From 9baedb42e84b75cb46cc62206aa2d010bfa9fdca Mon Sep 17 00:00:00 2001
From: Toby Jaffey <toby@ringtailsoftware.co.uk>
Date: Wed, 10 Dec 2025 01:00:36 +0000
Subject: [PATCH] Add a stack canary, setup on boot

---
 apps/crt0.S                 |  21 +++++++++++++--------
 apps/linker.ld              |   5 +++--
 apps/maze/maze.c            |   1 +
 apps/non-rust-crt0-hack.S   |   1 -
 apps/rust-hello/src/main.rs |   2 +-
 common/uvm32_sys.h          |   5 +++--
 common/uvm32_target.h       |   6 ++++++
 host/Makefile               |   2 +-
 host/host.c                 |   2 +-
 precompiled/conio.bin       | Bin 150 -> 166 bytes
 precompiled/fib.bin         | Bin 480 -> 476 bytes
 precompiled/helloworld.bin  | Bin 60 -> 76 bytes
 precompiled/lissajous.bin   | Bin 14592 -> 14608 bytes
 precompiled/mandel.bin      | Bin 268 -> 300 bytes
 precompiled/maze.bin        | Bin 788 -> 772 bytes
 precompiled/rust-hello.bin  | Bin 127 -> 143 bytes
 precompiled/self.bin        | Bin 5044 -> 5348 bytes
 precompiled/sketch.bin      | Bin 152 -> 168 bytes
 precompiled/zigtris.bin     | Bin 16396 -> 16412 bytes
 uvm32/uvm32.c               |  30 ++++++++++++++++++++++++++++++
 uvm32/uvm32.h               |   2 ++
 21 files changed, 61 insertions(+), 16 deletions(-)
 delete mode 100644 apps/non-rust-crt0-hack.S

diff --git a/apps/crt0.S b/apps/crt0.S
index 01afb70..027215c 100644
--- a/apps/crt0.S
+++ b/apps/crt0.S
@@ -1,19 +1,24 @@
 #include "uvm32_sys.h"
+
+.equ uvm32_syscall_halt,          0x1000000
+.equ uvm32_syscall_yield,         0x1000001
+.equ uvm32_syscall_stackprotect,  0x1000002
+
 .section .initial_jump , "ax", %progbits
 .global _start
 .align 4
 _start:
+
+la a0, _estack
+li a7, uvm32_syscall_stackprotect
+ecall
+
 # sp is already setup by vm
 sw	ra,12(sp)
 jal	ra, main
-#if 1
-// rust will interpret the "#if 1" and "#include" as comments and ignore
-// C, asm, zig will include the file below, which references a constant from uvm32_sys.h
-#include "non-rust-crt0-hack.S"
-#else
-// only rust will see this
-li a7, {UVM32_SYSCALL_HALT}
-#endif
+
+li a7, uvm32_syscall_halt
 ecall
+
 .section .data
 
diff --git a/apps/linker.ld b/apps/linker.ld
index 57d28b8..f591b15 100644
--- a/apps/linker.ld
+++ b/apps/linker.ld
@@ -78,8 +78,9 @@ SECTIONS
 		_sstack = .;
 	}
 */
-/*		_sstack = .;*/
-
+	.stack : ALIGN( 16 ) {
+		_estack = .;
+	}
 }
 
 
diff --git a/apps/maze/maze.c b/apps/maze/maze.c
index 20b5d61..3a811a4 100644
--- a/apps/maze/maze.c
+++ b/apps/maze/maze.c
@@ -78,6 +78,7 @@ void print_maze() {
     }
 }
 
+
 void main(void) {
     init_maze();
     carve(1, 1);
diff --git a/apps/non-rust-crt0-hack.S b/apps/non-rust-crt0-hack.S
deleted file mode 100644
index cb3e9ae..0000000
--- a/apps/non-rust-crt0-hack.S
+++ /dev/null
@@ -1 +0,0 @@
-li a7,UVM32_SYSCALL_HALT
diff --git a/apps/rust-hello/src/main.rs b/apps/rust-hello/src/main.rs
index 493c9db..7b02068 100644
--- a/apps/rust-hello/src/main.rs
+++ b/apps/rust-hello/src/main.rs
@@ -9,7 +9,7 @@ use core::panic::PanicInfo;
 include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
 
 // startup code
-global_asm!(include_str!("../../crt0.S"), UVM32_SYSCALL_HALT = const UVM32_SYSCALL_HALT);
+global_asm!(include_str!("../../crt0.S"));
 
 fn syscall(id: u32, param1: u32, param2: u32) -> u32 {
     let mut value;
diff --git a/common/uvm32_sys.h b/common/uvm32_sys.h
index 82dec7d..7228d57 100644
--- a/common/uvm32_sys.h
+++ b/common/uvm32_sys.h
@@ -1,5 +1,6 @@
 // System provided UVM32_SYSCALLs, start at 0x10000000
-#define UVM32_SYSCALL_HALT  0x1000000
-#define UVM32_SYSCALL_YIELD 0x1000001
+#define UVM32_SYSCALL_HALT          0x1000000
+#define UVM32_SYSCALL_YIELD         0x1000001
+#define UVM32_SYSCALL_STACKPROTECT  0x1000002
 
 #include "uvm32_common_custom.h"
diff --git a/common/uvm32_target.h b/common/uvm32_target.h
index ecd6345..4439804 100644
--- a/common/uvm32_target.h
+++ b/common/uvm32_target.h
@@ -59,5 +59,11 @@ static uint32_t syscall(uint32_t id, uint32_t param1, uint32_t param2) {
 #define yield()         syscall_cast(UVM32_SYSCALL_YIELD, 0, 0)
 #define printbuf(x, y)  syscall_cast(UVM32_SYSCALL_PRINTBUF, x, y)
 
+extern char _estack;
+
+static void stackprotect(void) {
+    syscall_cast(UVM32_SYSCALL_STACKPROTECT, &_estack, 0);
+}
+
 #include "uvm32_common_custom.h"
 
diff --git a/host/Makefile b/host/Makefile
index 8772ac9..628832e 100644
--- a/host/Makefile
+++ b/host/Makefile
@@ -1,5 +1,5 @@
 all:
-	gcc -Wall -pedantic -std=c99 -O2 -DUVM32_MEMORY_SIZE=65535 -I../uvm32 -I../common -o host ../uvm32/uvm32.c host.c
+	gcc -Wall -Werror -pedantic -std=c99 -O2 -DUVM32_MEMORY_SIZE=65535 -I../uvm32 -I../common -o host ../uvm32/uvm32.c host.c
 
 clean:
 	rm -f host
diff --git a/host/host.c b/host/host.c
index 2912057..2762881 100644
--- a/host/host.c
+++ b/host/host.c
@@ -202,7 +202,7 @@ int main(int argc, char *argv[]) {
                         printf("%c", uvm32_getval(&vmst, &evt, ARG0));
                     break;
                     case UVM32_SYSCALL_PRINTHEX:
-                        printf("%d", uvm32_getval(&vmst, &evt, ARG0));
+                        printf("%08x", uvm32_getval(&vmst, &evt, ARG0));
                     break;
                     case UVM32_SYSCALL_MILLIS: {
                         clock_t now = clock() / (CLOCKS_PER_SEC / 1000);
diff --git a/precompiled/conio.bin b/precompiled/conio.bin
index 9408e452f87ced971a9c29df296b0ff87caaf9f4..19eef29a719ced5f4d6823e1b57925231cfd2bae 100755
GIT binary patch
delta 85
zcmbQnxQtOpoRxt=n3a`#I|l>f<PHsnVg?2VWi>&D_Y4OZKw==iIV(d0Pz~oq8FN{#
Z$s7t`MUy!K7=&Bd!EA_vqnr~9)Bu3I4?+L{

delta 69
zcmZ3+IE_(8Sxu1PJp%*db`A!{Vg?8>XJu#*W@Y7=sADe6IhjL&0VFY*BY;7;l^x86
LC^*V7u|W+0jj0RP

diff --git a/precompiled/fib.bin b/precompiled/fib.bin
index a92bdfd9e535fa7c70320fa7342fac22de2ace47..9d95c6d11e29c3aa485af1a9ee37ad5a117dfe32 100755
GIT binary patch
delta 311
zcmXw#F-ikb5QhJ^`zB^%lQ2RG1Do(Ph>9Tb0Nx};>;rm$Y|tfSyD*j2Uct^%ExbT#
zA$BSXyMjSMG!C0M)y(|!{WHv?|KM-Bb`2Sh>r#&R49k!*fn%ENoerjn*GZ0yPz6l4
zoaO1Kj4jx1Kx_s5y!$P2fSx@u5^KMh>CQQ^s?C1bm|wR)gxj6KwGWLusKM>Dj97w<
zbc-!Pf+l*?ORqB?K`2;xgzvIuu`U-M3$}rpg;F=$10g7+pe`y-&(k-d>I#~@GFkXr
zL!3A7z@@4h>bx<gpQrO{LZtaZVrnp5{qxUEk(cG+OQCCD;`@fyPlbnSOFsP4=g5s|
F{Q+GQT=@V1

delta 265
zcmcb^{D4_oSxu1PJ;MR9?Hmk@#S9QInU#TIGKT{Lh;Poy&>+mpDl?hGV4`%9`Gqbf
z<1Q0MVOB1N_aE+mo7~C5Aj~4dFqwsmA^*et-@>h&49P4hjKZxfAo(xCT`WLx`F|77
z$fygmurW;LRA5NHFq6r+vz0-Zl@q8&{^Mj;7KX_!U;YcTa01oFPZnoXl@MlO1<Erp
zfL-_D{u^Od0ifFWH<M!+rG38%Gcx`MxeFvK%<3uwajyZ`y~3;wOhA>dpzfAMmTOix
W2vpy|1k}$6bkz@#Zzu0yQ~?0vxJUT_

diff --git a/precompiled/helloworld.bin b/precompiled/helloworld.bin
index 9fb626fbce2d58ea8e368e19dbdd1dfc5d52e539..114d6e11ea814a4bb812e72c8d0685c4a779e6aa 100755
GIT binary patch
delta 50
zcmcEV(Gh25U=U_yW!=ufz&N=>gQ1v#fk9bKkl{VU0S1s5h;Poy&;V4!GEqhW0MMrh
APXGV_

delta 34
lcmeaVkx^C?WO&cOz_^`*fw7nY0?b(%8iZL{nJ4Nf003N}1ls@r

diff --git a/precompiled/lissajous.bin b/precompiled/lissajous.bin
index 8d2e57060631b13b65f111e2d67dac2363123e6c..bf74fc092f710466fb8387c0b51e9232b867fe82 100755
GIT binary patch
delta 493
zcmX|;y-wRu6vt0;{gFgsKo;tNkkZ~_TM@Bn0ePiDiD4)i`U0)GbSobZfTc_9)Q&&U
zWriVAO)EN741R%DE<=GnLHh=dmx_^dkzhOLf6w{-|3}x|OZT2W=>cf6e3Un!#z!XX
z0|3=$p<H%#q3wU4?R4dkeRe{=-W{xARfO750xnBX-Xxj51uoH>W2SG7%bU}aayp23
zQ-*SSef*&FAKhdoU`s_nGBseC6I{Ht7?}&$c@cb^{=Li{gnYxNb0^@pFWxNN+mOXt
zi!Hut35)Vya`}k+@bdkE#~bbYv~~|%yucU91;-wM%f2`P`HDOvN%L*gHo>K41uVNt
z#k{?Ny^g)nh>5uwGrAGcb|o=m7!yjO9B1gWnoP`}F@27DCMPy>a^x`UYHas)3~a??
zYQC$}&TgGdMiHC*il~lDXT1cM6lQn{-&vVINYGkgnUdNVk9KM*U8)pv)=!z?hj|}0
z3pKNnh*^Z<1nw6@5g~t#wbvinI3spNbZS+={ho&$SyMb;Yv6~q|0tTOe&XKm5uQ=!
TGXPv2dfH(VXy>A}`d_*Oa{Z=D

delta 477
zcmX|+Jx|;~5QgV&{dGtb$f5~Cy0BndC(epUkZXkQ3`IC3egVo42q6s}mKNLCceat1
z8VaPCL{K0Kw=|KV;3HCc_y;~WsWXd|Y&G-l%=5l;wCn9oQDX|KcQ;0%LE|gnyL#K{
z$}#)q#(c9oSjMW1bzcH5OHe&!xw8%)F<L`rtPiWF)01jENO((zYW#ToPv^h8*<{2P
z%ZTJ^#Bw*f-mw{(j@U&ReI7sG6)r+9@$15kxVE%4`)WfL8WU_`WkOg~FWKFH+}_fs
zeV=P>5DA?gc)BbHq81!y03Q49M&t+b%q%N5P+J3!S~alzArte?D)t8Urj`(EEn#$Z
zMBBB*Og|x%j0&8ga}AkTKNC8SdM>99ath=y`(fzx4Ge6jLuzd|Y3ECmoE?tX+3koL
zxOCo2aY<ojkaF++%zld23d@zu!FaUOQ0Zc=kn?`V%rGwcsM)AlwM48k7ANqqJP;9z
zk5~u&(7_q8E22}o1|If&<jA@b1iA)5+rJcDRS$V^AL1EJJ_*28-`5XXKs(oOKKzmX
E0zYb^NdN!<

diff --git a/precompiled/mandel.bin b/precompiled/mandel.bin
index ea0fd73e8e3de73c17e3942f0c2a2962975ef0f4..f8d0ffd608551c752743b4852bd799af59905af8 100755
GIT binary patch
delta 77
zcmeBSTEiqF&dR_b%*rafor8gKa)$;(F#`j`gy)7rlQ|3+CIjU_d}ft{48n|zjOh(P
T4ifN4&B@7ED9<m-Nnrp04Q~y^

delta 25
gcmZ3()WbAU<T<0j#6J=|9;rDw`3mLvML8)90CX(~#{d8T

diff --git a/precompiled/maze.bin b/precompiled/maze.bin
index d2928457d6258fa44165404227509586dbc3ef7a..ef8446f81bb57c3ec2628c449785a8a864ce65f3 100755
GIT binary patch
literal 772
zcmYjPJ!lj`6#iys<|gi)5}EuJk(^F`F3Ba{v4m@LV61GcEG&XVNEyV!_QKv}RRSU-
zhBO*6c#Vx*ac!>9K*Ul476v&?EF{??M~ITFZ%-mVc+5BNy_xs(z20s>OZl<h0cIa&
za36pfzK8>CWMW%<w+fhhwu$)?-~}!C*A+a~f(?3Mu#JUq_S8$fr#Sg9F7~~CQa@b?
z2cm*Pi4Un<{nm$~4YqeZ*>dUy`ZrkNgkcM<$OcCd;c1hu=Hfhs9#V;tPV}r=nRBSd
z{6e^MtR=;&4Keql3SDVMdg?Qa<F!P)KCMFG1>YUb*l%;?si+H-Y#{PxGSAJ}O>Q4a
zSeLOn{ap+8U<Mb3Nne&GTjVBlhtnHg3##!9gc-ia$<Iyt71s)mJ}03QG^dK3&=nV^
zv<JKF;vgK@*N<IjF%4T5d7bPe+fG=UuQ+^Ui|mJycDEwCGJ;z03;r7gllcO(wuff_
z-IKbDQXxsbx}mVioa0wh(1Ck3j`!3N_=JL1$;n!b*9rGuf|trN+uem)Wr}H;qI%y^
z&e{DrNZ}7PD9;S_aY$#t{7pr?Jm6lrGVO_L+&llaNSxA4Q}D`Vcw(Iy9LDc|+T|O>
zBXgQBR*w91LvWgpKUfrelnH;d!TH!C_s5Eyk2CI%HyoZ_bo^}5;S(&LxomUS_jhLs
zoO-$t3f<ASY7;z9Gem7^8{X0`_)G$pII|sS@0?b>Xm)KzTCTP4v=5^BT%EMJWh`p%
tWVrLy%1+{4Qmrq)QGKACjCSl8{|O`PkaE(9BzDENGdaVtulv(&^#}iW*Wv&G

literal 788
zcmY*XO=wd=5T1Rzn@y7_k=5psV(g~>O-&Oa*E|r4M?vu5p-2xs7V+fmh1d4sK}1#z
zg4l}EoIJ==-Zg<%Pu`T`L3#+79>k<zQff7EHf^yE?9S}`?aVi$M$bVLs#8H2$Xz(1
zg;)skp)JsYgZ2{e@?p@eCp+Cm2cRIpp(A28xcT1J-uAaVZ(BhD(63BU23=_PbdUfe
ztMN+K#7IJV3jZk#q8u80s(IEbaBw8&xn^trz)jVR59#}Ij2Bh5uv-DW((cK3pO5tb
z$GHwM7gOmHQ^Sv#N?qb=W|pdHo2tp{RE^)JYV;08J4HKHsTWkuydg4zz1-&zVEwW@
z0(lXDOw1Wx)Sk%sUITou0#bmboCc^A!T#f*hWC)CK&1`Of*RceIe<1sK(ZppD9VvI
zG+S#w{KXZERyIMG$1v9-aW@30jZdJ~8|eG9r<XT-_2i8|I!Z_(3QiEg6T^C9S!)TZ
znD-hiuzOK=Yyj(sW=)>F*aw;spwAD1zkHQQFLK#Oo%>pVd^`ksc7<rpK&~*XVg7sl
zEdM3FSWYL>Sc8YP%o$!ZF}_y@_k)1?Gw;CQ;GcPG=O4VXWjSMTAjf#vr|=*rc>Me0
z;_gywt&KBd6ldV3ZAK>ub0=z)PL`-UX;V5ys5@1&=yb_)r)`U7h~;K#1ZT|641*9j
zdNq`jUWehT;O>a${%QwgcpWiL9MUc9m!m!mV0O~%VEsv>D|xv8mSUgPliR;f?^d(5
k^F{MG;=mDyov(QQ+bc}dryi0K$kDTZpUB2`;o~jw7gL$zg8%>k

diff --git a/precompiled/rust-hello.bin b/precompiled/rust-hello.bin
index 36a3e90ec3e52cad892b3ff4ed56f558b08b6d69..8828769c2e1fc3a1a4a254e573100cfb501feb25 100755
GIT binary patch
delta 72
zcmb>LXA}`<Wnd6yW#!z?!N54VLxZ81fq`LyJR`?M1!E14$s7g@lYt6Ag6R!F0t!4*
Rb8_-^6w339a#9o-7y!Rg4DJ8`

delta 84
zcmeBYtXEK06J&VLaDZVu2Lod<0|UckHXvqSz+leK&>+nIoPDB+u@3uW4g-eCtPBhw
a1?dey0ttAe=H%q-D3s?H<)kPwFaQAG)ev?7

diff --git a/precompiled/self.bin b/precompiled/self.bin
index cfb0bc0e051dbb1c501ab099b03263f6672ea48a..15a686a6d802aca14b1055d9223904de85722de0 100755
GIT binary patch
literal 5348
zcmaJ_4RBP~bv|$3z8^`;YUPWCO{r0MAYp7%)z4;KPdp>V7IKOW1QR>SbSgZT7*EOo
zjVFjsJ?Y{_yDF#(&L!9-ZbTE17~=7?^J3PWqz;aeL=dsl86#=No<RLTB8IWoDcW5k
zq3w6xN@nqt?#!8c?tS;3d;ZV4JMUH^VHj&NHfgGJDLqF-PJIo1LdS{McrG;U<IIP}
zqO-gv=G?tA<}7<L<}Cd}jkCD9##!{08mIoxYh3LsB*I!q7-2qpOXgNe2=jPMb#y#b
zT5Fo8!f%nN&|;!8Myj%rgxO@Ojxg@$Gl@mXhF@pp?p95vp0fP!ThscIFMqm~nvCR~
z6`#uP3Q~3>$=$c>ai(n;5oHi<rQ=#a!(=&_&fe#EUD*`KvNe15s=&AF_pEI%eQ%_#
z*@e@YMMTVdvhJ-KeeuqkBxKU>)M}D<z7^A#?TjUtHOC<TEt?WVdV@jAsv~LU$*G$l
zXVL4#>&haM`vwEtO;1pArA4kaK`K3u92&trZPTvVPjYU5utylT(od>ipT_;gczvMX
zqA<-U^W`kw8R%bx4f-T|b}D00!dZO9&NNU$rLCf~^a>>#9*KZo@DL_79w%pMIOHq?
zEV>eb3~Vor`NCLq7QGnIW4f8e;Pd2(5YrY$N92=i&lNYkkDTS<h%jQT1LE`0!F3v}
z<803~)5@64ONl=(b%x>%xFc+mJU3=4qYnHo{8&I2tPg>6B_7X1PgerEvwX2${LaBC
z){)+tj`+7(({acttaQZdxB%U~PF{MXiFtzkCRN&muUKraYtRFEIG5}joCA7O@I&2M
z{<j+ZQiFenFhUnEhTxOBv$$D@f9g)%(>m5PXX(FcPW``YstWRV0V=@zZj1Cmi|ra#
z#$J;1^Q0fDA{hxorWlEiD#+DyPVZYqnR#r3!3Uj1mr2ZP0FUF~!-5?m&;#3Uie=W>
z51~gLdeq@dI(#VvUkbsOLi$}=D0$agnht)GcQ<SLJ(`xh2XUck;lP)|G0NNtS_gkf
zs%uX~RBoWmeBAqw6^Zy9O2qGiUJrx6-9G@&jpQGgSmD(Df^Aet_U)+<(5>8&2VX-K
zf&aZWY3sd170JF;mCmb|>}2n%DtU2`WNj{{_f}QPZ;!>~ehd47cUe*Fi>NWvR{2cP
z`SD}~az~t_?^lZLt>o95wJLAg`r$pc{*$T-*&Up#QhCdkos19RT$=p-)*{b3tO;F^
zKfUQsMJ`VM0&{_vhJK(g5pC4PXgjHiyrp&&H2FgR<MP=zqsrW-$?h|C^71iLSXq*Z
z3-=1E5#KNTB}S567w*;jhQh*VA^4)^9QvuP(zWDQ<`<}RJ^7*h9e#9Ve&8eNNpgC}
zBO<*=caHE_r7JT=&QZo!>CT~%i1X@rWGn5RuX4FO^!KSU8$+`5%md2IhWuB~6x8qt
zsoa3&rQRpKH$@r5s!9zMU9(s7FAwC@aDz7c-R(Y2Y9ym6<G7|DNl~&sO8!R^S2z!<
zml}|NTIPG{Od$WJ1nXd%DZBb_m*0BR7S=Xh?!FL%jHbW$!XMOdt0r>hcSZX}4d=<-
zG>G#?LhNrPcl)tmE{5}(s2vD!X_^!tD;9a52zbtEV*7xl_Sch}8Y1RDxg-_Hpv?ZF
zml^}FeH3SZ&JSvcyD!Z8a=@FNHRTINm9QHv|7GL%>I~>ke+TxupTsEgbHdo7M)D-`
zc})dzFbSVb!ylXOlb5YkDw=hb^>I;Nj<zVXsZoYT*UFE~R%KG7jEt^_9U6UmbgnYj
zlDwGv>rCy8j#4QHasQc)GPz>W%Z-ponaJ~rznYzUsb0<t(`q<FaSJgDeR;Vt65GfA
z!5bT(c&?h<+#m&bEo?UO67q+c@bXw2&ykxSM-I1e_FT~$A17tDAYb(t-HtxcZM(`k
zXPT^Y?>omx?lLGdQ7ozv_(Ois^59#^zBIYd91G66W{&SJ3S*#%^AmDkzo}9yu?I1-
z<9{%&D#hZ_N!vN{H@0)=eOt|$OY*kGf3J+SGdZU10AlU`&oR5^1UUw>|A)V~|BuQv
zIPS0dr}_)Hx9AV^cy`+VFqlvK)BQQjuL<xi+6OH+eTkrJ((7TXl$j7C(A)MA$Y&Dk
z*4;FM+&f5IlRUFe6Xrlses`EqgR-ub=P~4O%b$cDS^r~dWDxpjCt<B6e`9_i@F)1X
zu&gEJ{^X@Tpd{Nc+v5lLe#Xy!7~s8(FD&5$jJN%Fus$5@KX((}r)PQhF4k&l7&Zd^
zz&|dIl4sXyfefi5B^jPC$>4PsN-~@;Tm~;c7ww24_%F-Bx?x%LhBV1;_7~Lo#9+vO
z*?NQdaS~(9=kEi2FXL?&1N<Q4J>!r)@EORSaNEa7hT&g%==2%*Wtsky(7nKYqMh@f
z6%tmy2>(KUMa<Tg;#K`%6Ks?sIcnH)%SSUlk*;T6*$&AD3w?xzxE=_Bk9WNNJf8iH
z*Bi`#;~fj;r)9+a2KNtge-5#kE&7q%DQ|$kEgX_j^K0I4u>X`#=BXR@QSL*;4)*n&
z^h4%JFBi}o40z$*i*?q~vedOQ&=+_ii!uf^AzngWK0|VUhIwnk`4bpfZzsSb>*;Oq
z$n&?sBhP;Yet7;X@zOlRP)?IiLat#xd-ga+d}}+-ag6yd!3WQODa^tUY6!`V@7VD>
zz)v)~EYO`fpy|uGS6B<4qKM74js6{@Z}2?XJ5(vZm0J*>$u-CacX{c->$wK@Lw|K#
zh6<}Q0Y2|jNrlzQ`dtw@jO6*;+_F4%cX^&F(ce=kH|A=u(;v8}oPKFfRh8V5n|poF
z%0DaLBcCb%Hqco9E!n%LN^Z{GQg-&<^6xV;+Hynro&mRfPqMcvf;(bmH15Cg`w-s|
zz5ab*MfrD*dy(cIIP1zWD~^2MDD8r+thJ3YS}@V~A=eiwVb8<v_!-!$=bAg-AJhe9
zn&e-xuK6kZXX@pp<aPcD>i0>utH=3W^-mPtd_UXw8s{ObU*&p+`4oQ_t@)zc9?U11
z2j|cw+|%=;0Pkh|?7sx~5ylsm@S}{ky%May8tnh!%zhjD4+QwZOA+iZ;jabz|5@G<
zEvWWFwc;GGe<aL(O=byXugwr@b5M&_E)~>b_D$}WoL=Pg5!83sN#*05Z-d&xJrws0
zxT8m*R>7yPKwmMrpzsH#D>k*F_OzgnPorN!efaUENYK|98)oXlyKkU=K<}p><UZ3`
zG)3G`;N2rQhltu0K@Y&^ppSnNPsNeD$C|tqza@X}SeH{5)o^#0Ymc%ni|(U5o}G4g
z1oLV4*<gN+du;iQQP|36+K2_%>y%j(=<Be5(w{OXMW+dT;iSKP^p8x7dw!Lkz}p4(
zI5-($c@%Wy<yL6wCFlu#p*KE4VpBYbKj*a}^q@bjoRt%_x;gKtbUV|XQt0tO2Y6d|
zhWmWfSz*<|*5eW9U={Pxm8nNR#QjXez#RWa)^5G8N@p4#@}iu|g}8?=_3Ud7&(_nD
z-Y$dJ!3Q~a@!p_sN52l8rTyI_DfE*Gl}bfi3pEh6z*#;PnYlmg>_VTIUDzQ|f464W
zoRoWw5c>n(wh>`AX<o<AVZ#XC3E%74nyo&bnG0IrTkSgWp#1(si0xNyJ8u`>aDCyK
zT3-F1%Gfr;bM*npehvL6{N>$jsm`|jTG)jl){Q@A{TFf*^ws)+xNRx9b^&^@gIW-;
zZE6x`ZH)Uag?#5<&YjGB)>p0kiyQNm&T?Nvp9I_Gs-ait9=;jnIsu=@C}Sr0?kD{)
z*BZPz`V9C{TQS+!!FCAVgUU#h{wv6Subba`%$sx6`Xcyyh|kTw_b^W5T?U=j;GM+p
z+P168!28R@Tb1AJ*)<1b#2|eM-kx=M8!g_c;Y=ua!{R&p8TNGYyWd%6d=c^T5c5y?
zeRa#TPjA_{`I{T-p8LD!<kOos^V*Y-yZ5%WtXtQ%dd=#V8|UlSwKPBS_42jHTOMy)
z_eenNvva)m)VdqjzSR6k+Y?`Z;^F4U9=qX=N58tdwVd9USFdkbx4QYUwujfOYboR9
zv-Ky|H?Id*<!74LwLVck$Cigzt$DI#-O9(-JVh7r?mGwg1>m=UEa2b5*8!#OhI!$0
z-|f$RzwLALrJtMMhxvNM)Ej`=drkm94R{am0pRWkB{~7y0IyV+;0W-IHr4>o1Ndww
z#(jVj6*v!g5AXq?00>u7q7LvZU>jfuAOYwE90I%wI8sH4%YX=IcVYY*#$ABpfcpUZ
z0EYmxyf8lu%**WFp8+r5JG*}RChMa&SwDZ1_3Ta7r*5)t!#?HwT*N-YS_JR`@C|@j
zc{T!n1;FyW7o)^^Kmib`f$jhg03HQw06Y)q0<drWAOGPMo%)>=pC}gjeZ%iXys@<m
zd>6S-6ZV<Y>V^AVp>H2k$@@{0Ye~Knst{2fqcl}D>K{WGc`phuDI_|~X}Pg4>>5Q)
zp6kQA9P13WNnUq%$gM6mi}&7a@}lns|0BBLu;zCBP8V(c<Qls|3Zue3h~-JpnmJqg
z-%dpDsPKp1zAB7^H?G?+-|i2G@^J%wpJBxKKS92e|EJU!2mhl4|9w6B&CQ#)*0pc_
I_U4WBzu@9F{{R30

literal 5044
zcmZ`-Z){Y@wLf?7-(4@e3lnUorP%c~w&M_<UvAQk-Y2`*HL3Vl2Qcjy6OF0!Dl6o@
zG+v$*<t<&j>!y_CWg^0BlR{H!M^#m|x=9yRZEAx5@S3Q}2e9dvnr4lcS5?7@%<dYD
z_x<KB4hv6Q>1fW(oS8Z2%$eVuxpu>9x=N&^EmEGP(#I6#YWm}1(Qa5BvFi^-?7IJo
z*tK6?ZEtJ~+s)qy+nfG5>?q$LrnM<d*D!u`O?oZGnK2p>gM-bbw$>`4Da8Crm<1vv
z0xiUhRznPGbZbm)qS5~;f3Z{H$!;_Ain*+A`2ME{s8vrq@c5_vsGo$@Lj1-1)u^0X
z*O!D&bbv+`Zw`ZQ&GS*OY!?=h)c?Tz%pybI?R8#$s?^_tzMAE99g);MQF|t$!nQ<x
zTSR?8i6kC46IPoKg%izfVc5UAFHWR3>Lkos;zpkA+G}Ljy+g8Hm_+>5Nso6@*C_Ed
zlN|FJiBuKYG>vt7mK|f9_<iG^4Aa-r&%*C4WBp>Z0eUM+kr@-Kq+akZ!O!rePFLq=
zmeMB0?fL~P-AHkfGK+T80wo&TgU}Z`Xe6>xvYRxY-3+Q*2*L(ApCa|b7~=0u`n>t|
z!JwS?>U_^NIhN^>&*d1_mGV+9ZOHXXI=IOT6vZ4&Gl*ZBGlX6%b-K!6ue4c?E9o%{
zUo24h+S2yS(BzWzgW8!2W~$BQC~RS7D(DVghJW56H#OZV^}rt85Ge!kV9GtY2|aEg
zwp6uQm;TTYZyI#h5OX?WO-0P9cGHup-SBTJ`c?F+cI{79d(&?e={Ip$Cmsku--y(A
zR&8vjbd~47Ci~4<VpWY;J4=ZXlkAg-KiFcQf?sRTXs|&`)VFDf0Sz$#9S*680abla
zQ4<fI@u?dR`4Su3eCk7rFY(YB#Jef|rhERYh*0`LqUb~LPr$(b>{nQ@0x>@r6v2Iz
z{t|TfK}Fp4|6EBlYQ&GE6lS(i=9O%VeR2VM1f(zWYU5!)GpdLmoI}iw`I(70+B9n=
zHjMdUOTgYZW+fWhEBI4s;y<|@N^H;q{Q7u^SDKIqubCmp1;w0Uu~@oj*UbhKP3=Lu
z`Fw!ow-ENClI09bwGU%X&Cf#ysSR2M8!#+xNq)>?14+uPH|nAxiaX|6oUyf(`R+&!
z8;DY7jj`S_{}*e)cB@5YyJI9`d6NxXQ}~d%jXzxo3ga1tADyn{ALk5V%oG3K^uxkv
zLI3pEQ4;zdPBe~bOx=t<?zIpbO6Ev*owPM`G`r3oUJMHJuxh_0OHH+ZA<K5vKJ~Aw
z>|ZVh4^U*C$mQ|}=1+Wv`FuP%{V!O@mpL|lU35>A$WNNCiI{vV<(&hOnk+ijIVCe^
zE{g6(<@5fZr^pHU715o>UW_V<h7e_X^SP*um)9DxCzIAntn|gDz0VjtX?~G^r(nTG
z6?R0hzLELS^k-sEry^pP75MfAU=+F8Nt_Wq&MG^}85l0r_v95;IpOi#Feo}#EP8T#
zpmQ##uz?9v9BUxQ7$es>PwIvwsl!PU#@V8q%n|DzS&8Kci%lwynFk)2IKR+MpEvlC
zkpR<MfS)6OXS=cf3(paI?oncUfvW-iY1W-57K09J8_Cg60Vi7@Q8x_YJbzN;SFCNq
zns@j=tWIIHws7rY7yrBQxG<=Nhc50(SGKkaE7Bs8l@Y$C`f*|HB>r*1m#!}PN(@<R
z+*Fk!&z00Cor7%y)5JAn4XZ5KWY<ptv*W8*`rPEV<(Xd=d(srec@^EAikln8{$>Bu
zoy$==A0{`JCy%cJ=5)UXTs7kk+MMhhInRv%k9A6$mx@kb9)8+POg&q4)IQ96q7bdd
znBAQUv#hvtP*=ESQM6DjGQ<e{XFBFA{D&CWuPbt_qhEu+E*F_PUc~qXUO8@v<kujB
zb5a1dH@5pdTyI{m?54LZyZ*ez%r6jM_pN7zz7u<(0l)tyarO<I(UrXd?wlvNufRMH
zchpAUH?T+I4%RuHSwCJ7h6=uCF|%d7fU=m`CCi!R%s#KaoOymchx*O(_)b^iUP26u
zq!BOq4*ouDlzg9^#(IbsV0v@|;xP%E_3<Kq0l03`yo_s<zRXf~0(&g=xXii{GqD)r
zVJBrSWhY9wnPL(%%VW(o{z8eQA@%*(<Bv)H#NRxASn@NMJbps*H6?z^lb^YV{>v-+
zJ985xrhZEt^UFAKzCDHWFn-$(W2$7w^B1u1H18OQ6KTi3+&{4H??gVYcxM;3NDPqn
zBt}xiLn(zBxW8%Amsw+;mipQ8oYeb@$G<H3nXJd3lzdGV_IqbX#+(}~z_*C&Jal@h
zfLO(uy@fN0VeA3c6Zsh8$MlI*zQ{E_zz!A^R^3F7rQyu=k=iswe6MctPnPI5#+Yl%
zF~&_AD)jikJtoVZ58Pp|{=WNLul_y{SY5C;&X47=PxHkL75?N-$i5T*!-LjNcgmAL
zm(i?qcgTebm)tqoS2LM0tO+;g%{Srcf}G0pnLb`AV`k+HM|ElihWVTr&ROLMV#sL2
z__HV#toI&tL|OA5bd>co&{5XUKp$Bj6;)LveZZ$of?jQ~=Z`4SH}fuZLD};z^pN#G
z2&?cu3*m0)U2jI$BUcC=tro|d$Q?STsK2s+RXeGVLOA0)B{tz+L5$Ak&f^Stx{GA;
z{+09P;SbIR&c!IVE`Ajlg;)v~#ZdL9BAE+A$G7EtiH5@g{z;*-48y)yj$tL4u>f$c
zOlD}^|CiA!_*~(>vU%2*%V3Q)xBG@_%KM;01)nYNx4vB7e@h38UnxY&=BO)|Ni=9d
ztP#51Z`I$~KPJ~G>mS-s-tY8Xkg??OOXfcb6WH&={bs_?R>2S^@IP3vu%ADZI8l;q
zeI!#bZ({%6lx?izTG5GJkY{PRge5i0PM^$uXRepVc>Izl+nI-~SHHnbnd8j{AoqsH
zH%Pvw#5YO4=XI~WS@I`-?C~2t`5)bqhh8-$zIHYU`TzFXH+k~M`T9^n#0p_%;@lt0
zYREY(nRAO{r-@B>BIh*XZf*h?fja>Dis`hBi3*XAk|>-jvOd#tvsH@SFl)*DS|lfM
zFVvh6W&}7=Sb&crd|lx)Ij^{~1$WP8<m4&b0k|LP?pq~u8=>#>?uD!K;osx_AeLIy
z<YE7t3nb5+EAMcbi+XoK&yPjnAhGJl$h~4Iat^F_L|jDOsBUw=@)7d4>L1v(zmmRw
z(b1*Pdx}nnEN7OT=e+u|v)`-VlzBD(mfTxizLjuy8kG6d@G={ex%SMB%+m06Ht1pW
zjm*G>>vApuUrGF8rivVPAt-G_{uyAeorb=hz&O)#Vll<dW=ULm4E`EJPTCt-u^Dsx
zP~whA#jr-rl0c4&dBC6ep`6=3wHTCd7u1iifYf8hhx}#Jm&P51_hJz5LdDhJCN_w-
z<ou3b9GHLU&(ZsV2N=uz{wDrP)+hZ~?nB4Fh`ZT;%ZD$$FZ5?_`TWCE(B~#{L+sm2
zc?OJ;`ef$Jzm)Dav$2HF1&p`6yhSA8tN9(Dd3zj^7>n3J$s>j@F*1((R^~T&`;6!k
zzlw>GLCDW6%lDJe<KFuXdcPsxMsf}NO|w~~I-BJ<$arrvl*{%;yt6i~y!Cn(g{~tW
z@qR-Nf$<|es3ZS7B;O?p-X#jg_`G)p`b%%I@N4odY}e^{V|O&epEq|u{nV3B_xA7a
zt$p@Cp5;&W_Y=|XJ=>gzdpf$hdbaP_-f?GrS64?{`!~zmwsmal>1xNYvT?GlyX(%j
zueP=KJn_vZHn(lvdWY<m-P=3M$3DJ&S4Y?OwyiyzcXV}>&G~uz6T8}WL96mHZC#yD
z5dC@;#oq!Q1|0{T2K8&V>D*oQ(Yxv&-BrJISAG7j`V#69#O*=Q$~w62<3~WRf?fyJ
z2Pys-Xcuy-CX{<Yy`UzG;*Wq@LH*EiE6Tl~BYunpy$(7B8U=j-x&mqmU@lNAXbWg3
zs2}uQNfodcbP=={REsqp0TrM_JIY<4eX@=|sn0W@CGcBON_|$^pT9@@&^_8;y+`}W
zd$j-Z9_^>^(LQ!p`zh3a4>|`r4muyE_$;UZ3PxZz=rPb1&_2-fAQ>y(zYH3smH$-o
z?AZ;6D0;0}#J?x+UB%3KC5>1_{)_zo!Uy7ek2*{pm=lRdU6!mQ{%4<`g;bQ>5MkV5
zk~CmY2xO2CxVX%FM>Iz-D*V!jCjWN`Nq8f>N00iPaIuY@f49{Qedzrwb2LqH2LGzE
zo^iY*4*LX3yp<%*-H;et8e94=#X{@-nW?jjOh0*NyLJ5j%#<&Wyep2pD<c1S$#L>u
ZmRgVhHn;F&%l`iU1GTXO|K8tA{|7<XcsT$7

diff --git a/precompiled/sketch.bin b/precompiled/sketch.bin
index b950f6f3c73a0117076a2ddf49bfec84606a8344..df58077dc709c921c10763abb4cbeef710505fec 100755
GIT binary patch
literal 168
zcmWe<Wnd6yW#!(^!N54VLxZ81fq_9;O_1R|g98gl48-5g&d|WT)SYWGQ0-(62e2A*
zR)z+kKCa0e24Fr&UYK2!L3z=0E@9K94CxI(a~T=`gY<&TQ(nZ*_5Q>B-^miJ49yA$
cL2`^BH6S~LLFR&RhXmNH{15a00<A>>0E`JBSO5S3

delta 100
zcmZ3%ID;`pSxu1PJwpS_b`A!{Vg?A<&d$)lywsg@GAjeaWDW-gkhnQ3LxV6YE9Ybm
p127*XFU&5=puFlihp_2VhV%vo24P0V{~)~}GnH4db4<*!0RZ0|6jJ~I

diff --git a/precompiled/zigtris.bin b/precompiled/zigtris.bin
index a648f9542a49cbec3552023abc329d90ee08fd35..385901bae7f9b65b226a01ee4c30f410196cbef1 100755
GIT binary patch
delta 1280
zcmZ8hU1%It6h3!m@9a-@vp;utlT@X)vp;Q`(3Dc<VPg`s+fvg$l|qn$fqk%ukb(vR
zDjirSNilX>PNhnsFJ_zC=4D;ic_@WQjRY-8n_5r`8nQ_@VxbXQi4VG-*&T~GaL;$o
zch5QZoO{om37t*pEZQ;*AUH2u9$+}W3*H2P^Zo3L3r90au(F_|F~2I5K4=jDufa=i
zXv7I_IBO@CF3k3a9p&Ed)**5jJ+zD-riLXg2B7T*u#OOW_Q*1Jv(MNfuCNTrXC+$>
zNZUz{NSPgrmqGwlz3*j=ahAKtBSJY%nYo<U>x=k<q>-&(M(^g+eXhtVlkk?DW1nD`
z>oCnnTxXbxTXi|YKX!ZgInl&TY*k)wS8k|@??Fx72X)u`ptetfnz$yZsq0cB#j`c1
z;v&u}d%YdnL8{f|l5kB?Sp_|A3SAm^TWq(a9i=6|f7MC=pl=g|54Z@N2lR&+Hium5
zReny+7FO|;S7kMv@McIZc=z-_K*M-21iCC2^eP&9bqMApdt13+tkc>$>CDkLNZ%kG
z<fOTV++33{XF;AZAYYgVbrySk`wp0bXBF#RI^hojW^Uv2gf&c=8QjcwX8r2b17_n~
z=eG9qGW*vKr+w+pS`PU0nr+Q(YwmAY!ei?&MH?Hd{nw+k<-5s(wVa33rG&uVL><TP
z{J+wXe;JrzOL($bWw%jpeugdMRP$b9ZV___H|vZ)XfxeGn;8t+Ht*D#Sz_+u?cnxw
zC7-0?QU(<}5BXFRlhb3B#(iA_`SK{JJFnYC$3y#$)#Pjz#PAb_T!+d^VL`;GTa%Qw
z!P_ZqiovN{IoPGhg|V85l|h^+L%x%dPsm+?@*htR<6`JOwan@8agyJJdr7(?={7T;
z{ML;hW}(Et0*dR=sJVrrNO&+ZLpBd1djjUr<}Z_tp5YZth;;04^nEQM9|RHiu|}IJ
z_i#{@+LnY80%3UJ5<Ri1KDS?Myrdd-L?_v3X(5_ptcV@)w^^}tCH|`X9H3&KwgO^Q
zffl*`{(9{Tqw1zGu}!0HJh`pQv*W!G=o|k34dQ;Ju@WY}RNQ&Il|3o(OqB)tT0!^3
zL4Vi=`eXdFTRSrmZ7{9G>NF_9`d91)y@_Tw2z`Wq^)z&Y^Z@A}Ir>e)AnA7rIpJHh
zPOlkWbo_oIp8f?eO&B5UB0fy`DIw{vK*TXzAoS3}9YR0h0HGcD5jol$qGR_np}j$h
j&`WsC;ZG6T2~QK+{#MD`^N2<JUI6{K0jkUPalU^502zP<

delta 1203
zcmZ8gU1%It6h3!n?`&o>oBf&HZT_So(<IciB(;<&gtP(O){;IHix4DWVG9KbBo7t}
zDj8WPtFWCIZ$Tw_(CRjd2$4ay&^~Oak&10>q(Y&^CTY{u2WcPj&=<FUcV`sqz&+o5
z=YHqhd(NDhvsuYzGwEUW-OP!BuBVk8*}_>`Gt?p4W)PjC7so944DJMbuP)D2hm!&M
z?Q!K00;UeFh<0WsnUx{3b`n*N!27|G6>*Gx!LExfHUQfnl6EY#9kx_|zgmBP7_#8$
zP=xmA-)xr^lQFTX<k_6K5os2q;Xd$Ec#^q7=hBw=rxD_=(a2q~OMN5s<0bKlx?QUU
z6)cFV+NbqeFX8UtFcVKyldX&P2tvKNNQG(4I*Kh_UlXHROXNIvm0WpEyseq6CO*>!
zVDD(X!yCeJHpa<Tl(PLmIQD~as)pndO4+%Oz5C!S;G5u^;G}d--xGZLo^l~a%Dh8`
z@)DU}idUk0_PGYnsg-xoowG4F|M2S_mD9L|!`;H}oNk`qH~n#fXw$Af*~`CY|LDZU
zXwU9io_L2P)m*B%?kj1lav0f)#oB)(JiYM>i`ViEoD7~Id5CF?-}OJx#H+D+wk#%^
z%;$dbQ`l#X3}^XPo;LWqDZhWY6|vCN2i+=kHv-*MU6<lb&*(bhQg<vabtEruPX_ta
zXLKLdb=A0e_}4&prmkz?og#*jK^Yd7!HesKE;O#&K_i!_(A~(Cp5nT><7YCvzaizq
z6q%iuWJ8}%?7?RmO|)fpqIjq|=9SkoDdl2KloD+il&=!EVc$z0hrN|N2-}?MfgMV1
zLpMfJ^UVFo=#9DKkMGX<#q)Ks-{{HwC8CQV!B3EpjWT~S)tll?!)sYK)C3uhMt&jH
zy_Wxr)WlGFmO0*?be^#VF_e9aEqIr+uPf}SXm4#}vtoa%g#nys?QiHpuV^Ac_D%hN
z3%(z)t|j637CVnOvkfmZu*qV(n#tbEkbSF#>{X!+T9aqez9*a|dkjnFl+Wh}$!-LG
z3ycE)JmB-w;OI5IA8-#C2fqU3z?0a=0MZLV+)wc1m!@;T6tDySB+vzdzeb@zcoEou
zjYXgid>JSc-$kH2un_2$f%1SXPy-GI{t=+O@HwE2pZ8i0JYwnoL9%a;pe`8`JbwcU
C25vV1

diff --git a/uvm32/uvm32.c b/uvm32/uvm32.c
index eee6fc8..6215f09 100644
--- a/uvm32/uvm32.c
+++ b/uvm32/uvm32.c
@@ -10,6 +10,9 @@
 // On an invalid operation, an error is set in uvm32_state_t, but a valid pointer still needs to be temporarily used
 static uint32_t garbage;
 
+// magic value for stack canary
+#define STACK_CANARY_VALUE 0x42
+
 #ifndef UVM32_MEMCPY
 #define UVM32_MEMCPY uvm32_memcpy
 void uvm32_memcpy(void *dst, const void *src, int len) {
@@ -84,6 +87,8 @@ bool uvm32_load(uvm32_state_t *vmst, const uint8_t *rom, int len) {
     }
 
     UVM32_MEMCPY(vmst->memory, rom, len);
+    vmst->stack_canary = (uint8_t *)UVM32_NULL;
+    
     return true;
 }
 
@@ -135,6 +140,12 @@ void uvm32_clearError(uvm32_state_t *vmst) {
 uint32_t uvm32_run(uvm32_state_t *vmst, uvm32_evt_t *evt, uint32_t instr_meter) {
     uint32_t num_instr = 0;
 
+    if (vmst->stack_canary != UVM32_NULL && *vmst->stack_canary != STACK_CANARY_VALUE) {
+        setStatusErr(vmst, UVM32_ERR_STACKOVERFLOW);
+        setup_err_evt(vmst, evt);
+        return num_instr;
+    }
+
     if (vmst->status != UVM32_STATUS_PAUSED) {
         setStatusErr(vmst, UVM32_ERR_NOTREADY);
         setup_err_evt(vmst, evt);
@@ -163,6 +174,25 @@ uint32_t uvm32_run(uvm32_state_t *vmst, uvm32_evt_t *evt, uint32_t instr_meter)
                     vmst->ioevt.typ = UVM32_EVT_YIELD;
                     setStatus(vmst, UVM32_STATUS_PAUSED);
                 break;
+                case UVM32_SYSCALL_STACKPROTECT: {
+                    // don't allow errant code to change it once set
+                    if (vmst->stack_canary == (uint8_t *)UVM32_NULL) {
+                        uint32_t param0 = vmst->core.regs[10];
+                        uint32_t mem_offset = param0 - MINIRV32_RAM_IMAGE_OFFSET;
+
+                        // check data fits in ram
+                        if (mem_offset > UVM32_MEMORY_SIZE) {
+                            setStatusErr(vmst, UVM32_ERR_STACKOVERFLOW);
+                            setup_err_evt(vmst, evt);
+                        }
+                        // check canary is inside valid memory
+                        if (mem_offset < UVM32_MEMORY_SIZE) {
+                            // set canary
+                            vmst->stack_canary = &vmst->memory[mem_offset];
+                            *vmst->stack_canary = STACK_CANARY_VALUE;
+                        }
+                    }
+                } break;
                 default:
                     // user defined syscalls
                     vmst->ioevt.typ = UVM32_EVT_SYSCALL;
diff --git a/uvm32/uvm32.h b/uvm32/uvm32.h
index a3eec88..588e761 100644
--- a/uvm32/uvm32.h
+++ b/uvm32/uvm32.h
@@ -15,6 +15,7 @@
     X(UVM32_ERR_INTERNAL_CORE) \
     X(UVM32_ERR_INTERNAL_STATE) \
     X(UVM32_ERR_ARGS) \
+    X(UVM32_ERR_STACKOVERFLOW) \
 
 #define X(name) name,
 typedef enum {
@@ -69,6 +70,7 @@ typedef struct {
     struct MiniRV32IMAState core;
     uint8_t memory[UVM32_MEMORY_SIZE];
     uvm32_evt_t ioevt; // for building up in callbacks
+    uint8_t *stack_canary;
 } uvm32_state_t;
 
 void uvm32_init(uvm32_state_t *vmst);