Segmentation fault

core dump触发场景

1. Segmentation fault (core dumped)，这种完全是有page fault触发的。
2. 其它的异常，如Floating point exception (core dumped),这种分析比较简单，这里不提。

写一个触发Segmentation fault的程序

int main()
{
  *(int*)0x4321 = 0x12345678;
  return 0;
}

查看内核log

# dmesg
[383873.026755] test[34139]: segfault at 4321 ip 0000000000400589 sp 00007ffcd2c88140 error 6 in test[400000+1000]

此段log是由内核函数show_signal_msg或者do_trap打印出来的

1. 代码走到0000000000400589
2. 访问内存4321
3. sp指针00007ffcd2c88140
4. error是6, 即PF_USER|PF_WRITE,参加下表
5. 程序test触发的异常

/*
 * Page fault error code bits:
 *
 *   bit 0 ==    0: no page found   1: protection fault
 *   bit 1 ==    0: read access     1: write access
 *   bit 2 ==    0: kernel-mode access  1: user-mode access
 *   bit 3 ==               1: use of reserved bit detected
 *   bit 4 ==               1: fault was an instruction fetch
 */
enum x86_pf_error_code {

    PF_PROT     =       1 << 0,
    PF_WRITE    =       1 << 1,
    PF_USER     =       1 << 2,
    PF_RSVD     =       1 << 3,
    PF_INSTR    =       1 << 4,
};

用gdb调试core dump

(gdb) set disassembly-flavor intel
(gdb) x/5i $pc
=> 0x400589 <main+9>:   mov    DWORD PTR [rax],0x12345678
   0x40058f <main+15>:  mov    eax,0x0
   0x400594 <main+20>:  pop    rbp
   0x400595 <main+21>:  ret
   0x400596:    nop    WORD PTR cs:[rax+rax*1+0x0]
(gdb) i r rax
rax            0x4321   17185