Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
meaning of DW_CFA_def_cfa
495 views
Skip to first unread message
Peter
May 30, 2015, 1:19:12 PM5/30/15
to
Hey
what is the meaning of DW_CFA_def_cfa, DW_CFA_def_cfa_offset and
DW_CFA_def_cfa_register. Can google them out.
thanks
from Peter
what is the meaning of DW_CFA_def_cfa, DW_CFA_def_cfa_offset and
DW_CFA_def_cfa_register. Can google them out.
thanks
from Peter
James Harris
May 30, 2015, 1:46:16 PM5/30/15
to
"Peter" <mche...@hotmail.com> wrote in message
news:mkcrec$nii$1...@speranza.aioe.org...
Dwarf 2.0 spec PDF available from
http://www.dwarfstd.org/Download.php
Apparently CFA is the canonical frame address (the canonical frame being
what is often known as an activation record or stack frame), and the
"def" in the names means "define" so the three symbols you asked about
are instructions and mean
define cfa
define cfa offset
define cfa register
The above-mentioned PDF says:
15. DW_CFA_def_cfa takes two unsigned LEB128 arguments representing a
register number and an offset. The required action is to define the
current CFA rule to use the provided register and offset.
16. DW_CFA_def_cfa_register takes a single unsigned LEB128 argument
representing a register number. The required action is to define the
current CFA rule to use the provided register (but to keep the old
offset).
17. DW_CFA_def_cfa_offset takes a single unsigned LEB128 argument
representing an offset. The required action is to define the current CFA
rule to use the provided offset (but to keep the old register).
I don't know but it sounds as though you have a pair (register, offset)
to identify where a stack frame sits in memory - and that would be
reasonable: something like RBP + 0 or ESP + 12. Define CFA defines both
register and offset. The other two instructions define just one each.
All comments are just estimates. I haven't used any of this so take what
I've said with a pinch of salt.
James
news:mkcrec$nii$1...@speranza.aioe.org...
> Hey
> what is the meaning of DW_CFA_def_cfa, DW_CFA_def_cfa_offset and
> DW_CFA_def_cfa_register. Can google them out.
You know more about Dwarf than I do but I can see them mentioned in the
> what is the meaning of DW_CFA_def_cfa, DW_CFA_def_cfa_offset and
> DW_CFA_def_cfa_register. Can google them out.
Dwarf 2.0 spec PDF available from
http://www.dwarfstd.org/Download.php
Apparently CFA is the canonical frame address (the canonical frame being
what is often known as an activation record or stack frame), and the
"def" in the names means "define" so the three symbols you asked about
are instructions and mean
define cfa
define cfa offset
define cfa register
The above-mentioned PDF says:
15. DW_CFA_def_cfa takes two unsigned LEB128 arguments representing a
register number and an offset. The required action is to define the
current CFA rule to use the provided register and offset.
16. DW_CFA_def_cfa_register takes a single unsigned LEB128 argument
representing a register number. The required action is to define the
current CFA rule to use the provided register (but to keep the old
offset).
17. DW_CFA_def_cfa_offset takes a single unsigned LEB128 argument
representing an offset. The required action is to define the current CFA
rule to use the provided offset (but to keep the old register).
I don't know but it sounds as though you have a pair (register, offset)
to identify where a stack frame sits in memory - and that would be
reasonable: something like RBP + 0 or ESP + 12. Define CFA defines both
register and offset. The other two instructions define just one each.
All comments are just estimates. I haven't used any of this so take what
I've said with a pinch of salt.
James
Peter Cheung
May 31, 2015, 3:46:36 AM5/31/15
to
James Harris於 2015年5月31日星期日 UTC+8上午1時46分16秒寫道:
Thanks for helping me, I just want to get the value of parameters, so far these are the possible ways:
1) subtract the esp by 8 blindly
2) read out the CFA, but I got two problems
a) DW_CFA_def_cfa already told you how to find the stack frame, it has register and offset. Why need DW_CFA_def_cfa_register and DW_CFA_def_cfa_offset.
b) I am jumping from multiboot to my kernel, the first function in dwarf doesn't have DW_CFA_def_cfa, is that mean if the function doesn't have DW_CFA_def_cfa, then use the one in CIE?
00000000 00000014 00000000 CIE
Version: 1
Augmentation: "zR"
Code alignment factor: 1
Data alignment factor: -4
Return address column: 8
Augmentation data: 1b
DW_CFA_def_cfa: r4 (esp) ofs 4
DW_CFA_offset: r8 (eip) at cfa-4
DW_CFA_nop
DW_CFA_nop
00000018 00000018 0000001c FDE cie=00000000 pc=01600000..01600737
DW_CFA_advance_loc: 1 to 01600001
DW_CFA_def_cfa_offset: 8
DW_CFA_offset: r5 (ebp) at cfa-8 <------ we don't have DW_CFA_def_cfa here
DW_CFA_advance_loc: 2 to 01600003
DW_CFA_def_cfa_register: r5 (ebp)
DW_CFA_advance_loc: 7 to 0160000a
DW_CFA_offset: r3 (ebx) at cfa-12
00000034 00000020 00000038 FDE cie=00000000 pc=01600737..01600ba5
DW_CFA_advance_loc: 1 to 01600738
DW_CFA_def_cfa_offset: 8
DW_CFA_offset: r5 (ebp) at cfa-8
DW_CFA_advance_loc: 2 to 0160073a
DW_CFA_def_cfa_register: r5 (ebp)
DW_CFA_advance_loc: 4 to 0160073e
DW_CFA_offset: r3 (ebx) at cfa-12
DW_CFA_advance_loc2: 1126 to 01600ba4
DW_CFA_restore: r5 (ebp)
reg_prefix.length=0
DW_CFA_restore: r3 (ebx)
reg_prefix.length=0
DW_CFA_def_cfa: r4 (esp) ofs 4
3) read the .debug_loc, some people said this section will tell you how to find the stack frame in whatever code location. But my problem is : my kernel start at 0x1600000, i dump out this section using objdump, the starting address is much higher than 0x1600000, i don't know what i doing wrong
Contents of the .debug_loc section:
Offset Begin End Expression
00000000 016076a3 016076a8 (DW_OP_reg0 (eax))
0000000b <End of list>
00000013 016076d3 016076d8 (DW_OP_reg0 (eax))
0000001e <End of list>
00000026 01607703 01607708 (DW_OP_reg0 (eax))
00000031 <End of list>
thanks again
Peter
1) subtract the esp by 8 blindly
2) read out the CFA, but I got two problems
a) DW_CFA_def_cfa already told you how to find the stack frame, it has register and offset. Why need DW_CFA_def_cfa_register and DW_CFA_def_cfa_offset.
b) I am jumping from multiboot to my kernel, the first function in dwarf doesn't have DW_CFA_def_cfa, is that mean if the function doesn't have DW_CFA_def_cfa, then use the one in CIE?
00000000 00000014 00000000 CIE
Version: 1
Augmentation: "zR"
Code alignment factor: 1
Data alignment factor: -4
Return address column: 8
Augmentation data: 1b
DW_CFA_def_cfa: r4 (esp) ofs 4
DW_CFA_offset: r8 (eip) at cfa-4
DW_CFA_nop
DW_CFA_nop
00000018 00000018 0000001c FDE cie=00000000 pc=01600000..01600737
DW_CFA_advance_loc: 1 to 01600001
DW_CFA_def_cfa_offset: 8
DW_CFA_offset: r5 (ebp) at cfa-8 <------ we don't have DW_CFA_def_cfa here
DW_CFA_advance_loc: 2 to 01600003
DW_CFA_def_cfa_register: r5 (ebp)
DW_CFA_advance_loc: 7 to 0160000a
DW_CFA_offset: r3 (ebx) at cfa-12
00000034 00000020 00000038 FDE cie=00000000 pc=01600737..01600ba5
DW_CFA_advance_loc: 1 to 01600738
DW_CFA_def_cfa_offset: 8
DW_CFA_offset: r5 (ebp) at cfa-8
DW_CFA_advance_loc: 2 to 0160073a
DW_CFA_def_cfa_register: r5 (ebp)
DW_CFA_advance_loc: 4 to 0160073e
DW_CFA_offset: r3 (ebx) at cfa-12
DW_CFA_advance_loc2: 1126 to 01600ba4
DW_CFA_restore: r5 (ebp)
reg_prefix.length=0
DW_CFA_restore: r3 (ebx)
reg_prefix.length=0
DW_CFA_def_cfa: r4 (esp) ofs 4
3) read the .debug_loc, some people said this section will tell you how to find the stack frame in whatever code location. But my problem is : my kernel start at 0x1600000, i dump out this section using objdump, the starting address is much higher than 0x1600000, i don't know what i doing wrong
Contents of the .debug_loc section:
Offset Begin End Expression
00000000 016076a3 016076a8 (DW_OP_reg0 (eax))
0000000b <End of list>
00000013 016076d3 016076d8 (DW_OP_reg0 (eax))
0000001e <End of list>
00000026 01607703 01607708 (DW_OP_reg0 (eax))
00000031 <End of list>
thanks again
Peter
James Harris
Jun 1, 2015, 3:57:08 AM6/1/15
to
"Peter Cheung" <mche...@gmail.com> wrote in message
news:5b04a939-5f9a-40e6...@googlegroups.com...
>James Harris? 2015?5?31???? UTC+8??1?46?16???:
You mean you want to find the parameters passed to your code by the boot
loader you are using? I'll assume that below.
> so far these are the possible ways:
>
>1) subtract the esp by 8 blindly
Doesn't sound good. When your code starts it seems that ESP is expected
to point to a return address. If it was called with a normal x86 call
instruction the first parameter passed to your code would start at ESP +
4.
>2) read out the CFA,
Are you trying to read and parse Dwarf structures in your OS so you can
find the parameters? If so it may be better to just work with the
interface defined by the boot loader that calls your OS and forget about
Dwarf, IMO.
Or are you interested in Dwarf because you want to run your OS under a
debugger? If so I can understand your questions.
> but I got two problems
> a) DW_CFA_def_cfa already told you how to find the stack frame, it
> has register and offset. Why need DW_CFA_def_cfa_register and
> DW_CFA_def_cfa_offset.
Updates to the CFA definition are needed because the it may change as
execution progresses. I have been reading up on this and my
understanding may not be correct but ISTM that Dwarf provides
instructions to change the register and offset individually just because
that is more convenient. AFAICT it always knows which register and which
offset are needed but it allows just one to be changed at a time.
It seems that one has to start with the CIE (Common Information Entry)
and then work through each entry in an FDE (Frame Description Entry). In
your case the initial CFA is defined as (ESP + 4) and ESP points at the
return EIP.
> b) I am jumping from multiboot to my kernel, the first function in
> dwarf doesn't have DW_CFA_def_cfa, is that mean if the function
> doesn't have DW_CFA_def_cfa, then use the one in CIE?
Yes, start with the CIE. Each FDE refers back to a CIE and that CIE,
AIUI, can define the initial conditions before the FDE instructions are
looked at. So for each FDE one can start with the associated CIE.
>00000000 00000014 00000000 CIE
> Version: 1
> Augmentation: "zR"
> Code alignment factor: 1
> Data alignment factor: -4
> Return address column: 8
> Augmentation data: 1b
>
> DW_CFA_def_cfa: r4 (esp) ofs 4
This seems to say that the CFA is at ESP + 4. (AFAICT offsets are
positive so this means ESP + 4, not ESP - 4.)
> DW_CFA_offset: r8 (eip) at cfa-4
Meaning that EIP is stored at CFA - 4 (aka ESP + 0 at this point).
> DW_CFA_nop
> DW_CFA_nop
>
>00000018 00000018 0000001c FDE cie=00000000 pc=01600000..01600737
> DW_CFA_advance_loc: 1 to 01600001
Advance by 1 needed because the instruction at 1600000 is a 1-byte push
instruction and has changed ESP.
> DW_CFA_def_cfa_offset: 8
CFA (which was at offset 4) is now at offset 8. In this case, CFA is at
ESP + 8. Its definition had to be changed because ESP changed.
> DW_CFA_offset: r5 (ebp) at cfa-8 <------ we don't have
> DW_CFA_def_cfa here
I think this only means that EBP is now stored at CFA - 8.
> DW_CFA_advance_loc: 2 to 01600003
> DW_CFA_def_cfa_register: r5 (ebp)
The CFA register is now EBP so the CFA is now at EBP + 8. Presumably you
have the following instruction.
mov ebp, esp
EBP is now used as the frame pointer so Dwarf has changed to use it as
the basis for calculating the CFA address. The offset of CFA has not
changed.
This is a different issue which I haven't looked at - and maybe you
don't need now? :-)
James
news:5b04a939-5f9a-40e6...@googlegroups.com...
>James Harris? 2015?5?31???? UTC+8??1?46?16???:
loader you are using? I'll assume that below.
> so far these are the possible ways:
>
>1) subtract the esp by 8 blindly
to point to a return address. If it was called with a normal x86 call
instruction the first parameter passed to your code would start at ESP +
4.
>2) read out the CFA,
find the parameters? If so it may be better to just work with the
interface defined by the boot loader that calls your OS and forget about
Dwarf, IMO.
Or are you interested in Dwarf because you want to run your OS under a
debugger? If so I can understand your questions.
> but I got two problems
> a) DW_CFA_def_cfa already told you how to find the stack frame, it
> has register and offset. Why need DW_CFA_def_cfa_register and
> DW_CFA_def_cfa_offset.
execution progresses. I have been reading up on this and my
understanding may not be correct but ISTM that Dwarf provides
instructions to change the register and offset individually just because
that is more convenient. AFAICT it always knows which register and which
offset are needed but it allows just one to be changed at a time.
It seems that one has to start with the CIE (Common Information Entry)
and then work through each entry in an FDE (Frame Description Entry). In
your case the initial CFA is defined as (ESP + 4) and ESP points at the
return EIP.
> b) I am jumping from multiboot to my kernel, the first function in
> dwarf doesn't have DW_CFA_def_cfa, is that mean if the function
> doesn't have DW_CFA_def_cfa, then use the one in CIE?
AIUI, can define the initial conditions before the FDE instructions are
looked at. So for each FDE one can start with the associated CIE.
>00000000 00000014 00000000 CIE
> Version: 1
> Augmentation: "zR"
> Code alignment factor: 1
> Data alignment factor: -4
> Return address column: 8
> Augmentation data: 1b
>
> DW_CFA_def_cfa: r4 (esp) ofs 4
positive so this means ESP + 4, not ESP - 4.)
> DW_CFA_offset: r8 (eip) at cfa-4
> DW_CFA_nop
> DW_CFA_nop
>
>00000018 00000018 0000001c FDE cie=00000000 pc=01600000..01600737
> DW_CFA_advance_loc: 1 to 01600001
instruction and has changed ESP.
> DW_CFA_def_cfa_offset: 8
CFA (which was at offset 4) is now at offset 8. In this case, CFA is at
ESP + 8. Its definition had to be changed because ESP changed.
> DW_CFA_offset: r5 (ebp) at cfa-8 <------ we don't have
> DW_CFA_def_cfa here
> DW_CFA_advance_loc: 2 to 01600003
> DW_CFA_def_cfa_register: r5 (ebp)
have the following instruction.
mov ebp, esp
EBP is now used as the frame pointer so Dwarf has changed to use it as
the basis for calculating the CFA address. The offset of CFA has not
changed.
don't need now? :-)
James
Peter Cheung
Jun 6, 2015, 12:45:37 PM6/6/15
to
James Harris於 2015年6月1日星期一 UTC+8下午3時57分08秒寫道:
Thank you James for the great reply. I am fully understand it now. The big different between chinese and english language is that: I need to be very careful about the "at/in/on/of" words.
0 new messages