RISCV函数调用汇编分析
如果你没有交叉编译环境,https://godbolt.org 去看汇编可以解燃眉之急
一、编写的C语言代码
#include<stdio.h>
int square(int a)
{
return a*a;
}
void squareArray(int a[])
{
int i;
for(i=0;i<=9;i++)
{
a[i]=square(a[i]);
}
}
int main()
{
int numFirst,numSecond;
numFirst=1;
scanf("%d",&numSecond);
int num_array[10],i;
num_array[0]=-(1<<11);
num_array[1]=1<<11;
printf("%d\n",&num_array[0]);
printf("%d\n",&num_array[1]);
for(i=2;i<10;i++)
{
if(i%3!=0)
{
num_array[i]=i*10;
}
}
squareArray(num_array);
int numThird = numFirst + numSecond;
printf("%d\n",numThird);
for(i=0;i<10;i++)
{
printf("%d\n",num_array[i]);
}
return 0;
}
二、汇编代码
通过O0得到,不然函数有可能被inline掉
每条汇编含义可以查看RISCV Specification 20191213,Chapter 25 RISC-V Assembly Programmer’s Handbook,page 139(pdf中page 157)介绍了各种指令的功能
比如lw就为 Load global,表示为global位置的load,w表示word,RISCV中 1word=4Bytes=32bits,lw a5,-20(s0)表示将内存中-20(s0) 的值取到a5寄存器中,a5、s0均是其ABI Name,方便用户理解,对应关系也在Handbook中
分析其函数调用,可以得到如下关系,深入《深入理解计算机系统》(CSAPP) 3.7.1 栈帧结构 介绍了这中关系,我们也可以在LLVM RISCV后端源码中emitPrologue和emitEpilogue看到其对栈的调整由来,保留寄存器放在了地址最大的位置,然后是局部变量or参数构造区,对栈的调整是grow down的一个过程,和堆正好相反
.file "ab.c"
.option nopic
.attribute arch, "rv64i2p0_m2p0_a2p0_f2p0_d2p0"
.attribute unaligned_access, 0
.attribute stack_align, 16
.text
.align 2
.globl square
.type square, @function
square:
addi sp,sp,-32
sd s0,24(sp)
addi s0,sp,32
mv a5,a0
sw a5,-20(s0)
lw a5,-20(s0)
mulw a5,a5,a5
sext.w a5,a5
mv a0,a5
ld s0,24(sp)
addi sp,sp,32
jr ra
.size square, .-square
.align 2
.globl squareArray
.type squareArray, @function
squareArray:
addi sp,sp,-64
sd ra,56(sp)
sd s0,48(sp)
sd s1,40(sp)
addi s0,sp,64
sd a0,-56(s0)
sw zero,-36(s0)
j .L4
.L5:
lw a5,-36(s0)
slli a5,a5,2
ld a4,-56(s0)
add a5,a4,a5
lw a3,0(a5)
lw a5,-36(s0)
slli a5,a5,2
ld a4,-56(s0)
add s1,a4,a5
mv a0,a3
call square
mv a5,a0
sw a5,0(s1)
lw a5,-36(s0)
addiw a5,a5,1
sw a5,-36(s0)
.L4:
lw a5,-36(s0)
sext.w a4,a5
li a5,9
ble a4,a5,.L5
nop
nop
ld ra,56(sp)
ld s0,48(sp)
ld s1,40(sp)
addi sp,sp,64
jr ra
.size squareArray, .-squareArray
.section .rodata
.align 3
.LC0:
.string "%d"
.align 3
.LC1:
.string "%d\n"
.text
.align 2
.globl main
.type main, @function
main:
addi sp,sp,-80
sd ra,72(sp)
sd s0,64(sp)
addi s0,sp,80
li a5,1
sw a5,-24(s0)
addi a5,s0,-32
mv a1,a5
lui a5,%hi(.LC0)
addi a0,a5,%lo(.LC0)
call scanf
li a5,-2048
sw a5,-72(s0)
li a5,4096
addi a5,a5,-2048
sw a5,-68(s0)
li a5,2
sw a5,-20(s0)
j .L7
.L9:
lw a4,-20(s0)
li a5,3
remw a5,a4,a5
sext.w a5,a5
beq a5,zero,.L8
lw a4,-20(s0)
mv a5,a4
slliw a5,a5,2
addw a5,a5,a4
slliw a5,a5,1
sext.w a4,a5
lw a5,-20(s0)
slli a5,a5,2
addi a3,s0,-16
add a5,a3,a5
sw a4,-56(a5)
.L8:
lw a5,-20(s0)
addiw a5,a5,1
sw a5,-20(s0)
.L7:
lw a5,-20(s0)
sext.w a4,a5
li a5,9
ble a4,a5,.L9
addi a5,s0,-72
mv a0,a5
call squareArray
lw a5,-32(s0)
lw a4,-24(s0)
addw a5,a4,a5
sw a5,-28(s0)
lw a5,-28(s0)
mv a1,a5
lui a5,%hi(.LC1)
addi a0,a5,%lo(.LC1)
call printf
sw zero,-20(s0)
j .L10
.L11:
lw a5,-20(s0)
slli a5,a5,2
addi a4,s0,-16
add a5,a4,a5
lw a5,-56(a5)
mv a1,a5
lui a5,%hi(.LC1)
addi a0,a5,%lo(.LC1)
call printf
lw a5,-20(s0)
addiw a5,a5,1
sw a5,-20(s0)
.L10:
lw a5,-20(s0)
sext.w a4,a5
li a5,9
ble a4,a5,.L11
li a5,0
mv a0,a5
ld ra,72(sp)
ld s0,64(sp)
addi sp,sp,80
jr ra
.size main, .-main
.ident "GCC: (g) 10.2.0"
三、objdump的代码
ab.o: file format elf64-littleriscv
Disassembly of section .text:
0000000000000000 <square>:
0: fe010113 addi sp,sp,-32
4: 00813c23 sd s0,24(sp)
8: 02010413 addi s0,sp,32
c: 00050793 mv a5,a0
10: fef42623 sw a5,-20(s0)
14: fec42783 lw a5,-20(s0)
18: 02f787bb mulw a5,a5,a5
1c: 0007879b sext.w a5,a5
20: 00078513 mv a0,a5
24: 01813403 ld s0,24(sp)
28: 02010113 addi sp,sp,32
2c: 00008067 ret
0000000000000030 <squareArray>:
30: fc010113 addi sp,sp,-64
34: 02113c23 sd ra,56(sp)
38: 02813823 sd s0,48(sp)
3c: 02913423 sd s1,40(sp)
40: 04010413 addi s0,sp,64
44: fca43423 sd a0,-56(s0)
48: fc042e23 sw zero,-36(s0)
4c: 0480006f j 94 <.L4>
0000000000000050 <.L5>:
50: fdc42783 lw a5,-36(s0)
54: 00279793 slli a5,a5,0x2
58: fc843703 ld a4,-56(s0)
5c: 00f707b3 add a5,a4,a5
60: 0007a683 lw a3,0(a5)
64: fdc42783 lw a5,-36(s0)
68: 00279793 slli a5,a5,0x2
6c: fc843703 ld a4,-56(s0)
70: 00f704b3 add s1,a4,a5
74: 00068513 mv a0,a3
78: 00000097 auipc ra,0x0
7c: 000080e7 jalr ra # 78 <.L5+0x28>
80: 00050793 mv a5,a0
84: 00f4a023 sw a5,0(s1)
88: fdc42783 lw a5,-36(s0)
8c: 0017879b addiw a5,a5,1
90: fcf42e23 sw a5,-36(s0)
0000000000000094 <.L4>:
94: fdc42783 lw a5,-36(s0)
98: 0007871b sext.w a4,a5
9c: 00900793 li a5,9
a0: fae7d8e3 bge a5,a4,50 <.L5>
a4: 00000013 nop
a8: 00000013 nop
ac: 03813083 ld ra,56(sp)
b0: 03013403 ld s0,48(sp)
b4: 02813483 ld s1,40(sp)
b8: 04010113 addi sp,sp,64
bc: 00008067 ret
00000000000000c0 <main>:
c0: fb010113 addi sp,sp,-80
c4: 04113423 sd ra,72(sp)
c8: 04813023 sd s0,64(sp)
cc: 05010413 addi s0,sp,80
d0: 00100793 li a5,1
d4: fef42423 sw a5,-24(s0)
d8: fe040793 addi a5,s0,-32
dc: 00078593 mv a1,a5
e0: 000007b7 lui a5,0x0
e4: 00078513 mv a0,a5
e8: 00000097 auipc ra,0x0
ec: 000080e7 jalr ra # e8 <main+0x28>
f0: 80000793 li a5,-2048
f4: faf42c23 sw a5,-72(s0)
f8: 000017b7 lui a5,0x1
fc: 80078793 addi a5,a5,-2048 # 800 <.L10+0x5ec>
100: faf42e23 sw a5,-68(s0)
104: fb840793 addi a5,s0,-72
108: 00078593 mv a1,a5
10c: 000007b7 lui a5,0x0
110: 00078513 mv a0,a5
114: 00000097 auipc ra,0x0
118: 000080e7 jalr ra # 114 <main+0x54>
11c: fb840793 addi a5,s0,-72
120: 00478793 addi a5,a5,4 # 4 <square+0x4>
124: 00078593 mv a1,a5
128: 000007b7 lui a5,0x0
12c: 00078513 mv a0,a5
130: 00000097 auipc ra,0x0
134: 000080e7 jalr ra # 130 <main+0x70>
138: 00200793 li a5,2
13c: fef42623 sw a5,-20(s0)
140: 0500006f j 190 <.L7>
0000000000000144 <.L9>:
144: fec42703 lw a4,-20(s0)
148: 00300793 li a5,3
14c: 02f767bb remw a5,a4,a5
150: 0007879b sext.w a5,a5
154: 02078863 beqz a5,184 <.L8>
158: fec42703 lw a4,-20(s0)
15c: 00070793 mv a5,a4
160: 0027979b slliw a5,a5,0x2
164: 00e787bb addw a5,a5,a4
168: 0017979b slliw a5,a5,0x1
16c: 0007871b sext.w a4,a5
170: fec42783 lw a5,-20(s0)
174: 00279793 slli a5,a5,0x2
178: ff040693 addi a3,s0,-16
17c: 00f687b3 add a5,a3,a5
180: fce7a423 sw a4,-56(a5) # ffffffffffffffc8 <.L10+0xfffffffffffffdb4>
0000000000000184 <.L8>:
184: fec42783 lw a5,-20(s0)
188: 0017879b addiw a5,a5,1
18c: fef42623 sw a5,-20(s0)
0000000000000190 <.L7>:
190: fec42783 lw a5,-20(s0)
194: 0007871b sext.w a4,a5
198: 00900793 li a5,9
19c: fae7d4e3 bge a5,a4,144 <.L9>
1a0: fb840793 addi a5,s0,-72
1a4: 00078513 mv a0,a5
1a8: 00000097 auipc ra,0x0
1ac: 000080e7 jalr ra # 1a8 <.L7+0x18>
1b0: fe042783 lw a5,-32(s0)
1b4: fe842703 lw a4,-24(s0)
1b8: 00f707bb addw a5,a4,a5
1bc: fef42223 sw a5,-28(s0)
1c0: fe442783 lw a5,-28(s0)
1c4: 00078593 mv a1,a5
1c8: 000007b7 lui a5,0x0
1cc: 00078513 mv a0,a5
1d0: 00000097 auipc ra,0x0
1d4: 000080e7 jalr ra # 1d0 <.L7+0x40>
1d8: fe042623 sw zero,-20(s0)
1dc: 0380006f j 214 <.L10>
00000000000001e0 <.L11>:
1e0: fec42783 lw a5,-20(s0)
1e4: 00279793 slli a5,a5,0x2
1e8: ff040713 addi a4,s0,-16
1ec: 00f707b3 add a5,a4,a5
1f0: fc87a783 lw a5,-56(a5) # ffffffffffffffc8 <.L10+0xfffffffffffffdb4>
1f4: 00078593 mv a1,a5
1f8: 000007b7 lui a5,0x0
1fc: 00078513 mv a0,a5
200: 00000097 auipc ra,0x0
204: 000080e7 jalr ra # 200 <.L11+0x20>
208: fec42783 lw a5,-20(s0)
20c: 0017879b addiw a5,a5,1
210: fef42623 sw a5,-20(s0)
0000000000000214 <.L10>:
214: fec42783 lw a5,-20(s0)
218: 0007871b sext.w a4,a5
21c: 00900793 li a5,9
220: fce7d0e3 bge a5,a4,1e0 <.L11>
224: 00000793 li a5,0
228: 00078513 mv a0,a5
22c: 04813083 ld ra,72(sp)
230: 04013403 ld s0,64(sp)
234: 05010113 addi sp,sp,80
238: 00008067 ret
Disassembly of section .rodata:
0000000000000000 <.LC0>:
0: 6425 lui s0,0x9
2: 0000 unimp
4: 0000 unimp
...
0000000000000008 <.LC1>:
8: 6425 lui s0,0x9
a: 000a c.slli zero,0x2
Disassembly of section .comment:
0000000000000000 <.comment>:
0: 4700 lw s0,8(a4)
2: 203a4343 fmadd.s ft6,fs4,ft3,ft4,rmm
6: 6728 ld a0,72(a4)
8: 2029 0x2029
a: 3031 0x3031
c: 322e fld ft4,232(sp)
e: 302e fld ft0,232(sp)
...
Disassembly of section .riscv.attributes:
0000000000000000 <.riscv.attributes>:
0: 2f41 addiw t5,t5,16
2: 0000 unimp
4: 7200 ld s0,32(a2)
6: 7369 lui t1,0xffffa
8: 01007663 bgeu zero,a6,14 <.riscv.attributes+0x14>
c: 0025 c.nop 9
e: 0000 unimp
10: 1004 addi s1,sp,32
12: 7205 lui tp,0xfffe1
14: 3676 fld fa2,376(sp)
16: 6934 ld a3,80(a0)
18: 7032 0x7032
1a: 5f30 lw a2,120(a4)
1c: 326d addiw tp,tp,-5
1e: 3070 fld fa2,224(s0)
20: 615f 7032 5f30 0x5f307032615f
26: 3266 fld ft4,120(sp)
28: 3070 fld fa2,224(s0)
2a: 645f 7032 0030 0x307032645f
附录一、分析二进制的Python代码
可以取出立即数及offset
# 输入
t=input()
n=int(t,16)
# 保存二进制结果
ans=format(n,'032b')
print(ans)
opcode=ans[-7::]
# j-type jal命令
if opcode=='1101111':
rd=ans[-12:-7:]
offset=ans[-31:-12:]
print(f'{offset} {rd} {opcode}')
# u-type lui/auipc 立即数高位
elif opcode == '0110111' or opcode == '0010111':
rd=ans[-12:-7:]
offset=ans[-31:-12:]
print(f'{offset} {rd} {opcode}')
else:
itype_list = ['1110011', '0001111', '0011011', '0000111', '0000011', '0010011', '1100111']
rd_imm = ans[-12:-7:]
funct3 = ans[-15:-12]
rs1=ans[-20:-15]
if opcode in itype_list:
imm = ans[-31:-20:]
print(f'{imm} {rs1} {funct3} {rd_imm} {opcode}')
else:
imm = ans[-31:-25:]
rs2 = ans[-25:-20:]
print(f'{imm} {rs2} {rs1} {funct3} {rd_imm} {opcode}')
本文来自博客园,作者:暴力都不会的蒟蒻,转载请注明原文链接:https://www.cnblogs.com/BobHuang/p/16741506.html
