1. Recitation 2: Outline Assembly programming Using gdb L2 practice stuff Minglong Shao E-mail: shaoml+213@cs.cmu.edu Office hours: Thursdays 5-6PM Wean Hall 1315

2. Lab 2 reminder Must be done on FISH machines –Check if you can login –“fish.pl” (by dcheng@andrew & dtlin@andrew)

3. Assembly Format Op Src, Dest –add %eax, %ebx# %ebx += %eax –sub %eax, %ebx# %ebx -= %eax Op Arg –jmp 0x87654321# unconditional branch –jge 0x87654321# branch if >= in signed # comparison

4. Special registers %eaxreturn value %eipinstruction pointer %ebpbase (stack frame) pointer %espstack pointer

5. Simple sddressing modes $1010 (R)Mem[R] 10(R)Mem[R + 10] 0x10(R)Mem[R + 16]

6. Indexed addressing modes Generic Form D(Rb, Ri, S)Mem[Reg[Rb]+S*Reg[Ri]+D] Examples (Rb,Ri)Mem[Reg[Rb]+Reg[Ri]] D(Rb,Ri)Mem[Reg[Rb]+Reg[Ri]+D] (Rb,Ri,S)Mem[Reg[Rb]+S*Reg[Ri]]

7. Stack frames Abstract partitioning of the stack Each Frame contains the state for a single function instant Growing downwards Stack Pointer ( %esp ) Frame Pointer ( %ebp ) Return Addr Saved Registers Argument Build Old %ebp Local Variables Arguments Caller Frame

8. Function & stack Function Setup Save Old Base Pointer (pushl %ebp) Set up own base pointer (movl %esp, %ebp) –Note that this saves the old stack pointer Save any registers that could be clobbered –Where? Function Body Operations on data, loops, function calls

9. Function & stack Function Cleanup Return value placed in %eax –What about returning larger values? (structs, doubles) Restore Caller’s Stack Pointer (movl %ebp, %esp) Restore Old Base Pointer (popl %ebp) “leave” same as above sequence Return –Where does it return to?

10. Procedure Related Instructions int a_func (int arg1, int arg2, int arg3) Get arguments: –arg1: mov 8(%ebp),%ecx –arg2: mov 12(%ebp),%ecx –arg3? Set return value: –mov 0x1, %eax# return 1; mov 16(%ebp),%ecx

11. Example 1: Arithmetic int func1(int a, int b) { int x, y; x = a + b; y = 2*x - b; return x*y; }

12. func1 assembly func1: push %ebp # save frame pointer mov %esp,%ebp # frame ptr = stack ptr mov 0xc(%ebp),%ecx # %ecx = b mov 0x8(%ebp),%eax # %eax = a add %ecx,%eax # %eax = x = a + b lea (%eax,%eax,1),%edx # %edx = 2 * x sub %ecx,%edx # %edx = y = 2 * x - b imul %edx,%eax # %eax = x * y leave # restore stack pointer # restore frame pointer ret

13. Using gdb with func1 break func1 run disas where print/x $eax print/x $ecx

14. Example 2: Control int func2(int a, int b) { if(a>b) return a; else return b; }

15. ASM for func2 func2: push %ebp # save frame pointer mov %esp,%ebp # frame ptr = stack ptr mov 0x8(%ebp),%eax # %eax = a mov 0xc(%ebp),%ecx # %ecx = b mov %eax,%edx # %edx = $eax = a cmp %ecx,%eax # compare (a>b) jg.L1 # a > b mov %ecx,%edx # %edx = %ecx = b.L1: # mov %edx,%eax # %eax = %edx leave # restore stack pointer # restore frame pointer ret

16. Example 3: loop int get_sum(int * array, int size) { int sum = 0; int i=0; for (i=0; i<size; i++) sum += array[i]; return sum; } get_sum: push %ebp mov %esp,%ebp push %ebx mov 8(%ebp),%ebx mov 12(%ebp),%ecx mov $0,%eax mov %eax,%edx cmp %ecx,%eax jge.L4.L6: add (%ebx,%edx,4),%eax inc %edx cmp %ecx,%edx jl.L6.L4: mov (%esp), %ebx leave ret

17. Example 3: loop get_sum: push %ebp mov %esp,%ebp push %ebx mov 8(%ebp),%ebx mov 12(%ebp),%ecx mov $0,%eax mov %eax,%edx cmp %ecx,%eax jge.L4.L6: add (%ebx,%edx,4),%eax inc %edx cmp %ecx,%edx jl.L6.L4: mov (%esp,1), %ebx leave ret # ebx = array # ecx = size # eax = 0 //return value # edx = 0 //i # # if (i>size) goto L4 # eax += Mem[ebx+edx*4] # edx ++ //i++ # # if (edx < ecx) goto L6 # # restore ebx

18. Defuse a simple bomb