ansaurus

Question

Is it possible to predict a stack overflow in C on Linux?

Answer 1

+1 A:

The deprecated alloca() routine (like malloc(), but uses the stack, automatically frees itself, and also blows up with SIGSEGV if it's too big).

Why is alloca deprecated?

Anyhow, how much faster in your case is alloca vs malloc? (Is it worth it?)

And don't you get null back from alloca if there is not enought space left? (the same way as malloc?)

And when your code crash, where does it crash? is it in alloca or is in doStuff()?

/Johan

Johan 2009-01-09 06:59:23

(1) the GNU manpage says not to use it. (2) alloca runs in constant time, whereas malloc is non-deterministic and may involve a system call and locking threads. (2) If alloca causes stack overflow, behavior is undefined (it segfaults on usage, not on the alloca).

Tom 2009-01-09 11:50:18

however, the null-return provided by malloc often is only a false security: malloc on linux for does return non-null, and will crash on usage of the memory. you first have to switch some bits in the kernel to change that (see man malloc)

Johannes Schaub - litb 2009-01-10 14:22:39

Answer 2

A:

Apologies if this is stating the obvious, but you could easily write a function to test for a specific stack allocation size by just trying the alloca (of that size) and catching a stack overflow exception. If you wanted you could put it into a function, with some pre-determined math for the function stack overhead. Eg:

bool CanFitOnStack( size_t num_bytes )
{
    int stack_offset_for_function = 4; // <- Determine this
    try
    {
        alloca( num_bytes - stack_offset_for_function );
    }
    catch ( ... )
    {
        return false;
    }

    return true;
}

Nick 2009-01-09 07:02:47

The language is C.

Bernard 2009-01-09 08:17:52

And even if it was C++, there is no standard, platform-independent mechanism for triggering an exception on stack overflow.

j_random_hacker 2009-01-09 08:44:32

This would actually be doable - not in the way you describe, but by using a SIGSEGV handler *very* carefully.

Tom 2009-01-09 11:56:25

Good points; I missed that it was C. It just occurred to me that using the exception handler itself might be the easiest way from point A to B, so to speak. :)

Nick 2009-01-09 17:52:39

Answer 3

+1 A:

alloca() is going to return NULL on failure, I believe the behavior of alloca(0) is undefined and platform variant. If you check for that prior to do_something(), you should never be hit with a SEGV.

I have a couple of questions:

Why, oh why, do you need something that big on the stack? The default size on most systems is 8M, that's still too small?
If the function calling alloca() blocks, would protecting the same amount of heap via mlock() / mlockall() guarantee close to the same access performance (i.e. "Don't swap me, bro!") over time? If your using a more aggressive 'rt' scheduler, its recommended to call those anyway.

The question is interesting but raises an eyebrow. It raises the needle on my square-peg-round-hole-o-meter.

Tim Post 2009-01-09 07:25:28

(1) The stack size is configured to much smaller than 8M on the machines I am looking at. (2) The page swapping is definitely a concern, though now that you mention it, maybe I'm just better off preallocating and mlock()ing.

Tom 2009-01-09 11:53:58

alloca causes undefined behavior if the stack overflows. it doesn't return 0 according to its manpage

Johannes Schaub - litb 2009-01-10 14:33:04

alloca() itself is platform dependent. :)

bk1e 2009-01-10 18:08:44

Answer 4

+4 A:

You can determine the stack space the process has available by finding the size of a process' stack space and then subtracting the amount used.

ulimit -s

shows the stack size on a linux system. For a programmatic approach, check out getrlimit(). Then, to determine the current stack depth, subtract a pointer to the top of the stack from one to the bottom. For example (code untested):

unsigned char *bottom_of_stack_ptr;

void call_function(int argc, char *argv) {
    unsigned char top_of_stack;
    unsigned int depth = (&top_of_stack > bottom_of_stack_ptr) ? 
        &top_of_stack-bottom_of_stack_ptr : 
        bottom_of_stack_ptr-&top_of_stack;

    if( depth+100 < PROGRAMMATICALLY_DETERMINED_STACK_SIZE ) {
        ...
    }
}

int main(int argc, char *argv) {
    unsigned char bottom_of_stack;
    bottom_of_stack_ptr = &bottom_of_stack;
    my_function();
    return 0;
}

Paul 2009-01-09 07:45:36

Is this right? Bottom_of_stack may not be the real bottom of the stack, right? Aren't globals put on the stack, plus other junk that the compiler decides it wants?

2009-01-10 21:54:35

ulimit -s and getrlimit(RLIMIT_STACK) will only tell you the size of the initial thread. It does not tell you anything unless you know you are running in the initial thread.

2009-01-16 13:56:42

Globals usually have their own space. Startup code can add stack depth, so the code above adds a good fudge factor to the depth just to be safe. Yes, RLIMIT_STACK only applies to the initial stack, however pthread allows getting and setting the stack size.

Paul 2009-01-24 01:36:18

Answer 5

A:

Even if this isn't a direct answer to your question, I hope you're aware of the existence of valgrind - a wonderful tool for detecting such problems in runtime, on Linux.

Regarding the stack problem, you can attempt allocating objects dynamically from a fixed pool that detects these overflows. With a simple macro-wizardry you can make this run at debug time, with real code running at release time, and thus know (at least for the scenarios you're executing) that you're not taking too much. Here's more info and a link to a sample implementation.

Eli Bendersky 2009-01-09 07:49:39

I know valgrind, and it doesn't help me with this question.

Tom 2009-01-09 23:28:11

Answer 6

+1 A:

The alloca function is not deprecated. However, it is not in POSIX and it is also machine- and compiler-independent. The Linux man-page for alloca notes that "for certain applications, its use can improve efficiency compared to the use of malloc, and in certain cases it can also simplify memory deallocation in applications that use longjmp() or siglongjmp(). Otherwise, its use is discouraged."

The manpage also says that "there is no error indication if the stack frame cannot be extended. However, after a failed allocation, the program is likely to receive a SIGSEGV."

The performance of malloc was actually mentioned on the Stackoverflow Podcast #36.

(I know this is not a proper answer to your question, but I thought it might be useful anyway.)

JesperE 2009-01-09 08:09:41

Thanks, I'll check that podcast out.

Tom 2009-01-09 11:51:40

Answer 7

A:

Not sure if this applies on Linux, but on Windows it's possible to run into access violations with large stack allocations even if they succeed!

This is because by default, Windows' VMM only actually marks the top few (not sure how many exactly) 4096-byte pages of stack RAM as pageable (i.e. backed by the pagefile), since it believes that stack accesses will generally march downwards from the top; as accesses get closer and closer to the current "boundary", lower and lower pages are marked as pageable. But this means that an early memory read/write far below the top of the stack will trigger an access violation as that memory is not actually allocated yet!

j_random_hacker 2009-01-09 08:50:43

Linux does this as well. You can malloc() a lot of big chunks, and you don't run out of space until you actually start using all of that memory.

Tom 2009-01-09 11:54:59

The OOM killer? Related but different I think. By default Linux allows *heap* allocations to return successfully when swap is exhausted; I believe the Windows VMM will fail-early in this situation. It's Windows' *stack* behaviour I find questionable... :)

j_random_hacker 2009-01-09 14:17:16

you can switch this off. read "man malloc"

Johannes Schaub - litb 2009-01-10 14:31:31

You mean the OOM killer can be turned off right? I don't know a way to turn off Windows' stack behaviour... Maybe there is a switch you can supply at link time?

j_random_hacker 2009-01-11 04:15:55

Answer 8

A:

2009-01-09 09:05:47

Answer 9

+1 A:

You don't say much about why you want to allocate on the stack, but if it is the stack memory model which is appealing, you could implement stack allocation on the heap as well. Allocate a large chunk of memory at the beginning of the program and keep a stack of pointers to this which would correspond to frames on the regular stack. You just need to remember to pop your private stack pointer when the function returns.

Rolf Rander 2009-01-09 09:16:55

I want to avoid a heap allocation (which may be expensive). Preallocating a static buffer per thread would work just as well, I believe.

Tom 2009-01-09 12:05:42

Answer 10

+1 A:

Several compilers, for example Open Watcom C/C++, support stackavail() function that lets you do exactly that

dmityugov 2009-01-09 15:14:37

Answer 11

A:

You can use GNU libsigsegv to handle a page fault, including cases where a stack overflow occurs (from its website):

In some applications, the stack overflow handler performs some cleanup or notifies the user and then immediately terminates the application. In other applications, the stack overflow handler longjmps back to a central point in the application. This library supports both uses. In the second case, the handler must ensure to restore the normal signal mask (because many signals are blocked while the handler is executed), and must also call sigsegv_leave_handler() to transfer control; then only it can longjmp away.

Johannes Schaub - litb 2009-01-10 14:27:59

ansaurus

tags:

views:

answers:

Is it possible to predict a stack overflow in C on Linux?

related questions