{"id":112154,"date":"2026-03-20T07:00:00","date_gmt":"2026-03-20T14:00:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=112154"},"modified":"2026-03-20T15:11:23","modified_gmt":"2026-03-20T22:11:23","slug":"20260320-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20260320-00\/?p=112154","title":{"rendered":"Windows stack limit checking retrospective: arm64, also known as AArch64"},"content":{"rendered":"

Our survey of stack limit checking wraps up with arm64, also known as AArch64.<\/p>\n

The stack limit checking takes two forms, one simple version for pure arm64 processes, and a more complex version for Arm64EC. I’m going to look at the simple version. The complex version differs in that it has to check whether the code is running on the native arm64 stack or the emulation stack before calculating the stack limit. That part isn’t all that interesting.<\/p>\n

; on entry, x15 is the number of paragraphs to allocate\r\n;           (bytes divided by 16)\r\n; on exit, stack has been validated (but not adjusted)\r\n; modifies x16, x17\r\n\r\nchkstk:\r\n    subs    x16, sp, x15, lsl #4\r\n                            ; x16 = sp - x15 * 16\r\n                            ; x16 = desired new stack pointer\r\n    csello  x16, xzr, x16   ; clamp to 0 on underflow\r\n\r\n    mov     x17, sp\r\n    and     x17, x17, #-PAGE_SIZE   ; round down to nearest page\r\n    and     x16, x16, #-PAGE_SIZE   ; round down to nearest page\r\n\r\n    cmp     x16, x17        ; on the same page?\r\n    beq     done            ; Y: nothing to do\r\n\r\nprobe:\r\n    sub     x17, x17, #PAGE_SIZE ; move to next page\u00b9\r\n    ldr     xzr, [x17]      ; probe\r\n    cmp     x17, x16        ; done?\r\n    bne     probe           ; N: keep going\r\n\r\ndone:\r\n    ret\r\n<\/pre>\n
The inbound value in x15<\/code> is the number of bytes desired divided by 16<\/i>. Since the arm64 stack must be kept 16-byte aligned, we know that the division by 16 will not produce a remainder. Passing the amount in paragraphs expands the number of bytes expressible in a single constant load from 0xFFF0<\/code> to 0x0FFF0<\/code> (via the movz<\/code> instruction), allowing convenient allocation of stack frames up to just shy of a megabyte in size. Since the default stack size is a megabyte, this is sufficient to cover all typical usages.<\/p>\n
Here’s an example of how a function might use chkstk<\/code> in its prologue:<\/p>\n
    mov     x15, #17328\/16      ; desired stack frame size divided by 16\r\n    bl      chkstk              ; ensure enough stack space available\r\n    sub     sp, sp, x15, lsl #4 ; reserve the stack space\r\n<\/pre>\n
Okay, so let’s summarize all of the different stack limit checks into a table, because people like tables.<\/p>\n\n\n\n\n\n\n\n\n
\u00a0<\/th>\nx86-32<\/th>\nMIPS<\/th>\nPowerPC<\/th>\nAlpha AXP<\/th>\nx86-64<\/th>\nAArch64<\/th>\n<\/tr>\n
unit requested<\/td>\nBytes<\/td>\nBytes<\/td>\nNegative bytes<\/td>\nBytes<\/td>\nBytes<\/td>\nParagraphs<\/td>\n<\/tr>\n
adjusts stack pointer before returning<\/td>\nYes<\/td>\nNo<\/td>\nNo<\/td>\nNo<\/td>\nNo<\/td>\nNo<\/td>\n<\/tr>\n
detects stack placement at runtime<\/td>\nNo<\/td>\nYes<\/td>\nYes<\/td>\nYes<\/td>\nYes<\/td>\nYes<\/td>\n<\/tr>\n
short-circuits<\/td>\nNo<\/td>\nYes<\/td>\nYes<\/td>\nYes<\/td>\nYes<\/td>\nNo<\/td>\n<\/tr>\n
probe operation<\/td>\nRead<\/td>\nWrite<\/td>\nRead<\/td>\nWrite<\/td>\nEither<\/td>\nRead<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
As we discussed earlier, if the probe operation is a write, then short-circuiting is mandatory.<\/p>\n
\u00b9 If you’re paying close attention, you may have noticed that PAGE_SIZE<\/code> is too large to fit in a 12-bit immediate constant. No problem, because the assembler rewrites it as<\/p>\n
    sub x17, x17, #PAGE_SIZE\/4096, lsl #12\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Wrapping things up.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-112154","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing"],"acf":[],"blog_post_summary":"
Wrapping things up.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/112154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=112154"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/112154\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=112154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=112154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=112154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}