《coredump问题原理探究》Linux x86版7.9节list相关的iterator对象

来源：互联网发布：rs422数据帧格式编辑：程序博客网时间：2024/04/29 16:18

这一节，看一下list的iterator对象在内存的布局

1 #include <list>  2   3 void init( std::list<int>& lst )  4 {  5     for ( int i = 0; i < 0x10; i++ )  6     {  7         lst.push_back( i );  8     }  9 } 10  11 int getSum( std::list<int>& lst ) 12 { 13     std::list<int>::iterator iter; 14     int result = 0; 15  16     for ( iter = lst.begin(); iter != lst.end(); iter++ ) 17     { 18         result += *iter; 19     } 20  21     return result; 22 } 23  24 int main() 25 { 26     std::list<int> lst; 27     init( lst ); 28  29     return getSum( lst ); 30 }

看getSum函数的汇编:

(gdb) disassemble getSumDump of assembler code for function _Z6getSumRSt4listIiSaIiEE:   0x080486cd <+0>:push   %ebp   0x080486ce <+1>:mov    %esp,%ebp   0x080486d0 <+3>:sub    $0x38,%esp   0x080486d3 <+6>:lea    -0x18(%ebp),%eax   0x080486d6 <+9>:mov    %eax,(%esp)   0x080486d9 <+12>:call   0x8048816 <_ZNSt14_List_iteratorIiEC2Ev>   0x080486de <+17>:movl   $0x0,-0xc(%ebp)   0x080486e5 <+24>:lea    -0x1c(%ebp),%eax   0x080486e8 <+27>:mov    0x8(%ebp),%edx   0x080486eb <+30>:mov    %edx,0x4(%esp)   0x080486ef <+34>:mov    %eax,(%esp)   0x080486f2 <+37>:call   0x8048824 <_ZNSt4listIiSaIiEE5beginEv>   0x080486f7 <+42>:sub    $0x4,%esp   0x080486fa <+45>:mov    -0x1c(%ebp),%eax   0x080486fd <+48>:mov    %eax,-0x18(%ebp)   0x08048700 <+51>:jmp    0x804872f <_Z6getSumRSt4listIiSaIiEE+98>   0x08048702 <+53>:lea    -0x18(%ebp),%eax   0x08048705 <+56>:mov    %eax,(%esp)   0x08048708 <+59>:call   0x80488ba <_ZNKSt14_List_iteratorIiEdeEv>   0x0804870d <+64>:mov    (%eax),%eax   0x0804870f <+66>:add    %eax,-0xc(%ebp)   0x08048712 <+69>:lea    -0x10(%ebp),%eax   0x08048715 <+72>:movl   $0x0,0x8(%esp)   0x0804871d <+80>:lea    -0x18(%ebp),%edx   0x08048720 <+83>:mov    %edx,0x4(%esp)   0x08048724 <+87>:mov    %eax,(%esp)   0x08048727 <+90>:call   0x8048882 <_ZNSt14_List_iteratorIiEppEi>   0x0804872c <+95>:sub    $0x4,%esp   0x0804872f <+98>:lea    -0x14(%ebp),%eax   0x08048732 <+101>:mov    0x8(%ebp),%edx   0x08048735 <+104>:mov    %edx,0x4(%esp)   0x08048739 <+108>:mov    %eax,(%esp)   0x0804873c <+111>:call   0x804884a <_ZNSt4listIiSaIiEE3endEv>   0x08048741 <+116>:sub    $0x4,%esp   0x08048744 <+119>:lea    -0x14(%ebp),%eax   0x08048747 <+122>:mov    %eax,0x4(%esp)   0x0804874b <+126>:lea    -0x18(%ebp),%eax   0x0804874e <+129>:mov    %eax,(%esp)   0x08048751 <+132>:call   0x804886e <_ZNKSt14_List_iteratorIiEneERKS0_>   0x08048756 <+137>:test   %al,%al   0x08048758 <+139>:jne    0x8048702 <_Z6getSumRSt4listIiSaIiEE+53>   0x0804875a <+141>:mov    -0xc(%ebp),%eax   0x0804875d <+144>:leave     0x0804875e <+145>:ret    End of assembler dump.

可以看到list的this指针在ebp+0x8,iter的this指针在ebp-0x18.

在0x0804874b指令地址打断点.

看一下list的内容:

(gdb) x $ebp+0x80xbffff5a0:0xbffff5b8(gdb) x /8x 0xbffff5b80xbffff5b8:0x0804b0080x0804b0f80x08048c600x080485e00xbffff5c8:0x002edff40x000000000x08048c600x00000000(gdb) x /4x 0x0804b0080x804b008:0x0804b0180xbffff5b80x000000000x00000011(gdb) x /4x 0x0804b0180x804b018:0x0804b0280x0804b0080x000000010x00000011(gdb) x /4x 0x0804b0280x804b028:0x0804b0380x0804b0180x000000020x00000011(gdb) x /4x 0x0804b0380x804b038:0x0804b0480x0804b0280x000000030x00000011(gdb) x /4x 0x0804b0480x804b048:0x0804b0580x0804b0380x000000040x00000011(gdb) x /4x 0x0804b0580x804b058:0x0804b0680x0804b0480x000000050x00000011(gdb) x /4x 0x0804b0f80x804b0f8:0xbffff5b80x0804b0e80x0000000f0x00020f01(gdb) x /4x 0x0804b0e80x804b0e8:0x0804b0f80x0804b0d80x0000000e0x00000011(gdb) x /4x 0x0804b0d80x804b0d8:0x0804b0e80x0804b0c80x0000000d0x00000011

看一下iter的内容变化:

Breakpoint 1, 0x0804874b in getSum(std::list<int, std::allocator<int> >&) ()(gdb) x /4x $ebp-0x180xbffff580:0x0804b0180xbffff5b80x0804b0080x00000000(gdb) cContinuing.Breakpoint 1, 0x0804874b in getSum(std::list<int, std::allocator<int> >&) ()(gdb) x /4x $ebp-0x180xbffff580:0x0804b0280xbffff5b80x0804b0180x00000001(gdb) cContinuing.Breakpoint 1, 0x0804874b in getSum(std::list<int, std::allocator<int> >&) ()(gdb) x /4x $ebp-0x180xbffff580:0x0804b0380xbffff5b80x0804b0280x00000003(gdb) cContinuing.Breakpoint 1, 0x0804874b in getSum(std::list<int, std::allocator<int> >&) ()(gdb) x /4x $ebp-0x180xbffff580:0x0804b0480xbffff5b80x0804b0380x00000006

可以得到list的iterator也只有一个成员_M_node,指向list每个节点(头节点除外).

0 0