I thought about your new builtin again, and I wonder if something like that might work as well?
cat despec.s .arch armv7-a .eabi_attribute 28, 1 .eabi_attribute 20, 1 .eabi_attribute 21, 1 .eabi_attribute 23, 3 .eabi_attribute 24, 1 .eabi_attribute 25, 1 .eabi_attribute 26, 2 .eabi_attribute 30, 4 .eabi_attribute 34, 1 .eabi_attribute 18, 4 .section .text.startup,"ax",%progbits .align 2 .global despec_i .syntax unified .arm .fpu vfpv3-d16 despec_i: cmp r0,#0 beq L0 ldr r0,[r1] moveq r0,r2 nop {0x14} @ CSDB str r0,[r1] mov r0,#1 bx lr L0: mov r0,#0 bx lr cat test.c extern int despec_i(int predicate, int *untrusted, int fallback); #define N 8 int a[N] = {1,2,3,4,5,7,8,9}; int a2[0x200]; int test(int untrust) { int x = 0; if (despec_i(untrust >= 0 && untrust < N, &untrust, 0)) { int v = a[untrust] & 0x1 ? 0x100 : 0x0; x = a2[v]; } return x; } So this should feed the predicate through the builtin, and clear the untrusted value when the condition has been been mis-predicted. Wouldn't that be more flexible to use? Or am I missing something? As a side note: I noticed that "nop {0x14}" seems to produce the correct assembler opcode without the need for using a .insn code. Bernd.