1.24. STRUCTURES
One more thing we spot easily is that instead of function epilogue, there is jump to another function’s
epilogue! Indeed, that was quite different function, not related in any way to ours, however, it has exactly
the same epilogue (probably because, it hold 5 local variables too ( 5 ∗4 = 0x 14 )).Also it is located nearby (take a look at the addresses).Indeed, it doesn’t matter which epilogue gets executed, if it works just as we need.Apparently, Keil decides to reuse a part of another function to economize.The epilogue takes 4 bytes while jump—only 2.ARM + Optimizing Xcode 4.6.3 (LLVM) (Thumb-2 mode)Listing 1.347: Optimizing Xcode 4.6.3 (LLVM) (Thumb-2 mode)
var_C = -0xCPUSH {R7,LR}
MOV R7, SP
SUB SP, SP, #4
MOV R9, R1 ; b
MOV R1, R0 ; a
MOVW R0, #0xF10 ; "a=%d; b=%d; c=%d; d=%d\n"
SXTB R1, R1 ; prepare a
MOVT.W R0, #0
STR R3, [SP,#0xC+var_C] ; place d to stack for printf()
ADD R0, PC ; format-string
SXTB R3, R2 ; prepare c
MOV R2, R9 ; b
BLX _printf
ADD SP, SP, #4
POP {R7,PC}SXTB(Signed Extend Byte) is analogous toMOVSXin x86. All the rest—just the same.MIPSListing 1.348: Optimizing GCC 4.4.5 (IDA)
1 f:
2
3 var_18 = -0x18
4 var_10 = -0x10
5 var_4 = -4
6 arg_0 = 0
7 arg_4 = 4
8 arg_8 = 8
9 arg_C = 0xC
10
11 ; $a0=s.a
12 ; $a1=s.b
13 ; $a2=s.c
14 ; $a3=s.d
15 lui $gp, (gnu_local_gp >> 16)
16 addiu $sp, -0x28
17 la $gp, (gnu_local_gp & 0xFFFF)
18 sw $ra, 0x28+var_4($sp)
19 sw $gp, 0x28+var_10($sp)
20 ; prepare byte from 32-bit big-endian integer:
21 sra $t0, $a0, 24
22 move $v1, $a1
23 ; prepare byte from 32-bit big-endian integer:
24 sra $v0, $a2, 24
25 lw $t9, (printf & 0xFFFF)($gp)
26 sw $a0, 0x28+arg_0($sp)
27 lui $a0, ($LC0 >> 16) # "a=%d; b=%d; c=%d; d=%d\n"
28 sw $a3, 0x28+var_18($sp)