不使用EBP实施栈回溯 [英] Implementing stack backtrace without using ebp

问题描述

如何当编译器明确告知不使用EBP作为栈帧指针在堆栈中可以实现？

How a stack backtrace can be implemented when the compiler is explicitly told not to use ebp as stack frame pointer?

推荐答案

这个问题的答案是永远只在关于<一个公认的答案评论href=\"http://stackoverflow.com/questions/579262/what-is-the-purpose-of-the-ebp-frame-pointer-register\">What是EBP帧指针的通用寄存器？。

The answer to this was only ever in comments on the accepted answer on What is the purpose of the EBP frame pointer register?.

现代的调试器甚至可以在-fomit帧指针编译code做堆栈回溯。该设置是在最近的gcc默认的。

Modern debuggers can do stack backtraces even in code compiled with -fomit-frame-pointer. That setting is the default in recent gcc.

GCC将必须的堆栈退绕信息成 .eh_frame_hdr 部分。 看到这个博客帖子的更多详细信息 。它用于运行时异常了。您将在Linux系统上的大多数二进制文件发现它（与 objdump的-h ）。它是 /斌/庆典约16K，与572B为GNU /斌/真，108K为的ffmpeg 。

gcc puts the necessary stack-unwind info into a .eh_frame_hdr section. See this blog post for more details. It's used for runtime exceptions, too. You'll find it (with objdump -h) in most binaries on a Linux system. It's about 16k for /bin/bash, vs. 572B for GNU /bin/true, 108k for ffmpeg.

有就是禁用它生成一个gcc的选项，但它是一个正常的数据段，而不是一个调试节条默认情况下删除。否则，你无法通过没有调试符号库函数回溯。这部分可能比它所取代的推/ MOV /流行说明大，但它拥有近乎零成本运行时间（例如UOP缓存）。

There is a gcc option to disable generating it, but it's a "normal" data section, not a debug section that strip removes by default. Otherwise you couldn't backtrace through a library function that didn't have debug symbols. That section may be bigger than the push/mov/pop instructions it replaces, but it has near zero runtime cost (e.g. uop cache).

我认为存储在该节中的信息是从返回地址映射到堆栈帧的大小。由于每个呼叫指令将下一条指令的地址压入堆栈，您可以识别来自该地址父调用者。相反，推 EBP 来使堆栈帧的上的链接列表的堆栈，偏移到下一个返回地址存储在 .eh_frame_hdr 部分，因此它可以根据需要由code，需要回溯使用。

I think the info stored in that section is a mapping from return-address to size of stack frame. Since every call instruction pushes the address of the following instruction onto the stack, you can identify the parent caller from that address. Instead of pushing ebp to make a linked list of stack frames on the stack, the offset to the next return address is stored in the .eh_frame_hdr section, so it can be used if needed by code that needs to backtrace.

这篇关于不使用EBP实施栈回溯的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！