CSC 2400: Computing Systems. X86 Assembly: Function Calls"

Similar documents
CSC 2400: Computing Systems. X86 Assembly: Function Calls

CSC 8400: Computer Systems. Using the Stack for Function Calls

CSC 2400: Computer Systems. Using the Stack for Function Calls

Assembly Language: Function Calls" Goals of this Lecture"

Assembly Language: Function Calls

Assembly Language: Function Calls. Goals of this Lecture. Function Call Problems

Assembly Language: Function Calls" Goals of this Lecture"

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

CSC 2400: Computer Systems. Using the Stack for Function Calls

Systems I. Machine-Level Programming V: Procedures

CS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016

Assembly Language: Function Calls

Question 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

Princeton University Computer Science 217: Introduction to Programming Systems. Assembly Language: Function Calls

CIT Week13 Lecture

X86 Stack Calling Function POV

Stacks and Frames Demystified. CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han

CMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang

What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope. C Flow Control.

CS 33: Week 3 Discussion. x86 Assembly (v1.0) Section 1G

x86 assembly CS449 Fall 2017

Assembly III: Procedures. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Stack -- Memory which holds register contents. Will keep the EIP of the next address after the call

IA32 Stack. Lecture 5 Machine-Level Programming III: Procedures. IA32 Stack Popping. IA32 Stack Pushing. Topics. Pushing. Popping

Procedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29

CS213. Machine-Level Programming III: Procedures

CPEG421/621 Tutorial

Machine-level Programming (3)

Giving credit where credit is due

ASSEMBLY III: PROCEDURES. Jo, Heeseung

Assembly III: Procedures. Jo, Heeseung

IA32 Stack The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, IA32 Stack Popping. IA32 Stack Pushing

Intel assembly language using gcc

CMSC 313 Lecture 12 [draft] How C functions pass parameters

CSE 351: Week 4. Tom Bergan, TA

The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, 2002

Machine Programming 3: Procedures

ANITA S SUPER AWESOME RECITATION SLIDES

Sungkyunkwan University

Function Call Convention

CPS104 Recitation: Assembly Programming

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

Implementing Threads. Operating Systems In Depth II 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

University of Washington

Instructor: Alvin R. Lebeck

Lab 10: Introduction to x86 Assembly

W4118: PC Hardware and x86. Junfeng Yang

The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

THEORY OF COMPILATION

CPSC W Term 2 Problem Set #3 - Solution

CMPSC 497 Buffer Overflow Vulnerabilities

143A: Principles of Operating Systems. Lecture 4: Calling conventions. Anton Burtsev October, 2017

Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address = address of top element

(2) Accidentally using the wrong instance of a variable (sometimes very hard one to find).

IA32 Stack. Stack BoDom. Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address

Lecture 5. Announcements: Today: Finish up functions in MIPS

Assignment 11: functions, calling conventions, and the stack

Stack Discipline Jan. 19, 2018

X86 Review Process Layout, ISA, etc. CS642: Computer Security. Drew Davidson

Lectures 5. Announcements: Today: Oops in Strings/pointers (example from last time) Functions in MIPS

238P: Operating Systems. Lecture 3: Calling conventions. Anton Burtsev October, 2018

143A: Principles of Operating Systems. Lecture 5: Calling conventions. Anton Burtsev January, 2017

Process Layout and Function Calls

Secure Programming Lecture 3: Memory Corruption I (Stack Overflows)

X86 Assembly -Procedure II:1

Functions in MIPS. Functions in MIPS 1

Mechanisms in Procedures. CS429: Computer Organization and Architecture. x86-64 Stack. x86-64 Stack Pushing

Compilation /15a Lecture 7. Activation Records Noam Rinetzky

Program Exploitation Intro

Assembly Language Programming - III

Machine Program: Procedure. Zhaoguo Wang

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction

Sistemi Operativi. Lez. 16 Elementi del linguaggio Assembler AT&T

CS241 Computer Organization Spring 2015 IA

An Experience Like No Other. Stack Discipline Aug. 30, 2006

Machine-Level Programming III: Procedures

Course Administration

Page 1. IA32 Stack CISC 360. Machine-Level Programming III: Procedures Sept. 22, IA32 Stack Popping Stack Bottom. IA32 Stack Pushing

Machine- Level Programming III: Switch Statements and IA32 Procedures

Roadmap: Security in the software lifecycle. Memory corruption vulnerabilities

Second Part of the Course

Assembly level Programming. 198:211 Computer Architecture. (recall) Von Neumann Architecture. Simplified hardware view. Lecture 10 Fall 2012

Compiler Construction D7011E

Today. Putting it all together

x86 architecture et similia

AS08-C++ and Assembly Calling and Returning. CS220 Logic Design AS08-C++ and Assembly. AS08-C++ and Assembly Calling Conventions

You may work with a partner on this quiz; both of you must submit your answers.

Subprograms: Arguments

Calling Conventions. See P&H 2.8 and Hakim Weatherspoon CS 3410, Spring 2013 Computer Science Cornell University

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING PREVIEW SLIDES 16, SPRING 2013

System Programming and Computer Architecture (Fall 2009)

CS642: Computer Security

Stack Tutorial. Young W. Lim Sat. Young W. Lim Stack Tutorial Sat 1 / 15

CS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING

CS429: Computer Organization and Architecture

EECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution

An Elegant Weapon for a More Civilized Age

CS356: Discussion #6 Assembly Procedures and Arrays. Marco Paolieri

Transcription:

CSC 24: Computing Systems X86 Assembly: Function Calls" 1 Lecture Goals! Challenges of supporting functions" Providing information for the called function" Function arguments and local variables" Allowing the calling function to continue where it left off" Return address and contents of registers" Stack: last-in-first-out data structure" Stack frame: args, local vars, urn address, registers" Stack pointer: pointing to the current top of the stack" Calling functions" call and instructions, to call and urn from functions" push into and pop from the stack frame" Using the base pointer EBP as a reference point" 2 1

Challenges of Supporting Functions! Code with a well-defined entry and exit points" Call: How does the CPU go to that entry point?" Return: How does the CPU go back to the right place, when right place depends on who called the function?" With arguments and local variables" How are the arguments passed from the caller?" Where should the local variables be stored?" Providing a urn value" How is the urn value urned to the calling function?" Without changing variables in other functions" How are the values stored in registers protected?" 3 Call and Return Abstractions! Call a function" Jump to the beginning of an arbitrary procedure" I.e., jump to the address of the function s first instruction " Return from a function" Jump to the instruction immediately following the mostrecently-executed Call instruction" But, the same function may be called from many places!" P: # Function P jmp R # Call R Rtn_point1: R: # Function R jmp Rtn_point1 # Return 4 2

Challenge: Where to Return?! P: # Function P jmp R # Call R Rtn_point1: R: # Function R jmp??? # Return Q: # Function Q jmp R # Call R Rtn_point2: What should the urn instruction in R jump to??? 5 Challenge: Where to Return?! Place Return Address on Stack" The number of nested functions is not known in advance" A urn address must be saved for as long as the function invocation continues" Addresses used in reverse order " E.g., function P calls Q, which then calls R" Then R urns to Q which then urns to P" EIP for Q EIP for P Last-in-first-out data structure (stack)" Calling function pushes urn address on the stack" and called function pops urn address off the stack" EIP stands for Extended Instruction Pointer " Holds the address of the next instruction to execute" 6 3

Arguments to the Function! Calling function needs to pass arguments" Cannot simply put arguments in a specific register" Because function calls may be nested" So, put the arguments on the stack, too!" Calling function pushes arguments on the stack" Called function loads/storesthem on the stack" int add3(int a, int b, int c) { int d; } d = a + b + c; urn d; int foo(void) { urn add3(3, 4, 5); } 7 Local Variables! Local variables: called function has local variables" Short-lived, so don t need a permanent location in memory" Size known in advance, so no need to allocate on the heap" So, the function just uses the top of the stack" Store local variables on the top of the stack" The local variables disappear after the function urns" int add3(int a, int b, int c) { int d; } d = a + b + c; urn d; int foo(void) { urn add3(3, 4, 5); } 8 4

Registers! Registers" Small, fast memory (e.g., directly on the CPU chip)" Used as temporary storage for computations" Cannot have separate registers per function" Could have arbitrary number of nested functions" Want to allow each function to use all the registers" Could write all registers out to memory" E.g., save values corresponding to program variables" Possible, but a bit of a pain " E.g., find someplace to stash intermediate results" Where would we put them?" Instead, save the registers on the stack, too" 9 Stack Frames! Use stack for all temporary data related to each active function invocation" Return address" Input parameters" Local variables of function" Saving registers across invocations" Stack Frame Stack has one Stack Frame per active function invocation" 1 5

High-Level Picture! main begins executing (Extended Stack Pointer) "Always points to the top element of the stack! Bottom main s Stack Frame 11 High-Level Picture! main begins executing main calls P Bottom P s Stack Frame main s Stack Frame 12 6

High-Level Picture! main begins executing main calls P P calls Q Bottom Q s Stack Frame P s Stack Frame main s Stack Frame 13 High-Level Picture! main begins executing main calls P P calls Q Q urns Bottom P s Stack Frame main s Stack Frame 14 7

High-Level Picture! main begins executing main calls P P calls Q Q urns P urns Bottom main s Stack Frame 15 High-Level Picture! main begins executing main calls P P calls Q Q urns P urns main urns Bottom 16 8

Function Call Details! Call and Return instructions" call: push EIP on the stack, and jump to function" : pop the stack into the EIP to go back" Argument passing between procedures" Calling function pushes arguments on to the stack" Called function reads/writes on the stack" Local variables" Called function creates and manipulates on the stack" Register saving conventions" Either calling or called function saves all of the registers before use" 17 Call and Return Instructions! Instruction! Effective Operations! pushl src popl dest call addr subl $4, movl src, () movl (), dest addl $4, pushl %eip jmp addr pop %eip before Call Note: can t really access EIP directly, but this is implicitly what call and are doing. 18 9

Call and Return Instructions! Instruction! Operation! pushl src subl $4, movl src, () popl dest movl (), dest addl $4, call addr pushl %eip jmp addr pop %eip after call Old EIP 19 Call and Return Instructions! Instruction! Operation! pushl src subl $4, movl src, () popl dest movl (), dest addl $4, call addr pushl %eip jmp addr pop %eip before Old EIP Return instruction assumes that the urn address is at the top of the stack 2 1

Call and Return Instructions! Instruction! Operation! pushl src popl dest call addr subl $4, movl src, () movl (), dest addl $4, pushl %eip jmp addr pop %eip after Return instruction assumes that the urn address is at the top of the stack 21 Input Parameters! Caller pushes input parameters before executing the Call instruction" Parameters are pushed in the reverse order" Push N th argument first" Push 1 st argument last" So that first argument is at the top of the stack at the time of the Call" before pushing arguments 22 11

Input Parameters! Caller pushes input parameters before executing the Call instruction" Parameters are pushed in the reverse order" Push N th argument first" Push 1 st argument last" So that first argument is at top of the stack at the time of the Call" before call Arg 1 Arg Arg N 23 Input Parameters! Caller pushes input parameters before executing the Call instruction" Parameters are pushed in the reverse order" Push N th argument first" Push 1 st argument last" So that first argument is at top of the stack at the time of the Call" after call Called function can address arguments relative to ESP: Arg 1 as 4() Old EIP Arg 1 Arg Arg N 24 12

Input Parameters! Caller pushes input parameters before executing the Call instruction" Parameters are pushed in the reverse order" Push N th argument first" Push 1 st argument last" So that first argument is at top of the stack at the time of the Call" before Old EIP Arg 1 Arg Arg N 25 Input Parameters! Caller pushes input parameters before executing the Call instruction" Parameters are pushed in the reverse order" Push N th argument first" Push 1 st argument last" So that first argument is at top of the stack at the time of the call" after Arg 1 Arg Arg N After the function call is finished, the caller pops the pushed arguments from the stack 26 13

Input Parameters! Caller pushes input parameters before executing the Call instruction" Parameters are pushed in the reverse order" Push N th argument first" Push 1 st argument last" So that first argument is at top of the stack at the time of the Call" After the function call is finished, the caller pops the pushed arguments from the stack after popping arguments 27 Base Pointer: EBP! As Callee executes, ESP may change" E.g., preparing to call another function" Use EBP as fixed reference point" E.g., to access arguments and other local variables" Need to save old value of EBP" Before overwriting EBP register" Callee begins by executing prolog " " pushl %ebp movl, %ebp after Call %EBP Old EIP Arg 1 Arg Arg N 28 14

Base Pointer: EBP! As Callee executes, ESP may change" E.g., preparing to call another function" Use EBP as fixed reference point" E.g., to access arguments and other local variables" Need to save old value of EBP" Before overwriting EBP register" Callee begins by executing epilog " pushl %ebp movl, %ebp, %EBP Regardless of ESP, Callee can address Arg 1 as 8(%ebp)" Old EBP Old EIP Arg 1 Arg Arg N 29 Base Pointer: EBP! Before urning, Callee must restore EBP to its old value" Executes" movl %ebp, popl %ebp %EBP Old EBP Old EIP Arg 1 Arg Arg N 3 15

Base Pointer: EBP! Before urning, Callee must restore EBP to its old value" Executes" movl %ebp, popl %ebp, %EBP Old EBP Old EIP Arg 1 Arg Arg N 31 Base Pointer: EBP! Before urning, Callee must restore EBP to its old value" Executes" movl %ebp, popl %ebp Old EIP Arg 1 Arg Arg N %EBP 32 16

Base Pointer: EBP! Before urning, Callee must restore EBP to its old value" Executes" movl %ebp, popl %ebp Arg 1 Arg Arg N %EBP 33 Allocation for Local Variables! Local variables of the Callee are also allocated on the stack" Allocation done by moving the stack pointer" Example: allocate two integers" subl $4, " subl $4, " (or equivalently, subl $8, )" Reference local variables using the base pointer" -4(%ebp)" -8(%ebp)" %EBP Var 2 Var 1 Old EBP Old EIP Arg 1 Arg Arg N 34 17

Use of Registers! Problem: Called function may use a register that the calling function is also using" When called function urns control to calling function, old register contents may be lost" Calling function cannot continue where it left off" Solution: save the registers on the stack" Someone must save old register contents " Someone must later restore the register contents" Need a convention for who saves and restores which registers" 35 A Simple Example! int sum(int x, int y) { urn x+y; } int main () { int result; } result = sum(1, 2); printf("%d\n", result); urn ; Compile: gcc -O o sum sum.c Debug: gdb./sum disas main 36 18

Example! push $x2 push $x1 add $x8, push $x8484c mov $x, Recall that:" The stack grows from high addresses towards low addresses" %ebp 37 Example! push $x2 push $x1 add $x8, push $x8484c mov $x, %ebp 38 19

Example! push $x2 push $x1 add $x8, push $x8484c mov $x, %ebp Equivalent to: add $xfffffff8, 39 Example! push $x2 push $x1 add $x8, push $x8484c mov $x, %ebp Equivalent to: add $xfffffff8, 4 2

21 41 push %ebp mov,%ebp sub $x8, sub $x8, push $x2 push $x1 call <sum> add $x8, push push $x8484c call <printf> mov $x, mov %ebp, pop %ebp Example! %ebp x2 42 push %ebp mov,%ebp sub $x8, sub $x8, push $x2 push $x1 call <sum> add $x8, push push $x8484c call <printf> mov $x, mov %ebp, pop %ebp Example! %ebp x1 x2

Example! <sum>: push $x2 push $x1 add $x8, push $x8484c mov $x, mov xc(%ebp), add x8(%ebp), x1 x2 %ebp 43 Example! <sum>: push $x2 push $x1 add $x8, push $x8484c mov $x, mov xc(%ebp), add x8(%ebp), ebp(main) x1 x2 %ebp (main) 44 22

Example! <sum>: push $x2 push $x1 add $x8, push $x8484c mov $x, mov xc(%ebp), add x8(%ebp), ebp(main) x1 x2 %ebp (sum) 45 Example! <sum>: push $x2 push $x1 add $x8, push $x8484c mov $x, mov xc(%ebp), add x8(%ebp), ebp(main) x1 x2 %ebp (sum) x2 46 23

Example! <sum>: push $x2 push $x1 add $x8, push $x8484c mov $x, mov xc(%ebp), add x8(%ebp), ebp(main) x1 x2 %ebp (sum) x3 47 Example! <sum>: push $x2 push $x1 add $x8, push $x8484c mov $x, mov xc(%ebp), add x8(%ebp), ebp(main) x1 x2 %ebp (sum) x3 48 24

Example! <sum>: push $x2 push $x1 add $x8, push $x8484c mov $x, mov xc(%ebp), add x8(%ebp), ebp(main) x1 x2 %ebp (main) x3 49 Example! <sum>: push $x2 push $x1 add $x8, push $x8484c mov $x, mov xc(%ebp), add x8(%ebp), ebp(main) x1 x2 %ebp (main) x3 5 25

Example! push $x2 push $x1 add $x8, push $x8484c mov $x, ebp(main) x1 x2 %ebp (main) x3 51 Example! push $x2 push $x1 add $x8, push $x8484c mov $x, ebp(main) x1 x3 %ebp (main) x3 52 26

27 53 push %ebp mov,%ebp sub $x8, sub $x8, push $x2 push $x1 call <sum> add $x8, push push $x8484c call <printf> mov $x, mov %ebp, pop %ebp Example! x3 %ebp (main) ebp(main) x8484c x3 %d\n 54 push %ebp mov,%ebp sub $x8, sub $x8, push $x2 push $x1 call <sum> add $x8, push push $x8484c call <printf> mov $x, mov %ebp, pop %ebp Example! x3 %ebp (main) ebp(main) x8484c x3 %d\n

Example! push $x2 push $x1 add $x8, push $x8484c mov $x, ebp(main) x8484c x3 %ebp (main) x3 55 Example! push $x2 push $x1 add $x8, push $x8484c mov $x, ebp(main) x8484c x3 %ebp (main) Equivalent to: xor, x 56 28

Example! push $x2 push $x1 add $x8, push $x8484c mov $x, ebp(main) x8484c x3 %ebp (main) Prepare to: leave x 57 Example! push $x2 push $x1 add $x8, push $x8484c mov $x, ebp(main) x8484c x3 Prepare to: leave x %ebp (old) 58 29

Conclusion! Invoking a function" Call: call the function" Ret: urn from the instruction" Stack Frame for a function invocation includes " Return address, " Procedure arguments, " Local variables, and " Saved registers" Base pointer EBP " Fixed reference point in the Stack Frame" Useful for referencing arguments and local variables" 59 3

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback