On Fri, Sep 04, 2020 at 02:00:41PM -0500, Qing Zhao wrote: > >> However, if we only clear USED registers, the worst case is 1.72% on > >> average. This overhead is very reasonable. > > > > No, that is the number I meant. 2% overhead is extremely much, unless > > this is magically super effective, and actually protects many things > > from exploitation (that aren't already protected some other way, SSP for > > example). > > Then how about the 0.81% overhead on average for > -fzero-call-used-regs=used_gpr_arg?
That is still quite a lot. > This option can be used to effectively mitigate ROP attack. Nice assertion. Show it! > > Yes. Which is why I asked for numbers of both sides of the equation: > > how much it costs, vs. how much value it brings. > > Reasonable. I'm glad you agree :-) > >> For compiler, we should provide such option to the users to satisfy their > >> security need even though the runtime overhead. Of course, during > >> compiler implementation, we will do our best to minimize the runtime > >> overhead. > > > > There also is a real cost to the compiler *developers*. Which is my > > prime worry here. If this gives users at most marginal value, then it > > is real cost to us, but nothing to hold up to that. > > Here, you mean the future maintenance cost for this part of the code? Not just that. *All* support costs, and consider all other optimisations it will interfere with, etc. Segher
