Skip to content

Cherry-pick to master: [rom_ext] Disable compiler jump guards #28897

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
siemen11 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Cherry-pick to master: [rom_ext] Disable compiler jump guards #28897

siemen11 wants to merge 1 commit into from
+0 −1

Conversation

@siemen11
Copy link
Contributor

@siemen11 siemen11 commented Dec 8, 2025
edited
Loading

The compiler guards feature is meant as a control flow integrity feature that inserts unimp sequences around branches to protect against instruction skips.

Unfortunately, the ROM_EXT has grown perilously close to its size limit and the guards feature results in an approximately 12% tax on code size. By turning this feature off, we save about 5700 bytes of code space.

(see #26636)
(the commit was amended to remove the option from the enabled_features list of the toolchain since it was already out of bazelrc)

@siemen11 siemen11 requested a review from cfrantz as a code owner December 8, 2025 19:32
@siemen11
Copy link
Contributor Author

siemen11 commented Dec 8, 2025

Instruction skip testing in #28850 and #28549 applied to the crypto library found no new vulnerabilities from removing this option.

@siemen11 siemen11 requested a review from moidx December 8, 2025 19:33
@siemen11 siemen11 marked this pull request as draft December 8, 2025 19:35
@cfrantz @siemen11
[rom_ext] Disable compiler jump guards
1dda77b 
The compiler `guards` feature is meant as a control flow integrity
feature that inserts `unimp` sequences around branches to protect
against instruction skips.

Unfortunately, the ROM_EXT has grown perilously close to its size limit
and the `guards` feature results in an approximately 12% tax on code
size.  By turning this feature off, we save about 5700 bytes of code
space.

Signed-off-by: Chris Frantz <[email protected]>
(cherry picked from commit 753aeff)
@siemen11 siemen11 force-pushed the guards_compiler_option_removal_cherry branch from 662ae94 to 1dda77b Compare December 8, 2025 19:41
@siemen11 siemen11 marked this pull request as ready for review December 8, 2025 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfrantz cfrantz Awaiting requested review from cfrantz

@moidx moidx Awaiting requested review from moidx

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@siemen11 @cfrantz