前端之家

  1. 首页
  2. 问答

printf在共享内存中做了什么

问答 
#define _GNU_SOURCE  
#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
void func();
void main(int argc,char **argv)
{
    printf("i am main\n");
    int clone_flag,arg,retval;
    char *stack;
    clone_flag=CLONE_VM|CLONE_SIGHAND;
    stack=(char*)malloc(4096);
    retval=clone((void*)func,&(stack[4095]),clone_flag,NULL);
    stack=(char*)malloc(4096);
    retval=clone((void*)func,NULL); 
}
void func()
{
    int i;
    for(i=0;i<3;i++)
    {
    printf("i: %d\n ",i);
    }
}

输出:

i am main
i: 0   
i: 1

strace -f 

5915  fstat(1,{st_mode=S_IFCHR|0600,st_rdev=makedev(4,1),...}) = 0
5915  ioctl(1,TCGETS,{B38400 opost isig icanon echo ...}) = 0
5915  brk(NULL)                         = 0xaf2000
5915  brk(0xb14000)                     = 0xb14000
5915  write(1,"i am main\n",10)       = 10
5915  clone(child_stack=0xaf400f,flags=CLONE_VM|CLONE_SIGHAND) = 5916
5915  clone(child_stack=0xaf501f,flags=CLONE_VM|CLONE_SIGHAND) = 5917
5915  exit_group(5917)                  = ?
5915  +++ exited with 29 +++
5917  write(1,"i",1)                  = 1
5917  write(1,": 0\n ",5)             = 5
5917  write(1,": 1\n ",5)             = 5
5916  --- SIGSEGV {si_signo=SIGSEGV,si_code=SEGV_MAPERR,si_addr=0xaf194f} ---
5916  +++ killed by SIGSEGV (core dumped) +++
5917  +++ killed by SIGSEGV +++

gdb ./a.out核心

Core was generated by `./a.out'.
Program terminated with signal SIGSEGV,Segmentation fault.
#0  buffered_vfprintf (s=0x7f737fd43620 <_IO_2_1_stdout_>,format=0x40074e "i: %d\n ",args=0x1f49f27) at vfprintf.c:2299
2299    vfprintf.c: No such file or directory.
[Current thread is 1 (LWP 6280)]
(gdb) where
#0  buffered_vfprintf (s=0x7f737fd43620 <_IO_2_1_stdout_>,args=0x1f49f27) at vfprintf.c:2299
#1  0x00007f737f9cb32d in _IO_vfprintf_internal (
    s=0x7f737fd43620 <_IO_2_1_stdout_>,ap=ap@entry=0x1f49f27) at vfprintf.c:1293
#2  0x00007f737f9d3899 in __printf (format=<optimized out>) at printf.c:33
#3  0x00000000004006a8 in func () at code.c:23
#4  0x00007f737fa8541d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

如果我删除“ printf(“我是主要用户\ n”);“,这会造成混乱 该代码将运行良好

strace 

5937  brk(NULL)                         = 0x1f75000
5937  brk(0x1f97000)                    = 0x1f97000
5937  clone(child_stack=0x1f75fff,flags=CLONE_VM|CLONE_SIGHAND) = 5938
5937  clone(child_stack=0x1f7700f,flags=CLONE_VM|CLONE_SIGHAND) = 5939
5937  exit_group(5939)                  = ?
5937  +++ exited with 51 +++
5939  fstat(1,...}) = 0
5939  ioctl(1,{B38400 opost isig icanon echo ...}) = 0
5939  write(1,"i: 0\n",5)             = 5
5939  write(1," i: 1\n",6)            = 6
5939  write(1," i: 2\n",6)            = 6
5938  write(1," i: 2\ni: 0\n",11)     = 11
5939  exit_group(6)                     = ?
5939  +++ exited with 6 +++
5938  write(1,6)            = 6
5938  exit_group(6)                     = ?
5938  +++ exited with 6 +++

为什么“ printf”有很大的不同?(顺便说一下,为什么SIGSEGV杀死了另一个进程?)

lzr5210 回答:printf在共享内存中做了什么

您对printf的调用使可用堆栈溢出。 4096字节不足以完成所有需要的工作。要确认,这是一个示例gdb会话:

Reading symbols from ./a.out...done.
(gdb) break 14
Breakpoint 1 at 0x400624: file source.c,line 14.
(gdb) break 16
Breakpoint 2 at 0x400659: file source.c,line 16.
(gdb) break func
Breakpoint 3 at 0x40068b: file source.c,line 21.
(gdb) run
Starting program: a.out 
i am main

Breakpoint 1,main (argc=1,argv=0x7fffffffe3a8) at source.c:14
14      retval=clone((void*)func,&(stack[4095]),clone_flag,NULL);
(gdb) print/x stack
$1 = 0x602420
(gdb) cont
Continuing.
[New LWP 25381]
[Switching to LWP 25381]

Thread 2 hit Breakpoint 3,func () at source.c:21
21      for(i=0;i<3;i++)
(gdb) print/x &i
$2 = 0x60340b
(gdb) watch $rsp < 0x602420 
Watchpoint 4: $rsp < 0x602420

我已要求gdb在堆栈指针(在x86-64机器上为$rsp;根据您的CPU可能需要一个不同的寄存器)低于分配的堆栈范围的开始时停止

(gdb) cont
Continuing.
[Switching to LWP 25375]

Thread 1 "a.out" hit Breakpoint 2,argv=0x7fffffffe3a8) at source.c:16
16      retval=clone((void*)func,NULL);
(gdb) print/x stack
$3 = 0x603430
(gdb) cont
Continuing.
[New LWP 25383]
[Switching to LWP 25383]

Thread 3 hit Breakpoint 3,func () at source.c:21
21      for(i=0;i<3;i++)
(gdb) cont
Continuing.
[Switching to LWP 25381]

Thread 2 hit Watchpoint 4: $rsp < 0x602420

Old value = 0 
New value = 1
buffered_vfprintf (s=0x7ffff7dd2620 <_IO_2_1_stdout_>,format=0x40074e "i: %d\n ",args=0x603327) at vfprintf.c:2295
2295        vfprintf.c: No such file or directory.
(gdb) where
#0  buffered_vfprintf (s=0x7ffff7dd2620 <_IO_2_1_stdout_>,args=0x603327) at vfprintf.c:2295
#1  0x00007ffff7a5a32d in _IO_vfprintf_internal (s=0x7ffff7dd2620 <_IO_2_1_stdout_>,ap=ap@entry=0x603327) at vfprintf.c:1293
#2  0x00007ffff7a62899 in __printf (format=<optimised out>) at printf.c:33
#3  0x00000000004006a8 in func () at source.c:23
#4  0x00007ffff7b1441d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

我们现在可以看到堆栈指针已经远远低于分配的堆栈范围。

(gdb) print/x $rsp
$4 = 0x600c4f

关于printf的不同之处,您可以比较执行跟踪(使用a simple si loop生成)。我发现他们在this test第一发散:

   if (UNBUFFERED_P (s))
     /* Use a helper function which will allocate a local temporary buffer
        for the stream and then call us again.  */
     return buffered_vfprintf (s,format,ap,mode_flags);

似乎早先对printf的调用已将stdout的模式更改为“无缓冲”,因此后面的printf需要更深入地使用它。您可以通过将第一个printf替换为setbuf(stdout,NULL)来重现此内容。

但是,真正的问题不是printf为何有所作为,而是“那是如何工作的?”。共有三个进程,其中两个进程对它们共享的内存空间一无所知,因此,何时以及何时中断取决于时间。

cclonelinuxmultithreadingprintf
本文链接:https://www.f2er.com/3151546.html

大家都在问