0

I'm reading the textbook Randal E. Bryant, David R. O’Hallaron - Computer Systems. A Programmer’s Perspective [3rd ed.] (2016, Pearson)

I came across this question and I am not sure how the authors obtained the answer.

In the following excerpts from a disassembled binary, some of the information has been replaced by Xs. 
Answer the following questions about these instructions. (You do not need to know anything about the callq instruction here.)
    


What is the target of the je instruction below?

40042f: 74 F4       je  XXXXXX

400431: 5D              pop %rbp

The answer given is as follows answer from tb

Could someone help explain why the explanation is as such? I am unsure how they obtained the -12 and the 0xf4 values, and why they would be needed to calculate the target of the je instruction here.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Megan Darcy
  • 530
  • 5
  • 15
  • **DO NOT post images of code, data, error messages, etc.** - copy or type the text into the question. [ask] – Rob Sep 24 '21 at 09:43

1 Answers1

4

The jump instruction with immediate value is relative, meaning it jumps X bytes forwards or backwards, not to an absolute address, so the address of the instruction itself (or the following one, see below) has importance.

The offset operand is signed, and it's one byte long (because 74 is the short jump instruction, allowing a jump range between -128 and +127 - the range of a signed 8-bit integer). 0xF4 is therefore negative (its leftmost bit has value -0x80 and not +0x80 and it's set), it equals to -0xC (because 0xF4 - 0x100 = -0xC), or in decimal -12. As the explanation says:

(since 0xf4 is the 1-byte two's-complement representation of -12)

How they obtained 0xF4 in the first place: From the instruction (74 F4 - the 74 is the opcode for je short and the F4 is the offset).

Now, the target of a jump is calculated by adding the offset to the address of the next instruction, in this case 0x400431. (You can imagine the processor first reading the instruction, causing the instruction pointer to be advanced past the end of the instruction to the start of the next one, and only then applying the jump forwards or backwards from the current position of the instruction pointer.)

So, 0x400431 - 0xC = 0x400425.

Note: The extra 0x in 0x0x400431 is apparently a typo in the book, it has no meaning.

CherryDT
  • 25,571
  • 5
  • 49
  • 74
  • 5
    Another way to view it is that the 8-bit offset from the instruction is sign-extended to 64 bits and added to RIP (which as noted points to the following instruction). `0xf4` sign-extends to `0xfffffffffffffff4`, and we add this to `0x400431` to get `0x400425` (with a carry which is ignored). So the machine doesn't really have to think about positive and negative offsets internally. – Nate Eldredge Sep 18 '21 at 17:37
  • awesome explanation! could i also ask how u know that je 's opcode is 74? and where can I find the opcodes of similar instructions? thanks! – Megan Darcy Sep 19 '21 at 14:23
  • 1
    In the corresponding processor/architecture manuals and reference handbooks. (but I found out myself, just by looking at how existing code is encoded...) – CherryDT Sep 19 '21 at 14:40
  • 1
    For instance: https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf (page 3-483, or 585 if you go by the PDF page numbers) – CherryDT Sep 19 '21 at 14:43
  • perfect got it thanks!! – Megan Darcy Sep 20 '21 at 04:22