C 到 ASM 增量导致段错误
C to ASM increment causes Segfault
我有以下 C 程序:
#include <stdio.h>
int main() {
int i = 0;
int N = 10;
while(i < N) {
printf("counting to %d: %d", N, i);
//i = i + 1;
}
return 0;
}
我想先将它编译成汇编,然后再编译成二进制以供教学使用。因此,我发出以下命令:
$ gcc -S count.c -o count.s
$ as -o count.o count.s
$ ld -o count -e main -dynamic-linker /lib64/ld-linux-x86-64.so.2 /usr/lib/x86_64-linux-gnu/libc.so count.o -lc
它们分别将 C 编译为程序集,assemble 将程序集编译为二进制文件,然后 link 包含 printf
函数的库。
这行得通。输出:
counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0
等等,直到我 ctrl-c 程序。
但是,当我取消注释 i = i + 1
行时:
Segmentation fault (core dumped)
这里出了什么问题?
更新:这里是 count.s
(包括 i = i + 1
行)
.file "count.c"
.text
.section .rodata
.LC0:
.string "counting to %d: %d"
.text
.globl main
.type main, @function
main:
.LFB0:
.cfi_startproc
pushq %rbp
.cfi_def_cfa_offset 16
.cfi_offset 6, -16
movq %rsp, %rbp
.cfi_def_cfa_register 6
subq , %rsp
movl [=14=], -8(%rbp)
movl , -4(%rbp)
jmp .L2
.L3:
movl -8(%rbp), %edx
movl -4(%rbp), %eax
movl %eax, %esi
leaq .LC0(%rip), %rdi
movl [=14=], %eax
call printf@PLT
addl , -8(%rbp)
.L2:
movl -8(%rbp), %eax
cmpl -4(%rbp), %eax
jl .L3
movl [=14=], %eax
leave
.cfi_def_cfa 7, 8
ret
.cfi_endproc
.LFE0:
.size main, .-main
.ident "GCC: (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0"
.section .note.GNU-stack,"",@progbits
如果你在Linux64位的main函数末尾添加:
mov eax, 60
xor edi, edi
syscall
在 linux 32
mov eax 1
xor ebx,ebx
int 0x80
下面的内容对我来说在 Ubuntu 20 上工作得很好(摘自 Ciro Santilli 在 Linking a C program directly with ld fails with undefined reference to `__libc_csu_fini` 的回答)。
gcc -S count.c -o count.s
as -o count.o count.s
ld -o count -dynamic-linker /lib64/ld-linux-x86-64.so.2 /usr/lib/x86_64-linux-gnu/crt1.o /usr/lib/x86_64-linux-gnu/crti.o -L/usr/lib/gcc/x86_64-linux-gnu/4.8/ -lc count.o /usr/lib/x86_64-linux-gnu/crtn.o
我有以下 C 程序:
#include <stdio.h>
int main() {
int i = 0;
int N = 10;
while(i < N) {
printf("counting to %d: %d", N, i);
//i = i + 1;
}
return 0;
}
我想先将它编译成汇编,然后再编译成二进制以供教学使用。因此,我发出以下命令:
$ gcc -S count.c -o count.s
$ as -o count.o count.s
$ ld -o count -e main -dynamic-linker /lib64/ld-linux-x86-64.so.2 /usr/lib/x86_64-linux-gnu/libc.so count.o -lc
它们分别将 C 编译为程序集,assemble 将程序集编译为二进制文件,然后 link 包含 printf
函数的库。
这行得通。输出:
counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0counting to 10: 0
等等,直到我 ctrl-c 程序。
但是,当我取消注释 i = i + 1
行时:
Segmentation fault (core dumped)
这里出了什么问题?
更新:这里是 count.s
(包括 i = i + 1
行)
.file "count.c"
.text
.section .rodata
.LC0:
.string "counting to %d: %d"
.text
.globl main
.type main, @function
main:
.LFB0:
.cfi_startproc
pushq %rbp
.cfi_def_cfa_offset 16
.cfi_offset 6, -16
movq %rsp, %rbp
.cfi_def_cfa_register 6
subq , %rsp
movl [=14=], -8(%rbp)
movl , -4(%rbp)
jmp .L2
.L3:
movl -8(%rbp), %edx
movl -4(%rbp), %eax
movl %eax, %esi
leaq .LC0(%rip), %rdi
movl [=14=], %eax
call printf@PLT
addl , -8(%rbp)
.L2:
movl -8(%rbp), %eax
cmpl -4(%rbp), %eax
jl .L3
movl [=14=], %eax
leave
.cfi_def_cfa 7, 8
ret
.cfi_endproc
.LFE0:
.size main, .-main
.ident "GCC: (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0"
.section .note.GNU-stack,"",@progbits
如果你在Linux64位的main函数末尾添加:
mov eax, 60
xor edi, edi
syscall
在 linux 32
mov eax 1
xor ebx,ebx
int 0x80
下面的内容对我来说在 Ubuntu 20 上工作得很好(摘自 Ciro Santilli 在 Linking a C program directly with ld fails with undefined reference to `__libc_csu_fini` 的回答)。
gcc -S count.c -o count.s
as -o count.o count.s
ld -o count -dynamic-linker /lib64/ld-linux-x86-64.so.2 /usr/lib/x86_64-linux-gnu/crt1.o /usr/lib/x86_64-linux-gnu/crti.o -L/usr/lib/gcc/x86_64-linux-gnu/4.8/ -lc count.o /usr/lib/x86_64-linux-gnu/crtn.o