Return Oriented Programming (ROP) attacks are the result of memory corruption attacks due to vulnerabilities exposed in large programs. It is complex to reduce the attack surface for a large program without recompiling the program and the loaded static and dynamic libraries (DLLs) loaded into the program.
Instrumentation-based approaches can be used only for known program entry points and do not address use of programmer-unintended gadgets in programs via the use of repurposed instructions. This makes tracking a memory corruption used in a subsequent ROP attack complex to track.