csc 2400 computer systems using the stack for function
play

CSC 2400: Computer Systems Using the Stack for Function Calls - PowerPoint PPT Presentation

Jan 03, 2023 •354 likes •782 views

CSC 2400: Computer Systems Using the Stack for Function Calls Lecture Goals int add3(int a, int b, int c) { int d; How are function calls d = a + b + c; implemented at the return d; } machine level? int main() { int sum, avg;

  1. CSC 2400: Computer Systems Using the Stack for Function Calls

  2. Lecture Goals int add3(int a, int b, int c) { int d; How are function calls d = a + b + c; implemented at the return d; } machine level? int main() { int sum, avg; • Challenges: sum = add3(3, 4, 5); ! Providing info for the called function avg = sum / 3; – Function arguments return avg } – Local variables ! Upon return, resume execution of caller – Return address – Register contents • Solution: use the stack

  3. Lecture Goals • Challenges of supporting functions ! Providing information for the called function – Function arguments and local variables ! Allowing the calling function to continue where it left off – Return address and contents of registers • Solution: use the stack ! Stack frame: args, local vars, return address, registers ! Stack pointer ESP : pointing to the current top of the stack • Calling functions ! CALL and RET instructions ! Using the base pointer EBP as a reference point

  4. int add3(int a, int b, int c) { Function Calls int d; d = a + b + c; return d; • main calls add3 } ! Push arguments on the stack ! Push return address on stack int main() { ! Jump to add3 int sum, avg; ! Allocate local variables on stack, save registers, etc. sum = add3(3, 4, 5); avg = sum / 3; Return return avg Address } • Returning to main Stack Frame for add3 ! Clear the stack frame for add3 ! Pop return address from stack Return Addr. ESP Stack Frame Address 3 for main 4 5

  5. The Stack MEMORY q The stack is a region of your 0 1 executable program used to 2 facilitate function calls . - it stores function arguments, TEXT . DATA . local variables, etc. HEAP q The register ESP always points to (contains the STACK address of) the top stack ESP 7 element 11 5 23 ESP = Extended Stack Pointer Always points to the top element of the stack

  6. Function Calls int add3(int a, int b, int c) { int d; How are function d = a + b + c; calls implemented in return d; assembly? } int main() { int sum, avg; sum = add3(3, 4, 5); avg = sum / 3; return avg }

  7. int main() { Stack Frames int sum = 0,avg = 0; sum = add3(3, 4, 5); q The stack frame , also known as avg = sum / 3; activation record , is the collection return avg of all data on the stack } associated with one function call 0 q The stack frame includes local variables, arguments passed to functions, saved registers, etc. ESP 3 4 Stack Frame 5 for main 0 (avg) 0 (sum) Bottom

  8. Stack Frames – High-Level Picture main begins executing 0 main calls A (Extended Stack Pointer) ESP main’s Stack Frame (Extended Base Pointer) EBP

  9. High-Level Picture main begins executing 0 main calls A A calls B ESP A’s Stack Frame EBP main’s Stack Frame Bottom

  10. High-Level Picture main begins executing 0 main calls A A calls B B returns ESP B’s Stack Frame EBP A’s Stack Frame main’s Stack Frame Bottom

  11. High-Level Picture main begins executing 0 main calls A A calls B A returns B returns ESP A’s Stack Frame EBP main’s Stack Frame Bottom

  12. High-Level Picture main begins executing 0 main calls A A calls B A returns B returns main returns ESP main’s Stack Frame EBP

  13. High-Level Picture main begins executing 0 main calls P P calls Q Q returns P returns main returns Bottom

  14. Function Calls int add3(int a, int b, int c) { int d; How are function d = a + b + c; calls implemented in return d; assembly? } int main() { Let’s look at the int sum, avg; disassembled code sum = add3(3, 4, 5); avg = sum / 3; return avg }

  15. Disassembled code for main : int main() ... { <main+17>: mov DWORD PTR [esp+0x8],0x5 int sum, avg; <main+25>: mov DWORD PTR [esp+0x4],0x4 sum = add3(3, 4, 5); <main+33>: mov DWORD PTR [esp],0x3 avg = sum / 3; <main+40>: call 0x8048394 <add3> return avg <main+45>: mov DWORD PTR [ebp-0xc],eax } ... Stack before • main prepares to call add3 call <add3> ! place arguments on the stack ESP 3 ESP+4 4 ESP+8 5

  16. Disassembled code for main : int main() ... { <main+17>: mov DWORD PTR [esp+0x8],0x5 int sum, avg; <main+25>: mov DWORD PTR [esp+0x4],0x4 sum = add3(3, 4, 5); <main+33>: mov DWORD PTR [esp],0x3 avg = sum / 3; <main+40>: call 0x8048394 <add3> return avg <main+45>: mov DWORD PTR [ebp-0xc],eax } ... Stack after • call <add3> call <add3> ! Push return address on stack Stack Frame ! Jump to add3 for add3 ESP return address (EIP) main+45 3 Stack Frame 4 for main 5

  17. Disassembled code for add3 : <add3+0>: push ebp int add3(int a, int b, int c) { <add3+1>: mov ebp,esp int d; <add3+3>: sub esp,0x10 <add3+6>: mov edx,DWORD PTR [ebp+0xc] d = a + b + c; <add3+9>: mov eax,DWORD PTR [ebp+0x8] return d; <add3+12>: add eax,edx } <add3+14>: add eax,DWORD PTR [ebp+0x10] ... <add3+23>: leave <add3+24>: ret This is how the stack looks like before add3 starts executing ESP ESP EBP ebp (copy) ESP EBP+4 (return address) main+45 main+45 EBP+8 3 (a) 3 (a) EBP+12 4 (b) 4 (b) EBP+16 5 (c) 5 (c)

  18. In general …

  19. CALL instruction 0 0 ESP Return Address after ESP Arg 1 Arg 1 CALL before Arg … Arg … CALL Arg N Arg N EBP EBP Arguments placed onto CALL: push EIP on the the stack before CALL stack and jump to callee

  20. Called Function uses Base Pointer EBP 0 • As called function executes, ESP may change ! e.g., calling another function • How to access arguments? ESP EBP Old EBP ! Use EBP as fixed reference EBP+4 Return Address ! Save old EBP value first EBP+8 Arg 1 • Callee begins by executing Arg … Arg N PUSH EBP MOV EBP, ESP Callee always finds the first argument at address EBP+8 , second argument at address EBP+12 , etc. Old EBP

  21. Allocation for Local Variables • Local variables are also 0 allocated on the stack • Allocation done by moving the EBP-8 Var 2 stack pointer EBP-4 Var 1 EBP • Example: allocate two integers Old EBP ! SUB ESP, 4 Return Address EBP+8 ! SUB ESP, 4 Arg 1 ! (or equivalently SUB ESP, 8 ) Arg … • Reference local variables Arg N using the base pointer ! [EBP-4] ! [EBP-8]

  22. Called function ends by executing LEAVE 0 0 RET ESP EBP Old EBP ESP Return Address Return Address Arg 1 Arg 1 Arg … Arg … Arg N Arg N EBP Stack after LEAVE Stack before LEAVE

  23. Called function ends by executing Return Address copied into EIP 0 0 LEAVE RET ESP Return Address ESP Arg 1 Arg 1 Arg … Arg … Arg N Arg N EBP EBP Stack after RET Stack before RET

  24. A Simple Example int sum(int x, int y) { return x+y; } int main () { int result; result = sum(0x11, 0x22); printf("%d\n", result); return 0; } Compile: gcc sum.c –o xsum Debug: gdb ./xsum set disassembly-flavor intel disas main

  25. Example main: PUSH EBP MOV EBP,ESP ... SUB ESP, 0x14 MOV DWORD PTR [ESP+4], 0x22 MOV DWORD PTR [ESP], 0x11 CALL sum MOV DWORD PTR [EBP-4],EAX ... MOV EAX, 0 ADD ESP, 0x14 POP EBP RET ESP • Recall that: ! The stack grows from high addresses towards low addresses

  26. Example main: PUSH EBP MOV EBP,ESP ... SUB ESP, 0x14 MOV DWORD PTR [ESP+4], 0x22 MOV DWORD PTR [ESP], 0x11 CALL sum MOV DWORD PTR [EBP-4],EAX ... MOV EAX, 0 ADD ESP, 0x14 POP EBP RET ESP EBP(os) • Recall that: ! The stack grows from high addresses towards low addresses

  27. Example main: PUSH EBP MOV EBP,ESP ... SUB ESP, 0x14 MOV DWORD PTR [ESP+4], 0x22 MOV DWORD PTR [ESP], 0x11 CALL sum MOV DWORD PTR [EBP-4],EAX ... MOV EAX, 0 ADD ESP, 0x14 POP EBP RET ESP EBP(main) EBP(os)

  28. Example main: PUSH EBP MOV EBP,ESP ... SUB ESP, 0x14 MOV DWORD PTR [ESP+4], 0x22 MOV DWORD PTR [ESP], 0x11 CALL sum MOV DWORD PTR [EBP-4],EAX ESP ... MOV EAX, 0 ADD ESP, 0x14 POP EBP RET EBP(main) EBP(os)

  29. Example main: PUSH EBP MOV EBP,ESP ... SUB ESP, 0x14 MOV DWORD PTR [ESP+4], 0x22 MOV DWORD PTR [ESP], 0x11 CALL sum MOV DWORD PTR [EBP-4],EAX ESP ... MOV EAX, 0 0x22 ADD ESP, 0x14 POP EBP RET EBP(main) EBP(os)

  30. Example main: PUSH EBP MOV EBP,ESP ... SUB ESP, 0x14 MOV DWORD PTR [ESP+4], 0x22 MOV DWORD PTR [ESP], 0x11 CALL sum MOV DWORD PTR [EBP-4],EAX ESP ... 0x11 MOV EAX, 0 0x22 ADD ESP, 0x14 POP EBP RET <sum>: PUSH EBP EBP(main) EBP(os) MOV EBP, ESP MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] POP EBP RET

  31. Example main: PUSH EBP MOV EBP,ESP ... SUB ESP, 0x14 MOV DWORD PTR [ESP+4], 0x22 MOV DWORD PTR [ESP], 0x11 CALL sum ESP (return address) RA RA MOV DWORD PTR [EBP-4],EAX ... 0x11 MOV EAX, 0 0x22 ADD ESP, 0x14 POP EBP RET <sum>: PUSH EBP EBP(main) EBP(os) MOV EBP, ESP MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] POP EBP RET

  32. Example main: PUSH EBP MOV EBP,ESP ... SUB ESP, 0x14 MOV DWORD PTR [ESP+4], 0x22 ESP MOV DWORD PTR [ESP], 0x11 EBP(main) CALL sum (return address) RA RA MOV DWORD PTR [EBP-4],EAX ... 0x11 MOV EAX, 0 0x22 ADD ESP, 0x14 POP EBP RET <sum>: PUSH EBP EBP(main) EBP(os) MOV EBP, ESP MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] POP EBP RET

Recommend

CSC 2400: Computer Systems Stack Buffer Overflow Attacks Summary Invoking a function ! CALL

CSC 2400: Computer Systems Stack Buffer Overflow Attacks Summary Invoking a function ! CALL

CSC 2400: Computer Systems Stack Buffer Overflow Attacks Summary Invoking a function ! CALL : call the function ! RET : return from the instruction Stack Frame for a function call includes ! Function arguments ! Return address ! Local

576 views • 15 slides
CSC 2400 Announcements q HW 1 assigned (Due Wednesday) q Sign up for Piazza (30/47) CSC 2400:

CSC 2400 Announcements q HW 1 assigned (Due Wednesday) q Sign up for Piazza (30/47) CSC 2400:

CSC 2400 Announcements q HW 1 assigned (Due Wednesday) q Sign up for Piazza (30/47) CSC 2400: Computer Systems Number Systems Analog vs. Digital System q Analog Signals - Value varies continuously q Digital Signals - Value limited to a finite set

683 views • 44 slides
Registers and Stack Frames Lecture 6 Function calls and stack frames function invocation

Registers and Stack Frames Lecture 6 Function calls and stack frames function invocation

Registers and Stack Frames Lecture 6 Function calls and stack frames function invocation contexts are strictly nested stack mechanism is adequate for managing parameters and locals Information needed for function calls arguments

577 views • 14 slides
Function Calls and Stack Philipp Koehn 16 April 2018 Philipp Koehn Computer Systems

Function Calls and Stack Philipp Koehn 16 April 2018 Philipp Koehn Computer Systems

Function Calls and Stack Philipp Koehn 16 April 2018 Philipp Koehn Computer Systems Fundamentals: Function Calls and Stack 16 April 2018 1 functions Philipp Koehn Computer Systems Fundamentals: Function Calls and Stack 16 April 2018

1.16k views • 25 slides
CSC 2400: Computer Systems Debugging C Programs Slides by Jennifer Rexford from Princeton

CSC 2400: Computer Systems Debugging C Programs Slides by Jennifer Rexford from Princeton

CSC 2400: Computer Systems Debugging C Programs Slides by Jennifer Rexford from Princeton University, slightly modified by Mirela Damian. Goals of this Lecture Help you learn about: ! Strategies for debugging your code ! The GDB debugger

516 views • 20 slides
CSC 2400: Computer Systems Week 1 Goals and Introduction Prof. Michael Robson Outline q

CSC 2400: Computer Systems Week 1 Goals and Introduction Prof. Michael Robson Outline q

CSC 2400: Computer Systems Week 1 Goals and Introduction Prof. Michael Robson Outline q Syllabus q Introductions q Background survey q What is a computer system? Syllabus www.csc.villanova.edu/~mprobson/courses/csc2400/ Syllabus Questions

1.27k views • 25 slides
CSC 2400: Computer Systems Week 1 C versus Java Reminders q Sign up for ZyBook

CSC 2400: Computer Systems Week 1 C versus Java Reminders q Sign up for ZyBook

CSC 2400: Computer Systems Week 1 C versus Java Reminders q Sign up for ZyBook VILLANOVACSC2400RobsonFall2020 q HW 1 Due a week from today http://www.csc.villanova.edu/~mprobson/courses/f a20-csc2400/hw1.html q Sign up for Piazza

236 views • 22 slides
CSC 2400: Computer Systems Bit-Level vs. Logical Operators Review Addition q 2s complement

CSC 2400: Computer Systems Bit-Level vs. Logical Operators Review Addition q 2s complement

CSC 2400: Computer Systems Bit-Level vs. Logical Operators Review Addition q 2s complement addition is just binary addition - assume all integers have the same number of bits - for now, assume no overflow 01101000 (104) 11110110 (-10) +

696 views • 46 slides
Stack Basics and Procedure Calls Systems Design &amp; Programming CMPE 310 Purpose of Stack

Stack Basics and Procedure Calls Systems Design &amp; Programming CMPE 310 Purpose of Stack

Stack Basics and Procedure Calls Systems Design &amp; Programming CMPE 310 Purpose of Stack Memory used to pass parameters to procedures (including C function calls) Memory used for allocating space for local variables Save return

296 views • 8 slides
The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer

The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer

The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer science. The stack is an abstract data type that has two main operations. These are push which adds an element to the top of the stack and pop which

754 views • 8 slides
Functions and the Stack 10/4/16 Overview Stack data structure, applied to memory Behavior

Functions and the Stack 10/4/16 Overview Stack data structure, applied to memory Behavior

Functions and the Stack 10/4/16 Overview Stack data structure, applied to memory Behavior of function calls Storage of function data, at IA32 level A Stack A stack is a basic data structure Last in, first out behavior

676 views • 56 slides
CSC 2400: Computer Systems Towards the Hardware: Machine-Level Representation of Programs

CSC 2400: Computer Systems Towards the Hardware: Machine-Level Representation of Programs

CSC 2400: Computer Systems Towards the Hardware: Machine-Level Representation of Programs Towards the Hardware High-level language (Java) High-level language (C) assembly language machine language (IA-32) Compilation Stages

936 views • 66 slides
CPSC 213 Introduction to Computer Systems Unit 1e Procedures and the Stack Readings for Next 3

CPSC 213 Introduction to Computer Systems Unit 1e Procedures and the Stack Readings for Next 3

CPSC 213 Introduction to Computer Systems Unit 1e Procedures and the Stack Readings for Next 3 Lectures Textbook Procedures - 3.7 Out-of-Bounds Memory References and Buffer Overflow - 3.12 Local Variables of a Procedure public

331 views • 16 slides
Neural Networks Neural Networks can be : - Biological models MSE 2400 EaLiCaRA - Artificial

Neural Networks Neural Networks can be : - Biological models MSE 2400 EaLiCaRA - Artificial

Background Neural Networks Neural Networks can be : - Biological models MSE 2400 EaLiCaRA - Artificial models Dr. Tom Way Desire to produce artificial systems capable of sophisticated computations similar to the human brain. MSE 2400

215 views • 6 slides
Programming for Engineers Recursions ICEN 200 Spring 2018 Prof. Dola Saha 1 Function call

Programming for Engineers Recursions ICEN 200 Spring 2018 Prof. Dola Saha 1 Function call

Programming for Engineers Recursions ICEN 200 Spring 2018 Prof. Dola Saha 1 Function call stack and stack frames Stack is analogous to a pile of books Known as last-in, first-out (LIFO) data structures Pop Push Stack of books 2

525 views • 26 slides
The Stack pushl * does %esp &lt;- %esp - 4 movl *, (%esp) popl * movl (%esp), * does %esp

The Stack pushl * does %esp &lt;- %esp - 4 movl *, (%esp) popl * movl (%esp), * does %esp

Function Implementation (x86-specific) double words are pushed and popped addr 0 dedicated register %esp contains address of item currently at top of stack (TOS) %esp The Stack pushl * does %esp &lt;- %esp - 4 movl *, (%esp) popl *

288 views • 18 slides
Compilers and computer architecture Code-generation (1): stack-machines Martin Berger 1 November

Compilers and computer architecture Code-generation (1): stack-machines Martin Berger 1 November

Compilers and computer architecture Code-generation (1): stack-machines Martin Berger 1 November 2019 1 Email: M.F.Berger@sussex.ac.uk , Office hours: Wed 12-13 in Chi-2R312 1 / 1 Recall the function of compilers 2 / 1 Plan for the next two

645 views • 48 slides
6502 Stack Philipp Koehn 20 September 2019 Philipp Koehn Computer Systems Fundamentals: 6502

6502 Stack Philipp Koehn 20 September 2019 Philipp Koehn Computer Systems Fundamentals: 6502

6502 Stack Philipp Koehn 20 September 2019 Philipp Koehn Computer Systems Fundamentals: 6502 Stack 20 September 2019 1 c64 emulator Philipp Koehn Computer Systems Fundamentals: 6502 Stack 20 September 2019 PEEK and POKE 2 POKE:

781 views • 38 slides
Review: Stack Frame CS451 16 Spring Process memory layout Stack is used to store data

Review: Stack Frame CS451 16 Spring Process memory layout Stack is used to store data

Review: Stack Frame CS451 16 Spring Process memory layout Stack is used to store data associated stack with function calls Data stores static data where values can change. data segment On top of it, dynamic data is allocated with malloc()

328 views • 20 slides
Towards an Open Source IEEE 802.11p Stack Bastian Bloessl &lt;bloessl@ccs-labs.org&gt; Computer

Towards an Open Source IEEE 802.11p Stack Bastian Bloessl &lt;bloessl@ccs-labs.org&gt; Computer

Towards an Open Source IEEE 802.11p Stack Bastian Bloessl &lt;bloessl@ccs-labs.org&gt; Computer and Communication Systems Group, University of Innsbruck, Austria February 2014 FOSDEM SDR Dev Room Brussels, Belgium Outline

209 views • 20 slides
The reachability problem for vector addition systems with a stack is not elementary Ranko Lazi

The reachability problem for vector addition systems with a stack is not elementary Ranko Lazi

The reachability problem for vector addition systems with a stack is not elementary Ranko Lazi c DIMAP, Department of Computer Science, University of Warwick, UK Abstract Whereas computations of VAS Branching VAS. are words of vectors of

77 views • 4 slides
Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna University of

Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna University of

Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna University of Technology for some of these slides sws1 1 1 Attacking the stack We have seen how the stack works. Now: lets see how we can abuse this. We have

733 views • 48 slides
Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping

Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping

Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping etc. Implementations of stacks using array linked list The Stack ADT A stack is a list with the restriction that insertions and

566 views • 44 slides
Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology

Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology

Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology for some of these slides Attacking the stack We have seen how the stack works. Now: lets see how we can abuse this. We have already seen how code

671 views • 47 slides

More recommend