| PICs are still popular and have hardware return stacks. Modern high-end CPUs have hardware return stacks too, but only as a hint to the branch predictor of where a ret instruction will jump to (return stack buffer). Separately... there are exploit mitigations that create a separate stack just for return addresses, making them impossible to reach through stack buffer overflows. For a recent implementation, see Clang's SafeStack: https://clang.llvm.org/docs/SafeStack.html Or for a hardware-assisted version, there's Intel CET (not yet implemented on shipping CPUs, AFAIK): https://software.intel.com/en-us/blogs/2016/06/09/intel-rele... There are serious limitations to this approach, though: there's a lot of important data on the stack other than return addresses, and overwriting it is often enough for an attacker to redirect control flow eventually, just more indirectly. |