ASM 约束副作用

Question

I'm having a hard time understanding some effects of some specific constraints in GCC for inline-assembly.

I the below example, if I run with "=X" on the output and "X" on all the inputs, the 2 prints output

0x562f39629260, 100

0x14, 100

Which indicates that the pointer to the buffer that I allocated has changed. Leading to a Segfault is a try to read the content of the buffer after my assembly code.

On the contrary, If i put "+X" on the output or "m" in the inputs then the addresses stay the same, the prints output:

0x55571bb83260, 100

0x55571bb83260, 100

And I can safely read my buffer without segfaulting.

I don't understand how or why this pointer should/could be modified? Is there a way to safely choose constraints? The gcc online documentation does not give much insight on this.

Thanks a lot,

int main() {
    long size = 100;
    char * buffer = (char*)malloc(size*sizeof(char));

    printf("%p, %d\n",buffer, size);

    __asm__(
    "mov %[out], %%rcx \n"
    "mov %[size], %%rbx \n"
    "loop: \n"
    "movb $1, (%%rcx) \n"
    "add $1, %%rcx \n"
    "sub $1, %%rbx \n"
    "jnz loop \n"
    : "=X"(buffer) //outputs
    : [out]"X"(buffer), [size]"X"(size) //inputs
    : "rbx", "rcx" //clobbers
    );

    printf("%p, %d\n",buffer, size);

    return 0;
}

Answer 1

The = in =X means this is an OUTPUT ONLY constraint (as opposed to an update constraint with + ). This means that the assembly code is expected to to write something to the operand (to %0 ) and that will ben the value that is output. But since your assembler code never writes to %0 , you get whatever garbage happens to be in that location (probably a register that the register allocator picked).

Try adding a mov %%rcx,%0 line to the asm code to see what actually happens.

Most likely what you really want is something more like:

__asm__ volatile (
"mov %[size], %%rbx \n"
"loop: \n"
"movb $1, (%[out]) \n"
"add $1, %[out] \n"
"sub $1, %%rbx \n"
"jnz loop \n"
: [out]"+r"(buffer) //outputs
: [size]"X"(size) //inputs
: "rbx", "memory" //clobbers
);

Note that this leaves buffer pointing after the inserted values (at the end of the buffer) -- not clear if that is what you want. You can do the same with size, making it even simpler:

__asm__ volatile (
"loop: \n"
"movb $1, (%[out]) \n"
"add $1, %[out] \n"
"sub $1, %[size] \n"
"jnz loop \n"
: [out]"+r"(buffer), [size]"+X"(size) //outputs
: //inputs
: "memory" //clobbers
);

Though it would be even simpler (and better for the optimizer) to not use asm at all:

do { *buffer++ = '\1'; } while (--size);

---

So to summarize all the comments below, what you might want is something like:

long size = 100;
char buffer[100];
char *temp;
__asm__(
"loop: \n"
"movb $1, (%[out]) \n"
"add $1, %[out] \n"
"sub $1, %[size] \n"
"jnz loop \n"
: [out]"=r"(temp), [size]"+X"(size), "=m"(buffer) //outputs
: "0"(buffer) // inputs
)  // no clobbers

• using an "=m" constraint on the entire buffer instead of a memory clobbers and volatile means that it can be dead-code eliminated if none of the results are used
• using a temp for the pointer being advanced over the buffer means the original buffer (start) value can be preserved.
• if you must use malloc for the buffer "=m"(*(char (*)[100])buffer) can be used to get the constraint on the entire buffer.

Hoever, I stand by my earlier comment that writing it without asm is better; it's simpler and easier to understand and the compiler's optimizer will probably vectorize it for you.