MACHINE-LEVEL PROGRAMMING III:

SWITCH STATEMENTS AND IA32

PROCEDURES
 University of Texas at Austin

Today
• Switch statements
• IA 32 Procedures
• Stack Structure
• Calling Conventions
• Illustrations of Recursion & Pointers

2
 University of Texas at Austin

long
long switch_eg
switch_eg
(long
Switch Statement
(long x,x, long
long y,
y, long
long z)
z)
{{ Example
long
long ww == 1;
1;
switch(x)
switch(x) {{
case
case 1:
1:
ww == y*z;
y*z; • Multiple case labels
break;
break;
case
case 2:
2:
• Here: 5 & 6
ww == y/z;
/*
y/z;
/* Fall
Fall Through
Through */
*/
• Fall through cases
case
case 3:
3: • Here: 2
ww +=
+= z;
z;
break;
break; • Missing cases
case
case 5:
5:
case
case 6:
6: • Here: 4
ww -=
-= z;
z;
break;
break;
default:
default:
ww == 2;
2;
}}
return
return w;w;
}}
3
 University of Texas at Austin

Jump Table Structure

Switch Form Jump Table Jump Targets
switch(x)
switch(x){{ jtab: Targ0
Targ0: Code Block
case
caseval_0:
val_0: 0
Block Targ1
Block00
case
caseval_1:
val_1: Targ2 Targ1: Code Block
Block
Block11 •
• • • 1
• • • •
case
caseval_n-1:
val_n-1: •
Block
Blockn–1n–1 Targ2: Code Block
}} Targn-1
2

•
Approximate Translation •
target
target==JTab[x];
JTab[x]; •
goto
goto*target;
*target;
Targn-1: Code Block
n–1
4
 University of Texas at Austin

Switch Statement Example (IA32)

long
long switch_eg(long
switch_eg(long x,
x, long
long y,
y, long
long z)
z)
{{
long
long ww == 1; 1;
switch(x)
switch(x) {{
.. .. ..
}} What range of
return
return w; w; values takes
}}
default?
Setup:
switch_eg:
pushl %ebp # Setup
movl %esp, %ebp # Setup
movl 8(%ebp), %eax # %eax = x
cmpl $6, %eax # Compare x:6
ja .L2 # If unsigned > goto default
jmp *.L7(,%eax,4) # Goto *JTab[x] Note that w not
initialized here 5
 University of Texas at Austin

Switch Statement Example (IA32)

long
long switch_eg(long
switch_eg(long x,
x, long
long y,
y, long
long z)
z)
{{
long
long ww == 1; 1;
switch(x)
switch(x) {{ Jump table
.. .. ..
.section
.section .rodata
.rodata
}} .align
.align 44
return
return w; w; .L7:
.L7:
}} .long
.long .L2
.L2## xx == 00
.long
.long .L3
.L3## xx == 11
.long .L4
.L4## xx == 22
Setup: .long
.long .L5
.long .L5## xx == 33
.long
.long .L2
.L2## xx == 44
switch_eg: .long .L6
.long .L6## xx == 55
pushl %ebp # Setup .long
.long .L6
.L6## xx == 66
movl %esp, %ebp # Setup
movl 8(%ebp), %eax # eax = x
cmpl $6, %eax # Compare x:6
Indirect ja .L2 # If unsigned > goto default
jump jmp *.L7(,%eax,4) # Goto *JTab[x]

6
 University of Texas at Austin

Assembly Setup Explanation

• Table Structure
Jump table
• Each target requires 4 bytes
.section
.section .rodata
.rodata
• Base address at .L7 .align
.align 44
.L7:
.L7:
.long
.long .L2
.L2 ## xx == 00
.long .L3
.L3 ## xx == 11
• Jumping .long
.long .L4
.long .L4 ## xx == 22
• Direct: jmp .L2 .long
.long .L5
.L5 ## xx == 33
.long
.long .L2
.L2 ## xx == 44
• Jump target is denoted by label .L2 .long .L6
.long .L6 ## xx == 55
.long
.long .L6
.L6 ## xx == 66

• Indirect: jmp *.L7(,%eax,4)

• Start of jump table: .L7
• Must scale by factor of 4 (labels have 32-bits = 4 Bytes on IA32)
• Fetch target from effective Address .L7 + eax*4
• Only for 0 ≤ x ≤ 6
7
 University of Texas at Austin

Jump Table
Jump table
switch(x)
switch(x) {{
.section
.section .rodata case
.rodata case 1:
1: //
// .L3
.L3
.align
.align 44 ww == y*z;
y*z;
.L7:
.L7:
.long .L2
break;
break;
.long .L2 ## xx == 00
.long .L3 case
case 2:
2: //
// .L4
.L4
.long .L3 ## xx == 11
.long
.long .L4
.L4 ## xx == 22 ww == y/z;
y/z;
.long
.long .L5
.L5 ## xx == 33 /*
/* Fall
Fall Through
Through */
*/
.long
.long .L2
.L2 ## xx == 44 case
case 3:
3: //
// .L5
.L5
.long
.long .L6
.L6 ## xx == 55 ww +=
+= z;
z;
.long
.long .L6
.L6 ## xx == 66 break;
break;
case
case 5:
5:
case
case 6:
6: //
// .L6
.L6
ww -=
-= z;
z;
break;
break;
default:
default: //
// .L2
.L2
ww == 2;
2;
}}

8
 University of Texas at Austin

Handling Fall-Through
long
long ww == 1;
1; case
case 3:
3:
.. .. ..
ww == 1;
1;
switch(x)
switch(x) {{ goto
goto merge;
merge;
.. .. ..
case
case 2:2:
ww == y/z;
y/z;
/*
/* Fall
Fall Through
Through */
*/
case
case 3:3: case
case 2:2:
ww +=
+= z;
z; ww == y/z;
y/z;
break;
break;
.. .. .. merge:
merge:
}} ww +=
+= z;
z;

9
 University of Texas at Austin

Code Blocks (Partial)

switch(x)
switch(x) {{ .L2:
.L2: ## Default
Default
case
case 1: 1: //
// .L3
.L3 movl
movl $2,
$2, %eax
%eax ## ww == 22
ww == y*z;
y*z; jmp
jmp .L8
.L8 ## Goto
Goto done
done
break;
break;
.. .. .. .L5:
.L5: ## xx ==
== 33
case
case 3: 3: //
// .L5
.L5 movl
movl $1,
$1, %eax
%eax ## ww == 11
ww +=
+= z;
z; jmp
jmp .L9
.L9 ## Goto
Goto merge
merge
break;
break;
.. .. .. .L3:
.L3: ## xx ==
== 11
default:
default: //
// .L2
.L2 movl
movl 16(%ebp),
16(%ebp), %eax
%eax ## zz
ww == 2;
2; imull
imull12(%ebp),
12(%ebp), %eax
%eax ## ww == y*z
y*z
}} jmp
jmp .L8
.L8 ## Goto
Goto done
done

10
 University of Texas at Austin

Code Blocks (Rest)

switch(x)
switch(x) {{ .L4:
.L4: ## xx ==
== 22
.. .. .. movl
movl 12(%ebp),
12(%ebp), %edx
%edx
case
case 2: 2: //// .L4
.L4 movl
movl %edx,
%edx, %eax
%eax
ww == y/z;
y/z; sarl
sarl $31,
$31, %edx
%edx
/*
/* Fall
Fall Through
Through */
*/ idivl
idivl16(%ebp)
16(%ebp) ## ww == y/z
y/z
merge:
merge: //
// .L9
.L9
ww +=
+= z;
z; .L9:
.L9: ## merge:
merge:
break;
break; addl
addl 16(%ebp),
16(%ebp), %eax
%eax ## ww +=
+= zz
case
case 5: 5: jmp
jmp .L8
.L8 ## goto
goto done
done
case
case 6: 6: //// .L6
.L6
ww -=
-= z;
z; .L6:
.L6: ## xx ==
== 5,
5, 66
break;
break; movl
movl $1,
$1, %eax
%eax ## ww == 11
}} subl
subl 16(%ebp),
16(%ebp), %eax
%eax ## ww == 1-z
1-z

11
 University of Texas at Austin

x86-64 Switch Implementation

• Same general idea, adapted to 64-bit code
• Table entries 64 bits (pointers)
• Cases use revised code Jump Table
switch(x)
switch(x) {{ .section
.section .rodata
.rodata
case
case 1:1: //
// .L3
.L3 .align
.align 88
ww == y*z;
y*z; .L7:
.L7:
break;
break; .quad
.quad .L2
.L2 ## xx == 00
.. .. .. .quad
.quad .L3
.L3 ## xx == 11
}} .quad
.quad .L4
.L4 ## xx == 22
.quad
.quad .L5
.L5 ## xx == 33
.quad
.quad .L2
.L2 ## xx == 44
.L3:
.L3: .quad
.quad .L6
.L6 ## XX == 55
movq
movq %rdx,
%rdx, %rax
%rax .quad
.quad .L6
.L6 ## xx == 66
imulq
imulq %rsi,
%rsi, %rax
%rax
ret
ret

13
 University of Texas at Austin

IA32 Object Code

• Setup
• Label .L2 becomes address 0x8048422
• Label .L7 becomes address 0x8048660
Assembly Code
switch_eg:
switch_eg:
.. .. ..
ja
ja .L2
.L2 ## If
If unsigned
unsigned >> goto
goto default
default
jmp
jmp *.L7(,%eax,4)
*.L7(,%eax,4) ## Goto
Goto *JTab[x]
*JTab[x]

Disassembled Object Code

08048410
08048410 <switch_eg>:
<switch_eg>:
.. .. ..
8048419:77
8048419: 77 07
07 ja
ja 8048422
8048422 <switch_eg+0x12>
<switch_eg+0x12>
804841b:ff
804841b: ff 24
24 85
85 60
60 86
86 04
04 08
08 jmp
jmp *0x8048660(,%eax,4)
*0x8048660(,%eax,4)

14
 University of Texas at Austin

IA32 Object Code (cont.)

• Jump Table
• Doesn’t show up in disassembled code
• Can inspect using GDB
• gdb switch
• (gdb) x/7xw 0x8048660
• Examine 7 hexadecimal format “words” (4-bytes each)
• Use command “help x” to get format documentation
0x8048660: 0x08048422 0x08048432 0x0804843b 0x08048429
0x8048670: 0x08048422 0x0804844b 0x0804844b

15
 University of Texas at Austin

IA32 Object Code (cont.)

• Deciphering Jump Table
0x8048660: 0x08048422 0x08048432 0x0804843b 0x08048429
0x8048670: 0x08048422 0x0804844b 0x0804844b
Address Value x
0x8048660 0x8048422 0
0x8048664 0x8048432 1
0x8048668 0x804843b 2
0x804866c 0x8048429 3
0x8048670 0x8048422 4
0x8048674 0x804844b 5
0x8048678 0x804844b 6

16
 University of Texas at Austin

Disassembled Targets

8048422:
8048422: b8
b8 02
02 00
00 00
00 00
00 mov
mov $0x2,%eax
$0x2,%eax
8048427:
8048427: eb
eb 2a
2a jmp
jmp 8048453
8048453 <switch_eg+0x43>
<switch_eg+0x43>
8048429:
8048429: b8
b8 01
01 00
00 00
00 00
00 mov
mov $0x1,%eax
$0x1,%eax
804842e:
804842e: 66
66 90
90 xchg
xchg %ax,%ax
%ax,%ax ## noop
noop
8048430:
8048430: eb
eb 14
14 jmp
jmp 8048446 <switch_eg+0x36>
8048446 <switch_eg+0x36>
8048432:
8048432: 8b
8b 45
45 10
10 mov
mov 0x10(%ebp),%eax
0x10(%ebp),%eax
8048435:
8048435: 0f
0f af
af 45
45 0c
0c imul
imul 0xc(%ebp),%eax
0xc(%ebp),%eax
8048439:
8048439: eb
eb 18
18 jmp
jmp 8048453
8048453 <switch_eg+0x43>
<switch_eg+0x43>
804843b:
804843b: 8b
8b 55
55 0c
0c mov
mov 0xc(%ebp),%edx
0xc(%ebp),%edx
804843e:
804843e: 89
89 d0
d0 mov
mov %edx,%eax
%edx,%eax
8048440:
8048440: c1
c1 fa
fa 1f
1f sar
sar $0x1f,%edx
$0x1f,%edx
8048443:
8048443: f7
f7 7d
7d 10
10 idivl
idivl 0x10(%ebp)
0x10(%ebp)
8048446:
8048446: 03
03 45
45 10
10 add
add 0x10(%ebp),%eax
0x10(%ebp),%eax
8048449:
8048449: eb
eb 08
08 jmp
jmp 8048453
8048453 <switch_eg+0x43>
<switch_eg+0x43>
804844b:
804844b: b8
b8 01
01 00
00 00
00 00
00 mov
mov $0x1,%eax
$0x1,%eax
8048450:
8048450: 2b
2b 45
45 10
10 sub
sub 0x10(%ebp),%eax
0x10(%ebp),%eax
8048453:
8048453: 5d
5d pop
pop %ebp
%ebp
8048454:
8048454: c3
c3 ret
ret

17
 University of Texas at Austin

Matching Disassembled Targets

8048422:
8048422: mov
mov $0x2,%eax
$0x2,%eax
8048427:
8048427: jmp
jmp 8048453
8048453 <switch_eg+0x43>
<switch_eg+0x43>
8048429:
8048429: mov
mov $0x1,%eax
$0x1,%eax
804842e:
804842e: xchg
xchg %ax,%ax
%ax,%ax
Value 8048430:
8048430: jmp
jmp 8048446
8048446 <switch_eg+0x36>
<switch_eg+0x36>
8048432:
8048432: mov
mov 0x10(%ebp),%eax
0x10(%ebp),%eax
0x8048422 8048435:
8048435: imul
imul 0xc(%ebp),%eax
0xc(%ebp),%eax
8048439:
8048439: jmp
jmp 8048453
8048453 <switch_eg+0x43>
<switch_eg+0x43>
0x8048432 804843b: mov 0xc(%ebp),%edx
804843b: mov 0xc(%ebp),%edx
0x804843b 804843e:
804843e: mov
mov %edx,%eax
%edx,%eax
8048440:
8048440: sar
sar $0x1f,%edx
$0x1f,%edx
0x8048429 8048443:
8048443: idivl
idivl 0x10(%ebp)
0x10(%ebp)
8048446:
8048446: add
add 0x10(%ebp),%eax
0x10(%ebp),%eax
0x8048422 8048449:
8048449: jmp
jmp 8048453
8048453 <switch_eg+0x43>
<switch_eg+0x43>
804844b:
804844b: mov
mov $0x1,%eax
$0x1,%eax
0x804844b 8048450: sub 0x10(%ebp),%eax
8048450: sub 0x10(%ebp),%eax
0x804844b 8048453:
8048453: pop
pop %ebp
%ebp
8048454:
8048454: ret
ret

18
 University of Texas at Austin

Summarizing
• C Control
• if-then-else
• do-while
• while, for
• switch
• Assembler Control
• Conditional jump
• Conditional move
• Indirect jump
• Compiler generates code sequence to implement more complex control
• Standard Techniques
• Loops converted to do-while form
• Large switch statements use jump tables
• Sparse switch statements may use decision trees
19
 University of Texas at Austin

Today
• Switch statements
• IA 32 Procedures
• Stack Structure
• Calling Conventions
• Illustrations of Recursion & Pointers

20
 University of Texas at Austin

IA32 Stack
• Region of memory
Stack “Bottom”
managed with stack
discipline
• Grows toward lower Increasing
Addresses
addresses
• Register %esp contains
lowest stack address
• address of “top” element Stack
Grows
Down
Stack Pointer: %esp

Stack “Top” 21
 University of Texas at Austin

IA32 Stack: Push

• pushl Src Stack “Bottom”

• Fetch operand at Src
• Decrement %esp by 4 Increasing
Addresses
• Write operand at address given by %esp

Stack
Grows
Down
Stack Pointer: %esp
-4

Stack “Top”
22
 University of Texas at Austin

IA32 Stack: Pop

• popl Src Stack “Bottom”

• Fetch value in mem at %esp

• Move value to src Increasing
Addresses
• Increment %esp by 4

Stack
Grows
+4 Down
Stack Pointer: %esp

Stack “Top”
23
 University of Texas at Austin

Procedure Control Flow

• Use stack to support procedure call and return
• Procedure call: call label
• Push return address on stack
• Jump to label
• Return address:
• Address of the next instruction right after call
• Example from disassembly
804854e: e8 3d 06 00 00 call 8048b90 <main>
8048553: 50 pushl %eax
• Return address = 0x8048553
• Procedure return: ret
• Pop address from stack
• Jump to address
24
 University of Texas at Austin

Procedure Call Example

804854e:
804854e: e8
e8 3d
3d 06
06 00
00 00
00 call
call 8048b90
8048b90 <main>
<main>
8048553:
8048553: 50
50 pushl
pushl %eax
%eax

call 8048b90

0x110 0x110
0x10c 0x10c
0x108 123 0x108 123
0x104 0x8048553

%esp 0x108 %esp 0x104

%eip 0x804854e %eip 0x8048b90

%eip: program counter

25
 University of Texas at Austin

Procedure Return Example

8048591:
8048591: c3
c3 ret
ret

ret

0x110 0x110
0x10c 0x10c
0x108 123 0x108 123
0x104 0x8048553 0x8048553

%esp 0x104 %esp 0x108

%eip 0x8048591 %eip 0x8048553

%eip: program counter

26
 University of Texas at Austin

Stack-Based Languages
• Languages that support recursion
• e.g., C, Pascal, Java
• Code must be “Reentrant”
• Multiple simultaneous instantiations of single procedure
• Need some place to store state of each instantiation
• Arguments
• Local variables
• Return pointer
• Stack discipline
• State for given procedure needed for limited time
• From when called to when return
• Callee returns before caller does
• Stack allocated in Frames
• state for single procedure instantiation
27
 University of Texas at Austin

Call Chain Example

yoo(…)
yoo(…)
{{ Example
•• Call Chain
•• who(…)
who(…) yoo
who();
who(); {{
•• •• •• ••
•• amI(); who
amI(); amI(…)
amI(…)
}} •• •• •• {{
amI();
amI(); •• amI amI
•• •• •• ••
}} amI();
amI(); amI
••
••
}} amI

Procedure amI() is recursive

28
 University of Texas at Austin

Stack Frames
Previous
• Contents Frame
• Local variables
• Return information Frame Pointer: %ebp

• Temporary space Frame for

proc

Stack Pointer: %esp

• Management
• Space allocated when enter Stack “Top”
procedure
• “Set-up” code
• Deallocated when return
• “Finish” code 29
 University of Texas at Austin

Example Stack

yoo(…) yoo
yoo(…) %ebp
{{ yoo
yoo
•• who %esp
••
who();
who();
•• amI amI
••
}} amI

amI

30
 University of Texas at Austin

Example Stack

yoo(…)
yoo(…) yoo
{{ who(…)
who(…)
•{ yoo
yoo
•{ who
•• •• •• •• %ebp
amI();
who();
amI();
who();
•• •• •• •• amI amI who
%esp
•• amI();
amI();
}} •• •• ••
}} amI

amI

31
 University of Texas at Austin

Example Stack

yoo(…)
yoo(…) yoo
{{ who(…)
who(…)
•{ yoo
yoo
•{ amI(…) who
•• ••amI(…)
•• ••
{{
amI();
who();
amI();
who(); • who
•• •• ••• •• amI amI
••
•• amI();
amI();
•• •amI(); %ebp
}} •amI();
••
}} •• amI amI
•• %esp
}}
amI

32
 University of Texas at Austin

Example Stack

yoo(…)
yoo(…) yoo
{{ who(…)
who(…)
•{ yoo
yoo
•{ amI(…) who
•• ••amI(…)
•• ••
{{
amI();
who();
amI();
who();
• •••amI(…)
amI(…)
•• amI who
•• • • {{ amI
••
•• amI();
amI(); ••
• •amI();
amI();
•
}} • • • ••
}} •• amI amI
•• amI();
amI();
}} •• %ebp
•• amI amI
}}
%esp

33
 University of Texas at Austin

Example Stack

yoo(…)
yoo(…) yoo
{{ who(…)
who(…)
•{ yoo
yoo
•{ amI(…) who
•• ••amI(…)
•• ••
{{
amI();
who();
amI();
who();
• •••amI(…)
amI(…)
•• amI who
•• • • {{ amI
••
•• amI();
amI(); ••amI(…)
amI(…)
amI();
amI();
•• •• •• • {{
}}
}} •• • • amI amI
•
•• amI();
amI();
••
}} ••
•• amI();
amI(); amI
•• amI
}}
••
}} %ebp
amI
%esp

34
 University of Texas at Austin

Example Stack

yoo(…)
yoo(…) yoo
{{ who(…)
who(…)
•{ yoo
yoo
•{ amI(…) who
•• ••amI(…)
•• ••
{{
amI();
who();
amI();
who();
• •••amI(…)
amI(…)
•• amI who
•• • • {{ amI
••
•• amI();
amI(); ••
• •amI();
amI();
•
}} • • • ••
}} •• amI amI
•• amI();
amI();
}} •• %ebp
•• amI amI
}}
%esp

35
 University of Texas at Austin

Example Stack

yoo(…)
yoo(…) yoo
{{ who(…)
who(…)
•{ yoo
yoo
•{ amI(…) who
•• ••amI(…)
•• ••
{{
amI();
who();
amI();
who(); • who
•• •• ••• •• amI amI
••
•• amI();
amI();
•• •amI(); %ebp
}} •amI();
••
}} •• amI amI
•• %esp
}}
amI

36
 University of Texas at Austin

Example Stack

yoo(…)
yoo(…) yoo
{{ who(…)
who(…)
•{ yoo
yoo
•{ who
•• •• •• •• %ebp
amI();
who();
amI();
who();
•• •• •• •• amI amI who
%esp
•• amI();
amI();
}} •• •• ••
}} amI

amI

37
 University of Texas at Austin

Example Stack

yoo(…)
yoo(…) yoo
{{ who(…)
who(…)
•{ yoo
yoo
•{ amI(…) who
•• ••amI(…)
•• ••
{{
amI();
who();
amI();
who(); • who
•• •• ••• •• amI amI
••
•• amI();
amI();
•• •amI(); %ebp
}} •amI();
••
}} •• amI amI
•• %esp
}}
amI

38
 University of Texas at Austin

Example Stack

yoo(…)
yoo(…) yoo
{{ who(…)
who(…)
•{ yoo
yoo
•{ who
•• •• •• •• %ebp
amI();
who();
amI();
who();
•• •• •• •• amI amI who
%esp
•• amI();
amI();
}} •• •• ••
}} amI

amI

39
 University of Texas at Austin

Example Stack

yoo
yoo(…) %ebp
yoo(…)
{{ yoo
yoo
•• who %esp
••
who();
who(); amI amI
••
••
}} amI

amI

40
 University of Texas at Austin

IA32/Linux Stack Frame

• Current Stack Frame (“Top” to
Bottom)
Caller
• “Argument build:” Frame
Parameters for function about to call Arguments
• Local variables
Frame pointer Return Addr
If can’t keep in registers %ebp Old %ebp
• Saved register context
Saved
• Old frame pointer Registers
+
Local
• Caller Stack Frame Variables
• Return address Argument
• Pushed by call instruction Stack pointer
Build
%esp
• Arguments for this call 41
 University of Texas at Austin

Revisiting swap Calling swap from call_swap

int
int course1
course1 == 15213;
15213; call_swap:
call_swap:
int
int course2
course2 == 18243;
18243; •• •• ••
subl
subl $8,
$8, %esp
%esp
void
void call_swap()
call_swap() {{ movl $course2, 4(%esp)
movl $course2, 4(%esp)
swap(&course1,
swap(&course1, &course2);
&course2); movl $course1, (%esp)
movl $course1, (%esp)
}} call swap
call swap
•• •• ••

Resulting
void
void swap(int
swap(int *xp,
*xp, int
int *yp)
*yp) • Stack
{{ •
int
int t0
t0 == *xp;
*xp; •
int
int t1
t1 == *yp;
*yp; %esp
*xp
*xp == t1;
t1; &course2 subl
*yp
*yp == t0;
t0;
}} &course1 %esp
call
Rtn adr %esp
42
 University of Texas at Austin

Revisiting swap
swap:
pushl %ebp
void Set
void swap(int
swap(int *xp,
*xp, int
int *yp)
*yp) movl %esp, %ebp
{{ pushl %ebx Up
int
int t0
t0 == *xp;
*xp;
int
int t1
t1 == *yp;
*yp; movl 8(%ebp), %edx
*xp
*xp == t1;
t1; movl 12(%ebp), %ecx
*yp
*yp == t0;
t0; movl (%edx), %ebx Body
}} movl (%ecx), %eax
movl %eax, (%edx)
movl %ebx, (%ecx)

popl %ebx
popl %ebp Finish
ret

43
 University of Texas at Austin

swap Setup #1
Entering Stack Resulting Stack

%ebp %ebp
• •
• •
• •

&course2 yp
&course1 xp
Rtn adr %esp Rtn adr
Old %ebp %esp

swap:
pushl %ebp
movl %esp,%ebp
pushl %ebx
44
 University of Texas at Austin

swap Setup #2
Entering Stack Resulting Stack

%ebp
• •
• •
• •

&course2 yp
&course1 xp
Rtn adr %esp Rtn adr
%ebp
Old %ebp %esp

swap:
pushl %ebp
movl %esp,%ebp
pushl %ebx
45
 University of Texas at Austin

swap Setup #3
Entering Stack Resulting Stack

%ebp
• •
• •
• •

&course2 yp
&course1 xp
Rtn adr %esp Rtn adr
Old %ebp %ebp
Old %ebx %esp
swap:
pushl %ebp
movl %esp,%ebp
pushl %ebx
46
 University of Texas at Austin

swap Body
Entering Stack Resulting Stack

%ebp
• •
• •
• •
Offset relative to %ebp
&course2 12 yp
&course1 8 xp
Rtn adr %esp 4 Rtn adr
Old %ebp %ebp
Old %ebx %esp

movl 8(%ebp),%edx # get xp

movl 12(%ebp),%ecx # get yp
. . .

47
 University of Texas at Austin

swap Finish
Stack Before Finish Resulting Stack
%ebp
• •
• •
popl %ebx
• •
popl %ebp

yp yp
xp xp
Rtn adr Rtn adr %esp
Old %ebp %ebp
Old %ebx %esp  Observation
 Saved and restored register %ebx
 Not so for %eax, %ecx, %edx

48
 University of Texas at Austin

Disassembled swap
08048384 <swap>:
8048384: 55 push %ebp
8048385: 89 e5 mov %esp,%ebp
8048387: 53 push %ebx
8048388: 8b 55 08 mov 0x8(%ebp),%edx
804838b: 8b 4d 0c mov 0xc(%ebp),%ecx
804838e: 8b 1a mov (%edx),%ebx
8048390: 8b 01 mov (%ecx),%eax
8048392: 89 02 mov %eax,(%edx)
8048394: 89 19 mov %ebx,(%ecx)
8048396: 5b pop %ebx
8048397: 5d pop %ebp
8048398: c3 ret
Calling Code
80483b4: movl $0x8049658,0x4(%esp) # Copy &course2
80483bc: movl $0x8049654,(%esp) # Copy &course1
80483c3: call 8048384 <swap> # Call swap
80483c8: leave # Prepare to return
80483c9: ret # Return
49
 University of Texas at Austin

Today
• Switch statements
• IA 32 Procedures
• Stack Structure
• Calling Conventions
• Illustrations of Recursion & Pointers

50
 University of Texas at Austin

Register Saving Conventions

• When procedure yoo calls who:
• yoo is the caller
• who is the callee
• Can register be used for temporary storage?
yoo:
yoo: who:
who:
•• •• •• •• •• ••
movl
movl $15213,
$15213, %edx
%edx movl
movl 8(%ebp),
8(%ebp), %edx
%edx
call
call who
who addl
addl $18243,
$18243, %edx
%edx
addl
addl %edx,
%edx, %eax
%eax •• •• ••
•• •• •• ret
ret
ret
ret

• Contents of register %edx overwritten by who

• This could be trouble ➙ something should be done!
• Need some coordination 51
 University of Texas at Austin

Register Saving Conventions

• When procedure yoo calls who:
• yoo is the caller
• who is the callee
• Can register be used for temporary storage?
• Conventions
• “Caller Save”
• Caller saves temporary values in its frame before the call
• “Callee Save”
• Callee saves temporary values in its frame before using

52
 University of Texas at Austin

IA32/Linux+Windows Register Usage

• %eax, %edx, %ecx
%eax
• Caller saves prior to call if values Caller-Save
are used later Temporaries %edx
%ecx
• %eax %ebx
• also used to return integer value Callee-Save
Temporaries %esi
%edi
• %ebx, %esi, %edi
• Callee saves if wants to use them %esp
Special
%ebp
• %esp, %ebp
• special form of callee save
• Restored to original values upon
exit from procedure
53
 University of Texas at Austin

Today
• Switch statements
• IA 32 Procedures
• Stack Structure
• Calling Conventions
• Illustrations of Recursion & Pointers

54
 University of Texas at Austin

Recursive Functionpcount_r:
pushl %ebp
/*
/* Recursive
Recursive popcount
popcount */
*/ movl %esp, %ebp
int
int pcount_r(unsigned
pcount_r(unsigned x) x) {{ pushl %ebx
if
if (x
(x ==
== 0)
0) subl $4, %esp
return
return 0;0; movl 8(%ebp), %ebx
else
else return
return movl $0, %eax
(x
(x && 1)
1) ++ pcount_r(x
pcount_r(x >>
>> 1);
1); testl %ebx, %ebx
}} je .L3
movl %ebx, %eax
shrl %eax
movl %eax, (%esp)
• Registers call pcount_r
• %eax, %edx used without movl %ebx, %edx
andl $1, %edx
first saving leal (%edx,%eax), %eax
• %ebx used, but saved at .L3:
addl $4, %esp
beginning & restored at end popl %ebx
popl %ebp
ret
55
 University of Texas at Austin

pcount_r:
Recursive Call #1 pushl %ebp
movl %esp, %ebp
/* pushl %ebx
/* Recursive
Recursive popcount
popcount */
*/
int subl $4, %esp
int pcount_r(unsigned
pcount_r(unsigned x) x) {{
if movl 8(%ebp), %ebx
if (x
(x ==
== 0)
0)
return • • •
return 0;0;
else
else return
return
(x
(x && 1)
1) ++ pcount_r(x
pcount_r(x >>
>> 1);
1);
}}
•
•
•
• Actions
• Save old value of %ebx on stack
x
• Allocate space for argument to
Rtn adr
recursive call
Old %ebp %ebp
• Store x in %ebx
Old %ebx
%ebx x %esp

56
 University of Texas at Austin

Recursive Call #2
/*
/* Recursive
Recursive popcount
popcount */
*/ • • •
int
int pcount_r(unsigned
pcount_r(unsigned x) x) {{
movl $0, %eax
if
if (x
(x ==
== 0)
0) testl %ebx, %ebx
return
return 0;0; je .L3
else
else return
return • • •
(x
(x && 1)
1) ++ pcount_r(x
pcount_r(x >>
>> 1);
1); .L3:
}}
• • •
ret

• Actions
• If x == 0, return
• with %eax set to 0

%ebx x

57
 University of Texas at Austin

Recursive Call #3
/*
/* Recursive
Recursive popcount
popcount */
*/ • • •
int
int pcount_r(unsigned
pcount_r(unsigned x) x) {{ movl %ebx, %eax
if
if (x
(x ==
== 0)
0) shrl %eax
return
return 0;0; movl %eax, (%esp)
else
else return
return call pcount_r
(x
(x && 1)
1) ++ pcount_r(x
pcount_r(x >>
>> 1);
1); • • •
}}

• Actions •
• Store x >> 1 on stack •
•
• Make recursive call
• Effect
Rtn adr
• %eax set to function result
Old %ebp %ebp
• %ebx still has value of x
Old %ebx
x >> 1 %esp
%ebx x
58
 University of Texas at Austin

Recursive Call #4
/*
/* Recursive
Recursive popcount
popcount */
*/ • • •
int
int pcount_r(unsigned
pcount_r(unsigned x) x) {{ movl %ebx, %edx
if
if (x
(x ==
== 0)
0) andl $1, %edx
return
return 0;0; leal (%edx,%eax), %eax
else
else return
return • • •
(x
(x && 1)
1) ++ pcount_r(x
pcount_r(x >>
>> 1);
1);
}}

• Assume
• %eax holds value from recursive call
• %ebx holds x
• Actions %ebx x
• Compute (x & 1) + computed value
• Effect
• %eax set to function result

59
 University of Texas at Austin

Recursive Call #5
/* • • •
/* Recursive
Recursive popcount
popcount */
*/
int L3:
int pcount_r(unsigned
pcount_r(unsigned x) x) {{
if addl$4, %esp
if (x
(x ==
== 0)
0)
return popl%ebx
return 0;0;
else popl%ebp
else return
return
(x ret
(x && 1)
1) ++ pcount_r(x
pcount_r(x >>
>> 1);
1);
}}

%ebp
• Actions • •
• Restore values • •
• •
of %ebx and %esp
%ebp Rtn adr
• Restore %esp Old %ebp %ebp
%ebx
Old %ebx
%esp Old %ebx

60
 University of Texas at Austin

Observations About Recursion

• Handled Without Special Consideration
• Stack frames mean that each function call has private
storage
• Saved registers & local variables
• Saved return pointer
• Register saving conventions prevent one function call
from corrupting another’s data
• Stack discipline follows call / return pattern
• If P calls Q, then Q returns before P
• Last-In, First-Out
• Also works for mutual recursion
• P calls Q; Q calls P
61
 University of Texas at Austin

Pointer Code
Generating Pointer
/*
/* Compute
Compute xx ++ 33 */
*/
int
int add3(int
add3(int x)x) {{
int
int localx
localx == x;x;
incrk(&localx,
incrk(&localx, 3); 3);
return
return localx;
localx;
}}

Referencing Pointer
/*
/* Increment
Increment value
value by
by kk */
*/
void
void incrk(int
incrk(int *ip,
*ip, int
int k)
k) {{
*ip
*ip +=
+= k;
k;
}}

• add3 creates pointer and passes it to incrk

62
 University of Texas at Austin

Creating and Initializing Local Variable

int
int add3(int
add3(int x)
x) {{ • Variable localx must be stored on
int
int localx
localx == x;
x; stack
incrk(&localx,
incrk(&localx, 3);3);
return
return localx;
localx; • Because: Need to create pointer to it
}}
• Compute pointer as -4(%ebp)
8 x
4 Rtn adr
0 Old %ebp %ebp
First part of add3
-4 localx = x
add3:
add3:
pushl%ebp
pushl%ebp -8
movl
movl %esp,
%esp, %ebp
%ebp -12 Unused
subl
subl $24,
$24, %esp
%esp ## Alloc.
Alloc. 24
24 bytes
bytes
movl -16
movl 8(%ebp),
8(%ebp), %eax
%eax
movl
movl %eax,
%eax, -4(%ebp)#
-4(%ebp)# Set
Set localx
localx to
to xx -20
-24 %esp
63
 University of Texas at Austin

Creating Pointer as Argument

int
int add3(int
add3(int x)
x) {{ • Use leal instruction to
int
int localx
localx == x;
x;
incrk(&localx,
incrk(&localx, 3);3);
compute address of localx
return
return localx;
localx;
}}

8 x
4 Rtn adr
0 Old %ebp %ebp
Middle part of add3
-4 localx
movl
movl $3,
$3, 4(%esp)
4(%esp) ## 22ndnd arg
arg == 33
leal
leal -4(%ebp),
-4(%ebp), %eax#
%eax# &localx
&localx -8
movl
movl %eax,
%eax, (%esp)
(%esp) ## 11stst arg
arg == &localx
&localx -12 Unused
call
call incrk
incrk -16
-20 3 %esp+4
-24 %esp
64
 University of Texas at Austin

Retrieving local variable

int
int add3(int
add3(int x)
x) {{ • Retrieve localx from stack as
int
int localx
localx == x;
x;
incrk(&localx,
incrk(&localx, 3);3);
return value
return
return localx;
localx;
}}

8 x
4 Rtn adr
0 Old %ebp %ebp
Final part of add3
-4 localx
movl -4(%ebp), %eax # Return val= localx
movl -4(%ebp), %eax # Return val= localx
leave
leave -8
ret
ret -12 Unused
-16
-20
-24 %esp
65
 University of Texas at Austin

IA 32 Procedure Summary
• Important Points
• Stack is the right data structure for
Caller
procedure call / return Frame
• If P calls Q, then Q returns before P Arguments
• Recursion (& mutual recursion) Return Addr
handled by normal calling conventions %ebp Old %ebp

• Can safely store values in local stack Saved

frame and in callee-saved registers Registers
+
• Put function arguments at top of stack Local
• Result return in %eax Variables

• Pointers are addresses of values Argument

Build
• On stack or global %esp
66