Techniques and computing devices for mitigating return-oriented programming (ROP) attacks are described. A hardened stack and an unhardened stack are provided. The hardened stack can include indications of return addresses while the unhardened stack can include all other memory allocations. A stack hardening instruction can be inserted before unhardened instructions (e.g., instructions that are themselves not authorized to access the hardened stack). The stack hardening instruction determines whether the unhardened instruction accessed memory outside the unhardened stack and generates a fault based on the determination. A register can be provided to include an indication of an address span of the unsafe stack. The stack hardening instruction can determine whether the unhardened instruction accessed a memory location outside the address range specified in the register and generate a fault accordingly.