Expand description

This module defines the __rust_probestack intrinsic which is used in the implementation of “stack probes” on certain platforms.

The purpose of a stack probe is to provide a static guarantee that if a thread has a guard page then a stack overflow is guaranteed to hit that guard page. If a function did not have a stack probe then there’s a risk of having a stack frame larger than the guard page, so a function call could skip over the guard page entirely and then later hit maybe the heap or another thread, possibly leading to security vulnerabilities such as The Stack Clash, for example.

The __rust_probestack is called in the prologue of functions whose stack size is larger than the guard page, for example larger than 4096 bytes on x86. This function is then responsible for “touching” all pages relevant to the stack to ensure that that if any of them are the guard page we’ll hit them guaranteed.

The precise ABI for how this function operates is defined by LLVM. There’s no real documentation as to what this is, so you’d basically need to read the LLVM source code for reference. Often though the test cases can be illuminating as to the ABI that’s generated, or just looking at the output of llc.

Note that #[naked] is typically used here for the stack probe because the ABI corresponds to no actual ABI.

Finally it’s worth noting that at the time of this writing LLVM only has support for stack probes on x86 and x86_64. There’s no support for stack probes on any other architecture like ARM or PowerPC64. LLVM I’m sure would be more than welcome to accept such a change!

Functions