Register expansion

Stack (SP&FP register)

A stack is a special way of accessing storage space. (First out last in, last in first out) Open space from high address to low address, as shown in the figure:

  • The SP register holds our address at the top of the stack at any given time
  • The FP register, also known as the X29 register, is one of the general-purpose registers, but at some point we use it to store the address at the bottom of the stack!

About memory read and write instructions

Data is read and written from high address!!

Note: Starting with ARM64, cancel 32-bit LDM, STM, PUSH, POP commands! Instead LDR (single), LDP (two), STR (single), STP (two), ARM64 stack operations are 16 bytes aligned!!

  • STR (store register) instructions

To read data out of a register and store it in memory.

  • STP instruction is a variant of STR instruction, which can operate two registers simultaneously.

  • LDR (load register) instructions

To read data from memory and store it in a register.

  • The LDP instruction is a variant of the LDR instruction that can operate two registers simultaneously.

Function call stack

Common function calls open stack and restore stack space

sub sp, sp, #0x80 ; STP x29, x30, [sp, #0x70]; Add x29, sp, #0x70; X29 points to the bottom of the stack frame... ldp x29, x30, [sp, #0x70] ; Add sp, sp, #0x80; Stack balance retCopy the code

Stack manipulation exercises

This program uses 32 bytes of space as the stack space, and then uses the stack to swap the values of X0 and x1.

sub sp,sp,#0x20 ; STP x0,x1,[sp,#0x10]; LDP x1,x0,[sp,#0x10]; Add sp,sp,#0x20; add sp,sp,#0x20; Restore stack balanceCopy the code

Bl instruction and RET instruction

Bl instruction

Place the address of the next instruction in the LR (X30) register and go to the label to execute the instruction

Ret instruction

The default value of lr(X30) register is used, and the underlying instruction prompts the CPU to use this as the next instruction address!

ARM64 platform feature instructions, it is optimized for hardware processing

Lr register

The LR register is the X30 register, also a general purpose register, which stores the return address of the function. When the RET instruction executes, it looks for the address value saved in the X30 register! Note: x30 needs to be pushed when the function is called in a nested way!! Otherwise there will be a dead loop can not jump out!!

The parameters and return values of the function
  • parameter

Under ARM64, function parameters are stored in the 8 registers X0 through X7(W0 through W7). If there are more than 8 parameters, they are pushed.

The OC method should have no more than 6 arguments because the OC method has two invisible arguments (id self, SEL _cmd).

  • The return value

The return value of the function is placed in the X0 register.