CSC 2400: Computing Systems. X86 Assembly: Function Calls

Similar documents
CSC 2400: Computing Systems. X86 Assembly: Function Calls"

CSC 8400: Computer Systems. Using the Stack for Function Calls

CSC 2400: Computer Systems. Using the Stack for Function Calls

Assembly Language: Function Calls" Goals of this Lecture"

Assembly Language: Function Calls

Assembly Language: Function Calls. Goals of this Lecture. Function Call Problems

Assembly Language: Function Calls" Goals of this Lecture"

CSC 2400: Computer Systems. Using the Stack for Function Calls

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

Systems I. Machine-Level Programming V: Procedures

Assembly Language: Function Calls

CS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016

Princeton University Computer Science 217: Introduction to Programming Systems. Assembly Language: Function Calls

CIT Week13 Lecture

X86 Stack Calling Function POV

Question 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110

Stack -- Memory which holds register contents. Will keep the EIP of the next address after the call

Assembly III: Procedures. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

CMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

CS213. Machine-Level Programming III: Procedures

What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope. C Flow Control.

CS 33: Week 3 Discussion. x86 Assembly (v1.0) Section 1G

ASSEMBLY III: PROCEDURES. Jo, Heeseung

Assembly III: Procedures. Jo, Heeseung

Stacks and Frames Demystified. CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han

ANITA S SUPER AWESOME RECITATION SLIDES

Machine-level Programming (3)

CSE 351: Week 4. Tom Bergan, TA

x86 assembly CS449 Fall 2017

THEORY OF COMPILATION

Procedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29

The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

Intel assembly language using gcc

CMSC 313 Lecture 12 [draft] How C functions pass parameters

Instructor: Alvin R. Lebeck

IA32 Stack. Lecture 5 Machine-Level Programming III: Procedures. IA32 Stack Popping. IA32 Stack Pushing. Topics. Pushing. Popping

143A: Principles of Operating Systems. Lecture 4: Calling conventions. Anton Burtsev October, 2017

The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, 2002

Function Call Convention

CPEG421/621 Tutorial

Lab 10: Introduction to x86 Assembly

Giving credit where credit is due

238P: Operating Systems. Lecture 3: Calling conventions. Anton Burtsev October, 2018

143A: Principles of Operating Systems. Lecture 5: Calling conventions. Anton Burtsev January, 2017

W4118: PC Hardware and x86. Junfeng Yang

Stack Discipline Jan. 19, 2018

IA32 Stack The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, IA32 Stack Popping. IA32 Stack Pushing

Program Exploitation Intro

Machine Programming 3: Procedures

Sungkyunkwan University

Compilation /15a Lecture 7. Activation Records Noam Rinetzky

Calling Conventions. See P&H 2.8 and Hakim Weatherspoon CS 3410, Spring 2013 Computer Science Cornell University

Second Part of the Course

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction

Machine Program: Procedure. Zhaoguo Wang

CPS104 Recitation: Assembly Programming

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

University of Washington

Assignment 11: functions, calling conventions, and the stack

CPSC W Term 2 Problem Set #3 - Solution

Lecture 5. Announcements: Today: Finish up functions in MIPS

Course Administration

Implementing Threads. Operating Systems In Depth II 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

x86 Assembly Tutorial COS 318: Fall 2017

(2) Accidentally using the wrong instance of a variable (sometimes very hard one to find).

An Experience Like No Other. Stack Discipline Aug. 30, 2006

Machine-Level Programming III: Procedures

UW CSE 351, Winter 2013 Midterm Exam

Lectures 5. Announcements: Today: Oops in Strings/pointers (example from last time) Functions in MIPS

X86 Review Process Layout, ISA, etc. CS642: Computer Security. Drew Davidson

Subprograms: Arguments

CMPSC 497 Buffer Overflow Vulnerabilities

X86 Assembly -Procedure II:1

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING

Process Layout and Function Calls

EECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution

System Programming and Computer Architecture (Fall 2009)

Functions in MIPS. Functions in MIPS 1

Digital Forensics Lecture 3 - Reverse Engineering

Lecture 4 CIS 341: COMPILERS

CNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux

Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11

Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address = address of top element

CS241 Computer Organization Spring 2015 IA

IA32 Stack. Stack BoDom. Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address

Subprograms: Local Variables

Secure Programming Lecture 3: Memory Corruption I (Stack Overflows)

Practical Malware Analysis

CS356: Discussion #6 Assembly Procedures and Arrays. Marco Paolieri

Homework. In-line Assembly Code Machine Language Program Efficiency Tricks Reading PAL, pp 3-6, Practice Exam 1

Mechanisms in Procedures. CS429: Computer Organization and Architecture. x86-64 Stack. x86-64 Stack Pushing

Code Generation. Lecture 30

CSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs

Sistemi Operativi. Lez. 16 Elementi del linguaggio Assembler AT&T

Assembly Language Programming - III

Register Allocation, iii. Bringing in functions & using spilling & coalescing

Compiler Construction D7011E

See P&H 2.8 and 2.12, and A.5-6. Prof. Hakim Weatherspoon CS 3410, Spring 2015 Computer Science Cornell University

CSC 8400: Computer Systems. Machine-Level Representation of Programs

Transcription:

CSC 24: Computing Systems X86 Assembly: Function Calls 1 Lecture Goals Challenges of supporting functions Providing information for the called function Function arguments and local variables Allowing the calling function to continue where it left off Return address and contents of registers Stack: last-in-first-out data structure Stack frame: args, local vars, urn address, registers Stack pointer: pointing to the current top of the stack Calling functions call and instructions, to call and urn from functions push into and pop from the stack frame Using the base pointer EBP as a reference point 2

Challenges of Supporting Functions Code with a well-defined entry and exit points Call: How does the CPU go to that entry point? Return: How does the CPU go back to the right place, when right place depends on who called the function? With arguments and local variables How are the arguments passed from the caller? Where should the local variables be stored? Providing a urn value How is the urn value urned to the calling function? Without changing variables in other functions How are the values stored in registers protected? 3 Call and Return Abstractions Call a function Jump to the beginning g of an arbitrary procedure I.e., jump to the address of the function s first instruction Return from a function Jump to the instruction immediately following the mostrecently-executed Call instruction But, the same function may be called from many places! P: # Function P R: # Function R jmp R Rtn_point1: # Call R jmp Rtn_point1 # Return 4

Challenge: Where to Return? P: # Function P R: # Function R jmp R Rtn_point1: # Call R jmp??? # Return Q: # Function Q jmp R # Call R Rtn_point2: What should the urn instruction in R jump to??? 5 Challenge: Where to Return? Place Return Address on Stack The number of nested functions is not known in advance A urn address must be saved for as long as the function invocation continues Addresses used in reverse order E.g., function P calls Q, which then calls R Then R urns to Q which then urns to P Last-in-first-out data structure (stack) EIP for Q EIP for P Calling function pushes urn address on the stack and called function pops urn address off the stack EIP stands for Extended Instruction Pointer Holds the address of the next instruction to execute 6

Arguments to the Function Calling function needs to pass arguments Cannot simply put arguments in a specific register Because function calls may be nested So, put the arguments on the stack, too! Calling function pushes arguments on the stack Called function loads/storesthem on the stack int add3(int a, int b, int c) { int d; } d = a + b + c; urn d; int foo(void) { urn add3(3, 4, 5); } 7 Local Variables Local variables: called function has local variables Short-lived, so don t need a permanent location in memory Size known in advance, so no need to allocate on the heap So, the function just uses the top of the stack Store local variables on the top of the stack The local variables disappear after the function urns int add3(int a, int b, int c) { int d; } d = a + b + c; urn d; int foo(void) { urn add3(3, 4, 5); } 8

Registers Registers Small, fast memory (e.g., directly on the CPU chip) Used as temporary storage for computations Cannot have separate registers per function Could have arbitrary number of nested functions Want to allow each function to use all the registers Could write all registers out to memory E.g., save values corresponding to program variables Possible, but a bit of a pain E.g., find someplace to stash intermediate results Where would we put them? Instead, save the registers on the stack, too 9 Stack Frames Use stack for all temporary data related to each active function invocation Return address Input parameters Local variables of function Saving registers across invocations Stack Frame Stack has one Stack Frame per active function invocation 1

High-Level Picture main begins executing (Extended Stack Pointer) Always points to the top element of the stack Bottom main s Stack Frame 11 High-Level Picture main begins executing main calls P Bottom P s Stack Frame main s Stack Frame 12

High-Level Picture main begins executing main calls P P calls Q Bottom Q s Stack Frame P s Stack Frame main s Stack Frame 13 High-Level Picture main begins executing main calls P P calls Q Q urns Bottom P s Stack Frame main s Stack Frame 14

High-Level Picture main begins executing main calls P P calls Q Q urns P urns Bottom main s Stack Frame 15 High-Level Picture main begins executing main calls P P calls Q Q urns P urns main urns Bottom 16

Function Call Details Call and Return instructions call: push EIP on the stack, and jump to function : pop the stack into the EIP to go back Argument passing between procedures Calling function pushes arguments on to the stack Called function reads/writes on the stack Local variables Called function creates and manipulates on the stack Register saving conventions Either calling or called function saves all of the registers before use 17 Call and Return Instructions Instruction Effective Operations pushl src popl dest l $4, %esp l src, (%esp) l (%esp), dest addl $4, %esp call addr pushl %eip jmp addr pop %eip before Call Note: can t really access EIP directly, but this is implicitly what call and are doing. 18

Call and Return Instructions Instruction Operation pushl src l $4, %esp l src, (%esp) popl dest l (%esp), dest addl $4, %esp call addr pushl %eip jmp addr pop %eip after call Old EIP 19 Call and Return Instructions Instruction Operation pushl src l $4, %esp l src, (%esp) popl dest l (%esp), dest addl $4, %esp call addr pushl %eip jmp addr pop %eip before Old EIP Return instruction assumes that the urn address is at the top of the stack 2

Call and Return Instructions Instruction Operation pushl src popl dest l $4, %esp l src, (%esp) l (%esp), dest addl $4, %esp call addr pushl %eip jmp addr pop %eip after Return instruction assumes that the urn address is at the top of the stack 21 Input Parameters Caller pushes input parameters before executing the Call instruction ti Parameters are pushed in the reverse order Push N th argument first Push 1 st argument last So that t first argument is at the top of the stack at the time of the Call before pushing arguments 22

Input Parameters Caller pushes input parameters before executing the Call instruction ti Parameters are pushed in the reverse order Push N th argument first Push 1 st argument last So that t first argument is at top of the stack at the time of the Call before call Arg 1 Arg Arg N 23 Input Parameters Caller pushes input parameters before executing the Call instruction ti Parameters are pushed in the reverse order Push N th argument first Push 1 st argument last So that t first argument is at top of the stack at the time of the Call after call Called function can address arguments relative to ESP: Arg 1 as 4(%esp) Old EIP Arg 1 Arg Arg N 24

Input Parameters Caller pushes input parameters before executing the Call instruction ti Parameters are pushed in the reverse order Push N th argument first Push 1 st argument last So that t first argument is at top of the stack at the time of the Call before Old EIP Arg 1 Arg Arg N 25 Input Parameters Caller pushes input parameters before executing the Call instruction ti Parameters are pushed in the reverse order Push N th argument first Push 1 st argument last So that t first argument is at top of the stack at the time of the call after Arg 1 Arg Arg N After the function call is finished, the caller pops the pushed arguments from the stack 26

Input Parameters Caller pushes input parameters before executing the Call instruction ti Parameters are pushed in the reverse order Push N th argument first Push 1 st argument last So that t first argument is at top of the stack at the time of the Call After the function call is finished, the caller pops the pushed arguments from the stack after popping arguments 27 Base Pointer: EBP As Callee executes, ESP may change E.g., preparing to call another function Use EBP as fixed reference point E.g., to access arguments and other local variables Need to save old value of EBP Before overwriting EBP register Callee begins by executing prolog pushl %ebp l %esp, %ebp after Call %EBP Old EIP Arg 1 Arg Arg N 28

Base Pointer: EBP As Callee executes, ESP may change E.g., preparing to call another function Use EBP as fixed reference point E.g., to access arguments and other local variables Need to save old value of EBP Before overwriting EBP register Callee begins by executing epilog pushl %ebp l %esp, %ebp, %EBP Old EBP Old EIP Arg 1 Arg Arg N Regardless of ESP, Callee can address Arg 1 as 8(%ebp) 29 Base Pointer: EBP Before urning, Callee must restore EBP to its old value Executes l %ebp, %esp popl %ebp %EBP Old EBP Old EIP Arg 1 Arg Arg N 3

Base Pointer: EBP Before urning, Callee must restore EBP to its old value Executes l %ebp, %esp popl %ebp, %EBP Old EBP Old EIP Arg 1 Arg Arg N 31 Base Pointer: EBP Before urning, Callee must restore EBP to its old value Executes l %ebp, %esp popl %ebp Old EIP Arg 1 Arg Arg N %EBP 32

Base Pointer: EBP Before urning, Callee must restore EBP to its old value Executes l %ebp, %esp popl %ebp Arg 1 Arg Arg N %EBP 33 Allocation for Local Variables Local variables of the Callee are also allocated on the stack Allocation done by ing the stack pointer Example: allocate two integers l $4, %esp l $4, %esp (or equivalently, l $8, %esp) %EBP Var 2 Var 1 Old EBP Old EIP Arg 1 Arg Reference local variables g using the base pointer -4(%ebp) -8(%ebp) Arg N 34

Use of Registers Problem: Called function may use a register that the calling function is also using When called function urns control to calling function, old register contents may be lost Calling function cannot continue where it left off Solution: save the registers on the stack Someone must save old register contents Someone must later restore the register contents Need a convention for who saves and restores which registers 35 A Simple Example int sum(int x, int y) { urn x+y; } int main () { int result; } result = sum(1, 2); printf("%d\n", result); urn ; Compile: gcc -O o sum sum.c Debug: gdb./sum disas main 36

Example %esp,%ebp%ebp call <printf> $x,%eax %esp Recall that: The stack grows from high addresses towards low addresses %ebp 37 Example %esp,%ebp%ebp call <printf> $x,%eax %esp %ebp 38

Example %esp,%ebp%ebp call <printf> $x,%eax %esp %ebp Equivalent to: add $xfffffff8,%esp 39 Example %esp,%ebp%ebp call <printf> $x,%eax %esp %ebp Equivalent to: add $xfffffff8,%esp 4

Example %esp,%ebp%ebp call <printf> $x,%eax %esp x2 %ebp 41 Example %esp,%ebp%ebp %esp x1 x2 call <printf> $x,%eax %ebp 42

Example <sum>: $x8,%esp $x,%eax xc(%ebp), %eax add x8(%ebp), %eax %esp x1 x2 %ebp 43 Example <sum>: $x8,%esp $x,%eax xc(%ebp), %eax add x8(%ebp), %eax %esp ebp(main) x1 x2 %ebp (main) 44

Example $x8,%esp $x,%eax %esp ebp(main) x1 x2 %ebp (sum) <sum>: xc(%ebp), %eax add x8(%ebp), %eax 45 Example $x8,%esp $x,%eax %esp ebp(main) x1 x2 %ebp (sum) <sum>: xc(%ebp), %eax add x8(%ebp), %eax %eax x2 46

Example $x8,%esp $x,%eax %esp ebp(main) x1 x2 %ebp (sum) <sum>: xc(%ebp), %eax add x8(%ebp), %eax %eax x3 47 Example $x8,%esp $x,%eax %esp ebp(main) x1 x2 %ebp (sum) <sum>: xc(%ebp), %eax add x8(%ebp), %eax %eax x3 48

Example $x8,%esp $x,%eax %esp ebp(main) x1 x2 %ebp (main) <sum>: xc(%ebp), %eax add x8(%ebp), %eax %eax x3 49 Example $x8,%esp %esp $x,%eax ebp(main) x1 x2 %ebp (main) <sum>: xc(%ebp), %eax add x8(%ebp), %eax %eax x3 5

Example $x8,%esp $x,%eax %esp ebp(main) x1 x2 %ebp (main) %eax x3 51 Example $x8,%esp $x,%eax %esp ebp(main) x1 x3 %ebp (main) %eax x3 52

Example $x8,%esp %esp $x,%eax ebp(main) x8484c x3 %d\n %ebp (main) %eax x3 53 Example $x8,%esp $x,%eax %esp ebp(main) x8484c x3 %d\n %ebp (main) %eax x3 54

Example $x8,%esp %esp $x,%eax ebp(main) x8484c x3 %ebp (main) %eax x3 55 Example Equivalent to: $x8,%esp %esp $x,%eax xor %eax,%eax ebp(main) x8484c x3 %eax %ebp (main) x 56

Example $x8,%esp $x,%eax %esp ebp(main) x8484c x3 %ebp (main) Prepare to: leave %eax x 57 Example $x8,%esp $x,%eax %esp ebp(main) x8484c x3 Prepare to: leave %eax x %ebp (old) 58

Conclusion Invoking a function Call: call the function Ret: urn from the instruction Stack Frame for a function invocation includes Return address, Procedure arguments, Local variables, and Saved registers Base pointer EBP Fixed reference point in the Stack Frame Useful for referencing arguments and local variables 59

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback