栈帧示意图:stack pointer、frame pointer

更多参考:http://www.embeddedrelated.com/usenet/embedded/show/31646-1.php

一:

The calling convention described in this section is the one used by gcc, not the native MIPS compiler, which uses a more complex convention that is slightly faster.

Figure 6: Layout of a stack frame. The frame pointer points just below the last argument passed on the stack. The stack pointer points to the first word after the frame.

Figure 6 shows a diagram of a stack frame. A frame consists of the memory between the frame pointer ($fp), which points to the word immediately after the last argument passed on the stack, and the stack pointer ($sp), which points to the first free word on the stack. As typical of Unix systems, the stack grows down from higher memory addresses, so the frame pointer is above stack pointer.

The following steps are necessary to effect a call:

1. Pass the arguments. By convention, the first four arguments are passed in registers $a0-$a3 (though simplier compilers may choose to ignore this convention and pass all arguments via the stack). The remaining arguments are pushed on the stack.
2. Save the caller-saved registers. This includes registers $t0-$t9, if they contain live values at the call site.
3. Execute a jal instruction.

Within the called routine, the following steps are necessary:

1. Establish the stack frame by subtracting the frame size from the stack pointer.
2. Save the callee-saved registers in the frame. Register $fp is always saved. Register $ra needs to be saved if the routine itself makes calls. Any of the registers $s0- $s7 that are used by the callee need to be saved.
3. Establish the frame pointer by adding the stack frame size to the address in $sp.

Finally, to return from a call, a function places the returned value into $v0 and executes the following steps:

1. Restore any callee-saved registers that were saved upon entry (including the frame pointer $fp).
2. Pop the stack frame by adding the frame size to $sp.
3. Return by jumping to the address in register $ra.

二:

Here's how I diagram the conventional PDP-11 stack layout.

            |               |   higher addresses
            +---------------+
            |   argN        |
            |   ...         |
            |   arg0        |   <- FP+4
            +---------------+
            |   link reg    |   <- FP+2 = SP after JSR
            +===============+
            |   saved FP    |   <- FP after prologue
            +---------------+
          / |   locals      |   <- FP-2
framesize \ |   ...         |
            +---------------+
            |   saved regs  |
            |   ...         |   <- SP after prologue
            +---------------+
            |               |   lower addresses

Note that local function arguments are at positive offsets from FP,
local variables are at negative offsets. Also note that the frame
pointer itself is among the callee-saved registers.

See here for a survey of subroutine linkage conventions:
http://www.cs.clemson.edu/~mark/subroutines.html
http://www.cs.clemson.edu/~mark/subroutines/pdp11.html (PDP-11
specific)
and here http://cm.bell-labs.com/cm/cs/who/dmr/clcs.html (original
PDP-11 C)