chapter(3(part1( - Computer & Information Sciencesjfiore/2016/fall/2107/handouts/ch03/ch03... ·...
Transcript of chapter(3(part1( - Computer & Information Sciencesjfiore/2016/fall/2107/handouts/ch03/ch03... ·...
why we shouldn’t use assembly
• compilers generate pre8y fast, efficient code • tedious, easy to screw up • not portable
2
why you shouldn’t use assembly
• … and for that ma8er, why for a lot of things you shouldn’t be using C either …
• Corbató's Law: "The number of lines of code a programmer can write in a fixed period of 9me is the same independent of the language used."
why we’re doing assembly here
• learn how the machine works • possibly faster code. one scenario: – write in C – profiler – tweak the assembly for parts the profiler shows
• what if no compiler? • processor features not easily accessed by higher-‐level language
4
the point
• we’re not trying to prepare you for a job doing assembly programming
• it’s about learning how computers work
5
instrucPon set
• set of of operaPons that a processor supports • examples – load x bytes from this address into register y – add what’s in register i to what’s in register j
• primiPve stuff • usually takes lots of these primiPve ops to do something really useful
9
Other instrucPon sets • IA32, Intel64 (x86-‐64 or x64), IA64 • SPARC • ARM • PowerPC • MIPS • Alpha • JVM • we’re using: IA32
– not easiest, but popular – focusing on GCC output on Linux
10
some terminology
• x86 name for the chips • IA32 the name of the instrucPon set – IA = Intel Architecture
• note difference between: – architecture: what you need to know to program assembly -‐-‐ instrucPon set, registers
– microarchitecture: implementa9on – e.g., IA32 on non-‐Intel chips (e.g. AMD)
11
GAS
• assembler used by GCC • differences with NASM – AT&T syntax
• be careful when reading the Intel manuals – operand order!
12
some tools
• compiler – GCC • assembler – as aka gas • linker – ld • debugger – gdb • disassembler -‐ objdump • profiler -‐ gprof
14
Some History: Why should we care?
• Important things to take away from the history lesson in the chapter: – Moore’s law – EvoluPon of register names – Backward compatability: • Goal: run progs compiled for earlier versions of chip • But: old baggage support features that new OS, compilers rarely use
15
Some History
16
name date transistors notes
8086 1978 29K 16-bit processor. DOS. 1MB addressspace. DOS allows 640K
80286 1982 134K Windows80386 1985 275K 32-bit registers. Flat addressing. Can run
a Unix OS80486 1989 1.9MPentium 1993 3.1M’/MMX 1997 4.5M instructions helpful for multimedia pro-
cessingPentiumPro 1995 6.5M conditional move instructionsPentium III 1999 8.2MPentium IV 2001 42MCore 2 Duo 2006 291Mi7 2008 731M
In parallel. IA64 chips.
17
name date transistors
Itanium 2001 10M
Itanium 2 2002 221M
Itanium 2 Dual-Core 2006 1.7B
famous quote
If automobiles had followed the same development cycle as the computer, a Rolls-‐Royce would today cost $100, get a million miles per gallon, and explode once a year, killing everyone inside. —Robert X. Cringely
19
aside: goals then and now
• big goal then: – cram as much processing power on a chip possible
• big goal now: – cram as much processing power on a chip possible BUT • don’t use so much power • some environments: keep the chip small
think cell phone
21
How bad is your electric bill?
from, CuIng the Electric Bill for Internet-‐Scale Systems, Qureshi et al, CCR 2009.
22
Company Servers Electricity Cost
eBay 16K ⇡ 0.6⇥ 10
5MWh ⇡ $3.7M
Akamai 40K ⇡ 1.7⇥ 10
5MWh ⇡ $10M
Rackspace 50K ⇡ 2⇥ 10
5MWh ⇡ $12M
Microsoft >200K > 6⇥ 10
5MWh > 36M
Google >500K > 6.3⇥ 10
5MWh >38M
USA (2006) 10.9M 610⇥ 10
5MWh $4.5B
MIT campus 2.7⇥ 10
5MWh $62M
“general purpose” registers
29
register common use
EAX accumulator, returnEBX pointer to items in data segmentECX loop controlEDX I/O pointerESI src ptr for string opsEDI dst ptr for string opsESP stack pointerEBP base pointer
data types in Intel-‐speak
• so a word isn’t a word?
32
name sizebyte 1 byteword 2 bytes
doubleword 4 bytesquadword 8 bytes
double quadword 16 bytes
gcc output of sum funcPon
1 .text2 .globl _sum3 _sum:4 pushl %ebp #5 movl %esp, %ebp #,6 subl $24, %esp #,7 movl $30, -20(%ebp) #, x8 movl $57, -16(%ebp) #, y9 movl $39, -12(%ebp) #, z
10 movl -16(%ebp), %eax # y, y11 addl -20(%ebp), %eax # x, D.150912 addl -12(%ebp), %eax # z, D.150813 leave14 ret
34
simplest funcPon ever
1 int sum()2 {3 int x=30;4 int y=57;5 int z=39;6
7 return x+y+z;8 }
35
1 .text
2 .globl _sum
3 _sum:
4 pushl %ebp
5 movl %esp, %ebp
6 subl $24, %esp
7 movl $30, -20(%ebp)
8 movl $57, -16(%ebp)
9 movl $39, -12(%ebp)
10 movl -16(%ebp), %eax
11 addl -20(%ebp), %eax
12 addl -12(%ebp), %eax
13 leave
14 ret
let’s try a full program 1 /* file summain.c */2 int main(void)3 {4 int x=30;5 int y=57;6 int z=39;7
8 return x+y+z;9 }
36
its assembly output 1 /* file summain.s */2 .text3 .globl _main4 _main:5 pushl %ebp6 movl %esp, %ebp7 subl $24, %esp8 movl $30, -20(%ebp)9 movl $57, -16(%ebp)
10 movl $39, -12(%ebp)11 movl -16(%ebp), %eax12 addl -20(%ebp), %eax13 addl -12(%ebp), %eax14 leave15 ret16 .subsections_via_symbols
37
same code on SPARC
38
1 .section ".text"2 .align 43 .global main4 .type main,#function5 .proc 046 main:7 !#PROLOGUE# 08 save %sp, -128, %sp9 !#PROLOGUE# 1
10 mov 30, %o011 st %o0, [%fp-20]12 mov 57, %o013 st %o0, [%fp-24]14 mov 39, %o015 st %o0, [%fp-28]16 ld [%fp-20], %o017 ld [%fp-24], %o118 add %o0, %o1, %o019 ld [%fp-28], %o120 add %o0, %o1, %o021 mov %o0, %i022 b .LL223 nop24 .LL2:25 ret26 restore27 .LLfe1:28 .size main,.LLfe1-main29 .ident "GCC: (GNU) 2.95.3 20010315 (release)"
most of the same on ARM
39
1 sum:
2 @ args = 0, pretend = 0, frame = 16
3 @ frame_needed = 1, uses_anonymous_args = 0
4 @ link register save eliminated.
5 push {r7}
6 sub sp, sp, #20
7 add r7, sp, #0
8 mov r3, #30
9 str r3, [r7, #12]
10 mov r3, #57
11 str r3, [r7, #8]
12 mov r3, #39
13 str r3, [r7, #4]
14 ldr r2, [r7, #12]
15 ldr r3, [r7, #8]
16 adds r2, r2, r3
17 ldr r3, [r7, #4]
18 adds r3, r2, r3
19 mov r0, r3
20 add r7, r7, #20
21 mov sp, r7
22 pop {r7}
23 bx lr
what to do with it
• assembling: – as -‐o summain.o summain.s
• linking: – ld -‐o sum summain.o
40
What’s going on
• Assembler -‐-‐ .s to .o – binary encoding of each instrucPon – connecPons missing for code in different files
• Linker – references between files – staPc linker – copies library code into binary – dynamic linker – linkage when program is run
41
disassembly
• objdump –d filename • produces assembly from binary file • works for .o file or full executable
45
disassembly example
1 /* file AnotherSimpleSum.s */2 .section .text3 .globl _start4 _start:5 /* pushl %ebp */6 /* movl %esp, %ebp */7 movl $14, %ebx8 addl $29, %ebx9 addl $10, %ebx
10
11 movl $1, %eax12 int $0x80
1 sum: file format elf32-i3862
3
4 Disassembly of section .text:5
6 08048054 <_start>:7 8048054: bb 0e 00 00 00 mov $0xe,%ebx8 8048059: 83 c3 1d add $0x1d,%ebx9 804805c: 83 c3 0a add $0xa,%ebx
10 804805f: b8 01 00 00 00 mov $0x1,%eax11 8048064: cd 80 int $0x80 46
.s file
disassembled binary
another look at disassembled binary
• let – addresses of the instrucPons • center – opcode + operands • some instrucPons longer than others: – more frequently used instrucPons – shorter opcodes – some operaPons take more operands
47
1 sum: file format elf32-i3862
3
4 Disassembly of section .text:5
6 08048054 <_start>:7 8048054: bb 0e 00 00 00 mov $0xe,%ebx8 8048059: 83 c3 1d add $0x1d,%ebx9 804805c: 83 c3 0a add $0xa,%ebx
10 804805f: b8 01 00 00 00 mov $0x1,%eax11 8048064: cd 80 int $0x80
what can we disassemble?
• any executable • disassembler interprets bytes as assembly src • no source code required
48
aside: can do this in GDB too
• disas – disassembles current funcPon • disas sum – disassemble the sum funcPon • disas addr – disassemble funcPon at addr • disas ad1 ad2 – disas between addr ad1, ad2
49
very exciPng program
• can see the exit value in the shell by doing: – echo $?
1 #include <unistd.h>2
3 int main(int argc, char **argv)4 {5 _exit(17);6 }
51
assembly equivalent 1 /* file exitonly.s2 only slightly modified from Programming from the Ground Up.3 */4 .section .data5 .section .text6 .globl _start7 _start:8 movl $1, %eax /* this is the linux kernel command */9 /* number (system call) for exiting */
10 /* a program */11 movl $0, %ebx /* this is the status number we will */12 /* return to the operating system. */13 /* Change this around and it will */14 /* return different things to */15 /* echo $? */16 int $0x80 /* this wakes up the kernel to run */17 /* the exit command */
52
what happens during a syscall?
1. interrupt pin goes high during current instrucPon
2. control to interrupt handler 3. interrupt handler runs 4. handler returns to next
instrucPon
54
what are the syscalls in my OS?
• in Linux, – man syscalls
• seems to work on the Fedora boxes in the lab but not my Ubuntu machine
– unistd.h lists them:
#define __NR_restart_syscall 0#define __NR_exit 1#define __NR_fork 2#define __NR_read 3#define __NR_write 4#define __NR_open 5#define __NR_close 6#define __NR_waitpid 7#define __NR_creat 8#define __NR_link 9#define __NR_unlink 10#define __NR_execve 11#define __NR_chdir 12#define __NR_time 13#define __NR_mknod 14#define __NR_chmod 15...
55
Another syscall example.
56
1 #include <stdio.h>
2
3 void print_question_printf();
4
5 int main(void)
6 {
7 print_question_printf();
8 return 0;
9 }
10
11 void print_question_printf() {
12 char *str = "Who lives in a pineapple under the sea?\n";
13
14 printf("%s", str);
15 }
same thing using write system call
57
1 #include <unistd.h>
2 #include <string.h>
3
4 void print_question_write();
5
6 int main(void)
7 {
8 print_question_write();
9 return 0;
10 }
11
12 void print_question_write() {
13 char *str = "Who lives in a pineapple under the sea?\n";
14
15 write(STDOUT_FILENO, str, 40);
16 }
1 .equ STDOUT, 1
2 .equ MSG_LEN, 40
3 .equ WRITE_SYSCALL, 4
4
5 .section .data
6 str:
7 .ascii "Who lives in a pineapple under the sea?\n"
8
9 .section .text
10 .globl _start
11 _start:
12 /* write */
13 movl $WRITE_SYSCALL, %eax
14 movl $STDOUT, %ebx
15 movl $str, %ecx
16 movl $MSG_LEN, %edx
17 int $0x80
18
19 /* exit */
20 movl $1, %eax
21 movl $0, %ebx
22 int $0x80
Almost the same
58
C Library and system calls
• What’s the relaPonship between the funcPons in the C Library and system calls exported by an OS?
• Tool: strace – strace program runs program and prints the system calls executed 59
strace on the write version
60
execve("./print_question_write", ["./print_question_write"], [/* 39 vars */]) = 0
brk(0) = 0xcc0000
...
write(1, "Who lives in a pineapple under t"..., 40Who lives in a pineapple under the sea?
) = 40
...
strace on the prinx version
61
execve("./print_question_printf", ["./print_question_printf"], [/* 39 vars */]) = 0
brk(0) = 0x1d81000
...
write(1, "Who lives in a pineapple under t"..., 40Who lives in a pineapple under the sea?
) = 40
So what does strace tell us?
What does strace tell us about the relaPonship between the C library funcPon calls and syscalls provided by Linux (or any other OS)?
62
binary compaPbility
• Linux runs on my Intel desktop • Windows runs on my Intel desktop • Why can’t I take my Windows binaries and run them on Linux and vice versa?
63
for now: old program as template
64
1 /* file exitonly.s2 only slightly modified from Programming from the Ground Up.3 */4 .section .data5 .section .text6 .globl _start7 _start:8 movl $1, %eax /* this is the linux kernel command */9 /* number (system call) for exiting */
10 /* a program */11 movl $0, %ebx /* this is the status number we will */12 /* return to the operating system. */13 /* Change this around and it will */14 /* return different things to */15 /* echo $? */16 int $0x80 /* this wakes up the kernel to run */17 /* the exit command */