cs107, lecture 14 - stanford university€¦ · based on slides created by marty stepp, cynthia...
TRANSCRIPT
1
Thisdocumentiscopyright(C)StanfordComputerScienceandNickTroccoli,licensedunderCreativeCommonsAttribution2.5License.Allrightsreserved.BasedonslidescreatedbyMartyStepp,CynthiaLee,ChrisGregg,andothers.
CS107,Lecture14Assembly:TheRuntimeStack
Reading:B&O3.7
2
Learning Goals• Learnwhat%riprepresentsandhowitisupdated.• Learnhowassemblycallsfunctionsandmanagesstackframes.• Learntherulesofregisterusewhencallingfunctions.
3
Plan For Today• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
4
Plan For Today• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
5
%rip• %ripisaspecialregisterthatpointstotheinstructioncurrentlyexecuting.• Let’sdivedeeperintohow%ripworks,andhowjumpsmodifyit.
6
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
7
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
8
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
9
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
10
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
11
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
12
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
13
Instructions Are Just Bytes!
14
Instructions Are Just Bytes!
15
Instructions Are Just Bytes!
0x0
Heap
Stack
Data
Text(code)
Main Memory
16
Instructions Are Just Bytes!
0x0
Heap
Stack
Data
Text(code)
Parameters and local variables
Main Memory
17
Instructions Are Just Bytes!
0x0
Heap
Stack
Data
Text(code)
Allocated memory (malloc, calloc,
realloc)
Main Memory
18
Instructions Are Just Bytes!
0x0
Heap
Stack
Data
Text(code)
Global variables (boo!), static variables and
string literals
Main Memory
19
Instructions Are Just Bytes!
0x0
Heap
Stack
Data
Text(code)Machine code
instructions
Main Memory
20
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
4004fd fa
4004fc eb
4004fb 01
4004fa fc
4004f9 45
4004f8 83
4004f7 00
4004f6 00
4004f5 00
4004f4 00
4004f3 fc
4004f2 45
4004f1 c7
4004f0 e5
4004ef 89
4004ee 484004ed 55
Heap
Stack
Data
Text(code)
Main Memory
21
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
4004fd fa
4004fc eb
4004fb 01
4004fa fc
4004f9 45
4004f8 83
4004f7 00
4004f6 00
4004f5 00
4004f4 00
4004f3 fc
4004f2 45
4004f1 c7
4004f0 e5
4004ef 89
4004ee 484004ed 55
22
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
4004fd fa
4004fc eb
4004fb 01
4004fa fc
4004f9 45
4004f8 83
4004f7 00
4004f6 00
4004f5 00
4004f4 00
4004f3 fc
4004f2 45
4004f1 c7
4004f0 e5
4004ef 89
4004ee 484004ed 55
0x4004ed
%rip
23
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
4004fd fa
4004fc eb
4004fb 01
4004fa fc
4004f9 45
4004f8 83
4004f7 00
4004f6 00
4004f5 00
4004f4 00
4004f3 fc
4004f2 45
4004f1 c7
4004f0 e5
4004ef 89
4004ee 484004ed 55
0x4004ee
%rip
24
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
4004fd fa
4004fc eb
4004fb 01
4004fa fc
4004f9 45
4004f8 83
4004f7 00
4004f6 00
4004f5 00
4004f4 00
4004f3 fc
4004f2 45
4004f1 c7
4004f0 e5
4004ef 89
4004ee 484004ed 55
0x4004f1
%rip
25
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
4004fd fa
4004fc eb
4004fb 01
4004fa fc
4004f9 45
4004f8 83
4004f7 00
4004f6 00
4004f5 00
4004f4 00
4004f3 fc
4004f2 45
4004f1 c7
4004f0 e5
4004ef 89
4004ee 484004ed 55
0x4004f8
%rip
26
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
4004fd fa
4004fc eb
4004fb 01
4004fa fc
4004f9 45
4004f8 83
4004f7 00
4004f6 00
4004f5 00
4004f4 00
4004f3 fc
4004f2 45
4004f1 c7
4004f0 e5
4004ef 89
4004ee 484004ed 55
0x4004fc
%rip
27
%rip
00000000004004ed <loop>:4004ed: 55 push4004ee: 48 89 e5 mov4004f1: c7 45 fc 00 00 00 00 movl4004f8: 83 45 fc 01 addl4004fc: eb fa jmp
4004fd fa
4004fc eb
4004fb 01
4004fa fc
4004f9 45
4004f8 83
4004f7 00
4004f6 00
4004f5 00
4004f4 00
4004f3 fc
4004f2 45
4004f1 c7
4004f0 e5
4004ef 89
4004ee 484004ed 55
0x4004fc
%rip
Special hardware is responsible for setting %rip’s value to the next instruction.
› it does %rip += size of current instruction (in bytes)
28
%ripvoid loop() {
int i = 0;while (i < 100) {
i++;}
}
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
29
%ripvoid loop() {
int i = 0;while (i < 100) {
i++;}
}
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
Theseare0-basedoffsetsinbytesforeachinstructionrelativetothestartofthisfunction.
30
%ripvoid loop() {
int i = 0;while (i < 100) {
i++;}
}
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
Thesearebytesforthemachinecodeinstructions.Instructionsarevariablelength.
31
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
%ripvoid loop() {
int i = 0;while (i < 100) {
i++;}
}
32
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
%rip
33
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
%rip
0xebmeansjmp.
34
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
%rip
0x03 is the number of instruction bytes to jump relative to %rip.
With no jump, %rip would advance to the next line. This jmp says to then go 3 bytes further!
35
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
%rip
0x03 is the number of instruction bytes to jump relative to %rip.
With no jump, %rip would advance to the next line. This jmp says to then go 3 bytes further!
36
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
%rip
0x73 means jle.
37
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
%rip
0xf8 is the number of instruction bytes to jump relative to %rip. This is -8 (in two’s complement!).
With no jump, %rip would advance to the next line. This jmp says to then go 8 bytes back!
38
0x400570 <+0>: b8 00 00 00 00 mov $0x0,%eax0x400575 <+5>: eb 03 jmp 0x40057a <loop+10>0x400577 <+7>: 83 c0 01 add $0x1,%eax0x40057a <+10>: 83 f8 63 cmp $0x63,%eax0x40057d <+13>: 73 f8 jle 0x400577 <loop+7>0x40057f <+15>: f3 c3 repz retq
%rip
0xf8 is the number of instruction bytes to jump relative to %rip. This is -8 (in two’s complement!).
With no jump, %rip would advance to the next line. This jmp says to then go 8 bytes back!
39
Summary: Instruction Pointer• Machinecodeinstructionsliveinmainmemory,justlikestackandheapdata.• %ripisaregisterthatstoresanumber(anaddress)ofthecurrentlyexecutinginstruction.Itmarkswherewecurrentlyareintheprogram’sinstructions.
• Toadvancetothenextinstruction,specialhardwareaddsthesizeofthecurrentinstructioninbytes.
• jmp instructionsworkbyadjusting%ripbyaspecifiedamount.
40
Plan For Today• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
41
How do we call functions in assembly?
42
Calling Functions In AssemblyTocallafunctioninassembly,wemustdoafewthings:• PassControl– %ripmustbeadjustedtoexecutethecallee’s instructions,andthenresumethecaller’sinstructionsafterwards.
• PassData– wemustpassanyparametersandreceiveanyreturnvalue.• ManageMemory– wemusthandleanyspaceneedsofthecallee onthestack.
Terminology:caller functioncallsthecallee function.
How does assembly interact with the stack?
43
Plan For Today• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
44
%rip• %rsp isaspecialregisterthatstorestheaddressofthecurrent“top”ofthestack(thebottominourdiagrams,sincethestackgrowsdownwards).
0x0
main()
Heap
myfunction()
Data
Text(code)
%rsp
Main Memory
45
%rip• %rsp isaspecialregisterthatstorestheaddressofthecurrent“top”ofthestack(thebottominourdiagrams,sincethestackgrowsdownwards).
0x0
main()
Heap
myfunction()
Data
Text(code)
%rsp
Main Memory
foo()
46
%rip• %rsp isaspecialregisterthatstorestheaddressofthecurrent“top”ofthestack(thebottominourdiagrams,sincethestackgrowsdownwards).
0x0
main()
Heap
myfunction()
Data
Text(code)
%rsp
Main Memory
foo()
foo2()
47
%rip• %rsp isaspecialregisterthatstorestheaddressofthecurrent“top”ofthestack(thebottominourdiagrams,sincethestackgrowsdownwards).
0x0
main()
Heap
myfunction()
Data
Text(code)
%rsp
Main Memory
foo()
48
%rip• %rsp isaspecialregisterthatstorestheaddressofthecurrent“top”ofthestack(thebottominourdiagrams,sincethestackgrowsdownwards).
0x0
main()
Heap
myfunction()
Data
Text(code)
%rsp
Main Memory
Key idea: %rsp must point to the same place before and after a function is called, since stack frames go away when a function finishes.
49
push• Thepushinstructionpushesthedataatthespecifiedsourceontothetopofthestack,adjusting%rsp accordingly.
Instruction Effectpushq S R[%rsp] ⟵ R[%rsp] – 8;
M[R[%rsp]] ⟵ S
50
push• Thepushinstructionpushesthedataatthespecifiedsourceontothetopofthestack,adjusting%rsp accordingly.
Instruction Effectpushq S R[%rsp] ⟵ R[%rsp] – 8;
M[R[%rsp]] ⟵ S
51
push• Thepushinstructionpushesthedataatthespecifiedsourceontothetopofthestack,adjusting%rsp accordingly.
Instruction Effectpushq S R[%rsp] ⟵ R[%rsp] – 8;
M[R[%rsp]] ⟵ S
52
push• Thepushinstructionpushesthedataatthespecifiedsourceontothetopofthestack,adjusting%rsp accordingly.
• Thisbehaviorisequivalenttothefollowing,butpushq isashorterinstruction:subq $8, %rspmovq S, (%rsp)
• Sometimes,you’llseeinstructionsjustexplicitlydecrementthestackpointertomakeroomforfuturedata.
Instruction Effectpushq S R[%rsp] ⟵ R[%rsp] – 8;
M[R[%rsp]] ⟵ S
53
pop• Thepopinstructionpopsthetopmostdatafromthestackandstoresitinthespecifieddestination,adjusting%rsp accordingly.
• Note: thisdoesnot remove/clearoutthedata!Itjustincrements%rsp toindicatethenextpushcanoverwritethatlocation.
Instruction Effectpopq D D ⟵ M[R[%rsp]]
R[%rsp] ⟵ R[%rsp] + 8;
54
pop• Thepopinstructionpopsthetopmostdatafromthestackandstoresitinthespecifieddestination,adjusting%rsp accordingly.
• Thisbehaviorisequivalenttothefollowing,butpopq isashorterinstruction:movq (%rsp), Daddq $8, %rsp
• Sometimes,you’llseeinstructionsjustexplicitlyincrementthestackpointertopopdata.
Instruction Effectpopq D D ⟵ M[R[%rsp]]
R[%rsp] ⟵ R[%rsp] + 8;
55
Pushing onto the Stack
56
Pushing onto the Stack
57
Pushing onto the Stack
58
Calling Functions In AssemblyTocallafunctioninassembly,wemustdoafewthings:• PassControl– %ripmustbeadjustedtoexecutethecallee’s instructions,andthenresumethecaller’sinstructionsafterwards.
• PassData– wemustpassanyparametersandreceiveanyreturnvalue.• ManageMemory– wemusthandleanyspaceneedsofthecallee onthestack.
Terminology:caller functioncallsthecallee function.
59
Plan For Today• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
60
Remembering Where We Left Off• Problem:%rippointstothecurrentlyexecutinginstruction.Tocallafunction,wemustremember thenextcallerinstructiontoresumeatafter.
• Solution: pushthecurrentvalueof%ripontothestack.Thencallthefunction.Whenitisfinished,putthisvaluebackinto%ripandcontinueexecuting.
…
…
Stack
0xff20%rsp
main()
0x3021%rip
E.g. main() calls foo():
61
Remembering Where We Left Off• Problem:%rippointstothecurrentlyexecutinginstruction.Tocallafunction,wemustremember thenextcallerinstructiontoresumeatafter.
• Solution: pushthecurrentvalueof%ripontothestack.Thencallthefunction.Whenitisfinished,putthisvaluebackinto%ripandcontinueexecuting.
…
…
0x3026
Stack
main()
0xff18%rsp
0x3021%rip
E.g. main() calls foo():
62
Remembering Where We Left Off• Problem:%rippointstothecurrentlyexecutinginstruction.Tocallafunction,wemustremember thenextcallerinstructiontoresumeatafter.
• Solution: pushthecurrentvalueof%ripontothestack.Thencallthefunction.Whenitisfinished,putthisvaluebackinto%ripandcontinueexecuting.
…
…
0x3026
…
Stack
main()
foo()
0xff08%rsp
0x4058%rip
E.g. main() calls foo():
63
Remembering Where We Left Off• Problem:%rippointstothecurrentlyexecutinginstruction.Tocallafunction,wemustremember thenextcallerinstructiontoresumeatafter.
• Solution: pushthecurrentvalueof%ripontothestack.Thencallthefunction.Whenitisfinished,putthisvaluebackinto%ripandcontinueexecuting.
…
…
0x3026
Stack
0xff18%rsp
0x4058%rip
main()
E.g. main() calls foo():
64
Remembering Where We Left Off• Problem:%rippointstothecurrentlyexecutinginstruction.Tocallafunction,wemustremember thenextcallerinstructiontoresumeatafter.
• Solution: pushthecurrentvalueof%ripontothestack.Thencallthefunction.Whenitisfinished,putthisvaluebackinto%ripandcontinueexecuting.
…
…
Stack
main()
0xff18%rsp
0x3026%rip
E.g. main() calls foo():
65
Call And ReturnThecall instructionpushesthevalueof%ripontothestackandsets%riptopointtothebeginningofthespecifiedfunction’sinstructions.
call Labelcall *Operand
Theret instructionpopsthevalueof%ripfromthestackandstoresitin%rip.ret
Thestored%ripvalueforafunctioniscalleditsreturnaddress.Itistheaddressoftheinstructionatwhichtoresumethefunction’sexecution.(nottobeconfusedwithreturnvalue,whichisthevaluereturnedfromafunction).
66
Calling Functions In AssemblyTocallafunctioninassembly,wemustdoafewthings:• PassControl– %ripmustbeadjustedtoexecutethefunctionbeingcalledandthenresumethecallerfunctionafterwards.
• PassData– wemustpassanyparametersandreceiveanyreturnvalue.• ManageMemory– wemusthandleanyspaceneedsofthecallee onthestack.
Terminology:caller functioncallsthecallee function.
67
Plan For Today• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
68
Parameters and Return• Therearespecialregistersthatstoreparametersandthereturnvalue.• Tocallafunction,wemustputanyparameterswearepassingintothecorrectregisters.(%rdi,%rsi,%rdx,%rcx,%r8,%r9,inthatorder)
• Parametersbeyondthefirst6areputonthestack.• Ifthecallerexpectsareturnvalue,itlooksin%rax afterthecallee completes.
69
Parameters and Return...main()int main(int argc, char *argv[]) {
int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
70
Parameters and Return...main()
0xffea08
0x40054f
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x40054f <+0>: sub $0x18,%rsp0x400553 <+4>: movl $0x1,0xc(%rsp)0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x4
71
Parameters and Return...
0xffe9f0
main()
0xffe9f0
0x40054f
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x40054f <+0>: sub $0x18,%rsp0x400553 <+4>: movl $0x1,0xc(%rsp)0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x4
72
Parameters and Return...
0xffe9fc 1
0xffe9f0
main()
0xffe9f0
0x400553
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x40054f <+0>: sub $0x18,%rsp0x400553 <+4>: movl $0x1,0xc(%rsp)0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x4
73
Parameters and Return...
0xffe9fc 10xffe9f8 2
0xffe9f0
main()
0xffe9f0
0x40055b
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x40054f <+0>: sub $0x18,%rsp0x400553 <+4>: movl $0x1,0xc(%rsp)0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x4
74
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0
main()
0xffe9f0
0x400563
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x400553 <+4>: movl $0x1,0xc(%rsp)0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x3
75
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
main()
0xffe9f0
0x40056b
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x40055b <+12>: movl $0x2,0x8(%rsp)0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d
76
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
main()
0xffe9e8
0x400572
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x400563 <+20>: movl $0x3,0x4(%rsp)0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d
77
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
main()
0xffe9e0
0x400574
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x40056b <+28>: movl $0x4,(%rsp)0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx
78
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
main()
0xffe9e0
0x400576
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx
79
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
main()
0xffe9e0
0x400576
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx
80
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
main()
0xffe9e0
0x400576
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x400572 <+35>: pushq $0x40x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx
2
%r9d
81
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
main()
0xffe9e0
0x40057c
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x400574 <+37>: pushq $0x30x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx0x40058c <+61>: lea 0x18(%rsp),%rsi
2
%r9d
1
%r8d
82
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
main()
0xffe9e0
0x400582
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x400576 <+39>: mov $0x2,%r9d0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi
2
%r9d
1
%r8d
0xffe9f0
%rcx
83
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
main()
0xffe9e0
0x400587
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x40057c <+45>: mov $0x1,%r8d0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>
2
%r9d
1
%r8d
0xffe9f0
%rcx
0xffe9f4
%rdx
84
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
main()
0xffe9e0
0x40058c
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x400582 <+51>: lea 0x10(%rsp),%rcx0x400587 <+56>: lea 0x14(%rsp),%rdx0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>
2
%r9d
1
%r8d
0xffe9f0
%rcx
0xffe9f4
%rdx
0xffe9f8
%rsi
85
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
main()
0xffe9e0
0x400591
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x400587 <+56>: lea 0x14(%rsp),%rdx0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>0x40059b <+76>: add $0x10,%rsp
2
%r9d
1
%r8d
0xffe9f0
%rcx
0xffe9f4
%rdx
0xffe9fc
%rdi0xffe9f8
%rsi
86
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
main()
0xffe9e0
0x400596
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>0x40059b <+76>: add $0x10,%rsp…
2
%r9d
1
%r8d
0xffe9f0
%rcx
0xffe9f4
%rdx
0xffe9fc
%rdi0xffe9f8
%rsi
87
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
0x40059b
main()
0xffe9d8
0x400596
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>0x40059b <+76>: add $0x10,%rsp…
2
%r9d
1
%r8d
0xffe9f0
%rcx
0xffe9f4
%rdx
0xffe9fc
%rdi0xffe9f8
%rsi
88
Parameters and Return...
0xffe9fc 10xffe9f8 20xffe9f4 30xffe9f0 4
0xffe9e84
0xffe9e03
0x40059b
main()
0xffe9d8
0x400546
%rsp
%rip
int main(int argc, char *argv[]) {int i1 = 1;int i2 = 2;int i3 = 3;int i4 = 4;int result = func(&i1, &i2, &i3, &i4,
i1, i2, i3, i4);…
}
int func(int *p1, int *p2, int *p3, int *p4, int v1, int v2, int v3, int v4) {
…}
0x40058c <+61>: lea 0x18(%rsp),%rsi0x400591 <+66>: lea 0x1c(%rsp),%rdi0x400596 <+71>: callq 0x400546 <func>0x40059b <+76>: add $0x10,%rsp…
2
%r9d
1
%r8d
0xffe9f0
%rcx
0xffe9f4
%rdx
0xffe9fc
%rdi0xffe9f8
%rsi
89
Calling Functions In AssemblyTocallafunctioninassembly,wemustdoafewthings:• PassControl– %ripmustbeadjustedtoexecutethefunctionbeingcalledandthenresumethecallerfunctionafterwards.
• PassData– wemustpassanyparametersandreceiveanyreturnvalue.• ManageMemory– wemusthandleanyspaceneedsofthecallee onthestack.
Terminology:caller functioncallsthecallee function.
90
Plan For Today• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
91
Local Storage• Sofar,we’veoftenseenlocalvariablesstoreddirectlyinregisters,ratherthanonthestackaswe’dexpect.Thisisforoptimizationreasons.
• Therearethree commonreasonsthatlocaldatamustbeinmemory:• We’verunoutofregisters• The‘&’operatorisusedonit,sowemustgenerateanaddressforit• Theyarearraysorstructs(needtouseaddressarithmetic)
92
Local Storagelong swap_add(long *xp, long *yp) {
long x = *xp;long y = *yp;*xp = y;*yp = x;return x + y;
}
long caller() {long arg1 = 534;long arg2 = 1057;long sum = swap_add(&arg1, &arg2);long diff = arg1 - arg2;return sum * diff;
}
caller:subq $16, %rsp // 16 bytes for stack framemovq $534, (%rsp) // store 534 in arg1movq $1057, 8(%rsp) // store 1057 in arg2leaq 8(%rsp), %rsi // compute &arg2 as second argmovq %rsp, %rdi // compute &arg1 as first argcall swap_add // call swap_add(&arg1, &arg2)movq (%rsp),%rdx // get arg1subq 8(%rsp), %rdx // compute diff = arg1 - arg2imulq %rdx, %rax // compute sum * diffaddq $16, %rsp // deallocate stack frameret // return and restore %rip
93
Plan For Today• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
94
Plan For Today• NolectureFriday• None!Let’stakeabreatherJ
95
Plan For Today• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
96
Register Restrictions• Thereisonlyonecopyofregistersforallprogramsandinstructions.• Therefore,therearesomerulesthatcallersandcallees mustfollowwhenusingregisterssotheydonotinterferewithoneanother.
• Therearetwotypesofregisters:caller-ownedandcallee-owned
97
Register Restrictions
• Ifacallee wantstousethis,theymustsave theexistingvalueandrestore itbackintotheregisteraftertheyaredone.
• Ifacallerwantstousethis,theycanstorevaluesthereduringfunctioncallsandcanassumethatthevalueswillbepreserved.
• Ifacallee wantstousethis,theycandosowithoutworryingaboutoverwritingdata.Theydonotneedtosavetheexistingvalue.
• Ifacallerwantstousethis,theymustbecarefulwhencallingafunction,asthatfunctionmayoverwritethecontents!Theymaywanttosave theexistingvalueandrestore itbackintotheregisterafterthefunctioncall.
CallerOwned Callee-Owned
98
Register Restrictionslong P(long x, long y) {
long u = Q(y);long v = Q(x);return u + v;
}
long P(long x, long y), x in %rdi, y in %rsi:
push %rbppush %rbxmov %rdi,%rbpmov %rsi,%rdicallq 40056d <Q(long)>mov %rax,%rbxmov %rbp,%rdicallq 40056d <Q(long)>add %rbx,%raxpop %rbxpop %rbpretq
99
Register Restrictionslong P(long x, long y) {
long u = Q(y);long v = Q(x);return u + v;
}
long P(long x, long y), x in %rdi, y in %rsi:
push %rbppush %rbxmov %rdi,%rbpmov %rsi,%rdicallq 40056d <Q(long)>mov %rax,%rbxmov %rbp,%rdicallq 40056d <Q(long)>add %rbx,%raxpop %rbxpop %rbpretq
100
Register Restrictionslong P(long x, long y) {
long u = Q(y);long v = Q(x);return u + v;
}
long P(long x, long y), x in %rdi, y in %rsi:
push %rbppush %rbxmov %rdi,%rbpmov %rsi,%rdicallq 40056d <Q(long)>mov %rax,%rbxmov %rbp,%rdicallq 40056d <Q(long)>add %rbx,%raxpop %rbxpop %rbpretq
101
Plan For Today• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
102
Example: Recursion• Let’stakealookatanexampleofrecursionattheassemblylevel.• We’llputtouseeverythingwe’velearnedaboutregisters,thestack,functioncalls,parameters,andassemblyinstructions!
• We’llalsoseehowhelpfulGDBcanbewhentracingthroughassembly.
103
Recap• TheInstructionPointer(%rip)• CallingFunctions
• TheStack• PassingControl• PassingData• LocalStorage
• Break:Announcements• RegisterRestrictions• Pullingitalltogether:recursionexample
That’sitforassembly!Nexttime:managingtheheap