问题一:

下面这条指令跳转到哪里?

   0x0000000000400f75 <+50>:	jmpq   *0x402470(,%rax,8)

正解:

这条指令以0x402470(,%rax,8)指向的内存的值作为地址,又有

(gdb) p $rax
$1 = 7

所以0x402470+7x8=0x4024a8,查询0x4024a8

(gdb) x 0x4024a8
0x4024a8:	0x00400fa6

得到跳转地址为0x00400fa6

问题二:

pushl Src

的用途?

正解:

  • Fetch value from Src
  • Decrement %esp by 4
  • Store value at address given by %esp

    问题三:

    popl Src
    

    的用途?

    正解:

  • Load value from address %esp
  • Write value to Dest
  • Incremnet %esp by 4

    问题四:

    call label //Push return address on stack; Jump to label
    ret //Pop return address from stack; Jump to address
    

    的机制的详细描述?

    正解:

    先将下一条指令的地址放到%rip,再push on stack;再将callee的第一条指令的地址放到%rip,执行指令;执行ret时将pop caller’s frame,将其内含的下一条指令的地址加载到%rip中

    问题五:

    Frame Pointer: %ebp指向栈底

    问题六:

    leave instruction等价于

    mov %ebp, %esp
    pop %ebp
    

    问题七:

    x86 32-bit Registers

  • Caller-Save Temporaries: %eax, %edx, %ecx
  • Callee-Save Temporaries: %ebx, %esi, %edi
  • Special: %esp, %ebp

问题八:

x86-64 64-bit Registers

  • %rax Return value
  • %rbx Callee saved
  • %rcx Arg4
  • %rdx Arg3
  • %rsi Arg2
  • %rdi Arg1
  • %rsp Stack pointer
  • %rbp Callee saved
  • %r8 Arg5
  • %r9 Arg6
  • %r10 Caller saved
  • %r11 Caller saved
  • %r12 Callee saved
  • %r13 Callee saved
  • %r14 Callee saved
  • %r15 Callee saved

问题九:X86-64 procedure call highlights

No frame pointer

All references to stack frame made relative to %rsp;eliminates need to update %ebp/%rbp, which is now available for general-purpose use

Function

Functions can access memory up to 128 bytes beyond %rsp: the “red zone”. Can store some temps on stack without altering %rsp

问题十:

  • cltq sign-extends EAX into RAX.

问题十一:

  • Heavy use of registers(faster than using stack in memory)
    • Parameter passing
    • More temporaries since more registers
  • Minimal use of stack
    • Sometimes none
    • When needed, allocate/deallocate entire frame at once
    • No more frame pointer:address relative to stack pointer
  • More room for compiler optimizations
    • Prefer to store data in registers rather than memory
    • Minimize modifications to stack pointer

问题十二:

  • 如何使用tui模式?
    gdb -tui
    layout asm
    layout regs
    

问题十三:

ret instruction等价于 pop pc-counter

问题十四

For most cases, the mov instruction will only update the specific register bytes or memory locations indicated by the destination operand. The only exception is that when movl has a register as its destination, it will also set the high-order 4bytes of the register to 0.