Where is the function prologue in this nexe objdump?

[George Robinson]

I've compiled a simple C program using 1. the toolchain in pepper_43 and 2. using the toolchain in scons in the Native Client source code. I've noticed that, for the same program, the object code is different in that the function prologue is missing (or different?).

For example, for the following C file: 

#include <stdio.h>

void dump(void)
{
    printf("%s\n", "dump");
}

void fn(void)
{
    char buf[64];
    gets(buf);
}

int main(int argc, char **argv)
{
    fn();
    return 0;
}

The object code from ~/native_client/sdk/pepper_44$ ./toolchain/linux_x86_newlib/bin/x86_64-nacl-gcc main.c -o main.nexe yields:

0000000000020220 <fn>:
   20220:       55                      push   %rbp
   20221:       48 89 e5                mov    %rsp,%rbp
   20224:       83 ec 40                sub    $0x40,%esp
   20227:       4c 01 fc                add    %r15,%rsp
   2022a:       8d 45 c0                lea    -0x40(%rbp),%eax
   2022d:       89 c7                   mov    %eax,%edi
   2022f:       66 66 66 2e 0f 1f 84    data32 data32 nopw %cs:0x0(%rax,%rax,1)
   20236:       00 00 00 00 00
   2023b:       e8 a0 12 00 00          callq  214e0 <gets>
   20240:       48 89 ec                mov    %rbp,%rsp
   20243:       41 5b                   pop    %r11
   20245:       44 89 dd                mov    %r11d,%ebp
   20248:       4c 01 fd                add    %r15,%rbp
   2024b:       41 5b                   pop    %r11
   2024d:       41 83 e3 e0             and    $0xffffffe0,%r11d
   20251:       4d 01 fb                add    %r15,%r11
   20254:       41 ff e3                jmpq   *%r11
   20257:       66 0f 1f 84 00 00 00    nopw   0x0(%rax,%rax,1)
   2025e:       00 00

but when I compile the same source code as a test using scons in the Native Client source:

~/native_client/src/native_client$ ./scons platform=x86-64 tests/exploit
scons: Reading SConscript files ...
SKIPPING test text_overlaps_rodata
SKIPPING test text_overlaps_data
There are 7 broken tests. Add --verbose to the command line for more information.
======================================================================
B U I L D - O U T P U T:
======================================================================
scons: done reading SConscript files.
scons: Building targets ...
scons: building associated VariantDir targets: scons-out/nacl-x86-64/obj/tests/exploit
________Compiling scons-out/nacl-x86-64/obj/tests/exploit/exploit.o
________Linking scons-out/nacl-x86-64/obj/tests/exploit/exploit.nexe
scons: `tests/exploit' is up to date.
scons: done building targets.

I get the following objdump for function fn:

00000000000201e0 <fn>:
   201e0:       83 ec 48                sub    $0x48,%esp
   201e3:       4c 01 fc                add    %r15,%rsp
   201e6:       89 e7                   mov    %esp,%edi
   201e8:       0f 1f 40 00             nopl   0x0(%rax)
   201ec:       66 66 66 66 66 66 2e    data32 data32 data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
   201f3:       0f 1f 84 00 00 00 00  
   201fa:       00  
   201fb:       e8 60 1e 00 00          callq  22060 <gets>
   20200:       83 c4 48                add    $0x48,%esp
   20203:       4c 01 fc                add    %r15,%rsp
   20206:       41 5b                   pop    %r11
   20208:       41 83 e3 e0             and    $0xffffffe0,%r11d
   2020c:       4d 01 fb                add    %r15,%r11
   2020f:       41 ff e3                jmpq   *%r11
   20212:       66 66 66 66 66 2e 0f    data32 data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)

which you might have observed does not push %rbp onto the stack and then mov %rsp, $rbp. Rather, it appears to allocate an extra 8 bytes of the stack via sub $0x48, %esp, which is enough space for both the 64 byte buffer and 8 byte return address, but I see no mov of %rbp onto the stack?

Can someone explain this difference in object code between seemingly identical compilation phases?

[Jan Voung]

It's not identical compilation phases. You have to look at the actual compiler flags, not just assume "Compiling scons-out/nacl-x86-64/obj/tests/exploit/exploit.o", does the same thing.

Passing --verbose" to the scons build will show (e.g., for tests/hello_world):

toolchain/linux_x86/nacl_x86_newlib_raw/bin/x86_64-nacl-gcc -m64 -std=gnu99 -Wstrict-prototypes -O2 -g -fomit-frame-pointer -fasynchronous-unwind-tables -Wall -Wundef -fdiagnostics-show-option -pedantic -Werror -Wno-variadic-macros -D__STDC_LIMIT_MACROS=1 -D__STDC_FORMAT_MACROS=1 -D_GNU_SOURCE=1 -D_DEFAULT_SOURCE=1 -D_BSD_SOURCE=1 -D_POSIX_C_SOURCE=199506 -D_XOPEN_SOURCE=600 -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DDYNAMIC_ANNOTATIONS_PREFIX=NACL_ -DNACL_BUILD_ARCH=x86 -DNACL_BUILD_SUBARCH=64 -Iscons-out/nacl-x86-64/include -I. -c -o scons-out/nacl-x86-64/obj/tests/hello_world/hello_world.o tests/hello_world/hello_world.c

The key is "-fomit-frame-pointer".

That's why there is no push %rbp, etc.

--
You received this message because you are subscribed to the Google Groups "Native-Client-Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.
To post to this group, send email to native-cli...@googlegroups.com.
Visit this group at http://groups.google.com/group/native-client-discuss.
For more options, visit https://groups.google.com/d/optout.