[MS] Windows stack limit checking retrospective, follow-up - devamazonaws.blogspot.com

Aaron Giles worked on porting Windows to both ARM32 and AArch64, and he noted a missing detail in my retrospective of stack limit checking on arm64:

Every once in a while Raymond Chen does an architectural comparison series and I get to see (a paraphrased version of) some code I wrote way back when. He's right about why we passed stack size/16, but surprised he didn't call out the unconventional x15 usage.

— Aaron Giles (@aarongiles.com) Mar 20, 2026 at 8:08 PM

I'm guessing that by "unconventional x15 usage", Aaron means "Why is the parameter passed in the x15 register? The AArch64 calling convention passes the first parameter in the x0 register, so shouldn't that parameter be in the x0 register?"

It seemed so obvious to me that I didn't consider it worth mentioning.

The function that needs to do a stack probe is in a bit of a bind: It has inbound parameters, some of which might be passed in registers. If the stack size parameter were passed like a normal parameter to the stack probe function, then the calling function has to save its original inbound parameters somewhere. But it can't save them on the stack because it has to do a stack probe before it can use the stack.

The solution is to give the stack probe function a custom calling convention that limits itself to scratch registers that are not used for receiving inbound parameters.

Architecture Used for
parameters		 Allocation
size		 Also modified
8086   ax bx, dx
x86-32 ecx eax  
MIPS a0a3 t8  
PowerPC r3r10 r12 r0, r11
Alpha AXP a0a5 t12 t8, t9, t10
x86-64 rcx, rdx, r8, r9 rax r10, r11
AArch64 x0x7 x15 x16, x17

The calling conventions for processor architectures designate certain registers as "super-volatile", typically those used reserved for assembler temporaries or for facilitating function calls between modules. These registers are excellent candidates for use by the stack probe function since there is no way they could be used for normal parameter passing.

For example, PowerPC uses r11, and AArch64 uses r16 and r17, all of which are available for use in function glue stubs. Other opportunities were overlooked: MIPS and Alpha AXP could have used at, though I can see why they may have wanted to avoid using them because the assembler might use them implicitly when assembling pseudo-instructions.


Post Updated on June 17, 2026 at 03:00PM
Thanks for reading
from devamazonaws.blogspot.com

Comments

Post a Comment

Popular posts from this blog

[MS] Pulling a single item from a C++ parameter pack by its index, remarks - devamazonaws.blogspot.com

In my earlier discussion of pulling a single item from a C++ parameter pack by its index , I noted that with the Pack Indexing proposal, you would be able to write this to pull an item from a parameter pack while preserving its reference category. template<int index, typename...Args> void example(Args&&... args) { auto&& arg = (Args...[index]&&)args...[index]; using Arg = Args...[index]&&; } Why did I need to apply the (Args...[index]&&) cast ? Why can't I just write this: auto&& arg = args...[index]; or possibly decltype(auto) arg = args...[index]; Well, when you write the name of a variable, the result is an lvalue reference, even if the variable is an rvalue reference . Watch: struct S { S(S&); // construct from lvalue S(S&&); // construct from rvalue }; void whathappens(S&& s) { S t = s; // which will it use? } Try it out in your favorite compiler. This code construc...
Read more

[MS] Boosting Azure DevOps Security with GHAS Code Scanning - devamazonaws.blogspot.com

Image
Debjyoti Ganguly shares insights on the security benefits and configuration of GHAS Code Scanning with Azure DevOps. Boosting Azure DevOps Security with GHAS Code Scanning Code scanning, a pipeline-based tool available in GitHub Advanced Security, is designed to detect code vulnerabilities and bugs within the source code of ADO (Azure DevOps) repositories. Utilizing CodeQL as a static analysis tool, it performs query analysis and variant analysis. When vulnerabilities are found, it generates security alerts. CodeQL CodeQL is a powerful static analysis tool used for showing vulnerabilities and bugs in source code. It enables developers to write custom queries that analyze codebases, searching for specific patterns and potential security issues. By converting code into a database format, CodeQL allows for sophisticated, database-like queries to detect flaws. CodeQL in Action 1. Preparing the Code Create a CodeQL Database : Extract and structure the code into a database for analy...
Read more

[MS] Going beyond the empty set: Embracing the power of other empty things - devamazonaws.blogspot.com

The empty set contains nothing. This sounds really silly, but it's actually really nice. The Windows Runtime has a policy that if a method returns a collection (such as an IVector ), and the method produces no results, then it should return an empty collection, rather than a null reference . That way, consumers can just iterate over the collection without having to deal with a null test. For example, suppose you have a method Widget:: Get­Associated­Doodads which returns an IVectorView<Doodad> representing the Doodad objects that have been associated with a Widget object. If no Doodad s have been associated with the Widget , then it should return an empty vector, not a null pointer. That allows developers to write the natural-looking code: // C# foreach (var doodad in widget.GetAssociatedDoodads()) { ⟦ process each doodad ⟧ } // C++/WinRT for (auto&& doodad : widget.GetAssociatedDoodads()) { ⟦ process each doodad ⟧ } // JavaScript widget.GetAssociated...
Read more