RV64和ARM64栈结构差异
- 1 RV64和ARM64栈结构差异示意图
- 1.1 RV64和ARM64寄存器介绍
- 1.1.1 RV64寄存器
- 1.1.2 ARM64寄存器
- 1.2 RV64和ARM64栈结构差异示意图
- 2 RV64和ARM64栈使用示例
- 2.1 测试的程序
- 2.2 RV64反汇编的汇编程序
- 2.3 ARM64反汇编的汇编程序
- 2.4 RV64和ARM64测试程序的栈结构图
- 2.4.1 RV64测试程序的栈结构图
- 2.4.2 ARM64测试程序的栈结构图
- 3 异常时依据栈和当前寄存器推导调用栈的处理流程
- 3.1 以RV64为例来介绍
- 3.2 以ARM64为例来介绍
为什么要写这篇文章呢,主要是为了区分一下在RV64(RISC-V)和ARM64两种不同处理器在函数调用过程中栈的结构性差异,当出现异常情况时如何根据栈以及异常时寄存器的情况如何推导出调用栈。
RISC-V调用规则
RV64函数调用流程分析
ARM64 程序调用标准
ARM64函数调用流程分析
1 RV64和ARM64栈结构差异示意图
1.1 RV64和ARM64寄存器介绍
1.1.1 RV64寄存器
1.1.2 ARM64寄存器
1.2 RV64和ARM64栈结构差异示意图
- RV64的栈帧寄存器是s0,s0指向当前函数栈的栈底
- ARM64的栈帧寄存器是x29,x29指向当前函数的栈顶
2 RV64和ARM64栈使用示例
2.1 测试的程序
#include <stdio.h>
#include <string.h>
void test_fun_b(long m, long n, long x, long y)
{
long c = 3;
long d = 4;
printf("The current function is %s c:%ld d:%ld\r\n", __func__, c, d);
c = c + d + m;
d = c + d + n;
}
void test_fun_a(long m, long n, long x, long y)
{
long b = 2;
long c = 3;
printf("The current function is %s b:%ld c:%ld\r\n", __func__, b, c);
test_fun_b(b, c, 0, 2);
b = b + c + m;
c = b + c + n;
}
int main(void)
{
long a = 1;
long b = 2;
printf("The current function is %s a:%ld b:%ld\r\n", __func__, a, b);
test_fun_a(a, b, 0, 1);
a = a + b;
b = a + b;
return 0;
}
2.2 RV64反汇编的汇编程序
- RV64的编译命令:
riscv64-linux-gnu-gcc -Wl,--no-as-needed main.c -o rv_test - RV64的反汇编命令:
riscv64-linux-gnu-objdump -S -d rv_test
rv_test: file format elf64-littleriscv
Disassembly of section .plt:
0000000000000520 <.plt>:
520: 00002397 auipc t2,0x2
524: 41c30333 sub t1,t1,t3
528: ae83be03 ld t3,-1304(t2) # 2008 <__TMC_END__>
52c: fd430313 addi t1,t1,-44
530: ae838293 addi t0,t2,-1304
534: 00135313 srli t1,t1,0x1
538: 0082b283 ld t0,8(t0)
53c: 000e0067 jr t3
0000000000000540 <__libc_start_main@plt>:
540: 00002e17 auipc t3,0x2
544: ad8e3e03 ld t3,-1320(t3) # 2018 <__libc_start_main@GLIBC_2.27>
548: 000e0367 jalr t1,t3
54c: 00000013 nop
0000000000000550 <printf@plt>:
550: 00002e17 auipc t3,0x2
554: ad0e3e03 ld t3,-1328(t3) # 2020 <printf@GLIBC_2.27>
558: 000e0367 jalr t1,t3
55c: 00000013 nop
Disassembly of section .text:
0000000000000560 <_start>:
560: 02e000ef jal ra,58e <load_gp>
564: 87aa mv a5,a0
566: 00002517 auipc a0,0x2
56a: ad253503 ld a0,-1326(a0) # 2038 <_GLOBAL_OFFSET_TABLE_+0x10>
56e: 6582 ld a1,0(sp)
570: 0030 addi a2,sp,8
572: ff017113 andi sp,sp,-16
576: 00000697 auipc a3,0x0
57a: 21068693 addi a3,a3,528 # 786 <__libc_csu_init>
57e: 00000717 auipc a4,0x0
582: 26070713 addi a4,a4,608 # 7de <__libc_csu_fini>
586: 880a mv a6,sp
588: fb9ff0ef jal ra,540 <__libc_start_main@plt>
58c: 9002 ebreak
000000000000058e <load_gp>:
58e: 00002197 auipc gp,0x2
592: 27218193 addi gp,gp,626 # 2800 <__global_pointer$>
596: 8082 ret
...
000000000000059a <deregister_tm_clones>:
59a: 00002517 auipc a0,0x2
59e: a6e50513 addi a0,a0,-1426 # 2008 <__TMC_END__>
5a2: 00002797 auipc a5,0x2
5a6: a6678793 addi a5,a5,-1434 # 2008 <__TMC_END__>
5aa: 00a78963 beq a5,a0,5bc <deregister_tm_clones+0x22>
5ae: 00002317 auipc t1,0x2
5b2: a8233303 ld t1,-1406(t1) # 2030 <_ITM_deregisterTMCloneTable>
5b6: 00030363 beqz t1,5bc <deregister_tm_clones+0x22>
5ba: 8302 jr t1
5bc: 8082 ret
00000000000005be <register_tm_clones>:
5be: 00002517 auipc a0,0x2
5c2: a4a50513 addi a0,a0,-1462 # 2008 <__TMC_END__>
5c6: 00002797 auipc a5,0x2
5ca: a4278793 addi a5,a5,-1470 # 2008 <__TMC_END__>
5ce: 8f89 sub a5,a5,a0
5d0: 4037d713 srai a4,a5,0x3
5d4: 03f7d593 srli a1,a5,0x3f
5d8: 95ba add a1,a1,a4
5da: 8585 srai a1,a1,0x1
5dc: c981 beqz a1,5ec <register_tm_clones+0x2e>
5de: 00002317 auipc t1,0x2
5e2: a6a33303 ld t1,-1430(t1) # 2048 <_ITM_registerTMCloneTable>
5e6: 00030363 beqz t1,5ec <register_tm_clones+0x2e>
5ea: 8302 jr t1
5ec: 8082 ret
00000000000005ee <__do_global_dtors_aux>:
5ee: 1141 addi sp,sp,-16
5f0: e022 sd s0,0(sp)
5f2: 00002417 auipc s0,0x2
5f6: a6240413 addi s0,s0,-1438 # 2054 <completed.6761>
5fa: 00044783 lbu a5,0(s0)
5fe: e406 sd ra,8(sp)
600: e385 bnez a5,620 <__do_global_dtors_aux+0x32>
602: 00002797 auipc a5,0x2
606: a3e7b783 ld a5,-1474(a5) # 2040 <__cxa_finalize@GLIBC_2.27>
60a: c791 beqz a5,616 <__do_global_dtors_aux+0x28>
60c: 00002517 auipc a0,0x2
610: 9f453503 ld a0,-1548(a0) # 2000 <__dso_handle>
614: 9782 jalr a5
616: f85ff0ef jal ra,59a <deregister_tm_clones>
61a: 4785 li a5,1
61c: 00f40023 sb a5,0(s0)
620: 60a2 ld ra,8(sp)
622: 6402 ld s0,0(sp)
624: 0141 addi sp,sp,16
626: 8082 ret
0000000000000628 <frame_dummy>:
628: bf59 j 5be <register_tm_clones>
000000000000062a <test_fun_b>:
62a: 7139 addi sp,sp,-64
62c: fc06 sd ra,56(sp)
62e: f822 sd s0,48(sp)
630: 0080 addi s0,sp,64
632: fca43c23 sd a0,-40(s0)
636: fcb43823 sd a1,-48(s0)
63a: fcc43423 sd a2,-56(s0)
63e: fcd43023 sd a3,-64(s0)
642: 478d li a5,3
644: fef43023 sd a5,-32(s0)
648: 4791 li a5,4
64a: fef43423 sd a5,-24(s0)
64e: fe843683 ld a3,-24(s0)
652: fe043603 ld a2,-32(s0)
656: 00000597 auipc a1,0x0
65a: 21a58593 addi a1,a1,538 # 870 <__func__.2089>
65e: 00000517 auipc a0,0x0
662: 18250513 addi a0,a0,386 # 7e0 <__libc_csu_fini+0x2>
666: eebff0ef jal ra,550 <printf@plt>
66a: fe043703 ld a4,-32(s0)
66e: fe843783 ld a5,-24(s0)
672: 97ba add a5,a5,a4
674: fd843703 ld a4,-40(s0)
678: 97ba add a5,a5,a4
67a: fef43023 sd a5,-32(s0)
67e: fe043703 ld a4,-32(s0)
682: fe843783 ld a5,-24(s0)
686: 97ba add a5,a5,a4
688: fd043703 ld a4,-48(s0)
68c: 97ba add a5,a5,a4
68e: fef43423 sd a5,-24(s0)
692: 0001 nop
694: 70e2 ld ra,56(sp)
696: 7442 ld s0,48(sp)
698: 6121 addi sp,sp,64
69a: 8082 ret
000000000000069c <test_fun_a>:
69c: 7139 addi sp,sp,-64
69e: fc06 sd ra,56(sp)
6a0: f822 sd s0,48(sp)
6a2: 0080 addi s0,sp,64
6a4: fca43c23 sd a0,-40(s0)
6a8: fcb43823 sd a1,-48(s0)
6ac: fcc43423 sd a2,-56(s0)
6b0: fcd43023 sd a3,-64(s0)
6b4: 4789 li a5,2
6b6: fef43023 sd a5,-32(s0)
6ba: 478d li a5,3
6bc: fef43423 sd a5,-24(s0)
6c0: fe843683 ld a3,-24(s0)
6c4: fe043603 ld a2,-32(s0)
6c8: 00000597 auipc a1,0x0
6cc: 1b858593 addi a1,a1,440 # 880 <__func__.2098>
6d0: 00000517 auipc a0,0x0
6d4: 14050513 addi a0,a0,320 # 810 <__libc_csu_fini+0x32>
6d8: e79ff0ef jal ra,550 <printf@plt>
6dc: 4689 li a3,2
6de: 4601 li a2,0
6e0: fe843583 ld a1,-24(s0)
6e4: fe043503 ld a0,-32(s0)
6e8: f43ff0ef jal ra,62a <test_fun_b>
6ec: fe043703 ld a4,-32(s0)
6f0: fe843783 ld a5,-24(s0)
6f4: 97ba add a5,a5,a4
6f6: fd843703 ld a4,-40(s0)
6fa: 97ba add a5,a5,a4
6fc: fef43023 sd a5,-32(s0)
700: fe043703 ld a4,-32(s0)
704: fe843783 ld a5,-24(s0)
708: 97ba add a5,a5,a4
70a: fd043703 ld a4,-48(s0)
70e: 97ba add a5,a5,a4
710: fef43423 sd a5,-24(s0)
714: 0001 nop
716: 70e2 ld ra,56(sp)
718: 7442 ld s0,48(sp)
71a: 6121 addi sp,sp,64
71c: 8082 ret
000000000000071e <main>:
71e: 1101 addi sp,sp,-32
720: ec06 sd ra,24(sp)
722: e822 sd s0,16(sp)
724: 1000 addi s0,sp,32
726: 4785 li a5,1
728: fef43023 sd a5,-32(s0)
72c: 4789 li a5,2
72e: fef43423 sd a5,-24(s0)
732: fe843683 ld a3,-24(s0)
736: fe043603 ld a2,-32(s0)
73a: 00000597 auipc a1,0x0
73e: 15658593 addi a1,a1,342 # 890 <__func__.2104>
742: 00000517 auipc a0,0x0
746: 0fe50513 addi a0,a0,254 # 840 <__libc_csu_fini+0x62>
74a: e07ff0ef jal ra,550 <printf@plt>
74e: 4685 li a3,1
750: 4601 li a2,0
752: fe843583 ld a1,-24(s0)
756: fe043503 ld a0,-32(s0)
75a: f43ff0ef jal ra,69c <test_fun_a>
75e: fe043703 ld a4,-32(s0)
762: fe843783 ld a5,-24(s0)
766: 97ba add a5,a5,a4
768: fef43023 sd a5,-32(s0)
76c: fe843703 ld a4,-24(s0)
770: fe043783 ld a5,-32(s0)
774: 97ba add a5,a5,a4
776: fef43423 sd a5,-24(s0)
77a: 4781 li a5,0
77c: 853e mv a0,a5
77e: 60e2 ld ra,24(sp)
780: 6442 ld s0,16(sp)
782: 6105 addi sp,sp,32
784: 8082 ret
0000000000000786 <__libc_csu_init>:
786: 7139 addi sp,sp,-64
788: f822 sd s0,48(sp)
78a: f04a sd s2,32(sp)
78c: 00001417 auipc s0,0x1
790: 67440413 addi s0,s0,1652 # 1e00 <__frame_dummy_init_array_entry>
794: 00001917 auipc s2,0x1
798: 67490913 addi s2,s2,1652 # 1e08 <__do_global_dtors_aux_fini_array_entry>
79c: 40890933 sub s2,s2,s0
7a0: fc06 sd ra,56(sp)
7a2: f426 sd s1,40(sp)
7a4: ec4e sd s3,24(sp)
7a6: e852 sd s4,16(sp)
7a8: e456 sd s5,8(sp)
7aa: 40395913 srai s2,s2,0x3
7ae: 00090f63 beqz s2,7cc <__libc_csu_init+0x46>
7b2: 89aa mv s3,a0
7b4: 8a2e mv s4,a1
7b6: 8ab2 mv s5,a2
7b8: 4481 li s1,0
7ba: 601c ld a5,0(s0)
7bc: 8656 mv a2,s5
7be: 85d2 mv a1,s4
7c0: 854e mv a0,s3
7c2: 0485 addi s1,s1,1
7c4: 9782 jalr a5
7c6: 0421 addi s0,s0,8
7c8: fe9919e3 bne s2,s1,7ba <__libc_csu_init+0x34>
7cc: 70e2 ld ra,56(sp)
7ce: 7442 ld s0,48(sp)
7d0: 74a2 ld s1,40(sp)
7d2: 7902 ld s2,32(sp)
7d4: 69e2 ld s3,24(sp)
7d6: 6a42 ld s4,16(sp)
7d8: 6aa2 ld s5,8(sp)
7da: 6121 addi sp,sp,64
7dc: 8082 ret
00000000000007de <__libc_csu_fini>:
7de: 8082 ret
2.3 ARM64反汇编的汇编程序
- RV64的编译命令:
aarch64-linux-gnu-gcc -Wl,--no-as-needed main.c -o a64_test - RV64的反汇编命令:
aarch64-linux-gnu-objdump -S -d a64_test
a64_test: file format elf64-littleaarch64
Disassembly of section .init:
00000000000005d0 <_init>:
5d0: a9bf7bfd stp x29, x30, [sp, #-16]!
5d4: 910003fd mov x29, sp
5d8: 94000030 bl 698 <call_weak_fn>
5dc: a8c17bfd ldp x29, x30, [sp], #16
5e0: d65f03c0 ret
Disassembly of section .plt:
00000000000005f0 <.plt>:
5f0: a9bf7bf0 stp x16, x30, [sp, #-16]!
5f4: 90000090 adrp x16, 10000 <__FRAME_END__+0xf438>
5f8: f947ca11 ldr x17, [x16, #3984]
5fc: 913e4210 add x16, x16, #0xf90
600: d61f0220 br x17
604: d503201f nop
608: d503201f nop
60c: d503201f nop
0000000000000610 <__cxa_finalize@plt>:
610: 90000090 adrp x16, 10000 <__FRAME_END__+0xf438>
614: f947ce11 ldr x17, [x16, #3992]
618: 913e6210 add x16, x16, #0xf98
61c: d61f0220 br x17
0000000000000620 <__libc_start_main@plt>:
620: 90000090 adrp x16, 10000 <__FRAME_END__+0xf438>
624: f947d211 ldr x17, [x16, #4000]
628: 913e8210 add x16, x16, #0xfa0
62c: d61f0220 br x17
0000000000000630 <__gmon_start__@plt>:
630: 90000090 adrp x16, 10000 <__FRAME_END__+0xf438>
634: f947d611 ldr x17, [x16, #4008]
638: 913ea210 add x16, x16, #0xfa8
63c: d61f0220 br x17
0000000000000640 <abort@plt>:
640: 90000090 adrp x16, 10000 <__FRAME_END__+0xf438>
644: f947da11 ldr x17, [x16, #4016]
648: 913ec210 add x16, x16, #0xfb0
64c: d61f0220 br x17
0000000000000650 <printf@plt>:
650: 90000090 adrp x16, 10000 <__FRAME_END__+0xf438>
654: f947de11 ldr x17, [x16, #4024]
658: 913ee210 add x16, x16, #0xfb8
65c: d61f0220 br x17
Disassembly of section .text:
0000000000000660 <_start>:
660: d280001d mov x29, #0x0 // #0
664: d280001e mov x30, #0x0 // #0
668: aa0003e5 mov x5, x0
66c: f94003e1 ldr x1, [sp]
670: 910023e2 add x2, sp, #0x8
674: 910003e6 mov x6, sp
678: 90000080 adrp x0, 10000 <__FRAME_END__+0xf438>
67c: f947f800 ldr x0, [x0, #4080]
680: 90000083 adrp x3, 10000 <__FRAME_END__+0xf438>
684: f947f463 ldr x3, [x3, #4072]
688: 90000084 adrp x4, 10000 <__FRAME_END__+0xf438>
68c: f947e484 ldr x4, [x4, #4040]
690: 97ffffe4 bl 620 <__libc_start_main@plt>
694: 97ffffeb bl 640 <abort@plt>
0000000000000698 <call_weak_fn>:
698: 90000080 adrp x0, 10000 <__FRAME_END__+0xf438>
69c: f947f000 ldr x0, [x0, #4064]
6a0: b4000040 cbz x0, 6a8 <call_weak_fn+0x10>
6a4: 17ffffe3 b 630 <__gmon_start__@plt>
6a8: d65f03c0 ret
6ac: d503201f nop
00000000000006b0 <deregister_tm_clones>:
6b0: b0000080 adrp x0, 11000 <__data_start>
6b4: 91004000 add x0, x0, #0x10
6b8: b0000081 adrp x1, 11000 <__data_start>
6bc: 91004021 add x1, x1, #0x10
6c0: eb00003f cmp x1, x0
6c4: 540000c0 b.eq 6dc <deregister_tm_clones+0x2c> // b.none
6c8: 90000081 adrp x1, 10000 <__FRAME_END__+0xf438>
6cc: f947e821 ldr x1, [x1, #4048]
6d0: b4000061 cbz x1, 6dc <deregister_tm_clones+0x2c>
6d4: aa0103f0 mov x16, x1
6d8: d61f0200 br x16
6dc: d65f03c0 ret
00000000000006e0 <register_tm_clones>:
6e0: b0000080 adrp x0, 11000 <__data_start>
6e4: 91004000 add x0, x0, #0x10
6e8: b0000081 adrp x1, 11000 <__data_start>
6ec: 91004021 add x1, x1, #0x10
6f0: cb000021 sub x1, x1, x0
6f4: d37ffc22 lsr x2, x1, #63
6f8: 8b810c41 add x1, x2, x1, asr #3
6fc: eb8107ff cmp xzr, x1, asr #1
700: 9341fc21 asr x1, x1, #1
704: 540000c0 b.eq 71c <register_tm_clones+0x3c> // b.none
708: 90000082 adrp x2, 10000 <__FRAME_END__+0xf438>
70c: f947fc42 ldr x2, [x2, #4088]
710: b4000062 cbz x2, 71c <register_tm_clones+0x3c>
714: aa0203f0 mov x16, x2
718: d61f0200 br x16
71c: d65f03c0 ret
0000000000000720 <__do_global_dtors_aux>:
720: a9be7bfd stp x29, x30, [sp, #-32]!
724: 910003fd mov x29, sp
728: f9000bf3 str x19, [sp, #16]
72c: b0000093 adrp x19, 11000 <__data_start>
730: 39404260 ldrb w0, [x19, #16]
734: 35000140 cbnz w0, 75c <__do_global_dtors_aux+0x3c>
738: 90000080 adrp x0, 10000 <__FRAME_END__+0xf438>
73c: f947ec00 ldr x0, [x0, #4056]
740: b4000080 cbz x0, 750 <__do_global_dtors_aux+0x30>
744: b0000080 adrp x0, 11000 <__data_start>
748: f9400400 ldr x0, [x0, #8]
74c: 97ffffb1 bl 610 <__cxa_finalize@plt>
750: 97ffffd8 bl 6b0 <deregister_tm_clones>
754: 52800020 mov w0, #0x1 // #1
758: 39004260 strb w0, [x19, #16]
75c: f9400bf3 ldr x19, [sp, #16]
760: a8c27bfd ldp x29, x30, [sp], #32
764: d65f03c0 ret
0000000000000768 <frame_dummy>:
768: 17ffffde b 6e0 <register_tm_clones>
000000000000076c <test_fun_b>:
76c: a9bc7bfd stp x29, x30, [sp, #-64]!
770: 910003fd mov x29, sp
774: f90017e0 str x0, [sp, #40]
778: f90013e1 str x1, [sp, #32]
77c: f9000fe2 str x2, [sp, #24]
780: f9000be3 str x3, [sp, #16]
784: d2800060 mov x0, #0x3 // #3
788: f9001be0 str x0, [sp, #48]
78c: d2800080 mov x0, #0x4 // #4
790: f9001fe0 str x0, [sp, #56]
794: f9401fe3 ldr x3, [sp, #56]
798: f9401be2 ldr x2, [sp, #48]
79c: 90000000 adrp x0, 0 <_init-0x5d0>
7a0: 9128a001 add x1, x0, #0xa28
7a4: 90000000 adrp x0, 0 <_init-0x5d0>
7a8: 91266000 add x0, x0, #0x998
7ac: 97ffffa9 bl 650 <printf@plt>
7b0: f9401be1 ldr x1, [sp, #48]
7b4: f9401fe0 ldr x0, [sp, #56]
7b8: 8b000020 add x0, x1, x0
7bc: f94017e1 ldr x1, [sp, #40]
7c0: 8b000020 add x0, x1, x0
7c4: f9001be0 str x0, [sp, #48]
7c8: f9401be1 ldr x1, [sp, #48]
7cc: f9401fe0 ldr x0, [sp, #56]
7d0: 8b000020 add x0, x1, x0
7d4: f94013e1 ldr x1, [sp, #32]
7d8: 8b000020 add x0, x1, x0
7dc: f9001fe0 str x0, [sp, #56]
7e0: d503201f nop
7e4: a8c47bfd ldp x29, x30, [sp], #64
7e8: d65f03c0 ret
00000000000007ec <test_fun_a>:
7ec: a9bc7bfd stp x29, x30, [sp, #-64]!
7f0: 910003fd mov x29, sp
7f4: f90017e0 str x0, [sp, #40]
7f8: f90013e1 str x1, [sp, #32]
7fc: f9000fe2 str x2, [sp, #24]
800: f9000be3 str x3, [sp, #16]
804: d2800040 mov x0, #0x2 // #2
808: f9001be0 str x0, [sp, #48]
80c: d2800060 mov x0, #0x3 // #3
810: f9001fe0 str x0, [sp, #56]
814: f9401fe3 ldr x3, [sp, #56]
818: f9401be2 ldr x2, [sp, #48]
81c: 90000000 adrp x0, 0 <_init-0x5d0>
820: 9128e001 add x1, x0, #0xa38
824: 90000000 adrp x0, 0 <_init-0x5d0>
828: 91272000 add x0, x0, #0x9c8
82c: 97ffff89 bl 650 <printf@plt>
830: d2800043 mov x3, #0x2 // #2
834: d2800002 mov x2, #0x0 // #0
838: f9401fe1 ldr x1, [sp, #56]
83c: f9401be0 ldr x0, [sp, #48]
840: 97ffffcb bl 76c <test_fun_b>
844: f9401be1 ldr x1, [sp, #48]
848: f9401fe0 ldr x0, [sp, #56]
84c: 8b000020 add x0, x1, x0
850: f94017e1 ldr x1, [sp, #40]
854: 8b000020 add x0, x1, x0
858: f9001be0 str x0, [sp, #48]
85c: f9401be1 ldr x1, [sp, #48]
860: f9401fe0 ldr x0, [sp, #56]
864: 8b000020 add x0, x1, x0
868: f94013e1 ldr x1, [sp, #32]
86c: 8b000020 add x0, x1, x0
870: f9001fe0 str x0, [sp, #56]
874: d503201f nop
878: a8c47bfd ldp x29, x30, [sp], #64
87c: d65f03c0 ret
0000000000000880 <main>:
880: a9be7bfd stp x29, x30, [sp, #-32]!
884: 910003fd mov x29, sp
888: d2800020 mov x0, #0x1 // #1
88c: f9000be0 str x0, [sp, #16]
890: d2800040 mov x0, #0x2 // #2
894: f9000fe0 str x0, [sp, #24]
898: f9400fe3 ldr x3, [sp, #24]
89c: f9400be2 ldr x2, [sp, #16]
8a0: 90000000 adrp x0, 0 <_init-0x5d0>
8a4: 91292001 add x1, x0, #0xa48
8a8: 90000000 adrp x0, 0 <_init-0x5d0>
8ac: 9127e000 add x0, x0, #0x9f8
8b0: 97ffff68 bl 650 <printf@plt>
8b4: d2800023 mov x3, #0x1 // #1
8b8: d2800002 mov x2, #0x0 // #0
8bc: f9400fe1 ldr x1, [sp, #24]
8c0: f9400be0 ldr x0, [sp, #16]
8c4: 97ffffca bl 7ec <test_fun_a>
8c8: f9400be1 ldr x1, [sp, #16]
8cc: f9400fe0 ldr x0, [sp, #24]
8d0: 8b000020 add x0, x1, x0
8d4: f9000be0 str x0, [sp, #16]
8d8: f9400fe1 ldr x1, [sp, #24]
8dc: f9400be0 ldr x0, [sp, #16]
8e0: 8b000020 add x0, x1, x0
8e4: f9000fe0 str x0, [sp, #24]
8e8: 52800000 mov w0, #0x0 // #0
8ec: a8c27bfd ldp x29, x30, [sp], #32
8f0: d65f03c0 ret
8f4: d503201f nop
00000000000008f8 <__libc_csu_init>:
8f8: a9bc7bfd stp x29, x30, [sp, #-64]!
8fc: 910003fd mov x29, sp
900: a90153f3 stp x19, x20, [sp, #16]
904: 90000094 adrp x20, 10000 <__FRAME_END__+0xf438>
908: 91362294 add x20, x20, #0xd88
90c: a9025bf5 stp x21, x22, [sp, #32]
910: 90000095 adrp x21, 10000 <__FRAME_END__+0xf438>
914: 913602b5 add x21, x21, #0xd80
918: cb150294 sub x20, x20, x21
91c: 2a0003f6 mov w22, w0
920: a90363f7 stp x23, x24, [sp, #48]
924: aa0103f7 mov x23, x1
928: aa0203f8 mov x24, x2
92c: 97ffff29 bl 5d0 <_init>
930: eb940fff cmp xzr, x20, asr #3
934: 54000160 b.eq 960 <__libc_csu_init+0x68> // b.none
938: 9343fe94 asr x20, x20, #3
93c: d2800013 mov x19, #0x0 // #0
940: f8737aa3 ldr x3, [x21, x19, lsl #3]
944: aa1803e2 mov x2, x24
948: 91000673 add x19, x19, #0x1
94c: aa1703e1 mov x1, x23
950: 2a1603e0 mov w0, w22
954: d63f0060 blr x3
958: eb13029f cmp x20, x19
95c: 54ffff21 b.ne 940 <__libc_csu_init+0x48> // b.any
960: a94153f3 ldp x19, x20, [sp, #16]
964: a9425bf5 ldp x21, x22, [sp, #32]
968: a94363f7 ldp x23, x24, [sp, #48]
96c: a8c47bfd ldp x29, x30, [sp], #64
970: d65f03c0 ret
974: d503201f nop
0000000000000978 <__libc_csu_fini>:
978: d65f03c0 ret
Disassembly of section .fini:
000000000000097c <_fini>:
97c: a9bf7bfd stp x29, x30, [sp, #-16]!
980: 910003fd mov x29, sp
984: a8c17bfd ldp x29, x30, [sp], #16
988: d65f03c0 ret
2.4 RV64和ARM64测试程序的栈结构图
2.4.1 RV64测试程序的栈结构图
2.4.2 ARM64测试程序的栈结构图
3 异常时依据栈和当前寄存器推导调用栈的处理流程
- 首先要查看当前栈帧寄存器( FP )以及栈指针寄存器( SP )以及ra寄存器。对于arm64,其FP是x29寄存器,ra是x30寄存器;对于rv64来说,x8(s0)为其FP寄存器,x1为其ra寄存器。
- 确认FP和SP就可以去依次去找到各个调用函数的调用过程,找到ra就可以确认当前函数的上一级调用者。
3.1 以RV64为例来介绍
3.2 以ARM64为例来介绍
