《coredump问题原理探究》Linux x86版7.7节 set对象
看一下bits/stl_map和bits/stl_set能够看到map和set的定义例如以下:
84 template <typename _Key, typename _Tp, typename _Compare = std::less<_Key>, 85 typename _Alloc = std::allocator<std::pair<const _Key, _Tp> > > 86 class map 87 { 88 public: 89 typedef _Key key_type; 90 typedef _Tp mapped_type; 91 typedef std::pair<const _Key, _Tp> value_type; 92 typedef _Compare key_compare; 93 typedef _Alloc allocator_type; 94 95 private: 96 // concept requirements 97 typedef typename _Alloc::value_type _Alloc_value_type; 98 __glibcxx_class_requires(_Tp, _SGIAssignableConcept) 99 __glibcxx_class_requires4(_Compare, bool, _Key, _Key, 100 _BinaryFunctionConcept) 101 __glibcxx_class_requires2(value_type, _Alloc_value_type, _SameTypeConcept) 102 103 public: 104 class value_compare 105 : public std::binary_function<value_type, value_type, bool> 106 { 107 friend class map<_Key, _Tp, _Compare, _Alloc>; 108 protected: 109 _Compare comp; 110 111 value_compare(_Compare __c) 112 : comp(__c) { } 113 114 public: 115 bool operator()(const value_type& __x, const value_type& __y) const 116 { return comp(__x.first, __y.first); } 117 }; 118 119 private: 120 /// This turns a red-black tree into a [multi]map. 121 typedef typename _Alloc::template rebind<value_type>::other 122 _Pair_alloc_type; 123 124 typedef _Rb_tree<key_type, value_type, _Select1st<value_type>, 125 key_compare, _Pair_alloc_type> _Rep_type; 126 127 /// The actual tree structure. 128 _Rep_type _M_t;
85 template<typename _Key, typename _Compare = std::less<_Key>, 86 typename _Alloc = std::allocator<_Key> > 87 class set 88 { 89 // concept requirements 90 typedef typename _Alloc::value_type _Alloc_value_type; 91 __glibcxx_class_requires(_Key, _SGIAssignableConcept) 92 __glibcxx_class_requires4(_Compare, bool, _Key, _Key, 93 _BinaryFunctionConcept) 94 __glibcxx_class_requires2(_Key, _Alloc_value_type, _SameTypeConcept) 95 96 public: 97 // typedefs: 98 //@{ 99 /// Public typedefs. 100 typedef _Key key_type; 101 typedef _Key value_type; 102 typedef _Compare key_compare; 103 typedef _Compare value_compare; 104 typedef _Alloc allocator_type; 105 //@} 106 107 private: 108 typedef typename _Alloc::template rebind<_Key>::other _Key_alloc_type; 109 110 typedef _Rb_tree<key_type, value_type, _Identity<value_type>, 111 key_compare, _Key_alloc_type> _Rep_type; 112 _Rep_type _M_t; // Red-black tree representing set. 113
因为map,set的本身定义都是声明不论什么成员变量,全部成员变量都是从_Rb_tree继承过来的,唯一的区别仅仅是_Rb_tree最后參数的定义不一样.
set的特征例如以下:
1. set对象有五个成员_M_node_count标明map有多少个元素,三个指针分别指向树中最左的节点,树的根节点,树的最右节点,_M_color表明是红树还是黑树。_M_key_compare指向比較函数
2. 树的根节点的_M_parent指向头节点
3. 每个节点的值都紧跟着_M_right
看一下样例:
1 #include <set> 2 3 int main() 4 { 5 std::set<int> iSet; 6 iSet.insert( 0x523 ); 7 iSet.insert( 0x352 ); 8 iSet.insert( 0x808 ); 9 10 return 0; 11 }
看一下main函数的汇编:
(gdb) disassemble main Dump of assembler code for function main: 0x08048634 <+0>: lea 0x4(%esp),%ecx 0x08048638 <+4>: and $0xfffffff0,%esp 0x0804863b <+7>: pushl -0x4(%ecx) 0x0804863e <+10>: push %ebp 0x0804863f <+11>: mov %esp,%ebp 0x08048641 <+13>: push %esi 0x08048642 <+14>: push %ebx 0x08048643 <+15>: push %ecx 0x08048644 <+16>: sub $0x5c,%esp 0x08048647 <+19>: lea -0x54(%ebp),%eax 0x0804864a <+22>: mov %eax,(%esp) 0x0804864d <+25>: call 0x8048712 <_ZNSt3setIiSt4lessIiESaIiEEC2Ev> 0x08048652 <+30>: movl $0x523,-0x34(%ebp) 0x08048659 <+37>: lea -0x3c(%ebp),%eax 0x0804865c <+40>: lea -0x34(%ebp),%edx 0x0804865f <+43>: mov %edx,0x8(%esp) 0x08048663 <+47>: lea -0x54(%ebp),%edx 0x08048666 <+50>: mov %edx,0x4(%esp) 0x0804866a <+54>: mov %eax,(%esp) 0x0804866d <+57>: call 0x804878c <_ZNSt3setIiSt4lessIiESaIiEE6insertERKi> 0x08048672 <+62>: sub $0x4,%esp 0x08048675 <+65>: movl $0x352,-0x28(%ebp) 0x0804867c <+72>: lea -0x30(%ebp),%eax ---Type <return> to continue, or q <return> to quit--- 0x0804867f <+75>: lea -0x28(%ebp),%edx 0x08048682 <+78>: mov %edx,0x8(%esp) 0x08048686 <+82>: lea -0x54(%ebp),%edx 0x08048689 <+85>: mov %edx,0x4(%esp) 0x0804868d <+89>: mov %eax,(%esp) 0x08048690 <+92>: call 0x804878c <_ZNSt3setIiSt4lessIiESaIiEE6insertERKi> 0x08048695 <+97>: sub $0x4,%esp 0x08048698 <+100>: movl $0x808,-0x1c(%ebp) 0x0804869f <+107>: lea -0x24(%ebp),%eax 0x080486a2 <+110>: lea -0x1c(%ebp),%edx 0x080486a5 <+113>: mov %edx,0x8(%esp) 0x080486a9 <+117>: lea -0x54(%ebp),%edx 0x080486ac <+120>: mov %edx,0x4(%esp) 0x080486b0 <+124>: mov %eax,(%esp) 0x080486b3 <+127>: call 0x804878c <_ZNSt3setIiSt4lessIiESaIiEE6insertERKi> 0x080486b8 <+132>: sub $0x4,%esp 0x080486bb <+135>: mov $0x0,%ebx 0x080486c0 <+140>: lea -0x54(%ebp),%eax 0x080486c3 <+143>: mov %eax,(%esp) 0x080486c6 <+146>: call 0x80486fe <_ZNSt3setIiSt4lessIiESaIiEED2Ev> 0x080486cb <+151>: mov %ebx,%eax 0x080486cd <+153>: lea -0xc(%ebp),%esp 0x080486d0 <+156>: add $0x0,%esp ---Type <return> to continue, or q <return> to quit--- 0x080486d3 <+159>: pop %ecx 0x080486d4 <+160>: pop %ebx 0x080486d5 <+161>: pop %esi 0x080486d6 <+162>: pop %ebp 0x080486d7 <+163>: lea -0x4(%ecx),%esp 0x080486da <+166>: ret 0x080486db <+167>: mov %edx,%ebx 0x080486dd <+169>: mov %eax,%esi 0x080486df <+171>: lea -0x54(%ebp),%eax 0x080486e2 <+174>: mov %eax,(%esp) 0x080486e5 <+177>: call 0x80486fe <_ZNSt3setIiSt4lessIiESaIiEED2Ev> 0x080486ea <+182>: mov %esi,%eax 0x080486ec <+184>: mov %ebx,%edx 0x080486ee <+186>: mov %eax,(%esp) 0x080486f1 <+189>: call 0x8048564 <_Unwind_Resume@plt> End of assembler dump.
由上面汇编可知,ebp-0x54是set的this指针.
在0x080486b8指令地址打断点,验证一下set的特征是不是对的.
(gdb) x /8wx $ebp-0x54 0xbffff234: 0xbffff270 0x00000000 0x0804b008 0x0804b020 0xbffff244: 0x0804b038 0x00000003 0x0804b008 0xbffff201 (gdb) x /8wx 0x0804b008 0x804b008: 0x00000001 0xbffff238 0x0804b020 0x0804b038 0x804b018: 0x00000523 0x00000019 0x00000000 0x0804b008 (gdb) x /8x 0x0804b020 0x804b020: 0x00000000 0x0804b008 0x00000000 0x00000000 0x804b030: 0x00000352 0x00000019 0x00000000 0x0804b008 (gdb) x /8wx 0x0804b038 0x804b038: 0x00000000 0x0804b008 0x00000000 0x00000000 0x804b048: 0x00000808 0x00020fb9 0x00000000 0x00000000
可用下图表示:
可知,特征是没有问题
posted on 2017-06-03 08:49 cynchanpin 阅读(312) 评论(0) 编辑 收藏 举报