我是内嵌汇编的新手。我有以下带有内嵌汇编的C
函数,我只是想查看push %%rbp
和mov %%rsp, %%rbp
是否正常运行。我的函数如下:
test_inlineAssemblyFunction(){
u64 base, rsp, base1, rsp1;
asm volatile(
"mov %%rbp, %0 \n"
"mov %%rsp, %1 \n"
"push %%rbp \n"
"mov %%rbp, %2 \n"
"mov %%rsp, %%rbp \n" <--- this line is causing the problem
"mov %%rbp, %3 \n"
:"=r"(base), "=r"(rsp),"=r"(base1), "=r"(rsp1)
:
: "rax","rbx","rsp"
);
printf("Before: Base register %x\n", base);
printf("Before: stack pointer register %x\n", rsp);
printf("After: (Should be same as previous )Base register %x\n", base1);
printf("After: (Actually %rsp-8)Base register %x\n", rsp1);
}
输出:
Before: Base register ee050e50
Before: stack pointer register ee050e20
After: (Should be same as previous )Base register ee050e50
After: (Actually %rsp-8)Base register ee050e18
Segmentation fault (core dumped)
从输出信息看,所有的打印语句都输出了期望的结果。但是接下来出现了“段错误(Segmentation Fault)”。如果我的理解正确,“段错误”会在尝试读取或写入非法内存位置时发生。因此,在我的情况下,“mov %%rsp, %%rbp \n”导致了“段错误”,这意味着我不能从用户空间读取“rsp”。更新:正如@ Kuba没有忘记Monica所建议的那样,以下是“test_inlineAssemblyFunction”函数的反汇编代码。
(gdb) disas test_inlineAssemblyFunction
Dump of assembler code for function test_inlineAssemblyFunction:
0x0000000000007366 <+0>: push %rbp
0x0000000000007367 <+1>: mov %rsp,%rbp
0x000000000000736a <+4>: push %rbx
0x000000000000736b <+5>: sub $0x28,%rsp
0x000000000000736f <+9>: mov %rbp,%rdi
0x0000000000007372 <+12>: mov %rsp,%rsi
0x0000000000007375 <+15>: push %rbp
0x0000000000007376 <+16>: mov %rbp,%rcx
0x0000000000007379 <+19>: mov %rsp,%rbp
0x000000000000737c <+22>: mov %rax,%rdx
0x000000000000737f <+25>: mov %rdi,-0x30(%rbp)
0x0000000000007383 <+29>: mov %rsi,-0x28(%rbp)
0x0000000000007387 <+33>: mov %rcx,-0x20(%rbp)
0x000000000000738b <+37>: mov %rdx,-0x18(%rbp)
0x000000000000738f <+41>: mov -0x30(%rbp),%rax
0x0000000000007393 <+45>: mov %rax,%rsi
0x0000000000007396 <+48>: lea 0x275ab(%rip),%rdi # 0x2e948
0x000000000000739d <+55>: mov $0x0,%eax
0x00000000000073a2 <+60>: callq 0x5570 <printf@plt>
0x00000000000073a7 <+65>: mov -0x28(%rbp),%rax
0x00000000000073ab <+69>: mov %rax,%rsi
0x00000000000073ae <+72>: lea 0x275b3(%rip),%rdi # 0x2e968
0x00000000000073b5 <+79>: mov $0x0,%eax
0x00000000000073ba <+84>: callq 0x5570 <printf@plt>
0x00000000000073bf <+89>: mov -0x20(%rbp),%rax
0x00000000000073c3 <+93>: mov %rax,%rsi
0x00000000000073c6 <+96>: lea 0x275c3(%rip),%rdi # 0x2e990
0x00000000000073cd <+103>: mov $0x0,%eax
0x00000000000073d2 <+108>: callq 0x5570 <printf@plt>
0x00000000000073d7 <+113>: mov -0x18(%rbp),%rax
0x00000000000073db <+117>: mov %rax,%rsi
0x00000000000073de <+120>: lea 0x275e3(%rip),%rdi # 0x2e9c8
0x00000000000073e5 <+127>: mov $0x0,%eax
0x00000000000073ea <+132>: callq 0x5570 <printf@plt>
0x00000000000073ef <+137>: nop
0x00000000000073f0 <+138>: mov -0x8(%rbp),%rbx
0x00000000000073f4 <+142>: leaveq
0x00000000000073f5 <+143>: retq
End of assembler dump.
(gdb)
rsp
是没有问题的,但在内联汇编中修改rbp
而不使用 clobber 是不安全的。在 x86-64 内联汇编中将数据推入栈中也不安全,因为存在红色区域。而且,在栈上保留东西并使栈指针处于不同位置是绝对不安全的(clobberrsp
也无济于事)。 - Nate Eldredge=r
和=m
两种方式。=m
导致堆栈溢出,而=r
导致分段错误。 - user45698746rbp
? - user45698746