2

I know that when a routine is called, the processor stores the memory address of the code that called the routine so that it knows where to go to continue execution when the called routine “returns.” This address (named the return instruction pointer) is stored on the stack.

I have three questions in mind:

  • Where in the stack is the Return Instruction Pointer stored?
  • How is the RIP used when a function returns?
  • and Where should this cause the program to continue execution?
zx485
  • 28,498
  • 28
  • 50
  • 59
Nan Xue
  • 35
  • 1
  • 3
  • 1
    You might want to read Martin Liversage's answer to this question: http://stackoverflow.com/questions/79923/what-and-where-are-the-stack-and-heap?rq=1 Your question isn't an exact duplicate of that question, but that answer covers about 80% of what you're asking. – Sean Werkema Apr 04 '17 at 19:32
  • Where did you learn that "RIP" meant "Return Instruction Pointer"? x86_64 assembly does have a "rip" register, but the "r" is just a general prefix applied to all 64-bit register names to distinguish them from the 32-bit and 16-bit subsets (in this case, "eip" and "ip", respectively). – Quietust Apr 04 '17 at 19:34
  • The answer is in the instruction set documentation, if you think about it when you call a function is when you are changing the program counter, and that is also the time you want to save the program counter, and if it is an architecture that saves it to the stack that is when it would do it, and when you push something on the stack you use the current stack pointer address, particularly when hardware/silicon does it. – old_timer Apr 04 '17 at 21:27

1 Answers1

4

Where in the stack is the Return Instruction Pointer stored?

Anything stored in any stack is always stored at the top of the stack. That's according to the definition of "stack".

How is the RIP used when a function returns?

When the function executes a "return" instruction, the value at the top of the stack is popped, and stored in the instruction pointer.

and Where should this cause the program to continue execution?

Where it left off. That's not the call instruction. That's the instruction immediately following the call instruction.

Mike Nakis
  • 56,297
  • 11
  • 110
  • 142
  • To make it clear, the instruction pointer, say `$eip` contains the address of the next instruction to be executed. As such when a function terminates the last thing to be popped off the stack is the `$eip`, which is the return address, ie. the next instruction to be executed, which should be in the original / caller function. – KeyC0de Jun 19 '17 at 00:41