0

I want to know how to find the value of the constant M from the following c and corresponding assembler code. Is there any method to determine M just by analysing the code?

#include<stdio.h>
int main(){
    
    int i=7;
    int a[14];
    
    a[i] = 99;
    
    int b[M];
    b[i] = 88;
 }

Assembly code given

main : 
endr64
pushq %rbp
movq %rsp, %rbp
subq $80, %rsp
movl $7, -80(%rbp)
movl -80(%rbp), %eax
cltq
movl $99, -64(%rbp,%rax,4)
movl -80(%rbp),%eax
cltq
movl $88, -76(%rbp,%rax,4)
movl $0,%eax
leave
ret

enter image description here

Improve this question
3
  • 1
    What did you try, and where are you stuck? This reads like a "please do my homework for me". Hopefully that is not your intention so please make the question more specific. Commented Dec 23, 2021 at 7:03
  • i tried converting c code to assembly using gcc with taking int M; using command gcc -S prorgam.c but I dont know what is the value of M as nothing is mentioned about M in output (assembly code). i know value can not be 0. spend hour. Also nothing mentioned about M in given Assembly code too. i dont know much about assembly. Question : int b[M]; what should be the value of M here. looking at assembly code Commented Dec 23, 2021 at 7:06
  • Does the assignment tells you that this code has undefined behaviour because M is so small? That's surprising, you'd expect an assignment to use a valid C program, so it would make you doubt the right answer. Commented Dec 23, 2021 at 10:45

2 Answers 2

Reset to default
3

Perhaps this picture of stack layout might help:

               --------------------
               | return from main |
               --------------------
               |  pushed RBP      |
               --------------------
RBP-08|RBP-04  |         |        |
               --------------------
RBP-16|RBP-12  |  a[12]  |  a[13] |
               --------------------
RBP-24|RBP-20  |  a[10]  |  a[11] |
               --------------------
RBP-32|RBP-28  |  a[8]   |  a[9]  |
               --------------------
RBP-40|RBP-36  |  a[6]   |  a[7]  |
               --------------------
RBP-48|RBP-44  |  a[4]   |  a[5]  |
               --------------------
RBP-56|RBP-52  |  a[2]   |  a[3]  |
               --------------------
RBP-64|RBP-60  |  a[0]   |  a[1]  |
               --------------------
RBP-72|RBP-68  |  b[1]   |  b[2]  |
               --------------------
RBP-80|RBP-76  |   i=7   |  b[0]  |
               --------------------

a[7] is addressed as RBP-36 and b[7] would be addressed as RBP-48 (if only array b[] would have been allocated this big).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

Think what is the format of the stack due to the allocation for the variables. You can see that i is located on -80 from the stack pointer rbp. Also you can see that the a[0] is located at -64 (see movl $99, -64(%rbp,%rax,4)), and b[0] is located on -76 (see movl $99, -76(%rbp,%rax,4)). So, the start of b is located -12 bytes from the start of a, meaning, the length of b is 12 bytes.

Next you need to know is that the size of int is 4, so 12/4 = 3, therefore M was 3.

Use gcc -S on the following code and you can verify.

#include<stdio.h>
#define M 3
int main(){

    int i=7;
    int a[14];

    a[i] = 99;

    int b[M];
    b[i] = 88;
 }
Improve this answer

2 Comments

It's actually -S to show asm output. And we only get the exact asm with gcc -fstack-protector -mno-red-zone -fcf-protection=branch. godbolt.org/z/xs7z6MvWv. Without stack-protector, it puts i at a higher address, above the arrays. Without -mno-red-zone, it doesn't sub/leave to reserve stack space (but uses the same offsets relative to RBP). Without -fcf..., no endbr64.
None of those are on by default on Godbolt, but some distros config GCC with and cf-protection -fstack-protector-strong (which would make a stack cookie in this function using even fixed-size stack arrays, which is good since it writes outside b[]!) -fcf-protection=branch for endbr64 was new in GCC8, so we know this asm wasn't from an earlier GCC. And it does look like GCC, based on use of leave (and also mov $0, %eax instead of xor-zeroing in a debug build.)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.