如何阅读这段Rust代码的汇编代码?
How to read the assembly code of this piece of Rust code?
我正在尝试阅读一段 Rust 汇编代码,但实际上,它比 C/C++ 编译器生成的 ASM 代码更难阅读。那么,如何分析下面这段Rust代码的ASM代码呢?
fn main() {
let closure = |x| println!("{}", x);
let x: fn(x: i32) -> () = closure;
println!("{}", x as i32);
}
相应的汇编代码如下所示(我只粘贴了主要部分,完整版请使用此永久链接:https://play.rust-lang.org/?version=nightly&mode=release&edition=2018&gist=e7ba4844f1ce6e881912dc074152988d):
playground::main: # @playground::main
# %bb.0:
subq , %rsp
leaq core::ops::function::FnOnce::call_once(%rip), %rax
movl %eax, 4(%rsp)
leaq 4(%rsp), %rax
movq %rax, 8(%rsp)
movq core::fmt::num::imp::<impl core::fmt::Display for i32>::fmt@GOTPCREL(%rip), %rax
movq %rax, 16(%rsp)
leaq .L__unnamed_2(%rip), %rax # the contents of rdx come from .L__unnamed_2(%rip), how to evaluate this part?
movq %rax, 24(%rsp) # the contents of rdi come from rax.
movq , 32(%rsp)
movq [=11=], 40(%rsp)
leaq 8(%rsp), %rax
movq %rax, 56(%rsp)
movq , 64(%rsp)
leaq 24(%rsp), %rdi # rdi should be the register holding the value passed to println!.
callq *std::io::stdio::_print@GOTPCREL(%rip)
addq , %rsp
retq
# -- End function
main: # @main
# %bb.0:
subq , %rsp
movq %rsi, %rcx
movslq %edi, %rdx
leaq playground::main(%rip), %rax
movq %rax, (%rsp)
leaq .L__unnamed_1(%rip), %rsi
movq %rsp, %rdi
callq *std::rt::lang_start_internal@GOTPCREL(%rip)
# kill: def $eax killed $eax killed $rax
popq %rcx
retq
# -- End function
.L__unnamed_1:
.quad core::ptr::drop_in_place<std::rt::lang_start<()>::{{closure}}>
.quad 8 # 0x8
.quad 8 # 0x8
.quad std::rt::lang_start::{{closure}}
.quad std::rt::lang_start::{{closure}}
.quad core::ops::function::FnOnce::call_once{{vtable.shim}}
.L__unnamed_3:
.L__unnamed_4:
.byte 10
.L__unnamed_2:
.quad .L__unnamed_3
.zero 8
.quad .L__unnamed_4
.asciz "[=11=]1[=11=]0[=11=]0[=11=]0[=11=]0[=11=]0[=11=]0"
而且,我正在尝试找出 Rust 编译器如何处理闭包的函数指针与普通函数。因此,在这里我尝试使用闭包作为示例,但似乎找不到与变量“x”的使用相对应的任何有效汇编代码。
没有对闭包的实际调用,因此没有生成调用代码,但 x 变量的使用实际上是在一个未包含在您的 post 中的函数中,该函数具有误导性名称 core::ops::function::FnOnce::call_once 在 ASM 输出中,但在同一 playground 示例的 LLVM 输出中具有更混乱的名称 @_ZN4core3ops8function6FnOnce9call_once17hefa1aa47132c4122E 。这是闭包的实际内容(println!("{}", x))
core::ops::function::FnOnce::call_once: # @core::ops::function::FnOnce::call_once
# %bb.0:
# allocate a bunch of stack space for variables and print arguments
subq , %rsp
# %edi has the value of x passed in to the closure, which we store in a new stack allocated variable
movl %edi, 4(%rsp)
# we then load the address of that variable into another variable
leaq 4(%rsp), %rax
movq %rax, 8(%rsp)
# the following is mostly populating the std::fmt::Arguments struct which is passed to print
movq core::fmt::num::imp::<impl core::fmt::Display for i32>::fmt@GOTPCREL(%rip), %rax
movq %rax, 16(%rsp)
leaq .L__unnamed_2(%rip), %rax
movq %rax, 24(%rsp)
movq , 32(%rsp)
movq [=10=], 40(%rsp)
# the address of the address of x is loaded into the arguments struct here
leaq 8(%rsp), %rax
movq %rax, 56(%rsp)
# finish populating the arguments and then call print
movq , 64(%rsp)
leaq 24(%rsp), %rdi
callq *std::io::stdio::_print@GOTPCREL(%rip)
addq , %rsp
retq
playground main 函数是创建闭包的地方,但它实际上并没有被调用,就像上面的函数一样,主要是填充复杂的 std::fmt::Arguments struct
playground::main: # @playground::main
# %bb.0:
subq , %rsp
# this creates the closure by storing a pointer to the closure's function
leaq core::ops::function::FnOnce::call_once(%rip), %rax
movl %eax, 4(%rsp)
# this stores the closure in main's `x` variable (line 3 of the example)
leaq 4(%rsp), %rax
movq %rax, 8(%rsp)
# populate the std::fmt::Arguments struct
movq core::fmt::num::imp::<impl core::fmt::Display for i32>::fmt@GOTPCREL(%rip), %rax
movq %rax, 16(%rsp)
leaq .L__unnamed_2(%rip), %rax # the contents of rdx come from .L__unnamed_2(%rip), how to evaluate this part?
movq %rax, 24(%rsp) # the contents of rdi come from rax.
movq , 32(%rsp)
movq [=11=], 40(%rsp)
# store the closure (stored in `x`) in the std::fmt::Arguments struct
leaq 8(%rsp), %rax
movq %rax, 56(%rsp)
# finish populating and call print
movq , 64(%rsp)
leaq 24(%rsp), %rdi # rdi should be the register holding the value passed to println!.
callq *std::io::stdio::_print@GOTPCREL(%rip)
addq , %rsp
retq
从 LLVM 输出来看,std::fmt::Arguments 被定义为 %"std::fmt::Arguments" = type { [0 x i64], { [0 x { [0 x i8]*, i64 }]*, i64 }, [0 x i64], { i64*, i64 }, [0 x i64], { [0 x { i8*, i64* }]*, i64 }, [0 x i64] } 并且我不了解太多内部细节,所以我不确定它为什么引用静态内存区域 .L__unnamed_2 但深入研究 std::fmt::Arguments 可能会提供更多线索
我正在尝试阅读一段 Rust 汇编代码,但实际上,它比 C/C++ 编译器生成的 ASM 代码更难阅读。那么,如何分析下面这段Rust代码的ASM代码呢?
fn main() {
let closure = |x| println!("{}", x);
let x: fn(x: i32) -> () = closure;
println!("{}", x as i32);
}
相应的汇编代码如下所示(我只粘贴了主要部分,完整版请使用此永久链接:https://play.rust-lang.org/?version=nightly&mode=release&edition=2018&gist=e7ba4844f1ce6e881912dc074152988d):
playground::main: # @playground::main
# %bb.0:
subq , %rsp
leaq core::ops::function::FnOnce::call_once(%rip), %rax
movl %eax, 4(%rsp)
leaq 4(%rsp), %rax
movq %rax, 8(%rsp)
movq core::fmt::num::imp::<impl core::fmt::Display for i32>::fmt@GOTPCREL(%rip), %rax
movq %rax, 16(%rsp)
leaq .L__unnamed_2(%rip), %rax # the contents of rdx come from .L__unnamed_2(%rip), how to evaluate this part?
movq %rax, 24(%rsp) # the contents of rdi come from rax.
movq , 32(%rsp)
movq [=11=], 40(%rsp)
leaq 8(%rsp), %rax
movq %rax, 56(%rsp)
movq , 64(%rsp)
leaq 24(%rsp), %rdi # rdi should be the register holding the value passed to println!.
callq *std::io::stdio::_print@GOTPCREL(%rip)
addq , %rsp
retq
# -- End function
main: # @main
# %bb.0:
subq , %rsp
movq %rsi, %rcx
movslq %edi, %rdx
leaq playground::main(%rip), %rax
movq %rax, (%rsp)
leaq .L__unnamed_1(%rip), %rsi
movq %rsp, %rdi
callq *std::rt::lang_start_internal@GOTPCREL(%rip)
# kill: def $eax killed $eax killed $rax
popq %rcx
retq
# -- End function
.L__unnamed_1:
.quad core::ptr::drop_in_place<std::rt::lang_start<()>::{{closure}}>
.quad 8 # 0x8
.quad 8 # 0x8
.quad std::rt::lang_start::{{closure}}
.quad std::rt::lang_start::{{closure}}
.quad core::ops::function::FnOnce::call_once{{vtable.shim}}
.L__unnamed_3:
.L__unnamed_4:
.byte 10
.L__unnamed_2:
.quad .L__unnamed_3
.zero 8
.quad .L__unnamed_4
.asciz "[=11=]1[=11=]0[=11=]0[=11=]0[=11=]0[=11=]0[=11=]0"
而且,我正在尝试找出 Rust 编译器如何处理闭包的函数指针与普通函数。因此,在这里我尝试使用闭包作为示例,但似乎找不到与变量“x”的使用相对应的任何有效汇编代码。
没有对闭包的实际调用,因此没有生成调用代码,但 x 变量的使用实际上是在一个未包含在您的 post 中的函数中,该函数具有误导性名称 core::ops::function::FnOnce::call_once 在 ASM 输出中,但在同一 playground 示例的 LLVM 输出中具有更混乱的名称 @_ZN4core3ops8function6FnOnce9call_once17hefa1aa47132c4122E 。这是闭包的实际内容(println!("{}", x))
core::ops::function::FnOnce::call_once: # @core::ops::function::FnOnce::call_once
# %bb.0:
# allocate a bunch of stack space for variables and print arguments
subq , %rsp
# %edi has the value of x passed in to the closure, which we store in a new stack allocated variable
movl %edi, 4(%rsp)
# we then load the address of that variable into another variable
leaq 4(%rsp), %rax
movq %rax, 8(%rsp)
# the following is mostly populating the std::fmt::Arguments struct which is passed to print
movq core::fmt::num::imp::<impl core::fmt::Display for i32>::fmt@GOTPCREL(%rip), %rax
movq %rax, 16(%rsp)
leaq .L__unnamed_2(%rip), %rax
movq %rax, 24(%rsp)
movq , 32(%rsp)
movq [=10=], 40(%rsp)
# the address of the address of x is loaded into the arguments struct here
leaq 8(%rsp), %rax
movq %rax, 56(%rsp)
# finish populating the arguments and then call print
movq , 64(%rsp)
leaq 24(%rsp), %rdi
callq *std::io::stdio::_print@GOTPCREL(%rip)
addq , %rsp
retq
playground main 函数是创建闭包的地方,但它实际上并没有被调用,就像上面的函数一样,主要是填充复杂的 std::fmt::Arguments struct
playground::main: # @playground::main
# %bb.0:
subq , %rsp
# this creates the closure by storing a pointer to the closure's function
leaq core::ops::function::FnOnce::call_once(%rip), %rax
movl %eax, 4(%rsp)
# this stores the closure in main's `x` variable (line 3 of the example)
leaq 4(%rsp), %rax
movq %rax, 8(%rsp)
# populate the std::fmt::Arguments struct
movq core::fmt::num::imp::<impl core::fmt::Display for i32>::fmt@GOTPCREL(%rip), %rax
movq %rax, 16(%rsp)
leaq .L__unnamed_2(%rip), %rax # the contents of rdx come from .L__unnamed_2(%rip), how to evaluate this part?
movq %rax, 24(%rsp) # the contents of rdi come from rax.
movq , 32(%rsp)
movq [=11=], 40(%rsp)
# store the closure (stored in `x`) in the std::fmt::Arguments struct
leaq 8(%rsp), %rax
movq %rax, 56(%rsp)
# finish populating and call print
movq , 64(%rsp)
leaq 24(%rsp), %rdi # rdi should be the register holding the value passed to println!.
callq *std::io::stdio::_print@GOTPCREL(%rip)
addq , %rsp
retq
从 LLVM 输出来看,std::fmt::Arguments 被定义为 %"std::fmt::Arguments" = type { [0 x i64], { [0 x { [0 x i8]*, i64 }]*, i64 }, [0 x i64], { i64*, i64 }, [0 x i64], { [0 x { i8*, i64* }]*, i64 }, [0 x i64] } 并且我不了解太多内部细节,所以我不确定它为什么引用静态内存区域 .L__unnamed_2 但深入研究 std::fmt::Arguments 可能会提供更多线索