分配堆栈帧的sub $0x10, %esp
似乎改变了$ebp + 8
的值。它从0x...018
更改为0x...818
。
(gdb) disas
Dump of assembler code for function place:
0x0804b019 <+0>: push %ebp
0x0804b01a <+1>: mov %esp,%ebp
=> 0x0804b01c <+3>: sub $0x10,%esp
0x0804b01f <+6>: mov 0x8(%ebp),%eax
0x0804b022 <+9>: sub $0x4,%eax
(gdb) x $ebp+8
0xbfffed70: 0xb6a0c018
(gdb) si
(gdb) disas
0x0804b019 <+0>: push %ebp
0x0804b01a <+1>: mov %esp,%ebp
0x0804b01c <+3>: sub $0x10,%esp
=> 0x0804b01f <+6>: mov 0x8(%ebp),%eax
0x0804b022 <+9>: sub $0x4,%eax
0x0804b025 <+12>: mov (%eax),%eax
(gdb) x $ebp+8
0xbfffed70: 0xb6a0c818
(gdb) x $esp
0xbfffed58: 0xb6a0c018
堆栈增长到递减地址(从$esp
vs $ebp
的值可以看出)。因此,分配堆栈帧不会覆盖$ebp+8
的值。
可能的原因是什么?
编辑:我在0xbfffed70添加了观察点(固定地址为$ ebp + 8)。但是,0xbfffed70值的变化不会触发观察点。
(gdb) si
Hardware watchpoint 12: *0xbfffed70
Old value = 1024
New value = -1230979048
0x0804b21e in mm_malloc (size=2040) at mm.c:380
380 place(bp, asize);
(gdb) si
place (bp=0xb6a0c018, asize=2048) at mm.c:297
297
(gdb) disas
Dump of assembler code for function place:
=> 0x0804b019 <+0>: push %ebp
0x0804b01a <+1>: mov %esp,%ebp
0x0804b01c <+3>: sub $0x10,%esp
0x0804b01f <+6>: mov 0x8(%ebp),%eax
0x0804b022 <+9>: sub $0x4,%eax
0x0804b025 <+12>: mov (%eax),%eax
0x0804b027 <+14>: and $0xfffffff8,%eax
0x0804b02a <+17>: mov %eax,-0x4(%ebp)
0x0804b02d <+20>: pushl 0x8(%ebp)
0x0804b030 <+23>: call 0x804af5e <remove_free_block>
0x0804b035 <+28>: add $0x4,%esp
0x0804b038 <+31>: mov -0x4(%ebp),%eax
0x0804b03b <+34>: sub 0xc(%ebp),%eax
0x0804b03e <+37>: cmp $0xf,%eax
0x0804b041 <+40>: jbe 0x804b0a5 <place+140>
0x0804b043 <+42>: mov 0x8(%ebp),%eax
0x0804b046 <+45>: sub $0x4,%eax
0x0804b049 <+48>: mov 0xc(%ebp),%edx
0x0804b04c <+51>: or $0x1,%edx
0x0804b04f <+54>: mov %edx,(%eax)
0x0804b051 <+56>: mov 0x8(%ebp),%eax
0x0804b054 <+59>: sub $0x4,%eax
0x0804b057 <+62>: mov (%eax),%eax
0x0804b059 <+64>: and $0xfffffff8,%eax
0x0804b05c <+67>: lea -0x8(%eax),%edx
0x0804b05f <+70>: mov 0x8(%ebp),%eax
0x0804b062 <+73>: add %edx,%eax
0x0804b064 <+75>: mov 0xc(%ebp),%edx
0x0804b067 <+78>: or $0x1,%edx
0x0804b06a <+81>: mov %edx,(%eax)
0x0804b06c <+83>: mov 0x8(%ebp),%eax
0x0804b06f <+86>: sub $0x4,%eax
0x0804b072 <+89>: mov (%eax),%eax
0x0804b074 <+91>: and $0xfffffff8,%eax
0x0804b077 <+94>: add %eax,0x8(%ebp)
0x0804b07a <+97>: mov 0x8(%ebp),%eax
0x0804b07d <+100>: lea -0x4(%eax),%edx
0x0804b080 <+103>: mov -0x4(%ebp),%eax
0x0804b083 <+106>: sub 0xc(%ebp),%eax
0x0804b086 <+109>: mov %eax,(%edx)
0x0804b088 <+111>: mov 0x8(%ebp),%eax
0x0804b08b <+114>: sub $0x4,%eax
0x0804b08e <+117>: mov (%eax),%eax
0x0804b090 <+119>: and $0xfffffff8,%eax
0x0804b093 <+122>: lea -0x8(%eax),%edx
0x0804b096 <+125>: mov 0x8(%ebp),%eax
0x0804b099 <+128>: add %eax,%edx
0x0804b09b <+130>: mov -0x4(%ebp),%eax
0x0804b09e <+133>: sub 0xc(%ebp),%eax
0x0804b0a1 <+136>: mov %eax,(%edx)
0x0804b0a3 <+138>: jmp 0x804b0ce <place+181>
0x0804b0a5 <+140>: mov 0x8(%ebp),%eax
0x0804b0a8 <+143>: sub $0x4,%eax
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) si
0x0804b01a 297
(gdb) si
0x0804b01c 297
(gdb) disas
Dump of assembler code for function place:
0x0804b019 <+0>: push %ebp
0x0804b01a <+1>: mov %esp,%ebp
=> 0x0804b01c <+3>: sub $0x10,%esp
0x0804b01f <+6>: mov 0x8(%ebp),%eax
0x0804b022 <+9>: sub $0x4,%eax
0x0804b025 <+12>: mov (%eax),%eax
0x0804b027 <+14>: and $0xfffffff8,%eax
0x0804b02a <+17>: mov %eax,-0x4(%ebp)
0x0804b02d <+20>: pushl 0x8(%ebp)
0x0804b030 <+23>: call 0x804af5e <remove_free_block>
0x0804b035 <+28>: add $0x4,%esp
0x0804b038 <+31>: mov -0x4(%ebp),%eax
0x0804b03b <+34>: sub 0xc(%ebp),%eax
0x0804b03e <+37>: cmp $0xf,%eax
0x0804b041 <+40>: jbe 0x804b0a5 <place+140>
0x0804b043 <+42>: mov 0x8(%ebp),%eax
0x0804b046 <+45>: sub $0x4,%eax
0x0804b049 <+48>: mov 0xc(%ebp),%edx
0x0804b04c <+51>: or $0x1,%edx
0x0804b04f <+54>: mov %edx,(%eax)
0x0804b051 <+56>: mov 0x8(%ebp),%eax
0x0804b054 <+59>: sub $0x4,%eax
0x0804b057 <+62>: mov (%eax),%eax
0x0804b059 <+64>: and $0xfffffff8,%eax
0x0804b05c <+67>: lea -0x8(%eax),%edx
0x0804b05f <+70>: mov 0x8(%ebp),%eax
0x0804b062 <+73>: add %edx,%eax
0x0804b064 <+75>: mov 0xc(%ebp),%edx
0x0804b067 <+78>: or $0x1,%edx
0x0804b06a <+81>: mov %edx,(%eax)
0x0804b06c <+83>: mov 0x8(%ebp),%eax
0x0804b06f <+86>: sub $0x4,%eax
0x0804b072 <+89>: mov (%eax),%eax
0x0804b074 <+91>: and $0xfffffff8,%eax
0x0804b077 <+94>: add %eax,0x8(%ebp)
0x0804b07a <+97>: mov 0x8(%ebp),%eax
0x0804b07d <+100>: lea -0x4(%eax),%edx
0x0804b080 <+103>: mov -0x4(%ebp),%eax
0x0804b083 <+106>: sub 0xc(%ebp),%eax
0x0804b086 <+109>: mov %eax,(%edx)
0x0804b088 <+111>: mov 0x8(%ebp),%eax
0x0804b08b <+114>: sub $0x4,%eax
0x0804b08e <+117>: mov (%eax),%eax
0x0804b090 <+119>: and $0xfffffff8,%eax
0x0804b093 <+122>: lea -0x8(%eax),%edx
0x0804b096 <+125>: mov 0x8(%ebp),%eax
0x0804b099 <+128>: add %eax,%edx
0x0804b09b <+130>: mov -0x4(%ebp),%eax
0x0804b09e <+133>: sub 0xc(%ebp),%eax
0x0804b0a1 <+136>: mov %eax,(%edx)
0x0804b0a3 <+138>: jmp 0x804b0ce <place+181>
0x0804b0a5 <+140>: mov 0x8(%ebp),%eax
0x0804b0a8 <+143>: sub $0x4,%eax
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) si
Breakpoint 7, place (bp=0xb6a0c818, asize=2048) at mm.c:298
298 size_t csize = GET_SIZE(HDRP(bp));
(gdb) x $ebp
0xbfffed68: 0xbfffed98
(gdb) x $ebp+8
0xbfffed70: 0xb6a0c818
(gdb) x $ebp+0x8
0xbfffed70: 0xb6a0c818
(gdb) si
0x0804b022 298 size_t csize = GET_SIZE(HDRP(bp));
(gdb) si
0x0804b025 298 size_t csize = GET_SIZE(HDRP(bp));
(gdb)
编辑2:表现出奇怪行为的功能
static void place(void *bp, size_t asize)
{
size_t csize = GET_SIZE(HDRP(bp));
remove_free_block(bp);
if ((csize - asize) >= (2 * DSIZE))
{
PUT(HDRP(bp), PACK(asize, 1));
PUT(FTRP(bp), PACK(asize, 1));
bp = NEXT_BLKP(bp);
PUT(HDRP(bp), PACK(csize - asize, 0));
PUT(FTRP(bp), PACK(csize - asize, 0));
}
else
{
PUT(HDRP(bp), PACK(csize, 1));
PUT(FTRP(bp), PACK(csize, 1));
}
}