[flang-commits] [flang] [flang][docs] Add an FAQ about an executable stack (PR #171241)
Tarun Prabhu via flang-commits
flang-commits at lists.llvm.org
Tue Dec 9 07:48:10 PST 2025
================
@@ -0,0 +1,47 @@
+<!--===- docs/FAQ.md
+
+ Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+ See https://llvm.org/LICENSE.txt for license information.
+ SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+-->
+
+<!-- TODO: remove this after adding this page to ToC -->
+```{eval-rst}
+:orphan:
+```
+
+# Frequently Asked Questions (FAQ)
+
+```{contents}
+---
+local:
+---
+```
+
+## Driver
+
+### Why do I get a warning or error about an executable stack?
+
+This warning or error occurs because Flang's implementation of pointers to internal procedures requires an executable stack.
+
+When an internal procedure is referenced from outside its host scope (e.g., via a procedure pointer), the implementation must ensure it can still access its host-associated variables.
+To achieve this, the current implementation of Flang generates a small piece of code, called a "trampoline", on the stack dynamically.
+Since this trampoline code must be executed, the stack needs to be executable.
+For a more detailed explanation of trampolines, please refer to the [design document](InternalProcedureTrampolines.md).
+
+However, an executable stack can introduce security vulnerabilities (e.g., by enabling [buffer overflow attacks](https://en.wikipedia.org/wiki/Buffer_overflow#Stack-based_exploitation)).
+For this reason, modern linkers often issue a warning or error.
+In particular, the LLVM Linker (`lld`) never enables an executable stack unless you explicitly allow it.
+
+> NOTE: The trampoline code generated by Flang is not itself a security risk.
+> The risk comes from the possibility that other malicious code, if present in the program or its libraries, could be executed from the stack.
+
+When you use the Flang driver (i.e., the `flang` command) to generate executables, you can instruct the linker to enable an executable stack with the `-Wl,-z,execstack` or `-Xlinker -zexecstack` flag.
----------------
tarunprabhu wrote:
Is this linker option supported by all linkers or is this only intended for `lld`? If it is supported by, for instance, `ld`, we should add a sentence that this will suppress the warning that is issued by `ld`. This may be useful if users build with `-Werror`.
https://github.com/llvm/llvm-project/pull/171241
More information about the flang-commits
mailing list