I am using a performance counter of Intel. I’m trying to use ‘BR_MISP_EXEC.TAKEN_RETURN_NEAR’ this event, and the description in the Manual says ‘This event counts taken speculative and retired mispredicted indirect branches that have a return mnemonic’. I don't understand what 'that have a return mnemonic' means. Could you please let me know
I might not get this exactly right, but this should help get you started....
In Intel's terminology, an "indirect branch" is any branch whose target address is not hard-coded as an argument to the instruction. A "RET" instruction is an indirect branch because the address that it jumps to an address pulled from the top of the stack.
Intel processor implementations use aggressive and sophisticated "branch prediction" implementations that apply to both conditional branches and indirect branches:
A very interesting discussion of implementation details is at https://blog.stuffedcow.net/2018/04/ras-microbenchmarks/
So pulling it all together, this event increments when a RET instruction is executed and the speculation of the indirect branch target is incorrect. The event will increment if the RET instruction is executed and retired, or if the RET instruction itself is speculatively executed (i.e., beyond another incorrectly speculated branch).
All of this fits into Intel's work on trying to reduce security exposures due to control flow speculation. This is a large topic, with many issues discussed in Chapter 18 of Volume 1 of the Intel Architecture SW Developer's Manual (document 253665, revision 071, October 2019) on "Control-flow Enforcement Technology" (CET).