Post on 14-Mar-2021
transcript
TheStackandMemoryinIA32
10/6/16
Tuesday,wecoveredtheseIA32convenienceinstructions…• pushl src
subl $4, %espmovl src, (%esp)
• popl dstmovl (%esp), dstaddl $4, %esp
• leave%esp = %ebppopl %ebp
Nextup:call andret
• Calljumpstothestartofthecallee’s instructions.• indicatedbyalabel
• Retjumpsbacktothenextinstructionofthecaller.
Whydon’twejustdothiswithjmp?
Functioncalls
ProgramCounter(PC)
funcA:addl $5, %ecxmovl %ecx, -4(%ebp)…call funcBaddl %eax, %ecx…
funcB:pushl %ebpmovl %esp, %ebp…movl $10, %eaxleaveret
Whatwe’dlikethistodo:
TextMemoryRegion
Functioncalls
ProgramCounter(PC)
funcA:addl $5, %ecxmovl %ecx, -4(%ebp)…call funcBaddl %eax, %ecx…
funcB:pushl %ebpmovl %esp, %ebp…movl $10, %eaxleaveret
Whatwe’dlikethistodo:
SetupfunctionB’sstack.
TextMemoryRegion
Functioncalls
ProgramCounter(PC)
funcA:addl $5, %ecxmovl %ecx, -4(%ebp)…call funcBaddl %eax, %ecx…
funcB:pushl %ebpmovl %esp, %ebp…movl $10, %eaxleaveret
Whatwe’dlikethistodo:
SetupfunctionB’sstack.
ExecutethebodyofB,produceresult(storedin%eax).
TextMemoryRegion
Functioncalls
ProgramCounter(PC)
funcA:addl $5, %ecxmovl %ecx, -4(%ebp)…call funcBaddl %eax, %ecx…
funcB:pushl %ebpmovl %esp, %ebp…movl $10, %eaxleaveret
Whatwe’dlikethistodo:
SetupfunctionB’sstack.
ExecutethebodyofB,produceresult(storedin%eax).
RestorefunctionA’sstack.
TextMemoryRegion
Functioncalls
ProgramCounter(PC)
funcA:addl $5, %ecxmovl %ecx, -4(%ebp)…call funcBaddl %eax, %ecx…
funcB:pushl %ebpmovl %esp, %ebp…movl $10, %eaxleaveret
Whatwe’dlikethistodo:
Return:GobacktowhatweweredoingbeforefuncB started.
Unlikejumping,weintendtogoback!
TextMemoryRegion
Weneedtoget%eip back.
• call shouldsave%eip thenjumptocallee.
• ret shouldrestore%eip tojumpbacktothecaller.
Wecouldaccomplishthiswithoutcall andret.They’rejustconvenienceinstructions(likepush,pop,andleave).
Writewritecall andret usingotherIA32instructions.
• call f:save%eip thenjumptothestartoff.push %eipjmp f
• ret:restore%eip tojumpbacktothecaller.popl %eip
IA32Stack/FunctionCallInstructions
pushl Createspaceonthestackandplacethesourcethere.
subl $4, %espmovl src, (%esp)
popl Removethetopitemoffthestackandstoreitatthedestination.
movl (%esp), dstaddl $4, %esp
call 1.Pushreturnaddressonstack2.Jumptostartoffunction
push %eipjmp target
leave Preparethestackforreturn(restoringcaller’sstackframe)
movl %ebp, %esppopl %ebp
retReturntothecaller,PCß savedPC(popreturnaddressoffthestackintoPC(eip))
popl %eip
Onthestackbetweenthecaller’sandthecallee’s stackframes…
• Caller’sbasepointer(toresetthestack).
• Caller’sinstructionpointer(tocontinueexecution).
• Functionparameters.
Whatordershouldwestoreallofthesethingsonthestack?Why?
callee parameters
returnaddresscaller’sbasepointer
callee parameters
caller’sbasepointer
returnaddress
returnaddresscaller’sbasepointer
callee parameters
callee parameters
caller’sbasepointerreturnaddress
A B
C D
E:someotherorder.
Puttingitalltogether…
…Olderstackframes.
…
Caller’slocalvariables.
FinalArgumenttoCallee…
FirstArgumenttoCalleeReturnAddress
Callee’s localvariables.
Caller’sFramePointer
Caller’sframe.
Callee’sframe.
Sharedbycallerandcallee.
TranslatethistoIA32.Whatshouldbeonthestack?
int add_them(int a, int b, int c) {
return a+b+c;
}
int main() {
add_them(1, 2, 3);}
Assumethestackinitiallylookslike:
main
0xFFFFFFFF
%esp
%ebp
StackFrameContents
• Localvariables• Previousstackframebaseaddress• Functionarguments• Returnvalue• Returnaddress
• Savedregisters• Spilledtemporaries main
0xFFFFFFFF
function1
function2
SavingRegisters
• Registersareascarceresource,butthey’refasttoaccess.Memoryisplentiful,butslowertoaccess.
• Shouldthecallersaveitsregisterstofreethemupforthecallee touse?• Shouldthecallee savetheregistersincasethecallerwasusingthem?• Whoneedsmoreregistersfortemporarycalculations,thecallerorcallee?
• Clearlytheanswersdependonwhatthefunctionsdo…
Splittingthedifference…
• Wecan’tknowtheanswerstothosequestionsinadvance…
• Wehavesixgeneral-purposeregisters,let’sdividethemintotwogroups:• Caller-saved:%eax,%ecx,%edx• Callee-saved:%ebx,%esi,%edi
RegisterConvention
• Caller-saved:%eax,%ecx,%edx• Ifthecallerwantstopreservetheseregisters,itmustsavethempriortocallingcallee.• Thecallee isfreetotrashthese;thecallerwillrestoreifneeded.
• Callee-saved:%ebx,%esi,%edi• Ifthecallee wantstousetheseregisters,itmustsavethemfirst,andrestorethembeforereturning.• Thecallercanassumethesewillbepreserved.
Thisiswhylab4hadthecommentaboutusingonly%eax,%ecx,and%edx.
RunningOutofRegisters
• Somecomputationsrequiremorethansixregisterstostoretemporaryvalues.
• Registerspilling:Thecompilerwillmovesometemporaryvaluestomemory,ifnecessary.• Valuespushedontostack,poppedofflater• Noexplicitvariabledeclaredbyuser
IA32addressingmodes
• Directaddressing(whatwe’veseensofar)-4(%ebp)
• Indexedaddressing(%ecx, %edx, 4)
offset baseaddress
baseaddress
index scale
IndexedAddressingMode
• Generalform:offset(%base, %index, scale)
• Translation:Accessthememoryataddress…base + (index * scale) + offset
Discussion:whenwouldthismodebeuseful?
Supposei isat%ebp-8,andequals2.
Usersays:float_arr[i] = 9;
Translatesto:movl -8(%ebp), %edx
Heap
0x0824: iptr[0]
0x0828:iptr[1]
0x082C:iptr[2]
0x0830:iptr[3]
Example%ecx 0x0824
%edx 2Registers:
ECX:Arraybaseaddress
Supposei isat%ebp-8,andequals2.
Usersays:float_arr[i] = 9;
Translatesto:movl -8(%ebp), %edx
Heap
0x0824: iptr[0]
0x0828:iptr[1]
0x082C:iptr[2]
0x0830:iptr[3]
Example%ecx 0x0824
%edx 2Registers:
ECX:Arraybaseaddress
Supposei isat%ebp-8,andequals2.
Usersays:float_arr[i] = 9;
Translatesto:movl -8(%ebp), %edx
movl $9, (%ecx, %edx, 4)
Heap
0x0824: iptr[0]
0x0828:iptr[1]
0x082C:iptr[2]
0x0830:iptr[3]
Example%ecx 0x0824
%edx 2Registers:
ECX:Arraybaseaddress
Supposei isat%ebp-8,andequals2.
Usersays:float_arr[i] = 9;
Translatesto:movl -8(%ebp), %edx
movl $9, (%ecx, %edx, 4)
0x0824 + (2 * 4) + 0
0x0824 + 8 = 0x082C
Heap
0x0824: iptr[0]
0x0828:iptr[1]
0x082C:iptr[2]
0x0830:iptr[3]
Example%ecx 0x0824
%edx 2Registers:
ECX:Arraybaseaddress
Whatisthefinalstateafterthiscode?
addl $4, %eax
movl (%eax), %eax
sall $1, %eax
movl %edx, (%ecx, %eax, 2)
%eax 0x2464
%ecx 0x246C
%edx 7
(Initialstate)Registers:
Memory:Heap
0x2464: 5
0x2468: 1
0x246C:42
0x2470:3
0x2474:9
TranslatethisarrayaccesstoIA32
int *x;x = malloc(10*sizeof(int));
...
x[i] = -12;
Atthispoint,supposethatthevariablex isstoredat%ebp+8.Andi isin%edx.Useindexedaddressingtoassignintothearray.
Theleal instruction
• Usesthecircuitrythatcomputesaddresses.• Doesn’tactuallyaccessmemory.• Computean“address”andstoreitinaregister.• Canusethefullversionofindexedaddressing.
leal offset(%base, %index, scale), dest
leal 5(%eax, %esi, 2), %edx
#put %eax + 5 + (2*%esi) in %edx