Finding locations in machine code (gcc/objdump -d)

Question

If you have a particular line of C code in mind to examine in the machine output, how would you locate it in objdump output. Here is an example

if (cond)
   foo;
   bar();

and I want to see if bar was inlined as I'd like. Or would you use some alternative tool instead of objdump?

Answer 1

You can start objdump using the -S option (like "objdump -Sd a.out"). It will display the sourcecode intermixxed with the assembler code, if the source-files the code was compiled from are available.

Alternatively, you can use the following way:

int main(void) {
    int a = 0;
    asm("#");
    return a;
}

becomes

       .file   "a.c"
        .text
.globl main
        .type   main, @function
main:
        leal    4(%esp), %ecx
        andl    $-16, %esp
        pushl   -4(%ecx)
        pushl   %ebp
        movl    %esp, %ebp
        pushl   %ecx
        subl    $16, %esp
        movl    $0, -8(%ebp)
#APP
# 3 "a.c" 1
        #
# 0 "" 2
#NO_APP
        movl    -8(%ebp), %eax
        addl    $16, %esp
        popl    %ecx
        popl    %ebp
        leal    -4(%ecx), %esp
        ret
        .size   main, .-main
        .ident  "GCC: (GNU) 4.3.2"
        .section        .note.GNU-stack,"",@progbits

Answer 2

If you're compiling with gcc, you can use -S to generate an assembly file directly. This file usually has some useful information in it, including function names and sometimes line numbers for code (depending on the compile options you use).

Answer 3

You debugger should also let you see source code and matching assembly if you compiled with debug symbols. This is gcc option -g and gdb disass command.

Answer 4

Function calls are detected in the assembly by the common function prolog.

With i386 it is

  55      push %ebp
  89 e5   mov %esp, %ebp
  ...
  c9      leave # optional
  c3      ret

with amd64/x86_64 is is similar (just the quad prefix 48):

  55                    push   %rbp
  48 89 e5              mov    %rsp,%rbp
  ..
  c9                    leaveq # optional
  c3                    retq   

So when you detect that inside your objdump -S bla.o or gcc bla.c -g -fsave-temps -fverbose-asm output of your main function and for bar also, bar is not inlined. Also when main has a call or jump to bar it is not inlined.

In your case you could see if bar has local vars, which needs room on the local stack. If bar is inlined the stack adjust (e.g. sub $0x8,%esp) is done right after the main prolog, main could access that var. If not it is private to bar.