Computer Science 3481 Computer Systems I

Extra Credit 1

To receive extra credit for this exercise, you will need to get all of the problems correct. But you have as
many chances as you need to do that (and can use any resources). When you complete the problems, show
them to your instructor who will let you know which ones are wrong so you can correct them.
1. Consider the following instruction:

cmpq %rsi, %rdi

For each of the following values of %rdi and %rsi, in the jge taken? column indicate whether a jge
branch would be taken if it immediately follows the cmpq.
and in the ja taken? column indicate whether a ja branch would be taken if it immediately follows
the cmpq.

%rdi %rsi jge taken? ja taken?

-1 2

2 -5

0x8000000000000000 0x8000000000000000

0x7fffffffffffffff 0x8000000000000000

2. A C function containing a switch statement and the disassembled machine code equivalent to the C
function can be seen below.
lea -0x3(%rdi),%rdx int64_t switcher(int64_t a, int64_t b)
cmp $0x7,%rdx {
ja 0x400579 <switcher+44> switch (a)
jmpq *0x400618(,%rdx,8) {
..remainder omitted.. case ..remainder omitted...
The compiler generated a jump table because of the switch. The contents of the jump table (as viewed
in gdb) can be seen below.

0x0000000000400564
0x0000000000400564
0x0000000000400579
0x0000000000400569
0x0000000000400579
0x000000000040055e
0x0000000000400579
0x0000000000400571
(a) What is the address of the first entry in the jump table? (Don’t give the value of the entry; give
the address of the entry.)
 (b) What is the address of the first statement in the code for the default case?

(c) What are the values of the cases?

(d) What is the address of the first statement in the code for case 6?

3. Consider the following C code:

void doWork()
{
int64_t n;
char buf[8]; void getValues(int64_t * n, char * buf)
getValues(&n, buf); {
printf("n = %lx, buf = %s\n", (*n) = 0x1122334455667788;
n, buf); gets(buf);
} }
Note that getValues calls the insecure gets function which reads from stdin and writes to buf.
The disassembly of these two functions can be seen below.

000000000040057d <doWork>:
40057d: 48 83 ec 18 sub $0x18,%rsp
400581: 48 89 e6 mov %rsp,%rsi
400584: 48 8d 7c 24 08 lea 0x8(%rsp),%rdi
400589: e8 2f 00 00 00 callq 4005bd <getValues>
40058e: 48 89 e2 mov %rsp,%rdx
400591: 48 8b 74 24 08 mov 0x8(%rsp),%rsi
400596: bf 70 06 40 00 mov $0x400670,%edi
40059b: b8 00 00 00 00 mov $0x0,%eax
4005a0: e8 ab fe ff ff callq 400450 <printf@plt>
4005a5: 48 83 c4 18 add $0x18,%rsp
4005a9: c3 retq

00000000004005bd <getValues>:
4005bd: 48 83 ec 08 sub $0x8,%rsp
4005c1: 48 b8 88 77 66 55 44 movabs $0x1122334455667788,%rax #move 64-bit immediate value
4005c8: 33 22 11
4005cb: 48 89 07 mov %rax,(%rdi)
4005ce: 48 89 f7 mov %rsi,%rdi
4005d1: e8 aa fe ff ff callq 400480 <gets@plt>
4005d6: 48 83 c4 08 add $0x8,%rsp
4005da: c3 retq

2
(a) Suppose that I use the debugger to view what is in memory at location 0x400670 by typing this
command:
x/s 0x400670
What is displayed?

(b) Why does the function doWork begin with a sub statement that modifies the stack pointer?

(c) Suppose that right before the sub in doWork is executed, the value of the stack pointer is:
%rsp: 0x7fffffffde98
Fill in as much of the table that you can below, indicating what would be in the memory immedi-
ately after getValues has been executed and control has returned to doWork. Each entry should
contain 16 hex digits. Put the lowest addressed byte on the right side. Recall the machine is
little-endian. In the item column, indicate whether that row contains either return to doWork, n,
or the buf array.
Assume that the user enters the following as input, when the gets is executed:
abcdefghijk
Recall that the encoding for the character ’a’ is 0x61.
Don’t forget the NULL character.
address item after call to getValues

0x7fffffffde88

0x7fffffffde80

0x7fffffffde78
(d) What is printed when the printf is executed?