tags:

views:

238

answers:

4
+7  Q: 

a = -2147483648 - a; compiler optimization

Hello, I'm trying to learn how to reverse engineer software and all the tricks to understand how the code looks like before the compiler optimizations.

I found something like this several times:

    if (a < 0)
      a = -2147483648 - a;

I originally thought it was an abs(): a underflows so you get the positive value. But since a is negative (see the if), this is equivalent to:

    if (a < 0)
      a = -2147483648 + abs(a);

Which will be a very small negative number, and not the absolute value of a at all. What am I missing?

A: 

Maybe: http://en.wikipedia.org/wiki/Two%27s_complement ?

Mchl  2010-08-16 20:06:53
+6  A: 

It is converting the number so that bit 31 becomes a sign bit, and the rest bits (0...30) denotes the absolute magnitude. e.g. if a = -5, then after the operation it becomes 0x80000005.

KennyTM  2010-08-16 20:06:53
In other words it's a conversion from two's complement to sign magnitude. (I wonder where that's useful in a typical compiler.)
Gilles  2010-08-16 20:17:56
@Gilles: it may be the actual application code and not an optimization from the compiler. I just assumed it was an optimization because it looked like one.
Andreas Bonini  2010-08-16 20:19:17
Any suggestion why the reverse engineered software would be doing this often enough for the OP to notice it in particular? I was thinking about the possibility that this was part of a software conversion from int to IEEE 754 floating-point representation, but it seems to me that it would always be simpler to position the sign bit last in these cases.
Pascal Cuoq  2010-08-16 20:23:11
For integers which can be represented in this way having a number in this format would be very useful for printing out signed integers or getting ready to do multiplication or division on machines that can't do signed versions of those operations natively.
nategoose  2010-08-16 20:26:33
@Pascal: I don't know. We need more context from @Andreas.
KennyTM  2010-08-16 20:57:03
The part of the code I was looking at was a patching algorithm that uses a modified BSDIFF algorithm. I was trying to figure out the kind of modifications they did to that algorithm.
Andreas Bonini  2010-08-16 22:04:46
+4  A: 

It appears to be converting from 2's complement to sign-magnitude

BlueRaja - Danny Pflughoeft  2010-08-16 20:18:49
A: 

I sincerely hope that the original source said 0x80000000 and not -2147483648 ! The hex number at least gives the reader a clue. The decimal is very cryptic.

Jay  2010-08-16 21:12:44
Being it decompiled code, I have no way to know what the original source says. Also, this should be a comment.
Andreas Bonini  2010-08-17 01:53:52
That's why I said "I hope the original source ..." I presumed if you're decompiling that you don't have the original source.
Jay  2010-08-17 03:07:29

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS