Formation and release of function stack frame

1. Characteristics of stack area

Stack area grows from high address to low address ： The high address is the bottom of the stack , The low address is the top of the stack , Also use high address space while using low address space .

But by the starting address （ The lowest address ）, The byte addresses where variables are stored are sequential and increasing

This is why the elements of an array are incremented by addresses , Although the stack grows from high address to low address , But the array as a whole makes room on the stack , The addresses of the other elements of the array are incremented

2. Function stack frame

Before talking about the function stack frame, first look at the commonly used assembly instructions , And registers

The next step is to main Function call Add Function as an example , Elaborate call Add function , Form function stack frame , The detailed process of releasing stack frame after function call , It involves forming temporary variables , Form function stack frame , Function ends how to destroy the stack frame , How to return to call Add Functional main Continue to execute the following code in .

vs2013 There is stack randomization processing ( The addresses of relevant data may be different ), Rerunning the code may result in , The relevant data you see may not be consistent each time , But we focus on the principles and processes of change ,

Let's take a look at the whole process of function call

The next step is to go through the code section by section

main Functions are also called by other functions

main Function is called by another function , Then form main Stack frame of function （ Allocate a block of memory on the stack ）.

How did it form here main Stack frame , When we're done main Function call Add Function formation Add The stack framing process of the function is understood .

int x =0xA Before the corresponding assembly code is executed

int x =0xA After the corresponding assembly code is executed

int y =0xB And int z =0 After execution , Similar to the above process

Three variables allocate memory and initialize .

formation x,y The temporary variable of a,b（ Shape parameter ）

summary :

1. Temporary variables are formed when a function is formally called
2. The order of formal parameter instantiation is from right to left

Next, start calling Add function


The function call contains two
1. Press in return address （ Stack return address ）
2. Go to the objective function

Second, good understanding , To be called Add The function must be transferred to Add Execute in function Add Function code , But when the function is called, it must return main Function continues to execute subsequent code , So you must save the return address -> return main Function call Add The next instruction of the function .

Return the address to the stack , Move the top of the stack up

The next step is to create Add Function stack frame , But before that, you need to store online main Save the address at the bottom of the function stack （ Push ）, because Add After the function is called , Destroy stack frame , At this point, the pointer at the bottom of the stack ebp And stack top pointer esp To redirect main Function stack frame bottom and top of stack , So it must be saved in advance main Function stack frame bottom address .

First save main Function stack frame bottom address

The next step is to form Add Stack frame of function
First step ：


The second step

summary ：

When a function is called , namely Add When the function is called , The compiler will automatically form Add Function stack frame , As for the stack frame size of the function , The compiler will also estimate the size of the function stack frame according to the variables in the function and the types of variables , In a word, the function stack frame is handled by the compiler

Add After the function stack frame is successfully opened , Start execution Add Code in function , Realize variable allocation memory and initialization and data operation .

int c =0 Before the corresponding assembly code is executed

int c =0 After the corresponding assembly code is executed

At this time will be c The variable allocates space and initializes to 0

The next step is to add

ebp+8 It's preserved 0xA That is to say a Variable
ebp+c It's preserved 0xB That is to say b Variable


It's done at this point c=a+b

The final return will be c Write the value of eax In the temporary register , in other words Add The return value of the CPU The temporary register in returns

The next step is function call completion , Release Add Stack frame of function , return main Execute in function , Pointer at the bottom of the stack ebp And stack top pointer esp Point back to main The bottom and top of the stack frame of the function

The following code is equivalent to releasing Add Stack frame of function

Make stack bottom pointer ebp Point back to main Function stack frame stack bottom



here eip Register gets the return address at the top of the stack , Then you can return to main Execute in function main Function follow-up code

go back to main Function , Direct execution
add esp,8 That is to let esp Move backward 8 A unit of , That is, release the original temporary variable

Since then Add Function stack frame destruction , So the stack elements are completely destroyed, including the two temporary variables that were originally stacked

The next step is to receive the return value , We have already talked about the return value c The value of the variable is already stored in eax Temporary register , You will now eax Return value in 0x15, Move to ebp-20h Medium but ebp-20h The content is z Variable , It is equivalent to putting the return value into z variable


So far, the whole call Add Function to create a stack frame , The process of releasing stack frames after execution is completed

Other function calls are similar ,main Functions are also called by other functions , When main When the function is called , The compiler automatically forms main Function stack frame , etc. main After the function is executed, it will also be released main The stack frame

summary :
The whole process returned by the function call

1. Call function , You need to form a temporary copy first , The formation process is from right to left
2. Development of temporary space , It is opened up inside the corresponding function stack frame , Function call completed , The stack frame structure is released , Therefore, the space of variables in the function is also released , So temporary variables are temporary .
3. There is a cost to calling a function , The cost is reflected in time and space , The essence is that there is a cost to form and release stack frames
4. Function call , Temporary variable caused by copy , The positional relationship between variables is regular