Finding locations in machine code (gcc/objdump -d)
-
08-07-2019 - |
Question
If you have a particular line of C code in mind to examine in the machine output, how would you locate it in objdump output. Here is an example
if (cond)
foo;
bar();
and I want to see if bar was inlined as I'd like. Or would you use some alternative tool instead of objdump?
Solution
You can start objdump using the -S
option (like "objdump -Sd a.out"
). It will display the sourcecode intermixxed with the assembler code, if the source-files the code was compiled from are available.
Alternatively, you can use the following way:
int main(void) {
int a = 0;
asm("#");
return a;
}
becomes
.file "a.c"
.text
.globl main
.type main, @function
main:
leal 4(%esp), %ecx
andl $-16, %esp
pushl -4(%ecx)
pushl %ebp
movl %esp, %ebp
pushl %ecx
subl $16, %esp
movl $0, -8(%ebp)
#APP
# 3 "a.c" 1
#
# 0 "" 2
#NO_APP
movl -8(%ebp), %eax
addl $16, %esp
popl %ecx
popl %ebp
leal -4(%ecx), %esp
ret
.size main, .-main
.ident "GCC: (GNU) 4.3.2"
.section .note.GNU-stack,"",@progbits
OTHER TIPS
You debugger should also let you see source code and matching assembly if you compiled with debug symbols. This is gcc option -g and gdb disass command.
If you're compiling with gcc, you can use -S to generate an assembly file directly. This file usually has some useful information in it, including function names and sometimes line numbers for code (depending on the compile options you use).
Function calls are detected in the assembly by the common function prolog.
With i386 it is
55 push %ebp
89 e5 mov %esp, %ebp
...
c9 leave # optional
c3 ret
with amd64/x86_64 is is similar (just the quad prefix 48
):
55 push %rbp
48 89 e5 mov %rsp,%rbp
..
c9 leaveq # optional
c3 retq
So when you detect that inside your objdump -S bla.o
or
gcc bla.c -g -fsave-temps -fverbose-asm
output of your main function
and for bar also, bar is not inlined. Also when main has a call or jump
to bar it is not inlined.
In your case you could see if bar has local vars, which needs room on
the local stack. If bar is inlined the stack adjust (e.g. sub $0x8,%esp
)
is done right after the main prolog, main could access that var.
If not it is private to bar.