Return as Jump

redskull · March 19, 2008, 11:58:01 PM

Is there any reason a compiler would generate a

PUSH <something>
RET

instead of just a JMP? I seem to remember something saying that doing this messes up the branch predition in the CPU, plus it's several bytes longer, so what gives? What would be the advantage, if it's bigger and slower?

-ac

Tedd · March 20, 2008, 10:44:23 AM

Yes, it's unpredictable so the processor doesn't like it.
On the other hand, it's unpredictable so it's obfuscated - though why a compiler would do that by default, I don't know.
Depending on what the code before that is, it could be for performing a dynamic jump depending on some variable - as it's dynamic it's going to be unpredictable anyway, so it's debatable whether doing it this way is better or worse than any other.

tenkey · March 23, 2008, 04:11:46 AM

Does the compiler company have their roots in embedded systems?

This is pretty much a common pattern for low performance processors that run in ROM (hardware makes SMC impossible) and no form of indirect jumps (other than subroutine return).

redskull · March 24, 2008, 11:53:48 PM

As far as I know, it's just regular old PC windows database application. If I had to guess, I think it was originally made in Delphi (BPL files), but at this point its anyones guess. There's tons of these PUSH/RET combinations, and it's not even anything dynamic- i.e. the PUSH value is always a constant, not a register. But the program has so many bugs and crashes, i'm pretty much ready to wash my hands of trying to debug it.

-ac

drizz · March 25, 2008, 09:13:29 AM

Good guess. It's Delphi and it's the way it handles SEH.

News:

Return as Jump

redskull

Tedd

tenkey

redskull

drizz