phase 2
-
int sscanf(const char *str, const char *format, …) 从字符串读取格式化输入,str是函数检索数据的源
返回值:该函数返回成功匹配和赋值的个数。如果到达文件末尾或发生读错误,则返回 EOF。 -
function phase_2
注意mov(一般操作数)和lea的区别,mov -0x4(%rbx),%eax等价于%eax = M[%rbx-$4],而lea -0x4(%rbx),%eax等价于%eax = %rbx-4
Dump of assembler code for function phase_2:
0x0000000000400efc <+0>: push %rbp // 保存%rbp和%rbx
0x0000000000400efd <+1>: push %rbx
0x0000000000400efe <+2>: sub $0x28,%rsp // 分配栈空间
0x0000000000400f02 <+6>: mov %rsp,%rsi // arg2 = var0.addr
0x0000000000400f05 <+9>: callq 0x40145c <read_six_numbers>
0x0000000000400f0a <+14>: cmpl $0x1,(%rsp) // var1应为1,否则bomb
0x0000000000400f0e <+18>: je 0x400f30 <phase_2+52>
0x0000000000400f10 <+20>: callq 0x40143a <explode_bomb>
0x0000000000400f15 <+25>: jmp 0x400f30 <phase_2+52>
0x0000000000400f17 <+27>: mov -0x4(%rbx),%eax // %eax为%rbx对应var的上一个变量,如当%rbx = var1.addr,%eax = var0=M[%rbx-$4]
0x0000000000400f1a <+30>: add %eax,%eax // %eax = 2 * %eax = 2 * var[n-1]
0x0000000000400f1c <+32>: cmp %eax,(%rbx) // 如果%eax == M[%rbx]就成功,即var[n] == var[n-1] * 2
0x0000000000400f1e <+34>: je 0x400f25 <phase_2+41>
0x0000000000400f20 <+36>: callq 0x40143a <explode_bomb>
0x0000000000400f25 <+41>: add $0x4,%rbx // %rbx = var[n+1],下一个变量
0x0000000000400f29 <+45>: cmp %rbp,%rbx // 检查循环是否结束
0x0000000000400f2c <+48>: jne 0x400f17 <phase_2+27>
0x0000000000400f2e <+50>: jmp 0x400f3c <phase_2+64>
0x0000000000400f30 <+52>: lea 0x4(%rsp),%rbx // %rbx = var1.addr
0x0000000000400f35 <+57>: lea 0x18(%rsp),%rbp // %rbp = %rsp + $24作为循环的边界
0x0000000000400f3a <+62>: jmp 0x400f17 <phase_2+27>
0x0000000000400f3c <+64>: add $0x28,%rsp
- function read_six_numbers 读6个number到局部变量
Dump of assembler code for function read_six_numbers:
0x000000000040145c <+0>: sub $0x18,%rsp
0x0000000000401460 <+4>: mov %rsi,%rdx
0x0000000000401463 <+7>: lea 0x4(%rsi),%rcx
0x0000000000401467 <+11>: lea 0x14(%rsi),%rax
0x000000000040146b <+15>: mov %rax,0x8(%rsp)
0x0000000000401470 <+20>: lea 0x10(%rsi),%rax
0x0000000000401474 <+24>: mov %r