Heterogeneous Data Structures & Alignment * heterogeneous: 不同种类的
Post on 18-Jan-2016
125 Views
Preview:
DESCRIPTION
Transcript
1
Heterogeneous Data Structures & Alignment
* heterogeneous: 不同种类的
2
Outline
• Struct• Union• Alignment
– Chap 3.9, 3.10
3
Structures P191
• Group objects into a single object• Each object is referenced by name• Memory layout
– All the components are stored in a contiguous region of memory
– A pointer to a structure is the address of its first byte
• References to structure elements– Using offsets as displacements
4
Structure P192
struct rect {int llx; /* X coordinate of lower-left corner */int lly; /* Y coordinate of lower-left corner */int color; /* Coding of color */int width; /* Width (in pixels) */int height; /* Height (in pixels) */
};
5
Structure P192
struct rect r;
r.llx = r.lly = 0;r.color = 0xFF00FF;r.width = 10;r.height = 20;
6
Structure P192
int area (struct rect *rp){return (*rp).width * (*rp).height;
}
void rotate_left (struct rect *rp){/* Exchange width and height */int t = rp->height;rp->height = rp->width;rp->width = t;
}
7
Structure
struct rec {
int i;
int j;
int a[3];
int *p;
} *r;
8
Structure P193
• Copy element r->i to element r->j:• r is in register %edx.
1 movl (%edx), %eax Get r->i2 movl %eax, 4(%edx) Store in
r->j
9
Structure P193
• Generate the pointer &(r->a[1])– r in %eax, – i in %edx
1 leal 8(%eax,%edx,4),%ecx %ecx = &r->a[i]
10
Structure
• r->p = &r->a[r->i + r->j];– r in register %edx:
1 movl 4(%edx), %eax Get r->j2 addl (%edx), %eax Add r->i3 leal 8(%edx,%eax,4), %eax Compute &r-
>a[r->i + r->j]4 movl %eax, 20(%edx) Store in r->p
11
Unions P194
• A single object can be referenced by using different data types
• The syntax of a union declaration is identical to that for structures, but its semantics are very different
• Rather than having the different fields reference different blocks of memory, they all reference the same block
*syntax: 语法*semantic: 语义
12
Unions
struct S3 {
char c;
int i[2];
double v;
};
union U3 {
char c;
int i[2];
double v;
};
13
Unions P195
• The offsets of the fields, as well as the total size of data types S3 and U3, are:
Type c i v size
S3 0 4 12 20U3 0 0 0 8
14
Unions P195
struct NODE {struct NODE *left;struct NODE *right;double data;
};union NODE {struct {
union NODE *left;union NODE *right;
} internal;double data;
};
15
Unions (additional tag field)
struct NODE {
int is_leaf;
union {
struct {
struct NODE *left;
struct NODE *right;
} internal;
double data;
} info;
};
16
Unions P196
1 unsigned float2bit(float f)
2 {
3 union {
4 float f;
5 unsigned u;
6 } temp;
7 temp.f = f;
8 return temp.u;
9 };
1 movl 8(%ebp), %eax
17
Unions
1 unsigned float2bit(float f)
2 {
3 union {
4 float f;
5 unsigned u;
6 } temp;
7 temp.f = f;
8 return temp.u;
9 };
1 movl 8(%ebp), %eax
18
Unions (Code generated identical to the procedure)
1 unsigned copy (unsigned u)
2 {
3 return u;
4 }
1 movl 8(%ebp), %eax
19
Alignment P198
• Alignment restrictions
– The address for some type of object must be a
multiple of some value k (typically 2, 4, or 8)
– Simplify the hardware design of the interface
between the processor and the memory
system
20
Alignment
• In IA32
– hardware will work correctly regardless of the
alignment of data
– Aligned data can improve memory system
performance
21
Alignment
• Linux alignment restriction
– 1-byte data types are able to have any
address
– 2-byte data types must have an address that
is multiple of 2
– Any larger data types must have an address
that is multiple of 4
22
Alignment
• Alignment is enforced by– Making sure that every data type is organized
and allocated in such a way that every object within the type satisfies its alignment restrictions.
• malloc()– Returns a generic pointer that is void *– Its alignment requirement is 4
23
Alignment
• Structure data type– may need to insert gaps in the field allocation– may need to add padding to the end of the
structure
* padding: 填充
24
Alignment P199
struct S1 {
int i;
char c;
int j;
};
25
Alignment P200
struct S2 {
int i;
int j;
char c;
} d[4];
xd, xd+9, xd+18, xd+27
xd, xd+12, xd+24, xd+36
26
Putting it Together
27
Outline
• Pointer– Declaration
– referencing, deferencing
– memory allocation, memory free
• Buffer overflow
• Suggested reading– Chap 3.11, 3.13
28
Example P202 Figure 3.26
1 struct str { /* Example Structure */2 int t;3 char v;4 };56 union uni { /* Example Union */7 int t;8 char v;9 } u;1011 int g = 15;12
29
Example P202 Figure 3.26
13 void fun(int* xp)14 {15 void (*f)(int*) = fun; /* f is a function
pointer */1617 /* Allocate structure on stack */18 struct str s = {1,’a’}; /* Initialize structure
*/1920 /* Allocate union from heap */21 union uni *up = (union uni *)
malloc(sizeof(union uni));2223 /* Locally declared array */24 int *ip[2] = {xp, &g};
30
Example
26 up->v = s.v+1;2728 printf("ip = %p, *ip = %p, **ip = %d\n",29 ip, *ip, **ip);30 printf("ip+1 = %p, ip[1] = %p, *ip[1] = %d\n",31 ip+1, ip[1], *ip[1]);32 printf ("&s.v = %p, s.v = ’%c’\n", &s.v, s.v);33 printf ("&up->v = %p, up->v = ’%c’\n", &up->v,
up->v);34 printf ("f = %p\n", f);35 if (--(*xp) > 0)36 f(xp); /* Recursive call of fun */37 }
31
Example P202 Figure 3.26
38
39 int test()
40 {41 int x = 2;42 fun(&x);43 return x;44 }
32
Every pointer has a type P201
• If the object has type T– A pointer to this object has type T *
• Special void * type– Represents a generic pointer
• malloc returns a generic pointer
Pointer Type
Object Type
Pointers
int * int xp, ip[0], ip[1]
union uni * union uni up
33
Every pointer has a value
xp ip[0] ip[1] up
&x &x &g Address in heap
34
Pointers are created with the & operator
• Applied to lvalue expression– Lvalue expression can appear on the left side of
assignment– &g, &s.v, &u->v, &x
35
Pointers are dereferenced with the operator *
• The result is a value having the type associated with the pointer
• *ip, **ip, *ip[1], *xp• up->v
36
Arrays and pointers are closed related
• The name of array can be viewed as a pointer constant
• ip[0] is equivalent to *ip
37
Pointers can point to functions
• void (*f)(int *)• f is a pointer to function• The function taken int * as argument• The return type of the function is void• Assignment makes f point to func
– f = func
void: 空的
38
The precedence of the operators
• void *f(int *) declares f is a function– (void *) f(int *)
39
Example P203
1 ip = 0xbfffefa8, *ip = 0xbfffefe4, **ip = 2 ip[0] = xp. *xp = x
= 2
2 ip+1 = 0xbfffefac, ip[1] = 0x804965c, *ip[1] = 15 ip[1] = &g. g = 15
3 &s.v = 0xbfffefb4, s.v = ’a’ s in stack frame
4 &up->v = 0x8049760, up->v = ’b’ up points to area in heap
5 f = 0x8048414 f points to code for fun
6 ip = 0xbfffef68, *ip = 0xbfffefe4, **ip = 1 ip in new frame, x =
1
7 ip+1 = 0xbfffef6c, ip[1] = 0x804965c, *ip[1] = 15 ip[1] same as before
8 &s.v = 0xbfffef74, s.v = ’a’ s in new frame
9 &up->v = 0x8049770, up->v = ’b’ up points to new area in heap
10 f = 0x8048414 f points to code for fun
40
Pointer Declaration
• char **argv ;• int (*daytab)[13]• int (*comp)()• char (*(*x())[])()
– Function returning pointer to array[ ] of pointer to function returning char
• char(*(*x[3])())[5]– Array[3] of pointer to function returning
pointer to array[5] of char
41
Pointer Arithmetic
• Addition and subtraction– p+i , p-i (result is a pointer)
– p-q (result is a int)
• Referencing & dereferencing– *p, &E
• Subscription– A[i], *(A+i)
42
C operators
Operators Associativity() [] -> . ++ -- left to right! ~ ++ -- + - * & (type) sizeof right to left* / % left to right+ - left to right<< >> left to right< <= > >= left to right== != left to right& left to right^ left to right| left to right&& left to right|| left to right?: right to left= += -= *= /= %= &= ^= != <<= >>= right to left, left to right
Note: Unary +, -, and * have higher precedence than binary forms
43
Parameter Passing
• Call by value
– f(xp)
• Call by reference
– f(&xp)
44
3.13 Out-of-Bounds Memory References P206
1 /* Implementation of library function gets() */2 char *gets(char *s)3 {4 int c;5 char *dest = s;6 while ((c = getchar()) != ’\n’ && c != EOF)7 *dest++ = c;8 *dest++ = ’\0’; /* Terminate String
*/9 if (c == EOF)10 return NULL;11 return s;12 }
45
Out-of-Bounds Memory References
1314 /* Read input line and write it back */15 void echo()16 {17 char buf[4]; /* Way too small ! */18 gets(buf);19 puts(buf);20 }
46
Out-of-Bounds Memory References
Stack frame for caller
Return address
Saved %ebp
[3] [2] [1] [0]Stack frame
for echo
%ebp
buf
47
Out-of-Bounds Memory References
Stack frame for caller
Return address
[7]
[6]
[5]
[4]
[3] [2] [1] [0]Stack frame
for echo
%ebp
buf
48
Out-of-Bounds Memory References
Stack frame for caller
[11]
[10]
[9]
[8]
[7]
[6]
[5]
[4]
[3] [2] [1] [0]Stack frame
for echo
%ebp
buf
49
Buffer Overflow P208 Figure 3.29
1 /* This is very low quality code.2 It is intended to illustrate bad programming practices3 See Practice Problem 3.24. */4 char *getline()5 {6 char buf[8];7 char *result;8 gets(buf);9 result = malloc(strlen(buf));10 strcpy(result, buf);11 return(result);12 }
50
Buffer Overflow P208 Figure 3.29
1 08048524 <getline>:
2 8048524: 55 push %ebp
3 8048525: 89 e5 mov %esp,%ebp
4 8048527: 83 ec 10 sub $0x10,%esp
5 804852a: 56 push %esi
6 804852b: 53 push %ebx
Diagram stack at this point
7 804852c: 83 c4 f4 add $0xfffffff4,%esp
8 804852f: 8d 5d f8 lea 0xfffffff8(%ebp),%ebx
9 8048532: 53 push %ebx
10 8048533: e8 74 fe ff ff call 80483ac <_init+0x50> gets
51
Buffer Overflow P208 Practice Problem 3.24
Stack frame for caller
08 04 86 43Return Address
52
Buffer Overflow
Stack frame for caller
08 04 86 43bf ff fc 94[7] [6] [5] [4][3] [2] [1] [0]
00 00 00 01
00 00 00 02
%ebp
buf
Saved %esi
Saved %ebx
53
Buffer Overflow
Stack frame for caller
08 04 86 0031 30 39 3837 36 35 3433 32 31 30
00 00 00 01
00 00 00 02
%ebp
buf
Saved %esi
Saved %ebx
012345678901
54
Malicious Use of Buffer Overflow
void bar() { char buf[64]; gets(buf); ... }
void foo(){ bar(); ...}
returnaddress
A
Stack after call to gets()
B
foo stack frame
bar stack frame
B
exploitcode
pad
data written
bygets()
Malicious:怀恶意的
55
Malicious Use of Buffer Overflow
• Input string contains byte representation
of executable code
• Overwrite return address with address of
buffer
• When bar() executes ret, will jump to
exploit code
56
Floating Point
57
Outline
• Stack evaluation• Data movement• Set special data• Arithmetic operation• Comparison • Suggested reading: 3.14
58
IA32 Floating Point
• History
– 8086: first computer to implement IEEE FP
• separate 8087 FPU (floating point unit)
– 486: merged FPU and Integer Unit onto one
chip
59
IA32 Floating Point
• Floating Point Formats
– single precision (C float): 32 bits
– double precision (C double): 64 bits
– extended precision (C long double): 80 bits
60
IA32 Floating Point
• Summary
– Hardware to add, multiply, and divide
– Floating point data registers
– Various control & status registers
61
IA32 Floating Point
Instructiondecoder andsequencer
FPUInteger
Unit
Memory
62
FPU Data Register Stack
• FPU register format (extended precision)
s exp frac
063647879
63
FPU Data Register Stack
• FPU registers– 8 registers– Logically forms shallow stack– Top called %st(0)– When push too many, bottom values disappear
“ Top”
stack grows down
%st(0)
%st(1)
%st(2)
%st(3)
64
FPU instructions
• Large number of floating point instructions and formats– ~50 basic instruction types– load, store, add, multiply– sin, cos, tan, arctan, and log!
• Sample instructions:
65
FPU instructions P213 Figure 3.30, P216 Figure 3.31
Instruction Effect Description
fldz push 0.0 Load zero
flds Addr push M[Addr] Load single precision real
fmuls Addr %st(0) <- %st(0)*M[Addr] Multiply
faddp %st(1) <- %st(0)+%st(1); Add and pop
pop
66
IA32 Floating Point
float ipf (float x[], float y[], int n){ int i; float result = 0.0; for (i = 0; i < n; i++) { result += x[i] * y[i]; } return result;}
67
pushl %ebp # setup movl %esp,%ebp pushl %ebx movl 8(%ebp),%ebx # %ebx=&x movl 12(%ebp),%ecx # %ecx=&y movl 16(%ebp),%edx # %edx=n fldz # push +0.0 xorl %eax,%eax # i=0 cmpl %edx,%eax # if i>=n done jge .L3 .L5: flds (%ebx,%eax,4) # push x[i] fmuls (%ecx,%eax,4) # st(0)*=y[i] faddp # st(1)+=st(0); pop incl %eax # i++ cmpl %edx,%eax # if i<n repeat jl .L5 .L3: movl -4(%ebp),%ebx # finish movl %ebp, %esp popl %ebp ret # st(0) = result
68
Inner Product Stack Trace
1. fldz 0.0 %st(0)
2. flds (%ebx,%eax,4) 0.0 %st(1)
x[0] %st(0)
3. fmuls (%ecx,%eax,4) 0.0 %st(1)
x[0]*y[0] %st(0)
4. faddp 0.0+x[0]*y[0] %st(0)
5. flds (%ebx,%eax,4) x[0]*y[0] %st(1)
x[1] %st(0)
6. fmuls (%ecx,%eax,4) x[0]*y[0] %st(1)x[1]*y[1] %st(0)
7. faddp %st(0)
x[0]*y[0]+x[1]*y[1]
Initialization
Iteration 0 Iteration 1
69
Load Instructions P216 Figure 3.31
Instruction Source format Source location
flds Addr Single Mem4[Addr]
fldl Addr Double Mem8[Addr]
fldt Addr Extended Mem10[Addr]
fildl Addr Integer Mem4[Addr]
fld %st(i) extended %st(i)
70
Store Instructions P216 Figure 3.32
Instruction Pop(Y/N)
destination format
destination location
fsts Addr N Single Mem4[Addr]
fstps Addr Y Single Mem4[Addr]
fstl Addr N Double Mem8[Addr]
fstpl Addr Y Double Mem8[Addr]
fstt Addr N Extended Mem10[Addr]
fstpt Addr Y Extended Mem10[Addr]
fistl Addr N Integer Mem4[Addr]
fistpl Addr Y Integer Mem4[Addr]
fst %st(i) N extended %st(i)
fstp %st(i) Y extended %st(i)
71
Arithmetic Instructions P218 Figure 3.33
72
Arithmetic Instructions P218 Figure 3.34
73
Comparison Instructions P222 Figure 3.35
74
Comparison Instructions P222 Figure 3.36
fnstsw %axandb $69, %ah
69=0X45
75
Arithmetic Instructions P223
1 int less (double x, double y)
2 {
3 return x < y;
4 }
76
Arithmetic Instructions P223
1 fldl 16(%ebp) Push y
2 fcompl 8(%ebp) Compare y:x
3 fnstsw %ax Store floating point status word in %ax
4 andb $69, %ah Mask all but bits 0, 2, and 6
5 sete %al Test for comparison outcome of 0
(>)
6 movzbl %al, %eax Copy low order byte to result,
and set rest to 0
77
78
79
80
81
top related