How does System V amd64 handle very long return values?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

I'm briefly studying the System V ABI for amd64 / x86-64 architecture, and am curious how it handles return values over 128 bits, where rax and rdx aren't enough.

I wrote the following C code on Ubuntu 18.04 64-bit (more generally, any amd64 POSIX-compliant system):

struct big {

    long long a, b, c, d;

};



struct big bigfunc(void) {

    struct big r = {12, 34, 56, 78};

    return r;

}

Compiled it as gcc -S -masm=intel t.c, and inspected t.s:

        .file   "t.c"

        .intel_syntax noprefix

        .text

        .globl  bigfunc

        .type   bigfunc, @function

bigfunc:

.LFB0:

        .cfi_startproc

        mov     QWORD PTR -40[rsp], rdi

        mov     QWORD PTR -32[rsp], 12

        mov     QWORD PTR -24[rsp], 34

        mov     QWORD PTR -16[rsp], 56

        mov     QWORD PTR -8[rsp], 78

        mov     rcx, QWORD PTR -40[rsp]

        mov     rax, QWORD PTR -32[rsp]

        mov     rdx, QWORD PTR -24[rsp]

        mov     QWORD PTR [rcx], rax

        mov     QWORD PTR 8[rcx], rdx

        mov     rax, QWORD PTR -16[rsp]

        mov     rdx, QWORD PTR -8[rsp]

        mov     QWORD PTR 16[rcx], rax

        mov     QWORD PTR 24[rcx], rdx

        mov     rax, QWORD PTR -40[rsp]

        ret

        .cfi_endproc

.LFE0:

        .size   bigfunc, .-bigfunc

        .ident  "GCC: (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0"

        .section        .note.GNU-stack,"",@progbits

No surprise that the struct definition doesn't compile into any instructions, so the output only contains function bigfunc. The output assembly looks pretty straightforward, allocating memory from stack for struct big r and assign initial values, and returning it.

If I am understanding correctly, before ret is executed, register rax contains the value of rdi at the beginning of the function call (from QWORD PTR -40[rbp]). According to SysV, rdi is the first argument supplied to the function, which is impossible because the function accepts no arguments. So I have a few questions here:

What is rdi when the function bigfunc takes no arguments?

What is rax (as the register that contains return value), when rdx is not touched in this function?

How does the function return this 256-bit C structure?

asked Jan 3 at 13:08

iBug

21.5k64167

1

This code would be much easier to understand if you enabled optimisations. TL;DR: as specified in the ABI document, structures are returned by passing a pointer to the structure as a hidden first argument.

– fuz
Jan 3 at 13:10

@fuz Skimmed through the menu but didn't find the keyword "return value". Mind pointing out the section number? Thanks.

– iBug
Jan 3 at 13:11

It may not be in the amd64-specific document - this is a general rule that applies to all architectures.

– Wumpus Q. Wumbley
Jan 3 at 13:15

@iBug See page 22. It's all part of §3.2.3.

– fuz
Jan 3 at 13:22

@WumpusQ.Wumbley: what? it's up to each calling convention/ABI on each architecture to specify how large objects are returned. e.g. if multiple registers are used before falling back to memory, and if memory whether to pass a hidden pointer (usually as a first arg, but details need to be specified; it could pass in a register that's normally not an arg-passing register) or to leave the value on the stack (kind of the opposite of callee-pops for args), or whatever.

– Peter Cordes
Jan 3 at 13:58

|
show 1 more comment

I'm briefly studying the System V ABI for amd64 / x86-64 architecture, and am curious how it handles return values over 128 bits, where rax and rdx aren't enough.

I wrote the following C code on Ubuntu 18.04 64-bit (more generally, any amd64 POSIX-compliant system):

struct big {

    long long a, b, c, d;

};



struct big bigfunc(void) {

    struct big r = {12, 34, 56, 78};

    return r;

}

Compiled it as gcc -S -masm=intel t.c, and inspected t.s:

        .file   "t.c"

        .intel_syntax noprefix

        .text

        .globl  bigfunc

        .type   bigfunc, @function

bigfunc:

.LFB0:

        .cfi_startproc

        mov     QWORD PTR -40[rsp], rdi

        mov     QWORD PTR -32[rsp], 12

        mov     QWORD PTR -24[rsp], 34

        mov     QWORD PTR -16[rsp], 56

        mov     QWORD PTR -8[rsp], 78

        mov     rcx, QWORD PTR -40[rsp]

        mov     rax, QWORD PTR -32[rsp]

        mov     rdx, QWORD PTR -24[rsp]

        mov     QWORD PTR [rcx], rax

        mov     QWORD PTR 8[rcx], rdx

        mov     rax, QWORD PTR -16[rsp]

        mov     rdx, QWORD PTR -8[rsp]

        mov     QWORD PTR 16[rcx], rax

        mov     QWORD PTR 24[rcx], rdx

        mov     rax, QWORD PTR -40[rsp]

        ret

        .cfi_endproc

.LFE0:

        .size   bigfunc, .-bigfunc

        .ident  "GCC: (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0"

        .section        .note.GNU-stack,"",@progbits

What is rdi when the function bigfunc takes no arguments?

What is rax (as the register that contains return value), when rdx is not touched in this function?

How does the function return this 256-bit C structure?

asked Jan 3 at 13:08

iBug

21.5k64167

1

This code would be much easier to understand if you enabled optimisations. TL;DR: as specified in the ABI document, structures are returned by passing a pointer to the structure as a hidden first argument.

– fuz
Jan 3 at 13:10

@fuz Skimmed through the menu but didn't find the keyword "return value". Mind pointing out the section number? Thanks.

– iBug
Jan 3 at 13:11

It may not be in the amd64-specific document - this is a general rule that applies to all architectures.

– Wumpus Q. Wumbley
Jan 3 at 13:15

@iBug See page 22. It's all part of §3.2.3.

– fuz
Jan 3 at 13:22

@WumpusQ.Wumbley: what? it's up to each calling convention/ABI on each architecture to specify how large objects are returned. e.g. if multiple registers are used before falling back to memory, and if memory whether to pass a hidden pointer (usually as a first arg, but details need to be specified; it could pass in a register that's normally not an arg-passing register) or to leave the value on the stack (kind of the opposite of callee-pops for args), or whatever.

– Peter Cordes
Jan 3 at 13:58

|
show 1 more comment

I'm briefly studying the System V ABI for amd64 / x86-64 architecture, and am curious how it handles return values over 128 bits, where rax and rdx aren't enough.

I wrote the following C code on Ubuntu 18.04 64-bit (more generally, any amd64 POSIX-compliant system):

struct big {

    long long a, b, c, d;

};



struct big bigfunc(void) {

    struct big r = {12, 34, 56, 78};

    return r;

}

Compiled it as gcc -S -masm=intel t.c, and inspected t.s:

        .file   "t.c"

        .intel_syntax noprefix

        .text

        .globl  bigfunc

        .type   bigfunc, @function

bigfunc:

.LFB0:

        .cfi_startproc

        mov     QWORD PTR -40[rsp], rdi

        mov     QWORD PTR -32[rsp], 12

        mov     QWORD PTR -24[rsp], 34

        mov     QWORD PTR -16[rsp], 56

        mov     QWORD PTR -8[rsp], 78

        mov     rcx, QWORD PTR -40[rsp]

        mov     rax, QWORD PTR -32[rsp]

        mov     rdx, QWORD PTR -24[rsp]

        mov     QWORD PTR [rcx], rax

        mov     QWORD PTR 8[rcx], rdx

        mov     rax, QWORD PTR -16[rsp]

        mov     rdx, QWORD PTR -8[rsp]

        mov     QWORD PTR 16[rcx], rax

        mov     QWORD PTR 24[rcx], rdx

        mov     rax, QWORD PTR -40[rsp]

        ret

        .cfi_endproc

.LFE0:

        .size   bigfunc, .-bigfunc

        .ident  "GCC: (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0"

        .section        .note.GNU-stack,"",@progbits

What is rdi when the function bigfunc takes no arguments?

What is rax (as the register that contains return value), when rdx is not touched in this function?

How does the function return this 256-bit C structure?

asked Jan 3 at 13:08

iBug

21.5k64167

I'm briefly studying the System V ABI for amd64 / x86-64 architecture, and am curious how it handles return values over 128 bits, where rax and rdx aren't enough.

I wrote the following C code on Ubuntu 18.04 64-bit (more generally, any amd64 POSIX-compliant system):

struct big {

    long long a, b, c, d;

};



struct big bigfunc(void) {

    struct big r = {12, 34, 56, 78};

    return r;

}

Compiled it as gcc -S -masm=intel t.c, and inspected t.s:

        .file   "t.c"

        .intel_syntax noprefix

        .text

        .globl  bigfunc

        .type   bigfunc, @function

bigfunc:

.LFB0:

        .cfi_startproc

        mov     QWORD PTR -40[rsp], rdi

        mov     QWORD PTR -32[rsp], 12

        mov     QWORD PTR -24[rsp], 34

        mov     QWORD PTR -16[rsp], 56

        mov     QWORD PTR -8[rsp], 78

        mov     rcx, QWORD PTR -40[rsp]

        mov     rax, QWORD PTR -32[rsp]

        mov     rdx, QWORD PTR -24[rsp]

        mov     QWORD PTR [rcx], rax

        mov     QWORD PTR 8[rcx], rdx

        mov     rax, QWORD PTR -16[rsp]

        mov     rdx, QWORD PTR -8[rsp]

        mov     QWORD PTR 16[rcx], rax

        mov     QWORD PTR 24[rcx], rdx

        mov     rax, QWORD PTR -40[rsp]

        ret

        .cfi_endproc

.LFE0:

        .size   bigfunc, .-bigfunc

        .ident  "GCC: (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0"

        .section        .note.GNU-stack,"",@progbits

What is rdi when the function bigfunc takes no arguments?

What is rax (as the register that contains return value), when rdx is not touched in this function?

How does the function return this 256-bit C structure?

assembly posix return-value x86-64 abi

asked Jan 3 at 13:08

iBug

21.5k64167

asked Jan 3 at 13:08

iBug

21.5k64167

asked Jan 3 at 13:08

iBug

21.5k64167

asked Jan 3 at 13:08

iBug

21.5k64167

asked Jan 3 at 13:08

iBug

21.5k64167

1

This code would be much easier to understand if you enabled optimisations. TL;DR: as specified in the ABI document, structures are returned by passing a pointer to the structure as a hidden first argument.

– fuz
Jan 3 at 13:10

@fuz Skimmed through the menu but didn't find the keyword "return value". Mind pointing out the section number? Thanks.

– iBug
Jan 3 at 13:11

It may not be in the amd64-specific document - this is a general rule that applies to all architectures.

– Wumpus Q. Wumbley
Jan 3 at 13:15

@iBug See page 22. It's all part of §3.2.3.

– fuz
Jan 3 at 13:22

@WumpusQ.Wumbley: what? it's up to each calling convention/ABI on each architecture to specify how large objects are returned. e.g. if multiple registers are used before falling back to memory, and if memory whether to pass a hidden pointer (usually as a first arg, but details need to be specified; it could pass in a register that's normally not an arg-passing register) or to leave the value on the stack (kind of the opposite of callee-pops for args), or whatever.

– Peter Cordes
Jan 3 at 13:58

|
show 1 more comment

1

This code would be much easier to understand if you enabled optimisations. TL;DR: as specified in the ABI document, structures are returned by passing a pointer to the structure as a hidden first argument.

– fuz
Jan 3 at 13:10

@fuz Skimmed through the menu but didn't find the keyword "return value". Mind pointing out the section number? Thanks.

– iBug
Jan 3 at 13:11

It may not be in the amd64-specific document - this is a general rule that applies to all architectures.

– Wumpus Q. Wumbley
Jan 3 at 13:15

@iBug See page 22. It's all part of §3.2.3.

– fuz
Jan 3 at 13:22

@WumpusQ.Wumbley: what? it's up to each calling convention/ABI on each architecture to specify how large objects are returned. e.g. if multiple registers are used before falling back to memory, and if memory whether to pass a hidden pointer (usually as a first arg, but details need to be specified; it could pass in a register that's normally not an arg-passing register) or to leave the value on the stack (kind of the opposite of callee-pops for args), or whatever.

– Peter Cordes
Jan 3 at 13:58

This code would be much easier to understand if you enabled optimisations. TL;DR: as specified in the ABI document, structures are returned by passing a pointer to the structure as a hidden first argument.

– fuz
Jan 3 at 13:10

@fuz Skimmed through the menu but didn't find the keyword "return value". Mind pointing out the section number? Thanks.

– iBug
Jan 3 at 13:11

It may not be in the amd64-specific document - this is a general rule that applies to all architectures.

– Wumpus Q. Wumbley
Jan 3 at 13:15

@iBug See page 22. It's all part of §3.2.3.

– fuz
Jan 3 at 13:22

@WumpusQ.Wumbley: what? it's up to each calling convention/ABI on each architecture to specify how large objects are returned. e.g. if multiple registers are used before falling back to memory, and if memory whether to pass a hidden pointer (usually as a first arg, but details need to be specified; it could pass in a register that's normally not an arg-passing register) or to leave the value on the stack (kind of the opposite of callee-pops for args), or whatever.

– Peter Cordes
Jan 3 at 13:58

|
show 1 more comment

1 Answer
1

active

oldest

votes

According to the ABI (1) ,page 22

If the type has class MEMORY, then the caller provides space for the return
value and passes the address of this storage in %rdi as if it were the first
argument to the function. In effect, this address becomes a “hidden” first ar-
gument. This storage must not overlap any data visible to the callee through
other names than this argument.
On return %rax will contain the address that has been passed in by the
caller in %rdi

Page 17, 18 and 19 describes the classifications, I beliveve
the following on page 19 is the clause designating your struct big as a MEMORY class.

(c) If the size of the aggregate exceeds two eightbytes and the first
eight- byte isn’t SSE or any other eightbyte isn’t SSEUP, the whole
argument is passed in memory.

i.e. the caller have to allocate memory for the return value, and pass a pointer to that memory in %rdi (and the called function returns that same address in %rax)

(1) there's newer offical versions of the ABI at https://github.com/hjl-tools/x86-psABI/wiki/X86-psABI , though the links arn't currently working properly.

edited Jan 3 at 13:31

answered Jan 3 at 13:21

nos

178k43326434

The struct big in my example is exactly 4 eightbytes, can you address that?

– iBug
Jan 3 at 13:22

See the updates. You likely have to read page 17,18 and 19 to view the rules yourself, they are not that straight forward.

– nos
Jan 3 at 13:32

OK then, thanks for this answer.

– iBug
Jan 3 at 13:32

add a comment |

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54022944%2fhow-does-system-v-amd64-handle-very-long-return-values%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

According to the ABI (1) ,page 22

If the type has class MEMORY, then the caller provides space for the return
value and passes the address of this storage in %rdi as if it were the first
argument to the function. In effect, this address becomes a “hidden” first ar-
gument. This storage must not overlap any data visible to the callee through
other names than this argument.
On return %rax will contain the address that has been passed in by the
caller in %rdi

Page 17, 18 and 19 describes the classifications, I beliveve
the following on page 19 is the clause designating your struct big as a MEMORY class.

(c) If the size of the aggregate exceeds two eightbytes and the first
eight- byte isn’t SSE or any other eightbyte isn’t SSEUP, the whole
argument is passed in memory.

i.e. the caller have to allocate memory for the return value, and pass a pointer to that memory in %rdi (and the called function returns that same address in %rax)

(1) there's newer offical versions of the ABI at https://github.com/hjl-tools/x86-psABI/wiki/X86-psABI , though the links arn't currently working properly.

edited Jan 3 at 13:31

answered Jan 3 at 13:21

nos

178k43326434

The struct big in my example is exactly 4 eightbytes, can you address that?

– iBug
Jan 3 at 13:22

See the updates. You likely have to read page 17,18 and 19 to view the rules yourself, they are not that straight forward.

– nos
Jan 3 at 13:32

OK then, thanks for this answer.

– iBug
Jan 3 at 13:32

add a comment |

According to the ABI (1) ,page 22

If the type has class MEMORY, then the caller provides space for the return
value and passes the address of this storage in %rdi as if it were the first
argument to the function. In effect, this address becomes a “hidden” first ar-
gument. This storage must not overlap any data visible to the callee through
other names than this argument.
On return %rax will contain the address that has been passed in by the
caller in %rdi

Page 17, 18 and 19 describes the classifications, I beliveve
the following on page 19 is the clause designating your struct big as a MEMORY class.

(c) If the size of the aggregate exceeds two eightbytes and the first
eight- byte isn’t SSE or any other eightbyte isn’t SSEUP, the whole
argument is passed in memory.

i.e. the caller have to allocate memory for the return value, and pass a pointer to that memory in %rdi (and the called function returns that same address in %rax)

(1) there's newer offical versions of the ABI at https://github.com/hjl-tools/x86-psABI/wiki/X86-psABI , though the links arn't currently working properly.

edited Jan 3 at 13:31

answered Jan 3 at 13:21

nos

178k43326434

The struct big in my example is exactly 4 eightbytes, can you address that?

– iBug
Jan 3 at 13:22

See the updates. You likely have to read page 17,18 and 19 to view the rules yourself, they are not that straight forward.

– nos
Jan 3 at 13:32

OK then, thanks for this answer.

– iBug
Jan 3 at 13:32

add a comment |

According to the ABI (1) ,page 22

If the type has class MEMORY, then the caller provides space for the return
value and passes the address of this storage in %rdi as if it were the first
argument to the function. In effect, this address becomes a “hidden” first ar-
gument. This storage must not overlap any data visible to the callee through
other names than this argument.
On return %rax will contain the address that has been passed in by the
caller in %rdi

Page 17, 18 and 19 describes the classifications, I beliveve
the following on page 19 is the clause designating your struct big as a MEMORY class.

(c) If the size of the aggregate exceeds two eightbytes and the first
eight- byte isn’t SSE or any other eightbyte isn’t SSEUP, the whole
argument is passed in memory.

i.e. the caller have to allocate memory for the return value, and pass a pointer to that memory in %rdi (and the called function returns that same address in %rax)

(1) there's newer offical versions of the ABI at https://github.com/hjl-tools/x86-psABI/wiki/X86-psABI , though the links arn't currently working properly.

edited Jan 3 at 13:31

answered Jan 3 at 13:21

nos

178k43326434

According to the ABI (1) ,page 22

If the type has class MEMORY, then the caller provides space for the return
value and passes the address of this storage in %rdi as if it were the first
argument to the function. In effect, this address becomes a “hidden” first ar-
gument. This storage must not overlap any data visible to the callee through
other names than this argument.
On return %rax will contain the address that has been passed in by the
caller in %rdi

Page 17, 18 and 19 describes the classifications, I beliveve
the following on page 19 is the clause designating your struct big as a MEMORY class.

(c) If the size of the aggregate exceeds two eightbytes and the first
eight- byte isn’t SSE or any other eightbyte isn’t SSEUP, the whole
argument is passed in memory.

i.e. the caller have to allocate memory for the return value, and pass a pointer to that memory in %rdi (and the called function returns that same address in %rax)

(1) there's newer offical versions of the ABI at https://github.com/hjl-tools/x86-psABI/wiki/X86-psABI , though the links arn't currently working properly.

edited Jan 3 at 13:31

answered Jan 3 at 13:21

nos

178k43326434

edited Jan 3 at 13:31

answered Jan 3 at 13:21

nos

178k43326434

answered Jan 3 at 13:21

nos

178k43326434

answered Jan 3 at 13:21

nos

178k43326434

The struct big in my example is exactly 4 eightbytes, can you address that?

– iBug
Jan 3 at 13:22

See the updates. You likely have to read page 17,18 and 19 to view the rules yourself, they are not that straight forward.

– nos
Jan 3 at 13:32

OK then, thanks for this answer.

– iBug
Jan 3 at 13:32

add a comment |

The struct big in my example is exactly 4 eightbytes, can you address that?

– iBug
Jan 3 at 13:22

See the updates. You likely have to read page 17,18 and 19 to view the rules yourself, they are not that straight forward.

– nos
Jan 3 at 13:32

OK then, thanks for this answer.

– iBug
Jan 3 at 13:32

The struct big in my example is exactly 4 eightbytes, can you address that?

– iBug
Jan 3 at 13:22

See the updates. You likely have to read page 17,18 and 19 to view the rules yourself, they are not that straight forward.

– nos
Jan 3 at 13:32

OK then, thanks for this answer.

– iBug
Jan 3 at 13:32

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

Search This Blog

Ufyukyu