Next: , Up: Security Hardening Features   [Contents][Index]

17.1 Register Scrubbing

GNAT can generate code to zero-out hardware registers before returning from a subprogram.

It can be enabled with the `-fzero-call-used-regs' command line option, to affect all subprograms in a compilation, and with a Machine_Attribute pragma, to affect only specific subprograms.

procedure Foo;
pragma Machine_Attribute (Foo, "zero_call_used_regs", "used");
--  Before returning, Foo scrubs only call-clobbered registers
--  that it uses itself.

function Bar return Integer;
pragma Machine_Attribute (Bar, "zero_call_used_regs", "all");
--  Before returning, Bar scrubs all call-clobbered registers.

For usage and more details on the command line option, and on the zero_call_used_regs attribute, see Using the GNU Compiler Collection (GCC).