32位程序的汇编指令长度 [英] assembly instruction length of 32-bit program
问题描述
我希望程序是32位格式.因此,这些汇编指令的长度不应大于4字节.显然,我错了.您能告诉我为什么有6字节或7字节的汇编指令吗?谢谢.
$文件a.outa.out:ELF 32位LSB可执行文件,Intel 80386版本1(SYSV),动态链接,解释器/lib/ld-linux.so.2,用于GNU/Linux 2.6.32,BuildID [sha1] = 09aa196a671a6e169f09984360133ad9488f7e53,没有剥离
$ objdump -d a.outa.out:文件格式elf32-i386.init部分的反汇编:080482a8< _init> ;:80482a8:53推%ebx80482a9:83 EC 08子$ 0x8,%esp80482ac:e8 8f 00 00 00致电8048340< __ x86.get_pc_thunk.bx>80482b1:81 c3 4f 1d 00 00加$ 0x1d4f,%ebx80482b7:8b 83 fc ff ff ff mov -0x4(%ebx),%eax80482bd:85 c0测试%eax,%eax80482bf:74 05 je 80482c6< _init + 0x1e>80482c1:e8 3a 00 00 00呼叫8048300< __ libc_start_main @ plt + 0x10>80482c6:83 c4 08加$ 0x8,%esp80482c9:5b流行%ebx80482ca:c3 ret
为什么?一个明显的原因是,一条指令可以 include 一个32位立即数,例如 mov $ address,%register
.因此, call rel32
可以从当前地址到达任何32位地址.
这些指令需要一个空间来存放操作码(1个字节),有时还需要一个ModR/M字节来指定哪些寄存器/存储器是操作数.
如果一条指令限制为4个字节,则需要多条指令才能将静态地址放入寄存器,并且您不能将其中一个用作存储器直接寻址模式.RISC ISA通常需要2条指令来构造寄存器中的任意32位常量(包括地址),例如MIPS lui $ t0,high_half
/ ori $ t0,$ t0,low_half
x86是可变长度的CISC;常见的指令很短,但是可以使用更长的指令,而不是强迫您使用单独的指令在寄存器中构造地址或常量.
例如您可以执行 movl $ 123456,some_static_variable
并获得包含以下组件的指令编码:
mov_opcode(1B)Mod/RM(1B)disp32绝对地址(4B)imm32 = 123456(4B)
总共10个字节,包括两个4字节的值.(在Intel的指令集参考手册(x86 SDM的第2卷)中,这是 mov r/m32,imm32
格式的MOV ,并具有 [disp32]
寻址模式.)
您可以使用前缀使它更长,例如用于线程本地存储的 fs:
段覆盖前缀.和/或寻址模式可能包含一个缩放索引寄存器,例如 movl $ 123456,array(,%ecx,4)
,因此在ModRM编码编址模式.
我们可以使用 add
代替 mov
,然后我们还可以使用 lock
前缀使它成为原子读取-修改写入.
指令长度的硬限制是15个字节.如果到那时解码仍未找到指令的末尾,则会引发 #UD
非法指令异常.(Linux内核会将SIGILL传递给令人反感的过程.)
(有趣的事实:原始的8086没有限制,并且会很乐意不断循环尝试解码充满 rep
前缀的整个64k段)
i build a simple program and use file command to check program is 32-bit format. in turn, i use objdump to disassemble program and found some assembly instruction length larger than 4-byte.
i expect the program is 32-bit format. therefore, those assembly instruction length should not bigger than 4-byte. obviously, i am wrong. could you please tell me why it has 6-byte or 7-byte assembly instruction? thanks.
$ file a.out
a.out: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=09aa196a671a6e169f09984360133ad9488f7e53, not stripped
$ objdump -d a.out
a.out: file format elf32-i386
Disassembly of section .init:
080482a8 <_init>:
80482a8: 53 push %ebx
80482a9: 83 ec 08 sub $0x8,%esp
80482ac: e8 8f 00 00 00 call 8048340 <__x86.get_pc_thunk.bx>
80482b1: 81 c3 4f 1d 00 00 add $0x1d4f,%ebx
80482b7: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax
80482bd: 85 c0 test %eax,%eax
80482bf: 74 05 je 80482c6 <_init+0x1e>
80482c1: e8 3a 00 00 00 call 8048300 <__libc_start_main@plt+0x10>
80482c6: 83 c4 08 add $0x8,%esp
80482c9: 5b pop %ebx
80482ca: c3 ret
Why? One obvious reason is so a single instruction can include a 32-bit immediate, like mov $address, %register
. And so a call rel32
can reach any 32-bit address from the current address.
These instructions need room for an opcode (1 byte) and sometimes a ModR/M byte to specify which register(s) / memory are operands.
If an instruction was limited to 4 bytes, it would take multiple instructions to put a static address into a register, and you couldn't use one as a memory-direct addressing mode. RISC ISAs typically need 2 instructions to construct arbitrary 32-bit constants (including addresses) in register, like MIPS lui $t0, high_half
/ ori $t0, $t0, low_half
x86 is variable-length CISC; common instructions are short, but longer instructions are possible instead of forcing you to construct an address or constant in a register with a separate instruction.
e.g. you can do movl $123456, some_static_variable
and get an instruction encoding with these components:
mov_opcode (1B) Mod/RM (1B) disp32 absolute address (4B) imm32=123456 (4B)
for a total of 10 bytes, including two 4-byte values. (In Intel's instruction-set reference manual (vol.2 of the x86 SDM), this is the mov r/m32, imm32
form of MOV, with a [disp32]
addressing mode.)
You could make it longer with prefixes, for example an fs:
segment override prefix for thread-local storage. And/or the addressing mode could include a scaled-index register, like movl $123456, array(,%ecx,4)
, so a SIB (scale/index/base) byte would be needed after the ModRM to encode the addressing mode.
Instead of mov
, we could have used add
, and then we could also have used a lock
prefix to make it an atomic read-modify write.
The hard limit on instruction length is 15 bytes. If decoding doesn't find the end of an instruction by then, a #UD
illegal instruction exception is raised. (A Linux kernel will deliver a SIGILL to the offending process.)
(Fun fact: original 8086 had no limit, and would happily keep looping trying to decode a whole 64k segment full of rep
prefixes)
这篇关于32位程序的汇编指令长度的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!