[staticassertion]

I'm certainly curious to see how in-process sandboxing plays out with Spectre. Even the process boundary sometimes doesn't feel like enough, heavy handed as it may be. I wonder if there's a way to prove the absence of side channels by encoding side effects more directly and ensuring that those side effects never propagate across a boundary. The problem would probably be enumerating them... and then idk, everything has side effects to some degree, "the value was read, which caused a L cache line to flush" I guess it's probably not tractable.

I kind of, vaguely loosely, feel like running multiple 'workers' within a single process is just not a reasonable goal. Ultimately if you have a multi-tenant requirement you should be using separate processes and pinning them to separate physical CPUs, and hope that that is enough. Not to discourage this, I can't wait to look back in a decade and see how this all has changed.

edit: Also, there are other use cases. Like, maybe I'm a single tenant and I'm deploying multiple workers to a single VM. I trust myself, but it would still be nice to have it be hard for those boundaries to be violated - driving up the cost is sane.

It also sort of reminds me of the Sysiphean task of removing ROP gadgets from the Linux kernel.