Heterogeneous Data Structures & Alignment * heterogeneous: 不同种类的

81
1 Heterogeneous Data Structures & Alignment * heterogeneous: 不不不不不

description

Heterogeneous Data Structures & Alignment * heterogeneous: 不同种类的. Outline. Struct Union Alignment Chap 3.9, 3.10. Structures P191. Group objects into a single object Each object is referenced by name Memory layout All the components are stored in a contiguous region of memory - PowerPoint PPT Presentation

Transcript of Heterogeneous Data Structures & Alignment * heterogeneous: 不同种类的

Page 1: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

1

Heterogeneous Data Structures & Alignment

* heterogeneous: 不同种类的

Page 2: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

2

Outline

• Struct• Union• Alignment

– Chap 3.9, 3.10

Page 3: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

3

Structures P191

• Group objects into a single object• Each object is referenced by name• Memory layout

– All the components are stored in a contiguous region of memory

– A pointer to a structure is the address of its first byte

• References to structure elements– Using offsets as displacements

Page 4: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

4

Structure P192

struct rect {int llx; /* X coordinate of lower-left corner */int lly; /* Y coordinate of lower-left corner */int color; /* Coding of color */int width; /* Width (in pixels) */int height; /* Height (in pixels) */

};

Page 5: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

5

Structure P192

struct rect r;

r.llx = r.lly = 0;r.color = 0xFF00FF;r.width = 10;r.height = 20;

Page 6: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

6

Structure P192

int area (struct rect *rp){return (*rp).width * (*rp).height;

}

void rotate_left (struct rect *rp){/* Exchange width and height */int t = rp->height;rp->height = rp->width;rp->width = t;

}

Page 7: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

7

Structure

struct rec {

int i;

int j;

int a[3];

int *p;

} *r;

Page 8: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

8

Structure P193

• Copy element r->i to element r->j:• r is in register %edx.

1 movl (%edx), %eax Get r->i2 movl %eax, 4(%edx) Store in

r->j

Page 9: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

9

Structure P193

• Generate the pointer &(r->a[1])– r in %eax, – i in %edx

1 leal 8(%eax,%edx,4),%ecx %ecx = &r->a[i]

Page 10: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

10

Structure

• r->p = &r->a[r->i + r->j];– r in register %edx:

1 movl 4(%edx), %eax Get r->j2 addl (%edx), %eax Add r->i3 leal 8(%edx,%eax,4), %eax Compute &r-

>a[r->i + r->j]4 movl %eax, 20(%edx) Store in r->p

Page 11: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

11

Unions P194

• A single object can be referenced by using different data types

• The syntax of a union declaration is identical to that for structures, but its semantics are very different

• Rather than having the different fields reference different blocks of memory, they all reference the same block

*syntax: 语法*semantic: 语义

Page 12: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

12

Unions

struct S3 {

char c;

int i[2];

double v;

};

union U3 {

char c;

int i[2];

double v;

};

Page 13: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

13

Unions P195

• The offsets of the fields, as well as the total size of data types S3 and U3, are:

Type c i v size

S3 0 4 12 20U3 0 0 0 8

Page 14: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

14

Unions P195

struct NODE {struct NODE *left;struct NODE *right;double data;

};union NODE {struct {

union NODE *left;union NODE *right;

} internal;double data;

};

Page 15: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

15

Unions (additional tag field)

struct NODE {

int is_leaf;

union {

struct {

struct NODE *left;

struct NODE *right;

} internal;

double data;

} info;

};

Page 16: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

16

Unions P196

1 unsigned float2bit(float f)

2 {

3 union {

4 float f;

5 unsigned u;

6 } temp;

7 temp.f = f;

8 return temp.u;

9 };

1 movl 8(%ebp), %eax

Page 17: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

17

Unions

1 unsigned float2bit(float f)

2 {

3 union {

4 float f;

5 unsigned u;

6 } temp;

7 temp.f = f;

8 return temp.u;

9 };

1 movl 8(%ebp), %eax

Page 18: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

18

Unions (Code generated identical to the procedure)

1 unsigned copy (unsigned u)

2 {

3 return u;

4 }

1 movl 8(%ebp), %eax

Page 19: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

19

Alignment P198

• Alignment restrictions

– The address for some type of object must be a

multiple of some value k (typically 2, 4, or 8)

– Simplify the hardware design of the interface

between the processor and the memory

system

Page 20: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

20

Alignment

• In IA32

– hardware will work correctly regardless of the

alignment of data

– Aligned data can improve memory system

performance

Page 21: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

21

Alignment

• Linux alignment restriction

– 1-byte data types are able to have any

address

– 2-byte data types must have an address that

is multiple of 2

– Any larger data types must have an address

that is multiple of 4

Page 22: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

22

Alignment

• Alignment is enforced by– Making sure that every data type is organized

and allocated in such a way that every object within the type satisfies its alignment restrictions.

• malloc()– Returns a generic pointer that is void *– Its alignment requirement is 4

Page 23: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

23

Alignment

• Structure data type– may need to insert gaps in the field allocation– may need to add padding to the end of the

structure

* padding: 填充

Page 24: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

24

Alignment P199

struct S1 {

int i;

char c;

int j;

};

Page 25: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

25

Alignment P200

struct S2 {

int i;

int j;

char c;

} d[4];

xd, xd+9, xd+18, xd+27

xd, xd+12, xd+24, xd+36

Page 26: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

26

Putting it Together

Page 27: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

27

Outline

• Pointer– Declaration

– referencing, deferencing

– memory allocation, memory free

• Buffer overflow

• Suggested reading– Chap 3.11, 3.13

Page 28: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

28

Example P202 Figure 3.26

1 struct str { /* Example Structure */2 int t;3 char v;4 };56 union uni { /* Example Union */7 int t;8 char v;9 } u;1011 int g = 15;12

Page 29: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

29

Example P202 Figure 3.26

13 void fun(int* xp)14 {15 void (*f)(int*) = fun; /* f is a function

pointer */1617 /* Allocate structure on stack */18 struct str s = {1,’a’}; /* Initialize structure

*/1920 /* Allocate union from heap */21 union uni *up = (union uni *)

malloc(sizeof(union uni));2223 /* Locally declared array */24 int *ip[2] = {xp, &g};

Page 30: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

30

Example

26 up->v = s.v+1;2728 printf("ip = %p, *ip = %p, **ip = %d\n",29 ip, *ip, **ip);30 printf("ip+1 = %p, ip[1] = %p, *ip[1] = %d\n",31 ip+1, ip[1], *ip[1]);32 printf ("&s.v = %p, s.v = ’%c’\n", &s.v, s.v);33 printf ("&up->v = %p, up->v = ’%c’\n", &up->v,

up->v);34 printf ("f = %p\n", f);35 if (--(*xp) > 0)36 f(xp); /* Recursive call of fun */37 }

Page 31: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

31

Example P202 Figure 3.26

38

39 int test()

40 {41 int x = 2;42 fun(&x);43 return x;44 }

Page 32: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

32

Every pointer has a type P201

• If the object has type T– A pointer to this object has type T *

• Special void * type– Represents a generic pointer

• malloc returns a generic pointer

Pointer Type

Object Type

Pointers

int * int xp, ip[0], ip[1]

union uni * union uni up

Page 33: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

33

Every pointer has a value

xp ip[0] ip[1] up

&x &x &g Address in heap

Page 34: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

34

Pointers are created with the & operator

• Applied to lvalue expression– Lvalue expression can appear on the left side of

assignment– &g, &s.v, &u->v, &x

Page 35: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

35

Pointers are dereferenced with the operator *

• The result is a value having the type associated with the pointer

• *ip, **ip, *ip[1], *xp• up->v

Page 36: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

36

Arrays and pointers are closed related

• The name of array can be viewed as a pointer constant

• ip[0] is equivalent to *ip

Page 37: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

37

Pointers can point to functions

• void (*f)(int *)• f is a pointer to function• The function taken int * as argument• The return type of the function is void• Assignment makes f point to func

– f = func

void: 空的

Page 38: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

38

The precedence of the operators

• void *f(int *) declares f is a function– (void *) f(int *)

Page 39: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

39

Example P203

1 ip = 0xbfffefa8, *ip = 0xbfffefe4, **ip = 2 ip[0] = xp. *xp = x

= 2

2 ip+1 = 0xbfffefac, ip[1] = 0x804965c, *ip[1] = 15 ip[1] = &g. g = 15

3 &s.v = 0xbfffefb4, s.v = ’a’ s in stack frame

4 &up->v = 0x8049760, up->v = ’b’ up points to area in heap

5 f = 0x8048414 f points to code for fun

6 ip = 0xbfffef68, *ip = 0xbfffefe4, **ip = 1 ip in new frame, x =

1

7 ip+1 = 0xbfffef6c, ip[1] = 0x804965c, *ip[1] = 15 ip[1] same as before

8 &s.v = 0xbfffef74, s.v = ’a’ s in new frame

9 &up->v = 0x8049770, up->v = ’b’ up points to new area in heap

10 f = 0x8048414 f points to code for fun

Page 40: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

40

Pointer Declaration

• char **argv ;• int (*daytab)[13]• int (*comp)()• char (*(*x())[])()

– Function returning pointer to array[ ] of pointer to function returning char

• char(*(*x[3])())[5]– Array[3] of pointer to function returning

pointer to array[5] of char

Page 41: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

41

Pointer Arithmetic

• Addition and subtraction– p+i , p-i (result is a pointer)

– p-q (result is a int)

• Referencing & dereferencing– *p, &E

• Subscription– A[i], *(A+i)

Page 42: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

42

C operators

Operators Associativity() [] -> . ++ -- left to right! ~ ++ -- + - * & (type) sizeof right to left* / % left to right+ - left to right<< >> left to right< <= > >= left to right== != left to right& left to right^ left to right| left to right&& left to right|| left to right?: right to left= += -= *= /= %= &= ^= != <<= >>= right to left, left to right

Note: Unary +, -, and * have higher precedence than binary forms

Page 43: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

43

Parameter Passing

• Call by value

– f(xp)

• Call by reference

– f(&xp)

Page 44: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

44

3.13 Out-of-Bounds Memory References P206

1 /* Implementation of library function gets() */2 char *gets(char *s)3 {4 int c;5 char *dest = s;6 while ((c = getchar()) != ’\n’ && c != EOF)7 *dest++ = c;8 *dest++ = ’\0’; /* Terminate String

*/9 if (c == EOF)10 return NULL;11 return s;12 }

Page 45: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

45

Out-of-Bounds Memory References

1314 /* Read input line and write it back */15 void echo()16 {17 char buf[4]; /* Way too small ! */18 gets(buf);19 puts(buf);20 }

Page 46: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

46

Out-of-Bounds Memory References

Stack frame for caller

Return address

Saved %ebp

[3] [2] [1] [0]Stack frame

for echo

%ebp

buf

Page 47: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

47

Out-of-Bounds Memory References

Stack frame for caller

Return address

[7]

[6]

[5]

[4]

[3] [2] [1] [0]Stack frame

for echo

%ebp

buf

Page 48: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

48

Out-of-Bounds Memory References

Stack frame for caller

[11]

[10]

[9]

[8]

[7]

[6]

[5]

[4]

[3] [2] [1] [0]Stack frame

for echo

%ebp

buf

Page 49: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

49

Buffer Overflow P208 Figure 3.29

1 /* This is very low quality code.2 It is intended to illustrate bad programming practices3 See Practice Problem 3.24. */4 char *getline()5 {6 char buf[8];7 char *result;8 gets(buf);9 result = malloc(strlen(buf));10 strcpy(result, buf);11 return(result);12 }

Page 50: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

50

Buffer Overflow P208 Figure 3.29

1 08048524 <getline>:

2 8048524: 55 push %ebp

3 8048525: 89 e5 mov %esp,%ebp

4 8048527: 83 ec 10 sub $0x10,%esp

5 804852a: 56 push %esi

6 804852b: 53 push %ebx

Diagram stack at this point

7 804852c: 83 c4 f4 add $0xfffffff4,%esp

8 804852f: 8d 5d f8 lea 0xfffffff8(%ebp),%ebx

9 8048532: 53 push %ebx

10 8048533: e8 74 fe ff ff call 80483ac <_init+0x50> gets

Page 51: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

51

Buffer Overflow P208 Practice Problem 3.24

Stack frame for caller

08 04 86 43Return Address

Page 52: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

52

Buffer Overflow

Stack frame for caller

08 04 86 43bf ff fc 94[7] [6] [5] [4][3] [2] [1] [0]

00 00 00 01

00 00 00 02

%ebp

buf

Saved %esi

Saved %ebx

Page 53: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

53

Buffer Overflow

Stack frame for caller

08 04 86 0031 30 39 3837 36 35 3433 32 31 30

00 00 00 01

00 00 00 02

%ebp

buf

Saved %esi

Saved %ebx

012345678901

Page 54: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

54

Malicious Use of Buffer Overflow

void bar() { char buf[64]; gets(buf); ... }

void foo(){ bar(); ...}

returnaddress

A

Stack after call to gets()

B

foo stack frame

bar stack frame

B

exploitcode

pad

data written

bygets()

Malicious:怀恶意的

Page 55: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

55

Malicious Use of Buffer Overflow

• Input string contains byte representation

of executable code

• Overwrite return address with address of

buffer

• When bar() executes ret, will jump to

exploit code

Page 56: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

56

Floating Point

Page 57: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

57

Outline

• Stack evaluation• Data movement• Set special data• Arithmetic operation• Comparison • Suggested reading: 3.14

Page 58: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

58

IA32 Floating Point

• History

– 8086: first computer to implement IEEE FP

• separate 8087 FPU (floating point unit)

– 486: merged FPU and Integer Unit onto one

chip

Page 59: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

59

IA32 Floating Point

• Floating Point Formats

– single precision (C float): 32 bits

– double precision (C double): 64 bits

– extended precision (C long double): 80 bits

Page 60: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

60

IA32 Floating Point

• Summary

– Hardware to add, multiply, and divide

– Floating point data registers

– Various control & status registers

Page 61: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

61

IA32 Floating Point

Instructiondecoder andsequencer

FPUInteger

Unit

Memory

Page 62: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

62

FPU Data Register Stack

• FPU register format (extended precision)

s exp frac

063647879

Page 63: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

63

FPU Data Register Stack

• FPU registers– 8 registers– Logically forms shallow stack– Top called %st(0)– When push too many, bottom values disappear

“ Top”

stack grows down

%st(0)

%st(1)

%st(2)

%st(3)

Page 64: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

64

FPU instructions

• Large number of floating point instructions and formats– ~50 basic instruction types– load, store, add, multiply– sin, cos, tan, arctan, and log!

• Sample instructions:

Page 65: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

65

FPU instructions P213 Figure 3.30, P216 Figure 3.31

Instruction Effect Description

fldz push 0.0 Load zero

flds Addr push M[Addr] Load single precision real

fmuls Addr %st(0) <- %st(0)*M[Addr] Multiply

faddp %st(1) <- %st(0)+%st(1); Add and pop

pop

Page 66: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

66

IA32 Floating Point

float ipf (float x[], float y[], int n){ int i; float result = 0.0; for (i = 0; i < n; i++) { result += x[i] * y[i]; } return result;}

Page 67: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

67

pushl %ebp # setup movl %esp,%ebp pushl %ebx movl 8(%ebp),%ebx # %ebx=&x movl 12(%ebp),%ecx # %ecx=&y movl 16(%ebp),%edx # %edx=n fldz # push +0.0 xorl %eax,%eax # i=0 cmpl %edx,%eax # if i>=n done jge .L3 .L5: flds (%ebx,%eax,4) # push x[i] fmuls (%ecx,%eax,4) # st(0)*=y[i] faddp # st(1)+=st(0); pop incl %eax # i++ cmpl %edx,%eax # if i<n repeat jl .L5 .L3: movl -4(%ebp),%ebx # finish movl %ebp, %esp popl %ebp ret # st(0) = result

Page 68: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

68

Inner Product Stack Trace

1. fldz 0.0 %st(0)

2. flds (%ebx,%eax,4) 0.0 %st(1)

x[0] %st(0)

3. fmuls (%ecx,%eax,4) 0.0 %st(1)

x[0]*y[0] %st(0)

4. faddp 0.0+x[0]*y[0] %st(0)

5. flds (%ebx,%eax,4) x[0]*y[0] %st(1)

x[1] %st(0)

6. fmuls (%ecx,%eax,4) x[0]*y[0] %st(1)x[1]*y[1] %st(0)

7. faddp %st(0)

x[0]*y[0]+x[1]*y[1]

Initialization

Iteration 0 Iteration 1

Page 69: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

69

Load Instructions P216 Figure 3.31

Instruction Source format Source location

flds Addr Single Mem4[Addr]

fldl Addr Double Mem8[Addr]

fldt Addr Extended Mem10[Addr]

fildl Addr Integer Mem4[Addr]

fld %st(i) extended %st(i)

Page 70: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

70

Store Instructions P216 Figure 3.32

Instruction Pop(Y/N)

destination format

destination location

fsts Addr N Single Mem4[Addr]

fstps Addr Y Single Mem4[Addr]

fstl Addr N Double Mem8[Addr]

fstpl Addr Y Double Mem8[Addr]

fstt Addr N Extended Mem10[Addr]

fstpt Addr Y Extended Mem10[Addr]

fistl Addr N Integer Mem4[Addr]

fistpl Addr Y Integer Mem4[Addr]

fst %st(i) N extended %st(i)

fstp %st(i) Y extended %st(i)

Page 71: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

71

Arithmetic Instructions P218 Figure 3.33

Page 72: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

72

Arithmetic Instructions P218 Figure 3.34

Page 73: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

73

Comparison Instructions P222 Figure 3.35

Page 74: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

74

Comparison Instructions P222 Figure 3.36

fnstsw %axandb $69, %ah

69=0X45

Page 75: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

75

Arithmetic Instructions P223

1 int less (double x, double y)

2 {

3 return x < y;

4 }

Page 76: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

76

Arithmetic Instructions P223

1 fldl 16(%ebp) Push y

2 fcompl 8(%ebp) Compare y:x

3 fnstsw %ax Store floating point status word in %ax

4 andb $69, %ah Mask all but bits 0, 2, and 6

5 sete %al Test for comparison outcome of 0

(>)

6 movzbl %al, %eax Copy low order byte to result,

and set rest to 0

Page 77: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

77

Page 78: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

78

Page 79: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

79

Page 80: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

80

Page 81: Heterogeneous Data Structures & Alignment * heterogeneous:  不同种类的

81