On Wed, Jun 23, 2021 at 11:42:22AM -0700, Van Snyder via cctalk wrote:
[...]
I have a vague recollection of a story about a FORTH
processor that put
the addresses of the functions to be executed on the return-address stack
(68000?) and then executed a RETURN instruction.
I was initially going to say that doesn't sound right because m68k's JMP
instruction supports all useful EA modes and a PEA/RTS combination takes two
extra bytes and is slower than a plain JMP. But pushing *many* return
addresses is more plausible because each function will then magically call
each other in turn. I'm still not entirely convinced it'd be enough of a win
(if any) over a conventional run of JSR instructions. Perhaps it actually
misused RTM, which I never quite understood because Motorola's documentation
on modules is rather opaque and it's only available on the 68020 onwards.
This wheeze works on x86 too--and of course most other CPUs--but it can make
mincemeat of performance on (some) modern CPUs because caches assume that
CALL and RET are paired.
ROP (
https://en.wikipedia.org/wiki/Return-oriented_programming) is an
interesting application of this technique, usually for nefarious purposes.