程序运行错误,debug,顺便再熟悉一样x86汇编,要调试的代码如下:
obj/testcase/add: file format elf32-i386
Disassembly of section .text:
00100000 <_start>:
100000: bd 00 00 00 00 mov $0x0,%ebp
100005: bc f0 ff ff 07 mov $0x7fffff0,%esp
10000a: e8 1c 00 00 00 call 10002b <main>
10000f: b8 00 00 00 00 mov $0x0,%eax
100014: d6 (bad)
00100015 <add>:
100015: 55 push %ebp
100016: 89 e5 mov %esp,%ebp
100018: 83 ec 10 sub $0x10,%esp
10001b: 8b 55 08 mov 0x8(%ebp),%edx
10001e: 8b 45 0c mov 0xc(%ebp),%eax
100021: 01 d0 add %edx,%eax
100023: 89 45 fc mov %eax,-0x4(%ebp)
100026: 8b 45 fc mov -0x4(%ebp),%eax
100029: c9 leave
10002a: c3 ret
0010002b <main>:
10002b: 55 push %ebp
10002c: 89 e5 mov %esp,%ebp
10002e: 83 ec 10 sub $0x10,%esp
100031: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp)
100038: c7 45 f0 00 00 00 00 movl $0x0,-0x10(%ebp)
10003f: c7 45 fc 00 00 00 00 movl $0x0,-0x4(%ebp)
100046: eb 57 jmp 10009f <main+0x74>
100048: c7 45 f8 00 00 00 00 movl $0x0,-0x8(%ebp)
10004f: eb 42 jmp 100093 <main+0x68>
100051: 8b 45 f8 mov -0x8(%ebp),%eax
100054: 8b 14 85 20 01 10 00 mov 0x100120(,%eax,4),%edx
10005b: 8b 45 fc mov -0x4(%ebp),%eax
10005e: 8b 04 85 20 01 10 00 mov 0x100120(,%eax,4),%eax
100065: 52 push %edx
100066: 50 push %eax
100067: e8 a9 ff ff ff call 100015 <add>
10006c: 83 c4 08 add $0x8,%esp
10006f: 89 c1 mov %eax,%ecx
100071: 8b 45 f4 mov -0xc(%ebp),%eax
100074: 8d 50 01 lea 0x1(%eax),%edx
100077: 89 55 f4 mov %edx,-0xc(%ebp)
10007a: 8b 04 85 40 01 10 00 mov 0x100140(,%eax,4),%eax
100081: 39 c1 cmp %eax,%ecx
100083: 74 06 je 10008b <main+0x60>
100085: b8 01 00 00 00 mov $0x1,%eax
10008a: d6 (bad)
10008b: 83 45 f0 01 addl $0x1,-0x10(%ebp)
10008f: 83 45 f8 01 addl $0x1,-0x8(%ebp)
100093: 8b 45 f8 mov -0x8(%ebp),%eax
100096: 83 f8 07 cmp $0x7,%eax
100099: 76 b6 jbe 100051 <main+0x26>
10009b: 83 45 fc 01 addl $0x1,-0x4(%ebp)
10009f: 8b 45 fc mov -0x4(%ebp),%eax
1000a2: 83 f8 07 cmp $0x7,%eax
1000a5: 76 a1 jbe 100048 <main+0x1d>
1000a7: 83 7d f0 40 cmpl $0x40,-0x10(%ebp)
1000ab: 74 06 je 1000b3 <main+0x88>
1000ad: b8 01 00 00 00 mov $0x1,%eax
1000b2: d6 (bad)
1000b3: b8 00 00 00 00 mov $0x0,%eax
1000b8: c9 leave
1000b9: c3 ret
_start准备运行环境,ebp = 0, esp = 0x7fffff0, main的参数为空
main函数的prologue,push ebp, esp = > ebp, esp -= 0x10
然后将局部变量初始化:,因为声明的顺序为:
i, j, ans_idx, loop
, 所以i <==> ebp -4, j <==> ebp - 8, ans_idx <==> ebp - 0xc, loop <==> ebp - 0x10然后开始外层循环,循环体的模式为:
goto end_of_loop1;
start_of_loop1:
j = 0;
goto end_of_loop2;
start_of_loop2:
processing here.....
end_of_loop2:
eax = j;
if (eax <= 7)
goto start_of_loop2;
end_of_loop1:
eax = i;
if (eax <= 7)
goto start_of_loop1;
- loop body的操作过程如下:
eax = j;
edx = [array + j * 4]
eax = i;
eax = [array + i * 4]
push edx <==> param2
push eax <==> param1
call add
- 其中有一条比较复杂的指令:
100054: 8b 14 85 20 01 10 00 mov 0x100120(,%eax,4),%edx
表示:edx = (0x100120 + 0 + eax * 4)该地址的内容
- x86栈帧的格式为
local var2 <------- ebp - 8 (esp)
local var1 <------- ebp - 4
(callee-saved registers) maybe no need
old ebp <------- ebp
return address <------- ebp + 4
param1 <------- ebp + 8
param2
(caller-saved registers) maybe no need
- add函数的指令就比较容易懂了