CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 20: Stack Frames 7 March 08



Similar documents
Assembly Language: Function Calls" Jennifer Rexford!

A Tiny Guide to Programming in 32-bit x86 Assembly Language

Machine-Code Generation for Functions

X86-64 Architecture Guide

Hacking Techniques & Intrusion Detection. Ali Al-Shemery arabnix [at] gmail

Return-oriented programming without returns

x64 Cheat Sheet Fall 2015

COMP 356 Programming Language Structures Notes for Chapter 10 of Concepts of Programming Languages Implementing Subprograms.

Lecture 7: Machine-Level Programming I: Basics Mohamed Zahran (aka Z)

CS61: Systems Programing and Machine Organization

Systems Design & Programming Data Movement Instructions. Intel Assembly

An Introduction to Assembly Programming with the ARM 32-bit Processor Family

Stack machines The MIPS assembly language A simple source language Stack-machine implementation of the simple language Readings:

Abysssec Research. 1) Advisory information. 2) Vulnerable version

Instruction Set Architecture

Software Vulnerabilities

CS:APP Chapter 4 Computer Architecture Instruction Set Architecture. CS:APP2e

Intel 8086 architecture

64-Bit NASM Notes. Invoking 64-Bit NASM

Lecture Outline. Stack machines The MIPS assembly language. Code Generation (I)

Heap-based Buffer Overflow Vulnerability in Adobe Flash Player

Stack Overflows. Mitchell Adair

Administration. Instruction scheduling. Modern processors. Examples. Simplified architecture model. CS 412 Introduction to Compilers

Buffer Overflows. Security 2011

Computer Organization and Architecture

Off-by-One exploitation tutorial

Organization of Programming Languages CS320/520N. Lecture 05. Razvan C. Bunescu School of Electrical Engineering and Computer Science

Hotpatching and the Rise of Third-Party Patches

Unpacked BCD Arithmetic. BCD (ASCII) Arithmetic. Where and Why is BCD used? From the SQL Server Manual. Packed BCD, ASCII, Unpacked BCD

Chapter 7D The Java Virtual Machine

Software Fingerprinting for Automated Malicious Code Analysis

Intel Assembler. Project administration. Non-standard project. Project administration: Repository

Lecture 27 C and Assembly

Compilers. Introduction to Compilers. Lecture 1. Spring term. Mick O Donnell: michael.odonnell@uam.es Alfonso Ortega: alfonso.ortega@uam.

Machine Programming II: Instruc8ons

CHAPTER 6 TASK MANAGEMENT

The Beast is Resting in Your Memory On Return-Oriented Programming Attacks and Mitigation Techniques To appear at USENIX Security & BlackHat USA, 2014

Where we are CS 4120 Introduction to Compilers Abstract Assembly Instruction selection mov e1 , e2 jmp e cmp e1 , e2 [jne je jgt ] l push e1 call e

How To Improve Performance On Binary Code

More MIPS: Recursion. Computer Science 104 Lecture 9

Machine-Level Programming II: Arithmetic & Control

Analysis of Win32.Scream

Faculty of Engineering Student Number:

Stack Allocation. Run-Time Data Structures. Static Structures

language 1 (source) compiler language 2 (target) Figure 1: Compiling a program

Recursive Fibonacci and the Stack Frame. the Fibonacci function. The Fibonacci function defines the Fibonacci sequence, using a recursive definition :

2) Write in detail the issues in the design of code generator.

A3 Computer Architecture

CSE-111 Great Ideas in Computer Science Albert Y. C. Chen University at Buffalo, SUNY

Language Processing Systems

Compiler Construction

Computer Systems Architecture

Efficient Cross-Platform Method Dispatching for Interpreted Languages

Bypassing Browser Memory Protections in Windows Vista

l C-Programming l A real computer language l Data Representation l Everything goes down to bits and bytes l Machine representation Language

Semester Review. CSC 301, Fall 2015

Interpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters

Stitching the Gadgets On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection

Under The Hood: The System Call

Fast Byte-Granularity Software Fault Isolation

C Compiler Targeting the Java Virtual Machine

High-speed image processing algorithms using MMX hardware

1 The Java Virtual Machine

1. General function and functionality of the malware

INTRODUCTION TO MALWARE & MALWARE ANALYSIS

Overview of IA-32 assembly programming. Lars Ailo Bongo University of Tromsø

612 CHAPTER 11 PROCESSOR FAMILIES (Corrisponde al cap Famiglie di processori) PROBLEMS

The Java Virtual Machine (JVM) Pat Morin COMP 3002

5. Calling conventions for different C++ compilers and operating systems

CSCI 3136 Principles of Programming Languages

Instruction Set Architecture

esrever gnireenigne tfosorcim seiranib

Introduction. Compiler Design CSE 504. Overview. Programming problems are easier to solve in high-level languages

Notes on x86-64 programming

The Java Virtual Machine and Mobile Devices. John Buford, Ph.D. Oct 2003 Presented to Gordon College CS 311

TitanMist: Your First Step to Reversing Nirvana TitanMist. mist.reversinglabs.com

Function Extraction: Automated Behavior Computation for Aerospace Software Verification and Certification

Complete 8086 instruction set

MACHINE ARCHITECTURE & LANGUAGE

風 水. Heap Feng Shui in JavaScript. Alexander Sotirov.

Embedded Systems. Review of ANSI C Topics. A Review of ANSI C and Considerations for Embedded C Programming. Basic features of C

Bypassing Windows Hardware-enforced Data Execution Prevention

Upcompiling Legacy Code to Java

The 80x86 Instruction Set

CPU performance monitoring using the Time-Stamp Counter register

Automating Mimicry Attacks Using Static Binary Analysis

PROBLEMS (Cap. 4 - Istruzioni macchina)

Computer Organization and Components

Bypassing Memory Protections: The Future of Exploitation

Syscall Proxying - Simulating remote execution Maximiliano Caceres <maximiliano.caceres@corest.com> Copyright 2002 CORE SECURITY TECHNOLOGIES

Programming Languages

Chapter 5 Names, Bindings, Type Checking, and Scopes

Introduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code

Habanero Extreme Scale Software Research Project

Semantic Analysis: Types and Type Checking

Reversing C++ Paul Vincent Sabanal. Mark Vincent Yason

How to make the computer understand? Lecture 15: Putting it all together. Example (Output assembly code) Example (input program) Anatomy of a Computer

Visualizing principles of abstract machines by generating interactive animations

Typy danych. Data types: Literals:

Announcements. More OS motivation. Today s adventure. Why processes? Simplicity. www. Why processes? Speed. Processes in the real world

Transcription:

CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 20: Stack Frames 7 March 08 CS 412/413 Spring 2008 Introduction to Compilers 1

Where We Are Source code if (b == 0) a = b; Low-level IR code Optimized Low-level IR code Assembly code cmp $0,%ecx cmovz %eax,%edx Lexical, Syntax, and Semantic Analysis IR Generation Optimizations Assembly code generation CS 412/413 Spring 2008 Introduction to Compilers 2

Assembly vs. Low IR Assembly code: Finite set of registers Variables = memory locations (no names) Variables accessed differently: global, local, heap, args, etc. Uses a run-time stack (with special instructions) Calling sequences: special sequences of instructions for function calls and returns Instruction set of target machine Low IR code: Variables (and temporaries) No run-time stack No calling sequences Some abstract set of instructions CS 412/413 Spring 2008 Introduction to Compilers 3

Low IR to Assembly Translation Calling sequences: Translate function calls and returns into appropriate sequences that: pass parameters, save registers, and give back return values Consists of push/pop operations on the run-time stack Variables: Translate accesses to specific kinds of variables (globals, locals, arguments, etc) Register Allocation: map the variables to registers Instruction set: Account for differences in the instruction set Instruction selection: map sets of low level IR instructions to instructions in the target machine CS 412/413 Spring 2008 Introduction to Compilers 4

x86 Quick Overview Few registers: General purpose 32bit: eax, ebx, ecx, edx, esi, edi Also 16-bit: ax, bx, etc., and 8-bit: al, ah, bl, bh, etc. Stack registers: esp, ebp Many instructions: Arithmetic: add, sub, inc, mod, idiv, imul, etc. Logic: and, or, not, xor Comparison: cmp, test Control flow: jmp, jcc, jecz Function calls: call, ret Data movement: mov (many variants) Stack manipulations: push, pop Other: lea CS 412/413 Spring 2008 Introduction to Compilers 5

Run-Time Stack A frame (or activation record) for each function execution Represents execution environment of the function Includes: local variables, parameters, return value, etc. Different frames for recursive function invocations Run-time stack of frames: Push frame of f on stack when program calls f Pop stack frame when f returns Top frame = frame of currently executed function This mechanism is necessary to support recursion Different activations of the same recursive function have different stack frames CS 412/413 Spring 2008 Introduction to Compilers 6

Stack Pointers Usually run-time stack grows downwards Address of top of stack decreases Values on current frame (i.e., frame on top of stack) accessed using two pointers: Stack pointer (sp): points to frame top Frame pointer(fp): points to frame base Variable access: use offset from fp (sp) fp Previous Frame Top Frame sp When do we need two pointers? If stack frame size not known at compile time Example: alloca (dynamic allocation on stack) CS 412/413 Spring 2008 Introduction to Compilers 7

Hardware Support Hardware provides: Stack registers Stack instructions X86 Registers and instructions for stack manipulation: Stack pointer register: esp Frame pointer register: ebp Push instructions: push, pusha, etc. Pop instructions: pop, popa, etc Call instruction: call Return instruction: ret CS 412/413 Spring 2008 Introduction to Compilers 8

Anatomy of a Stack Frame Previous frame (responsibility of the caller) Param n Param 1 Incoming parameters fp Return address Previous fp Current frame (responsibility of the callee) sp Local 1 Local n Param n Param 1 Return address Outgoing parameters CS 412/413 Spring 2008 Introduction to Compilers 9

Static Links Problem for languages with nested functions (Pascal): How do we access local variables from other frames? Need a static link: a pointer to the frame of enclosing function Previous fp = dynamic link, i.e. pointer to the previous frame in the current execution fp sp Previous fp Static link Local 1 Local n Param n Param 1 Return address CS 412/413 Spring 2008 Introduction to Compilers 10

Example Nested Procedures procedure f(i : integer) var a : integer; dynamic links static links procedure h(j : integer) begin a = j end procedure g(k : integer) begin h(k*k) end begin g(i+2) end Frame f Frame g Frame h CS 412/413 Spring 2008 Introduction to Compilers 11

Display Unacceptable to have to chase down static chains to find frame containing non-local variable. A display is a linearization of the static chain copied into the local frame (or maintained globally) as an array. The pointer to the frame containing non-local variables at lexical level i is display[i]. fp sp Previous fp Display Local 1 Local n Param n Param 1 Return address CS 412/413 Spring 2008 Introduction to Compilers 12

Saving Registers Problem: execution of invoked function may overwrite useful values in registers Generated code must: Save registers when function is invoked Restore registers when function returns Possibilities: Callee saves and restores registers Caller saves and restores registers or both CS 412/413 Spring 2008 Introduction to Compilers 13

Calling Sequences How to generate the code that builds the frames? Generate code that pushes values on stack: 1. Before call instructions (caller responsibilities) 2. At function entry (callee responsibilities) Generate code that pops values from stack: 3. After call instructions (caller responsibilities) 4. At return instructions (callee responsibilities) Calling sequences = sequences of instructions performed in each of the above 4 cases CS 412/413 Spring 2008 Introduction to Compilers 14

Push Values on Stack Code before call instruction: Push caller-saved registers Push each actual parameter (in reverse order) Push static link (or display) (if necessary) Push return address (current program counter) and jump to caller code Prologue = code at function entry Push dynamic link (i.e., current fp) Old stack pointer becomes new frame pointer Push local variables Push callee-saved registers CS 412/413 Spring 2008 Introduction to Compilers 15

Pop Values from Stack Epilogue = code at return instruction Pop (restore) callee-saved registers Restore old stack pointer (pop callee frame!) Pop old frame pointer Pop return address and jump to that address Code after call Pop (restore) caller-saved registers Pop parameters from the stack Pop static link (or display) (if necessary) Use return value CS 412/413 Spring 2008 Introduction to Compilers 16

Example: Pentium Consider call foo(3, 5), %ecx caller-saved, %ebx calleesaved, no static links, result passed back in %eax Code before call instruction: push %ecx // push caller saved registers push $5 // push second parameter push $3 // push first parameter call _foo // push return address and jump to callee Prologue: push %ebp // push old fp mov %esp, %ebp // compute new fp sub $12, %esp // push 3 integer local variables push %ebx // push callee saved registers CS 412/413 Spring 2008 Introduction to Compilers 17

Example: Pentium Epilogue: pop %ebx mov %ebp,%esp pop %ebp ret // restore callee-saved registers // pop callee frame, including locals // restore old fp // pop return address and jump Code after call instruction: add $8,%esp // pop parameters pop %ecx // restore caller-saved registers CS 412/413 Spring 2008 Introduction to Compilers 18

Accessing Stack Variables To access stack variables: use offsets from fp Example: 8(%ebp) = parameter 1 12(%ebp) = parameter 2-4(%ebp) =local 1 Translate low-level code to take into account the frame pointer: a = p+1 => -4(%ebp) = 16(%ebp)+1 ebp+ ebp+8 ebp ebp-4 esp Param n Param 1 Return address Previous fp Local 1 Local n Param n Param 1 Return address CS 412/413 Spring 2008 Introduction to Compilers 19

Accessing Other Variables Global variables Are statically allocated Their addresses can be statically computed Don t need to translate low IR Heap variables Are unnamed locations Can be accessed only by dereferencing variables that hold their addresses Therefore, they don t explicitly occur in low-level code CS 412/413 Spring 2008 Introduction to Compilers 20

Big Picture: Memory Layout Stack variables Param n Param 1 Return address Previous fp Local 1 Local n Heap variables Global variables Global 1 Global n CS 412/413 Spring 2008 Introduction to Compilers 21

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information