<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/151015>151015</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [lld][WebAssembly] `--stack-first` should be the default for wasm-ld
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            lld
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          whitequark
      </td>
    </tr>
</table>

<pre>
    There are several arguments in favor of doing so:
- Without stack protectors enabled by default, any dynamic stack overflow checks, a default stack size of 64K (the smallest of any platform), and no memory protection, WebAssembly is [uniquely vulnerable](https://arxiv.org/abs/2410.17925) to stack smashing in a way that only the simplest microcontrollers that lack an MPU also are.
- Even ignoring the security aspect, the developer experience of encountering a stack overflow in the wild is [confusing and difficult to recognize even for a professional systems developer](https://github.com/WebAssembly/wasi-sdk/issues/551), tools like Wasmtime's `wmemcheck` do not recognize it, and LLVM's suite of sanitizers isn't available to detect it.
- Using `--stack-first` has [no code size overhead](https://github.com/WebAssembly/wasi-sdk/issues/551#issuecomment-3127799692) for the resulting artifact when otherwise default linker options are used.
 - Using `--stack-first` in conjunction with `--compress-relocations` has [well below 1% size overhead](https://github.com/WebAssembly/wasi-sdk/issues/551#issuecomment-3127841325).
- Other languages like Rust and Zig pass this option by default for the same reasons.

Although the [memory control](https://github.com/WebAssembly/memory-control) proposal will mitigate the need for this change, that proposal doesn't negate the need to make `--stack-first` the default now:
- Memory control is a Phase 1 proposal with uncertain design and adoption. We need to solve the problems listed above _yesterday_.
- Without inserting `__stkchk` calls, using guard pages won't be enough to eliminate stack smashing for functions that use VLAs or alloca, so even if memory control was widely available, `--stack-first` has its merit.
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJy8Vl1v27gS_TX0y8CGTEf-ePBDcnPzclvcYrFtgH0JRuJImpoiXQ5l1f31C1JKkxTdAgss9imOxBnOnHPmjFCEW0d0VOWdKu8XOMTOh-PYcaQvA4bTovLmevy9o0CAgUDoQgEtYGiHnlwUYAcNXnwA34Dx7FoQrza3qrhdwiPHzg8RJGJ9gnPwkerogwA5rCwZqK5gqMHBRqX_A-iuYK4Oe67nEH-h0Fg_Qt1RfZJ86DliPiL8jdLd25v_gdL72BFIj9aSxPQ45TxbjI0PvdKH6RoDzkNPvQ_X56rYu_TukapbEeorewUWUOXd4PjLQPYKl8E6CqluVd4rve9iPEvqVD8o_YDhK19WPrTpdyVKP-ibdbFa7w66VPoA0T_X26N0CSZ2gDDiFWKHEbyz6ReBcH_OxfdcB197F4O3loJM52zKgQ7ef_gIaMUnVlYZ7P9eyAG3zoeUPaeieggcr4BypjpDnB4bupD1ZwpAX88UmFydESRX-8FFyvH4IwPscvDI1szI1N41g-TDzoDhpuE68RI9BKp96xIzlKpqfABMSDckwt6hBblKpF5eivkZqC3HbqhWte-VfnhFjdIPIwovxZyUfmCRgRLiZbmeKY7eWwHLJ4JHlD5yT0rvBNS2GHvqs5rUtgDjwfn4qlyOzwp59-7T-xwjA8eMj6DjyN8SFSxO6V0EvCDbJInUtKEkJOA48fExQ6O2xXKZoVw2HCSmWzvM-DkPtTc0K_hCoSM0_xQMm_xv7fs0pcvNWu92h8P2oJMWEx2Jy0Ay2JgJDJEbrCOMHTnwsaMwstD3UbPsThTAn9OcSHaCQcikRuFXnbKD2rvPg8sDBiPHbjpX-_4cSGQZyPoac9pX0IxkLVSUdLdWuvy3INrfrDd5XCcG_59wAIuuHbClWU-_DRKzQP7gFs4oaS5ZZmheGdp3lAX7BDWKd5LyquL21iZfbLv8XpV3sxXNw_43-5uCl8_B-pAG7ewFbRpWCz1HbjFSvswRmbkyFqg7dC1NvoDxJc54mgXu6G1o9NDjiX5K9uQtU_POj89L4P2b5pJ3IHzoUAjWryuNHQyuphCRHRhKeynDjGaCdgWPLzWIt5epqnPwlU1GYlkiGcDKXwieriSRgsHr0-rNJmInFOIs16cniae6y05Qo7V5v0yO1g4YDJwz7aOfsKgIyE20eSDLPbuEzQ-2nsBtZsHPnj0Iwad3twLJBm3Se7pI_GSO3MBb_mFEgZFNWjrfDSZF_JWXcBToKXBcLcxxYw6bAy7ouN6Vm13SdLnojpt9td2XpLfFYVPq0hTmQHpb7jWti7q82S34qAtdFju9X-83O12u9vWuMYVp1ruNqcrtXt0U1CPblbWXPi26RR6f47pcF-tyYbEiK_k7QmtrjdI6fVCEYzq-rIZW1E2ROJKXBJGjzZ8e6Xx5r8q718ou73_asHR-sCaR8VpvCfURpV9asxiCPf5ietL185_lOfjPeTO-WMPcz-Wo_wwAAP__xW8dCg">