Preface: This article is designed to allow people without compilation based calling convention can understand, and to understand the function calling convention the most important thing is to understand what is happening on the system stack during a function call, this is the focus here.
What is the function calling convention
Function calling convention, means that when a function is called, the function parameters are passed to the called function and the return value is returned to the calling function. Calling convention is to describe the function parameter passing is how and by whom the balance of the stack, and of course the return value. -"Baidu Encyclopedia"
Function calling convention, literally, this is a protocol to follow when a function is called, should be followed specification, then who is going to follow it? translater. The so-called function calling convention refers to the function is called when a series of events, including forwarded the order parameters onto the stack, control and so on. Of which the most important is the message change stack, system stack is the function of the record. We can even narrow understanding is a function calling convention that is when a function is called, the system is how to change the stack.
Additional knowledge (there are basic skippable)
Stack
A stack of a linear table. Can only be inserted in one end of the stack (stack push) and delete (pop pop) operation, which is called the stack end; the other end opposite thereto, it is called the bottom of the stack, not allowing any operation .
Imagine an array of analog linear form, the elements one by one, and the period of operation is limited, the other end can not carry out any operation. What can you expect? See this might think, the initiative to think more benefit.
Yes, we can draw the following stack space so that: one open end of the stack, the stack is enclosed bottom section. So the question is, bottom of the stack is clear that we can easily see that, but the top of the stack it? How do we define the top of the stack? The problem for us to solve their predecessors, they used the top position mark stack pointer, and the top pointer with push and pop operations and dynamic updates.
Obviously these two figures graphically expressed what is the stack, and when the stack is push operation, top is how to update, and you can pop analogy.
Push:
1. to adjust the top of the stack: top shifted up one unit, one unit of reserved space, to prepare an element stack, while updating the stack
2.PUSH: top pointer do preparatory work, the element stack, filling the space reserved , the stack is complete.POP:
1.POP: pointing to the top of the stack elements of pop stack.
2. Adjust the top of the stack: top down, updating the stack.
Summary: From the above, how do we determine the shape of the stack, to change the dynamic stack space, you can get the following conclusions.
1. As the top of the stack in the stack can only operate (at Top), resulting in last-out phenomenon
2. When the top of the stack and the stack is empty at the bottom of the stack in the same.
3.push pop operations and how to dynamically update the stack (given above).
4. The bottom of the stack and the stack is determined for an effective period of stack space.
Relations with the compilation of the system stack
Assembly language instructions and registers associated with the presence of the stack. In the following examples x86 assembly.
instruction:
Push into a stack to a
POP current stack point b of the stack of elements, and b is placed in
call 2 equivalents instructions: push EIP -> jmp [objective function Address]
RETN equivalents pop EIP
retn call and have to operate EIP, which is transmitted to control the implementation of the relevant program.
register:
EBP: bottom of the stack pointer
ESP: stack pointer, corresponding to top.
EIP: a flag for the next (the next one, not current) instruction should be executed or compiled machine instructions. EIP pointing position to tell the CPU how to do the next step should be to control the flow of program execution is very important! EIP is a sequence of movements under normal circumstances, and the upper and lower surfaces of said transmit control, that is, take the initiative to change the address of EIP, similar to the high-level language in branch and jump.
Other relevant registers: ESI, EDI, EBX
System with bottom, EBP, and ESP can be determined for some of stack space.
We have said before, the system stack is used to record a series of changes in the function of the function call, and each has some unique function of their own stack space, this stack space is a subset of the system stack, we call stack frame . In fact, this idea also better reflected in other areas, for example, each time a process is created, there will be only part of the virtual address space of the process, it is like a function call when establishing the stack frame.
From a macro point of view, the system stack to stack frame can be considered as the basic unit. Micro, I need to know what the stack frame there.
Although the contents of each stack frame is not the same, but fortunately the stack frame to establish the trajectory to follow, each stack frame has the following contents:
1. Save generating function (also known as caller caller) important information for sub-function (the caller callee) call control to the generating function generating function and site restoration at the end.
2. Functions information.
Now I do not understand it does not matter, the following will say fine.
Details of the function calling convention
I will be the default C language calling convention Cdecl analyzed as a case, after understanding cdecl, the other calling convention the same thing.
High-level language:
I use a demo from the assembly point of view, summed up what happened function calling convention. Here I am with the above main generating function, func as a subroutine to explain. Finally, we will in this example contains rules by extension.
Compilation levels:
Be sure to combine the content of the following systems I draw stack combination to watch. Note brain supplement their own dynamic operation.
Where were we look at the impact of operating system stack. Let's ignore the first red box, it is now focused on the second red box, which is the main function calls the mother how to stack space changes Functions func, how to stack frame established.
Call func concerned about this directive. We found a series of push operation before that, and the content push is the generating function of three main parameters passed to the func. Obviously, not difficult to see their stack order is from right to left. This is what we see, then we can just cdecl calling convention, by extension it? This proved correct can not be correct.
Function parameters onto the stack order is from right to left.
Call CALL command, control is transferred to the subroutine. Here implied push EIP.
Here we look at generating function func main subroutine call stack space How to change:
we only need to focus on the red box, I will explain one by one.
1. The creation of a new stack frame, open space for local variables, saved information generating function portion.
How to understand the generating function information stored? First of all, whether such ESP or EBP registers with the name of only one! I know that if you have not studied the compilation may wonder, what the hell is a register stack? I was also, in fact, this is not the register stack, the stack is the data register! Why do this? I did not read the assembler will be very upset, necessary? Indeed, some really not necessary, but some must be kept, such as generating function bottom of the stack information, if we do not operate, but directly to the EBP data is updated to the bottom of the stack func, func call that ended how we retrieve generating function the bottom of the stack, no data generating function in the bottom of the stack the stack frame is lost! We all wrote the code two variable data exchange, we would usually tmp to keep data for one variable with a temporary variable is the truth, in order to prevent loss of data! In short, since the implementation of the register corresponding function is only one, so we have to use to save data on a function such as EBP register in order to recover.
push ebp bottom of the stack information generating function stack
mov ebp, esp bottom of the stack pointer is updated, at this time we said above corresponds to an empty stack, esp = ebp.
sub esp, 0c0h open space for local variables
push three registers store information generating function, and preservation ebp empathy.
2 and 3: function call termination phase, generating function data recovery, destruction func function stack frame (esp part of stack space is less effective, so long as the decline esp esp section above means fail, so not erase data but threw it outside the scope of stack space effective, these non-valid data space will be covered with the activities of stack space). As part of between 2 and 3 red frame, also involved esp and ebp, this is a protective mechanism for stack space is abnormal Check ignore them.
Call ret pop eip here is equivalent to the EIP data generating function performed when the stack holder is returned to the EIP register, control is transferred to the parent function. (What transmit control, pop push all operations I say, they do not see this ignorant force, and did not understand the above return again look to see additional knowledge on top of the stack segment.)
It is time to answer the last question. Surely you have read this article found that, before I say stack frame is the area between ebp and esp each function of the composition, then the system stack diagram I drew the main esp should not point to the following func bottom of the stack a unit it? Why func stack frame parameters attributed to it? Indeed, as previously mentioned we should be, so now I'll explain why. (The following is the personal understanding and observation)
We look at the stack frame func, func is the latest in a stack frame, there is no stack frame at the top of this func, we find that distinction, between the top of the stack and the main stack func perfect accord. Based on this observation we come to the first point.
Let us look at the bottom of the stack frame. Any additional parameters func stack frame at the bottom, and the bottom of the stack frame mian No, I think this is where everyone confused. main reason why there is no argument, because I did not write this main parameters! There are three parameters and fun! That is the decision of whether Functions have arguments, then obviously the parameters are divided into the subroutine stack frame is very reasonable, although under sub-function parameters in the subroutine stack frame of the bottom of the stack.
And after the final, main function is executed immediately call a add esp, 0ch. The purpose of this directive is to balance the stack, to destroy the func parameter. As is the main function of the parameters of func cancel the account, which we call callers stack balance, as opposed to the callee stack of balanced instruction is executed in a similar semantic Functions.
So I have described in detail the process of creating the stack frame of the demo function func and even destroyed, and some of them need appropriate explanation to explain the operation to avoid the unnecessary part of the explanation. This process can be extended to other functions, which is the main content of the calling convention, but there are other different calling convention seats differences.
I Paint What main esp, main ebp only to facilitate understanding before you write, and write some old ebp, the stack above the intended function of a bottom, which is the bottom of the stack information generating function.
The type of function calling convention
x86 platform
cdecl
The default C language calling convention.
Parameters stack order: right to left
stack balance: the caller (generating function)
stdcall
win32 API calling convention
parameters stack order: right to left
stack balance: callee (subroutine)
fastcall
Call efficiency efficient
parameters onto the stack order: from right to left, of which the first two parameters Windows platform into the register before the Linux platform four parameters into the register, and will retain a shadow space space
stack balance: the caller (subroutine)
x64 platform
fastcall
Using this unified platform x64 calling convention.
Parameters onto the stack order: from right to left, of which the first four parameters Windows platform into the register before the Linux platform six parameters into the register, and will retain a shadow space space
stack balance: the caller (generating function)
