machine programming – procedures and ia32 stack ceng334: introduction to operating systems...
TRANSCRIPT
Machine Programming – Procedures and IA32 StackCENG334: Introduction to Operating Systems
Instructor: Erol Sahin
Acknowledgement: Most of the slides are adapted from the ones prepared by R.E. Bryant, D.R. O’Hallaron of Carnegie-Mellon Univ.
Integer Registers (IA32)%eax
%ecx
%edx
%ebx
%esi
%edi
%esp
%ebp
%ax
%cx
%dx
%bx
%si
%di
%sp
%bp
%ah
%ch
%dh
%bh
%al
%cl
%dl
%bl
16-bit virtual registers(backwards compatibility)
gene
ral p
urpo
se
accumulate
counter
data
base
source index
destinationindex
stack pointer
basepointer
Origin(mostly obsolete)
Moving Data: IA32
Moving Data movx Source, Dest x in {b, w, l}
movl Source, Dest:Move 4-byte “long word”
movw Source, Dest:Move 2-byte “word”
movb Source, Dest:Move 1-byte “byte”
Lots of these in typical code
%eax
%ecx
%edx
%ebx
%esi
%edi
%esp
%ebp
Moving Data: IA32 Moving Data
movl Source, Dest:
Operand Types Immediate: Constant integer data
Example: $0x400, $-533 Like C constant, but prefixed with ‘$’ Encoded with 1, 2, or 4 bytes
Register: One of 8 integer registers Example: %eax, %edx But %esp and %ebp reserved for special use Others have special uses for particular instructions
Memory: 4 consecutive bytes of memory at address given by register Simplest example: (%eax) Various other “address modes”
%eax
%ecx
%edx
%ebx
%esi
%edi
%esp
%ebp
movl Operand Combinations
Cannot do memory-memory transfer with a single instruction
movl
Imm
Reg
Mem
RegMem
RegMem
Reg
Source Dest C Analog
movl $0x4,%eax temp = 0x4;
movl $-147,(%eax) *p = -147;
movl %eax,%edx temp2 = temp1;
movl %eax,(%edx) *p = temp;
movl (%eax),%edx temp = *p;
Src,Dest
Simple Memory Addressing Modes Normal (R) Mem[Reg[R]]
Register R specifies memory address
movl (%ecx),%eax
Displacement D(R) Mem[Reg[R]+D] Register R specifies start of memory region Constant displacement D specifies offset
movl 8(%ebp),%edx
Using Simple Addressing Modes
void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0;}
swap:pushl %ebpmovl %esp,%ebppushl %ebx
movl 12(%ebp),%ecxmovl 8(%ebp),%edxmovl (%ecx),%eaxmovl (%edx),%ebxmovl %eax,(%edx)movl %ebx,(%ecx)
movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret
Body
SetUp
Finish
Using Simple Addressing Modes
void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0;}
swap:pushl %ebpmovl %esp,%ebppushl %ebx
movl 12(%ebp),%ecxmovl 8(%ebp),%edxmovl (%ecx),%eaxmovl (%edx),%ebxmovl %eax,(%edx)movl %ebx,(%ecx)
movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret
Body
SetUp
Finish
Understanding Swap
void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0;}
movl 12(%ebp),%ecx # ecx = yp
movl 8(%ebp),%edx # edx = xp
movl (%ecx),%eax # eax = *yp (t1)
movl (%edx),%ebx # ebx = *xp (t0)
movl %eax,(%edx) # *xp = eax
movl %ebx,(%ecx) # *yp = ebx
Stack(in memory)
Register Value%ecx yp%edx xp%eax t1%ebx t0
yp
xp
Rtn adr
Old %ebp %ebp 0
4
8
12
Offset
•••
Old %ebx-4
Understanding Swap
movl 12(%ebp),%ecx # ecx = yp
movl 8(%ebp),%edx # edx = xp
movl (%ecx),%eax # eax = *yp (t1)
movl (%edx),%ebx # ebx = *xp (t0)
movl %eax,(%edx) # *xp = eax
movl %ebx,(%ecx) # *yp = ebx
0x120
0x124
Rtn adr
%ebp 0
4
8
12
Offset
-4
123
456
Address0x124
0x120
0x11c
0x118
0x114
0x110
0x10c
0x108
0x104
0x100
yp
xp
%eax
%edx
%ecx
%ebx
%esi
%edi
%esp
%ebp 0x104
movl 12(%ebp),%ecx # ecx = yp
movl 8(%ebp),%edx # edx = xp
movl (%ecx),%eax # eax = *yp (t1)
movl (%edx),%ebx # ebx = *xp (t0)
movl %eax,(%edx) # *xp = eax
movl %ebx,(%ecx) # *yp = ebx
Understanding Swap
0x120
0x124
Rtn adr
%ebp 0
4
8
12
Offset
-4
123
456
Address0x124
0x120
0x11c
0x118
0x114
0x110
0x10c
0x108
0x104
0x100
yp
xp
%eax
%edx
%ecx
%ebx
%esi
%edi
%esp
%ebp 0x104
0x1200x120
Understanding Swap
0x120
0x124
Rtn adr
%ebp 0
4
8
12
Offset
-4
123
456
Address0x124
0x120
0x11c
0x118
0x114
0x110
0x10c
0x108
0x104
0x100
yp
xp
%eax
%edx
%ecx
%ebx
%esi
%edi
%esp
%ebp
0x120
0x104movl 12(%ebp),%ecx # ecx = yp
movl 8(%ebp),%edx # edx = xp
movl (%ecx),%eax # eax = *yp (t1)
movl (%edx),%ebx # ebx = *xp (t0)
movl %eax,(%edx) # *xp = eax
movl %ebx,(%ecx) # *yp = ebx
0x124
0x124
Understanding Swap
0x120
0x124
Rtn adr
%ebp 0
4
8
12
Offset
-4
123
456
Address0x124
0x120
0x11c
0x118
0x114
0x110
0x10c
0x108
0x104
0x100
yp
xp
%eax
%edx
%ecx
%ebx
%esi
%edi
%esp
%ebp
0x124
0x120
0x104movl 12(%ebp),%ecx # ecx = yp
movl 8(%ebp),%edx # edx = xp
movl (%ecx),%eax # eax = *yp (t1)
movl (%edx),%ebx # ebx = *xp (t0)
movl %eax,(%edx) # *xp = eax
movl %ebx,(%ecx) # *yp = ebx
456
456
Understanding Swap
0x120
0x124
Rtn adr
%ebp 0
4
8
12
Offset
-4
123
456
Address0x124
0x120
0x11c
0x118
0x114
0x110
0x10c
0x108
0x104
0x100
yp
xp
%eax
%edx
%ecx
%ebx
%esi
%edi
%esp
%ebp
456
0x124
0x120
0x104movl 12(%ebp),%ecx # ecx = yp
movl 8(%ebp),%edx # edx = xp
movl (%ecx),%eax # eax = *yp (t1)
movl (%edx),%ebx # ebx = *xp (t0)
movl %eax,(%edx) # *xp = eax
movl %ebx,(%ecx) # *yp = ebx
123
123
456
Understanding Swap
0x120
0x124
Rtn adr
%ebp 0
4
8
12
Offset
-4
Address0x124
0x120
0x11c
0x118
0x114
0x110
0x10c
0x108
0x104
0x100
yp
xp
%eax
%edx
%ecx
%ebx
%esi
%edi
%esp
%ebp
456456
0x124
0x120
123
0x104movl 12(%ebp),%ecx # ecx = yp
movl 8(%ebp),%edx # edx = xp
movl (%ecx),%eax # eax = *yp (t1)
movl (%edx),%ebx # ebx = *xp (t0)
movl %eax,(%edx) # *xp = eax
movl %ebx,(%ecx) # *yp = ebx
456
123
Understanding Swap
0x120
0x124
Rtn adr
%ebp 0
4
8
12
Offset
-4
456
Address0x124
0x120
0x11c
0x118
0x114
0x110
0x10c
0x108
0x104
0x100
yp
xp
%eax
%edx
%ecx
%ebx
%esi
%edi
%esp
%ebp
456
0x124
0x120
0x104movl 12(%ebp),%ecx # ecx = yp
movl 8(%ebp),%edx # edx = xp
movl (%ecx),%eax # eax = *yp (t1)
movl (%edx),%ebx # ebx = *xp (t0)
movl %eax,(%edx) # *xp = eax
movl %ebx,(%ecx) # *yp = ebx
123
123
123
Complete Memory Addressing Modes Most General Form
D(Rb,Ri,S) Mem[Reg[Rb]+S*Reg[Ri]+ D] D: Constant “displacement” 1, 2, or 4 bytes Rb: Base register: Any of 8 integer registers Ri: Index register: Any, except for %esp
Unlikely you’d use %ebp, either S: Scale: 1, 2, 4, or 8 (why these numbers?)
Special Cases(Rb,Ri) Mem[Reg[Rb]+Reg[Ri]]D(Rb,Ri) Mem[Reg[Rb]+Reg[Ri]+D](Rb,Ri,S) Mem[Reg[Rb]+S*Reg[Ri]]
IA32 Stack
Region of memory managed with stack discipline
Grows toward lower addresses
Register %esp contains lowest stack address= address of “top” element
Stack Pointer: %esp
Stack GrowsDown
IncreasingAddresses
Stack “Top”
Stack “Bottom”
IA32 Stack: Push
pushl Src Fetch operand at Src Decrement %esp by 4 Write operand at address given
by %esp
Stack GrowsDown
IncreasingAddresses
Stack “Top”
Stack “Bottom”
Stack Pointer: %esp-4
IA32 Stack: Pop
Stack Pointer: %esp
Stack GrowsDown
IncreasingAddresses
Stack “Top”
Stack “Bottom” popl Dest
Read operand at address %esp Increment %esp by 4 Write operand to Dest
+4
Procedure Control Flow Use stack to support procedure call and return Procedure call: call label
Push return address on stack Jump to label
Return address: Address of instruction beyond call Example from disassembly804854e: e8 3d 06 00 00 call 8048b90 <main>
8048553: 50 pushl %eax Return address = 0x8048553
Procedure return: ret Pop address from stack Jump to address
%esp
%eip
%esp
%eip 0x804854e
0x108
0x108
0x10c
0x110
0x104
0x804854e
0x8048553
123
Procedure Call Example
0x108
0x10c
0x110
123
0x108
call 8048b90
804854e: e8 3d 06 00 00 call 8048b90 <main>8048553: 50 pushl %eax
0x8048b90
0x104
%eip: program counter
%esp
%eip
0x104
%esp
%eip 0x80485910x8048591
0x1040x104
0x108
0x10c
0x110
0x8048553
123
Procedure Return Example
0x108
0x10c
0x110
123
ret
8048591: c3 ret
0x108
0x8048553
0x8048553
%eip: program counter
Stack-Based Languages Languages that support recursion
e.g., C, Pascal, Java Code must be “Reentrant”
Multiple simultaneous instantiations of single procedure Need some place to store state of each instantiation
Arguments Local variables Return pointer
Stack discipline State for given procedure needed for limited time
From when called to when return Callee returns before caller does
Stack allocated in Frames state for single procedure instantiation
Call Chain Example
yoo(…){
••who();••}
who(…){
• • •amI();• • •amI();• • •}
amI(…){
••amI();••}
yoo
who
amI
amI
amI
ExampleCall Chain
amI
Procedure amI is recursive
Frame for
proc
Frame Pointer: %ebp
Stack Frames Contents
Local variables Return information Temporary space
Management Space allocated when enter procedure
“Set-up” code Deallocated when return
“Finish” code
Stack Pointer: %esp
PreviousFrame
Stack “Top”
Example
yoo(…){
••who();••}
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
who(…){
• • •amI();• • •amI();• • •}
Example
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
who
amI(…){
••amI();••}
Example
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
who
amI
amI(…){
••amI();••}
Example
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
who
amI
amI
amI(…){
••amI();••}
Example
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
who
amI
amI
amI
amI(…){
••amI();••}
Example
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
who
amI
amI
amI(…){
••amI();••}
Example
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
who
amI
who(…){
• • •amI();• • •amI();• • •}
Example
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
who
amI(…){
•••••}
Example
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
who
amI
who(…){
• • •amI();• • •amI();• • •}
Example
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
who
Example
yoo(…){
••who();••}
yoo
who
amI
amI
amI
amI
yoo
%ebp
%esp
Stack
IA32/Linux Stack Frame Current Stack Frame (“Top” to Bottom)
“Argument build:”Parameters for function about to call
Local variablesIf can’t keep in registers
Saved register context Old frame pointer
Caller Stack Frame Return address Pushed by call instruction Arguments for this call
Return Addr
SavedRegisters
+Local
Variables
ArgumentBuild
Old %ebp
Arguments
CallerFrame
Frame pointer%ebp
Stack pointer%esp
Revisiting swap
void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0;}
int zip1 = 15213;int zip2 = 91125;
void call_swap(){ swap(&zip1, &zip2);}
call_swap:• • •pushl $zip2 # Global Varpushl $zip1 # Global Varcall swap• • •
&zip2
&zip1
Rtn adr %esp
ResultingStack•
••
Calling swap from call_swap
Revisiting swap
void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0;}
swap:pushl %ebpmovl %esp,%ebppushl %ebx
movl 12(%ebp),%ecxmovl 8(%ebp),%edxmovl (%ecx),%eaxmovl (%edx),%ebxmovl %eax,(%edx)movl %ebx,(%ecx)
movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret
Body
SetUp
Finish
swap Setup #1
swap:pushl %ebpmovl %esp,%ebppushl %ebx
Resulting Stack
&zip2
&zip1
Rtn adr %esp
Entering Stack
•••
%ebp
yp
xp
Rtn adr
Old %ebp
%ebp•••
%esp
swap Setup #1
swap:pushl %ebpmovl %esp,%ebppushl %ebx
&zip2
&zip1
Rtn adr %esp
Entering Stack
•••
%ebp
yp
xp
Rtn adr
Old %ebp
%ebp•••
%esp
swap Setup #1
swap:pushl %ebpmovl %esp,%ebppushl %ebx
&zip2
&zip1
Rtn adr %esp
Entering Stack
•••
%ebp
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
Resulting Stack
swap Setup #1
swap:pushl %ebpmovl %esp,%ebppushl %ebx
&zip2
&zip1
Rtn adr %esp
Entering Stack
•••
%ebp
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
1284
swap Setup #1
&zip2
&zip1
Rtn adr %esp
Entering Stack
•••
%ebp
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
Resulting Stack
Old %ebx
movl 12(%ebp),%ecx # get ypmovl 8(%ebp),%edx # get xp. . .
Offset relative to %ebp
swap Finish #1
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
swap’s Stack
Old %ebx
movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
Resulting Stack
Old %ebx
Observation: Saved and restored register %ebx
swap Finish #2
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
swap’s Stack
Old %ebx
movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret
yp
xp
Rtn adr
Old %ebp %ebp
•••
%espOld %ebx
swap Finish #2
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
swap’s Stack
Old %ebx
movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
Resulting Stack
swap Finish #2
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
swap’s Stack
Old %ebx
movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
swap Finish #3
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
swap’s Stack
Old %ebx
movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret
Resulting Stack
yp
xp
Rtn adr
%ebp•••
%esp
swap Finish #4
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
swap’s Stack
Old %ebx
movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret
yp
xp
Rtn adr
%ebp•••
%esp
swap Finish #4
yp
xp
Rtn adr
Old %ebp %ebp
•••
%esp
swap’s Stack
Old %ebx
movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret
yp
xp
%ebp•••
%esp
Resulting Stack
Observation Saved & restored register %ebx Didn’t do so for %eax, %ecx, or %edx
Disassembled swap080483a4 <swap>: 80483a4: 55 push %ebp 80483a5: 89 e5 mov %esp,%ebp 80483a7: 53 push %ebx 80483a8: 8b 55 08 mov 0x8(%ebp),%edx 80483ab: 8b 4d 0c mov 0xc(%ebp),%ecx 80483ae: 8b 1a mov (%edx),%ebx 80483b0: 8b 01 mov (%ecx),%eax 80483b2: 89 02 mov %eax,(%edx) 80483b4: 89 19 mov %ebx,(%ecx) 80483b6: 5b pop %ebx 80483b7: c9 leave 80483b8: c3 ret
8048409: e8 96 ff ff ff call 80483a4 <swap> 804840e: 8b 45 f8 mov 0xfffffff8(%ebp),%eax
Calling Code
Register Saving Conventions When procedure yoo calls who:
yoo is the caller who is the callee
Can Register be used for temporary storage?
Contents of register %edx overwritten by who
yoo:• • •movl $15213, %edxcall whoaddl %edx, %eax
• • •ret
who:• • •movl 8(%ebp), %edxaddl $91125, %edx
• • •ret
Register Saving Conventions When procedure yoo calls who:
yoo is the caller who is the callee
Can register be used for temporary storage? Conventions
“Caller Save” Caller saves temporary in its frame before calling
“Callee Save” Callee saves temporary in its frame before using
IA32/Linux Register Usage %eax, %edx, %ecx
Caller saves prior to call if values are used later
%eax also used to return integer
value
%ebx, %esi, %edi Callee saves if wants to
use them
%esp, %ebp special
%eax
%edx
%ecx
%ebx
%esi
%edi
%esp
%ebp
Caller-SaveTemporaries
Callee-SaveTemporaries
Special
Linux Memory Layout Stack
Runtime stack (8MB limit) Heap
Dynamically allocated storage When call malloc, calloc, new
DLLs Dynamically Linked Libraries Library routines (e.g., printf, malloc) Linked into object code when first executed
Data Statically allocated data E.g., arrays & strings declared in code
Text Executable machine instructions Read-only
Upper 2 hex digits of addressRed Hatv. 6.2~1920MBmemorylimit
FF
BF
7F
3F
C0
80
40
00
Stack
DLLs
TextData
Heap
Heap
08
Linux Memory AllocationLinked
BF
7F
3F
80
40
00
Stack
DLLs
TextData
08
Some Heap
BF
7F
3F
80
40
00
Stack
DLLs
TextData
Heap
08
MoreHeap
BF
7F
3F
80
40
00
Stack
DLLs
TextDataHeap
Heap
08
Initially
BF
7F
3F
80
40
00
Stack
TextData
08
Text & Stack Example
(gdb) break main(gdb) run Breakpoint 1, 0x804856f in main ()(gdb) print $esp $3 = (void *) 0xbffffc78
Main Address 0x804856f should be read 0x0804856f
Stack Address 0xbffffc78
Initially
BF
7F
3F
80
40
00
Stack
TextData
08
Dynamic Linking Example(gdb) print malloc $1 = {<text variable, no debug info>} 0x8048454 <malloc>(gdb) run Program exited normally.(gdb) print malloc $2 = {void *(unsigned int)} 0x40006240 <malloc>
Initially Code in text segment that invokes dynamic linker Address 0x8048454 should be read 0x08048454
Final Code in DLL region
Linked
BF
7F
3F
80
40
00
Stack
DLLs
TextData
08
Memory Allocation Example
char big_array[1<<24]; /* 16 MB */char huge_array[1<<28]; /* 256 MB */
int beyond;char *p1, *p2, *p3, *p4;
int useless() { return 0; }
int main(){ p1 = malloc(1 <<28); /* 256 MB */ p2 = malloc(1 << 8); /* 256 B */ p3 = malloc(1 <<28); /* 256 MB */ p4 = malloc(1 << 8); /* 256 B */ /* Some print statements ... */}
Example Addresses
$esp 0xbffffc78p3 0x500b5008p1 0x400b4008Final malloc 0x40006240p4 0x1904a640 p2 0x1904a538beyond 0x1904a524big_array 0x1804a520huge_array 0x0804a510main() 0x0804856fuseless() 0x08048560Initial malloc 0x08048454
BF
7F
3F
80
40
00
Stack
DLLs
TextDataHeap
Heap
08