implementing alloca actually requires compiler assistance. A few people here are saying it’s as easy as:

sub esp, <size> 

which is unfortunately only half of the picture. Yes that would ‘allocate space on the stack’ but there are a couple of gotchas.

1. if the compiler had emitted code which references other variables relative to esp instead of ebp (typical if you compile with no frame pointer). Then those references need to be adjusted. Even with frame pointers, compilers do this sometimes.

2. more importantly, by definition, space allocated with alloca must be ‘freed’ when the function exits.

The big one is point #2. Because you need the compiler to emit code to symmetrically add <size> to esp at every exit point of the function.

The most likely case is the compiler offers some intrinsics which allow library writers to ask the compiler for the help needed.

EDIT:

In fact, in glibc (GNU’s implementation of libc). The implementation of alloca is simply this:

#ifdef  __GNUC__ # define __alloca(size) __builtin_alloca (size) #endif /* GCC.  */ 

EDIT:

after thinking about it, the minimum I believe would be required would be for the compiler to always use a frame pointer in any functions which uses alloca, regardless of optimization settings. This would allow all locals to be referenced through ebp safely and the frame cleanup would be handled by restoring the frame pointer to esp.

EDIT:

So i did some experimenting with things like this:

#include <stdlib.h> #include <string.h> #include <stdio.h>  #define __alloca(p, N) \     do { \         __asm__ __volatile__( \         'sub %1, %%esp \n' \         'mov %%esp, %0  \n' \          : '=m'(p) \          : 'i'(N) \          : 'esp'); \     } while(0)  int func() {     char *p;     __alloca(p, 100);     memset(p, 0, 100);     strcpy(p, 'hello world\n');     printf('%s\n', p); }  int main() {     func(); } 

which unfortunately does not work correctly. After analyzing the assembly output by gcc. It appears that optimizations get in the way. The problem seems to be that since the compiler’s optimizer is entirely unaware of my inline assembly, it has a habit of doing the things in an unexpected order and still referencing things via esp.

Here’s the resultant ASM:

8048454: push   ebp 8048455: mov    ebp,esp 8048457: sub    esp,0x28 804845a: sub    esp,0x64                      ; <- this and the line below are our 'alloc' 804845d: mov    DWORD PTR [ebp-0x4],esp 8048460: mov    eax,DWORD PTR [ebp-0x4] 8048463: mov    DWORD PTR [esp+0x8],0x64      ; <- whoops! compiler still referencing via esp 804846b: mov    DWORD PTR [esp+0x4],0x0       ; <- whoops! compiler still referencing via esp 8048473: mov    DWORD PTR [esp],eax           ; <- whoops! compiler still referencing via esp            8048476: call   8048338 <memset@plt> 804847b: mov    eax,DWORD PTR [ebp-0x4] 804847e: mov    DWORD PTR [esp+0x8],0xd       ; <- whoops! compiler still referencing via esp 8048486: mov    DWORD PTR [esp+0x4],0x80485a8 ; <- whoops! compiler still referencing via esp 804848e: mov    DWORD PTR [esp],eax           ; <- whoops! compiler still referencing via esp 8048491: call   8048358 <memcpy@plt> 8048496: mov    eax,DWORD PTR [ebp-0x4] 8048499: mov    DWORD PTR [esp],eax           ; <- whoops! compiler still referencing via esp 804849c: call   8048368 <puts@plt> 80484a1: leave 80484a2: ret 

As you can see, it isn’t so simple. Unfortunately, I stand by my original assertion that you need compiler assistance.