, M., Lipp, M., von Berg, B., Ortner, P.,
Piessens, F., Evtyushkin, D., and Gruss, D. (2019).
A Systematic Evaluation of Transient Execution
Attacks and Defenses. In USENIX Security Sym-
posium. Extended classification tree and PoCs at
https://transient.fail/.
[Carruth, 2018a] Carruth, C. (2018a).
[Carruth, 2018b] Carruth, C. (2018b). RFC: Specu-
lative Load Hardening (a Spectre variant #1 miti-
gation).
[Carruth, 2020] Carruth, C. (2020). Speculative load
hardening.
[Chládek, 2020] Chládek, J. (2020). rust-spectre.
[Chromium Project, 2018] Chromium Project
(2018). Mitigating Side-Channel Attacks.
[de Mooij, 2019] de Mooij, J. (2019). [Meta] Spectre
JIT mitigations.
[Duete, 2018] Duete, L. (2018). spectre-go.
[Evtyushkin et al., 2016] Evtyushkin, D., Pono-
marev, D., and Abu-Ghazaleh, N. (2016). Jump
over ASLR: Attacking branch predictors to bypass
ASLR. In MICRO.
[Fustos et al., 2019] Fustos, J., Farshchi, F., and
Yun, H. (2019). SpectreGuard: An Efficient Data-
centric Defense Mechanism against Spectre At-
tacks. In DAC.
[GCC.GNU.ORG, 2020] GCC.GNU.ORG (2020).
Other built-in functions provided by gcc.
[Ge et al., 2016] Ge, Q., Yarom, Y., Cock, D., and
Heiser, G. (2016). A Survey of Microarchitectural
 Timing Attacks and Countermeasures on Contem-
porary Hardware. Journal of Cryptographic Engi-
neering.
[Gross, 2019] Gross, A. (2019). Java and speculative
execution vulnerabilities.
[Horn, 2018] Horn, J. (2018). speculative execution,
variant 4: speculative store bypass.
[Jiang, 2018] Jiang, J. L. (2018). Using intel®
compilers to mitigate speculative execution side-
channel issues.
[Khasawneh et al., 2019] Khasawneh, K. N., Ko-
ruyeh, E. M., Song, C., Evtyushkin, D., Pono-
marev, D., and Abu-Ghazaleh, N. (2019). Safe-
Spec: Banishing the Spectre of a Meltdown with
Leakage-Free Speculation. In DAC.
[Kiriansky et al., 2018] Kiriansky, V., Lebedev, I.,
Amarasinghe, S., Devadas, S., and Emer, J. (2018).
DAWG: A Defense Against Cache Timing Attacks
in Speculative Execution Processors. In MICRO.
[Kocher et al., 2019] Kocher, P., Horn, J., Fogh, A.,
Genkin, D., Gruss, D., Haas, W., Hamburg, M.,
Lipp, M., Mangard, S., Prescher, T., Schwarz, M.,
and Yarom, Y. (2019). Spectre Attacks: Exploiting
Speculative Execution. In S&P.
[Kocher, 1996] Kocher, P. C. (1996). Timing Attacks
on Implementations of Diffe-Hellman, RSA, DSS,
and Other Systems. In CRYPTO.
[Koruyeh et al., 2018] Koruyeh, E. M., Khasawneh,
K., Song, C., and Abu-Ghazaleh, N. (2018). Spec-
tre Returns! Speculation Attacks using the Return
Stack Buffer. In WOOT.
[Lattner and Adve, 2004] Lattner, C. and Adve,
V. S. (2004). LLVM: A compilation framework
for lifelong program analysis & transformation. In
IEEE / ACM International Symposium on Code
Generation and Optimization – CGO.
[Lee et al., 2017] Lee, S., Shih, M., Gera, P., Kim,
T., Kim, H., and Peinado, M. (2017). Inferring
Fine-grained Control Flow Inside SGX Enclaves
with Branch Shadowing. In USENIX Security
Symposium.
[Leroy, 2020] Leroy, X. (2020). cryptokit/cryp-
tokit.mli at release1161.
[Leroy et al., 2020] Leroy, X., Doligez, D., Frisch, A.,
Garrigue, J., Rémy, D., and Vouillon, J. (2020).
The OCaml system release 4.11 – Documentation
and user’s manual.
[Lipp et al., 2018] Lipp, M., Schwarz, M., Gruss, D.,
Prescher, T., Haas, W., Fogh, A., Horn, J., Man-
gard, S., Kocher, P., Genkin, D., Yarom, Y., and
Hamburg, M. (2018). Meltdown: Reading Kernel
Memory from User Space. In USENIX Security
Symposium.
[Lu, 2018] Lu, H. (2018). x86: Cve-2017-5715, aka
spectre.
[Maisuradze and Rossow, 2018] Maisuradze, G. and
Rossow, C. (2018). ret2spec: Speculative Execu-
tion Using Return Stack Buffers. In CCS.
[Malak and nilskp, 2018] Malak, M. and nilskp
(2018). Meltdown/spectre.
[Mcilroy et al., 2019] Mcilroy, R., Sevcik, J., Tebbi,
T., Titzer, B. L., and Verwaest, T. (2019). Spectre
is here to stay: An analysis of side-channels and
speculative execution. arXiv:1902.05178.
[Microsoft, 2018] Microsoft (2018). Mitigating spec-
ulative execution side-channel attacks in Microsoft
Edge and Internet Explorer.
[Mittal, 2018] Mittal, S. (2018). A Survey of
Techniques for Dynamic Branch Prediction.
arxiv:1804.00261.
[Munday, 2020] Munday, M. (2020). consider extend-
ing ’-spectre’ option to other architectures.
[OCAML.ORG, 2021] OCAML.ORG (2021). File
manipulation.
[Oleksenko et al., 2018] Oleksenko, O., Trach, B.,
Reiher, T., Silberstein, M., and Fetzer, C. (2018).
You Shall Not Bypass: Employing data de-
pendencies to prevent Bounds Check Bypass.
arXiv:1805.08506.
[Oracle, 2020] Oracle (2020). Oracle graalvm enter-
prise edition 20 guide.
[Oracle, 2021] Oracle (2021). Oracle JVM Security
Enhancements.
[Palit et al., 2019] Palit, T., Monrose, F., and Poly-
chronakis, M. (2019). Mitigating data leakage by
protecting memory-resident sensitive data. In AC-
SAC.
[Pardoe, 2018] Pardoe, A. (2018). Spectre mitiga-
tions in msvc.
[Pizlo, 2018] Pizlo, F. (2018). What Spectre and
Meltdown mean for WebKit.
[Randall, 2020] Randall, K. (2020). consider extend-
ing ’-spectre’ option to other architectures.
[Schwarz et al., 2018] Schwarz, M., Lipp, M., and
Canella, C. (2018). misc0110/PTEditor: A small
library to modify all page-table levels of all pro-
cesses from user space for x86 64 and ARMv8.
[Schwarz et al., 2020] Schwarz, M., Lipp, M.,
Canella, C., Schilling, R., Kargl, F., and Gruss,
D. (2020). ConTExT: A Generic Approach for
Mitigating Spectre. In NDSS.
[support, 2020] support, M. (2020). Kb4073225 - sql
server guidance to protect against spectre, melt-
down and micro-architectural data sampling vul-
nerabilities.
[Tomasulo, 1967] Tomasulo, R. M. (1967). An effi-
cient algorithm for exploiting multiple arithmetic
units. IBM Journal of research and Development,
11(1):25–33.
[Tur, 2020] Tur, J. (2020). Consider porting inter-
locked.speculationbarrier() from .net 4.8.
[Viet H Intel, 2020] Viet H Intel (2020). Spectre
mitigations in intel c++ compiler.
[Wagner, 2018] Wagner, L. (2018). Mitigations land-
ing for new class of timing attack.
[Yan et al., 2018] Yan, M., Choi, J., Skarlatos, D.,
Morrison, A., Fletcher, C. W., and Torrellas, J.
(2018). InvisiSpec: Making Speculative Execution
Invisible in the Cache Hierarchy. In MICRO.
A EXPERIMENT SETUP
Table 5 summarizes the setups of our experiments.
Table 5: Programming languages and their compilers/interpreters and the CPU, operating system, and the
execution environment which we used for our experiments. The first row (source of attack) shows if we have
performed the attack ( ), we have not tried but other have done it ( ), we were not able to perform the attack
( ). The next row (depends on settings) shows if compilers/interpreters are not vulnerable (⋆) or are vulnerable
(-) if the existing best practices for them are followed. A checkmark (✓) shows that it was used for an experiment
while a dash (-) indicates that the respective language was not tested on this CPU or OS. For the execution
environment, the dash (-) indicates that it does not apply to the respective language and compiler/interpreter.

(ocamlc/ocamlrun)
OCaml (ocamlopt)

Java (OracleJDK)

Python (CPython)
JavaScript (V8)
Java (OpenJDK)
Java (GraalVM)

(SpiderMonkey)
Haskell (GHC)

Python (PyPy)
Swift (LLVM)

CoffeeScript

Shell (Bash)
C++ (Intel)

Rust (LLVM)

Objective-C
C++ (LLVM)

JavaScript

JavaScript

TypeScript

Emacs Lisp
Ruby (MRI)

PowerShell

Vim script
C++ (GCC)

C (Intel)
C++ (MS)

C (LLVM)

(Chakra)
C (GCC)

Clojure
C (MS)

Kotlin

Groovy

(LLVM)

Elixir

(pwsh)
Scala

OCaml
Dart

Perl

TSQL
PHP

Lua
PLs
Go

DM

C#
Attack
Source of attack
Depends on setting ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ ⋆ - ⋆ - - ⋆ - - - - - ⋆ ⋆ ⋆ ⋆ - - - - - - - - - - - - - - - - - -
i7-2630QM - ✓ - - - ✓ - - - - ✓ - ✓ - - ✓ - - ✓✓✓ - - - - - - - ✓ - ✓ - - - - - - ✓ - - - -
CPU

i5-6200U - ✓ - ✓ ✓ ✓ - ✓ ✓ - ✓ - ✓ - ✓ ✓ - - ✓✓✓ - - - - - - - ✓ - ✓ - - - - - - - - ✓ - -
i7-6700K - - - - - - - - - - - ✓ - - - - ✓✓ - - - - - - - - ✓ - - ✓ - ✓ ✓ ✓ ✓✓✓ - - - ✓✓
Xeon Silver 4208 - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - - - - - ✓ - - -
Ubuntu 20.4 LTS - ✓ - ✓ ✓ ✓ - ✓ ✓ - ✓ ✓ ✓ - ✓ ✓✓✓✓✓✓ - - - - - ✓ ✓✓✓ ✓ ✓ ✓ ✓ ✓✓✓✓ ✓ ✓✓✓
OS

gcc 9.3.0 - ✓ - - - ✓ - - - - - - - - ✓ - - - - - - - - - - - - - - - - - - - - - - - - - - -
IntelCompiler 2021.1.2 - - - ✓ - - - ✓ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
clang 12.0.0 - - - - ✓ - - - ✓ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
kotlinc-jvm 1.4.20 (JRE 11.0.9.1) - - - - - - - - - - ✓ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Swift 5.3.1 - - - - - - - - - - - ✓ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Groovy 3.0.4 - - - - - - - - - - - - ✓ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
GHC 8.6.5 - - - - - - - - - - - - - - - ✓ - - - - - - - - - - - - - - - - - - - - - - - - - -
ocamlopt 4.08.1 - - - - - - - - - - - - - - - - ✓ - - - - - - - - - - - - - - - - - - - - - - - - -
Dart SDK version: 2.10.5 (stable) - - - - - - - - - - - - - - - - - ✓ - - - - - - - - - - - - - - - - - - - - - - - -
JAVA 11.0.9 - - - - - - - - - - - - - - - - - - ✓✓ - - - - - - - - - - - - - - - - - - - - - -
GRAALVM 20.3.0 - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - - - - - - - - - - - - - - - -
Environment

PyPy 7.3.1 - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - - - - - - - - - -
.Net Core (dotnet) 5.0.100 - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - - - - - - - - -
Scala 2.13.4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - - - - - - - -
Elixir - IEx 1.9.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - - - - - - -
Clojure 1.10.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - - - - - -
CPython 3.8.2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - - - - -
ocamlc/ocamlrun 4.08.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - - - -
GNU Emacs 26.3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - - -
ruby 2.7.0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - - -
PHP 7.4.3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - - -
bash 5.0.17(1)-release - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - - -
perl v5.30.0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - - -
PowerShell 7.1.0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - - -
SQL Server Command Line Tool Version 17.6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ - -
Lua 5.4.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓ -
vim 8.1-2269 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ✓