1. 7
  1. 1

    I wonder if anybody has looked into whether PowerPC’s minimally-documented “tags active” mode can be used to implement return guards. It would involve a single additional instruction in the function prologue to set the tag bit (and likewise in the epilogue to check the tag bit), and for various reasons you’d lose the top 16 bits of your address space, but in return you’d have an effectively unforgeable return address.