cs356 unit 6
play

CS356 Unit 6 x86 Procedures Basic Stack Frames 6.2 Review of - PowerPoint PPT Presentation

Jan 29, 2023 •1.15k likes •1.5k views

6.1 CS356 Unit 6 x86 Procedures Basic Stack Frames 6.2 Review of Program Counter (Instruc. Pointer) PC/IP is used to fetch an instruction PC/IP contains the address of the next instruction The value in the PC/IP is placed on the

  1. 6.1 CS356 Unit 6 x86 Procedures Basic Stack Frames

  2. 6.2 Review of Program Counter (Instruc. Pointer) • PC/IP is used to fetch an instruction – PC/IP contains the address of the next instruction – The value in the PC/IP is placed on the address bus and the memory is told to read – The PC/IP is incremented, and the process is repeated for the next instruction Processor Memory PC = Addr = 0 0 PC/IP Addr 0 inst. 1 op. 1 inst. 2 Data = inst.1 machine code 2 inst. 3 ALU out in1 Data 3 inst. 4 ADD, SUB, AND, OR 4 inst. 5 in2 Control = Read … $0-$31 Control FF

  3. 6.3 Procedures (Subroutines) CS:APP 3.7.1 • Procedures (aka subroutines or functions) are reusable sections of code that we can call from some location, execute that procedure, and then return to where we left off C code: int main() { We call the ... procedure to x = 8; calculate the average res = avg(x,4); and when it is printf("%d\n", res); finished it will return } to where we left off A procedure to int avg(int a, int b){ calculate the average return (a+b)/2; of 2 numbers }

  4. 6.4 Procedures • Procedure calls are similar to 'jump' instructions where we go to a new location in the code C code: int main() { ... x = 8; Call “ avg ” procedure will 1 res = avg(x,4); require us to jump to that printf("%d\n", res); code } int avg(int a, int b){ return (a+b)/2; }

  5. 6.5 Normal Jumps vs. Procedures • Difference between normal jumps and procedure calls is that with procedures we have to return to where we left off • We need to leave a link to the return location before we jump to the procedure…if we wait until we get to the function its too late int main() { C code: ... x = 8; res = avg(x,4); printf("%d\n", res); Call “ avg ” procedure will 1 } require us to jump to After procedure that code int avg(int a, int b){ completes, 2 return (a+b)/2; return to the } statement in the main code where we left off

  6. 6.6 Implementing Procedures • To implement procedures in assembly we need to be able to: – Jump to the procedure code, leaving a "return link" (i.e. return address) to know where to return – Find the return address and go back to that location C code: Assembly: ... .text Call res = avg(x,4); ... ... 0x4001b call AVG # save a link Desired return 0x40020 next inst. # to next instruc. location AVG: Definition int avg(int a, int b) 0x40180 movl %edi, %eax { return (a+b)/2; } 0x40183 addl %esi, %eax 0x40186 sarl 1, %eax 0x40188 ret

  7. 6.7 Return Addresses • When calling a procedure, the address to jump to is ALWAYS the same • The location where a procedure returns will vary – Always the address of the instruction after the 'call' Assembly: PC 0004 0000 0x40000 call AVG 0x40004 is the return address for this call 0x40004 add ... 0x40028 is the return address for this call 0x40024 call AVG PC 0004 0024 0x40028 sub ... 0x40180 AVG: ... ret

  8. 6.8 Return Addresses • A further (very common) Assembly: ... complication is nested procedure calls call SUB1 1 – One procedure calls another 0x4001A ... 4 • Example: Main routine calls SUB1 which calls SUB2 SUB1: movl %edi,%eax • Must store both return addresses call SUB2 but where? 0x40208 ... 3 – Registers? No…very limited number 2 ret – Memory? Yes…usually enough memory for deep levels of nesting SUB2: ... ret

  9. 6.9 Return Addresses and Stacks • Note: Return addresses will be Assembly: ... accessed in reverse order as call SUB1 they are stored 1 0x4001A ... 4 – 0x40208 is the second RA to be stored but should be the first one SUB1: movl %edi,%eax used to return call SUB2 • A stack structure is appropriate! 0x40208 ... • The system stack will be a place 3 2 ret where we can store – Return addresses and other saved SUB2: ... register values ret – Local variables of a function – Arguments for procedures

  10. 6.10 System Stack • Stack is a data structure where data is accessed in reverse order as it is stored (a.k.a. LIFO = Last-in First- out) • Use a stack to store the return addresses and other data • System stack defined as growing towards smaller Memory / RAM addresses – Usually starts around ½ to ¾ of the way through the 0xfffffffc ... address space (i.e. for a 32-bit somewhere around 0x7ffff… or 0xbffff…) Initial "top" 0x7ffffff8 • Top of stack is accessed and maintained using %rsp 0000 0000 0x7ffffff4 (stack pointer) register Stack 0000 0000 0x7ffffff0 – %rsp points at top occupied location of the stack 0000 0000 0x7fffffec Processor 0000 0000 0x7fffffe8 Stack Pointer 0x7fffffe4 rip 0000 0000 0004 001b 0000 0000 Always points to 0000 0000 0x7fffffe0 top occupied rsp 0000 0000 7fff fff8 Stack grows element of the towards lower rax 0000 0000 0000 0000 stack 0x0 addresses

  11. 6.11 Push Operation and Instruction • Push operation adds data to system stack • Format: push[w,q,l] %reg – Decrements %rsp by 2, 4, or 8 (depending on [w,q,l] Memory / RAM – Write %reg to memory at address given by 0xfffffffc ... %rsp – Example: pushq %rax Bottom of Stack 0x7ffffff8 – Equivalent: 1111 2222 0x7ffffff4 • subq $8, %rsp 3333 4444 0x7ffffff0 • movq %rax, (%rsp) Processor 0000 0000 0x7fffffec rsp 0000 0000 7fff fff8 %rsp before 0000 0000 0x7fffffe8 - 8 0x7fffffe4 0000 0000 Stack %rsp after 0000 0000 7fff fff0 0000 0000 0x7fffffe0 pushq %rax rax 1111 2222 3333 4444 rdx 0000 0000 0000 0000 0x0

  12. 6.12 Pop Operation and Instruction • Pop operation removes data from system stack • Format: pop[w,q,l] %reg – Reads memory at address given by %rsp and places Memory / RAM value into %reg 0xfffffffc ... – Increments %rsp by 2, 4, or 8 (depending on [w,q,l] – Example: popq %rdx Bottom of Stack 0x7ffffff8 – Equivalent: 1111 2222 0x7ffffff4 • movq (%rsp), %rdx 3333 4444 0x7ffffff0 • addq $8, %rsp Processor 0000 0000 0x7fffffec rsp 0000 0000 7fff fff0 %rsp before 0000 0000 0x7fffffe8 + 8 Stack 0x7fffffe4 0000 0000 %rsp after 0000 0000 7fff fff8 popq %rdx 0000 0000 0x7fffffe0 rax 1111 2222 3333 4444 Note: pop does not erase the data on the stack, it simply moves the %rsp. The rdx 1111 2222 3333 4444 next push will overwrite the old value. 0x0

  13. 6.13 Jumping to a Procedure CS:APP 3.7.2 • Format: – call label – call *operand [e.g. call (%rax)] • Operations: – Pushes the address of next instruction (i.e. return address (RA) ) onto the stack • Implicitly performs subq $8, (%rsp) and movq %rip, (%rsp) – Updates the PC to go to the start of the desired procedure [i.e. PC = addr] • addr is the address you want to branch to ( Usually specified as a label )

  14. 6.14 Returning From a Procedure • Format: – ret • Operations: – Pops the return address from the stack into %rip [i.e. PC = return-address] – Implicitly performs movq (%rsp), %rip and addq $8, %rsp

  15. 6.15 Procedure Call Sequence 1a • Initial conditions – About to execute the 'call' instruction – Current top of stack is at 0x7ffffff8 Memory / RAM 0000 0000 0x7ffffff8 0000 0000 0x7ffffff4 0x7ffffff0 0000 0000 0000 0000 0x7fffffec Processor ... 0000 0000 0x7fffffe8 call AVG rip 0000 0000 0004 001b movl %eax,(%rbp) 0x7fffffe4 0000 0000 Stack ... rsp 0000 0000 7fff fff8 0000 0000 0x7fffffe0 AVG: ... rax 0000 0000 0000 0000 movl %edi,%eax call AVG 0x4001b ... movl 0x40020 rdi 0000 0000 0000 0008 ret AVG: rsi 0000 0000 0000 0004 movl %edi,%eax 0x40180 ... ret 0x40188

  16. 6.16 Procedure Call Sequence 1b • call Operation (i.e. push return address) & jump – Decrement stack pointer ($rsp) and push RA (0x40020) onto stack (as 64-bit address) Memory / RAM – Update PC to start of procedure (0x40180) 0000 0000 0x7ffffff8 0000 0000 0x7ffffff4 2 0x7ffffff0 0004 0020 0000 0000 0000 0x7fffffec Processor ... 3 0000 0000 0x7fffffe8 call AVG rip 0000 0000 0004 0180 movl %eax,(%rbp) 0x7fffffe4 0000 0000 Stack 1 ... rsp 0000 0000 7fff fff8 0000 0000 0x7fffffe0 AVG: - 8 ... movl %edi,%eax 0000 0000 7fff fff0 call AVG 0x4001b ... movl 0x40020 rax 0000 0000 0000 0000 ret AVG: rdi 0000 0000 0000 0008 movl %edi,%eax 0x40180 ... ret 0x40188 rsi 0000 0000 0000 0004

  17. 6.17 Procedure Call Sequence 1c • Execute the code for the procedure • Return value should be in %rax/%eax Memory / RAM 0000 0000 0x7ffffff8 0000 0000 0x7ffffff4 0x7ffffff0 0004 0020 0000 0000 0000 0x7fffffec Processor ... 0000 0000 0x7fffffe8 call AVG rip 0000 0000 0004 0180 movl %eax,(%rbp) 0x7fffffe4 0000 0000 Stack ... rsp 0000 0000 7fff fff0 0000 0000 0x7fffffe0 AVG: ... rax 0000 0000 0000 0006 movl %edi,%eax call AVG 0x4001b ... movl 0x40020 rdi 0000 0000 0000 0008 ret AVG: rsi 0000 0000 0000 0004 movl %edi,%eax 0x40180 ... ret 0x40188

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS356 Unit 11 Linking 11.2 In complex C projects... We would like to: Split source into

CS356 Unit 11 Linking 11.2 In complex C projects... We would like to: Split source into

11.1 CS356 Unit 11 Linking 11.2 In complex C projects... We would like to: Split source into multiple .h / .c Should .c include .h? Before or after system libraries? Compile these .h / .c units separately as .o files But only

1k views • 51 slides
CS356 Unit 4 Intro to x86 Instruction Set 4.2 Why Learn Assembly To understand something of

CS356 Unit 4 Intro to x86 Instruction Set 4.2 Why Learn Assembly To understand something of

4.1 CS356 Unit 4 Intro to x86 Instruction Set 4.2 Why Learn Assembly To understand something of the limitation of the HW we are running on Helpful to understand performance To utilize certain HW options that high-level languages

954 views • 81 slides
CS356 Unit 4 x86 Instruction Set 4.2 Why Learn Assembly Understand hardware limitations

CS356 Unit 4 x86 Instruction Set 4.2 Why Learn Assembly Understand hardware limitations

4.1 CS356 Unit 4 x86 Instruction Set 4.2 Why Learn Assembly Understand hardware limitations Understand performance Use HW options that high-level languages don't allow (e.g., operating systems, utilizing special HW features, etc.)

1.11k views • 94 slides
CS356 Unit 7 Data Layout & Intermediate Stack Frames 7.2 Structs CS:APP 3.9.1 Structs

CS356 Unit 7 Data Layout & Intermediate Stack Frames 7.2 Structs CS:APP 3.9.1 Structs

7.1 CS356 Unit 7 Data Layout & Intermediate Stack Frames 7.2 Structs CS:APP 3.9.1 Structs are just collections of heterogeneous data Each member is laid out in consecutive memory locations, with some padding inserted to ensure

604 views • 33 slides
CS356 Unit 9 Virtual Memory & Address Translation 9.2 Indirection Indirection means

CS356 Unit 9 Virtual Memory & Address Translation 9.2 Indirection Indirection means

9.1 CS356 Unit 9 Virtual Memory & Address Translation 9.2 Indirection Indirection means using one entity to refer to another Examples: A variable name vs. it's physical memory address Phone number vs. cell tower

844 views • 53 slides
CS356 Unit 15 Review 15.2 Final Jeopardy Binary Instruction Random Riddles Memory Processor

CS356 Unit 15 Review 15.2 Final Jeopardy Binary Instruction Random Riddles Memory Processor

15.1 CS356 Unit 15 Review 15.2 Final Jeopardy Binary Instruction Random Riddles Memory Processor Programming Brainteasers Inquiry Madness Predicaments Pickles 100 100 100 100 100 100 200 200 200 200 200 200 300 300 300

468 views • 36 slides
CS356 Unit 10 Memory Allocation & Heap Management 10.2 BASIC OS CONCEPTS & TERMINOLOGY

CS356 Unit 10 Memory Allocation & Heap Management 10.2 BASIC OS CONCEPTS & TERMINOLOGY

10.1 CS356 Unit 10 Memory Allocation & Heap Management 10.2 BASIC OS CONCEPTS & TERMINOLOGY 10.3 User vs. Kernel Mode Kernel mode is a special processor mode for executing trusted (OS) code Certain features/privileges (such

936 views • 38 slides
CS356 Unit 10 Memory Allocation & Heap Management BASIC OS CONCEPTS & TERMINOLOGY 10.3

CS356 Unit 10 Memory Allocation & Heap Management BASIC OS CONCEPTS & TERMINOLOGY 10.3

10.1 10.2 CS356 Unit 10 Memory Allocation & Heap Management BASIC OS CONCEPTS & TERMINOLOGY 10.3 10.4 User vs. Kernel Mode Processes Program/Process Kernel mode is a special mode of the processor for executing __________

147 views • 10 slides
Introduction to CS356 CS356 Object-Oriented Design and Programming http://cs356.yusun.io

Introduction to CS356 CS356 Object-Oriented Design and Programming http://cs356.yusun.io

Introduction to CS356 CS356 Object-Oriented Design and Programming http://cs356.yusun.io September 26, 2014 Yu Sun, Ph.D. http://yusun.io yusun@csupomona.edu About Myself PhD in Software Engineering Ph.D. Research in Software Engineering

588 views • 30 slides
CS356 Unit 12 Processor Hardware Organization Pipelining 12.2 From combinational to sequential

CS356 Unit 12 Processor Hardware Organization Pipelining 12.2 From combinational to sequential

12.1 CS356 Unit 12 Processor Hardware Organization Pipelining 12.2 From combinational to sequential logic BASIC HW 12.3 Logic Circuits Combinational Combinational Logic Logic Outputs Inputs Performs a specific function (Usually

709 views • 57 slides
CS356 Unit 5 x86 Control Flow 5.2 JUMP/BRANCHING OVERVIEW 5.3 Concept of Jumps/Branches

CS356 Unit 5 x86 Control Flow 5.2 JUMP/BRANCHING OVERVIEW 5.3 Concept of Jumps/Branches

5.1 CS356 Unit 5 x86 Control Flow 5.2 JUMP/BRANCHING OVERVIEW 5.3 Concept of Jumps/Branches Assembly is executed in sequential movq addq order by default ---- Jump instruction (aka "branches") ---- ---- cause execution

649 views • 32 slides
Goals Understand the terms and ideas used in a modern, high-performance processor CS356 Unit

Goals Understand the terms and ideas used in a modern, high-performance processor CS356 Unit

12b.1 12b.2 Goals Understand the terms and ideas used in a modern, high-performance processor CS356 Unit 12b Various systems have different kinds of processors and you should understand the pros and cons of each kind of processor

588 views • 16 slides
SOLID: Principles of OOD CS356 Object-Oriented Design and Programming http://cs356.yusun.io

SOLID: Principles of OOD CS356 Object-Oriented Design and Programming http://cs356.yusun.io

SOLID: Principles of OOD CS356 Object-Oriented Design and Programming http://cs356.yusun.io October 17, 2014 Yu Sun, Ph.D. http://yusun.io yusun@csupomona.edu Part of the presentation comes from Martin, Robert Cecil. Agile software

805 views • 65 slides
CS356 Unit 12a Processor Hardware Organization BASIC HW Pipelining 12a.3 12a.4 Logic Circuits

CS356 Unit 12a Processor Hardware Organization BASIC HW Pipelining 12a.3 12a.4 Logic Circuits

12a.1 12a.2 CS356 Unit 12a Processor Hardware Organization BASIC HW Pipelining 12a.3 12a.4 Logic Circuits Combinational Logic Gates Combinational ________________ logic Main Idea: Circuits called "gates" perform Logic

465 views • 15 slides
CS356 Unit 6 x86 Procedures Basic Stack Frames 6.2 Review of Program Counter (IP register)

CS356 Unit 6 x86 Procedures Basic Stack Frames 6.2 Review of Program Counter (IP register)

6.1 CS356 Unit 6 x86 Procedures Basic Stack Frames 6.2 Review of Program Counter (IP register) PC/IP is used to fetch an instruction PC/IP contains the address of the next instruction The value in the PC/IP is placed on the address

580 views • 34 slides
CS356 : Discussion #4 Assembly Instructions & Debugging with GDB Last week: Operand Forms

CS356 : Discussion #4 Assembly Instructions & Debugging with GDB Last week: Operand Forms

CS356 : Discussion #4 Assembly Instructions & Debugging with GDB Last week: Operand Forms Different ways to specify source values and output location. Immediate: $ imm to use a constant input value, e.g., $0xFF . Register: % reg to use the

302 views • 29 slides
Livepatching FreeBSD kernel Maciej Grochowski Maciej.Grochowski[at]protonmail.com EuroBSDcon

Livepatching FreeBSD kernel Maciej Grochowski Maciej.Grochowski[at]protonmail.com EuroBSDcon

Livepatching FreeBSD kernel Maciej Grochowski Maciej.Grochowski[at]protonmail.com EuroBSDcon 2018 University Politehnica of Bucharest Bucuresti, Romania September 22 23, 2018 Outline Problem statement Some background Why we

710 views • 19 slides
Lifting program binaries with McSema Peter Goodman, Akshay Kumar Introductions Peter Goodman

Lifting program binaries with McSema Peter Goodman, Akshay Kumar Introductions Peter Goodman

Lifting program binaries with McSema Peter Goodman, Akshay Kumar Introductions Peter Goodman Akshay Kumar Senior Security Engineer Senior Security Engineer peter@trailofbits.com akshay.kumar@trailofbits.com 2 2 Overview of this workshop

1.03k views • 89 slides
1 2/26/2020 void multstore Today Code Examples (long x, long y, long *dest) { long t =

1 2/26/2020 void multstore Today Code Examples (long x, long y, long *dest) { long t =

2/26/2020 Mechanisms in Procedures P( ) { Passing control To beginning of procedure code Machine-Level Programming III: y = Q(x); Back to return point print(y) Procedures Passing data } Procedure

496 views • 11 slides
Using Hardware Performance Events for Instruction-Level Monitoring on the x86 Architecture

Using Hardware Performance Events for Instruction-Level Monitoring on the x86 Architecture

Using Hardware Performance Events for Instruction-Level Monitoring on the x86 Architecture Sebastian Vogl and Claudia Eckert {vogls,eckertc}@in.tum.de Chair for IT Security Technische Universitt Mnchen Munich, Germany 10.04.2012 S. Vogl

759 views • 71 slides
Lets Stay Together: Towards Traffic Aware Virtual Machine Placement in Data Centers Manar

Lets Stay Together: Towards Traffic Aware Virtual Machine Placement in Data Centers Manar

Lets Stay Together: Towards Traffic Aware Virtual Machine Placement in Data Centers Manar Alqarni Proff. Tang 1 Topics covered INTRODUCTION HOMOGENEOUS CASE -Algorithm 1 Recursive-based Placement RBP (m, c, n, r) -Algorithm 2

614 views • 24 slides
Obfuscation vs. Deobfuscation ISSISP 2018 Christian Collberg University of Arizona 1.

Obfuscation vs. Deobfuscation ISSISP 2018 Christian Collberg University of Arizona 1.

Obfuscation vs. Deobfuscation ISSISP 2018 Christian Collberg University of Arizona 1. Obfuscating Arithmetic 2. Opaque Expressions 3. Control Flow Flattening 4. Constructing Opaque Expressions 5. Generic Deobfuscation 6. Turning up

1.39k views • 95 slides
Recursive Binary Partitioning Old Dogs with New Tricks KDD Conference 2009 David J. Slate and

Recursive Binary Partitioning Old Dogs with New Tricks KDD Conference 2009 David J. Slate and

Recursive Binary Partitioning Old Dogs with New Tricks KDD Conference 2009 David J. Slate and Peter W. Frey Background D. J. Slate and L. R. Atkin, Chess 4.5 the Northwestern University chess program. In P. W. Frey (Ed.), Chess

607 views • 13 slides
Compiler Construction Lecture 16: Introduction to optimizations 2020-03-03 Michael Engel

Compiler Construction Lecture 16: Introduction to optimizations 2020-03-03 Michael Engel

Compiler Construction Lecture 16: Introduction to optimizations 2020-03-03 Michael Engel Overview Optimizations Definition, objectives, location in the compiler tool flow Obtaining and applying evaluation criteria Common vs.

537 views • 18 slides

More recommend