tags:

views:

148

answers:

2
+2  Q: 

Understanding the C function call prolog with __cdecl on windows

Compiling this simple function with MSVC2008, in Debug mode:

int __cdecl sum(int a, int b)
{
    return a + b;
}

I get the following disassembly listing:

int __cdecl sum(int a, int b)
{
004113B0  push        ebp  
004113B1  mov         ebp,esp 
004113B3  sub         esp,0C0h 
004113B9  push        ebx  
004113BA  push        esi  
004113BB  push        edi  
004113BC  lea         edi,[ebp-0C0h] 
004113C2  mov         ecx,30h 
004113C7  mov         eax,0CCCCCCCCh 
004113CC  rep stos    dword ptr es:[edi] 
    return a + b;
004113CE  mov         eax,dword ptr [a] 
004113D1  add         eax,dword ptr [b] 
}
004113D4  pop         edi  
004113D5  pop         esi  
004113D6  pop         ebx  
004113D7  mov         esp,ebp 
004113D9  pop         ebp  
004113DA  ret

There are some parts of the prolog I don't understand:

004113BC  lea         edi,[ebp-0C0h] 
004113C2  mov         ecx,30h 
004113C7  mov         eax,0CCCCCCCCh 
004113CC  rep stos    dword ptr es:[edi]

Why is this required?

EDIT:

After removing the /RTC compiler option, as was suggested, most of this code indeed went away. What remained is:

int __cdecl sum(int a, int b)
{
00411270  push        ebp  
00411271  mov         ebp,esp 
00411273  sub         esp,40h 
00411276  push        ebx  
00411277  push        esi  
00411278  push        edi  
    return a + b;
00411279  mov         eax,dword ptr [a] 
0041127C  add         eax,dword ptr [b] 
}

Now, why is the: sub esp, 40h needed? It's as if place is being allocated for local variables, though there aren't any. Why is the compiler doing this? Is there another flag involved?

+4  A: 

This code is emitted due to the /RTC compile option. It initializes all local variables in your function to a bit pattern that is highly likely to generate an access violation or to cause unusual output values. That helps you find out when you forgot to initialize a variable.

The extra space in the stack frame you see allocated is there to support the Edit + Continue feature. This space will be used when you edit the function while debugging and add more local variables. Change the /ZI option to /Zi to disable it.

Hans Passant  2010-01-16 11:21:10
That sounds like an explanation - but the function has no local variables!
Eli Bendersky  2010-01-16 11:24:35
@nobugz, please see my edit of the question
Eli Bendersky  2010-01-16 15:24:11
I updated my answer, below the line.
Hans Passant  2010-01-16 15:37:52
@nobugz: great, thanks a lot!
Eli Bendersky  2010-01-17 17:31:42
+3  A: 

and in any case of buffer overflow (if you would overwrite local variables) you will end up in a field of "int 3" opcodes:

int 3 ; 0xCC
int 3 ; 0xCC
int 3 ; 0xCC
int 3 ; 0xCC
int 3 ; 0xCC
int 3 ; 0xCC
...

that can be catched by the debugger, so you can fix your code

Bartosz Wójcik  2010-01-16 11:27:15
INT 3 is the debugger trap, but it must be executed by the CPU to really enter it, doesn't it? If I just trample over it without executing it doesn't matter that it's INT 3 - or am I misunderstanding this?
Eli Bendersky  2010-01-16 14:45:41
@Bartosz, please see my edit of the question
Eli Bendersky  2010-01-16 15:22:23

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS