1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
# test amd64 addressing modes
export
function w $f0(l %o) {
@start
%addr =l add $a, %o
%char =w loadub %addr
ret %char
}
export
function w $f1(l %o) {
@start
%o1 =l mul %o, 1
%addr =l add 10, %o1
%char =w loadub %addr
ret %char
}
export
function w $f2(l %o1, l %o2) {
@start
%o22 =l mul %o2, 2
%o =l add %o1, %o22
%addr =l add $a, %o
%char =w loadub %addr
ret %char
}
export
function l $f3(l %o) {
@start
%addr =l add %o, $a
ret %addr
}
export
function $f4() {
@start
storel $p, $p
ret
}
export
function $writeto0() {
@start
storel 0, 0
ret
}
# >>> driver
# #include <stdlib.h>
# #include <signal.h>
# char a[] = "qbe rocks";
# void *p;
# int ok;
# extern unsigned f0(long), f1(long), f2(long, long);
# extern char *f3(long);
# extern void f4(), writeto0();
# void h(int sig, siginfo_t *si, void *unused) {
# ok += si->si_addr == 0;
# exit(!(ok == 6));
# }
# int main() {
# struct sigaction sa = {.sa_flags=SA_SIGINFO, .sa_sigaction=h};
# sigemptyset(&sa.sa_mask); sigaction(SIGSEGV, &sa, 0);
# ok += f0(2) == 'e';
# ok += f1((long)a-5) == 'o';
# ok += f2(4, 2) == 's';
# ok += *f3(0) == 'q';
# f4();
# ok += p == &p;
# writeto0(); /* will segfault */
# }
# <<<
|