Shulou(Shulou.com)06/01 Report--

This article shares with you the content of a sample analysis of stacks in Linux. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Use the following program as an example:

Void a () {/ / stopped here} void b () {a ();} void c () {a ();} int main () {b (); c ();}

If the debugger stops at the / / stopped here' line, there are two ways to do this: main- > b-> an or main- > c-> a`. If we set a breakpoint with LLDB, continue to execute, and request a backtrack, we get the following:

* frame # 0: 0x00000000004004da a.out`a () + 4 at bt.cpp:3 frame # 1: 0x00000000004004e6 a.out`b () + 9 at bt.cpp:6 frame # 2: 0x00000000004004fe a.out`main + 9 at bt.cpp:14 frame # 3: 0x00007ffff7a2e830 libc.so.6` _ libc_start_main + 240at libc-start.c:291 frame # 4: 0x0000000000400409 a.out`` _ start + 41

This shows that we are currently in function a, a jumps from function b, b jumps from main and so on. * two frames are how the compiler guides the main function.

The question now is how do we implement it on x86x64. The most robust approach is to parse the .eh _ frame part of the ELF file and figure out how to unstack from there, but this can be painful. You can do it with libunwind or something like that, but it's boring. Instead, we assume that the compiler sets the stack in some way, and we will traverse it manually. To do this, we first need to understand the layout of the stack.

High |. | +-+ | Arg 1 | +-+ | Arg 2 | +-+ | Return | +-+ | Saved EBP | +-+ | Var 1 | +-+ | Var 2 | +-+ |. | Low

As you can see, the frame pointer of a stack frame is stored at the beginning of the current stack frame, creating a list of linked pointers. The stack is untied according to this linked list. We can find the function of the next frame in the list by looking for the return address in the DWARF information. Some compilers will ignore tracking the frame base address of the EBP because this can be expressed as the offset of the ESP and an extra register can be released. Even if optimization is enabled, passing-fno-omit-frame-pointer to GCC or Clang forces it to follow the conventions we rely on.

We will do all the work in the print_backtrace function:

Void debugger::print_backtrace () {

The first thing to decide is what format to use to print out the frame information. I used a lambda to deduce this method:

Auto output_frame = [frame_number = 0] (auto&& func) mutable {std::cout

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.