How is a StackOverflowException detected?

Question

TL;TR
When I asked the question I assumed a StackOverflowException is a mechanism to prevent applications to run infinitely. This is not true.
A StackOverflowException is not being detected.
It is thrown when the stack does not have the capacity to allocate more memory.

[Original question:]

This is a general question, which may has different answers per programming language.
I am unsure how languages other than C# process a stack overflow.

I was going through exceptions today and kept thinking about how a StackOverflowException can be detected. I believe it is not possible to say f.e. if the stack is 1000 calls deep, then throw the exception. Because maybe in some cases the correct logic will be that deep.

What is the logic behind the detection of an infinite loop in my program?

StackOverflowException class:
https://msdn.microsoft.com/de-de/library/system.stackoverflowexception%28v=vs.110%29.aspx

Cross reference mentioned in the StackOverflowException class documentation:
https://msdn.microsoft.com/de-de/library/system.reflection.emit.opcodes.localloc(v=vs.110).aspx

I just added the stack-overflow tag to this question, and the description says it is being thrown when the call stack consumes too much memory. Does that mean the call stack is some sort of path to the current executing position of my program and if it cannot store more path information, then the exception is thrown?

loosely related: http://stackoverflow.com/questions/7710166/how-to-deliberately-trigger-a-stackoverflowexception-without-using-recursion — Daniel A. White, May 19 '15 at 13:54
Stack Overflows are often caused by uncontrolled recursion. Loops will not cause a stack overflow. — crashmstr, May 19 '15 at 13:55
*"maybe in some cases the correct logic will be that deep"* That doesn't matter; it'll still throw. If your system has a limit to how big the stack can get, it doesn't matter if the logic is "correct", it's still more than the system can handle. It's the same as saying the correct logic needs a terabyte of RAM, or something - that may be true, and your logic may be "correct", but the system can't support it, so you need to find another way. — anaximander, May 19 '15 at 13:59
Often you can avoid recursive method calls by a different approach. Fo example with a `Queue` which gets filled and processed until it's empty. Here's a good example, also from Marc: http://stackoverflow.com/a/929418/284240 — Tim Schmelter, May 19 '15 at 14:08
Note: the *reason* the stack has a fixed size is for efficiency. Some platforms use grow-able stacks (and then the limit really is available memory, rather than an arbitrary limit). — user253751, May 20 '15 at 05:28
To follow up on @anaximander's comment, you can write a recursive method to visit every node of a linked list. Such an algorithm will overflow the stack when the list is large enough, but it won't when the list is small enough. It doesn't mean that the logic of your algorithm is incorrect, nor does it mean that the recursive function has defined infinite recursion. This is an example of your case where "the correct logic is that deep." In this case, you have run up against a limitation of the system, which is why you're better off writing a looping algorithm to iterate linked lists. — phoog, May 29 '15 at 19:35

atlaste · Accepted Answer · 2015-05-20T12:27:49.103

45

Stack overflows

I'll make it easy for you; but this is actually quite complex... Note that I will generalize quite a bit here.

As you might know, most languages use the stack for storing call information. See also: https://msdn.microsoft.com/en-us/library/zkwh89ks.aspx for how cdecl works. If you call a method, you push stuff on the stack; if you return, you pop stuff from the stack.

Note that recursion isn't normally 'inlined'. (Note: I explicitly say 'recursion' here and not 'tail recursion'; the latter works like a 'goto' and doesn't grow the stack).

The easiest way to detect a stack overflow is to check your current stack depth (e.g. bytes used) - and if it hits a boundary, give an error. To clarify about this 'boundary check': the way these checks are done is normally by using guard pages; this means boundary checks aren't normally implemented as if-then-else checks (although some implementations exist...).

In most languages, each thread has its own stack.

Detecting infinite loops

Well now, here's a question I haven't heard for a while. :-)

Basically detecting all infinite loops requires you to solve the Halting Problem. Which is by the way an undecidable problem. This is definitely not done by compilers.

This doesn't mean you can't do any analysis; in fact, you can do quite a bit of analysis. However, also note that sometimes you want things to run indefinitely (such as the main loop in a web server).

Other languages

Also interesting... Functional languages use recursion, so they are basically bound by the stack. (That said, functional languages also tend to use tail recursion, which works more or less like a 'goto' and don't grow the stack.)

And then there's Logical languages.. well now, I'm not sure how to loop forever in that - you'll probably end up with something that won't evaluate at all (no solution can be found). (Though, this probably depends on the language... )

Yielding, async, continuations

An interesting concept is you might think of is called continuations. I've heard from Microsoft that when yield was first implemented, real continuations were considered as implementation. Continuations basically allow you to 'save' the stack, continue somewhere else and 'restore' the stack back at a later point... (Again, the details are much more complicated than this; this is just the basic idea).

Unfortunately Microsoft didn't go for this idea (although I can imagine why), but implemented it by using a helper class. Yield and async in C# work by adding a temporary class and interning all the local variables within the class. If you call a method that does a 'yield' or 'async', you actually create a helper class (from within the method you call and push on the stack) that's pushed on the heap. The class that's pushed on the heap has the functionality (e.g. for yield this is the enumeration implementation). The way this is done is by using a state variable, which stores the location (e.g. some state id) where the program should continue when MoveNext is called. A branch (switch) using this ID takes care of the rest. Note that this mechanism does nothing 'special' with the way the stack works itself; you can implement the same by yourself using classes and methods (it just involves more typing :-)).

Solving stack overflows with a manual stack

I always like a good flood fill. A picture will give you a hell of a lot of recursion calls if you do this wrong... say, like this:

public void FloodFill(int x, int y, int color)
{
    // Wait for the crash to happen...
    if (Valid(x,y))
    {
        SetPixel(x, y, color);
        FloodFill(x - 1, y, color);
        FloodFill(x + 1, y, color);
        FloodFill(x, y - 1, color);
        FloodFill(x, y + 1, color);
    }
}

There's nothing wrong with this code though. It does all the work, but our stack gets in the way. Having a manual stack solves this, even though the implementation is basically the same:

public void FloodFill(int x, int y, int color)
{
    Stack<Tuple<int, int>> stack = new Stack<Tuple<int, int>>();
    stack.Push(new Tuple<int, int>(x, y));
    while (stack.Count > 0)
    {
        var current = stack.Pop();

        int x2 = current.Item1;
        int y2 = current.Item2;

        // "Recurse"
        if (Valid(x2, y2))
        {
            SetPixel(x2, y2, color);
            stack.Push(new Tuple<int, int>(x2-1, y2));
            stack.Push(new Tuple<int, int>(x2+1, y2));
            stack.Push(new Tuple<int, int>(x2, y2-1));
            stack.Push(new Tuple<int, int>(x2, y2+1));
        }
    }
}

edited May 20 '15 at 12:27

answered May 19 '15 at 14:06

atlaste

30,418
3
57
87

Are you still editing you answer? (It ended pretty unexpected :D) Now you made me think about infinite loops a little more. I think we could get away with infinite method calls if we do not allocate additional memory in a higher stack level, right? Because as you said, the stack is being cut after a return. So if we return and did not allocate more memory in a higher stack we should be able to loop without getting an exception. Or is this wrong? – Noel Widmer May 19 '15 at 14:16
@NoelWidmer No, you're right. Actually using a Stack can solve many problems that stem from (lots of) recursion that is actually limited. If you want I'll post a simple example. – atlaste May 19 '15 at 14:17
Alright, that was very useful information. Thank you very much. And no - I don't need an example for Stack. It's way to deep for what I wanted to know :) – Noel Widmer May 19 '15 at 14:22
As an additional example for infinite looping programs are pretty much all programs that use graphics I belive. (games f.e.) You'll end up at 50 fps or whatever and there will be a "sleep" after each main loop in order to not end up 1000 fps. In Windows somewhere you'll have that too in order to detect hover or click states. – Noel Widmer May 19 '15 at 14:22
I just had this idea of a flood fill algorithm, so I've added it for completeness anyways. It's pretty easy. – atlaste May 19 '15 at 14:26
I take it back. This is a very useful example! I use graphics a lot! From what I assume in the first example the overflow could happen from storing too many ints. In the second example you create your own stack an push it by the ammount of the new memory needed. But isn't x2 and y2 allocated in the crit stack? (Since it is a value type) – Noel Widmer May 19 '15 at 14:38
1

Noel, yes, but all local variables for a method are only pushed on the stack once - not for every iteration of the loop. – atlaste May 19 '15 at 14:40
Awesome! And I always thought it would cause a huge memory heap if I declare a couple locals in a loop. (At least until the GC frees the stuff) – Noel Widmer May 19 '15 at 14:42
1

@NoelWidmer well... talking about other languages: you can actually do that in LLVM... that said, normally that isn't the case. :-) Locals are on the stack. If a local is a pointer to the heap, the GC will free it up. More precisely: if no variable on any stack points to the object and if no static variable points to the object (both directly AND indirectly). (see mark & sweep algorithm). The GC only deallocates objects on the heap, never on the stack. – atlaste May 19 '15 at 14:52
6

Many functional programming languages support [tail recursion](http://stackoverflow.com/questions/33923/what-is-tail-recursion). Many recursive functions (like this one) can be transformed to be tail recursive and thus use only constant stack space. – mucaho May 19 '15 at 15:01
13

The Halting Problem is not NP-Complete but _Undecidable_. – Tuomas Laakkonen May 19 '15 at 15:03
-1 When someone says something is *"actually quite complex"*, that usually means they don't completely understand it themselves. And indeed, this answer is filled with lots of little mistakes. A few examples: using the stack-pointer "for calling" is a feature of the architecture, not the language; tail-recusion **is** "normally inlined"; detecting a stack overflow usually relies on comparing with the heap-pointer; having a manual stack does not "solve the problem," it makes it worse since now the heap will grow even more than the stack did *(and in your example, both cases loop infinitely)* – BlueRaja - Danny Pflughoeft May 19 '15 at 16:33
@BlueRaja Actually they weren't mistakes; what you say is true, but I (intentionally) didn't want to overcomplicate things so I left these things out. As for my example, both don't loop infinitely -- Valid usually excepts the output of SetPixel, which makes sure of that. It's not even close to optimal, but it will work for much more cases. – atlaste May 19 '15 at 16:48
3

@BlueRaja-DannyPflughoeft I can't think of many managed languages that actually compare the stack and heap pointers to detect overflow (though I'm by no means an expert in that many of them). Java, for example, just sets a stack size limit and overflows beyond that. I think it's unfair to claim this answer is incorrect, and then point out a bunch of things that aren't universally true. – Chris Hayes May 19 '15 at 17:25
@ChrisHayes Thanks. I must admit I find it difficult to find a balance between 'keeping it simple' and 'keeping the answer correct'. F.ex. if you consider tail calls (e.g. `tailcall` in .NET IL), the stack won't grow (it's not inlined normally - it's elimination, which works like a goto). F.ex.2: C++ works differently based on calling conventions and the way you compile. The list goes on and on.... and all these "implementation details" will probably only make the way it works harder to understand. I tried to make the concept understandable, but I acknowledge the details are more complicated. – atlaste May 19 '15 at 17:38
3

@Chris Java (well HotSpot) certainly does *not* "just overflow". The spec requires any implementation to throw a stackoverflow exception and avoid any undefined behavior (assuming no JNI). This is on modern systems usually implemented using guard pages (no explicit comparing of pointers though because that's just unnecessarily expensive, doing that is certainly not the "usual" way as Raja claims. On the other hand you need explicit checks to make sure you have space for the shadow pages). – Voo May 19 '15 at 17:49
3

@Voo For completeness: .NET also uses guard pages, as do most C++ implementations that I know of. LLVM/Clang used to use segmented stacks/stacklets with checks, but iirc they nowadays also use guard pages. For those interested, https://github.com/rust-lang/rust/issues/14742 gives some nice details. – atlaste May 19 '15 at 18:06
@Voo I didn't say "just overflow", I said it "overflows beyond that", as in "it throws a StackOverflowException at that point". I didn't mean to say that it will simply overwrite heap memory with the stack or anything like that. – Chris Hayes May 19 '15 at 18:55
Note that the "manual stack" approach is basically what a [trampoline](https://en.wikipedia.org/wiki/Trampoline_%28computing%29) is for, give or take a few details (trampolines are more general and can express more than just stack-semantics) – Jack May 20 '15 at 07:01

Eric Lippert · Answer 2 · 2015-05-20T00:27:22.663

There are a number of answers here already, many of which get the gist across, and many of which have subtle or large errors. Rather than try to explain the whole thing from scratch, let me just hit a few high points.

I am not sure how languages other than C# handle a stack overflow.

Your question is "how is a stack overflow detected?" Is your question about how it is detected in C#, or in some other language? If you have a question about another language, I recommend creating a new question.

I think it is not possible to say (for example) if the stack is 1000 calls deep, then throw the exception. Because maybe in some cases the correct logic will be that deep.

It is absolutely possible to implement a stack overflow detection like that. In practice, this is not how it is done, but there is no in-principle reason why the system could not have been designed that way.

What is the logic behind the detection of an infinite loop in my program?

You mean an unbounded recursion, not an infinite loop.

I'll describe it below.

I just added the stack-overflow tag to this question, and the description says it is being thrown when the call stack consumes too much memory. Does that mean the call stack is some sort of path to the current executing position of my program and if it cannot store more path information, then the exception is thrown?

Short answer: yes.

Longer answer: The call stack is used for two purposes.

First, to represent activation information. That is, the values of the local variables and temporary values whose lifetimes are equal to or shorter than the present activation ("call") of a method.

Second, to represent continuation information. That is, when I am done with this method, what do I need to do next? Note that the stack does not represent "where did I come from?". The stack represents where am I going next, and it just so happens that usually when a method returns, you go back to where you came from.

The stack also stores information for non-local continuations -- that is, exception handling. When a method throws, the call stack contains data that helps the runtime determine what code, if any, contains the relevant catch block. That catch block then becomes the continuation -- the "what do I do next" -- of the method.

Now, before I go on, I note that the call stack is a data structure that is being used for two purposes, violating the single responsibility principle. There is no requirement that there be one stack used for two purposes, and in fact there are some exotic architectures in which there are two stacks, one for activation frames and one for return addresses (which are the reification of continuation.) Such architectures are less vulnerable to "stack smashing" attacks that can occur in languages like C.

When you call a method, memory is allocated on the stack to store the return address -- what do I do next -- and the activation frame -- the locals of the new method. Stacks on Windows are by default of fixed size, so if there is not enough room, bad things happen.

In more detail, how does Windows do out of stack detection?

I wrote the out-of-stack detection logic for 32 bit Windows versions of VBScript and JScript in the 1990s; the CLR uses similar techniques as I used, but if you want to know the CLR-specific details, you'll have to consult an expert on the CLR.

Let's consider just 32 bit Windows; 64 bit Windows works similarly.

Windows uses virtual memory of course -- if you do not understand how virtual memory works, now would be a good time to learn before you read on. Each process is given a 32 bit flat address space, half reserved for the operating system and half for the user code. Each thread is by default given a reserved contiguous block of one megabyte of address space. (Note: this is one reason why threads are heavyweight. A million bytes of contiguous memory is a lot when you only have two billion bytes in the first place.)

There are some subtleties here regarding whether that contiguous address space is merely reserved or actually committed, but let's gloss those over. I'll continue to describe how it works in a conventional Windows program rather than going into the CLR details.

OK, so we have lets say a million bytes of memory, divided into 250 pages of 4kb each. But the program when it first starts running is only going to need maybe a few kb of stack. So here's how it works. The current stack page is a perfectly good committed page; it's just normal memory. The page beyond that is marked as a guard page. And the last page in our million byte stack is marked as a very special guard page.

Suppose we try to write a byte of stack memory beyond our good stack page. That page is guarded, so a page fault occurs. The operating system handles the fault by making that stack page good, and the next page becomes the new guard page.

However, if the last guard page is hit -- the very special one -- then Windows triggers an out-of-stack exception, and Windows resets the guard page to mean "if this page is hit again, terminate the process". If that happens then Windows terminates the process immediately. No exception. No cleanup code. No dialog box. If you've ever seen a Windows app just suddenly disappear completely, probably what happened was someone hit the guard page at the end of the stack for the second time.

OK, so now that we understand the mechanisms -- and again, I am glossing over many details here -- you can probably see how to write code that makes out-of-stack exceptions. The polite way -- which is what I did in VBScript and JScript -- is to do a virtual memory query on the stack and ask where the final guard page is. Then periodically look at the current stack pointer, and if it is getting within a couple of pages, simply create a VBScript error or throw a JavaScript exception right then and there rather than letting the operating system do it for you.

If you don't want to do that probing yourself, then you can handle the first chance exception that the operating system gives you when the final guard page is hit, turn that into a stack overflow exception that C# understands, and be very careful to not hit the guard page a second time.

When you "handle" a stack overflow, typically by throwing an exception and causing unwinding of the call stack to a point where the physical stack is nowhere near full, wouldn't part of that handling be to recreate the "very special" marking on the last guard page, putting it back into the "surface a structured exception" rather than "terminate the process" semantic? — Ben Voigt, May 19 '15 at 22:46
Awesome detail as always. Question: what is the purpose of the intermediate pages being guard pages until touched the first time? Is this so the OS can allocate physical memory to the virtual space just-in-time? Otherwise, I'm unclear why it would want to set itself up to have to handle an exception just to mark it good... — Marc Gravell, May 19 '15 at 23:43
@BenVoigt: Yes! And failure to do so has the obvious consequence. :-) — Eric Lippert, May 20 '15 at 00:26
@MarcGravell: I should have more clearly said that the page is faulted. And yes, the purpose of this is to avoid having to commit a million bytes per thread, though for reasons of its own I believe the CLR does commit the whole stack. I don't recall why. — Eric Lippert, May 20 '15 at 00:28
@EricLippert I've been thinking about your comment that you push the address on the stack where you want to go next. It's an interesting remark, mostly because of stack traces. In fact, I've don't think I've ever seen a case where you push something else than the place you've been on the stack (although I can see how I could abuse that :-)... do you happen to have practical examples of a method that returns into another method f.ex? — atlaste, May 20 '15 at 16:32
@atlaste: It is very rare. In practice I almost never see it. In theory, consider something like "a void returning method call is immediately followed by a goto". In rare cases it could be possible to make the return address can be the target of the branch, thereby skipping the branch instruction and saving a billionth of a second. Or, if you know that when you return, your caller is going to return immediately, and its caller is going to return immediately, and so on, then the return address can be the outer caller's return address. — Eric Lippert, May 20 '15 at 16:43
@atlaste: I first realized that the call stack can lie to you back in the 1990s when I found some code deep in the internals of COM that messed around with return addresses, for reasons which I have forgotten, unfortunately. (Also, it is amusing to think of the fact that "async / await" in C# is essentially a non-stack-based mechanism for "returning" to different code than what called you.) — Eric Lippert, May 20 '15 at 16:45
@atlaste: Tail recursion scenarios are a good example as well; in that case you never do put the return address on the stack because you don't create a new activation frame at all. You rely on the fact that the existing return address on the stack will still be the one you want. — Eric Lippert, May 20 '15 at 16:48
@EricLippert I've been thinking about tail recursion as well, although you could consider that 'cheating' because it doesn't really work like a 'call' but more like a 'goto'. I've also been thinking about fancier things like multi-threading where the last 'return' ends up in a 'thread join' or pushing a JIT 'optimizer routine' after the return... But as I said, I haven't seen things like that yet. Still, interesting insight, thanks. — atlaste, May 20 '15 at 17:11
@atlaste why is that cheating? The "if you know that when you return, your caller is going to return immediately" scenario is, if I am not mistaken, a non-recursive tail call, isn't it? It seems to me the canonical example of returning to a method other than the caller. — phoog, May 29 '15 at 19:30
@phoog It's a matter of taste/definition I suppose. A `tailcall` is basically a `goto` into the same or another function. The only reason it's a call, is because you normally can't just do that. Tailcall is a mechanism that allows you to do that jump (under certain constraints). In contrast, a normal `call` cannot be rewritten as a simple `goto` under normal circumstances, because it modifies the stack. As such you could also see a tailcall as weak form of 'inlining' (that doesn't expand the code). What I was looking for was 'in fcn A call B -> return somewhere in fcn C'. — atlaste, May 30 '15 at 11:19

score 15 · Answer 3 · edited May 19 '15 at 14:17

The stack is simply a block of memory of a fixed size that is allocated when the thread is created. There is also a "stack pointer", a way of keeping track how much of the stack is currently being used. As a part of creating a new stack frame (when calling a method, property, constructor, etc.) it moves the stack pointer up by the amount that the new frame is going to need. At that time it will check if has moved the stack pointer past the end of the stack, and if so, throw a SOE.

The program does nothing to detect infinite recursion. Infinite recursion (when the runtime is forced to create a new stack frame for each invocation) it simply results in so many method calls being performed as to fill up this finite space. You can just as easily fill up that finite space with a finite number of nested method calls that just happen to consume more space than the stack has. (This tend to be rather hard to do though; it's usually caused by methods that are recursive, and not infinitely so, but of sufficient depth that the stack can't handle it.)

David · Answer 4 · 2015-05-19T19:21:22.577

WARNING: This has a lot to do with under the hood mechanics, including how the CLR itself has to work. This will only really make sense if you start to study assembly-level programming.

Under the hood, method calls are performed by passing control to the site of another method. In order to pass arguments and returns, these are loaded onto the stack. In order to know how to return control to the calling method, the CLR must also implement a call stack, which is pushed to when a method is called and popped from when a method returns. This stack tells the returning method where to return control to.

Since a computer only has a finite memory, there are times when the call stack gets too big. Thus, a StackOverflowException is not the detection of a infinitely running or infinitely recursive program, it is the detection that the computer can no longer handle the size of the stack required to keep track of where your methods need to return to, the necessary arguments, returns, variables, or (more commonly) a combination thereof. The fact that this exception occurs during infinite recursion is because the logic inevitably overwhelms the stack.

To answer your question, if a program intentionally has logic which would overload the stack then yes you will see a StackOverflowException. However, this is generally thousands up to millions of calls deep and rarely an actual concern unless you've created an infinitely recursive loop.

addendum: The reason I mention recursive loops is beause the exception will only happen if you overwhlem the stack - which generally means you're calling methods which eventually call back into the same method and grow the call stack. If you have something which is logically infinite, but not recursive, you generally won't see a StackOverflowException

Billions? A stack is by default one million bytes, and the return address is four or eight bytes, so I'm not seeing how you could fit a billion of anything onto the stack. Can you provide an example of how to engineer a program that produces a stack overflow after billions of recursions? — Eric Lippert, May 19 '15 at 19:16
Misplaced the metrics in my head (mega- vs. giga-), I'll update my answer accordingly. — David, May 19 '15 at 19:19

score 5 · Answer 5 · answered May 19 '15 at 13:57

5

The problem with stack overflows is not that they might stem from an infinite computation. The problem is exhaustion of stack memory which is a finite resource in today's operating systems and languages.

This condition is detected when the program tries to access a portion of memory that is beyond what is allocated to the stack. This results in an exception.

answered May 19 '15 at 13:57

usr

168,620
35
240
369

1

`stack memory which is a finite resource in today's operating systems and languages` - but there's a brighter future ahead, is what you say? ;) – 500 - Internal Server Error May 20 '15 at 00:44
@500-InternalServerError There are some OS that have optional non-contiguous stack (see for example http://stackoverflow.com/a/5086592/613130), so the stack can grow up to all the memory – xanatos May 20 '15 at 09:08
@500-InternalServerError my point is that tight stack limits are an implementation detail, not a fundamental problem that has to exist. – usr May 20 '15 at 11:19
I know, I was just poking friendly fun at your precise wording, which made it sound a bit like there would be computers with infinite stack space in the future and that that would be a good thing :) – 500 - Internal Server Error May 20 '15 at 11:32
@500-InternalServerError got it. It *would* be a good thing, though :) – usr May 20 '15 at 11:33

Mike Nakis · Answer 6 · 2015-05-20T11:57:12.180

Most of the sub-questions have been sufficiently answered. I would like to clarify the part about the detection of the stack overflow condition, hopefully in a way which is easier to understand than Eric Lippert's answer (which is, correct, of course, but unnecessarily convoluted.) Instead, I will convolute my answer in a different way, by mentioning not one, but two different approaches.

There are two ways to detect stack overflow: either with code, or with the help of hardware.

Stack overflow detection using code was being used back in the days when PCs were running in 16-bit real mode and the hardware was wimpy. It is not used anymore, but it is worth mentioning. In this scenario, we specify a compiler switch asking the compiler to emit a special hidden piece of stack-checking code in the beginning of each function that we write. This code simply reads the value of the stack pointer register and checks to see if it is too close to the end of the stack; if so, it halts our program. The stack on the x86 architecture increases downwards, so if the address range 0x80000 to 0x90000 has been designated as our program's stack, then the stack pointer initially points at 0x90000, and as you keep invoking nested functions it goes down towards 0x80000. So, if the stack checking code sees that the stack pointer is too close to 0x80000, (say, at or below 0x80010,) then it halts.

All this has the disadvantage of a) adding overhead to every single function call that we make, and b) not being able to detect a stack overflow during calls to external code which was not compiled with that special compiler switch and therefore is not performing any stack overflow checking. Back in those days a StackOverflow exception was a luxury unheard of: your program would either terminate with a very laconic (one could almost say rude) error message, or there would be a system crash, requiring a reboot.

Stack overflow detection with the help of hardware basically delegates the job to the CPU. Modern CPUs have an elaborate system for subdividing memory into pages (usually 4KB long each) and doing various tricks with each page, including the ability to have an interrupt (in some architectures called a 'trap') automatically issued when a particular page gets accessed. So, the operating system configures the CPU in such a way that an interrupt will be issued if you attempt to access a stack memory address below the assigned minimum. When that interrupt occurs, it is received by the runtime of your language, (in C#'s case, the .Net runtime,) and it gets translated into a StackOverflow exception.

This has the benefit of having absolutely no extra overhead. There is an overhead associated with the page management that the CPU is performing all the time, but this gets paid anyway, as it is necessary for virtual memory to work, and for various other things like protecting the memory address space of one process from other processes, etc.

It is worth mentioning that in some (relatively rare) cases hardware-aided stack overflow detection still needs some help from the compiler as explained [here](http://stackoverflow.com/questions/8400118/what-is-the-purpose-of-the-chkstk-function). — ach, May 20 '15 at 10:44
@AndreyChernyakhovskiy Wow, thanks for pointing me to this, I did not know it, and if I ever saw a "chkstk()" call in a disassembly of modern C++ code I would be very puzzled. You see, "chkstk" was also the name of the function that the Microsoft Visual C compiler used to call at the beginning of each function if you had stack checking enabled back in the 16-bit real mode days. I suppose they kept the name but changed what the function does. (Also, they only place a call to it within functions that allocate more than a page worth of locals: as you said, "relatively rare".) — Mike Nakis, May 20 '15 at 11:53

How is a StackOverflowException detected?

6 Answers6

Linked

Related