Berkeley COMPSCI 161 - Process Layout, Function Calls, and the Heap - D2887636

Home> Schools> University of California, Berkeley> Computer Science (COMPSCI) > COMPSCI 161> Process Layout, Function Calls, and the Heap

DOC PREVIEW

Berkeley COMPSCI 161 - Process Layout, Function Calls, and the Heap

School name University of California, Berkeley

Course Compsci 161- Computer Security

Pages 49

This preview shows page 1-2-3-23-24-25-26-47-48-49 out of 49 pages.

Save

View full document

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

Premium Document

Do you want full access? Go Premium and unlock all 49 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

Unformatted text preview:

Process LayoutFunction CallsThe HeapProcess Layout, Function Calls, and the HeapCS 161 – Spring 2011Prof. Vern PaxsonTAs: Devdatta Akhawe, Mobin Javed, Matthias VallentinJanuary 19, 20111 / 152 / 15OutlineProcess LayoutFunction CallsThe HeapProcess Layout 3 / 15Process Layout in MemoryIStackIgrows towards decreasingaddresses.Iis initialized at run-time.IHeap and BSS sectionsIgrow towards increasing addresses.Iare initialized at run-time.IData sectionIis initialized at compile-time.IText sectionIholds the program instructions(read-only).StackHeapBSSDataTextdynamicgrowth0xc00000000x08048000high addresslow addressProcess Layout 4 / 15Process Layout in MemoryIStackIgrows towards decreasingaddresses.Iis initialized at run-time.IHeap and BSS sectionsIgrow towards increasing addresses.Iare initialized at run-time.IData sectionIis initialized at compile-time.IText sectionIholds the program instructions(read-only).StackHeapBSSDataTextdynamicgrowth0xc00000000x08048000high addresslow addressuninitialized variablesinitialized variablesProcess Layout 4 / 15OutlineProcess LayoutFunction CallsThe HeapFunction Calls 5 / 15IA-32RegistersEAX Accumulator for operands and results dataEBX Pointer to data in the DS segmentECX Counter for string and loop operationsEDX I/O pointerESI Source pointer for string operationsEDI Destination pointer for string operationsEBP Frame pointerESP Stack pointerTerminologySFP saved frame pointer: saved %ebp on the stackOFP old frame pointer: old %ebp from the previous stack frameRIP return instruction pointer: return address on the stackFunction Calls 6 / 15IA-32RegistersEAX Accumulator for operands and results dataEBX Pointer to data in the DS segmentECX Counter for string and loop operationsEDX I/O pointerESI Source pointer for string operationsEDI Destination pointer for string operationsEBP Frame pointerESP Stack pointerTerminologySFP saved frame pointer: saved %ebp on the stackOFP old frame pointer: old %ebp from the previous stack frameRIP return instruction pointer: return address on the stackFunction Calls 6 / 15Function Callsvoid foo(int a, int b, int c){int bar[2];char qux[3];bar[0] = ’A’;qux[0] = 0x2a;}int main(void){int i = 1;foo(1, 2, 3);return 0;}Function Calls 7 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretebpespFunction Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfpebpespFunction Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfpofpesp + ebpFunction Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfpofpebpespFunction Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfp1ofpebpespFunction Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfp1321ofpebpespFunction Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfp1321ripofpebpespFunction Calls 8 / 15Function Calls in Assemblerfoo:pushl %ebpmovl %esp,%ebpsubl $12,%espmovl $65,-8(%ebp)movb $66,-12(%ebp)leaveretsfp1321ripofpebpespFunction Calls 8 / 15Function Calls in Assemblerfoo:pushl %ebpmovl %esp,%ebpsubl $12,%espmovl $65,-8(%ebp)movb $66,-12(%ebp)leaveretsfp1321ripsfpofpebpespFunction Calls 8 / 15Function Calls in Assemblerfoo:pushl %ebpmovl %esp,%ebpsubl $12,%espmovl $65,-8(%ebp)movb $66,-12(%ebp)leaveretsfp1321ripsfpofpofp (m)esp + ebpFunction Calls 8 / 15Function Calls in Assemblerfoo:pushl %ebpmovl %esp,%ebpsubl $12,%espmovl $65,-8(%ebp)movb $66,-12(%ebp)leaveretsfp1321ripsfpofpofp (m)ebpespFunction Calls 8 / 15Function Calls in Assemblerfoo:pushl %ebpmovl %esp,%ebpsubl $12,%espmovl $65,-8(%ebp)movb $66,-12(%ebp)leaveretsfp1321ripsfpofpofp (m)ebpesp00 00 00 41Function Calls 8 / 15Function Calls in Assemblerfoo:pushl %ebpmovl %esp,%ebpsubl $12,%espmovl $65,-8(%ebp)movb $66,-12(%ebp)leaveretsfp1321ripsfpofpofp (m)ebpesp00 00 00 4142Function Calls 8 / 15Function Calls in Assemblerfoo:pushl %ebpmovl %esp,%ebpsubl $12,%espmovl $65,-8(%ebp)movb $66,-12(%ebp)leaveretsfp1321ripsfpofpofp (m)esp + ebp00 00 00 4142leave: movl %ebp,%esp popl %ebpFunction Calls 8 / 15Function Calls in Assemblerfoo:pushl %ebpmovl %esp,%ebpsubl $12,%espmovl $65,-8(%ebp)movb $66,-12(%ebp)leaveretsfp1321ripsfpofpebpesp00 00 00 4142leave: movl %ebp,%esp popl %ebpFunction Calls 8 / 15Function Calls in Assemblerfoo:pushl %ebpmovl %esp,%ebpsubl $12,%espmovl $65,-8(%ebp)movb $66,-12(%ebp)leaveretsfp1321ripsfpofpebpesp00 00 00 4142ret: popl %eipFunction Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfp1321ripsfpofpebpesp00 00 00 4142Function Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfp1321ripsfpofpebpesp00 00 00 4142Function Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfp1321ripsfpofpebpesp00 00 00 4142Function Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfp1321ripsfpofpesp + ebp00 00 00 4142Function Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveretsfp1321ripsfpebpesp00 00 00 4142Function Calls 8 / 15Function Calls in Assemblermain:pushl %ebpmovl %esp,%ebpsubl $4,%espmovl $1,-4(%ebp)pushl $3pushl $2pushl $1call fooaddl $12,%espxorl %eax,%eaxleaveret(rip)sfp1321ripsfpebpesp00 00 00 4142Function Calls 8 / 15OutlineProcess LayoutFunction CallsThe HeapThe Heap 9 / 15The HeapThe heap is ”[...] a pool of memory available for the allocation

View Full Document