Lame. Both protection mechanisms have more effective and general alternatives.

For anti-ROP: Why does this not take an immediate operand to indicate type signature etc.? Like @grsecurity’s RAP but presumably faster.

It could also have the advantage of being compatible with execute-only code, since it wouldn't need to read the code.

RAP's C++ virtual function checking must be more complicated than one ID check so CET would still be weaker with that.