Difference between Frame Pointer and Stack Pointer

Answer: Consider fragment of C code below,

long int simple_long(long int *xp, long int y)
    long int t = *xp + y;
    *xp = t;
    return t;

When gcc is run on x86-64 bit architecture with the command-line

gcc -osl32 -S -m32 slong.c

it generates code that is compatible with any IA32 machine:

        pushl   %ebp            Save frame pointer
        movl    %esp, %ebp      Create new frame pointer
        subl    $16, %esp       Creating stack by sub 16 from '%esp'
        movl    8(%ebp), %eax   xp copied into '%eax'
        movl    (%eax), %eax    Retrieve *xp
        addl    12(%ebp), %eax  Add y to get t and return value
        movl    %eax, -4(%ebp)  Copied t onto stack
        movl    8(%ebp), %eax   xp copied into '%eax'
        movl    -4(%ebp), %edx  t copied to '%edx'
        movl    %edx, (%eax)    '%edx' copied to *xp
        movl    -4(%ebp), %eax  t copied to '%eax' to return to calling fun
        leave                   stack deallocated; previous '%ebp' restored
        ret                     function returns

Notice in above assembly code that ‘stack frame’ exits between ‘frame pointer’ (%ebp) and ‘stack pointer’ (%esp). All locations are accessed relative to ‘frame pointer’. ‘Frame pointer’ is also called ‘base pointer’. Notice also that each assembly instruction is annotated to its right.

Let’s now, generate assembly for the same C fragment of code for x86-64 bit implementation with the command-line as:

gcc -osl64 -S -m64 slong.c

and below is assembly code, notice that xp in ‘%rdi’ and y in ‘%rsi’

        pushq   %rbp             saved old frame pointer
        movq    %rsp, %rbp       creating new frame pointer
        movq    %rdi, -24(%rbp)  xp is copied
        movq    %rsi, -32(%rbp)  y is copied
        movq    -24(%rbp), %rax  xp copied to '%rax'
        movq    (%rax), %rax     retrieved *xp
        addq    -32(%rbp), %rax  added y to *xp, obtained t
        movq    %rax, -8(%rbp)   t copied
        movq    -24(%rbp), %rax  xp copied to '%rax'
        movq    -8(%rbp), %rdx   t copied to '%rdx'
        movq    %rdx, (%rax)     t copied to *xp
        movq    -8(%rbp), %rax   t copied to '%rax'
        popq    %rbp             old frame pointer restored
        ret                      function returns

Notice in assembly code produced for x86-64 bit that locations were accessed relative to stack pointer, at this point both ‘%rsp’ and ‘%rbp’ pointing to same location. There’s not created any stack frame and values of variables, partial results of computations etc. were stored in area of memory called “red zone”. Actually, x86-64 bit implementation allows a program to access up to 128 bytes of space (towards lower addresses to current value of stack pointer) without incrementing or decrementing the stack pointer.


In fact, frame pointer serves the base of stack frame while stack pointer refers to top location of the stack. Stack frame, on most processors, grows downwards i.e. towards lower memory addresses.

