There is, of course, also the question what would happen on nonintel or
older machines if they don't have those ENDBR64 or ENDBR32
instructions in the hardware.
I read somewhere that those instructions look like no-ops on older machines.
The `endbr64` is encoded as `f3 0f 1e fa` which [1] is a hintable [2] opcode prefixed with `repz`, e.g., something like ` repz nop %edx`. Though theoretically `0f 1e fa` should be considered as a nop
by most more or less modern CPU it is not really guaranteed, so whether it will work on old AMD/Cyrix/etc is a big question (I bet no). Not to say that the `f3` prefix complicates things even more.
The truth is that the introduction of `endrbr` actually broke most of the code analyzers and emulators, e.g., LLVM, QEMU, Valgrind to name a few.
(Such as, perhaps, an actual AMD-manufactured AMD64? Like my
10-year-old AMD server?)
Do we now have two distinct platforms to support?
It could be a configure-time choice. I wouldn't call that two distinct platforms, more like two variants of the same platform.
Just speculating here. All this needs to be discussed and agreed on, of course.
- Xavier Leroy
-- hendrik
>
>
> >
> > There's also some stuff with shadow stacks which looks a lot more
> > complicated and I didn't fully understand. The whole thing is
> > described in:
> >
> >
> > https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
> > https://lwn.net/Articles/758245/
> >
> >
> I don't understand how these shadow stacks are supposed to interact with
> exception handling, either Caml-style or C++/Java style.
>
They are not supposed to. C++ exceptions, setjmp/longjmp, signal handlers, etc are not covered by this technology. So the compiler should be clever enough no to enable shadow stack if any of these features are used.
> Kind regards,
>
> - Xavier Leroy
>
>
> > Unfortunately (but for obvious reasons) every asm object in a program
> > must be compiled with CET in order to enable the feature for the
> > program as a whole. This means that any mixed OCaml/C program can't
> > benefit from CET even in the C parts, unless we also support this in
> > the OCaml parts.
> >
> > Has anyone looked into supporting this kind of thing in the amd64
> > backend?
> >
> > (I looked at the OCaml trunk and couldn't see any relevant commits,
> > but maybe I missed something in my grepping).
> >
> > Rich.
> >