2

In the disassembly of my C++ code, I see that in the prolog of the function, MSVC adds an initial HINT instruction such as:

HINT            #0x1B
STP             X29, X30, [SP,#-0x10+var_s0]!
...
...

And in the prolog of the function I see:

HINT            #0x1F
RET

Are they just treated as a NOP? But if it were a NOP, why does it use different immediate?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
raff
  • 339
  • 2
  • 12
  • @HansPassant none of that is true. They're not even hints to begin with, they are signing and authentication instructions. They slow down execution but add security guarantees. And they affect the link register, not the instructions following them. – Siguza Jun 22 '23 at 13:47

1 Answers1

3

Your disassembler is too old.

These are the instructions pacibsp and autibsp, part of the ARMv8.3 Pointer Authentication feature (FEAT_PAuth). They respectively sign and authenticate the x30 register with the "IB" key, and with the contents of the sp register as context.

Some PAC instructions (like the two you're looking at) were encoded in existing NOP space, so that programs could be compiled in a backwards-compatible way: if the binary is running on ARMv8.3-compliant hardware, then the instructions sign and authenticate the x30 register, otherwise the two instructions are both NOPs.

Siguza
  • 21,155
  • 6
  • 52
  • 89