cs107, lecture 14 - stanford university€¦ · based on slides created by marty stepp, cynthia...

103
1 This document is copyright (C) Stanford Computer Science and Nick Troccoli, licensed under Creative Commons Attribution 2.5 License. All rights reserved. Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 Assembly: The Runtime Stack Reading: B&O 3.7

Upload: others

Post on 26-May-2020

5 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

1

Thisdocumentiscopyright(C)StanfordComputerScienceandNickTroccoli,licensedunderCreativeCommonsAttribution2.5License.Allrightsreserved.BasedonslidescreatedbyMartyStepp,CynthiaLee,ChrisGregg,andothers.

CS107,Lecture14Assembly:TheRuntimeStack

Reading:B&O3.7

Page 2: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

2

Learning Goals• Learnwhat%riprepresentsandhowitisupdated.• Learnhowassemblycallsfunctionsandmanagesstackframes.• Learntherulesofregisterusewhencallingfunctions.

Page 3: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

3

Plan For Today• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

Page 4: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

4

Plan For Today• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

Page 5: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

5

%rip• %ripisaspecialregisterthatpointstotheinstructioncurrentlyexecuting.• Let’sdivedeeperintohow%ripworks,andhowjumpsmodifyit.

Page 6: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

6

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

Page 7: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

7

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

Page 8: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

8

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

Page 9: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

9

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

Page 10: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

10

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

Page 11: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

11

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

Page 12: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

12

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

Page 13: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

13

Instructions Are Just Bytes!

Page 14: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

14

Instructions Are Just Bytes!

Page 15: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

15

Instructions Are Just Bytes!

0x0

Heap

Stack

Data

Text(code)

Main Memory

Page 16: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

16

Instructions Are Just Bytes!

0x0

Heap

Stack

Data

Text(code)

Parameters and local variables

Main Memory

Page 17: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

17

Instructions Are Just Bytes!

0x0

Heap

Stack

Data

Text(code)

Allocated memory (malloc, calloc,

realloc)

Main Memory

Page 18: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

18

Instructions Are Just Bytes!

0x0

Heap

Stack

Data

Text(code)

Global variables (boo!), static variables and

string literals

Main Memory

Page 19: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

19

Instructions Are Just Bytes!

0x0

Heap

Stack

Data

Text(code)Machine code

instructions

Main Memory

Page 20: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

20

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

4004fd fa

4004fc eb

4004fb 01

4004fa fc

4004f9 45

4004f8 83

4004f7 00

4004f6 00

4004f5 00

4004f4 00

4004f3 fc

4004f2 45

4004f1 c7

4004f0 e5

4004ef 89

4004ee 484004ed 55

Heap

Stack

Data

Text(code)

Main Memory

Page 21: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

21

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

4004fd fa

4004fc eb

4004fb 01

4004fa fc

4004f9 45

4004f8 83

4004f7 00

4004f6 00

4004f5 00

4004f4 00

4004f3 fc

4004f2 45

4004f1 c7

4004f0 e5

4004ef 89

4004ee 484004ed 55

Page 22: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

22

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

4004fd fa

4004fc eb

4004fb 01

4004fa fc

4004f9 45

4004f8 83

4004f7 00

4004f6 00

4004f5 00

4004f4 00

4004f3 fc

4004f2 45

4004f1 c7

4004f0 e5

4004ef 89

4004ee 484004ed 55

0x4004ed

%rip

Page 23: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

23

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

4004fd fa

4004fc eb

4004fb 01

4004fa fc

4004f9 45

4004f8 83

4004f7 00

4004f6 00

4004f5 00

4004f4 00

4004f3 fc

4004f2 45

4004f1 c7

4004f0 e5

4004ef 89

4004ee 484004ed 55

0x4004ee

%rip

Page 24: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

24

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

4004fd fa

4004fc eb

4004fb 01

4004fa fc

4004f9 45

4004f8 83

4004f7 00

4004f6 00

4004f5 00

4004f4 00

4004f3 fc

4004f2 45

4004f1 c7

4004f0 e5

4004ef 89

4004ee 484004ed 55

0x4004f1

%rip

Page 25: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

25

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

4004fd fa

4004fc eb

4004fb 01

4004fa fc

4004f9 45

4004f8 83

4004f7 00

4004f6 00

4004f5 00

4004f4 00

4004f3 fc

4004f2 45

4004f1 c7

4004f0 e5

4004ef 89

4004ee 484004ed 55

0x4004f8

%rip

Page 26: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

26

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

4004fd fa

4004fc eb

4004fb 01

4004fa fc

4004f9 45

4004f8 83

4004f7 00

4004f6 00

4004f5 00

4004f4 00

4004f3 fc

4004f2 45

4004f1 c7

4004f0 e5

4004ef 89

4004ee 484004ed 55

0x4004fc

%rip

Page 27: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

27

%rip

00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp

4004fd fa

4004fc eb

4004fb 01

4004fa fc

4004f9 45

4004f8 83

4004f7 00

4004f6 00

4004f5 00

4004f4 00

4004f3 fc

4004f2 45

4004f1 c7

4004f0 e5

4004ef 89

4004ee 484004ed 55

0x4004fc

%rip

Special hardware is responsible for setting %rip’s value to the next instruction.

› it does %rip += size of current instruction (in bytes)

Page 28: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

28

%ripvoid loop() {

int i = 0;while (i < 100) {

i++;}

}

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

Page 29: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

29

%ripvoid loop() {

int i = 0;while (i < 100) {

i++;}

}

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

Theseare0-basedoffsetsinbytesforeachinstructionrelativetothestartofthisfunction.

Page 30: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

30

%ripvoid loop() {

int i = 0;while (i < 100) {

i++;}

}

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

Thesearebytesforthemachinecodeinstructions.Instructionsarevariablelength.

Page 31: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

31

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

%ripvoid loop() {

int i = 0;while (i < 100) {

i++;}

}

Page 32: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

32

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

%rip

Page 33: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

33

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

%rip

0xebmeansjmp.

Page 34: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

34

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

%rip

0x03 is the number of instruction bytes to jump relative to %rip.

With no jump, %rip would advance to the next line. This jmp says to then go 3 bytes further!

Page 35: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

35

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

%rip

0x03 is the number of instruction bytes to jump relative to %rip.

With no jump, %rip would advance to the next line. This jmp says to then go 3 bytes further!

Page 36: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

36

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

%rip

0x73 means jle.

Page 37: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

37

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

%rip

0xf8 is the number of instruction bytes to jump relative to %rip. This is -8 (in two’s complement!).

With no jump, %rip would advance to the next line. This jmp says to then go 8 bytes back!

Page 38: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

38

0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq

%rip

0xf8 is the number of instruction bytes to jump relative to %rip. This is -8 (in two’s complement!).

With no jump, %rip would advance to the next line. This jmp says to then go 8 bytes back!

Page 39: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

39

Summary: Instruction Pointer• Machinecodeinstructionsliveinmainmemory,justlikestackandheapdata.• %ripisaregisterthatstoresanumber(anaddress)ofthecurrentlyexecutinginstruction.Itmarkswherewecurrentlyareintheprogram’sinstructions.

• Toadvancetothenextinstruction,specialhardwareaddsthesizeofthecurrentinstructioninbytes.

• jmp instructionsworkbyadjusting%ripbyaspecifiedamount.

Page 40: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

40

Plan For Today• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

Page 41: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

41

How do we call functions in assembly?

Page 42: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

42

Calling Functions In AssemblyTocallafunctioninassembly,wemustdoafewthings:• PassControl– %ripmustbeadjustedtoexecutethecallee’s instructions,andthenresumethecaller’sinstructionsafterwards.

• PassData– wemustpassanyparametersandreceiveanyreturnvalue.• ManageMemory– wemusthandleanyspaceneedsofthecallee onthestack.

Terminology:caller functioncallsthecallee function.

How does assembly interact with the stack?

Page 43: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

43

Plan For Today• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

Page 44: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

44

%rip• %rsp isaspecialregisterthatstorestheaddressofthecurrent“top”ofthestack(thebottominourdiagrams,sincethestackgrowsdownwards).

0x0

main()

Heap

myfunction()

Data

Text(code)

%rsp

Main Memory

Page 45: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

45

%rip• %rsp isaspecialregisterthatstorestheaddressofthecurrent“top”ofthestack(thebottominourdiagrams,sincethestackgrowsdownwards).

0x0

main()

Heap

myfunction()

Data

Text(code)

%rsp

Main Memory

foo()

Page 46: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

46

%rip• %rsp isaspecialregisterthatstorestheaddressofthecurrent“top”ofthestack(thebottominourdiagrams,sincethestackgrowsdownwards).

0x0

main()

Heap

myfunction()

Data

Text(code)

%rsp

Main Memory

foo()

foo2()

Page 47: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

47

%rip• %rsp isaspecialregisterthatstorestheaddressofthecurrent“top”ofthestack(thebottominourdiagrams,sincethestackgrowsdownwards).

0x0

main()

Heap

myfunction()

Data

Text(code)

%rsp

Main Memory

foo()

Page 48: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

48

%rip• %rsp isaspecialregisterthatstorestheaddressofthecurrent“top”ofthestack(thebottominourdiagrams,sincethestackgrowsdownwards).

0x0

main()

Heap

myfunction()

Data

Text(code)

%rsp

Main Memory

Key idea: %rsp must point to the same place before and after a function is called, since stack frames go away when a function finishes.

Page 49: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

49

push• Thepushinstructionpushesthedataatthespecifiedsourceontothetopofthestack,adjusting%rsp accordingly.

Instruction Effectpushq S R[%rsp] ⟵ R[%rsp] – 8;

M[R[%rsp]] ⟵ S

Page 50: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

50

push• Thepushinstructionpushesthedataatthespecifiedsourceontothetopofthestack,adjusting%rsp accordingly.

Instruction Effectpushq S R[%rsp] ⟵ R[%rsp] – 8;

M[R[%rsp]] ⟵ S

Page 51: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

51

push• Thepushinstructionpushesthedataatthespecifiedsourceontothetopofthestack,adjusting%rsp accordingly.

Instruction Effectpushq S R[%rsp] ⟵ R[%rsp] – 8;

M[R[%rsp]] ⟵ S

Page 52: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

52

push• Thepushinstructionpushesthedataatthespecifiedsourceontothetopofthestack,adjusting%rsp accordingly.

• Thisbehaviorisequivalenttothefollowing,butpushq isashorterinstruction:subq $8, %rspmovq S, (%rsp)

• Sometimes,you’llseeinstructionsjustexplicitlydecrementthestackpointertomakeroomforfuturedata.

Instruction Effectpushq S R[%rsp] ⟵ R[%rsp] – 8;

M[R[%rsp]] ⟵ S

Page 53: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

53

pop• Thepopinstructionpopsthetopmostdatafromthestackandstoresitinthespecifieddestination,adjusting%rsp accordingly.

• Note: thisdoesnot remove/clearoutthedata!Itjustincrements%rsp toindicatethenextpushcanoverwritethatlocation.

Instruction Effectpopq D D ⟵ M[R[%rsp]]

R[%rsp] ⟵ R[%rsp] + 8;

Page 54: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

54

pop• Thepopinstructionpopsthetopmostdatafromthestackandstoresitinthespecifieddestination,adjusting%rsp accordingly.

• Thisbehaviorisequivalenttothefollowing,butpopq isashorterinstruction:movq (%rsp), Daddq $8, %rsp

• Sometimes,you’llseeinstructionsjustexplicitlyincrementthestackpointertopopdata.

Instruction Effectpopq D D ⟵ M[R[%rsp]]

R[%rsp] ⟵ R[%rsp] + 8;

Page 55: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

55

Pushing onto the Stack

Page 56: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

56

Pushing onto the Stack

Page 57: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

57

Pushing onto the Stack

Page 58: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

58

Calling Functions In AssemblyTocallafunctioninassembly,wemustdoafewthings:• PassControl– %ripmustbeadjustedtoexecutethecallee’s instructions,andthenresumethecaller’sinstructionsafterwards.

• PassData– wemustpassanyparametersandreceiveanyreturnvalue.• ManageMemory– wemusthandleanyspaceneedsofthecallee onthestack.

Terminology:caller functioncallsthecallee function.

Page 59: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

59

Plan For Today• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

Page 60: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

60

Remembering Where We Left Off• Problem:%rippointstothecurrentlyexecutinginstruction.Tocallafunction,wemustremember thenextcallerinstructiontoresumeatafter.

• Solution: pushthecurrentvalueof%ripontothestack.Thencallthefunction.Whenitisfinished,putthisvaluebackinto%ripandcontinueexecuting.

Stack

0xff20%rsp

main()

0x3021%rip

E.g. main() calls foo():

Page 61: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

61

Remembering Where We Left Off• Problem:%rippointstothecurrentlyexecutinginstruction.Tocallafunction,wemustremember thenextcallerinstructiontoresumeatafter.

• Solution: pushthecurrentvalueof%ripontothestack.Thencallthefunction.Whenitisfinished,putthisvaluebackinto%ripandcontinueexecuting.

0x3026

Stack

main()

0xff18%rsp

0x3021%rip

E.g. main() calls foo():

Page 62: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

62

Remembering Where We Left Off• Problem:%rippointstothecurrentlyexecutinginstruction.Tocallafunction,wemustremember thenextcallerinstructiontoresumeatafter.

• Solution: pushthecurrentvalueof%ripontothestack.Thencallthefunction.Whenitisfinished,putthisvaluebackinto%ripandcontinueexecuting.

0x3026

Stack

main()

foo()

0xff08%rsp

0x4058%rip

E.g. main() calls foo():

Page 63: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

63

Remembering Where We Left Off• Problem:%rippointstothecurrentlyexecutinginstruction.Tocallafunction,wemustremember thenextcallerinstructiontoresumeatafter.

• Solution: pushthecurrentvalueof%ripontothestack.Thencallthefunction.Whenitisfinished,putthisvaluebackinto%ripandcontinueexecuting.

0x3026

Stack

0xff18%rsp

0x4058%rip

main()

E.g. main() calls foo():

Page 64: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

64

Remembering Where We Left Off• Problem:%rippointstothecurrentlyexecutinginstruction.Tocallafunction,wemustremember thenextcallerinstructiontoresumeatafter.

• Solution: pushthecurrentvalueof%ripontothestack.Thencallthefunction.Whenitisfinished,putthisvaluebackinto%ripandcontinueexecuting.

Stack

main()

0xff18%rsp

0x3026%rip

E.g. main() calls foo():

Page 65: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

65

Call And ReturnThecall instructionpushesthevalueof%ripontothestackandsets%riptopointtothebeginningofthespecifiedfunction’sinstructions.

call Labelcall *Operand

Theret instructionpopsthevalueof%ripfromthestackandstoresitin%rip.ret

Thestored%ripvalueforafunctioniscalleditsreturnaddress.Itistheaddressoftheinstructionatwhichtoresumethefunction’sexecution.(nottobeconfusedwithreturnvalue,whichisthevaluereturnedfromafunction).

Page 66: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

66

Calling Functions In AssemblyTocallafunctioninassembly,wemustdoafewthings:• PassControl– %ripmustbeadjustedtoexecutethefunctionbeingcalledandthenresumethecallerfunctionafterwards.

• PassData– wemustpassanyparametersandreceiveanyreturnvalue.• ManageMemory– wemusthandleanyspaceneedsofthecallee onthestack.

Terminology:caller functioncallsthecallee function.

Page 67: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

67

Plan For Today• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

Page 68: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

68

Parameters and Return• Therearespecialregistersthatstoreparametersandthereturnvalue.• Tocallafunction,wemustputanyparameterswearepassingintothecorrectregisters.(%rdi,%rsi,%rdx,%rcx,%r8,%r9,inthatorder)

• Parametersbeyondthefirst6areputonthestack.• Ifthecallerexpectsareturnvalue,itlooksin%rax afterthecallee completes.

Page 69: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

69

Parameters and Return...main()int main(int argc, char *argv[]) {

int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

Page 70: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

70

Parameters and Return...main()

0xffea08

0x40054f

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x40054f <+0>: sub $0x18,%rsp0x400553 <+4>: movl $0x1,0xc(%rsp)0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x4

Page 71: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

71

Parameters and Return...

0xffe9f0

main()

0xffe9f0

0x40054f

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x40054f <+0>: sub $0x18,%rsp0x400553 <+4>: movl $0x1,0xc(%rsp)0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x4

Page 72: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

72

Parameters and Return...

0xffe9fc 1

0xffe9f0

main()

0xffe9f0

0x400553

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x40054f <+0>: sub $0x18,%rsp0x400553 <+4>: movl $0x1,0xc(%rsp)0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x4

Page 73: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

73

Parameters and Return...

0xffe9fc 10xffe9f8 2

0xffe9f0

main()

0xffe9f0

0x40055b

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x40054f <+0>: sub $0x18,%rsp0x400553 <+4>: movl $0x1,0xc(%rsp)0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x4

Page 74: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

74

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0

main()

0xffe9f0

0x400563

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x400553 <+4>: movl $0x1,0xc(%rsp)0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x3

Page 75: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

75

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

main()

0xffe9f0

0x40056b

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d

Page 76: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

76

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

main()

0xffe9e8

0x400572

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d

Page 77: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

77

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

main()

0xffe9e0

0x400574

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx

Page 78: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

78

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

main()

0xffe9e0

0x400576

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx

Page 79: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

79

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

main()

0xffe9e0

0x400576

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx

Page 80: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

80

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

main()

0xffe9e0

0x400576

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx

2

%r9d

Page 81: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

81

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

main()

0xffe9e0

0x40057c

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx0x40058c <+61>: lea 0x18(%rsp),%rsi

2

%r9d

1

%r8d

Page 82: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

82

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

main()

0xffe9e0

0x400582

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi

2

%r9d

1

%r8d

0xffe9f0

%rcx

Page 83: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

83

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

main()

0xffe9e0

0x400587

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>

2

%r9d

1

%r8d

0xffe9f0

%rcx

0xffe9f4

%rdx

Page 84: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

84

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

main()

0xffe9e0

0x40058c

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>

2

%r9d

1

%r8d

0xffe9f0

%rcx

0xffe9f4

%rdx

0xffe9f8

%rsi

Page 85: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

85

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

main()

0xffe9e0

0x400591

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x400587 <+56>: lea 0x14(%rsp),%rdx0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>0x40059b <+76>: add $0x10,%rsp

2

%r9d

1

%r8d

0xffe9f0

%rcx

0xffe9f4

%rdx

0xffe9fc

%rdi0xffe9f8

%rsi

Page 86: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

86

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

main()

0xffe9e0

0x400596

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>0x40059b <+76>: add $0x10,%rsp…

2

%r9d

1

%r8d

0xffe9f0

%rcx

0xffe9f4

%rdx

0xffe9fc

%rdi0xffe9f8

%rsi

Page 87: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

87

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

0x40059b

main()

0xffe9d8

0x400596

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>0x40059b <+76>: add $0x10,%rsp…

2

%r9d

1

%r8d

0xffe9f0

%rcx

0xffe9f4

%rdx

0xffe9fc

%rdi0xffe9f8

%rsi

Page 88: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

88

Parameters and Return...

0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4

0xffe9e84

0xffe9e03

0x40059b

main()

0xffe9d8

0x400546

%rsp

%rip

int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,

i1, i2, i3, i4);…

}

int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {

…}

0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>0x40059b <+76>: add $0x10,%rsp…

2

%r9d

1

%r8d

0xffe9f0

%rcx

0xffe9f4

%rdx

0xffe9fc

%rdi0xffe9f8

%rsi

Page 89: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

89

Calling Functions In AssemblyTocallafunctioninassembly,wemustdoafewthings:• PassControl– %ripmustbeadjustedtoexecutethefunctionbeingcalledandthenresumethecallerfunctionafterwards.

• PassData– wemustpassanyparametersandreceiveanyreturnvalue.• ManageMemory– wemusthandleanyspaceneedsofthecallee onthestack.

Terminology:caller functioncallsthecallee function.

Page 90: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

90

Plan For Today• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

Page 91: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

91

Local Storage• Sofar,we’veoftenseenlocalvariablesstoreddirectlyinregisters,ratherthanonthestackaswe’dexpect.Thisisforoptimizationreasons.

• Therearethree commonreasonsthatlocaldatamustbeinmemory:• We’verunoutofregisters• The‘&’operatorisusedonit,sowemustgenerateanaddressforit• Theyarearraysorstructs(needtouseaddressarithmetic)

Page 92: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

92

Local Storagelong swap_add(long *xp, long *yp) {

long x = *xp;long y = *yp;*xp = y;*yp = x;return x + y;

}

long caller() {long arg1 = 534;long arg2 = 1057;long sum = swap_add(&arg1, &arg2);long diff = arg1 - arg2;return sum * diff;

}

caller:subq $16, %rsp // 16 bytes for stack framemovq $534, (%rsp) // store 534 in arg1movq $1057, 8(%rsp) // store 1057 in arg2leaq 8(%rsp), %rsi // compute &arg2 as second argmovq %rsp, %rdi // compute &arg1 as first argcall swap_add // call swap_add(&arg1, &arg2)movq (%rsp),%rdx // get arg1subq 8(%rsp), %rdx // compute diff = arg1 - arg2imulq %rdx, %rax // compute sum * diffaddq $16, %rsp // deallocate stack frameret // return and restore %rip

Page 93: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

93

Plan For Today• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

Page 94: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

94

Plan For Today• NolectureFriday• None!Let’stakeabreatherJ

Page 95: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

95

Plan For Today• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

Page 96: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

96

Register Restrictions• Thereisonlyonecopyofregistersforallprogramsandinstructions.• Therefore,therearesomerulesthatcallersandcallees mustfollowwhenusingregisterssotheydonotinterferewithoneanother.

• Therearetwotypesofregisters:caller-ownedandcallee-owned

Page 97: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

97

Register Restrictions

• Ifacallee wantstousethis,theymustsave theexistingvalueandrestore itbackintotheregisteraftertheyaredone.

• Ifacallerwantstousethis,theycanstorevaluesthereduringfunctioncallsandcanassumethatthevalueswillbepreserved.

• Ifacallee wantstousethis,theycandosowithoutworryingaboutoverwritingdata.Theydonotneedtosavetheexistingvalue.

• Ifacallerwantstousethis,theymustbecarefulwhencallingafunction,asthatfunctionmayoverwritethecontents!Theymaywanttosave theexistingvalueandrestore itbackintotheregisterafterthefunctioncall.

CallerOwned Callee-Owned

Page 98: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

98

Register Restrictionslong P(long x, long y) {

long u = Q(y);long v = Q(x);return u + v;

}

long P(long x, long y), x in %rdi, y in %rsi:

push %rbppush %rbxmov %rdi,%rbpmov %rsi,%rdicallq 40056d <Q(long)>mov %rax,%rbxmov %rbp,%rdicallq 40056d <Q(long)>add %rbx,%raxpop %rbxpop %rbpretq

Page 99: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

99

Register Restrictionslong P(long x, long y) {

long u = Q(y);long v = Q(x);return u + v;

}

long P(long x, long y), x in %rdi, y in %rsi:

push %rbppush %rbxmov %rdi,%rbpmov %rsi,%rdicallq 40056d <Q(long)>mov %rax,%rbxmov %rbp,%rdicallq 40056d <Q(long)>add %rbx,%raxpop %rbxpop %rbpretq

Page 100: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

100

Register Restrictionslong P(long x, long y) {

long u = Q(y);long v = Q(x);return u + v;

}

long P(long x, long y), x in %rdi, y in %rsi:

push %rbppush %rbxmov %rdi,%rbpmov %rsi,%rdicallq 40056d <Q(long)>mov %rax,%rbxmov %rbp,%rdicallq 40056d <Q(long)>add %rbx,%raxpop %rbxpop %rbpretq

Page 101: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

101

Plan For Today• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

Page 102: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

102

Example: Recursion• Let’stakealookatanexampleofrecursionattheassemblylevel.• We’llputtouseeverythingwe’velearnedaboutregisters,thestack,functioncalls,parameters,andassemblyinstructions!

• We’llalsoseehowhelpfulGDBcanbewhentracingthroughassembly.

Page 103: CS107, Lecture 14 - Stanford University€¦ · Based on slides created by Marty Stepp, Cynthia Lee, Chris Gregg, and others. CS107, Lecture 14 ... • Learn what %rip represents

103

Recap• TheInstructionPointer(%rip)• CallingFunctions

• TheStack• PassingControl• PassingData• LocalStorage

• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample

That’sitforassembly!Nexttime:managingtheheap