Stack frames larger than 4K should be rejected, but what if I want more

Sun Jun 27 22:16:12 UTC 2021

On Sunday, 27 June 2021 at 22:01:22 UTC, Dennis wrote:
>
> Actually, that's hard to realize, since the check for `@safe` 
> is a semantic check in the frontend, while final stack sizes 
> are only known by the backend. Making the frontend guess an 
> upper bound is hard because of tail calls and/or inlining, e.g:
>
> ```D
> void f(ubyte[] x) {
>     ubyte[4000] bufA = void;
>     g(bufA[]);
> }
>
> void g(ubyte[] bufA) {
>     ubyte[4000] bufB = void;
>     h(bufA, bufB);
> }
>
> void h(ubyte[] x, ubyte[] y);
> ```
> With ldc -O3, the stack frame of `f` is 8008 bytes because it 
> has `g` inlined.

That's a good observation. Does this mean that the point of the 
suggested 4K limit falls?

In practice, if you want to prevent stack overflow and be sure 
about it I think you need a check for every new frame. This has a 
performance impact but safety usually has a that.