Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Retrieving current stack pointer from /proc/pid/stat

I'm executing a basic C program using gdb. I have a break point at the start of main(). After running the code, gdb breaks at main() as expected. Now if I examine the stack pointer register (rsp), i'm seeing

0x7fffffffe170: 0x00000000. 

When I retrieve the same information using cat /proc/17232/stat | cut -d" " -f29/proc (where 17232 is pid for this process), I'm seeing:

140737488347112 (which in hex is: 0x7fffffffdfe8). 

How come we see a different value of current stack pointer from gdb. And also, why gdb is showing contents of rsp as NULL (0x00000000)?

Thanks.

like image 941
Chandan Avatar asked Feb 20 '13 05:02

Chandan


People also ask

What is in Proc PID stat?

It is the address of a location in the kernel where the process is sleeping. The corresponding symbolic name can be found in /proc/[pid]/wchan.

What is the difference between stack pointer and program counter?

The main difference between stack pointer and program counter is that the stack pointer is a register that stores the address of the last program request in a stack while the program counter is a register that stores the address of the next instruction to be executed from the memory.


1 Answers

Printing the rsp register (on 64b cpus) from /proc

(gdb) info register rsp
rsp            0x7fffffffe480   0x7fffffffe480 

gives indeed a different value compared to the one from /proc

me@linux:~$ cat /proc/22219/stat | cut -d" " -f29 | perl -e 'print(sprintf("%x\n",<>));'
7fffffffe338

since gdb has to force an interruption in the program at the beginning of the main function in order to take over the execution, and a minimal set of data (return address, some registers backup) is saved onto the stack. gdb then, uses its own stack not to overflow the program one, and makes the necessary adjustment operations when you request to view the registers, or work on the stack data - and does not show the internal gdb cooking. However /proc shows the real data, unchanged.

The "real" rsp from /proc is actually slightly less than the gdb one, since on x86 cpus the stack grows downward.

As for the null value, it didn't happen during my tests

(gdb) x 0x7fffffffe480
0x7fffffffe480: 0xffffe578
like image 192
Déjà vu Avatar answered Nov 04 '22 07:11

Déjà vu