CS415 Project 1: Understanding Setjmp/Longjmp Manpreet Singh


Similar presentations
Practical Malware Analysis

Assembly Language for x86 Processors 6th Edition Chapter 5: Procedures (c) Pearson Education, All rights reserved. You may modify and copy this slide.
Computer Architecture CSCE 350
The University of Adelaide, School of Computer Science
Various languages….  Could affect performance  Could affect reliability  Could affect language choice.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Chapter 1 Background System Software Chih-Shun Hsu
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
1 Lecture 5: Procedures Assembly Language for Intel-Based Computers, 4th edition Kip R. Irvine.
1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)
Accessing parameters from the stack and calling functions.
Chapter 12: High-Level Language Interface. Chapter Overview Introduction Inline Assembly Code C calls assembly procedures Assembly calls C procedures.
Assembly Language for Intel-Based Computers Chapter 2: IA-32 Processor Architecture Kip Irvine.
Microprocessors Frame Pointers and the use of the –fomit-frame-pointer switch Feb 25th, 2002.
Assembly תרגול 8 פונקציות והתקפת buffer.. Procedures (Functions) A procedure call involves passing both data and control from one part of the code to.
CS415 Minithreads Project 2 Context Switch and Stack Initialization Ken Hopkinson
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science Computer Systems Principles C/C++ Emery Berger and Mark Corner University of Massachusetts.
September 22, 2014 Pengju (Jimmy) Jin Section E
The ISA Level The Instruction Set Architecture (ISA) is positioned between the microarchtecture level and the operating system level.  Historically, this.
Stacks and Frames Demystified CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 18: 0xCAFEBABE (Java Byte Codes)
Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 7 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
Dr. José M. Reyes Álamo 1.  The 80x86 memory addressing modes provide flexible access to memory, allowing you to easily access ◦ Variables ◦ Arrays ◦
Carnegie Mellon Introduction to Computer Systems /18-243, spring 2009 Recitation, Jan. 14 th.
Compiler Construction
Fall 2012 Chapter 2: x86 Processor Architecture. Irvine, Kip R. Assembly Language for x86 Processors 6/e, Chapter Overview General Concepts IA-32.
Languages and the Machine Chapter 5 CS221. Topics The Compilation Process The Assembly Process Linking and Loading Macros We will skip –Case Study: Extensions.
The x86 Architecture Lecture 15 Fri, Mar 4, 2005.
Assembly תרגול 5 תכנות באסמבלי. Assembly vs. Higher level languages There are NO variables’ type definitions.  All kinds of data are stored in the same.
Exception Compiler Baojian Hua
Assembly Language for x86 Processors 7th Edition Chapter 13: High-Level Language Interface (c) Pearson Education, All rights reserved. You may modify.
Prof. Fateman CS 164 Lecture 281 Virtual Machine Structure Lecture 28.
Sahar Mosleh California State University San MarcosPage 1 Stack operations, Applications and defining procedures.
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
CSCI Rational Purify 1 Rational Purify Overview Michel Izygon - Jim Helm.
Exception Compiler Baojian Hua
Processes CS 6560: Operating Systems Design. 2 Von Neuman Model Both text (program) and data reside in memory Execution cycle Fetch instruction Decode.
Operating Systems CSE 411 CPU Management Sept Lecture 10 Instructor: Bhuvan Urgaonkar.
Low Level Programming Lecturer: Duncan Smeed The Interface Between High-Level and Low-Level Languages.
Chapter 2 Parts of a Computer System. 2.1 PC Hardware: Memory.
Introduction to Assembly II Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2013/2014.
Compiler Construction Code Generation Activation Records
X86 Assembly Language We will be using the nasm assembler (other assemblers: MASM, as, gas)
University of Amsterdam Computer Systems – the instruction set architecture Arnoud Visser 1 Computer Systems The instruction set architecture.
Introduction to Intel IA-32 and IA-64 Instruction Set Architectures.
1 Assembly Language: Function Calls Jennifer Rexford.
Chapter 10 Chapter 10 Implementing Subprograms. Implementing Subprograms  The subprogram call and return operations are together called subprogram linkage.
LECTURE 3 Translation. PROCESS MEMORY There are four general areas of memory in a process. The text area contains the instructions for the application.
NASM ASSEMBLER & COMPILE WITH GCC 어셈러브 refered to ‘PC Assembly Language’ by Paul A. Carter
Microprocessors CSE- 341 Dr. Jia Uddin Assistant Professor, CSE, BRAC University Dr. Jia Uddin, CSE, BRAC University.
7-Nov Fall 2001: copyright ©T. Pearce, D. Hutchinson, L. Marshall Oct lecture23-24-hll-interrupts 1 High Level Language vs. Assembly.
Lecture 3 Translation.
Section 5: Procedures & Stacks
Object Lifetime and Pointers
Instructions for test_function
Introduction to Operating Systems
Instruction Set Architectures
Assembly language.
ECE 3430 – Intro to Microcomputer Systems
Introduction to Compilers Tim Teitelbaum
Introduction to Operating Systems
Introduction to Intel IA-32 and IA-64 Instruction Set Architectures
Assembly Language Programming II: C Compiler Calling Sequences
MIPS Procedure Calls CSE 378 – Section 3.
EECE.3170 Microprocessor Systems Design I
EECE.3170 Microprocessor Systems Design I
Week 2: Buffer Overflow Part 1.
Comp Org & Assembly Lang
Computer Architecture and System Programming Laboratory
Presentation transcript:

CS415 Project 1: Understanding Setjmp/Longjmp Manpreet Singh

CS415 Overview and Setjmp/Longjmp Project 1 2 Tentative schedule  Project 1 - Setjmp/longjmp: Sept 15 th  Project 2 - Due Sep. 26 (Non-preemptive thread package, 11 days to do)  Project 3 - Due Oct. 6 (Add preemption and alarms, 10 days to do)  Project 4 - Due Oct. 20 (Unreliable UDP network layer, 2 weeks to do)  Project 5 - Due Nov. 7 (Reliable TCP network layer, 3 weeks to do, this one  Project 6 - Due Nov. 24 (Virtual file system, almost 3 weeks to do, due before Thanksgiving break, but this can be changed

CS415 Overview and Setjmp/Longjmp Project 1 3 Points to be noted!  We will not be using Jornadas in any assignment  We will not provide you with solutions to any programming assignment  Every assignment builds on the previous stuff!  We will take demos for each project

CS415 Overview and Setjmp/Longjmp Project 1 4 Project 1 Overview  We will begin by disassembling the C library functions setjmp and longjmp  Doing so will give you an understanding of the Intel architecture, C calling conventions, stack operation, and insight into context switching within the Intel architecture

CS415 Overview and Setjmp/Longjmp Project 1 5 Why Use C  A relatively simple language  Often called the “universal assembly- language”  Language is geared towards low-level operations  Can be bad for high-level applications  But allows high degree of control which is desirable for systems software  C has very low overhead (comparatively speaking)

CS415 Overview and Setjmp/Longjmp Project 1 6 C Drawbacks  C lacks support for object-oriented concepts (how C++ came into being)  Memory must be managed explicitly (but Purify is installed in the undergraduate lab for your use)  Very low-level code that requires explicit register manipulation cannot be done in C (embedded assembly is allowed, though, and will be used occasionally in our course projects)

CS415 Overview and Setjmp/Longjmp Project 1 7 More About Purify  Purify is a tool for locating runtime errors in a C/C++ program  Purify can find  Array bounds errors  Accesses through dangling pointers  Uninitialized memory reads  Memory allocation errors  Memory leaks  Purify is available on Windows and UNIX systems and is a product of Rational Software

CS415 Overview and Setjmp/Longjmp Project 1 8 How Purify Works  Purify instruments a program by adding protection instructions around every load and store operation tracking mallocs/frees as any garbage collector would  When a program is executed, a viewer is created to display memory errors as they occur  Purify is flexible and can be run standalone with any executable (written in C) or within a debugging environment like Visual Studio.NET  Purify is customizable and can be set to ignore certain types of errors

CS415 Overview and Setjmp/Longjmp Project 1 9 Just Compile/Run in VC++ to Start or Do It Explicitly

CS415 Overview and Setjmp/Longjmp Project 1 10 Sample Purify Output

CS415 Overview and Setjmp/Longjmp Project 1 11 Lecture Part II: Project 1: Setjmp/Longjmp  Intel Architecture: General Introduction  C Calling convention  Setjmp/Longjmp Basics  Project 1 Parts A and B

CS415 Overview and Setjmp/Longjmp Project 1 12 Intel Pentium Architecture  Little endian (least significant byte located at lowest address)  32-bit processors  16 Integer Unit Registers  8 32-bit General Purpose  6 16-bit Segment  1 32-bit Instruction Pointer  1 32-bit Flag  The floating point unit has a number of registers, too (see next slide). Our focus is on the Integer Unit.

CS415 Overview and Setjmp/Longjmp Project 1 13 Floating Point Unit  14 Floating-point Registers  8 80-bit General Purpose  1 48-bit FPU Instruction Pointer  1 48-bit Operand (Data) Register  1 16-bit Control Register  1 16-bit Status Register  1 16-bit Tag Register  1 11-bit (Last Executed) Opcode Register  The FPU stack is contained within the 8 General Purpose registers

CS415 Overview and Setjmp/Longjmp Project 1 14 More on Integer Registers  General Purpose Registers are eax, ebx, ecx, edx, esi, edi, esp, and ebp  ebp points to the base of the current stack frame  esp points to the top of the stack  If we want to save the current state of a program then we must save the registers it is using including the eip instruction pointer, esp and ebp stack registers, system flags, and all segment registers that might change

CS415 Overview and Setjmp/Longjmp Project 1 15 NT Processes and their Stacks  NT initializes your process with an initial stack, heap, and code segment  Stacks grow downward  Dynamic data is allocated from the Heap (grows upward) code stack heap 50000

CS415 Overview and Setjmp/Longjmp Project 1 16 Stack Calling Conventions  ebp points to bottom of stack frame  Esp points to top of stack  Function parameters pushed on stack lowest to highest var n, var n - 1,... var 1  Next comes the instruction pointer eip  One word of padding  Local Variables local 1, 2 words of padding, local 2, 2 words of padding,... Local n  Finally, the remainder can be pushed/popped to  (Integer/Pointer) Return values always placed in eax  Special Note: 196 bytes (49 words) of padding are placed between stack frames by VC++ since we are compiling in debug mode. Some state is also saved.  Also Note: Visual C++ always sets ebp = esp at the beginning of a function

CS415 Overview and Setjmp/Longjmp Project 1 17 Sample Stack Portion (Padding Not Shown)

CS415 Overview and Setjmp/Longjmp Project 1 18 Setjmp/Longjmp Basics  Setjmp saves the stack pointers (esp, ebp), some general purpose registers, and the instruction pointer into an instance of the jmp_buf data structure.  Longjmp takes a jmp_buf instance and restores the saved register values. In effect, longjmp allows one to jump up the calling stack to any previous stack frame beginning at the next instruction past the originally called setjmp.  Saved state in the jmp_buf structure is restored, but everything else remains unchanged. (ie if x, a local variables stored on the stack, was changed from a value of 10 before setjmp was called to a values of 12 after setjmp was called it would still have a value of 12 when longjmp was called.  Setjmp’s return value is always 0. Longjmp jumps to the assembly instruction after setjmp with a non-zero return value.

CS415 Overview and Setjmp/Longjmp Project 1 19 Project 1 Setjmp.C Source jmp_buf mark; /* setjmp state data structure */ void main( void ) { int v1, v2, v3; v1 = 2, v2 = 3, v3 = 4; jmpret = setjmp( mark ); if( jmpret == 0 ) { printf("v1 = %d, v2 = %d, v3 = %d\n", v1, v2, v3); v1 = v2 = v3 = 222; longjmp(mark, -1); } else { printf("v1 = %d, v2 = %d, v3 = %d\n", v1, v2, v3); } return; }

CS415 Overview and Setjmp/Longjmp Project 1 20 Setjmp.C Result  v1 = 2, v2 = 3, v3 = 4 before setjmp is called  v1 = v2 = v3 = 222 at the second printf statements  If v1, v2, and/or v3 were a register variable and that register was saved in the jmp_buf structure “mark” then its value would have reverted to 2, 3, and/or 4 respectively  jmp_ret is 0 when setjmp is called and –1 after the longjmp jump

CS415 Overview and Setjmp/Longjmp Project 1 21 Project 1 Part A  Download the setjmp.C example file and the project Makefile from the CS 415 web site  Compile setjmp.exe and load it into the Visual Debugger.  Experiment with the program (step through the code, change things to see what happens, etc). Be sure to work with the disassembly code view and NOT just the C view.  When you are comfortable, return to the original setjmp.C code. Get a disassembly view and copy the setjmp and longjmp code (only), into a text file. Since they are macros, you will actually be copying the _setjmp3 and _longjmp functions.  Label all assembly code in the text file to show that you understand it.

CS415 Overview and Setjmp/Longjmp Project 1 22 Part A Notes  Setjmp/Longjmp have some sanity checks. You should be able to label the assembly instructions, but do not need to understand what is done inside anything called from those two functions. You should label what blocks of instructions are doing if you can determine it.  There is also a section of setjmp/longjmp in place to work with C++ exception code. You do not need to understand everything that it is doing, but the statements themselves must be labeled.  FYI: This section accesses the 0’th integer of the fs segment because that is where all status information is kept for the thread of execution in Windows NT.  Special Note: Because setjmp and longjmp are macros, their disassembly differs a bit from what corresponding function calls would look like.

CS415 Overview and Setjmp/Longjmp Project 1 23 Part A Disassembly View

CS415 Overview and Setjmp/Longjmp Project 1 24 Part A Comment Example **Call the longjmp procedure with a return value of –1** 52: longjmp(mark, -1); Push –1 onto the stack AB push 0FFh Push the offset of the mark structure AD push offset _mark ( ) Call longjmp (underscore here since setjmp/longjmp are macros) B2 call _longjmp (004012e8)

CS415 Overview and Setjmp/Longjmp Project 1 25 Part B Assignment  At the bottom of your handout are a number of setjmp/longjmp questions  Answer each of the questions and hand in on a typed sheet of paper  The first five questions are multiple choice. The sixth is an essay question.

CS415 Overview and Setjmp/Longjmp Project 1 26 A Quick Note on the CS Undergraduate Lab  Software for all CS 415 projects can be found installed in the CS Undergraduate Laboratory  All CS 415 students have accounts there  Your login ID is the same as your Cornell Net ID  You can set your password from  See for more information

CS415 Overview and Setjmp/Longjmp Project 1 27 Summary  Disassemble setjmp/longjmp example  Comment the disassembly  Answer the setjmp/longjmp questions  Our next assignment will depend on the knowledge you gain in Project 1 so be sure that you understand what you are doing!!