问题
Is there any condition where the return address is not pushed into stack during a function call in x86 architecture?
回答1:
No. CALL will, by definition, push the return address onto the stack before jumping to the target address. That return address is EIP (or RIP) + sizeof(call instruction) (usually 5 bytes.)
Volume 2 of the Intel® 64 and IA-32 Architectures Software Developer’s Manual states that CALL:
Saves procedure linking information on the stack and branches to the called procedure specified using the target operand.
This includes:
- Near Call — "A call to a procedure in the current code segment", where EIP is pushed onto the stack.
- Far Call — "A call to a procedure located in a different segment than the current code segment", where CS, EIP are pushed onto the stack.
The alternative, not pushing a return address, is a JMP.
Every C compiler I'm familiar with will always implement function calls on x86 using a CALL instruction, with one exception: a tail call, which can be implemented with a JMP. This happens especially when one function returns the result of another function call. E.g.
int bar(int a, int b);
int foo(int a, int b)
{
if (a < b)
return 0;
return bar(a, b); // Will probably be: jmp bar
}
来源:https://stackoverflow.com/questions/33685146/x86-does-call-instruction-always-push-the-address-pointed-by-eip-to-stack