THEORY OF COMPILATION

Similar documents
Compilation /15a Lecture 7. Activation Records Noam Rinetzky

Winter Compiler Construction T11 Activation records + Introduction to x86 assembly. Today. Tips for PA4. Today:

Automatic Software Verification

Procedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29

Assembly Language: Function Calls

Assembly III: Procedures. Jo, Heeseung

ASSEMBLY III: PROCEDURES. Jo, Heeseung

Assembly Language: Function Calls" Goals of this Lecture"

Lecture #16: Introduction to Runtime Organization. Last modified: Fri Mar 19 00:17: CS164: Lecture #16 1

Assembly Language: Function Calls" Goals of this Lecture"

Assembly Language: Function Calls. Goals of this Lecture. Function Call Problems

Assembly III: Procedures. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

CSC 2400: Computing Systems. X86 Assembly: Function Calls"

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

CS213. Machine-Level Programming III: Procedures

CSC 2400: Computing Systems. X86 Assembly: Function Calls

CIT Week13 Lecture

Machine-level Programming (3)

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

Winter Compiler Construction T10 IR part 3 + Activation records. Today. LIR language

An Experience Like No Other. Stack Discipline Aug. 30, 2006

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e Feb 11, 13, 15, and 25. Winter Session 2018, Term 2

Lab 10: Introduction to x86 Assembly

Practical Malware Analysis

Machine-Level Programming III: Procedures

The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, 2002

G Programming Languages Spring 2010 Lecture 4. Robert Grimm, New York University

Stack Discipline Jan. 19, 2018

Compilation Lecture 6: Attribute Grammars IR Noam Rinetzky

CS 480 Fall Runtime Environments. Mike Lam, Professor. (a.k.a. procedure calls and heap management)

x86 assembly CS449 Fall 2017

System Software Assignment 1 Runtime Support for Procedures

G Programming Languages - Fall 2012

Stack -- Memory which holds register contents. Will keep the EIP of the next address after the call

CPSC W Term 2 Problem Set #3 - Solution

CMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang

CPEG421/621 Tutorial

The Activation Record (AR)

CS , Fall 2001 Exam 1

Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address = address of top element

Buffer Overflows. Buffer Overflow. Many of the following slides are based on those from

! Those values must be stored somewhere! Therefore, variables must somehow be bound. ! How?

Topic 7: Activation Records

Introduction to Computer Systems , fall th Lecture, Sep. 28 th

An Elegant Weapon for a More Civilized Age

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

Status. Lecture #15: Introduction to Runtime Organization. Run-time environments. Code Generation Goals and Considerations

Machine Programming 3: Procedures

Systems I. Machine-Level Programming V: Procedures

X86 Review Process Layout, ISA, etc. CS642: Computer Security. Drew Davidson

CS 201 Winter 2014 (Karavanic) Final Exam

AS08-C++ and Assembly Calling and Returning. CS220 Logic Design AS08-C++ and Assembly. AS08-C++ and Assembly Calling Conventions

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e

Basic exploitation techniques

CS 33: Week 3 Discussion. x86 Assembly (v1.0) Section 1G

4) C = 96 * B 5) 1 and 3 only 6) 2 and 4 only

238P: Operating Systems. Lecture 3: Calling conventions. Anton Burtsev October, 2018

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e

CS , Fall 2002 Exam 1

Run-Time Environments

CMSC 313 Fall2009 Midterm Exam 2 Section 01 Nov 11, 2009

CMSC 313 Lecture 12 [draft] How C functions pass parameters

143A: Principles of Operating Systems. Lecture 4: Calling conventions. Anton Burtsev October, 2017

Run Time Environments

What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope. C Flow Control.

Procedure and Object- Oriented Abstraction

CS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016

Intel assembly language using gcc

143A: Principles of Operating Systems. Lecture 5: Calling conventions. Anton Burtsev January, 2017

X86 Assembly -Procedure II:1

CA Compiler Construction

CNIT 127: Exploit Development. Ch 1: Before you begin. Updated

Stacks and Frames Demystified. CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han

Code Generation. Lecture 30

Run Time Environment. Procedure Abstraction. The Procedure as a Control Abstraction. The Procedure as a Control Abstraction

Process Layout and Function Calls

Run Time Environment. Activation Records Procedure Linkage Name Translation and Variable Access

Run-time Environments

Run-time Environments

CSE 504. Expression evaluation. Expression Evaluation, Runtime Environments. One possible semantics: Problem:

CS153: Compilers Lecture 8: Compiling Calls

CS241 Computer Organization Spring 2015 IA

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction

Principles of Programming Languages Topic: Scope and Memory Professor Louis Steinberg Fall 2004

An Overview to Compiler Design. 2008/2/14 \course\cpeg421-08s\topic-1a.ppt 1

COMP 210 Example Question Exam 2 (Solutions at the bottom)

CSC 8400: Computer Systems. Using the Stack for Function Calls

THEORY OF COMPILATION

Concepts Introduced in Chapter 7

Run-time Environments - 2

CPS104 Recitation: Assembly Programming

Anne Bracy CS 3410 Computer Science Cornell University

211: Computer Architecture Summer 2016

CPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e

ICS143A: Principles of Operating Systems. Midterm recap, sample questions. Anton Burtsev February, 2017

Turning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p Use optimizations (-O) Put resulting binary in file p

Procedure-Calling Conventions October 30

Calling Conventions. Hakim Weatherspoon CS 3410, Spring 2012 Computer Science Cornell University. See P&H 2.8 and 2.12

(2) Accidentally using the wrong instance of a variable (sometimes very hard one to find).

See P&H 2.8 and 2.12, and A.5-6. Prof. Hakim Weatherspoon CS 3410, Spring 2015 Computer Science Cornell University

Transcription:

Lecture 10 Activation Records THEORY OF COMPILATION EranYahav www.cs.technion.ac.il/~yahave/tocs2011/compilers-lec10.pptx Reference: Dragon 7.1,7.2. MCD 6.3,6.4.2 1

You are here Compiler txt Source Lexical Analysis Syntax Analysis Parsing Semantic Analysis Inter. Rep. (IR) Code Gen. exe Executable text code 2

Supporting Procedures new computing environment at least temporary memory for local variables passing information into the new environment parameters transfer of control to/from procedure handling return values 3

Design Decisions scoping rules static scoping vs. dynamic scoping caller/callee conventions parameters who saves register values? allocating space for local variables 4

Static (lexical) Scoping main ( ) { int a = 0 ; int b = 0 ; { B 0 B1 } } int b = 1 ; { B 2 } { B 3 } int a = 2 ; printf ( %d %d\n, a, b) int b = 3 ; printf ( %d %d\n, a, b) ; printf ( %d %d\n, a, b) ; printf ( %d %d\n, a, b) ; a name refers to its (closest) enclosing scope known at compile time Declaration Scopes a=0 B0,B1,B3 b=0 B0 b=1 B1,B2 a=2 B2 b=3 B3 5

Dynamic Scoping each identifier is associated with a global stack of bindings when entering scope where identifier is declared push declaration on identifier stack when existing scope where identifier is declared pop identifier stack evaluating the identifier in any context binds to the current top of stack determined at runtime 6

Example int x = 42; int f() { return x; } int g() { int x = 1; return f(); } int main() { return g(); } what value is returned from main? static scoping? dynamic scoping? 7

Why do we care? we need to generate code to access variables static scoping identifier binding is known at compile time address of the variable is known at compile time assigning addresses to variables is part of code generation no runtime errors of access to undefined variable can check types of variables 8

Variable addresses for static scoping: first attempt int x = 42; int f() { return x; } int g() { int x = 1; return f(); } int main() { return g(); } identifier x (global) x (inside g) address 0x42 0x73 9

Variable addresses for static scoping: first attempt int a [11] ; void quicksort(int m, int n) { int i; if (n > m) { i = partition(m, n); quicksort (m, i-1) ; quicksort (i+1, n) ; } what is the address of the variable i in the procedure quicksort? main() {... quicksort (1, 9) ; } 10

Activation Record (frame) separate space for each procedure invocation managed at runtime code for managing it generated by the compiler desired properties efficient allocation and deallocation procedures are called frequently variable size different procedures may require different memory sizes 11

Memory Layout code static data stack stack grows down (towards lower addresses) heap heap grows up (towards higher addresses) 12

Activation Record (frame) high addresses parameter k parameter 1 lexical pointer incoming parameters administrative part return information dynamic link stack grows down low addresses registers & misc local variables temporaries next frame would be here frame pointer stack pointer 13

Runtime Stack Stack of activation records Call = push new activation record Return = pop activation record Only one active activation record top of stack How do we handle recursion? 14

Runtime Stack SP stack pointer top of current frame FP frame pointer base of current frame Previous frame Sometimes called BP (base pointer) FP stack grows down Current frame SP 15

Pentium Runtime Stack Register Usage ESP Stack pointer EBP Base pointer Pentium stack registers Instruction push, pusha, pop,popa, call return Usage push on runtime stack Base pointer transfer control to called routine transfer control back to caller Pentium stack and call/ret instructions 16

Call Sequences The processor does not save the content of registers on procedure calls So who will? Caller saves and restores registers Callee saves and restores registers But can also have both save/restore some registers 17

Call Sequences caller Caller push code call Push caller-save registers Push actual parameters (in reverse order) push return address Jump to call address caller callee Callee push code (prologue) Callee pop code (epilogue) return Caller pop code Push current base-pointer bp = sp Push local variables Push callee-save registers Pop callee-save registers Pop calle activation record Pop old base-pointer pop return address Jump to address Pop caller-save registers Pop parameters 18

Call Sequences Foo(42,21) caller push %ecx push $21 push $42 call _foo call Push caller-save registers Push actual parameters (in reverse order) push return address Jump to call address caller callee push %ebp mov %esp, %ebp sub %8, %esp push %ebx pop %ebx mov %ebp, %esp pop %ebp ret add $8, %esp pop %ecx return Push current base-pointer bp = sp Push local variables Push callee-save registers Pop callee-save registers Pop calle activation record Pop old base-pointer pop return address Jump to address Pop caller-save registers Pop parameters 19

To Callee-save or to Caller-save? That is indeed The question Callee-saved registers need only be saved when callee modifies their value some heuristics and conventions are followed 20

Accessing Stack Variables Use offset from FP (%ebp) Remember stack grows downwards Above FP = parameters Below FP = locals Examples %ebp + 4 = return address %ebp + 8 = first parameter %ebp 4 = first local FP+8 FP FP-4 SP Param n param1 Return address Previous fp Local 1 Local n Param n param1 Return address 21

Factorial fact(int n) fact: pushl %ebp # save ebp movl %esp,%ebp # ebp=esp pushl %ebx # save ebx movl 8(%ebp),%ebx # ebx = n cmpl $1,%ebx # n = 1? jle.lresult # then done leal -1(%ebx),%eax # eax = n-1 EBP+8 pushl %eax # call fact # fact(n-1) EBP imull %ebx,%eax # eax=retv*n jmp.lreturn # EBP-4.lresult: movl $1,%eax # retv.lreturn: ESP movl -4(%ebp),%ebx # restore ebx movl %ebp,%esp # restore esp popl %ebp # restore ebp (disclaimer: real compiler can do better than that) n Return address Previous fp old %ebp old %ebx old %ebx Return address (stack in intermediate point) 22

Windows Exploit(s) Buffer Overflow void foo (char *x) { } char buf[2]; strcpy(buf, x); int main (int argc, char *argv[]) { } foo(argv[1]); Memory addresses Previous br frame Return daddress Saved ca FP char* ra x./a.out abracadabra Segmentation fault Stack grows this way buf[2] ab (YMMV) 23

Buffer overflow int check_authentication(char *password) { int auth_flag = 0; char password_buffer[16]; strcpy(password_buffer, password); if(strcmp(password_buffer, "brillig") == 0) auth_flag = 1; if(strcmp(password_buffer, "outgrabe") == 0) auth_flag = 1; return auth_flag; } int main(int argc, char *argv[]) { if(argc < 2) { printf("usage: %s <password>\n", argv[0]); exit(0); } if(check_authentication(argv[1])) { printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n"); printf(" Access Granted.\n"); printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n"); } else { printf("\naccess Denied.\n"); } } (source: hacking the art of exploitation, 2 nd Ed ) 24

Buffer overflow int check_authentication(char *password) { char password_buffer[16]; int auth_flag = 0; strcpy(password_buffer, password); if(strcmp(password_buffer, "brillig") == 0) auth_flag = 1; if(strcmp(password_buffer, "outgrabe") == 0) auth_flag = 1; return auth_flag; } int main(int argc, char *argv[]) { if(argc < 2) { printf("usage: %s <password>\n", argv[0]); exit(0); } if(check_authentication(argv[1])) { printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n"); printf(" Access Granted.\n"); printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n"); } else { printf("\naccess Denied.\n"); } } (source: hacking the art of exploitation, 2 nd Ed ) 25

Buffer overflow 0x08048529 <+69>: movl $0x8048647,(%esp) 0x08048530 <+76>: call 0x8048394 <puts@plt> 0x08048535 <+81>: movl $0x8048664,(%esp) 0x0804853c <+88>: call 0x8048394 <puts@plt> 0x08048541 <+93>: movl $0x804867a,(%esp) 0x08048548 <+100>: call 0x8048394 <puts@plt> 0x0804854d <+105>: jmp 0x804855b <main+119> 0x0804854f <+107>: movl $0x8048696,(%esp) 0x08048556 <+114>: call 0x8048394 <puts@plt> 26

Nested Procedures For example Pascal any routine can have sub-routines any sub-routine can access anything that is defined in its containing scope or inside the sub-routine itself 27

Example: Nested Procedures program p; var x: Integer; procedure a var y: Integer; possible call sequence: p a a c b c d procedure b begin b end; function c var z: Integer; procedure d begin d end; begin c end; begin a end; what is the address of variable y in procedure d? begin p end. 28

nested procedures can call a sibling, ancestor when c uses variables from a, which a is it? how do you find the right activation record at runtime? P possible call sequence: p a a c b c d a a c b c d 29

nested procedures goal: find the closest routine in the stack from a given nesting level if we reached the same routine in a sequence of calls routine of level k uses variables of the same level, it uses its own variables if it uses variables of level j < k then it must be the last routine called at level j If a procedure is last at level j on the stack, then it must be ancestor of the current routine P a possible call sequence: p a a c b c d a c b c d 30

nested procedures problem: a routine may need to access variables of another routine that contains it statically solution: lexical pointer (a.k.a. access link) in the activation record lexical pointer points to the last activation record of the nesting level above it in our example, lexical pointer of d points to activation records of c lexical pointers created at runtime number of links to be traversed is known at compile time 31

lexical pointers program p; var x: Integer; procedure a var y: Integer; procedure b begin b end; function c var z: Integer; procedure d begin d end; begin c end; begin a end; begin p end. P a possible call sequence: p a a c b c d a c b c y y z z a a c b c d d 32

Activation Records: Summary compile time memory management for procedure data works well for data with well-scoped lifetime deallocation when procedure returns 33

The End 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback