The midterm exam for CS 485G will be held in class on Friday, 4 March, 2016. The exam will be closed-note, closed-book.
There will be a mix of multiple-choice, fill-in-the-blank, short-answer (one or two sentences), long-answer (a paragraph or two), and code-writing questions (C or C++ and assembly).
&
, |
, ^
,
<<
, >>
.
char
,
short
,
int
,
long
,
size_t
,
pointer
; instruction suffixes b
,
w
, l
, q
.
%rax
,
%rbx
,
%rcx
,
%rdx
,
%rdi
,
%rsi
,
%rbp
,
%rsp
,
%r8
–%r15
,
%rip
. 32-bit versions: %eax
etc.
mov
instructions: movq
,
movl
, movb
; valid source
and destination operands.
disp(base,index,scale)
.
add
, sub
, imul
,
xor
, or
, and
,
sal
/shl
, sar
, shr
.
leaq
instruction.test
and cmp
instructions.je
/jz
,
jne
/jnz
, etc.
Particularly, the difference between ja
/jb
and jg
/jl
.
if
and if
/else
into assembly (and vice versa).
do
–while
,
while
, and for
loops into
goto
s.
call
and ret
instructions.
%rdi
, %rsi
, %rdx
,
%rcx
, %r8
, %r9
;
return value in %rax
%rsp
.
push
and pop
disp(,index,scale)
and (base,index,scale)
.
struct
s: differences between C structs and
C++ classes/structs.
gcc
: assembly (-S), compilation + assembly (-c).gcc
: optimization flagsgcc
: including information for
debugging (-g
)
and profiling (-pg
).
gdb
commands: break, run, backtrace (bt), disas(semble), p(rint), examine (x), disp(lay)gdb
commands: next, step, n(ext)i, s(tep)i, continue, finishobjdump -d
),
profiling (gprof
), checking for memory errors
(valgrind
).The following questions and problems are representative of those that might appear on the exam. The actual exam will be nowhere near this long, of course.
We will not be posting solutions to these problems. If you would like to verify your answers, send them to Dr. Moore by email.
All questions assume we are talking Linux running on the x86-64 architecture.
0x42 | 0x2a
0x42 & 0x2a
0x42 ^ 0x2a
7 << 3
-5 >> 1
int
s?
%rip
register?
movq (%rsp), %rdi
movq %rbx, %rbp
movq (%rdi), (%rsi,%rdx,4)
movl $1, %edx
movq %r10, 44(,%r10,2)
movq %r16, %rax
movq %rbp, (%rdx,%rcx,6)
%rdi = 5000
and %rsi = 100
, what is
the (decimal) address computed by each of the following operands?
(%rdi)
(%rdi,%rsi,4)
(%rsi,%rdi,4)
(%rdi,%rsi)
12(%rdi)
12(,%rsi,2)
12(%rdi,%rsi,8)
sar
and shr
instructions? Give an example where they compute different answers,
and show the result of each (decimal, binary, or hexadecimal is fine).
%rdi
- %rax
. Where does the instruction
store its result?
a*2 + b
,
if a
is in register %rax
and b
in %rbx
.
leaq
instruction that computes
a*5
, if a
is in register %rax
.
%rax
after the following code executes?
movl $1, %eax movl $3, %ebx leaq (%rax, %rbx, 2), %rcx shl %rax, 4 subq %rcx, %rax
%rax
contains the value 10 and
%rbx
contains the value -10.
add %rax, %rax
add %rbx, %rbx
add %rax, %rbx
sub %rax, %rax
subq
and cmpq
?
testq
and cmpq
?
%rax
contains the value 10 and %rdx
contains the value -2. After executing the instruction
cmp %rax, %rdx
, which of the following instructions
will jump?
je
, jne
, js
, jg
,
jl
, ja
, jb
.
a
and b
are of type long
and are stored in %rax
and %rbx
,
respectively.
if (a > b) a = b;
a
and b
are of type size_t
and are stored in %rax
and %rbx
,
respectively.
if (a < b) b -= a; else a -= b;
%rax
and %rbx
after the following code executes?
movl $10, %eax movl $5, %ebx cmpq %rax, %rbx jge L2 subq $1, %rax L2: subq $1, %rbx
goto
rather than the high-level loop constructs. Write your answers in C,
not assembly.
do { sum += x; x *= 2; } while (x < 64);
while (x) { sum += x->data; x = x->next; }
for (i = 0; i < size; i++) { a[i] = 0; }
a
and b
are of type long
and are stored in %rax
and %rbx
,
respectively.
do { a += b; b += 4; } while (b < 10);
while (a) { b++; a /= 2; }
rax
, rbx
, etc. in your
code to represent the registers.
L1: addq %rbx, %rcx addq $1, %rbx cmp %rax, %rbx jl L1
jmp L2 L1: addq %rbx, %rcx addq $1, %rbx L2: cmp %rax, %rbx jl L1
cmp %rax, %rbx jg L2 L1: addq %rbx, %rcx addq $1, %rbx cmp %rax, %rbx jl L1 L2:
callq
instruction does two separate things.
What are they?
%rsp
?
long myfunc(long x, long y, long z)
,
and that we have three long
variables
a
,
b
, and
c
, stored in %rax
, %rbx
,
and %rcx
, respectively. Write assembly code to call
myfunc(a, b, c)
%rbp
, what should
be the first instruction executed by that function? What should be
the last instruction before ret
?
%rax
or %rbx
? Why?
%rax
caller-saved rather than callee-saved?
%rsp
has the value 5000 and %rbp
has
the value 100. When the instruction pushq %rbp
is
executed:
%rsp
?100
stored?d
in register %rdx
.
We want to call func1(d)
then func2(d)
.
Why does the following code not work?
movq %rdx, %rdi callq func1 movq %rdx, %rdi callq func2Write a corrected version of the code.
long calc(long x, long y) { long result = (x + y) / 2; return result; }
int a[6] = { 0, 10, 20, 30, 40, 50 }
is stored at address 4000. What is the type and value of each of the
following C expressions?
a[1]
&a[1]
a + 3
a[0] + 3
a[6]
&a[6]
long a[10];
is stored at address 4000, and that the variable i
is
stored in register %rsi
. Write an assembler instruction
to load the value of a[i]
into the register
%rdx
.
%rdi
holds a pointer p
to an array
of long
s, and that %rsi
stores the
variable i
.
Write an assembler instruction to load the value of p[i]
into the register %rdx
.
int a[3][5]
stored at
address 1000. What is the address of:
a[0]
a[0][0]
a[1]
a[1][0]
a[1][1]
a[2][4]
int a[10][8]
stored at
address 1000, and two variables i
and j
stored in %rax
and %rdx
, respectively.
Write an assembly instruction to add 1 to the value of
a[i][j]
.
int *a[3]
stored at
address 1000, and two variables i
and j
stored in %rax
and %rdx
, respectively.
Write a sequence of assembly instructions to add 1 to the value of
a[i][j]
.
struct data { char array[5]; int number; size_t size; };
sizeof(struct data)
?struct data d
is stored at address 4000,
what is the address of d.number
? Of d.size
?
%rbx
stores a pointer struct data *p
,
write an assembly instruction to load p->size
into
register %rdx
.
struct too_big { char x; long y; char z; };
sizeof(struct too_big)
?just_right
that
contains the same data members as too_big
, but that
requires less space. What is sizeof(struct just_right)
?
main
.malloc
.int a[4];
inside
a function.gets()
function be used safely with no
risk of buffer overflows?
badfunc: subq $8, %rsp movq %rsp, %rdi callq gets addq $8, %rsp ret
evil
is at address
0x00414243
, what input could the user provide
to this gets
call to cause evil
to be executed?gcc -fstack-protector
use to
mitigate against buffer overflow attacks?
gcc
command-line options for each of the following:
.o
file rather than an executable..s
(assembly code) file rather than an
executable.gdb
command to do each of the following:
main
.prog.c
.0x4005fc
.%rax
.%rax
in hexadecimal.%rdi
.print
and
display
commands in gdb
?
nexti
and
stepi
commands in gdb
?
gprof
used for? How does one compile a
program so that it can be used with gprof
?
valgrind
can help detect.
gdb
, how can you list the assembly
code for an executable program?