In software, a shadow stack is a mechanism for maintaining control-flow integrity by mitigating return address overwrites such as those seen during exploitation of a stack buffer overflow. The technique is to first keep a record of the legitimate return address for some function call, and then to check that the return address is still correct before returning. This can be accomplished by adding additional instructions to function calls and function epilogues: on calls, store the legitimate return address (that is, the address of the instruction after the call), and on returns, check before actually returning. A stack buffer overflow would be adequate to overwrite the return address on the stack, but not the shadow stack's record of the return address. If the return address and the shadow return address differ, the check inserted before the return instruction will fail; the usual action in such cases is to crash the program, and in some cases alert administrators to the possibility of an intrusion attempt.
The technique can be implemented with hardware assistance, by a compiler, or at runtime.