[Windows] thread-Stack

This series is intended to record the knowledge points of windwos threads, including thread basics, thread scheduling, thread synchronization, TLS, and thread pool.

Prerequisites

As we all know, when a thread is initialized, the system allocates a thread stack for it for local variables and parameters used for function calls. Before starting the discussion, Let's explain some background knowledge.

STACK:A Data Structure that comes first and then goes out. Push and pop are typical operations corresponding to the terms "inbound" and "outbound.

System memory allocation mechanism:Simply put, there are two processes: "Reservation" and "transfer. The reservation does not actually allocate physical memory. Instead, it only "pre-allocates" the memory in the virtual address space of the process so that the memory won't be allocated by other commands of the current process; allocating physical memory is to allocate physical memory for the reserved memory space (in windows, physical memory may be physical memory or Memory Page Swap files ). The reason why Windows does this is to make the process assume that it occupies all the physical storage. Memory is measured in pages. The page size on the X86 platform is 4 kb. Each page has a protection attribute, such as page_readwrite and page_guard.

 

Stack memory structure and working principle

By default, the thread stack size is 1 MB, which corresponds to 256 pages. You can use the link option of the Microsoft C ++ linker to change the size of the default stack, or you can use the parameters of the createthread method. (I recently read some compilation items. I think it is not the fact that the thread must have a stack, but the C ++ Linker will automatically write the initialization stack information in the PE file, the PE Loader can recognize and initialize SS and sp. The compiler uses this stack by default when processing variables and function calls ). We know that the push command for the x86 stack always drops the top pointer of the stack, so the stack order is always from high to low. By default, the operating system reserves 1 MB space for the thread stack and allocates 2 page spaces. Status initialized for the thread Stack:

We can see that the first two pages are transferred, and only the first page is set to page_readwrite, and the second page is set to page_guard. As more and more functions are called and threads need more and more stacks, the system will be notified when the second page is accessed (page_guard). Next, the system will change page_guard to page_readwrite, and allocate memory for the next page.

When the thread accesses the third to last page, the system allocates physical memory for the second to last page, and then throws prediction_stack_overflow. If a structured exception is thrown, in addition, the thread continues to use the stack space, so the second to last page will be used up. At this time, you have to access the stack Bottom page. However, the stack Bottom page is not transferred, in this case, access violation will terminate the entire process! This is a stack overflow error! The system does this to protect other memory space in the process.

Compared with stackoverflow, there is also a stackunderflow error. The followingCodeDemonstrate stackunderflow

 
Int winapi winmain (hinstance, hinstance, ptstr psz1_line, int ncmdshow) {byte abytes [100]; abytes [10000 h] = 0; // stack of 1 MB is allocated by default, at this time, the space other than 1 MB is accessed ...}
 

If the memory at abytes [10000 h] is not transferred at this time, access violations will occur. If physical memory has been allocated, other memories will be damaged.

 

C ++ Runtime library stack check function

The policy for allocating stack space as described above seems "impeccable", but "hidden vulnerabilities ". Let's take a look at the following code:

 
Void somefunction () {int nvalues [4000]; nvalues [0] = 0; // assign a value}
 

In a 32-bit system, this function requires at least 4000*4 = 16000 bytes. Where is the element with index 0? Low address on Stack! If 1 MB of stack space is allocated by default, nvalues [0] will access the space not yet allocated. To solve this problem, the compiler automatically inserts the stack check code. The compiler can calculate the stack space required by the function. If the required space is larger than the size of a page, the compiler inserts the check code for the function. The principle of checking the code is simple: every time you try to access an address on the next page, the system will automatically allocate memory for it until the required stack space is met. Of course, if the pre-defined stack space is not enough, it will first cause an overflow exception.

Labor fruit, reproduced please indicate the source: http://www.cnblogs.com/P_Chou/archive/2012/06/14/thread-stack.html