THE STACK • The is how a process is placed into its virtual addressable space • The code is placed at the lowest available address followed then by data • The stack (subject of this chapter) is used for procedure calls and returns • The heap is used for dynamic memory allocation This is done by calling the OS at runtime (possibly via a library function like malloc() or new in C++)
Increasing addresses
(high memory)
Heap
Stack Data Code (low memory)
The Stack (Continued) • A stack of a certain size is allocated to each process • The stack is used for procedure calls and returns • Also used by compilers for storing variables and arrays • But the stack size is fixed when the program is loaded in main memory 1. The stack size cannot be changed at run time 2. There is always the risk of a stack overflow at runtime (if too much data are pushed onto the stack) 3. If this is the case, the process is terminated and the OS returns a stack fault message • The default stack size is normally large enough for almost all applications but the programmer can choose its size 1. With Borland we do this by providing a linker option to the bcc32 command bcc32 -lS:2000000 hello.asm 2. This will allocate a stack of 2 million bytes
The Stack (Continued) • When the program starts to execute, ESP gets loaded with the offset address of the top of the stack The top of the stack is the memory byte which immediately follows the byte in the stack which is located at the largest available address • The stack is said to be empty when ESP points to the top of the stack • As we push data onto the stack, the (unsigned) value in ESP will decrease and ESP will point deeper into the stack • The stack is said to be full when ESP points to the bottom of the stack The bottom of the stack is the memory byte in the stack which is located at the smallest available address • The PUSH instruction is used to insert (or save) data onto the stack and the POP instruction is used to retrieve this data PUSH and POP can only be used with either 16-bit or 32-bit operands (8-bits operands are not allowed)
The PUSH and POP Instructions • PUSH Source → pushes Source onto the stack • Let S be the size (in bytes) of Source (S = 2 or 4). The following sequence of events will occur upon execution of PUSH Source 1. ESP is first decremented by S 2. Then the content of Source will be copied at the location pointed by ESP • POP Destination → pops data from the stack • Let S be the size (in bytes) of Destination (S = 2 or 4). The following sequence of events will occur upon execution of POP Destination 1. The word (if S = 2) or dword (if S = 4) located at the address contained in ESP is first copied into Destination 2. Then ESP is incremented by S • Source and Destination can be either Reg, Mem or indirect operands, but they must be 16-bit or 32-bit in size Source can be Imm and Destination cannot be Imm
PUSH Example • Assume stack size is 100h and starts at address 0h ESP thus contains 100h when the stack is empty (the byte at address 100h is the top of the stack) • Here is the stack and ESP after each of these PUSH’s MOV EAX, 10203040h PUSH AX PUSH EAX
Addr STACK
contains 100h when the pty (the byte at address
100h
ESP (Stack empty)
FFh
30h
FEh
40h
the stack and ESP after
ESP After push ax
FDh
10h
FCh
20h
FBh
30h
FAh
40h
ESP After push eax
• By default, an Imm operand of PUSH is 32-bit. overridden by the PTR operator PUSH PUSH PUSH PUSH
-1 ;FFFFFFFFh is pushed WORD PTR -1 ;FFFFh is pushed BYTE PTR -1 ;error QWORD PTR -1 ;error
This can be
POP Example • Assume stack size is initially in the following state: ESP contains FAh • Here is the stack and ESP after each of these PUSH’s POP EAX ;EAX = 10203040h POP AX ;AX = 3040h POP AH ;error
Addr STACK 100h
ESP After pop ax
k and ESP after
FFh
30h
FEh
40h
ESP After pop eax
ta remains in ESP is changed
he stack is said n ESP points to ack (here 100h)
FDh
10h
FCh
20h
FBh
30h
FAh
40h
ESP (initially)
• Note: The data remains in the stack. (incremented) at each POP
Only ESP is changed
Nevertheless, the stack is said to be empty when ESP points to the top (here 100h)
Example: Saving and Restoring Registers ;Save registers PUSH EAX PUSH ECX ;Read and print 3 characters MOV ECX, 3 again: GETCH ;character in EAX OR AL, 20h ;uppercase to lowercase conversion PUTCH EAX ;display LOOP again ;Restore registers POP ECX POP EAX
• Some registers are automatically used by certain instructions 1. EAX is used by GETCH and other instructions 2. ECX is used by LOOP and other instructions
• The stack provides a convenient way for saving and restoring registers that are needed temporarily Notice the particular order in which PUSH and POP are used
Saving and Restoring Registers and Flags
• PUSHA (no operand) → pushes EAX, EBX, ECX, EDX, EBP, ESP, EDI, ESI onto the stack
• POPA (no operand) → pops the same registers in reverse order PUSHA ;saves 8 registers onto the stack . . . ... ... ;use these registers here . . . POPA ;restores initial values of these registers
• PUSHF (no operand) → pushes the EFLAGS register onto the stack
• POPF (no operand) → pops the EFLAGS register from the stack PUSHF ;saves EFLAGS onto the stack . . . ... ... ;use these registers here . . . POPF ;restores initial value of EFLAGS register
Inverting the Input Line .386 .model Flat .code main: XOR ECX, ECX read again: GETCH CMP EAX, 0Ah JE display PUSH AX INC ECX JMP read again display: JECXZ exit again: POP AX PUTCH EAX LOOP again exit: RET end
;sets count to zero
;push the character (16-bit) ;increment count
;pop the character (16-bit)
• The stack is a last-in first-out data structure 1. Items come off the stack in the reverse order that they came in 2. This program uses this property to read a sequence of characters and display them in reverse order on the next line
Exercise #1
• We have the following data segment Msg DW ’a’, ’b’, ’c’, ’d’
•
Assume initially ESP contains 100h. Give the hexadecimal value contained in the mentioned registers after executing each instruction in this particular sequence
PUSH MOV PUSH MOV PUSH LEA POP MOV POP POP
Msg AX, Msg+2 EAX, DWORD EAX, WORD AX, EAX AX
;ESP [ESP] ;AX ;ESP [ESP] ;EAX PTR Msg+3 ;ESP Msg PTR [EAX] ;ESP Msg ;EAX ;EAX ;EAX
= = = = = = = = =
