Currently with CDT, the only way to use a large stack is to use the option -fno-stack-first. This is problematic as it forces the smart contract developer to choose a non-safe option. To circumvent this, this PR adds support for a new command line option -stack-canary which will protect against stack overflow issues from possibly allowing corrupted action runs to succeed.
The current way linear memory is laid out with -fno-stack-first is:
[ data section | stack section | heap section ]
By placing a canary value at the border of the stack section and data section and placing the same canary into a WASM global at the beginning of execution we can test these values at the end of execution and assert if they are no longer equal (i.e. the stack overflowed and overwrote part of the data section).
This new assert code is 8000000000000000002 to signify that a canary failure has occurred.
API Changes
[ ] API Changes
One new command line option to both cdt-cpp, cdt-cc, and cdt-ld has been added (-stack-canary).
One new assert code has been added to compiler owned and generated errors (8000000000000000002).
Change Description
Currently with CDT, the only way to use a large stack is to use the option
-fno-stack-first
. This is problematic as it forces the smart contract developer to choose a non-safe option. To circumvent this, this PR adds support for a new command line option-stack-canary
which will protect against stack overflow issues from possibly allowing corrupted action runs to succeed.The current way linear memory is laid out with
-fno-stack-first
is: [ data section | stack section | heap section ] By placing a canary value at the border of the stack section and data section and placing the same canary into a WASM global at the beginning of execution we can test these values at the end of execution and assert if they are no longer equal (i.e. the stack overflowed and overwrote part of the data section).This new assert code is 8000000000000000002 to signify that a canary failure has occurred.
API Changes
One new command line option to both cdt-cpp, cdt-cc, and cdt-ld has been added (
-stack-canary
). One new assert code has been added to compiler owned and generated errors (8000000000000000002).Documentation Additions