How to understand the function call? In this paper the compilation of a simple C language program into object code, and then use the object files objdump decompile into assembly code, so a glimpse of a function call, I hope for your inspiration.
C language source code:
#include <stdio.h>
int static add(int a, int b)
{
return a+b;
}
int main()
{
int x = 5;
int y = 10;
int u = add(x, y);
return 1;
}
~
After compiling: gcc -g -c add.c , generates object code add.o
view object files (generated assembly code): objdump -d -S add.o
add.o: file format Mach-O 64-bit x86-64
Disassembly of section __TEXT,__text:
_main:
; { //这是注释(ps)
0: 55 pushq %rbp
1: 48 89 e5 movq %rsp, %rbp
4: 48 83 ec 10 subq $16, %rsp
8: c7 45 fc 00 00 00 00 movl $0, -4(%rbp)
; int x = 5;
f: c7 45 f8 05 00 00 00 movl $5, -8(%rbp)
; int y = 10;
16: c7 45 f4 0a 00 00 00 movl $10, -12(%rbp)
; int u = add(x, y);
1d: 8b 7d f8 movl -8(%rbp), %edi
20: 8b 75 f4 movl -12(%rbp), %esi
23: e8 00 00 00 00 callq 0 <_main+0x28>
28: be 01 00 00 00 movl $1, %esi
2d: 89 45 f0 movl %eax, -16(%rbp)
; return 1;
30: 89 f0 movl %esi, %eax
32: 48 83 c4 10 addq $16, %rsp
36: 5d popq %rbp
37: c3 retq
38: 0f 1f 84 00 00 00 00 00 nopl (%rax,%rax)
_add:
; {
40: 55 pushq %rbp
41: 48 89 e5 movq %rsp, %rbp ;当前函数的栈指针
44: 89 7d fc movl %edi, -4(%rbp) ;把寄存器的参数移动到栈上
47: 89 75 f8 movl %esi, -8(%rbp) ;把寄存器的参数移动到栈上
; return a+b;
4a: 8b 75 fc movl -4(%rbp), %esi
4d: 03 75 f8 addl -8(%rbp), %esi
50: 89 f0 movl %esi, %eax
52: 5d popq %rbp
53: c3 retq
As can be seen from the above:
1, object file (.o) is an address starting from 0 (not yet assigned an address in the virtual address space, when it is assigned LD)
2, function start address is 4 byte alignment.
3, X86 architecture instruction length is variable length (ARM instruction is a fixed length of 4 bytes).
4, name mangling, symbolic name was underlined by + function name.
Program calls procedure
Caller:
- First parameter stored in the register and edi ESI (pass parameters via registers)
- Call callq
- Process the return value eax
Which, callq do two things:
1) save the address of the next instruction, the function returns continue for
2) jumps to the address of Functions
Callee:
- A frame pointer on the stack function rbp
- Save frame pointer to the stack pointer rsp
- From the register (EDI and esi) parameters taken into the stack
- Operation
- The calculation results are stored in eax
- Pop-up frame pointer (RBP a function before reduction)
- Function returns, execution continues to remove hop instruction
Special Note :
The above transfer function parameters are passed and return parameters passed in registers, and can also pass through the stack and the memory area, specifically with reference to the C language calling convention.
In the frame structure a function of what data?
1, a stack frame register value stored in the stack
2, this temporary variable used in the function
3, the parameters passed to call a subroutine
4, to continue after the return to call a subroutine (the return address)
Stack frame structure :
