Ping: C-family stack check for threads

Ye Joey joey.ye.cc@gmail.com
Thu Jun 30 09:36:00 GMT 2011


On Fri, Jun 24, 2011 at 11:51 PM, Thomas Klein <th.r.klein@web.de> wrote:
>
> Hi
>
> This is a ping of (http://gcc.gnu.org/ml/gcc-patches/2011-03/msg01226.html).
> Repeating my request.
>
> I would like to have a stack check for threads with small amount of stack space per thread.
> (I'm using a ARM Cortex-M3 microcontroller with a stack size of a 1 KByte per Thread.)
> Each thread having its own limit address.
> The thread scheduler can then calculate the limit and store this value inside of a global variable.
> The compiler may generate code to check the stack for overflow at function entry.
> In principal this can be done this way:
>  - push registers as usual
>  - figure out if one or two work registers, that can be used directly without extra push
>  - if not enough registers found push required work registers to stack
>  - load limit address into first working register
>  - load value of limit address (into the same register)
>  - if stack pointer will go to extend the stack (e.g. for local variables)
>    load this size value too (here the second work register can be used)
>  - compare for overflow
>  - if overflow occur "call" stack_failure function
>  - pop work registers that are pushed before
>  - continue function prologue as usual e.g. extend stack pointer
>
> The ARM target has an option "-mapcs-stack-check" but this is more or less not working. (implementation seems to be missing)
> There are also architecture independent options like
> "-fstack-check=generic", "-fstack-limit-symbol=current_stack_limit" or "-fstack-limit-register=r6"
> that can be used.
>
> The generic stack check is doing a probe at end of function prologue phase
> (e.g by writing 12K ahead the current stack pointer position).
> If this stack space is not available the probe may generates a fault.
> This require that the CPU is having a MPU or a MMU.
> For machines with small memory space an additional mechanism should be
> available.
>
> The option "-fstack-check" can be extend by the switches "direct" and "indirect" to emit compare code in function prologue.
> If switch "direct" is given the address of "-fstack-limit-symbol" represents the limit itself.
> If switch "indirect" is given "-fstack-limit-symbol" is a kind of global
> variable that needs be read before comparison.
Thomas,

I think your are working on a very useful feature. I have ARM MCU
applications running of out stack space and resulting strange
behaviors silently. I'd like to try your patch and probably give
further comments

- Joey



More information about the Gcc-patches mailing list