Skip to content

Glossary

APRR / SPRR

Apple Silicon's hardware mechanism for changing a page's effective permissions per-thread by writing a register — no TLB shootdown required. Foundation of fast JIT on Macs.

APRR (Apple Protection Register Remapping, M1) and its successor SPRR (System Protection Register Remapping, M2+) are hardware features that let the CPU change a page's effective permissions on the fly, per-thread, by writing a control register. No page-table change, no TLB shootdown.

This makes JIT engines fast on Apple Silicon. A typical W^X transition on Intel costs a TLB shootdown across every core — measurable as microseconds of pause. On Apple Silicon, the same transition is a register write, a few cycles.

How it works, simplified:

  • A JIT page is mapped with a special permission group identifier (PGID).
  • Two banks of permissions exist for that PGID — one read+execute, one read+write.
  • The thread switches which bank is active by writing the APRR/SPRR control register.
  • The MMU consults the active bank on every access; no TLB flush needed.
apple-oss-distributions/xnuosfmk/arm/pmap.cSearch for APRR / SPRR — XNU's interface to the hardware permission switching.View on GitHub(line )

Users: JavaScriptCore in Safari, Rosetta 2's translation cache, WebKit content processes, any app with com.apple.security.cs.allow-jit and a JIT engine.

See also: pmap, Rosetta 2, the Apple Silicon article.