如何阅读这段 Rust 代码的汇编代码？

Question

I am trying to read a piece of Rust assembly code, but actually, it's harder to read than the ASM code generated by the C/C++ compiler. So, how to analyze the ASM code of the below piece of Rust code?

fn main() { 
    let closure = |x| println!("{}", x);
    let x: fn(x: i32) -> () = closure; 
    println!("{}", x as i32);
}

The corresponding assembly code like below with some comments (I only pasted the main part, for full version please use this Permalink: https://play.rust-lang.org/?version=nightly&mode=release&edition=2018&gist=e7ba4844f1ce6e881912dc074152988d ):

playground::main: # @playground::main
# %bb.0:
    subq    $72, %rsp
    leaq    core::ops::function::FnOnce::call_once(%rip), %rax
    movl    %eax, 4(%rsp)
    leaq    4(%rsp), %rax
    movq    %rax, 8(%rsp)
    movq    core::fmt::num::imp::<impl core::fmt::Display for i32>::fmt@GOTPCREL(%rip), %rax
    movq    %rax, 16(%rsp)
    leaq    .L__unnamed_2(%rip), %rax  # the contents of rdx come from .L__unnamed_2(%rip), how to evaluate this part?
    movq    %rax, 24(%rsp)  # the contents of rdi come from rax.
    movq    $2, 32(%rsp)
    movq    $0, 40(%rsp)
    leaq    8(%rsp), %rax
    movq    %rax, 56(%rsp)
    movq    $1, 64(%rsp)
    leaq    24(%rsp), %rdi  # rdi should be the register holding the value passed to println!.
    callq   *std::io::stdio::_print@GOTPCREL(%rip)
    addq    $72, %rsp
    retq
                                        # -- End function

main:                                   # @main
# %bb.0:
    subq    $8, %rsp
    movq    %rsi, %rcx
    movslq  %edi, %rdx
    leaq    playground::main(%rip), %rax
    movq    %rax, (%rsp)
    leaq    .L__unnamed_1(%rip), %rsi
    movq    %rsp, %rdi
    callq   *std::rt::lang_start_internal@GOTPCREL(%rip)
                                        # kill: def $eax killed $eax killed $rax
    popq    %rcx
    retq
                                        # -- End function

.L__unnamed_1:
    .quad   core::ptr::drop_in_place<std::rt::lang_start<()>::{{closure}}>
    .quad   8                               # 0x8
    .quad   8                               # 0x8
    .quad   std::rt::lang_start::{{closure}}
    .quad   std::rt::lang_start::{{closure}}
    .quad   core::ops::function::FnOnce::call_once{{vtable.shim}}

.L__unnamed_3:

.L__unnamed_4:
    .byte   10

.L__unnamed_2:
    .quad   .L__unnamed_3
    .zero   8
    .quad   .L__unnamed_4
    .asciz  "\001\000\000\000\000\000\000"

And, I am trying to find how the Rust compiler treats the function pointer of closure versus normal function. So, here I tried to use a closure as an example but seems I cannot find any valid assembly code that corresponds to the use of the variable "x".

Answer 1

There is no actual call to the closure, so no invocation code has been produced, but the use of the x variable is actually in a function not included in your post which has the misleading name of core::ops::function::FnOnce::call_once in the ASM output, but has the much more mangled name of @_ZN4core3ops8function6FnOnce9call_once17hefa1aa47132c4122E in the LLVM output of the same playground example. This is the actual contents of the closure (the println,("{}", x) )

core::ops::function::FnOnce::call_once: # @core::ops::function::FnOnce::call_once
# %bb.0:
 # allocate a bunch of stack space for variables and print arguments
 subq   $72, %rsp

 # %edi has the value of x passed in to the closure, which we store in a new stack allocated variable
 movl   %edi, 4(%rsp)

 # we then load the address of that variable into another variable
 leaq   4(%rsp), %rax
 movq   %rax, 8(%rsp)

 # the following is mostly populating the std::fmt::Arguments struct which is passed to print
 movq   core::fmt::num::imp::<impl core::fmt::Display for i32>::fmt@GOTPCREL(%rip), %rax
 movq   %rax, 16(%rsp)
 leaq   .L__unnamed_2(%rip), %rax
 movq   %rax, 24(%rsp)
 movq   $2, 32(%rsp)
 movq   $0, 40(%rsp)

 # the address of the address of x is loaded into the arguments struct here
 leaq   8(%rsp), %rax
 movq   %rax, 56(%rsp)

 # finish populating the arguments and then call print
 movq   $1, 64(%rsp)
 leaq   24(%rsp), %rdi
 callq  *std::io::stdio::_print@GOTPCREL(%rip)
 addq   $72, %rsp
 retq

The playground main function is where the closure is created, but it's not actually called, and like the function above, is mostly populating the complex std::fmt::Arguments struct

playground::main: # @playground::main
# %bb.0:
subq    $72, %rsp

 # this creates the closure by storing a pointer to the closure's function
leaq    core::ops::function::FnOnce::call_once(%rip), %rax
movl    %eax, 4(%rsp)

 # this stores the closure in main's `x` variable (line 3 of the example)
leaq    4(%rsp), %rax
movq    %rax, 8(%rsp)

 # populate the std::fmt::Arguments struct
movq    core::fmt::num::imp::<impl core::fmt::Display for i32>::fmt@GOTPCREL(%rip), %rax
movq    %rax, 16(%rsp)
leaq    .L__unnamed_2(%rip), %rax  # the contents of rdx come from .L__unnamed_2(%rip), how to evaluate this part?
movq    %rax, 24(%rsp)  # the contents of rdi come from rax.
movq    $2, 32(%rsp)
movq    $0, 40(%rsp)

 # store the closure (stored in `x`) in the std::fmt::Arguments struct
leaq    8(%rsp), %rax
movq    %rax, 56(%rsp)

 # finish populating and call print
movq    $1, 64(%rsp)
leaq    24(%rsp), %rdi  # rdi should be the register holding the value passed to println!.
callq   *std::io::stdio::_print@GOTPCREL(%rip)
addq    $72, %rsp
retq

From the LLVM output, the std::fmt::Arguments is defined as %"std::fmt::Arguments" = type { [0 x i64], { [0 x { [0 x i8]*, i64 }]*, i64 }, [0 x i64], { i64*, i64 }, [0 x i64], { [0 x { i8*, i64* }]*, i64 }, [0 x i64] } and I don't understand too many of the internal details, so I'm not sure exactly why it's referencing the the static memory area.L__unnamed_2 but digging into std::fmt::Arguments might give some more clues