On Fri, Dec 8, 2023 at 3:07 PM Eduard Zingerman <eddyz87@xxxxxxxxx> wrote: > > > fwiw, if relocations are used instead of IDs the new instruction does > not have to be a control flow. It might be a mov that sets target > register to a value that verifier treats as unknown. At runtime this > mov could be patched to assign different values. Granted it would be > three instructions: > > mov rax, 0; > cmp rax, 0; > je ... > > instead of one, but I don't believe there would noticeable performance > difference. On a plus side: even simpler verification, likely/unlikely > for free, no need to track if branch is inverted. 'je' is a conditional jmp. cpu will mispredict it sooner or later and depending on the density of jmps around it the misprediction can be severe. It has to be an unconditional jmp to be fast.
