"Research on the principle of Coredump" Linux version x86 7.5 section map Object

Let's look at an example:

  1 #include <map>  2   3 int main ()  4 {  5     std::map<int,int> iMap;  6   7     imap[5] = 6;  8     imap[8] =;  9     imap[2] =     0; 12}

Look at the assembly:

(GDB) disassemble maindump of assembler code for function main:0x080486e4 <+0>:p ush%ebp 0x080486e5 <+1&gt ;: mov%esp,%ebp 0x080486e7 <+3>:and $0xfffffff0,%esp 0x080486ea <+6>:p ush%esi 0x080486eb <+7 >:p ush%ebx 0x080486ec <+8>:sub $0x48,%esp 0x080486ef <+11>:lea 0x1c (%ESP),%eax 0x080486f3 &L    T;+15>:mov%eax, (%ESP) 0x080486f6 <+18>:call 0x80487b6 <_ZNSt3mapIiiSt4lessIiESaISt4pairIKiiEEEC2Ev> 0X080486FB <+23>:movl $0x5,0x34 (%esp) 0x08048703 <+31>:lea 0x34 (%ESP),%eax 0x08048707 <+35>: mov%eax,0x4 (%esp) 0x0804870b <+39>:lea 0x1c (%ESP),%eax 0x0804870f <+43>:mov%eax, (%ESP) 0x0804 8712 <+46>:call 0x8048830 <_ZNSt3mapIiiSt4lessIiESaISt4pairIKiiEEEixERS3_> 0x08048717 &LT;+51&GT;:MOVL $ 0x6, (%eax) 0x0804871d <+57>:movl $0x8,0x38 (%esp) 0x08048725 <+65>:lea 0x38 (%ESP),%eax 0x08048729 &L T;+69>:mov%eax,0x4 (%ESP) 0x0804872d <+73>:lea 0x1c (%ESP),%eax 0x08048731 <+77>:mov%eax, (%ESP) 0x08048734 &LT;+80&G   T;:call 0x8048830 <_ZNSt3mapIiiSt4lessIiESaISt4pairIKiiEEEixERS3_> 0x08048739 <+85>:movl $0x14, (%EAX) 0x0804873f <+91>:movl $0x2,0x3c (%esp) 0x08048747 <+99>:lea 0x3c (%ESP),%eax 0x0804874b <+103>:mo V%eax,0x4 (%ESP) 0x0804874f <+107>:lea 0x1c (%ESP),%eax 0x08048753 <+111>:mov%eax, (%ESP) 0x0804 8756 <+114>:call 0x8048830 <_ZNSt3mapIiiSt4lessIiESaISt4pairIKiiEEEixERS3_> 0x0804875b <+119>: Movl $0x50, (%eax) 0x08048761 <+125>:mov $0x0,%ebx 0x08048766 <+130>:lea 0x1c (%ESP),%eax 0x080487 6a <+134>:mov%eax, (%ESP) 0x0804876d <+137>:call 0x80487a2 <_znst3mapiiist4lessiiesaist4pairikiieeed 2ev> 0x08048772 <+142>:mov%ebx,%eax 0x08048774 <+144>:add $0x48,%esp 0x08048777 <+147>:p Op%ebx 0x08048778 <+148>:p op%esi 0x08048779 <+149>:mov%ebp,%esp 0x0804877b <+151>:p op%ebp 0x0804877c <+152& Gt;:ret 0x0804877d <+153>:mov%edx,%ebx 0x0804877f <+155>:mov%eax,%esi 0x08048781 <+157&gt ;: Lea 0x1c (%ESP),%eax 0x08048785 <+161>:mov%eax, (%ESP) 0x08048788 <+164>:call 0x80487a2 <_znst 3mapiiist4lessiiesaist4pairikiieeed2ev> 0x0804878d <+169>:mov%esi,%eax 0x0804878f <+171>:mov%eb X,%edx 0x08048791 <+173>:mov%eax, (%ESP) 0x08048794 <+176>:call 0x804861c <[email protected]& Gt End of assembler dump.

As can be seen by 0x080486f6, esp+0x1c is the this pointer to map.

At 0x080486f6, 0x08048712,0x08048734, 0x08048756, 0x0804876d break point:

(GDB) b *0x080486f6breakpoint 1 at 0X80486F6 (GDB) b *0x08048712breakpoint 2 at 0x8048712 (GDB) b *0x08048734breakpoint 3 at 0x8048734 (GDB) b *0x08048756breakpoint 4 at 0x8048756 (GDB) b *0x0804876dbreakpoint 5 at 0x804876d

First look at the changes in map before and after calling the constructor:

(GDB) rstarting Program:/HOME/XUZHINA/CODE/S3/XUZHINA_DUMP_C07_S3 Breakpoint 1, 0x080486f6 in Main () (GDB) x/8x $esp +0x1 c0xbffff2bc:0x080485680x008702b80x0804b3c40xbffff2f80xbffff2cc:0x080496590x028ea5500x080484120x00000000 (GDB) NI0X080486FB in Main () (GDB) x/8x $esp +0x1c0xbffff2bc:0x080485680x000000000x000000000xbffff2c00xbffff2cc:0 xbffff2c00x000000000x080484120x00000000

Refer to Bits/stl_map.h, bits/stl_tree.h inside _rb_tree_node_base, _rb_tree_node, _rb_tree, _rb_tree_impl, map

The head node is initialized to

{_m_key_compare = 0x08048568,_m_color = 0x00000000,_m_parent = 0x00000000,_m_left = 0xbffff2c0,_m_right = 0xbffff2c0,_M_ Node_count = 0x00000000,}

Take a look at how the map will become when it is placed in the first element.

(GDB) Ccontinuing.breakpoint 2, 0x08048712 in Main () (GDB) ni0x08048717 in Main () (GDB) ni0x0804871d in Main () (GDB) x/8x $esp +0x1c0xbffff2bc:0x080485680x000000000x0804c0080x0804c0080xbffff2cc:0 x0804c0080x000000010x000000050x00000000 (GDB) x/8x 0x0804c0080x804c008:0 X000000010xbffff2c00x000000000x000000000x804c018:0x000000050x000000060x000000000x00020fe1

You can see the values for the head node and the first node as follows:

Head node	First node
{ _m_key_compare = 0x08048568, _m_color = 0x00000000, _m_parent = 0x0804c008, _m_left = 0x0804c008, _m_right = 0x0804c008, _m_node_count = 0x00000001, }	{ _m_color = 0x00000001, _m_parent = 0xbffff2c0, _m_left = 0x00000000, _m_right = 0x00000000, _m_value_field.first = 0x00000005, _m_value_field.second =0x00000006 }

Continue to explore, you can draw a bunch of such data

(gdb) x/8x $esp +0x1c0xbffff2bc:0x080485680x000000000x0804c0080x0804c0480xbffff2cc:0 x0804c0280x000000030x000000050x00000008 (GDB) x/8x 0x0804c0080x804c008:0 x000000010xbffff2c00x0804c0480x0804c0280x804c018:0x000000050x000000060x000000000x00000021 (GDB) x/8x 0x0804c0480x804c048:0x000000000x0804c0080x000000000x000000000x804c058:0x000000020x000000500x000000000x00020fa1 (GDB) x/8x 0x0804c0280x804c028:0x000000000x0804c0080x000000000x000000000x804c038:0 x000000080x000000140x000000000x00000021

The graph indicates the following

The characteristics of the map can be derived from the above:

1. The map object has five members _m_node_count indicate how many elements map has, three pointers to the leftmost node in the tree, the root node of the tree, the right node of the tree, _m_color indicates whether it is a mangrove or a black tree, _m_key_compare points to a comparison function

2. The _m_parent of the root node of the tree points to the head node

3. The values of each node follow the _m_right

"Research on the principle of Coredump" Linux version x86 7.5 section map Object