Document how to determine the right value to pass for pages argument

[phayes]

Hi there,

Thanks for this awesome crate! I was wondering if you could document how to find the right value to pass for the pages argument for clear_stack_on_return, clear_stack_on_return_fnonce.

[hiroki-chen]

I encountered this issue too when I was trying to zeroize the stack and general purpose registers of a sensitive function, and my thought was to keep the code of the sensitive function tight and concise so that the stack size is always delimited within an expected range, say 4096 bytes.

The value of page is directly linked to the maximum stack usage of the closure. I am afraid that it is very awkward to determine the size of page correctly when using static analysis because the original code can be compiled differently based on compiler versions and platforms; therefore the stack layout may vary significantly too. In my opinion, it is better to check the stack usage of a function by its runtime profile, but this could introduce extra labor because we have to run the binary first and then find the precise value for page.

Another way to do this at the source code level may be the inline assembly by which one gets the stack pointer and then estimates the current stack size, which could be imprecise, but this may be the most convenient approach.

fn get_stack_pointer() -> usize {
    let sp: usize;
    unsafe {
        asm!("mov {:r}, rsp", out(reg) x);
    }
    sp
}

I am not sure the following link would help because it only provides a rudimentary solution, and it cannot work with no_std, but I hope it may be enlightening.

https://stackoverflow.com/a/38953349/14875612