Go: An error in link, load, and library: about the call stack

An error in link, load, and library: about the call stack

According to the original description made a PPT:

Each time the push instruction is executed, ESP will be reduced by 4 (because the stack is growing to a low address), and ESP will add 4 per pop.

directive: Push A

directive: Push B

Instructions:

1. Push the next specified address (that is, return address) of the current instruction of the main method to the stack.

2. Invoke the target function body using the call directive.

directive: pushes the current value of EBP to the stack, which is saved EBP.

directive: Assigning the value of ESP to EBP means that it enters the call stack of the Foo method.

directive: Push C

Directive: Pop C

directive: Assigning the value of EBP to ESP means that the top of the stack is restored when Foo is called. (This sentence is not very different from before, specifically not understand?) After pop esp nature and ebp like, know people can give answer? ）

Picture Ibid.

Instruction: Assigns the value of the top of the stack to EBP (pop ESP), which restores the stack bottom of the main call stack. (The original is the pop ebp, which I think is a clerical error)

directive: RET, according to the location of the ESP, that is, the top of the stack to get the return address previously retained, continue to execute.

If you need access to those parameters in the Foo method, then you need to access the high address after the value in the current EBP, because the high address is the call stack for the main method. That is, the address EBP + 8 stores the 1th parameter of the Foo method, and the address EBP + 12 stores the 2nd parameter of the Foo method, and so on. So what does the address EBP + 4 store? It holds the address of the main method instruction that will continue to execute after the Foo method returns.

The following is the original////////////////////////////////////

In Saturday, the old classmates gathered and grabbed the programmer's self-accomplishment--link, load and library--on the road before going out. Since Wuhan Bowen Publishing house Zhou Yun teacher gave me this book, I basically haven't seen much. The first feeling of the book is the "title Party", the main title of the big, although after interpretation is not incomprehensible, but still do not like. But the book is still a good book, has been read more than half, and basically will find a way to recommend in the near future. But now I would like to dwell on not recommending relevant topics (such as Who to look at, how to see, what to look at together, etc.), but to point out that the book has not been included in the "Erratum" error: P288 talk about the call stack, text description and mapping problems.

What is the call stack? The "stack" here is not quite the same as the "stack" of data structures we are talking about. The "stack" in the data structure is an advanced container, in which we often use overlapping plates for analogy. And the "stack" in the computer system is a kind of memory area with similar behavior, each time "presses" goes in and "bounces" comes out is the data. This area of memory is "formed" or "used" when the CPU makes a process call. Unlike "methods" and "functions" in a common high-level language, the "process" here is not a high-level abstraction, it is a concept that the CPU can recognize, and it calls its own call instruction to respond to it.

So what is the pattern of this "stack"? It is an area extended from high address to low address, using EBP and ESP as the stack bottom and top of the call stack for a single procedure:

         0xffffffff|                       | |                       |  High Address |                       |           ...|                       ||                       | -------------------------|                       ||                       |  Call stack for previous procedure |                       | -------------------------  <--Current ebp (bottom) | | |                       |  Call stack for current procedure |                       | -------------------------  <--current ESP (stack top) |           | | | ...|                       ||                       |  Low Address |                       |        0x00000000

The above is the memory address in the 32-bit architecture. Each time the push instruction is executed, ESP will be reduced by 4 (because the stack is growing to a low address), and ESP will add 4 per pop. When the method main needs to call Foo, its standard form is:

1. In the call stack of the main method, push the parameters of Foo to the stack.
2. Push the next specified address (that is, return address) of the current instruction of the main method to the stack.
3. Invokes the target function body using the call directive.

Note that the above 3 steps are in the call stack of main, where EBP saves its stack, while ESP saves its stack top. The standard form of the body in the Foo method is:

1. Push the current value of EBP to the stack, which is saved EBP.
2. Assigning the value of ESP to EBP means that the call stack for the Foo method is entered.
3. The rest is to save (push) The values of some registers as needed, or the temporary variables needed in the calculation.

After the Foo method call is complete, the previous phase of the inverse operation is performed:

1. Restores (POPs) the values of some registers.
2. Assigning the value of EBP to ESP means that the top of the stack is restored when Foo is called.
3. Assigns the value of the top of the stack to EBP (pop ebp), which restores the stack bottom of the main call stack.
4. RET, according to the location of the ESP, that is, the top of the stack to get the return address previously reserved, continue execution.

Visible, the main method first put the parameters required by the Foo method into the stack, and then change the EBP to enter the Foo method call stack. Therefore, if you need access to those parameters in the Foo method, then you need to access the high address after the value in the current EBP-because the high address is the call stack for the main method. That is, the address EBP + 8 stores the 1th parameter of the Foo method, and the address EBP + 12 stores the 2nd parameter of the Foo method, and so on. So what does the address EBP + 4 store? It holds the address of the main method instruction that will continue to execute after the Foo method returns. There is such a picture in the famous Csapp, which shows all this in detail:

Unfortunately, P228 in the book is written like this:

Data after the parameter (including parameters) even though the active record of the current function, the EBP is fixed in the position shown in the figure, does not vary with the execution of the function, instead, esp always points to the top of the stack, so as the function executes, the ESP will change continuously. The fixed EBP can be used to locate the individual data of the function activity record. Before EBP the first is the return address of this function, its address is ebp-4, and then forward is pressed into the stack of parameters, their addresses are ebp-8, ebp-12, depending on the number and size of the parameters are determined ...

Although the description in the book is correct, the EBP + 4,EBP + 8,EBP + 12 addresses have been wrongly written as ebp-4,ebp-8,ebp-12. I think this may be because the stack is "from high address to low address expansion", at this time "before" should be "plus" instead of "minus" the sake of it. This does not quite accord with people "from small to large" counting habits, a momentary negligence prone to mistakes. In addition, I think there seems to be some problems with this piece of the book--at least not quite properly. As follows:

In this picture, the EBP's pointer points to the old (saved) EBP and return address, so what is the value of the EBP addresses? correctly, the EBP address should be kept in the old Ebp, that is, the "value" in this image is from the high address to the low address-this is not natural. And more prone to ambiguity, the ESP pointer points to the bottom of the entire activity record, which gives the impression that if you talk about the value of the "ESP" Address saved, you should get to "high address" (because "low address" is gone). This has a contradiction with EBP. Perhaps because of this, I always feel a bit awkward when I look at this picture, although I can certainly interpret EBP as "down" value, but always think of the ebp down "to break", so that it and the direction of ESP "feel" to maintain unity. So what better way to do that? Personally, the most unlikely way to create ambiguity is like Csapp (the previous image), pointing the pointer directly to a memory "block" instead of a "boundary".

Finally there is a "problem", that is, "Stack Frame", that is, the book's "activity record" of what the scope is. In Csapp, a stack frame is the area of memory that starts from EBP to the scope of the ESP, but the link book considers it to start with the parameters of the method invocation to ESP. This distinction can be seen from the above two pictures. I don't know what's right or wrong, but it's clearly written in the book, so it's definitely not negligence. I wonder if the difference between "genres" is caused

Although there is such a small problem in link, load and library, his flaws is still a rare and practical technical book in China. Moreover, the author of the book "Yu Jiazi" is the 2006 in the study of the "classmate"--so I often say, there are always some cattle people make me ashamed. This is really not a false remark.

Go: An error in link, load, and library: about the call stack