pgoodman
commented
9 years ago It might be worth looking into one of the tricks originally used in granary1, where there would be a call to the edge lookup code, and the call itself would be placed somewhere just before the address of the target is computed, but after any "real" instructions from the block.
One problem with this approach is that it is not transparent for things like CALL [RSP], which itself isn't safe unless interrupts are disabled or one is in user space and using the redzone.
This issue is primarily due to me working in user space (with transparent return addresses) so long that I've forgotten how function calls, when combined with the virtual register system, introduce some funny issues!
The crux of the issue is that indirect function calls will go through lookup, which requires the VR system. But then the call will push on a return address onto a shifted version of the stack pointer.
The original code for late-mangling calls included this: https://github.com/Granary/granary2/blob/89ed6fd2601f251ce68de1b927ff2efcd888c057/arch/x86-64/assemble/1_mangle.cc#L237
It also did some really ugly magic (that combined with ugly later passes in the assembly stage) to pull off getting the right return address in place. In general, the same mangling will be necessary. However, a better solution to how to figure out the return targets needs to be thought through.
For the time being, I'm leaving this on the back-burner until I return to kernel space.