Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carnegie Mellon Introduction to Computer Systems 15-213/18-243, spring 2009 Recitation, Jan. 14 th.

Published byIra Wilcox Modified over 9 years ago

Similar presentations

Presentation on theme: "Carnegie Mellon Introduction to Computer Systems 15-213/18-243, spring 2009 Recitation, Jan. 14 th."— Presentation transcript:

1 Carnegie Mellon Introduction to Computer Systems 15-213/18-243, spring 2009 Recitation, Jan. 14 th

2 Carnegie Mellon Agenda News Stack discipline review lea vs. mov Buflab introduction

3 Carnegie Mellon News Datalab feedback is available on autolab and on paper Bomblab is due tomorrow (Tuesday) ‏ Buflab comes out tomorrow and is due next Thursday (more on that later) ‏ Exam 1 is two weeks from tomorrow

4 Carnegie Mellon Stack Layout and Discipline

5 Carnegie Mellon IA32 Stack  Region of memory managed with stack discipline  “Grows” toward lower addresses  Register %esp indicates lowest stack address  address of “top” element  stack pointer Stack Pointer %esp Stack Grows Down Increasing Addresses Stack “Top” Stack “Bottom”

6 Carnegie Mellon IA32 Stack Pushing Pushing  pushl Src  Fetch operand from Src  A register: %ebp  Memory: 8(%ebp) ‏  Decrement %esp by 4  Store operand in memory at address given by %esp Stack Grows Down Increasing Addresses Stack “Top” Stack “Bottom” Stack Pointer %esp -4

7 Carnegie Mellon IA32 Stack Popping Popping  popl Dest  Read operand at address given by %esp  Increment %esp by 4  Write to Dest Stack Pointer %esp Stack Grows Down Increasing Addresses Stack “Top” Stack “Bottom” +4

8 Carnegie Mellon %esp %eax %edx %esp %eax %edx %esp %eax %edx 0x104 555 0x108 0x10c 0x110 0x104 555 213 123 Stack Operation Examples 0x108 0x10c 0x110 555 213 123 0x1080x104 pushl %eax 0x108 0x10c 0x110 213 123 0x104 213 popl %edx 0x108 213

9 Carnegie Mellon Procedure Control Flow  Use stack to support procedure call and return Procedure call:  call label Push return address on stack; Jump to label Return address value  Address of instruction after call  Example from disassembly  804854e:e8 3d 06 00 00 call 8048b90  8048553:50 pushl %eax  Return address = 0x8048553 Procedure return:  ret Pop address from stack; Jump to address

10 Carnegie Mellon %esp %eip %esp %eip0x804854e 0x108 0x10c 0x110 0x104 0x804854e 0x8048553 123 Procedure Call Example 0x108 0x10c 0x110 123 0x108 call 8048b90 804854e:e8 3d 06 00 00 call 8048b90 8048553:50 pushl %eax 0x8048b90 0x104 %eip is program counter

11 Carnegie Mellon %esp %eip 0x104 %esp %eip0x8048591 0x104 0x108 0x10c 0x110 0x8048553 123 Procedure Return Example 0x108 0x10c 0x110 123 ret 8048591:c3 ret 0x108 %eip is program counter 0x8048553

12 Carnegie Mellon IA32/Linux Stack Frame Current Stack Frame (“Top” to “Bottom”) ‏  Parameters for function about to call  “Argument build”  Local variables  If don't all fit in registers  Caller's saved registers  Caller's saved frame pointer Caller's Stack Frame  Return address  Pushed by call instruction  Arguments for this call Stack Pointer ( %esp )‏ Frame Pointer ( %ebp )‏ Return Addr Saved Registers + Local Variables Argument Build Old %ebp Arguments Caller Frame

13 Carnegie Mellon lea vs. mov

14 Carnegie Mellon lea vs. mov Problem point for many in bomblab lea = 'Load effective address'  First operand must be in the form of a memory reference – lea 0x4(%eax), %ecx  The 'effective address' of the first operand is calculated (in this case, %eax + 4).  Instead of reading Mem[%eax + 4], the value %eax + 4 is copied into %ecx Rember the memory addressing forms:  (reg) => reg  d(reg) => reg + d  (reg, reg2) => reg + reg2  d(reg, regi, scale) => reg + regi * scale + d (with scale = 1, 2, 4 or 8) ‏  All forms are generalizations of this one: if you leave out d or regi it's assumed to be 0, if you leave out scale it's assumed to be 1.

15 Carnegie Mellon Demo time!

16 Carnegie Mellon Buflab

17 Carnegie Mellon Buflab Summary The bad news: you only have 9 days for this lab The good news: it can be completed in about an hour, if you really understand stacks and function call conventions New this semester: The last stage, nitroglycerin, is now a required part of the lab and worth a significant amount of points buflab and this recitation will be entirely 32-bit, but you're still responsible for knowing how stacks and function calls work on 64-bit machines (read the handout on the website) ‏

18 Carnegie Mellon Demo time!

19 Carnegie Mellon Disclaimer That demo was very simple, you'll have to construct strings with real information in them for buflab:  Encode a special value in the string  Avoid corrupting the stack  The last two stages require hand-writing a few lines of assembly DRAW PICTURES OF STACKS  Seriously. You'll need to keep track of the position and value of a number of different things that are on the stack in this lab, and it won't all reliably fit in your short-term memory.  If you're having trouble with this lab, we will be much more willing and able to help you if you bring a picture of what you think the stack looks like before and after your string is entered.

20 Carnegie Mellon Useful Additional Reading http://www.phrack.com/issues.html?issue=49&id=14  “Smashing the Stack for Fun and Profit”  Very long, detailed, explanation of buffer overflows  Much more information than you need for the lab, but still fun and useful

21 Carnegie Mellon Questions? (stacks, buflab, bomblab) ‏

Download ppt "Carnegie Mellon Introduction to Computer Systems 15-213/18-243, spring 2009 Recitation, Jan. 14 th."

Similar presentations

Machine-Level Programming III: Procedures Feb. 8, 2000 Topics IA32 stack Stack-based languages Stack frames Register saving conventions Creating pointers.

Machine-Level Programming III: Procedures Feb. 8, 2000 Topics IA32 stack Stack-based languages Stack frames Register saving conventions Creating pointers.
Calling sequence ESP.

Calling sequence ESP.
15/18-213: Introduction to Computer Systems

15/18-213: Introduction to Computer Systems
University of Washington Procedures and Stacks II The Hardware/Software Interface CSE351 Winter 2013.

University of Washington Procedures and Stacks II The Hardware/Software Interface CSE351 Winter 2013.
Machine Programming – Procedures and IA32 Stack CENG334: Introduction to Operating Systems Instructor: Erol Sahin Acknowledgement: Most of the slides are.

Machine Programming – Procedures and IA32 Stack CENG334: Introduction to Operating Systems Instructor: Erol Sahin Acknowledgement: Most of the slides are.
RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab.

RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab.
University of Washington Last Time For loops  for loop → while loop → do-while loop → goto version  for loop → while loop → goto “jump to middle” version.

University of Washington Last Time For loops  for loop → while loop → do-while loop → goto version  for loop → while loop → goto “jump to middle” version.
Machine-Level Programming III: Procedures Apr. 17, 2006 Topics IA32 stack discipline Register saving conventions Creating pointers to local variables CS213.

Machine-Level Programming III: Procedures Apr. 17, 2006 Topics IA32 stack discipline Register saving conventions Creating pointers to local variables CS213.
PC hardware and x86 3/3/08 Frans Kaashoek MIT

PC hardware and x86 3/3/08 Frans Kaashoek MIT
1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)

1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)
CS 536 Spring 20011 Code generation I Lecture 20.

CS 536 Spring Code generation I Lecture 20.
Machine-Level Programming III: Procedures Sept. 17, 2007 IA32 stack discipline Register saving conventions Creating pointers to local variablesx86-64 Argument.

Machine-Level Programming III: Procedures Sept. 17, 2007 IA32 stack discipline Register saving conventions Creating pointers to local variablesx86-64 Argument.
– 1 – 15-213, F’02 ICS05 Instructor: Peter A. Dinda TA: Bin Lin Recitation 4.

– 1 – , F’02 ICS05 Instructor: Peter A. Dinda TA: Bin Lin Recitation 4.
1 Homework Reading –PAL, pp 201-216, 297-312 Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.

1 Homework Reading –PAL, pp , Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.
Machine-Level Programming III: Procedures Jan 30, 2003

Machine-Level Programming III: Procedures Jan 30, 2003
Assembly תרגול 8 פונקציות והתקפת buffer.. Procedures (Functions) A procedure call involves passing both data and control from one part of the code to.

Assembly תרגול 8 פונקציות והתקפת buffer.. Procedures (Functions) A procedure call involves passing both data and control from one part of the code to.
Machine-Level Programming III: Procedures Sept. 15, 2006 IA32 stack discipline Register saving conventions Creating pointers to local variablesx86-64 Argument.

Machine-Level Programming III: Procedures Sept. 15, 2006 IA32 stack discipline Register saving conventions Creating pointers to local variablesx86-64 Argument.
September 22, 2014 Pengju (Jimmy) Jin Section E

September 22, 2014 Pengju (Jimmy) Jin Section E
Stack Activation Records Topics IA32 stack discipline Register saving conventions Creating pointers to local variables February 6, 2003 CSCE 212H Computer.

Stack Activation Records Topics IA32 stack discipline Register saving conventions Creating pointers to local variables February 6, 2003 CSCE 212H Computer.
6.828: PC hardware and x86 Frans Kaashoek

6.828: PC hardware and x86 Frans Kaashoek

Similar presentations

Ads by Google