作业5

3.32

指令状态值(指令执行前)
标号PC指令%rdi%rsi%rax%rsp*%rsp描述
M10x400560callq100x7fffffffe820调用first (10)
F10x400548lea100x7fffffffe8180x400565first函数入口
F20x40054csub10110x7fffffffe8180x400565
F30x400550callq9110x7fffffffe8180x400565调用last (9, 11)
L10x400540mov9110x7fffffffe8100x400555last函数入口
L20x400543imul91190x7fffffffe8100x400555
L30x400547retq911990x7fffffffe8100x400555last返回值 99
F40x400555repz911990x7fffffffe8180x400565first返回值99
M20x400565mov911990x7fffffffe820main函数后续

3.33

情况1:假设 3 addq %rdi, (%rdx) 是实现 *u += a

则易知 a in %edi , u in %rdx

从而 4 addb %silm, (%rcx) 是实现 *v += b

从而 b in %si , v in %rcx

即四个参数的顺序为 int procprobl(int a, short b, long *u, char *v)


情况2:反之,假设 3 addq %rdi, (%rdx) 实现 *v += b

则有 b in %edi , *v in %rdx

从而 4 addb %silm, (%rcx) 是实现 *u += a

从而 a in %si , u in rcx

int procprobl(int b, short a, long *v, char *u)

3.35

A. 保存参数x的值,用来计算表达式结果,保存当前状态

B.

1
2
3
4
5
6
7
long rfun(unsigned long x) {
if (x == 0)
return 0;
unsigned long nx = x >> 2;
long rv = rfun(nx);
return x + rv;
}

3.38

1
2
3
leaq	0(,%rdi,8), %rdx	#8i
subq %rdi, %rdx #7i
addq %rsi, %rdx #7i+j

可知P为7列,即N=7

1
2
leaq	(%rsi,%rsi,4), %rax	#5j
addq %rax, %rdi #5j+i

可知,Q为5列,即M=5

综上,M=5,N=7

3.41

A.

p: 0

s.x: 8

s.y: 12

next: 16

B. 24

C.

1
2
3
4
5
void sp_init(struct prob *sp) {
sp->s.x = sp->s.y;
sp->p = &(sp->s.x);
sp->next = sp;
}

3.45

A.

abcdefgh
08162428324048

B. 56

C.

1
2
3
4
5
6
7
8
9
10
struct {
char d;
char f;
short b;
float e;
int h;
char *a;
double c;
long g;
}

重排的偏移量

dfbehacg
01248162432

大小:40

3.48

A.不带保护者:buf: 0, v: 24;带保护者:buf: 16, v: 8, 金丝雀: 40;

B. 带保护者的模式由于v比buf更接近栈顶,即使缓存区溢出也不会破坏v的值。

3.69

A.

1
2
3
4
5
6
7
8
9
10
11
12
mov		0x120(%rsi),%ecx		# bp->last
add (%rsi),%ecx # bp->firsst + bp->last
lea (%rdi,%rdi,4),%rax # 5i
lea (%rsi,%rax,8),%rax # bp+8*5i # a_struct的大小为40
mov 0x8(%rax),%rdx # bp+8*5i+8 # ap相对bp的偏移量为8 # %rdx即ap->idx
movslq %ecx,%rcx # (int)n => (long)
mov %rcx,0x10(%rax,%rdx,8)
# 8(ap->idx) + bp + 40*i + 0x10 = ap + 8(ap->idx) + 0x8 # ap->x[ap->idx]
# idx是long型,x是long数组
# 40 = 8 + 4 * 8,x数组的长度为4
# 0x120=288=8+40*7,CNT=7
retq

CNT=7

B.

1
2
3
4
typedef struct {
long idx;
long x[4];
} a_struct;

3.70

A.

e1.pe1.ye2.xe2.next
0808

B. 16

C.

1
2
3
void proc(union ele *up) {
up->e2.x = *(*(up->e2.next).e1.p) - *(up->e2.next).e1.y
}