Assembly Technology Insider (4)

 The program is as follows:
   # vi test3.c
   int main()
   {
       int i, j=2, k=4;
       i=3;
       i=++i;
       k=i+j+k;
       return k;
   }

   After compiling the program, using mdb disassembly to get the following results:
   # gcc test3.c -o test3    
   # mdb test3
   Loading modules: [ libc.so.1 ]
   > main::dis
   main:               pushl   %ebp
   main+1:             movl    %esp,%ebp    ; main to main+1, create Stack Frame
   main+3:            subl   $0x18,%esp     ; Allocate stack space for local variables i, j, k, and ensure that the stack is 16-byte aligned
   main+6:             andl    $0xf0,%esp
   main+9:             movl    $0,%eax
   main+0xe:           subl    %eax,%esp         ; main+6 to main+0xe, ensure that the stack is 16-byte aligned again
   main+0x10:          movl    $2,-8(%ebp)       ; j=2
   main+0x17:          movl    $4,-0xc(%ebp)     ; k=4
   main+0x1e:          movl    $3,-4(%ebp)       ; i=3
   main+0x25:          leal    -4(%ebp),%eax     ; load the address of i into EAX
   main+0x28:          incl    (%eax)            ; i++
   main+0x2a:          movl    -8(%ebp),%eax     ; load the value of j into EAX
   main+0x2d:          movl    -4(%ebp),%edx     ; load the value of i into EDX
   main+0x30:          addl    %eax,%edx         ; j+i, the result is stored in EDX
   main+0x32:          leal    -0xc(%ebp),%eax   ; load the address of k into EAX
   main+0x35:          addl    %edx,(%eax)       ; i+j+k, the result is stored in address ebp-0xc, which is k
   main+0x37:          movl    -0xc(%ebp),%eax   ; load the value of k into EAX as the return value
   main+0x3a:          leave                     ; cancel the Stack Frame
   main+0x3b:          ret                       ; main function returns
   >

   Question: Why are 0x18 bytes of stack space allocated for 3 variables?
   When there are 2 variables, the instruction to allocate stack space is: subl $8,%esp.
   When there are 3 local variables, the instruction to allocate stack space is: subl $0x18,%esp.
   3 integer variables only need 0xc bytes, why are 0x18 bytes actually allocated?
   The answer is: to keep the stack aligned at 16 bytes.
   The default compilation of gcc requires 16-byte stack alignment. Subl $8,%esp will make the stack aligned at 16 bytes, and 8 bytes of space can only meet 2 local variables. If 4 bytes are allocated to meet the third local variable, the stack address will no longer be aligned at 16 bytes. The closest address that can meet the space requirements and keep the stack aligned at 16 bytes is 0x18.
   If a 50-byte and 100-byte character array are defined respectively, how much stack space is actually allocated in this case? The answer is 0x8+0x40+0x70, which is 184 bytes.
   Let's verify it:
   # vi test4.c
   int main()
   {
       char str1[50];
       char str2[100];
       return 0;
   }
   # mdb test4
   Loading modules: [ libc.so.1 ]
   > main::dis
   main:               pushl   %ebp
   main+1:             movl    %esp,%ebp
   main+3:            subl   $0xb8,%esp   ; Allocate stack space for two character arrays and ensure 16-byte alignment
   main+9:             andl    $0xf0,%esp
   main+0xc:           movl    $0,%eax
   main+0x11:          subl    %eax,%esp
   main+0x13:          movl    $0,%eax
   main+0x18:          leave
   main+0x19:          ret
   > 0xb8=D                              ; Hexadecimal to decimal conversion
                   184             
   > 0x40+0x70+0x8=X                     ; Expression calculation, the result is specified as hexadecimal
                   b8              
   >

   Question: When multiple local variables are defined, what is the order of stack allocation?
   The order of local variable stack allocation is based on the order of variable declaration. Variables declared on the same line are pushed onto the stack from left to right. In test2.c, the variable declarations are as follows:
       int i, j=2, k=4;
   and in the disassembled result:
       movl    $2,-8(%ebp)          ; j=2
       movl    $4,-0xc(%ebp)        ; k=4
       movl    $3,-4(%ebp)          ; i=3
   It is not difficult to see that the positions of i, j, k in the stack are as follows:
 +----------------------------+------> High address
 | EIP (return address of _start function)   |
 +----------------------------+
 | EBP (EBP of _start function)       | <------ EBP pointer of main function (i.e. SFP frame pointer)
 +----------------------------+
 | i (EBP-4)                  |
 +----------------------------+
 | j (EBP-8)                  |
 +----------------------------+
 | k (EBP-0xc)                |
 +----------------------------+------> Low address