[reitzensteinm]

No, I mean specifically if you're building your own CPUs and can add instructions. You add the ability to set a hardware mask that all values are passed through before they're used as addresses for loads and stores including speculation. Loads and stores that fall outside the masked region will simply wrap around.

In your JIT, you enter and leave this mode before and after running user code to ensure it can't escape its region.

This would be a lot of work to pull off and would require custom hardware and software, but (at least as far as I can tell) it should work.

[gpderetta]

This is basically segments. It would work as long as your implementation doesn't have Meltdown-like vulnerabilities, i.e. speculation past hardware enforcend protection. We know it can be done because there are high performance CPUs which are not vulnerable to Meltdown.