我正在调试 Linux 中的崩溃,并且正在检查函数 cxa_finalize 的汇编
崩溃发生在似乎无法访问的源代码行上:
cmp %edx,%esi // f >= &funcs->fns[0]
jae 0xb6e17b88 // enter for loop
jmp 0xb6e17c08 // exit for loop
lea 0x0(%esi,%eiz,1),%esi // crashes here - how do we even get here since there is a
// jmp above us, and nothing jumps to here
cmp %edi,0xc(%esi) // d == f->func.cxa.dso_handle (jumped to from below)
稍后在此方法中,还有另一个 lea 0x0(%esi,%eiz,1),%esi jmp 之后出现的指令和 nop这似乎也无法到达。在这种情况下,jmp也正在退出 for 循环。
这里是否有一些范例会放入无法访问的指令?
编辑:事实证明它没有在 lea 上崩溃指令,但在 cmp在它之后的指令,当访问 esi 处的内存时.
最佳答案
我找到了答案 here
Sometimes GCC inserts NOP instructions into the code stream to ensure proper alignment and stuff like that. The NOP instruction takes one byte, so you would think that you could just add as many as needed. But according to Ian Lance Taylor, it’s faster for the chip to execute one long instruction than many short instructions. So rather than inserting seven NOP instructions, they instead use one bizarro LEA, which uses up seven bytes and is semantically equivalent to a NOP
关于c++ - 程序集中无法访问的代码,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37448848/