What is `x/24x $esp` mean?

Question

I'm running xv6 - operating system made from MIT. I'm running gdb to check the stack pointer(?). And I'm running gdb to see the value of stack pointer registers.

My professor said "Let's look at the stack" then typed x/24x $esp.

Question: What is x, /, 24, $esp??? $esp is just a stack pointer showing the current address of the stack register?

The output I got is:

(gdb) x/24x $esp
0x7bdc: 0x00007db4  0x00000000  0x00000000  0x00000000
0x7bec: 0x00000000  0x00000000  0x00000000  0x00000000
0x7bfc: 0x00007c4d  0x8ec031fa  0x8ec08ed8  0xa864e4d0
0x7c0c: 0xb0fa7502  0xe464e6d1  0x7502a864  0xe6dfb0fa
0x7c1c: 0x16010f60  0x200f7c78  0xc88366c0  0xc0220f01
0x7c2c: 0x087c31ea  0x10b86600  0x8ed88e00  0x66d08ec0

I found some reference from Google:

x/6x $esp in order to see what int put on the stack.

(gdb) x/6x $esp
0x7bdc: 0x00007db4  0x00000000  0x00000000  0x00000000
0x7bec: 0x00000000  0x00000000

which doesn't make sense to me.

P.S I need to find the start of the stack and the items on the stack at this point. (once I understand this command!)

Reference: https://pdos.csail.mit.edu/6.828/2012/lec/l-interrupt.html

It seems to be some kind of personal notation used by your prof. So better ask him. — zx485, Jan 24 '18 at 16:55
Have you tried looking at the documentation? What program did your professor type this into? — fuz, Jan 24 '18 at 16:55
Reference: https://pdos.csail.mit.edu/6.828/2012/lec/l-interrupt.html — merry-go-round, Jan 24 '18 at 17:11
`x` command means examine memory. `/24x` mean to print out the next 24 values in HEX notation.. By default for general memory queries the default is to display DWORDS (32-bit values). The address to start displaying at is specified as `$esp`. So the command you have displays 24 DWORD values in HEX starting at the address in the ESP register. (in GDB registers need to have a `$` prepended to them). You can get help on instructions via `help` at GDB command line. `help x` would tell you how the `x` command works. — Michael Petch, Jan 24 '18 at 17:22

wallyk · Accepted Answer · 2018-01-24T17:23:04.977

6

That is a gdb command which says to display (examine) 24 words at the top of the stack in hex.

One would do that to see the current function's return address, stack frame pointer, function parameters, and local variables.

Oh, I see: You might not be familiar with stacks.

On 99% of all processors, stacks grow up (toward lower-numbered memory), the reverse of an array. See this article which helpfully contains this diagram:

This is worth spending a few hours reading and understanding. Stacks are extremely important in computing.

edited Jan 24 '18 at 17:23

answered Jan 24 '18 at 17:16

wallyk

56,922
16
83
148

Actually by default when no type information is given (or available), on x86 GDB defaults to displaying DWORDs (32-bit values), not 16-bit WORDs – Michael Petch Jan 24 '18 at 17:23
1

@MichaelPetch: `WORD` and `DWORD` are Microsoft-specific concepts. I rarely speak *Microsoft*. A computer word is specified by the architecture. On a 32-bit machine, it is 32 bits. On a 64-bit machine, a word is 64 bits. – wallyk Jan 24 '18 at 17:24
So it shows Locals of DrawLine, Return Address, Parameters for Drawline, ... from stack's top Order??? – merry-go-round Jan 24 '18 at 17:27
DWORD isn't just isn't a Microsoftism. I happened to specify there size in parentheses. You answer suggests then that if you were to debug a 64-bit program with GDB that your definition of WORD would be displayed (64-bit values by your definition). Even in x86-64 GDB defaults to 32-bit DWORD values for general memory display unless you override it. GDB's defaults for memory display on x86 platforms do not default based on architecture word size. – Michael Petch Jan 24 '18 at 17:27
@JohnBaek: Yes. It requires some research to determine which is what, but the layout *pattern* is very standard. – wallyk Jan 24 '18 at 17:28
Cool thanks!. So to find the start of the stack, I need to find the length of the stack. And to find the items on the stack, I need to do some research on xv6's stack on assembly code. Cool – merry-go-round Jan 24 '18 at 17:29
@JohnBaek: Rarely do you need to find the length of the stack. A chief feature of stacks is that they grow as needed. Like a stack of papers on a desk, one doesn't care much about how many there are: only that the few items on the top is what you initially work with. Once those are cleared away, then the layer below becomes workable. – wallyk Jan 24 '18 at 17:30
@MichaelPetch: I am a bit confused, but I think you are conflating `WORD` with *word*. The later means [*a natural unit of data*](https://en.wikipedia.org/wiki/Word_(computer_architecture)) and has no absolute size except on a specific CPU architecture. – wallyk Jan 24 '18 at 17:33
@JohnBaek: Usually you never need to find the start of the stack. However, the stack pointer always points to the *end* of the stack, which is popularly called the *top of stack*. Stacks are organized backwards in memory. – wallyk Jan 24 '18 at 17:35
Uhm but professor wants me to find the start of the stack. I guess this is challenging question. I will do more research on that – merry-go-round Jan 24 '18 at 17:36
1

I wouldn't be making the comment if I already knew that the architectural word size is not how GDB defaults display data at specified memory locations. GDB on x86/x86-64 targets does NOT use architectural word size for display data in memory (unless overridden). – Michael Petch Jan 24 '18 at 17:39
Interesting. :) – merry-go-round Jan 24 '18 at 17:47
@JohnBaek: I wonder if by `start` the professor means `top`? – wallyk Jan 24 '18 at 17:48
professor said "You have to figure out where the stack pointer is initialized." – merry-go-round Jan 24 '18 at 17:59
I think I can find it on the bootloader assembly file – merry-go-round Jan 24 '18 at 18:00
Actually `gdb` defaults to the size previously used if you don't specify one. As such `x/24x` might even give you bytes. Better specify size. – Jester Jan 24 '18 at 18:17
1

OP:"stack" is ordinary memory, like any other, the "stack" magic is created by reserving some memory area for this purpose, and set `esp` to point to the end of such area, and let the specialized instructions, which implicitly work with `esp` pointer (`push/pop/call/ret/leave/...`) to use that reserved area. By the `x.. $esp` gdb command the professor did check content of that memory area right at the "top of stack" and further, i.e. in your Q the first dword `0x00007db4` would be the value loaded into `eax` by `pop eax`. And after `pop` the `esp` would be `+= 4`, pointing at `0x7BE0` address. – Ped7g Jan 24 '18 at 18:40
@JohnBaek if you would do instead `push dword 0x12345678`, the `esp -= 4` would be done first (pointing now to `0x7BD8` address) and the four bytes `78 56 34 12` (little-endian encoding of 32bit value) written there, so `x/24x $esp` after such push would display memory from -4B ahead of your example, and starting with `0x12345678` dword, then the remaining memory having the same content as in your question (`0x00007db4` `0x00000000` ...) – Ped7g Jan 24 '18 at 18:44
2

@wallyk no it doesn't. gdb defaults to the most recently used size. Admittedly, at startup that might be `word`. But if you examined something with a different size previously, you will get that size again. – Jester Jan 24 '18 at 19:20
I KNOW you are referring to ARCHITECTURAL WORD. GDB doesn't default to ARCHITECTURAL WORD for displaying memory (as the default) If you believe GDB is using ARCHITECTURAL WORD then compile a simple x86-64 program (assume your GDB is default settings) and do `x/24x $rsp`. If GDB were using ARCHITECTURAL WORD it would display 24 64-bit values (since ARCHITECTURAL WORD = 64-bits). GDB doesn't by default. It displays a 32-bit DWORDs. That is its default when displaying arbitrary memory that has no type info or you don't override it with something like `x/24gx $rsp` where `g` displays 64-bit values – Michael Petch Jan 24 '18 at 19:58
As jester correctly points out it can be overridden by previous actions as well. But by default state is not to display based on ARCHITECTUAL WORD. – Michael Petch Jan 24 '18 at 20:03

What is `x/24x $esp` mean?

1 Answers1