18.9.3 Specifying How Stack Checking is Done

GCC will check that stack references are within the boundaries of the stack, if the option -fstack-check is specified, in one of three ways:

  1. If the value of the STACK_CHECK_BUILTIN macro is nonzero, GCC will assume that you have arranged for full stack checking to be done at appropriate places in the configuration files. GCC will not do other special processing.
  2. If STACK_CHECK_BUILTIN is zero and the value of the STACK_CHECK_STATIC_BUILTIN macro is nonzero, GCC will assume that you have arranged for static stack checking (checking of the static stack frame of functions) to be done at appropriate places in the configuration files. GCC will only emit code to do dynamic stack checking (checking on dynamic stack allocations) using the third approach below.
  3. If neither of the above are true, GCC will generate code to periodically “probe” the stack pointer using the values of the macros defined below.

If neither STACK_CHECK_BUILTIN nor STACK_CHECK_STATIC_BUILTIN is defined, GCC will change its allocation strategy for large objects if the option -fstack-check is specified: they will always be allocated dynamically if their size exceeds STACK_CHECK_MAX_VAR_SIZE bytes.

Macro: STACK_CHECK_BUILTIN

A nonzero value if stack checking is done by the configuration files in a machine-dependent manner. You should define this macro if stack checking is required by the ABI of your machine or if you would like to do stack checking in some more efficient way than the generic approach. The default value of this macro is zero.

Macro: STACK_CHECK_STATIC_BUILTIN

A nonzero value if static stack checking is done by the configuration files in a machine-dependent manner. You should define this macro if you would like to do static stack checking in some more efficient way than the generic approach. The default value of this macro is zero.

Macro: STACK_CHECK_PROBE_INTERVAL_EXP

An integer specifying the interval at which GCC must generate stack probe instructions, defined as 2 raised to this integer. You will normally define this macro so that the interval be no larger than the size of the “guard pages” at the end of a stack area. The default value of 12 (4096-byte interval) is suitable for most systems.

Macro: STACK_CHECK_MOVING_SP

An integer which is nonzero if GCC should move the stack pointer page by page when doing probes. This can be necessary on systems where the stack pointer contains the bottom address of the memory area accessible to the executing thread at any point in time. In this situation an alternate signal stack is required in order to be able to recover from a stack overflow. The default value of this macro is zero.

Macro: STACK_CHECK_PROTECT

The number of bytes of stack needed to recover from a stack overflow, for languages where such a recovery is supported. The default value of 4KB/8KB with the setjmp/longjmp-based exception handling mechanism and 8KB/12KB with other exception handling mechanisms should be adequate for most architectures and operating systems.

The following macros are relevant only if neither STACK_CHECK_BUILTIN nor STACK_CHECK_STATIC_BUILTIN is defined; you can omit them altogether in the opposite case.

Macro: STACK_CHECK_MAX_FRAME_SIZE

The maximum size of a stack frame, in bytes. GCC will generate probe instructions in non-leaf functions to ensure at least this many bytes of stack are available. If a stack frame is larger than this size, stack checking will not be reliable and GCC will issue a warning. The default is chosen so that GCC only generates one instruction on most systems. You should normally not change the default value of this macro.

Macro: STACK_CHECK_FIXED_FRAME_SIZE

GCC uses this value to generate the above warning message. It represents the amount of fixed frame used by a function, not including space for any callee-saved registers, temporaries and user variables. You need only specify an upper bound for this amount and will normally use the default of four words.

Macro: STACK_CHECK_MAX_VAR_SIZE

The maximum size, in bytes, of an object that GCC will place in the fixed area of the stack frame when the user specifies -fstack-check. GCC computed the default from the values of the above macros and you will normally not need to override that default.

Target Hook: HOST_WIDE_INT TARGET_STACK_CLASH_PROTECTION_ALLOCA_PROBE_RANGE (void)

Some targets have an ABI defined interval for which no probing needs to be done. When a probe does need to be done this same interval is used as the probe distance up when doing stack clash protection for alloca. On such targets this value can be set to override the default probing up interval. Define this variable to return nonzero if such a probe range is required or zero otherwise. Defining this hook also requires your functions which make use of alloca to have at least 8 byes of outgoing arguments. If this is not the case the stack will be corrupted. You need not define this macro if it would always have the value zero.