On Wed, Jul 31, 2019 at 11:21 AM Xavier Leroy <xavier.leroy@college-de-france.fr> wrote:
On Wed, Jul 31, 2019 at 4:20 PM Hendrik Boom <hendrik@topoi.pooq.com> wrote:

There is, of course, also the question what would happen on nonintel or
older  machines if they don't have those ENDBR64 or ENDBR32
instructions in the hardware.

I read somewhere that those instructions look like no-ops on older machines.

The `endbr64` is encoded as `f3 0f 1e fa` which [1] is a hintable [2] opcode prefixed with `repz`, e.g., something like ` repz nop %edx`. Though theoretically `0f 1e fa` should be considered as a nop
by most more or less modern CPU it is not really guaranteed, so whether it will work on old AMD/Cyrix/etc is a big question (I bet no). Not to say that the `f3` prefix complicates things even more. 
The truth is that the introduction of `endrbr` actually broke most of the code analyzers and emulators, e.g., LLVM, QEMU, Valgrind to name a few. 


[1]: http://ref.x86asm.net/geek.html#x0F1E
[2]: http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=/netahtml/PTO/search-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN/5701442
 

(Such as, perhaps, an actual AMD-manufactured AMD64?  Like my
10-year-old AMD server?)

Do we now have two distinct platforms to support?

It could be a configure-time choice.  I wouldn't call that two distinct platforms, more like two variants of the same platform. 

Just speculating here.  All this needs to be discussed and agreed on, of course.

- Xavier Leroy


-- hendrik

>
>
> >
> > There's also some stuff with shadow stacks which looks a lot more
> > complicated and I didn't fully understand.  The whole thing is
> > described in:
> >
> >
> > https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
> > https://lwn.net/Articles/758245/
> >
> >
> I don't understand how these shadow stacks are supposed to interact with
> exception handling, either Caml-style or C++/Java style.
>

They are not supposed to. C++ exceptions, setjmp/longjmp, signal handlers, etc are not covered by this technology. So the compiler should be clever enough no to enable shadow stack if any of these features are used. 
 
> Kind regards,
>
> - Xavier Leroy
>
>
> > Unfortunately (but for obvious reasons) every asm object in a program
> > must be compiled with CET in order to enable the feature for the
> > program as a whole.  This means that any mixed OCaml/C program can't
> > benefit from CET even in the C parts, unless we also support this in
> > the OCaml parts.
> >
> > Has anyone looked into supporting this kind of thing in the amd64
> > backend?
> >
> > (I looked at the OCaml trunk and couldn't see any relevant commits,
> > but maybe I missed something in my grepping).
> >
> > Rich.
> >