Skip to content

Clang supports wiping call-used registers

Noted by on his .

Here’s a compiler flag that slipped my notice: Clear Linux has -fzero-call-used-regs=used in its CFLAGS for security-sensitive x86_64 packages, wiping call-used registers on return to protect against ROP exploits. In my benchmarks, there was almost no perf difference between skip, used-gpr and used which is surprising; I thought that this would really hurt instruction cache optimization.

Either optimizing compilers have rendered even more of my coursework on computer architecture unusable, or there’s a reason why this is x86_64-only (I’m only familiar with RISC).

Anyway: Alpine’s Clang-16 seems to have finally implemented this GCC-11 feature (it was supposed to be in Clang-15), so I can use it in my build scripts. Now is now served with an Nginx built with fzero-call-used-regs=used-gpr (including all linked libraries). Let’s see if I notice a difference. If I don’t, I’ll switch from used-gpr to used and repeat.