[PATCH] ARM and Thumb Segmented Stacks
Alex Crichton
alex at crichton.co
Wed Feb 26 16:17:01 PST 2014
We can in theory use guard pages, but our ideal goal is to trigger
task unwinding for us (essentially a C++ exception) instead of killing
the entire process. This involves not leaking arguments and not
triggering a fault at an arbitrary point in a function, so it's sadly
a little more involved (or so we think).
We have some ideas about how to implement a scheme for stack safety
using guard pages, but it involves some questionable changes to LLVM
and some questionable signal handling, none of which would probably
work on windows, so we haven't quite decided to pursue it just yet.
On Wed, Feb 26, 2014 at 4:00 PM, Rafael EspĂndola
<rafael.espindola at gmail.com> wrote:
> On 26 February 2014 18:49, Alex Crichton <alex at crichton.co> wrote:
>>> Out of curiosity, hasn't rust moved away from using segmented stacks?
>>> Or that was on X86 only?
>>
>> We did indeed drop segmented stacks, our green tasks now use one large
>> stack instead of lots of little ones. We are still using the
>> __morestack prologue to detect stack overflow, however. For us
>> whenever the __morestack prologue is triggered it means that the task
>> has overflowed the stack and we start the task failure machinery.
>>
>> We're still trying to get away from this (it's kinda overkill for what
>> we're doing), but for the time being it's the best solution we have
>> that LLVM implements.
>
> I see. If you don't use dynamic allocas you should be able to get away
> with checking at compile time the maximum frame size and allocating
> stacks with a certain number of unallocated pages after them, no? I
> think something like this got implemented in asan.
>
> Cheers,
> Rafael
More information about the llvm-commits
mailing list