`rep ret` 是什么意思? [英] What does `rep ret` mean?

问题描述

我在 Visual Studio 2008 上测试了一些代码并注意到 security_cookie.我能理解它的意思，但我不明白这个指令的目的是什么.

I was testing some code on Visual Studio 2008 and noticed security_cookie. I can understand the point of it, but I don't understand what the purpose of this instruction is.

    rep ret /* REP to avoid AMD branch prediction penalty */

当然我能理解评论:) 但是这个前缀在 ret 上下文中做了什么，如果 ecx 是 != 0 会发生什么?显然，当我调试它时，ecx 的循环计数被忽略了，这是意料之中的.

Of course I can understand the comment :) but what is this prefix exaclty doing in context with the ret and what happens if ecx is != 0? Apparently the loop count from ecx is ignored when I debug it, which is to be expected.

我在这里找到的代码(由编译器注入以确保安全):

The code where I found this was here (injected by the compiler for security):

void __declspec(naked) __fastcall __security_check_cookie(UINT_PTR cookie)
{
    /* x86 version written in asm to preserve all regs */
    __asm {
        cmp ecx, __security_cookie
        jne failure
        rep ret /* REP to avoid AMD branch prediction penalty */
failure:
        jmp __report_gsfailure
    }
}

推荐答案

有一个以这条指令命名的博客.第一篇文章描述了其背后的原因:http://repzret.org/p/repzret/

There's a whole blog named after this instruction. And the first post describes the reason behind it: http://repzret.org/p/repzret/

基本上，当单字节 ret 立即跟在您引用的代码(以及其他一些情况)中的条件跳转之后时，AMD 的分支预测器存在问题，解决方法是添加 rep 前缀，它会被 CPU 忽略但修复了预测器惩罚.

Basically, there was an issue in the AMD's branch predictor when a single-byte ret immediately followed a conditional jump as in the code you quoted (and a few other situations), and the workaround was to add the rep prefix, which is ignored by CPU but fixes the predictor penalty.

这篇关于`rep ret` 是什么意思?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！