https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87220
--- Comment #13 from Alexander Monakov <amonakov at gcc dot gnu.org> ---
(In reply to Eric Botcazou from comment #12)
> We're going in circles... -fstack-clash-protection is not stack checking a
> la Ada, it's stack protection against clash attacks and it indeed has
> different requirements that stack checking.
I do not see from existing documentation what the differences are.
(In reply to Eric Botcazou from comment #10)
> Well, that's implicit, if you want to detect stack overflow, you need to
> compile the entire software with stack checking, whatever the implementation
> method.
To add to what Rich said, with -fstack-check callers need to probe one page
ahead even they don't use any stack themselves; this is not obvious and would
be nice to have explained in the documentation. I think a common expectation is
that only subroutines with nontrivial stack usage would have stack probing code
added to them.
int f(int (*p)(void))
{
return -p();
}
f:
subq $4136, %rsp
orq $0, (%rsp)
addq $4128, %rsp
call *%rdi
negl %eax
addq $8, %rsp
ret
> > I think an indication that this option is intended for use with Ada also
> > would help.
>
> So what isn't clear in the current wording exactly?
>
> `-fstack-check=' is designed for Ada's needs to detect infinite
> recursion and stack overflows. `specific' is an excellent choice
> when compiling Ada code. It is not generally sufficient to
> protect against stack-clash attacks. To protect against those you
> want `-fstack-clash-protection'.
To me, two things are unclear in the quote: whether the option is intended to
be used with other languages at all, and why specifically it "is not generally
sufficient to protect against stack-clash attacks".
