IA32 Stack Discipline From Last Time Stack grows down, high addresses so th

 www.phwiki.com

 

The Above Picture is Related Image of Another Journal

 

IA32 Stack Discipline From Last Time Stack grows down, high addresses so th

Armstrong Atlantic State University, US has reference to this Academic Journal, IA32 Stack Discipline From Last Time Stack grows down, high addresses so that low %esp points so that lowest allocated position on stack Pushl %esp-=4 , write word so that memory %esp points so that Popl Read word from memory %esp points to, %esp+=4 Call instruction Pushes %eip (pointer so that next instruction) Jumps so that target Ret Pops into %eip (returns so that next next instruction after call) Stack ?frame? stores the context in which the procedure operates Stack-based languages Stack stores context of procedure calls Multiple calls so that a procedure can be outstanding simultaneously Recursion Sorry attempt so that connect so that modern French philosophy Call Chain Example Code Structure yoo(?) { ? ? who(); ? ? } who(?) { ? ? amI(); ? ? } amI(?) { ? ? amI(); ? ? } Procedure amI recursive IA32 Stack Structure Stack Growth Toward lower addresses Stack Pointer Address of highest allocated item in stack Use register %esp Frame Pointer Start of current stack frame Use register %ebp Stack ?Top? Procedure Call Conventions

 Kaufman, James Armstrong Atlantic State University www.phwiki.com

 

Related University That Contributed for this Journal are Acknowledged in the above Image

 

IA32/Linux Stack Frame Caller Stack Frame Arguments in consideration of this call Pushed explicitly Return address Pushed by call instruction Callee Stack Frame Old frame pointer Saved register context Local variables If can?t keep in registers Parameters in consideration of called functions Stack Pointer (%esp) Return Addr Saved Registers Argument Build Old %ebp Local Variables Arguments Caller Frame Revisiting swap void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; } int zip1 = 15213; int zip2 = 91125; void call_swap() { swap(&zip1, &zip2); } call_swap: ? ? ? pushl $zip2 pushl $zip1 call swap ? ? ? &zip2 &zip1 Rtn adr %esp Resulting Stack ? ? ? Revisiting swap void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; } swap: pushl %ebp movl %esp,%ebp pushl %ebx movl 12(%ebp),%ecx movl 8(%ebp),%edx movl (%ecx),%eax movl (%edx),%ebx movl %eax,(%edx) movl %ebx,(%ecx) movl -4(%ebp),%ebx movl %ebp,%esp popl %ebp ret Body Set Up Finish

swap Setup swap: pushl %ebp movl %esp,%ebp pushl %ebx yp xp Rtn adr Old %ebp %ebp 0 4 8 12 Offset Resulting Stack ? ? ? &zip2 &zip1 Rtn adr %esp Entering Stack ? ? ? %ebp Old %ebx %esp swap Finish Observation Saved & restored register %ebx Didn?t do so in consideration of %eax, %ecx, or %edx movl -4(%ebp),%ebx movl %ebp,%esp popl %ebp ret yp xp Rtn adr Old %ebp %ebp 0 4 8 12 Offset swap?s Stack ? ? ? &zip2 &zip1 %esp Exiting Stack ? ? ? %ebp Old %ebx %esp -4 Register Saving Conventions When procedure yoo calls who: ├┐yoo is the caller, who is the callee Can Register be Used in consideration of Temporary Storage? Contents of register %edx overwritten by who Conventions ?Caller Save? Caller saves temporary in its frame before calling ?Callee Save? Callee saves temporary in its frame before using yoo: ? ? ? movl $15213, %edx call who addl %edx, %eax ? ? ? ret who: ? ? ? movl 8(%ebp), %edx addl $91125, %edx ? ? ? ret

MSI: A Research Infrastructure in consideration of Integrated Quality of Service Management in Multimedia Computing Environments Morning Agenda Afternoon Agenda Proposal Overview Budget Summary ($K) NSF Budget ($K) Cost Sharing ($K) Multimedia Support Infrastructure Management Plan Showcasing MSI Value Added Activities Summer Institute (1) Summer Institute (2) Fisk University – Partnership in Research in addition to Education MSI Overview Focus Architectural Overview Sample Multimedia Document Multimedia Browsing Environment End-to-End QoP / QoS Management A User-Level QoP Specification Interface Planned Activities

IA32/Linux Register Usage Surmised by looking at code examples Integer Registers Two have special uses %ebp, %esp Three managed as callee-save %ebx, %esi, %edi Old values saved on stack prior so that using Three managed as caller-save %eax, %edx, %ecx Do what you please, but expect any callee so that do so, as well Register %eax also stores returned value %eax %edx %ecx %ebx %esi %edi %esp %ebp Caller-Save Temporaries Callee-Save Temporaries Special Recursive Factorial Complete Assembly Assembler directives Lines beginning alongside ?.? Not of concern so that us Labels .Lxx Actual instructions int rfact(int x) { int rval; if (x <= 1) return 1; rval = rfact(x-1); return rval * x; } .globl rfact .type rfact,@function rfact: pushl %ebp movl %esp,%ebp pushl %ebx movl 8(%ebp),%ebx cmpl $1,%ebx jle .L78 leal -1(%ebx),%eax pushl %eax call rfact imull %ebx,%eax jmp .L79 .align 4 .L78: movl $1,%eax .L79: movl -4(%ebp),%ebx movl %ebp,%esp popl %ebp ret Rfact Stack Setup rfact: pushl %ebp movl %esp,%ebp pushl %ebx Entering Stack Rfact Body Registers $ebx Stored value of x $eax Temporary value of x-1 Returned value from rfact(x-1) Returned value from this call movl 8(%ebp),%ebx # ebx = x cmpl $1,%ebx # Compare x : 1 jle .L78 # If <= goto Term leal -1(%ebx),%eax # eax = x-1 pushl %eax # Push x-1 call rfact # rfact(x-1) imull %ebx,%eax # rval * x jmp .L79 # Goto done .L78: # Term: movl $1,%eax # return val = 1 .L79: # Done: int rfact(int x) { int rval; if (x <= 1) return 1; rval = rfact(x-1); return rval * x; } Rfact Recursion Rfact Result Rfact Completion movl -4(%ebp),%ebx movl %ebp,%esp popl %ebp ret x Rtn adr Old %ebp %ebp 0 4 8 Old %ebx %esp -4 x! %eax Old %ebx %ebx x! %eax x %ebx x-1 -8 Tail Recursion in addition to Optimization Tail recursive procedures can be turned into iterative procedures (for loops) Compilers can sometimes detect tail recursion in addition to do the conversion in consideration of you void tail_rec(?) { ? tail_rec(?); } Internet worm in addition to IM War November, 1988 Internet Worm attacks thousands of Internet hosts. How did it happen? July, 1999 Microsoft launches MSN Messenger (instant messaging system). Messenger clients can access popular AOL Instant Messaging Service (AIM) servers AIM server AIM client AIM client MSN client MSN server Internet Worm in addition to IM War (cont) August 1999 Mysteriously, Messenger clients can no longer access AIM servers. Even though the AIM protocol is an open, published standard. Microsoft in addition to AOL begin the IM war: AOL changes server so that disallow Messenger clients Microsoft makes changes so that clients so that defeat AOL changes. At least 13 such skirmishes. How did it happen? The Internet Worm in addition to AOL/Microsoft War were both based on stack buffer overflow exploits! many Unix functions, such as gets() in addition to strcpy(), do not check argument sizes. allows target buffers so that overflow. Stack buffer overflows void bar() { char buf[64]; gets(buf); . } void foo(){ bar(); . } Stack before call so that gets() A Old %ebp buf return address A foo stack frame bar stack frame Stack buffer overflows (cont) void bar() { char buf[64]; gets(buf); . } void foo(){ bar(); . } Stack after call so that gets() B return address A foo stack frame bar stack frame B exploit code pad When bar() returns, control passes silently so that B instead of A!! data written by gets() Exploits often based on buffer overflows Buffer overflow bugs allow remote machines so that execute arbitrary code on victim machines. Internet worm Early versions of the finger server (fingerd) used gets() so that read the argument sent by the client: finger pdinda@cs.northwestern Worm attacked fingerd client by sending phony argument: finger ?exploit code padding new return address? exploit code: executed a root shell on the victim machine alongside a direct TCP connection so that the attacker. IM War AOL exploited existing buffer overflow bug in AIM clients exploit code: returned 4-byte signature (the bytes at some location in the AIM client) so that server. When Microsoft changed code so that match signature, AOL changed signature location. Main Ideas Stack Provides Storage in consideration of Procedure Instantiation Save state Local variables Any variable in consideration of which must create pointer Assembly Code Must Manage Stack Allocate / deallocate by decrementing / incrementing stack pointer Saving / restoring register state Stack Adequate in consideration of All Forms of Recursion Including multi-way in addition to mutual recursion examples in the bonus slides. Good programmers know the stack discipline in addition to are aware of the dangers of stack buffer overflows. And now? structured data? Basic Data Types Integral Stored & operated on in general registers Signed vs. unsigned depends on instructions used Intel GAS Bytes C byte b 1 [unsigned] char word w 2 [unsigned] short double word l 4 [unsigned] int Floating Point Stored & operated on in floating point registers Intel GAS Bytes C Single s 4 float Double l 8 double Extended t 10/12 long double Array Allocation Basic Principle T A[L]; Array of data type T in addition to length L Contiguously allocated region of L * sizeof(T) bytes char *p[3]; Array Access Basic Principle T A[L]; Array of data type T in addition to length L Identifier A can be used as a pointer so that starting element of the array Reference Type Value val[4] int 3 val int * x val+1 int * x + 4 &val[2] int * x + 8 val[5] int ?? *(val+1) int 5 val + i int * x + 4 i Array Example Notes Declaration ?zip_dig cmu? equivalent so that ?int cmu[5]? Example arrays were allocated in successive 20 byte blocks Not guaranteed so that happen in general typedef int zip_dig[5]; zip_dig cmu = { 1, 5, 2, 1, 3 }; zip_dig mit = { 0, 2, 1, 3, 9 }; zip_dig nwu = { 6, 0, 2, 0, 1 }; Array Accessing Example Memory Reference Code int get_digit (zip_dig z, int dig) { return z[dig]; } # %edx = z # %eax = dig movl (%edx,%eax,4),%eax # z[dig] Computation Register %edx contains starting address of array Register %eax contains array index Desired digit at 4*%eax + %edx Use memory reference (%edx,%eax,4) Referencing Examples Code Does Not Do Any Bounds Checking! Reference Address Value Guaranteed? mit[3] 36 + 4* 3 = 48 3 Yes mit[5] 36 + 4* 5 = 56 9 No mit[-1] 36 + 4*-1 = 32 3 No cmu[15] 16 + 4*15 = 76 ?? No Out of range behavior implementation-dependent No guranteed relative allocation of different arrays Array Loop Example Original Source int zd2int(zip_dig z) { int i; int zi = 0; in consideration of (i = 0; i < 5; i++) { zi = 10 * zi + z[i]; } return zi; } int zd2int(zip_dig z) { int zi = 0; int *zend = z + 4; do { zi = 10 * zi + *z; z++; } while(z <= zend); return zi; } Transformed Version Eliminate loop variable i Convert array code so that pointer code Express in do-while form No need so that test at entrance Optimizing Dynamic Array Multiplication Optimizations Performed when set optimization level so that -O2 Code Motion Expression i*n can be computed outside loop Strength Reduction Incrementing j has effect of incrementing j*n+k by n Performance Compiler can optimize regular access patterns { int j; int result = 0; in consideration of (j = 0; j < n; j++) result += a[i*n+j] * b[j*n+k]; return result; } { int j; int result = 0; int iTn = i*n; int jTnPk = k; in consideration of (j = 0; j < n; j++) { result += a[iTn+j] * b[jTnPk]; jTnPk += n; } return result; } Dynamic Array Multiplication .L44: # loop movl -4(%ebp),%eax # iTn movl 8(%ebp),%edi # a addl %edx,%eax # iTn+j movl (%edi,%eax,4),%eax # a[.] movl 12(%ebp),%edi # b incl %edx # j++ imull (%edi,%ebx,4),%eax # b[.]*a[.] addl %eax,%ecx # result += . addl %esi,%ebx # jTnPk += j cmpl %esi,%edx # j : n jl .L44 # if < goto loop { int j; int result = 0; int iTn = i*n; int jTnPk = k; in consideration of (j = 0; j < n; j++) { result += a[iTn+j] * b[jTnPk]; jTnPk += n; } return result; } Inner Loop %ecx result %edx j %esi n %ebx jTnPk Mem[-4(%ebp)] iTn Summary Arrays in C Contiguous allocation of memory Pointer so that first element No bounds checking Compiler Optimizations Compiler often turns array code into pointer code zd2int Uses addressing modes so that scale array indices Lots of tricks so that improve array indexing in loops code motion reduction in strength

Kaufman, James General Assignment Reporter and Weekend Anchor

Kaufman, James is from United States and they belong to General Assignment Reporter and Weekend Anchor and work for KOLD-TV in the AZ state United States got related to this Particular Article.

Journal Ratings by Armstrong Atlantic State University

This Particular Journal got reviewed and rated by Array Allocation Basic Principle T A[L]; Array of data type T in addition to length L Contiguously allocated region of L * sizeof(T) bytes char *p[3]; Array Access Basic Principle T A[L]; Array of data type T in addition to length L Identifier A can be used as a pointer so that starting element of the array Reference Type Value val[4] int 3 val int * x val+1 int * x + 4 &val[2] int * x + 8 val[5] int ?? *(val+1) int 5 val + i int * x + 4 i Array Example Notes Declaration ?zip_dig cmu? equivalent so that ?int cmu[5]? Example arrays were allocated in successive 20 byte blocks Not guaranteed so that happen in general typedef int zip_dig[5]; zip_dig cmu = { 1, 5, 2, 1, 3 }; zip_dig mit = { 0, 2, 1, 3, 9 }; zip_dig nwu = { 6, 0, 2, 0, 1 }; and short form of this particular Institution is US and gave this Journal an Excellent Rating.