91

I'm currently developing a C++ library for Windows which will be distributed as a DLL. My goal is to maximize binary interoperability; more precisely, the functions in my DLL must be usable from code compiled with multiple versions of MSVC++ and MinGW without having to recompile the DLL. However, I'm confused about which calling convention is best, cdecl or stdcall.

Sometimes I hear statements like "the C calling convention is the only one guaranteed to be the same accross compilers", which contrasts with statements like "There are some variations in the interpretation of cdecl, particularly in how to return values". This doesn't seem to stop certain library developers (like libsndfile) to use the C calling convention in the DLLs they distribute, without any visible problems.

On the other hand, the stdcall calling convention seems to be well-defined. From what I've been told, all Windows compilers are basically required to follow it because it's the convention used for Win32 and COM. This is based on the assumption that a Windows compiler without Win32/COM support would not be very useful. A lot of code snippets posted on forums declare functions as stdcall but I can't seem to find one single post which clearly explains why.

There's too much conflicting information out there, and every search I run gives me different answers which doesn't really help me decide between the two. I'm searching for a clear, detailed, argumented explanation as to why I should choose one over the other (or why the two are equivalent).

Note that this question not only applies to "classic" functions, but also to virtual member function calls, since most client code will interface with my DLL through "interfaces", pure virtual classes (following patterns described e.g. here and there).

Community
  • 1
  • 1
Etienne Dechamps
  • 24,037
  • 4
  • 32
  • 31
  • 4
    "There are some variations in the interpretation of cdecl, particularly in how to return values" - this approximately means that different OSes using cdecl on x86 might use different variants of cdecl, that is different ABIs that they both call "cdecl". Windows pins down the variations, any implementation that runs on Windows and doesn't respect Windows' choices won't be able to call Windows cdecl functions, so as you say with stdcall, it's useless for Windows programming, and there are some standard C functions it would be difficult to implement. – Steve Jessop Jun 28 '11 at 18:36
  • 2
    The __stdcall calling convention is used to call Win32 API functions. https://learn.microsoft.com/en-us/cpp/cpp/stdcall?view=vs-2017 – Zanna Feb 10 '19 at 13:24

3 Answers3

82

I just did some real-world testing (compiling DLLs and applications with MSVC++ and MinGW, then mixing them). As it appears, I had better results with the cdecl calling convention.

More specifically: the problem with stdcall is that MSVC++ mangles names in the DLL export table, even when using extern "C". For example foo becomes _foo@4. This only happens when using __declspec(dllexport), not when using a DEF file; however, DEF files are a maintenance hassle in my opinion, and I don't want to use them.

The MSVC++ name mangling poses two problems:

  • Using GetProcAddress on the DLL becomes slightly more complicated;
  • MinGW by default doesn't prepend an undescore to the decorated names (e.g. MinGW will use foo@4 instead of _foo@4), which complicates linking. Also, it introduces the risk of seeing "non-underscore versions" of DLLs and applications pop up in the wild which are incompatible with the "underscore versions".

I've tried the cdecl convention: interoperability between MSVC++ and MinGW works perfectly, out-of-the-box, and names stay undecorated in the DLL export table. It even works for virtual methods.

For these reasons, cdecl is a clear winner for me.

Etienne Dechamps
  • 24,037
  • 4
  • 32
  • 31
  • Notably, this does not apply to 64-bit DLLs, because __stdcall and __cdecl are generally both ignored- so no name mangling occurs on exported C functions. – jtbr Jul 19 '18 at 15:19
  • 1
    @jtbr How about exported C++ functions (i.e. no `extern "C"`)? – Ela782 Oct 05 '18 at 22:45
  • @Ela782 C++ will always have some name mangling, in order to support function overloading. But this is not standardized and can thus vary between compilers. – jtbr Oct 19 '18 at 03:07
  • 1
    @jtbr Sorry, I didn't mean the name mangling. I meant whether __stdcall and __cdecl are both ignored too in 64-bit DLLs with exported C++ functions. – Ela782 Oct 19 '18 at 17:26
  • 1
    @Ela782 Yes; I believe __stdcall and __cdecl are ignored in all x86-64 compilations. See [wikipedia](https://en.wikipedia.org/wiki/X86_calling_conventions#Microsoft_x64_calling_convention). – jtbr Oct 24 '18 at 13:13
22

The biggest difference in the two calling conventions is that "__cdecl" places the burden of balancing the stack after a function call on the caller, which allows for functions with variable amounts of arguments. The "__stdcall" convention is "simpler" in nature, however less flexible in this regard.

Also, I believe managed languages use stdcall convention by default, so anyone using P/Invoke on it would have to explicitly state the calling convention if you go with cdecl.

So, if all of your function signatures are going to be statically defined I would probably lean toward stdcall, if not cdecl.

Brandon Moretz
  • 7,512
  • 3
  • 33
  • 43
11

In terms of security, the __cdecl convention is "safer" because it is the caller that needs to deallocate the stack. What may happen in a __stdcall library is that the developer might have forgotten to deallocate the stack properly, or an attacker might inject some code by corrupting the DLL's stack (e.g. by API hooking) which is then not checked by the caller. I don't have any CVS security examples that show my intuition is correct.

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
user2471214
  • 729
  • 9
  • 17