分配堆栈帧时$ ebp + 8值更改

时间:2016-11-29 23:15:29

标签: assembly x86 abi

分配堆栈帧的sub $0x10, %esp似乎改变了$ebp + 8的值。它从0x...018更改为0x...818

 (gdb) disas
Dump of assembler code for function place:
   0x0804b019 <+0>: push   %ebp
   0x0804b01a <+1>: mov    %esp,%ebp
=> 0x0804b01c <+3>: sub    $0x10,%esp
   0x0804b01f <+6>: mov    0x8(%ebp),%eax
   0x0804b022 <+9>: sub    $0x4,%eax
 (gdb) x $ebp+8
0xbfffed70: 0xb6a0c018
 (gdb) si
 (gdb) disas
   0x0804b019 <+0>: push   %ebp
   0x0804b01a <+1>: mov    %esp,%ebp
   0x0804b01c <+3>: sub    $0x10,%esp
=> 0x0804b01f <+6>: mov    0x8(%ebp),%eax
   0x0804b022 <+9>: sub    $0x4,%eax
   0x0804b025 <+12>:    mov    (%eax),%eax
 (gdb) x $ebp+8
0xbfffed70: 0xb6a0c818
 (gdb) x $esp
0xbfffed58: 0xb6a0c018

堆栈增长到递减地址(从$esp vs $ebp的值可以看出)。因此,分配堆栈帧不会覆盖$ebp+8的值。

可能的原因是什么?

编辑:我在0xbfffed70添加了观察点(固定地址为$ ebp + 8)。但是,0xbfffed70值的变化不会触发观察点。

(gdb) si

Hardware watchpoint 12: *0xbfffed70

Old value = 1024
New value = -1230979048
0x0804b21e in mm_malloc (size=2040) at mm.c:380
380    place(bp, asize);
(gdb) si
place (bp=0xb6a0c018, asize=2048) at mm.c:297
297 
(gdb) disas
Dump of assembler code for function place:
=> 0x0804b019 <+0>: push   %ebp
   0x0804b01a <+1>: mov    %esp,%ebp
   0x0804b01c <+3>: sub    $0x10,%esp
   0x0804b01f <+6>: mov    0x8(%ebp),%eax
   0x0804b022 <+9>: sub    $0x4,%eax
   0x0804b025 <+12>:    mov    (%eax),%eax
   0x0804b027 <+14>:    and    $0xfffffff8,%eax
   0x0804b02a <+17>:    mov    %eax,-0x4(%ebp)
   0x0804b02d <+20>:    pushl  0x8(%ebp)
   0x0804b030 <+23>:    call   0x804af5e <remove_free_block>
   0x0804b035 <+28>:    add    $0x4,%esp
   0x0804b038 <+31>:    mov    -0x4(%ebp),%eax
   0x0804b03b <+34>:    sub    0xc(%ebp),%eax
   0x0804b03e <+37>:    cmp    $0xf,%eax
   0x0804b041 <+40>:    jbe    0x804b0a5 <place+140>
   0x0804b043 <+42>:    mov    0x8(%ebp),%eax
   0x0804b046 <+45>:    sub    $0x4,%eax
   0x0804b049 <+48>:    mov    0xc(%ebp),%edx
   0x0804b04c <+51>:    or     $0x1,%edx
   0x0804b04f <+54>:    mov    %edx,(%eax)
   0x0804b051 <+56>:    mov    0x8(%ebp),%eax
   0x0804b054 <+59>:    sub    $0x4,%eax
   0x0804b057 <+62>:    mov    (%eax),%eax
   0x0804b059 <+64>:    and    $0xfffffff8,%eax
   0x0804b05c <+67>:    lea    -0x8(%eax),%edx
   0x0804b05f <+70>:    mov    0x8(%ebp),%eax
   0x0804b062 <+73>:    add    %edx,%eax
   0x0804b064 <+75>:    mov    0xc(%ebp),%edx
   0x0804b067 <+78>:    or     $0x1,%edx
   0x0804b06a <+81>:    mov    %edx,(%eax)
   0x0804b06c <+83>:    mov    0x8(%ebp),%eax
   0x0804b06f <+86>:    sub    $0x4,%eax
   0x0804b072 <+89>:    mov    (%eax),%eax
   0x0804b074 <+91>:    and    $0xfffffff8,%eax
   0x0804b077 <+94>:    add    %eax,0x8(%ebp)
   0x0804b07a <+97>:    mov    0x8(%ebp),%eax
   0x0804b07d <+100>:   lea    -0x4(%eax),%edx
   0x0804b080 <+103>:   mov    -0x4(%ebp),%eax
   0x0804b083 <+106>:   sub    0xc(%ebp),%eax
   0x0804b086 <+109>:   mov    %eax,(%edx)
   0x0804b088 <+111>:   mov    0x8(%ebp),%eax
   0x0804b08b <+114>:   sub    $0x4,%eax
   0x0804b08e <+117>:   mov    (%eax),%eax
   0x0804b090 <+119>:   and    $0xfffffff8,%eax
   0x0804b093 <+122>:   lea    -0x8(%eax),%edx
   0x0804b096 <+125>:   mov    0x8(%ebp),%eax
   0x0804b099 <+128>:   add    %eax,%edx
   0x0804b09b <+130>:   mov    -0x4(%ebp),%eax
   0x0804b09e <+133>:   sub    0xc(%ebp),%eax
   0x0804b0a1 <+136>:   mov    %eax,(%edx)
   0x0804b0a3 <+138>:   jmp    0x804b0ce <place+181>
   0x0804b0a5 <+140>:   mov    0x8(%ebp),%eax
   0x0804b0a8 <+143>:   sub    $0x4,%eax
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) si
0x0804b01a  297 
(gdb) si
0x0804b01c  297 
(gdb) disas
Dump of assembler code for function place:
   0x0804b019 <+0>: push   %ebp
   0x0804b01a <+1>: mov    %esp,%ebp
=> 0x0804b01c <+3>: sub    $0x10,%esp
   0x0804b01f <+6>: mov    0x8(%ebp),%eax
   0x0804b022 <+9>: sub    $0x4,%eax
   0x0804b025 <+12>:    mov    (%eax),%eax
   0x0804b027 <+14>:    and    $0xfffffff8,%eax
   0x0804b02a <+17>:    mov    %eax,-0x4(%ebp)
   0x0804b02d <+20>:    pushl  0x8(%ebp)
   0x0804b030 <+23>:    call   0x804af5e <remove_free_block>
   0x0804b035 <+28>:    add    $0x4,%esp
   0x0804b038 <+31>:    mov    -0x4(%ebp),%eax
   0x0804b03b <+34>:    sub    0xc(%ebp),%eax
   0x0804b03e <+37>:    cmp    $0xf,%eax
   0x0804b041 <+40>:    jbe    0x804b0a5 <place+140>
   0x0804b043 <+42>:    mov    0x8(%ebp),%eax
   0x0804b046 <+45>:    sub    $0x4,%eax
   0x0804b049 <+48>:    mov    0xc(%ebp),%edx
   0x0804b04c <+51>:    or     $0x1,%edx
   0x0804b04f <+54>:    mov    %edx,(%eax)
   0x0804b051 <+56>:    mov    0x8(%ebp),%eax
   0x0804b054 <+59>:    sub    $0x4,%eax
   0x0804b057 <+62>:    mov    (%eax),%eax
   0x0804b059 <+64>:    and    $0xfffffff8,%eax
   0x0804b05c <+67>:    lea    -0x8(%eax),%edx
   0x0804b05f <+70>:    mov    0x8(%ebp),%eax
   0x0804b062 <+73>:    add    %edx,%eax
   0x0804b064 <+75>:    mov    0xc(%ebp),%edx
   0x0804b067 <+78>:    or     $0x1,%edx
   0x0804b06a <+81>:    mov    %edx,(%eax)
   0x0804b06c <+83>:    mov    0x8(%ebp),%eax
   0x0804b06f <+86>:    sub    $0x4,%eax
   0x0804b072 <+89>:    mov    (%eax),%eax
   0x0804b074 <+91>:    and    $0xfffffff8,%eax
   0x0804b077 <+94>:    add    %eax,0x8(%ebp)
   0x0804b07a <+97>:    mov    0x8(%ebp),%eax
   0x0804b07d <+100>:   lea    -0x4(%eax),%edx
   0x0804b080 <+103>:   mov    -0x4(%ebp),%eax
   0x0804b083 <+106>:   sub    0xc(%ebp),%eax
   0x0804b086 <+109>:   mov    %eax,(%edx)
   0x0804b088 <+111>:   mov    0x8(%ebp),%eax
   0x0804b08b <+114>:   sub    $0x4,%eax
   0x0804b08e <+117>:   mov    (%eax),%eax
   0x0804b090 <+119>:   and    $0xfffffff8,%eax
   0x0804b093 <+122>:   lea    -0x8(%eax),%edx
   0x0804b096 <+125>:   mov    0x8(%ebp),%eax
   0x0804b099 <+128>:   add    %eax,%edx
   0x0804b09b <+130>:   mov    -0x4(%ebp),%eax
   0x0804b09e <+133>:   sub    0xc(%ebp),%eax
   0x0804b0a1 <+136>:   mov    %eax,(%edx)
   0x0804b0a3 <+138>:   jmp    0x804b0ce <place+181>
   0x0804b0a5 <+140>:   mov    0x8(%ebp),%eax
   0x0804b0a8 <+143>:   sub    $0x4,%eax
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) si

Breakpoint 7, place (bp=0xb6a0c818, asize=2048) at mm.c:298
298    size_t csize = GET_SIZE(HDRP(bp));
(gdb) x $ebp
0xbfffed68: 0xbfffed98
(gdb) x $ebp+8
0xbfffed70: 0xb6a0c818
(gdb) x $ebp+0x8
0xbfffed70: 0xb6a0c818
(gdb) si
0x0804b022  298    size_t csize = GET_SIZE(HDRP(bp));
(gdb) si
0x0804b025  298    size_t csize = GET_SIZE(HDRP(bp));
(gdb) 

编辑2:表现出奇怪行为的功能

static void place(void *bp, size_t asize)
{
    size_t csize = GET_SIZE(HDRP(bp));

    remove_free_block(bp);

    if ((csize - asize) >= (2 * DSIZE))
    {
        PUT(HDRP(bp), PACK(asize, 1));
        PUT(FTRP(bp), PACK(asize, 1));
        bp = NEXT_BLKP(bp);
        PUT(HDRP(bp), PACK(csize - asize, 0));
        PUT(FTRP(bp), PACK(csize - asize, 0));
    }
    else
    {
        PUT(HDRP(bp), PACK(csize, 1));
        PUT(FTRP(bp), PACK(csize, 1));
    }
}

0 个答案:

没有答案