Skip to content

Instantly share code, notes, and snippets.

@sw17ch

sw17ch/wat.c

Created August 16, 2012 20:40
Show Gist options
  • Save sw17ch/3373458 to your computer and use it in GitHub Desktop.
Save sw17ch/3373458 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
wat.c
#include <stdio.h>
typedef struct {} a;
typedef struct { a a1; a a2; } b;
int main(int argc, char * argv[])
{
a as[999999];
printf("%d\n", sizeof(b) == sizeof(a));
printf("%zu\n", sizeof(as));
int i;
for(i = 0; i < sizeof(as) / sizeof(as[0]); i++)
{
puts("wat");
}
return 0;
}
/* $ gcc wat.c -O0 -o wat_
* $ ./wat_
* 1
* 0
* wat
*/
@sw17ch
Copy link
Author

sw17ch commented Aug 16, 2012

wat

@sw17ch
Copy link
Author

sw17ch commented Aug 16, 2012 

$ otool -vtdI wat_
wat_:
Indirect symbols for (__TEXT,__stubs) 2 entries
address            index name
0x0000000100000f1c     8 _exit
0x0000000100000f22     9 _printf
Indirect symbols for (__DATA,__nl_symbol_ptr) 2 entries
address            index name
0x0000000100001028    10 dyld_stub_binder
0x0000000100001030 ABSOLUTE
Indirect symbols for (__DATA,__la_symbol_ptr) 2 entries
address            index name
0x0000000100001038     8 _exit
0x0000000100001040     9 _printf
(__TEXT,__text) section
start:
0000000100000eb0    pushq   $0x00
0000000100000eb2    movq    %rsp,%rbp
0000000100000eb5    andq    $0xf0,%rsp
0000000100000eb9    movq    0x08(%rbp),%rdi
0000000100000ebd    leaq    0x10(%rbp),%rsi
0000000100000ec1    movl    %edi,%edx
0000000100000ec3    addl    $0x01,%edx
0000000100000ec6    shll    $0x03,%edx
0000000100000ec9    addq    %rsi,%rdx
0000000100000ecc    movq    %rdx,%rcx
0000000100000ecf    jmp 0x100000ed5
0000000100000ed1    addq    $0x08,%rcx
0000000100000ed5    cmpq    $0x00,(%rcx)
0000000100000ed9    jne 0x100000ed1
0000000100000edb    addq    $0x08,%rcx
0000000100000edf    callq   0x100000ef0
0000000100000ee4    movl    %eax,%edi
0000000100000ee6    callq   0x100000f1c
0000000100000eeb    hlt
0000000100000eec    nop
0000000100000eed    nop
0000000100000eee    nop
0000000100000eef    nop
_main:
0000000100000ef0    pushq   %rbp
0000000100000ef1    movq    %rsp,%rbp
0000000100000ef4    movl    $0x00000001,%esi
0000000100000ef9    leaq    0x0000004c(%rip),%rdi
0000000100000f00    xorb    %al,%al
0000000100000f02    callq   0x100000f22
0000000100000f07    xorl    %esi,%esi
0000000100000f09    leaq    0x00000040(%rip),%rdi
0000000100000f10    xorb    %al,%al
0000000100000f12    callq   0x100000f22
0000000100000f17    xorl    %eax,%eax
0000000100000f19    popq    %rbp
0000000100000f1a    ret

@sw17ch
Copy link
Author

sw17ch commented Aug 16, 2012

Oops. Ignore the last one. That's the -O1 output:

Shiny:~ johnvanenk$ otool -vtdI wat_
wat_:
Indirect symbols for (__TEXT,__stubs) 3 entries
address            index name
0x0000000100000f18     8 _exit
0x0000000100000f1e     9 _printf
0x0000000100000f24    10 _puts
Indirect symbols for (__DATA,__nl_symbol_ptr) 2 entries
address            index name
0x0000000100001028    11 dyld_stub_binder
0x0000000100001030 ABSOLUTE
Indirect symbols for (__DATA,__la_symbol_ptr) 3 entries
address            index name
0x0000000100001038     8 _exit
0x0000000100001040     9 _printf
0x0000000100001048    10 _puts
(__TEXT,__text) section
start:
0000000100000e50    pushq   $0x00
0000000100000e52    movq    %rsp,%rbp
0000000100000e55    andq    $0xf0,%rsp
0000000100000e59    movq    0x08(%rbp),%rdi
0000000100000e5d    leaq    0x10(%rbp),%rsi
0000000100000e61    movl    %edi,%edx
0000000100000e63    addl    $0x01,%edx
0000000100000e66    shll    $0x03,%edx
0000000100000e69    addq    %rsi,%rdx
0000000100000e6c    movq    %rdx,%rcx
0000000100000e6f    jmp 0x100000e75
0000000100000e71    addq    $0x08,%rcx
0000000100000e75    cmpq    $0x00,(%rcx)
0000000100000e79    jne 0x100000e71
0000000100000e7b    addq    $0x08,%rcx
0000000100000e7f    callq   0x100000e90
0000000100000e84    movl    %eax,%edi
0000000100000e86    callq   0x100000f18
0000000100000e8b    hlt
0000000100000e8c    nop
0000000100000e8d    nop
0000000100000e8e    nop
0000000100000e8f    nop
_main:
0000000100000e90    pushq   %rbp
0000000100000e91    movq    %rsp,%rbp
0000000100000e94    subq    $0x30,%rsp
0000000100000e98    movq    %rsi,%rax
0000000100000e9b    movl    %edi,%ecx
0000000100000e9d    movl    %ecx,0xfc(%rbp)
0000000100000ea0    movq    %rax,0xf0(%rbp)
0000000100000ea4    movl    $0x00000001,%eax
0000000100000ea9    xorb    %cl,%cl
0000000100000eab    leaq    0x000000a8(%rip),%rdx
0000000100000eb2    movq    %rdx,%rdi
0000000100000eb5    movl    %eax,%esi
0000000100000eb7    movb    %cl,%al
0000000100000eb9    callq   0x100000f1e
0000000100000ebe    xorl    %ecx,%ecx
0000000100000ec0    xorb    %dl,%dl
0000000100000ec2    leaq    0x00000095(%rip),%rsi
0000000100000ec9    movq    %rsi,%rdi
0000000100000ecc    movq    %rcx,%rsi
0000000100000ecf    movb    %dl,%al
0000000100000ed1    callq   0x100000f1e
0000000100000ed6    movl    $0x00000000,0xdc(%rbp)
0000000100000edd    jmp 0x100000ef7
0000000100000edf    leaq    0x0000007d(%rip),%rax
0000000100000ee6    movq    %rax,%rdi
0000000100000ee9    callq   0x100000f24
0000000100000eee    movl    0xdc(%rbp),%eax
0000000100000ef1    addl    $0x01,%eax
0000000100000ef4    movl    %eax,0xdc(%rbp)
0000000100000ef7    movl    0xdc(%rbp),%eax
0000000100000efa    movslq  %eax,%rax
0000000100000efd    cmpq    %rcx,%rax
0000000100000f00    jb  0x100000edf
0000000100000f02    movl    $0x00000000,0xe8(%rbp)
0000000100000f09    movl    0xe8(%rbp),%eax
0000000100000f0c    movl    %eax,0xec(%rbp)
0000000100000f0f    movl    0xec(%rbp),%eax
0000000100000f12    addq    $0x30,%rsp
0000000100000f16    popq    %rbp
0000000100000f17    ret

Copy link

ghost commented Aug 16, 2012

loop fragment:

{{{

0000000100000edd jmp 0x100000ef7
0000000100000edf leaq 0x0000007d(%rip),%rax
0000000100000ee6 movq %rax,%rdi
0000000100000ee9 callq 0x100000f24
0000000100000eee movl 0xdc(%rbp),%eax
0000000100000ef1 addl $0x01,%eax
0000000100000ef4 movl %eax,0xdc(%rbp)
0000000100000ef7 movl 0xdc(%rbp),%eax
0000000100000efa movslq %eax,%rax
0000000100000efd cmpq %rcx,%rax
0000000100000f00 jb 0x100000edf
}}}

Copy link

ghost commented Aug 16, 2012

sorry, forgot how to do github


0000000100000edd    jmp 0x100000ef7
0000000100000edf    leaq    0x0000007d(%rip),%rax
0000000100000ee6    movq    %rax,%rdi
0000000100000ee9    callq   0x100000f24
0000000100000eee    movl    0xdc(%rbp),%eax
0000000100000ef1    addl    $0x01,%eax
0000000100000ef4    movl    %eax,0xdc(%rbp)
0000000100000ef7    movl    0xdc(%rbp),%eax
0000000100000efa    movslq  %eax,%rax
0000000100000efd    cmpq    %rcx,%rax
0000000100000f00    jb  0x100000edf

Copy link

ghost commented Aug 16, 2012

0xdc(%rbp) is the loop counter, temporarily stashed in %rax / %eax
%ecx is the loop limit, set to zero at ..ebe
branch enters at ..ef7 and loop body at ..edf
cmpq at ..efd sets CF 0 and ZF 0, jb at ..f00 should NOT branch. does this particular compilation emit the "wat"?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment