Devoir surveill Vendredi 22 fvrier 14h15h20 Amphi Turing

1
Devoir surveillé Vendredi 22 février
14h-15h20Amphi Turing

• Programme
• Tous les sujets traités en TDjusquau mercredi
  20 inclus
• Sans document

2
Machine-Level Programming Stack and Procedures

• Topics
• IA32 stack discipline
• Procedure calls
• Register saving conventions

Adaptation par J.Bétréma
Randal E. Bryant David R. O'Hallaron
Carnegie Mellon University
http//csapp.cs.cmu.edu
class07.ppt
3
Y86 Program Stack
Code

• Region of memory holding program data
• Used in Y86 (and IA32) for supporting procedure
  calls
• Stack top indicated by esp (Stack Pointer)
• Address of top stack element
• Stack grows toward lower addresses
• Top element is at highest address in the stack
• When pushing, must first decrement stack pointer
• When popping, increment stack pointer

Increasing Addresses
Stack Top
esp
Stack Bottom
4
Stack Operations

• Decrement esp by 4
• Store word from rA to memory at esp
• Like IA32
• Read word from memory at esp
• Save in rA
• Increment esp by 4
• Like IA32

5
IA32 Stack Pushing

• Pushing
• pushl Src
• Fetch operand at Src
• Decrement esp by 4
• Write operand at addressgiven by esp

eax

• Y86
• Src registre
• Exemple pushl eaxempile le contenu du
  registre eax

6
IA32 Stack Popping

• Popping
• popl Dest
• Read operand at addressgiven by esp
• Increment esp by 4
• Write to Dest

• Y86
• Dest registre
• Exemple popl edxdépile dans edx le moten
  sommet de pile

7
Stack Operation Examples
213
123
0x108
0x10c
0x110
eax
213
edx
555
213
esp
0x108
0x108
8
Call Chain Example

• Code Structure

Call Chain
f() g()
Vocabulaire fonction C procédure subroutine
f
g() h() h()
g
Profondeur de larbre des appels non bornée
h
h
...
...
9
Adresse de retour
Procédure appelée
Procédure appelante
f() g()
g() h() h()
La procédure appelée ignore ladresse de retour,
car elle ignore qui la appelée.
Solution la procédure appelante sauveladresse
de retour avant lappel.
Où ?
sur la pile !
10
Procedure Control Flow

• Use stack to support procedure call and return
• Procedure call
• call label Push return address on stack Jump to
  label
• Return address value
• Address of instruction beyond call
• Example from disassembly
• 804854e e8 3d 06 00 00 call 8048b90
• 8048553 8b 45 0c mov 0xc(ebp),eax
• Return address 0x8048553
• Procedure return
• ret Pop address from stack Jump to address

11
Subroutine Call and Return

• Push address of next instruction onto stack
• Start executing instructions at Dest
• Like IA32
• Pop value from stack
• Use as address for next instruction
• Like IA32

12
Stack-Based Languages

• Languages that Support Recursion
• Code must be Reentrant
• Multiple simultaneous instantiations of single
  procedure
• Need some place to store state of each
  instantiation
• Arguments
• Local variables
• Return pointer
• Stack Discipline
• State for given procedure needed for limited time
• From when called to when return
• Callee returns before caller does
• Stack Allocated in Frames
• state for single procedure instantiation

13
Stack Frames

• Contents
• Local variables
• Return information
• Temporary space
• Management
• Space allocated when enter procedure
• Set-up code
• Deallocated when return
• Finish code
• Pointers
• Stack pointer espindicates stack top
• Frame pointer ebp indicates start of current
  frame

f
g
h
Stack Top
proc
14
Stack Operation
Call Chain
f() g()
f
f

15
Stack Operation
Call Chain
g() h() h()
f
g
g
f

16
Stack Operation
Call Chain
h()
f
h
g
g
h
f

17
Stack Operation
Call Chain
g() h() h()
f
g
g
h
f

18
Stack Operation
Call Chain
h()
f
h
g
g
h
h
f

19
Stack Operation
Call Chain
g() h() h()
g
f

20
Stack Operation
Call Chain
f() g()
f
g
h
h
f

21
IA32/Linux Stack Frame

• Current Stack Frame (Top to Bottom)
• Parameters for function about to call
• Argument build
• Local variables
• If cant keep in registers
• Saved register context
• Old frame pointer
• Caller Stack Frame
• Return address
• Pushed by call instruction
• Arguments for this call

22
Example swap
Calling swap from call_swap
int zip1 15213 int zip2 91125 void
call_swap() ... swap(zip1, zip2) ...
call_swap pushl zip2 Global
Var pushl zip1 Global Var call swap
Resulting Stack
void swap(int xp, int yp) int t0 xp
int t1 yp xp t1 yp t0
23
swap
swap pushl ebp movl esp,ebp pushl
ebx movl 12(ebp),ecx movl
8(ebp),edx movl (ecx),eax movl
(edx),ebx movl eax,(edx) movl
ebx,(ecx) movl -4(ebp),ebx movl
ebp,esp popl ebp ret
Set Up
void swap(int xp, int yp) int t0 xp
int t1 yp xp t1 yp t0
Body
Finish
24
swap Setup
swap pushl ebp movl esp,ebp pushl ebx
Rtn adr
25
Effect of swap Setup
Resulting Stack
Entering Stack
ebp
0
4
Rtn adr
Offset (relative to ebp)
8
12
26
swap Finish
ebx
Restores ebx
ebp
movl -4(ebp),ebx movl ebp,esp popl ebp ret
Rtn adr
Rtn adr

• Observation
• Saved restoredregister ebx
• Didnt do so foreax, ecx, or edx

27
Register Saving Conventions

• When procedure f calls g
•  f is the caller, g is the callee
• Can Register be Used for Temporary Storage?
• Contents of register edx overwritten by g

f movl 15213, edx call g addl edx,
eax ret
g movl 8(ebp), edx addl 91125, edx
ret
28
Register Saving Conventions

• When procedure f calls g
•  f is the caller, g is the callee
• Can Register be Used for Temporary Storage?
• Conventions
• Caller Save
• Caller saves temporary in its frame before
  calling
• Callee Save
• Callee saves temporary in its frame before using

29
IA32/Linux Register Usage

• Integer Registers
• Two have special uses
• ebp, esp
• Three managed as callee-save
• ebx, esi, edi
• Old values saved on stack prior to using
• Three managed as caller-save
• eax, ecx, edx
• Do what you please, but expect any callee to do
  so, as well
• Register eax also stores returned value

eax
Caller-Save Temporaries
ecx
edx
ebx
Callee-Save Temporaries
esi
edi
ebp
Special
esp
30
Procédures récursives

• Le protocole précédent ne limite pas la
  profondeur de larbre des appels.
• Pièces bien placées sur léchiquier position
  solide.
• Prêt à parer une attaque inattendue
• Procédure récursive procédure qui sappelle
  elle-même
• Procédure appelante (caller) procédure appelée
  (callee)

31
Informatique théorique

• Un automate à états finis ne peut pas gérer
  correctement les appels de procédures
• Le langage des mots de la forme an bn nest pas
  rationnel
• Idem pour le langage des parenthèses ? mots de la
  forme( ) ( ( ) ( ) ) a b a a b a b b
• a appel (call) b retour (return)
• Pour parcourir un arbre il faut un automate à
  pile !

32
Recursive Factorial
rfact pushl ebp movl esp,ebp pushl
ebx movl 8(ebp),ebx cmpl 1,ebx jle
.L78 leal -1(ebx),eax pushl eax call
rfact imull ebx,eax jmp .L79 .align
4 .L78 movl 1,eax .L79 movl
-4(ebp),ebx movl ebp,esp popl ebp ret
int rfact (int x) int rval if (x lt 1)
return 1 rval rfact (x-1) return rval
x

• Registers
• eax used without first saving
• ebx used, but save at beginning restore at end

33
Summary

• The Stack Makes Procedures Work
• Private storage for each instance of procedure
  call
• Instantiations dont clobber each other
• Addressing of locals arguments can be relative
  to stack positions
• Can be managed by stack discipline
• Procedures return in inverse order of calls
• IA32 Procedures Combination of Instructions
  Conventions
• Call / Ret instructions
• Register usage conventions
• Caller / Callee save
• ebp and esp
• Stack frame organization conventions