I'm doing some work on SGI's kdb and I need a sanity check on an
algorithm for finding the kernel stack frames on ix86.
1) Given the PC, find the start of the function.
2) If the function starts with pushl %ebp, movl %esp,%ebp then it was
compiled with frame pointers, use ebp to get the stack frame.
Special cases if the PC is in the first two instructions or there
was a breakpoint in the first two instructions.
3) No frame pointer. Scan up the stack looking for addresses that are
within the .text or .text.init sections, I have section data. If
the code just before that address is "call address", "call *%reg" or
"call *address(,%eax,4)" then assume that this is the return EIP.
(1) and (2) should always be safe. (3) will have false positives if it
finds an old return address still on stack, part of an old frame that
has not been overwritten yet. AFAICT there is nothing I can do about
that. Are there any cases where (3) would miss a frame, i.e. where a
routine is not entered via one of the 3 versions of call?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:13 EST