StackGhost


Invented by Mike Frantzen
Register window architectures: For now, Sparc v6/v7/v8

 %g[0-7]  Globals          32 registers total
  %i[0-7]  In                   %i7 is return address
  %l[0-7]  Local
 %o[0-7]  Out

Each time a function call is made, the latter 3 sets "rotate"

    Globals  In   Local  Out
    Globals                     In   Local  Out
    Globals                                        In   Local  Out

The processor has a limited set of registers on-chip.. so cpu traps to SPILL & FILL
handlers to store registers to memory, or refetch registers from memory -- on the stack.

StackGhost: XOR the in-memory copy of %i7 with a per-process random number ("wcookie")

Has been held up by GDB support -- will be enabled in OpenBSD 3.6
Might be feasable on other register window architectures: sparc64 ia64

Roughly .0001% performance slowdown