`rep ret` 是什么意思? [英] What does `rep ret` mean?
问题描述
我在 Visual Studio 2008 上测试了一些代码并注意到 security_cookie
.我能理解它的意思,但我不明白这个指令的目的是什么.
I was testing some code on Visual Studio 2008 and noticed security_cookie
. I can understand the point of it, but I don't understand what the purpose of this instruction is.
rep ret /* REP to avoid AMD branch prediction penalty */
当然我能理解评论:) 但是这个前缀在 ret
上下文中做了什么,如果 ecx
是 != 0 会发生什么?显然,当我调试它时,ecx
的循环计数被忽略了,这是意料之中的.
Of course I can understand the comment :) but what is this prefix exaclty doing in context with the ret
and what happens if ecx
is != 0? Apparently the loop count from ecx
is ignored when I debug it, which is to be expected.
我在这里找到的代码(由编译器注入以确保安全):
The code where I found this was here (injected by the compiler for security):
void __declspec(naked) __fastcall __security_check_cookie(UINT_PTR cookie)
{
/* x86 version written in asm to preserve all regs */
__asm {
cmp ecx, __security_cookie
jne failure
rep ret /* REP to avoid AMD branch prediction penalty */
failure:
jmp __report_gsfailure
}
}
推荐答案
有一个以这条指令命名的博客.第一篇文章描述了其背后的原因:http://repzret.org/p/repzret/
There's a whole blog named after this instruction. And the first post describes the reason behind it: http://repzret.org/p/repzret/
基本上,当单字节 ret
立即跟在您引用的代码(以及其他一些情况)中的条件跳转之后时,AMD 的分支预测器存在问题,解决方法是添加 rep
前缀,它会被 CPU 忽略但修复了预测器惩罚.
Basically, there was an issue in the AMD's branch predictor when a single-byte ret
immediately followed a conditional jump as in the code you quoted (and a few other situations), and the workaround was to add the rep
prefix, which is ignored by CPU but fixes the predictor penalty.
这篇关于`rep ret` 是什么意思?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!