Exam 2

Prof. Tak Auyeung

Instructions: You may bring any material that is handwritten or printed prior to the examination to help you. You can also bring a calculator if you think it may help you. However, you can only use the calculator for numerical computations only.

You, as an individual, are expected to do your own work. This means you cannot seek, receive or otherwise acquire any assistance except clarifications from the professor during an examination. Any communication involving the contents of the subject matter or the examination is considered cheating. Do not initiate or accept such communication, or the result of your examination is automatically voided.

Each correct answer is worth one point, each wrong answer is worth zero point, and each unanswered question is also worth zero point. This means you should guess and leave no question unanswered.

Make sure you write down you name on the upper right corner first, otherwise I cannot give points to anonymous students!

1. The following is code to call a subroutine:

   .data
   a: .long 0x3, 0x6, 0x31, 0x0, 0x5, 0x7, 0x3, 0x6
     n = (. - a) / 4
   .text
   .global _start
   _start:
     movl  %esp,%ebx
     movl  $a, %eax
   L1:
     pushl (%eax)
     cmpl  $0,(%eax)
     jz    L2
     addl  $4,%eax
     jmp   L1
   L2:
     call  sub1
     movl  %ebx,%esp
   

   When subroutine sub1 gets control, how many bytes are pushed on the stack by the caller, not counting the return address?
   1. 3
   2. 8
   3. 12
   4. 16
   5. 32
2. Refer to question 1. The following is the code of the subroutine sub1. Assuming sub1 is called from the code in 1, what is the value of eax right before the ret instruction?

   sub1:
     pushl  %ebp
     movl   %esp,%ebp
     pushl  %ebx
   
     movl   %ebp,%ebx
     addl   $8,%ebx
     movl   $0,%eax
   
   L3:
     cmpl   $0,(%ebx)
     jz     L4
     addl   (%ebx),%eax
     addl   $4,%ebx
     jmp    L3
   
   L4:
     popl   %ebx
     popl   %ebp
     ret
   

   1. 0
   2. 3
   3. 8
   4. 0x3+0x6+0x31
   5. 0x3+0x6+0x31+0x0+0x5=0x7+0x3+0x6
3. Read the following program, and choose one of the descriptions.

   .text
   .global _start
   _start:
     pushl $L1
     jmp   sub1
   
   L1:
     nop
   
     movl $1,%eax
     movl $0,%ebx
     int  $0x80
   
   sub1:
     ret
   

   1. assemble time error: pushl $L1 is not a valid instruction
   2. run time error at the ret instruction
   3. no error, but the stack is not balanced at the nop instruction
   4. there is no problem
   5. run time error: the program crashes after int $0x80
4. Which of the following instructions does not access (read or write) memory? Assume all labels are properly defined.
   1. movl %esp, %ebp
   2. pushl $0
   3. popl %eax
   4. call sub1
   5. ret
5. Select one of the options to describe the behavior of this program.

   .data 
   str: .asciz "abcde"
   .text
   .global _start
   _start:
     movl $str,%eax
     movl %esp,%ebp
   sub1:
     cmpb $0,(%eax)
     jz   L1
     pushl %eax
     addl  $1,%eax
     call  sub1
     popl %ecx
     movl $4,%eax
     movl $1,%ebx
     movl $1,%edx
     int  $0x80
   L1:
     cmpl %esp,%ebp
     jz   L3
     ret
   
   L3:
     movl $1,%eax
     movl $0,%ebx
     int  $0x80
   

   1. prints abcde, completes without any crash
   2. prints edcba
   3. prints a
   4. prints e
   5. prints abcde, then crashes
6. What are the value of registers eax and ebx immediately after the following instructions? Assume the stack is set up correctly before these four instructions, and it has at least eight bytes remaining.

   movl  $12,%eax
   movl  $678,%ebx
   pushl %eax
   pushl %ebx
   popl  %eax
   popl  %ebx
       

   1. unknown, it depends on what was the on the stack before these instructions
   2. this code crashes
   3. eax has 12, and ebx has 678
   4. eax has 12, and ebx has 12
   5. eax has 678 and ebx has 12
7. We are given the following code (incomplete):

   .data
   str: .asciz "This is a string."
   .text
   .global _start
   _start:
     pushl  $str
     call   sub1
     addl   $4,%esp
     

   In the subroutine sub1, how do we load the first character of the string at str into register bl? Assume all registers are at your disposal, and the beginning of sub1 is as follows:

   sub1:
     pushl %ebp
     movl  %esp,%bp
     

   1.   movb  4(%ebp),%bl
              

   2.   movb  8(%ebp),%bl
              

   3.   movl  8(%ebp),%eax
        movb  (%eax),%bl
              

   4.   movl  4(%ebp),%eax
        movb  (%eax),%bl
              

   5.   movl  %ebp,%eax
        movb  4(%eax),%bl
              

8. When a multi-byte operand is pushed, it follows the little-endian convention (least significant byte at the lowest address) convention. The ``pop'' operation also follows this convention, the byte at the lowest address becomes the least significant byte. What is the 16-bit value of the 16-bit register ax after the following instructions?

   pushl $0x12345678
   popw %ax
   

   1. 0x1234
   2. 0x12
   3. 0x5678
   4. 0x78
   5. 0x34