Chapter 10 Further Reading: Control Flow

Open Assembly Language Project

Chapter 10 Further Reading: Control Flow

Instruction Reference

Intel SDM Volume 2: Jcc — Jump if Condition is Met The reference entry for all conditional jumps lists each mnemonic, its encoding, and the exact flag condition. The table of "Jcc Instruction Synonyms" makes clear which mnemonics are aliases for the same instruction (JE=JZ, JNE=JNZ, JB=JNAE=JC, etc.).

Intel SDM Volume 2: CMOVcc — Conditional Move The CMOV reference covers all 16 condition codes and the flag conditions for each. Note the instruction description: "If the condition code (cc) is true, then copies the operand from the Source operand to the destination operand. Otherwise, the destination operand is not modified." The "not modified" part is what makes it different from a branch.

Branch Prediction

"Branch Prediction and the Performance of Interpreters — Don't Trust Folklore" — Rohou et al., IEEE CGO 2015 An empirical study of branch prediction behavior in bytecode interpreters (like the VM in Case Study 10.2). Shows that computed gotos outperform switch-based dispatch by 10-30% for CPython-style workloads, due to better indirect branch prediction.

"Branch Misprediction Cost" — Agner Fog, microarchitecture.pdf (agner.org) The per-microarchitecture misprediction penalty table. Haswell: 14-17 cycles. Skylake: 14-17 cycles. Zen 2: 14-23 cycles. These numbers explain when CMOV is worth the additional code complexity.

Jump Tables and Security

"Exploiting the Hard-Working DWARF" — James Oakley and Sergey Bratus, USENIX WOOT 2011 Discusses how exception handling tables and jump tables in compiled code can be exploited. Relevant background for Chapter 35's exploit development.

CFI: Control Flow Integrity — Abadi et al., CCS 2005 (Microsoft Research) The original paper on Control Flow Integrity, the defense against jump table hijacking and return-oriented programming. Modern compilers implement CFI via -fsanitize=cfi. Relevant to the Chapter 35-37 security chapters.

"Intel CET: Control-flow Enforcement Technology" Intel's hardware CFI implementation (Shadow Stack + Indirect Branch Tracking). Prevents return address overwrites and restricts valid indirect jump targets. The indirect branch tracking mechanism specifically addresses jump table hijacking.

Branchless Programming

"Sorting Networks and Their Applications" — Batcher, AFIPS Spring Joint Computer Conference 1968 The original paper on optimal sorting networks. Batcher's odd-even merge sort and bitonic sort are the most-cited networks. Sorting networks are the foundation of SIMD-accelerated sorting.

"Branchless Equivalents of Simple Functions" — Chess Programming Wiki chessprogramming.org/Branchless_Equivalents Extensive collection of branchless implementations for common functions (abs, min, max, sign, clamp, swap, etc.). The implementations use the sign-mask technique (SAR to get all-ones/all-zeros mask) that appears throughout systems programming.

Godbolt Compiler Explorer — godbolt.org Enter a switch statement and experiment with the number of cases and their distribution. Watch when GCC switches from a comparison chain to a jump table. Try cases with gaps (1, 2, 10, 11) vs. dense cases (1..10) and observe the different code generation strategies.