PDF Editor
PDF Converter
Image Converter
Video Converter
Audio Converter
File Compressor
lecture 04 control flow ii

Lecture 04 Control Flow II Stephen Checkoway CS 343 Fall 2020 - PowerPoint PPT Presentation

Nov 13, 2022 •120 likes •368 views

Lecture 04 Control Flow II Stephen Checkoway CS 343 Fall 2020 Based on Michael Baileys ECE 422 32-bit x86 architecture overview 8 general purpose registers eax, ebx, ecx, edx, esi, edi, ebp, esp esp is the stack pointer

  1. Lecture 04 – Control Flow II Stephen Checkoway CS 343 – Fall 2020 Based on Michael Bailey’s ECE 422

  2. 32-bit x86 architecture overview • 8 general purpose registers eax, ebx, ecx, edx, esi, edi, ebp, esp • esp is the stack pointer • ebp is the frame pointer (optional) • Others are used for integer and pointer operations • 16- and 8-bit parts of the registers can be named (ax is least significant 16 bits of eax, al is least sig. 8 bits of eax, etc.) • Instruction pointer eip holds the address of the next instruction to execute • eflags register has bits like the zero flag or the carry flag that are set by arithmetic and logical operations, used for conditional control flow

  3. Some x86 instructions (AT&T notation) • mov src, dest ; Copies src to dest • Arithmetic and bit operations • add src, dest ; computes dest + src, stores in dest • sub src, dest ; computes dest – src, stores in dest • or, and, xor all work the same way; mul/div use specific registers • Stack operations • push src ; decrements esp by 4, writes src to stack • pop dest ; reads top of stack into dest, increments esp by 4

  4. Some x86 instructions (AT&T notation) • Function calls • call foo ; calls the function foo, pushes the address of the next instruction onto the stack • leave ; equivalent to movl $ebp, $esp followed by popl $ebp • ret ; pops the top of the stack into eip (returns from a function) • Control flow • cmp src2, src1 ; computes src1 – src2 and sets eflags register • test src2, src1 ; computes src1 & src2 (bitwise-and) and sets eflags • jz label ; jump to label if the zero flag is set • jnz label ; jump to label if the zero flag is not set • jc label ; jump to label if the carry flag is set • jnc label ; jump tot label if the carry flag is not set • jmp label ; unconditionally jump to label

  5. Instruction suffixes • l — (long) 32 bits • w — (word) 16 bits • b — (byte) 8 bits • Examples • movw %ax, %dx ; Copies least sig. 16 bits of eax to least sig. 16 bits of edx • pushl %edi • subl $16, %esp ; Decrements esp by 16 • cmpl %edx, %eax ; computes eax – edx and sets eflags based on the result

  6. x86 operands • Constants are prefixed with $ • Registers are prefixed with % • movb $8, %bl • Read/writing to memory has several forms • (%eax) ; Refers to the 1, 2, or 4 bytes at address stored in eax • -8(%esp) ; Address is %esp – 8 • 4(%esi, %eax) ; Address is esi + eax + 4 • 16(%eax, %edx, 4) ; Address is eax + 4*edx + 16

  7. Using memory operands • Load 4 bytes from ebp + 4 into eax • movl 4(%ebp), %eax • Store 1 byte from dl (least sig. 8-bits of edx) to address edi • movb %dl, (%edi) • Add 4 bytes from address edx to eax and store in eax • addl (%edx), %eax • Xor the constant 0x5555AAAA with 4 bytes at address 8+ebp • xorl $0x5555AAAA, 8(%ebp)

  8. What values do eax and edx hold after this? movl $30, %eax movl $10, %edx subl %eax, %edx addl %eax, %eax A. eax = 40, edx = 10 B. eax = 60, edx = 40 C. eax = 60, edx = -20 D. eax = -40, edx = 10

  9. Function calls on 32-bit x86 • Stack grows down (from high to low addresses) • Stack consists of 4-byte slots • esp points to the bottom most “in-use” slot • ebp “frame pointer” points to the previous ebp on the stack (if used) • call pushes the return address onto the stack • Function call arguments can be accessed at a positive offset from ebp 8(%ebp), 12(%ebp), 16(%ebp), etc. • Local variables can be accessed at a negative offset from ebp -4(%ebp), -8(%ebp), -12(%ebp), etc.

  10. Warning! • For most of these slides, the stack is drawn with low addresses on the bottom and high addresses on the top. The stack grows down both numerically and pictorially.

  11. ← ebp … Function call example p a 1 int foo(int a, char *p) { esp → return address 2 int b = atoi(p); 3 return a + b; 4 } 1 foo : eip → 2 pushl % ebp 3 movl % esp , % ebp 4 subl $40, % esp 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax 12 leave 13 ret

  12. ← ebp … Function call example p a 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp esp → 4 } 1 foo : 2 pushl % ebp eip → 3 movl % esp , % ebp 4 subl $40, % esp 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax 12 leave 13 ret

  13. … Function call example p a 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp ← ebp esp → 4 } 1 foo : 2 pushl % ebp 3 movl % esp , % ebp eip → 4 subl $40, % esp 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax 12 leave 13 ret

  14. … Function call example p a 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp ← ebp 4 } 1 foo : 2 pushl % ebp 3 movl % esp , % ebp 4 subl $40, % esp eip → 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax esp → 12 leave 13 ret

  15. … Function call example p a 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp ← ebp 4 } 1 foo : 2 pushl % ebp 3 movl % esp , % ebp eax = p 4 subl $40, % esp 5 movl 12(% ebp ), % eax eip → 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax esp → 12 leave 13 ret

  16. … Function call example p a 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp ← ebp 4 } 1 foo : 2 pushl % ebp 3 movl % esp , % ebp eax = p 4 subl $40, % esp 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) eip → 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax esp → p 12 leave 13 ret

  17. … Function call example p a 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp ← ebp 4 } 1 foo : 2 pushl % ebp 3 movl % esp , % ebp eax = result 4 subl $40, % esp 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) 7 call atoi eip → 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax esp → p 12 leave 13 ret

  18. … Function call example p a 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp ← ebp 4 } 1 foo : b = result 2 pushl % ebp 3 movl % esp , % ebp eax = result 4 subl $40, % esp 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) eip → 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax esp → p 12 leave 13 ret

  19. … Function call example p a 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp ← ebp 4 } 1 foo : b = result 2 pushl % ebp 3 movl % esp , % ebp eax = b 4 subl $40, % esp 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax eip → 10 movl 8(% ebp ), % edx 11 addl % edx , % eax esp → p 12 leave 13 ret

  20. … Function call example p a 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp ← ebp 4 } 1 foo : b = result 2 pushl % ebp 3 movl % esp , % ebp eax = b 4 subl $40, % esp edx = a 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx eip → 11 addl % edx , % eax esp → p 12 leave 13 ret

  21. … Function call example p a 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp ← ebp 4 } 1 foo : b = result 2 pushl % ebp 3 movl % esp , % ebp eax = b + a 4 subl $40, % esp edx = a 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax esp → p eip → 12 leave 13 ret

  22. ← ebp … Function call example p a 1 int foo(int a, char *p) { esp → return address 2 int b = atoi(p); 3 return a + b; saved ebp 4 } 1 foo : b = result 2 pushl % ebp 3 movl % esp , % ebp eax = b + a 4 subl $40, % esp edx = a 5 movl 12(% ebp ), % eax 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax p 12 leave eip → 13 ret

  23. ← ebp … Function call example p a esp → 1 int foo(int a, char *p) { return address 2 int b = atoi(p); 3 return a + b; saved ebp 4 } 1 foo : b = result 2 pushl % ebp 3 movl % esp , % ebp eax = b + a 4 subl $40, % esp edx = a 5 movl 12(% ebp ), % eax eip = ret addr 6 movl % eax , (% esp ) 7 call atoi 8 movl % eax , -12(% ebp ) 9 movl -12(% ebp ), % eax 10 movl 8(% ebp ), % edx 11 addl % edx , % eax p 12 leave 13 ret

Recommend

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Control Flow CPU Sean Barker 1 Physical Control Flow Physical control flow <startup>

Control Flow CPU Sean Barker 1 Physical Control Flow Physical control flow <startup>

Control Flow CPU Sean Barker 1 Physical Control Flow Physical control flow <startup> inst 1 inst 2 Time inst 3 inst n <shutdown> Sean Barker 2 Operating System User-level Applications Operating System Hardware

453 views • 16 slides
Programming in C 1 Flow of Control Flow of control The order in which statements are

Programming in C 1 Flow of Control Flow of control The order in which statements are

Programming in C 1 Flow of Control Flow of control The order in which statements are executed Transfer of control When the next statement executed is not the next one in sequence 2 Flow of Control Control structures

541 views • 34 slides
V3 1/3/2015 Programming in C 1 Flow of Control Flow of control The order in which

V3 1/3/2015 Programming in C 1 Flow of Control Flow of control The order in which

V3 1/3/2015 Programming in C 1 Flow of Control Flow of control The order in which statements are executed Transfer of control When the next statement executed is not the next one in sequence 2 Flow of Control Control

310 views • 12 slides
Python language: Control Flow The FOSSEE Group Department of Aerospace Engineering IIT Bombay

Python language: Control Flow The FOSSEE Group Department of Aerospace Engineering IIT Bombay

Python language: Control Flow The FOSSEE Group Department of Aerospace Engineering IIT Bombay Mumbai, India FOSSEE Team (FOSSEE IITB) Control flow 1 / 32 Outline Control flow 1 Basic Conditional flow Control flow 2 Basic Looping

562 views • 37 slides
Flow Visualization Overview: Flow Visualization (1) Introduction, overview Flow data Simulation

Flow Visualization Overview: Flow Visualization (1) Introduction, overview Flow data Simulation

Flow Visualization Overview: Flow Visualization (1) Introduction, overview Flow data Simulation vs. measurement vs. modelling 2D vs. surfaces vs. 3D Steady vs time-dependent flow Direct vs. indirect flow visualization Experimental flow

1.18k views • 92 slides
Control Structures Lecture 4 COP 3014 Fall 2020 September 10, 2020 Control Flow Control flow

Control Structures Lecture 4 COP 3014 Fall 2020 September 10, 2020 Control Flow Control flow

Control Structures Lecture 4 COP 3014 Fall 2020 September 10, 2020 Control Flow Control flow refers to the specification of the order in which the individual statements, instructions or function calls of an imperative program are executed or

334 views • 19 slides
Control Flow Integrity Lujo Bauer 18-732 Spring 2015 Control Hijacking Arms Race Control

Control Flow Integrity Lujo Bauer 18-732 Spring 2015 Control Hijacking Arms Race Control

Control Flow Integrity Lujo Bauer 18-732 Spring 2015 Control Hijacking Arms Race Control Control Flow Flow Integrity Integrity Attacks Attacks 2 http://propercourse.blogspot.com/2010/05/i-believe-in-duct-tape.html CFI: Goal Provably

746 views • 41 slides
Lecture 6: Flow Control Lecture 6: Flow Control 1 / 28 Relational Expressions Conditions in if

Lecture 6: Flow Control Lecture 6: Flow Control 1 / 28 Relational Expressions Conditions in if

Lecture 6: Flow Control Lecture 6: Flow Control 1 / 28 Relational Expressions Conditions in if statements use expressions that are conceptually either true or false . These expressions are called relational expressions or Boolean expressions

571 views • 28 slides
Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful Reading: Sections 1.1-1.5, 2.1 Data-flow analysis (DFA) A framework for statically proving facts about program data. Focuses on simple, finite

1.04k views • 54 slides
Control flow Conditionals and Control Flow l A conditional branch

Control flow Conditionals and Control Flow l A conditional branch

10/2/15 Control flow Conditionals and Control Flow l A conditional branch is sufficient to implement most control Condition codes flow constructs offered in higher

356 views • 12 slides
Exceptional Control Flow: Hardware support for reacting to the rest of the world. Control Flow

Exceptional Control Flow: Hardware support for reacting to the rest of the world. Control Flow

Exceptional Control Flow: Hardware support for reacting to the rest of the world. Control Flow Processor: read instruction, execute it, go to next instruction, repeat Physical control flow Explicit changes: Jumps (conditional, unconditional)

428 views • 8 slides
Control Flow Integrity for COTS Binaries Mingwei Zhang and R. Sekar Stony Brook University --

Control Flow Integrity for COTS Binaries Mingwei Zhang and R. Sekar Stony Brook University --

Control Flow Integrity for COTS Binaries Mingwei Zhang and R. Sekar Stony Brook University -- Summarized by Navid Emamdoost University of Minnesota Outline Background Control Flow attacks Control Flow Integrity Control Flow

796 views • 33 slides
Flow Control and ARQ Flow Control ARQ Example Protocols ITS323: Introduction to Data

Flow Control and ARQ Flow Control ARQ Example Protocols ITS323: Introduction to Data

ITS323/CSS331 Flow Control & ARQ Protocols Flow Control and ARQ Flow Control ARQ Example Protocols ITS323: Introduction to Data Communications CSS331: Fundamentals of Data Communications Sirindhorn International Institute of Technology

835 views • 34 slides
Processes, Exceptional Control Flow CSAPPe2, Chapter 8 Plan for Today Exceptional Control Flow

Processes, Exceptional Control Flow CSAPPe2, Chapter 8 Plan for Today Exceptional Control Flow

CIS330, Week 9 Processes, Exceptional Control Flow CSAPPe2, Chapter 8 Plan for Today Exceptional Control Flow Exceptions Process context switches Creating and destroying processes CIS330 Week 9 Control Flow Computers do Only One Thing

1.09k views • 85 slides
Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification and overview of main techniques TCP Tahoe, Reno, Vegas TCP Westwood Readings: (1) Keshavs book Chapter on Flow Control; (2)

376 views • 22 slides
The Hardware/So<ware Interface CSE351 Winter 2013 Procedures and

The Hardware/So<ware Interface CSE351 Winter 2013 Procedures and

University of Washington The Hardware/So<ware Interface CSE351 Winter 2013 Procedures and Stacks I University of Washington Roadmap Data & addressing

909 views • 61 slides
3. Tablo algoritms 16.12 Tablo (tableaux) metodi 1955.gad izgudroja Evert Willem Beth

3. Tablo algoritms 16.12 Tablo (tableaux) metodi 1955.gad izgudroja Evert Willem Beth

3. Tablo algoritms 16.12 Tablo (tableaux) metodi 1955.gad izgudroja Evert Willem Beth (1908-1964), plaka biogrfija un portrets. Sk. ar Method of analytic tableaux (Wikipedia). metode risina to pau uzdevumu, ko rezolciju metode

494 views • 27 slides
i 1 > H ; ~ I I 1

i 1 > H ; ~ I I 1

t t i 1 > H ; ~ I I 1 I

965 views • 16 slides
2006 Half Year Results September 2006 NOT FOR DISTRIBUTION IN THE UNITED STATES OR TO A U.S.

2006 Half Year Results September 2006 NOT FOR DISTRIBUTION IN THE UNITED STATES OR TO A U.S.

2006 Half Year Results September 2006 NOT FOR DISTRIBUTION IN THE UNITED STATES OR TO A U.S. PERSON OR IN CANADA OR JAPAN. Admiral Is STILL Different H1 2006 Highly Profitable a Fast Growing a Low Risk Profits a a Strongly

573 views • 38 slides
Stack buffer overflows Deian Stefan Some slides adopted from Kirill Levchenko and Stefan Savage

Stack buffer overflows Deian Stefan Some slides adopted from Kirill Levchenko and Stefan Savage

CSE 127: Computer Security Stack buffer overflows Deian Stefan Some slides adopted from Kirill Levchenko and Stefan Savage When is a program secure? Formal approach: When it does exactly what it should Not more Not less But how

1.5k views • 92 slides
CISC vs. RISC x86 is the epitome of a Complex Instruction x86 or Set Computer Hundreds of

CISC vs. RISC x86 is the epitome of a Complex Instruction x86 or Set Computer Hundreds of

CISC vs. RISC x86 is the epitome of a Complex Instruction x86 or Set Computer Hundreds of instructions Oh No! Not Another Assembler F2XM1 Compute 2 x 1 Jonathan Misurda Computes the exponential value of 2 to the power of

419 views • 3 slides
#include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include

#include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include

#include <ctype.h> // tolower #include <string.h> // strcmp sfp main() #include <stdio.h> // fgets, fputs void reveal_secret() login { fputs("SUPER SECRET = 42\n", stdout); } login int verify(const char*

642 views • 15 slides
Marrying U-Boot, UEFI and grub About Me Alexander Graf KVM and QEMU developer for SUSE

Marrying U-Boot, UEFI and grub About Me Alexander Graf KVM and QEMU developer for SUSE

Marrying U-Boot, UEFI and grub About Me Alexander Graf KVM and QEMU developer for SUSE Server class PowerPC KVM port Nested SVM Founding member of SUSE ARM team Booting on ARM Booting on ARM Boot ROM Booting on ARM Boot

2.09k views • 160 slides

More recommend

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2025 SAMBUZ, All right reserved.