A problem with parameter passing via stack Chapter 16 Consider the following function that's designed to swap the values of its arguments. void Swap(int firstVal, int secondVal){ int tempVal = firstVal; firstVal = secondVal; secondVal = tempVal; } Why do we need Pointers? Call by Value vs. Call by Reference in detail int main () { Implementing Arrays int valueA = 3, valueB = 4; … Buffer Overflow / The “Stack Hack” Swap (valueA, valueB); … Wright State University, College of Engineering CEG 320/520 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 2 Executing the Swap Function Pointers and Arrays Functions such as the swap example need to be able access variables before call after call stored in memory locations outside of their own activation record – A function’s activation record defines its “scope” 3 tempVal These values – We've seen examples of how to do this in Assembly. Swap changed... Pointer R6 – Address of a variable in memory R6 3 firstVal 4 firstVal – Allows us to indirectly access variables 4 secondVal 3 secondVal in other words, we can talk about its address rather than its value 4 valueB 4 valueB Array (still a pointer!) 3 valueA 3 valueA – An area of allocated memory with values arranged sequentially main ...but these – Expression a[4] refers to the 5th element of the array a did not. The array variable is a pointer to the base of the array Base + offset Thus… the first element is 0 Wright State University, College of Engineering CEG 320/520 Wright State University, College of Engineering CEG 320/520 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 3 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 4 Pointers in C Pointers in C C lets us talk about and manipulate addresses as “pointer variables” How do we store addresses? Pointer variables! But first, lets refresh the somewhat confusing bits. – Although all pointers in C are exactly the same type (address) they are also typed by the compiler so that the data to which they refer can be appropriately interpreted. – A pointer in C is always a pointer to a particular data type: int*, double*, &: The “address-of” or “reference” operator char*, etc. – This operator does one thing. Declaration – It returns the address of the variable which follows – int *p; /* p is a pointer to an int */ Operators #include <stdio.h> – *p -- returns the value pointed to by p (indirect address / dereference int main() { op) int x = 0; Output: Address of x = 0x0065FDF4 – &z -- returns the address of variable z (address-of operator) printf("Address of x "); Important point of common confusion! printf("= 0x%p \n", &x); return 0; – * means “a pointer variable” when used in a declaration } – * means “access the information that this address points to” elsewhere – What does *3 mean? Wright State University, College of Engineering CEG 320/520 Wright State University, College of Engineering CEG 320/520 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 5 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 6 1 Check for understanding Check for understanding #include <stdio.h> #include <stdio.h> int main() { int main() { int x = 12; int x[10] = {0,1,2,3,4,5,6,7,8,9}; int *ptr = &x; Address of x: 0x0065FDF4 printf("Address of x[0]:\t 0x%p\n", &x[0]); Address of x: 0x65fdf4 printf("Address of x:\t 0x%p\n", x); printf("Address of x:\t 0x%p\n", ptr); Address of ptr: 0x65fdf0 printf("Value of x[0]:\t %d\n", x[0]); Value of x: 12 printf("Address of x:\t 0x%x\n", &x); printf("Value of x[0]:\t %d\n", *x); printf("Address of ptr:\t 0x%x\n", &ptr); Address of x[0]: 0x0065FDD0 printf("Value of x:\t %d\n", *ptr); return 0; Address of x: 0x0065FDD0 } Value of x[0]: 0 return 0; Value of x[0]: 0 } Wright State University, College of Engineering CEG 320/520 Wright State University, College of Engineering CEG 320/520 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 7 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 8 Example Example: LC-3 Code ; i is 1st local (offset 0), ptr is 2nd (offset -1) Name Type Offset Scope int i; i = 4; store the value 4 into the memory location ; i int *ptr; int 0 main associated with i AND R0, R0, #0 ; clear R0 ptr Int* -1 main ADD R0, R0, #4 ; put 4 in R0 i = 4; store the address of i into the STR R0, R5, #0 ; store in i memory location associated with ptr ptr = &i; ; ptr = &i; ADD R0, R5, #0 ; R0 = R5 + 0 *ptr = *ptr + 1; (addr of i) STR R0, R5, #-1 ; store in ptr R6 xEFFC ptr ; *ptr = *ptr + 1; read the contents of memory R5 4 i LDR R0, R5, #-1 ; R0 = ptr at the address stored in ptr xxxx fp LDR R1, R0, #0 ; load contents xxxx pc store the result into memory (*ptr) ADD R1, R1, #1 xxxx ret at the address stored in ptr ; add one xF000 STR R1, R0, #0 ; store result where R0 points Wright State University, College of Engineering CEG 320/520 Wright State University, College of Engineering CEG 320/520 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 9 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 10 Call by reference Passing Pointers to a Function Passing a pointer as an argument allows the function to read/change main() wants to swap the values of valueA and valueB memory outside its activation record. – But not the pointer itself! NewSwap(&valueA, &valueB); – If you wanted to change the pointer itself, what would you need to do? LC-3 Code for main: void NewSwap(int *firstVal, int *secondVal) ADD R0, R5, #-1 ; addr of valueB R6 firstVal { xEFFA ADD R6, R6, #-1 ; push secondVal int tempVal = *firstVal; xEFF9 STR R0, R6, #0 valueB *firstVal = *secondVal; 4 R5 3 valueA *secondVal = tempVal; Arguments are ADD R0, R5, #0 ; addr of valueA } integer pointers. ADD R6, R6, #-1 ; push STR R0, R6, #0 Caller passes addresses xEFFD of variables that it wants function to change. Wright State University, College of Engineering CEG 320/520 Wright State University, College of Engineering CEG 320/520 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 11 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 12 2 Code Using Pointers Pointer arithmetic Pointer arithmetic Inside the NewSwap routine – If ptr is a pointer, what is ptr = ptr + 1? ; int tempVal = *firstVal; R6 3 tempVal – It depends on the size of the data pointed to by ptr!! LDR R0, R5, #4 ; R0=xEFFA R5 xEFFA dynLnk On a x86 (byte addressable) machine LDR R1, R0, #0 ; R1=M[xEFFA]=3 xxxx retAddr – int* ptr; ptr = ptr + 1; /* ptr increases by 2 */ STR R1, R5, #0 ; tempVal=3 xxxx retVal – long* ptr; ptr = ptr + 1; /* ptr increases by 4 */ ; *firstVal = *secondVal; xEFFA firstVal Sometimes we want a pointer that points to nothing. LDR R1, R5, #5 ; R1=xEFF9 xEFF9 secondVal LDR R2, R1, #0 ; R1=M[xEFF9]=4 – In other words, we declare a pointer, but have nothing to point to (yet). valueB STR R2, R0, #0 ; M[xEFFA]=4 9 3 int *p; A ; *secondVal = tempVal; 4 valueA p = NULL; /* p is a null pointer */ B NULL LDR R2, R5, #0 ; R2=3 is a predefined macro that contains a value that a non-null pointer C should never hold. STR R2, R1, #0 ; M[xEFF9]=3 xEFFD – Often, NULL = 0, because Address 0x00000000 is not a legal address for most programs on most platforms BUT it depends on the machine! Wright State University, College of Engineering CEG 320/520 Wright State University, College of Engineering CEG 320/520 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 13 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 14 Using Arguments for Results Arrays Pass address of variable where you want result stored Declaration – useful for multiple results – type variableName [size]; Example: – All elements are the same type/size return value via pointer – Number of elements known at compile time return status code as function result Reference grid[0] – variableName [num] grid[1] – Accesses num-th – 1 entry in array grid[2] This solves the “mystery” of why ‘&’ with argument to scanf: – Numbering starts from 0 grid[3] – scanf("%d ", &dataIn); – No limit checking at compile- or run-time grid[4] Array elements can be allocated as part of the grid[5] read a decimal integer activation record (local) or in global memory grid[6] and store in dataIn int grid[10]; grid[7] grid[8] But what about: – First element (grid[0]) is at lowest address of allocated space grid[9] – scanf(“%s”, &buffer); ?? – If grid is only local variable allocated, then R5 will point to grid[9] Wright State University, College of Engineering CEG 320/520 Wright State University, College of Engineering CEG 320/520 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 15 Dr. Doom, Computer Science & Engineering Comp. Org. & Assembly 16 Array code for LC-3 More Array code for LC-3 ; x = grid[3] + 1 ; grid[x+1] = grid[x] + 2 ADD R0, R5, #-9 ; R0 = &grid[0] LDR R0, R5, #-10 ; R0 = x LDR R1, R0, #3 ; R1 = grid[3] x ADD R1, R5, #-9 ; R1 = &grid[0] x ADD R1, R1, #1 ; plus 1 grid[0] ADD R1, R0, R1 ; R1 = &grid[x] grid[0] STR R1, R5, #-10 ; x = R1 grid[1] LDR R2, R1, #0 ; R2 = grid[x] grid[1] ; grid[6] = 5; grid[2] ADD R2, R2, #2 ; add 2 grid[2] AND R0, R0, #0 grid[3] LDR R0, R5, #-10 ; R0 = x grid[3] ADD R0, R0, #5 ; R0 = 5 grid[4] grid[4] ADD R1, R5, #-9 ; R1 = &grid[0] ADD R0, R0, #1 ; R0 = x+1 STR R0, R1, #6 ; grid[6] = R0 grid[5] ADD R1, R5, #-9 ; R1 = &grid[0] grid[5] grid[6] ADD R1, R0, R1 ; R1 = &grix[x+1] grid[6] grid[7] STR R2, R1, #0 ; grid[x+1] = R2 grid[7] Name Type Offset Scope grid[8] Name Type Offset Scope grid[8] grid int -9 main R5 grid[9] R5 grid[9] x int* -10 main grid int -9 main x int* -10 main Wright State University, College of Engineering CEG 320/520 Wright State University, College of Engineering CEG 320/520 Dr.