search for: normal_call

...sub, cmp, jl, and cold call. Exactly. The jump table turns into a very small amount of code; note that a normal bounds check has to check both bounds (so two subs and cmps). With the base and mask, and in an asm pseudo-code, it does: sub base, addr and mask, addr add base, addr cmp addr, orig je normal_call <load info for warning call> call warning normal_call: call orig And if you can get sufficient power-of-two alignment for the table, you can do even better, since then the base is a prefix of all valid addrs in its table. Unfortunately, Linux only gives you alignment up to 2^12 under PIE/AS...

On 11 Feb 2014, at 08:15, Eric Christopher <echristo at gmail.com> wrote: > On Mon, Feb 10, 2014 at 11:51 PM, Reid Kleckner <rnk at google.com> wrote: >> >> >> >> IIRC this came up before, and I don't think we expose anything like a jump >> table at the IR level. As an IR-to-IR transform, I think asm is the only >> way to do it. >