有人可以指出我正确的方向为什么这个mov指令会导致段错误?这是核心文件加载到gdb ...时的样子......
(gdb) x/8i $rip-4
0x198f6f79: nop
0x198f6f7a: nop
0x198f6f7b: nop
0x198f6f7c: nop
=> 0x198f6f7d: mov DWORD PTR ds:0x401bb410,0x2a
0x198f6f88: mov r8d,DWORD PTR ds:0x401bb4b4
0x198f6f90: movsd xmm7,QWORD PTR [r8+0x30]
0x198f6f96: cvttsd2si eax,xmm7
0x401bb410似乎是一个有效的地址
(gdb) x/1w 0x401bb410
0x401bb410: 0x00000022
(gdb) x/1wd 0x401bb410
0x401bb410: 34
DS设置为零
(gdb) i r
rax 0xc 12
rbx 0x4125bf70 1092992880
rcx 0x4125c1c0 1092993472
rdx 0x9 9
rsi 0x4125bf70 1092992880
rdi 0xfffffffb411f0580 -20382284416
rbp 0x8 0x8
rsp 0x7ffc4acc78f0 0x7ffc4acc78f0
r8 0x426bf980 1114372480
r9 0x10 16
r10 0x10 16
r11 0x51ad0c 5352716
r12 0x426bf980 1114372480
r13 0x7fade525af58 140384850521944
r14 0x8 8
r15 0xc 12
rip 0x198f6f7d 0x198f6f7d
eflags 0x10297 [ CF PF AF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
$ rip中的地址似乎被标记为CODE,所以应该没有NX,对吗?
(gdb) maintenance info sections
Core file:
`/root/core_1478876914_15894', file type elf64-x86-64.
...
[17] 0x198e0000->0x19900000 at 0x00853000: load5 ALLOC LOAD READONLY CODE HAS_CONTENTS
我错过了一些明显的东西吗? ngx_http_lua_run_thread
调用lua_resume(orig_coctx->co, nrets)
将执行传递给使用-fomit-frame-pointer
编译的LuaJIT
(gdb) bt
#0 0x00000000198f6f7d in ?? ()
#1 0x0000000040d90798 in ?? ()
#2 0x000000000051c7b1 in lj_vm_inshook ()
#3 0x00000000004daada in ngx_http_lua_run_thread (L=0xfffffffb411f0580, L@entry=0x401bb378, r=0x4125bf70, r@entry=0x7fade4f03710, ctx=0x9, ctx@entry=0x7fade525af30, nrets=0)
at ../modules/lua-nginx-module/src/ngx_http_lua_util.c:1005
...
使用openresty-gdb-utils给我LuaJIT跟踪号
(gdb) ltracebymcode $rip
(GCtrace*)0x431168b8 (trace #42)
machine code start addr: 0x198f6f7d
machine code end addr: 0x198f7155
并转储跟踪的IR代码(我根本不了解)
(gdb) lir 42
(GCtrace*)0x431168b8
IR count: 36
---- TRACE 42 start 3/? mymodules_handlers.lua:97
---- TRACE 42 IR
.... SNAP #0 [ ---- ]
0001 rax > int SLOAD #7 CRI
0002 > int LE 0001 +2147483646
0003 rbp int SLOAD #6 CI
0004 r12 > tab SLOAD #2 T
0005 int FLOAD 0004 tab.hmask
0006 > int EQ 0005 +15
0007 r11 p32 FLOAD 0004 tab.node
0008 > p32 HREFK 0007 "features" @6
0009 rdx > tab HLOAD 0008
0010 rsi int FLOAD 0009 tab.asize
0011 > int ULE 0010 0003
0012 xmm0 num CONV 0003 num.int
0013 r10 p32 HREF 0009 0012
0014 > tru HLOAD 0013
0015 r9 > tab SLOAD #3 T
0016 int FLOAD 0015 tab.asize
0017 > p32 ABC 0016 0001
0018 rcx p32 FLOAD 0015 tab.array
0019 p32 AREF 0018 0003
0020 > fun ALOAD 0019
0021 > tab SLOAD #1 T
0022 > fun EQ 0020 mymodules_features.lua:208
0023 rbp + int ADD 0003 +1
.... SNAP #1 [ ---- ---- ---- ---- ---- true ]
0024 > int LE 0023 0001
.... SNAP #2 [ ---- ---- ---- ---- ---- true 0023 0001 ---- 0023 ]
0025 ------------ LOOP ------------
0026 > int UGE 0023 0010
0027 xmm7 num CONV 0023 num.int
0028 rbx p32 HREF 0009 0027
0029 > tru HLOAD 0028
0030 p32 AREF 0018 0023
0031 > fun ALOAD 0030
0032 > fun EQ 0031 mymodules_features.lua:208
0033 rbp + int ADD 0023 +1
.... SNAP #3 [ ---- ---- ---- ---- ---- true ]
0034 > int LE 0033 0001
0035 rbp int PHI 0023 0033
任何建议都受到高度赞赏,可以提供更多信息,我已经被这样的段错误困住了好几天。
非常感谢冠军!