cs356 discussion 4
play

CS356 : Discussion #4 Assembly Instructions & Debugging with GDB - PowerPoint PPT Presentation

Dec 06, 2023 •12 likes •302 views

CS356 : Discussion #4 Assembly Instructions & Debugging with GDB Last week: Operand Forms Different ways to specify source values and output location. Immediate: $ imm to use a constant input value, e.g., $0xFF . Register: % reg to use the

  1. CS356 : Discussion #4 Assembly Instructions & Debugging with GDB

  2. Last week: Operand Forms Different ways to specify source values and output location. Immediate: $ imm to use a constant input value, e.g., $0xFF . Register: % reg to use the value contained in a register, e.g., %rax . Memory reference Absolute : addr , e.g., 0x1122334455667788 [use a fixed address] ● Indirect : (% reg ) , e.g., (%rax) [use the address contained in a q register ] ● Base+displacement : imm (% reg ) , e.g., 16(%rax) [add a displacement] ● Indexed: (% reg1 ,% reg2 ) , e.g., (%rax,%rbx) [add another register] ● ● Indexed+displacement: imm (% reg1 ,% reg2 ) [add both] ● Scaled indexed: imm (% reg1 ,% reg2 , c ) [use address: imm + reg1 + reg2 * c ] c must be one of 1, 2, 4, 8 Variants: omit imm or reg1 or both . E.g., (,%rax,4) (A memory reference selects the first byte.)

  3. Last week: Data Movement Move to register/memory (register operands must match size codes) movb src, dst (1 byte) ● movw src, dst (2 bytes) ● movl src, dst (4 bytes / with register destination, the others are set to 0) ● movq src, dst (8 bytes) ● movabsq imm, reg (8 bytes / 64-bit source value allowed into register) ● ( movq only supports a 32-bit immediate; movabsq allows a 64-bit immediate) (Either src or dst can refer to a memory location, not both; no imm as dst .) Move from register/memory to register (zero extension) movzbw src, reg (byte to word) ● movzbl src, reg (byte to double word) ● movzbq src, reg (byte to quad word) ● movzwl src, reg (word to double word) ● movzwq src, reg (word to quad word) ● Same, but with sign extension (replicate MSB) : movsbw , movsbl , movsbq , movswl , movswq , movslq , cltq ( %eax to %rax ) ●

  4. Arithmetic Instructions Unary (with q / l / w / b variants) Any instruction that generates a 32-bit ● incq x is equivalent to x++ value for a register also sets the high- ● decq x is equivalent to x-- order portion of the register to 0 . ● negq x is equivalent to x = -x notq x is equivalent to x = ~x ● Binary (with q / l / w / b variants) x,y is equivalent to y += x ● addq ● x,y is equivalent to y -= x subq ● imulq x,y is equivalent to y *= x Except for right shift, all instructions andq x,y is equivalent to y &= x ● are the same for signed/unsigned x,y is equivalent to y |= x values (thanks to 2’s -complement) ● orq x,y is equivalent to y ^= x ● xorq n,y is equivalent to y = y << n n is $imm or %cl (mod 32) ● salq n,y is equivalent to y = y >> n arithmetic : fill in sign bit from left ● sarq ● n,y is equivalent to y = y >> n logical : fill in zeros from left shrq

  5. Arithmetic Instructions: Examples Values at each memory address: Values in registers: ● 0x100: 0xFF ● %rax: 0x100 ● 0x108: 0xAB ● %rcx: 0x1 ● 0x110: 0x13 ● %rdx: 0x3 ● 0x118: 0x11 Effect? ● addq %rcx,(%rax) ● subq %rdx,8(%rax) ● imulq $16,(%rax,%rdx,8) ● incq 16(%rax) ● decq %rcx ● subq %rdx,%rax

  6. Arithmetic Instructions: Examples Values at each memory address: Values in registers: ● 0x100: 0xFF ● %rax: 0x100 ● 0x108: 0xAB ● %rcx: 0x1 ● 0x110: 0x13 ● %rdx: 0x3 ● 0x118: 0x11 Effect? Solutions: Write 0x100 at 0x100 ● addq %rcx,(%rax) Write 0xA8 at 0x108 ● subq %rdx,8(%rax) Write 0x110 at 0x118 ● imulq $16,(%rax,%rdx,8) Write 0x14 at 0x110 ● incq 16(%rax) Write 0x0 inside %rcx ● decq %rcx Write 0xFD inside %rax ● subq %rdx,%rax

  7. leaq (Load Effective Address) leaq src, reg ● Saves the first parameter into an 8-byte register ● The first parameter can be any displaced / indexed / scaled address Useful for: Saving an address for later use. ● Performing simple additions and constant multiplication: ● leaq imm(reg1,reg2,c), reg3 saves imm+reg1+reg2*c into reg3 ● Only one instruction is used: efficient! Examples ( %rax = x, %rcx = y) leaq 6(%rax),%rdx saves (6+x) in %rdx ● leaq (%rax,%rcx),%rdx saves (x+y) in %rdx ● leaq (%rax,%rcx,4),%rdx saves (x+4*y) in %rdx ● ● leaq 7(%rax,%rax,8),%rdx saves (7+9*x) in %rdx leaq 0xA(,%rcx,4),%rdx saves (10+4*y) in %rdx ●

  8. Fill In the Missing C Expression The assembly code on the right is produced by the compiler. What is a corresponding C expression for the input code? long scale ( long x, long y, long z) { scale: // x in %rdi , y in %rsi , z in %rdx leaq (%rdi,%rdi, 4 ), %rax // output saved in %rax leaq (%rax,%rsi, 2 ), %rax return ??? leaq (%rax,%rdx, 8 ), %rax } ret

  9. Fill In the Missing C Expression The assembly code on the right is produced by the compiler. What is a corresponding C expression for the input code? long scale ( long x, long y, long z) { long scale ( long x, long y, long z) { scale: // x in %rdi , y in %rsi , z in %rdx // x in %rdi , y in %rsi , z in %rdx leaq (%rdi,%rdi, 4 ), %rax // output saved in %rax // output saved in %rax leaq (%rax,%rsi, 2 ), %rax return ??? return 5 *x + 2 *y + 8 *z; leaq (%rax,%rdx, 8 ), %rax } } ret

  10. BombLab

  11. BombLab

  12. BombLab

  13. Example: Conditionals dist: long dist ( long x, long y) { cmpq %rsi, %rdi // x in %rdi , y in %rsi jg .L4 // output saved in %rax movq %rsi, %rax if (x > y) subq %rdi, %rax return x - y; ret else .L4: return y – x; movq %rdi, %rax } subq %rsi, %rax ret

  14. BombLab Goal: to defuse a “binary bomb” by figuring out the correct inputs. ● A sequence of 8 phases: each phase asks for an input from stdin . ● If the correct input is provided, the program proceeds to the next phase . ● If the wrong input is provided, the program terminates with an “explosion.” Your goal is to complete all phases. You must figure out the correct inputs by disassembling the binary program that is already in your GitHub repository . Complete the assignment inside the VM (must have internet connection). ● The binary program pings our server. ● ● Commit and push your solution files sol1.txt through sol8.txt to GitHub.

  15. gdb : The GNU Debugger Goal: “To help you catch bugs in the act.” How? ● Start your program (specifying inputs). Pause it when a condition is met (breakpoints). ● For a fish, the archer fish is known to Examine the current state (inspect). ● shoot down bugs from low hanging plants Proceed step-by-step (understand). ● by spitting water at them. — Jamie Guinan | https://goo.gl/VxsgbU Getting started ● Install gdb: apt-get install gdb (already present on your VM) Include debugging information: gcc -g hello.c -o hello ● Run gdb on your binary program: ● $ gdb hello Reading symbols from hello...done. (gdb) _

  16. User Interface An interactive shell ● Autocomplete a command with tab ● Scroll history of previous commands with up / down ● Repeat the previous command with enter Commands can often be abbreviated with few letters (in red ) ● Help about a command: (gdb) help <command> ● Open a file for debug: (gdb) file <binary file> ● Quit: (gdb) quit ● Looking at the C code Show 10 lines around beginning of a function: (gdb) list func_name ● Show next 10 lines: (gdb) list ● Set how many lines to show: (gdb) set linesize 20 ● A bit tedious! There is a more practical interface: gdb -tui , the “terminal user interface”

  17. User Interface Reloaded: gdb -tui Scroll through source code Enter commands

  18. A few tips Moving the focus ● By pressing up / down / left / right, you scroll the source sub-window ● To scroll the history or move along the command line, you must set the focus on the other part of the screen: C-x o (press ctrl+x, release, press o) Redrawing the screen If your program prints to stdout, it will interfere with the TUI interface ● In case, you can redraw the screen with C-l ● Changing mode You can enable/disable the TUI mode with C-x a ● Or, you can select a mode: ● (gdb) layout src Show source and commands ○ (gdb) layout asm Show assembly and commands ○ (gdb) layout split Show source, assembly, commands ○ (gdb) layout regs Show registers ○

  19. Layouts

  20. Breakpoints and Control Flow Breakpoints ● Add at current location: (gdb) break Add at the beginning of a function: (gdb) break func_name ● ● Add at a specific line of a source file: (gdb) break hello.c:5 Add at a specific line of current file: (gdb) break 5 ● List all breakpoints: (gdb) info breakpoints ● Delete a breakpoint: (gdb) delete <breakpoint #> ● Disable/enable breakpoint: (gdb) disable <#> and (gdb) enable <#> ● Controlling the execution ● Run a program from start, until first breakpoint: (gdb) run <args> Advance your program execution manually ● Continue to the next line, executing subroutines: (gdb) next ○ Continue to the next line, stepping into subroutines: (gdb) step ○ Run until the next breakpoint: (gdb) continue ● Run until the end of the function and print return value: (gdb) finish ●

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS356 : Discussion #5 Assembly Procedures and Arrays Procedures Functions are a key abstraction

CS356 : Discussion #5 Assembly Procedures and Arrays Procedures Functions are a key abstraction

CS356 : Discussion #5 Assembly Procedures and Arrays Procedures Functions are a key abstraction in software They break down a problem into subproblems. Reusable functionality: they can be invoked from many points. Well-defined

366 views • 17 slides
CS356 : Discussion #9 Cache Lab &amp; Review for Midterm II Illustrations from CS:APP3e textbook

CS356 : Discussion #9 Cache Lab &amp; Review for Midterm II Illustrations from CS:APP3e textbook

CS356 : Discussion #9 Cache Lab &amp; Review for Midterm II Illustrations from CS:APP3e textbook Cache Lab Goal To write a small C simulator of caching strategies. Expect about 200-300 lines of code. Starting point in your

469 views • 28 slides
CS356 : Discussion #10 Dynamic Memory and Cache Lab Illustrations from CS:APP3e textbook Cache

CS356 : Discussion #10 Dynamic Memory and Cache Lab Illustrations from CS:APP3e textbook Cache

CS356 : Discussion #10 Dynamic Memory and Cache Lab Illustrations from CS:APP3e textbook Cache Lab Goal To write a small C simulator of caching strategies. Expect about 200-300 lines of code. Starting point in your repository.

498 views • 26 slides
CS356 : Discussion #15 Review for Final Exam Marco Paolieri (paolieri@usc.edu) Illustrations

CS356 : Discussion #15 Review for Final Exam Marco Paolieri (paolieri@usc.edu) Illustrations

CS356 : Discussion #15 Review for Final Exam Marco Paolieri (paolieri@usc.edu) Illustrations from CS:APP3e textbook Processor Organization Pipeline: Computing Throughput and Delay n clock (ps) tput (GIPS) 1 320 3.125 2 170

469 views • 42 slides
CS356 : Discussion #3 Assembly Instructions What about programs that operate on data? Integer

CS356 : Discussion #3 Assembly Instructions What about programs that operate on data? Integer

CS356 : Discussion #3 Assembly Instructions What about programs that operate on data? Integer and Floating-Point Formats Twos Complement IEEE 754 Machine-Level Programs Operand specifiers Data movement Arithmetic and

688 views • 31 slides
CS356 : Discussion #2 Integer Operations &amp; Floating-Point Operations Integers in C (64-bit

CS356 : Discussion #2 Integer Operations &amp; Floating-Point Operations Integers in C (64-bit

CS356 : Discussion #2 Integer Operations &amp; Floating-Point Operations Integers in C (64-bit architecture) Type Size (bytes) Unsigned Range Signed Range 1 0 to 255 -128 to 127 char 2 0 to 65535 -32,768 to 32,767 short 4 0 to 4G

933 views • 60 slides
CS356 : Discussion #11 Dynamic Memory, Allocation Lab and Linking Illustrations from CS:APP3e

CS356 : Discussion #11 Dynamic Memory, Allocation Lab and Linking Illustrations from CS:APP3e

CS356 : Discussion #11 Dynamic Memory, Allocation Lab and Linking Illustrations from CS:APP3e textbook malloc and free in action Each square represents 4 bytes. malloc returns addresses at multiples of 8 bytes (64 bit). If there is a problem,

460 views • 34 slides
CS356 : Discussion #14 Processor Architecture Marco Paolieri (paolieri@usc.edu) Illustrations

CS356 : Discussion #14 Processor Architecture Marco Paolieri (paolieri@usc.edu) Illustrations

CS356 : Discussion #14 Processor Architecture Marco Paolieri (paolieri@usc.edu) Illustrations from CS:APP3e textbook Processor Families Instruction Set Architecture (ISA) Instructions supported by a processor (and their byte-level encoding).

432 views • 30 slides
Introduction to CS356 CS356 Object-Oriented Design and Programming http://cs356.yusun.io

Introduction to CS356 CS356 Object-Oriented Design and Programming http://cs356.yusun.io

Introduction to CS356 CS356 Object-Oriented Design and Programming http://cs356.yusun.io September 26, 2014 Yu Sun, Ph.D. http://yusun.io yusun@csupomona.edu About Myself PhD in Software Engineering Ph.D. Research in Software Engineering

588 views • 30 slides
CS356 : Discussion #13 Review for Final Exam Illustrations from CS:APP3e textbook Processor

CS356 : Discussion #13 Review for Final Exam Illustrations from CS:APP3e textbook Processor

CS356 : Discussion #13 Review for Final Exam Illustrations from CS:APP3e textbook Processor Organization Pipeline Hazards: Stalling and Forwarding Stalling Forwarding Structural

515 views • 47 slides
SOLID: Principles of OOD CS356 Object-Oriented Design and Programming http://cs356.yusun.io

SOLID: Principles of OOD CS356 Object-Oriented Design and Programming http://cs356.yusun.io

SOLID: Principles of OOD CS356 Object-Oriented Design and Programming http://cs356.yusun.io October 17, 2014 Yu Sun, Ph.D. http://yusun.io yusun@csupomona.edu Part of the presentation comes from Martin, Robert Cecil. Agile software

805 views • 65 slides
CS356 Unit 11 Linking 11.2 In complex C projects... We would like to: Split source into

CS356 Unit 11 Linking 11.2 In complex C projects... We would like to: Split source into

11.1 CS356 Unit 11 Linking 11.2 In complex C projects... We would like to: Split source into multiple .h / .c Should .c include .h? Before or after system libraries? Compile these .h / .c units separately as .o files But only

1k views • 51 slides
CS356 Unit 4 Intro to x86 Instruction Set 4.2 Why Learn Assembly To understand something of

CS356 Unit 4 Intro to x86 Instruction Set 4.2 Why Learn Assembly To understand something of

4.1 CS356 Unit 4 Intro to x86 Instruction Set 4.2 Why Learn Assembly To understand something of the limitation of the HW we are running on Helpful to understand performance To utilize certain HW options that high-level languages

954 views • 81 slides
CS356 Unit 4 x86 Instruction Set 4.2 Why Learn Assembly Understand hardware limitations

CS356 Unit 4 x86 Instruction Set 4.2 Why Learn Assembly Understand hardware limitations

4.1 CS356 Unit 4 x86 Instruction Set 4.2 Why Learn Assembly Understand hardware limitations Understand performance Use HW options that high-level languages don't allow (e.g., operating systems, utilizing special HW features, etc.)

1.11k views • 94 slides
CS356 Unit 7 Data Layout &amp; Intermediate Stack Frames 7.2 Structs CS:APP 3.9.1 Structs

CS356 Unit 7 Data Layout &amp; Intermediate Stack Frames 7.2 Structs CS:APP 3.9.1 Structs

7.1 CS356 Unit 7 Data Layout &amp; Intermediate Stack Frames 7.2 Structs CS:APP 3.9.1 Structs are just collections of heterogeneous data Each member is laid out in consecutive memory locations, with some padding inserted to ensure

604 views • 33 slides
Acknowledgement Part of the presentation is based on Prof. Douglas Schmidts lecture

Acknowledgement Part of the presentation is based on Prof. Douglas Schmidts lecture

Overview of Design Patterns CS356 Object-Oriented Design and Programming http://cs356.yusun.io October 24, 2014 Yu Sun, Ph.D. http://yusun.io yusun@csupomona.edu Acknowledgement Part of the presentation is based on Prof. Douglas

934 views • 66 slides
Compiling Techniques Lecture 10: An Introduction to MIPS assembly Hugh Leather 15 October 2019

Compiling Techniques Lecture 10: An Introduction to MIPS assembly Hugh Leather 15 October 2019

Overview Registers Instructions Compiling Techniques Lecture 10: An Introduction to MIPS assembly Hugh Leather 15 October 2019 Hugh Leather Compiling Techniques Overview Registers Instructions Table of contents 1 Overview 2 Registers 3

701 views • 19 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (Mar. 1, 2002) I E S R C E O

UMBC A B M A L T F O U M B C I M Y O R T 1 (Mar. 1, 2002) I E S R C E O

Systems Design &amp; Programming Coprocessor CMPE 310 Coprocessor Basics The 80x87 is able to multiply, divide, add, subtract, find the sqrt and calculate transcendental functions and logarithms. Data types include 16-, 32- and 64-bit signed

441 views • 12 slides
CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming Languages Foundations of

CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming Languages Foundations of

CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming Languages Foundations of Computer Systems Ben Wood Ben Wood A Simple Processor 1. A simple Instruction Set Architecture 2. A simple microarchitecture (implementation): Data

214 views • 20 slides
ARM Cortex-M4 Programming Model Arithmetic Instructions References: Textbook Chapter 4, Chapter

ARM Cortex-M4 Programming Model Arithmetic Instructions References: Textbook Chapter 4, Chapter

ARM Cortex-M4 Programming Model Arithmetic Instructions References: Textbook Chapter 4, Chapter 9.1 9.2 ARM Cortex-M Users Manual, Chapter 3 1 CPU instruction types Data movement operations (Chapter 5) memory-to-register and

391 views • 13 slides
CPU Architecture system clock Memory 64-bit adder Every CPU architecture is implemented using

CPU Architecture system clock Memory 64-bit adder Every CPU architecture is implemented using

CPU Architecture system clock Memory 64-bit adder Every CPU architecture is implemented using digital logic. In each cycle of the system clock, logic is executed and results are saved. System designers attempt to implement logic so that

508 views • 14 slides
Meggy Jr Simple and AVR Meggy Jr Simple Library Key concepts Today LED screen (pixels)

Meggy Jr Simple and AVR Meggy Jr Simple Library Key concepts Today LED screen (pixels)

Meggy Jr Simple and AVR Meggy Jr Simple Library Key concepts Today LED screen (pixels) Meggy Jr Simple library Auxiliary LEDs ATmega328p chip Buttons avr assembly especially for PA3ifdots.java Speaker Check the

279 views • 6 slides
Performance Target Tesla M2090 512 CUDA processors @ 1.3 GHz each processor is capable

Performance Target Tesla M2090 512 CUDA processors @ 1.3 GHz each processor is capable

CUDA Deep Dive Performance CSE 6230 Jee Choi September 10, 2013 Performance Target Tesla M2090 512 CUDA processors @ 1.3 GHz each processor is capable of issuing 1 FMA (2 flops) instruction per cycle throughput = 512 1.3

756 views • 58 slides
Efficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking Blandine

Efficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking Blandine

Efficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking Blandine Debraize Leuven, September 10th, 2012 I NTRODUCTION 1 K NOWN TABLE - BASED METHODS 2 C ORON -T CHULKINE METHOD N EISSE -P ULKUS METHOD 3 C

413 views • 28 slides

More recommend