Question: What is the exact meaning of the different arrow shapes in objdump output?

Question: What is the exact meaning of the different arrow shapes in objdump output?

[Anselm Schüler]

Hi, I have a question containing objdump output format.

When you pass --visualize-jumps to objdump you get fancy arrows, but
sometimes, when the arrows cross, it prints characters I don't know how
to interpret. Specifically, sometimes the arrows end with an X instead
of a > and sometimes arrows split on a > instead of a +.
What does this mean?


PS: I have previously attempted to send this exact message but received
neither a confirmation mail nor can I see the email in the archives. I
am interpreting this to mean that my message was dropped. My only
explanation for this is that your MAILING LIST BLOCKS MULTIPART OR HTML
EMAILS OR EMAILS WITH ATTACHMENTS. I consider this to be an
insane practice, and not merely because this practice is not disclosed
on the mailing list website (but that makes it all the more insane).
Consider supporting such emails, or, if no mailing list software
supports it, consider abandoning the mailing list format.

Re: Question: What is the exact meaning of the different arrow shapes in objdump output?

[Nick Clifton]

Hi Anselm,

> When you pass --visualize-jumps to objdump you get fancy arrows, but
> sometimes, when the arrows cross, it prints characters I don't know how
> to interpret. Specifically, sometimes the arrows end with an X instead
> of a > and sometimes arrows split on a > instead of a +.
> What does this mean?

Do you have an example of these effects that we could examine ?

Presumably the + character is meant to imply crossing lines and the X
character is meant to imply that multiple lines intersect at this
location.  But it is also entirely possible that you have run into a
bug and the visualization code is using the wrong characters.

Cheers
   Nick

Re: Question: What is the exact meaning of the different arrow shapes in objdump output?

[Anselm Schüler]

Hi,

I want to apologize for the pretentious message that I included 
underneath my original message.
While I personally agree with the sentiment approximately,
I have now realized that it is presumptuous and in bad form to claim to 
know better about the organization of a project.
I should have qualified or omitted that segment.

 > Presumably the + character is meant to imply crossing lines and the X
 > character is meant to imply that multiple lines intersect at this
 > location.

I want to clarify.

I usually see the characters + and > used for a line splitting and a 
line ending, respectively. This is common.

What I am having trouble understanding is that on some occasions, 
instead of a > as an arrowhead, an X is used.
This only occurs in the rightmost column that the ASCII art appears in, 
it certainly does not indicate lines crossing.
Usually lines crossing is indicated by simply prioritizing the vertical 
line (shown with a |).

Additionally I occasionally see > being used in place of + for a line 
splitting.

 > Do you have an example of these effects that we could examine ?

Here is an example of the mysterious sigils (the code snippet is 
produced by the -S flag,
it is not necessary to see these shapes):

   4017c2:       |              /-- 0f 85 05 00 00 00 jne    4017cd 
<parse_until+0x7d>
   4017c8:       |  /-----------|-- e9 93 00 00 00 jmp    401860 
<parse_until+0x110>
         for (; !(exit_loop = start >= end) && start - offset < len; 
start++) {
   4017cd:       |  |  /--------\-X e9 00 00 00 00 jmp    4017d2 
<parse_until+0x82>
   4017d2:       |  |  >----------> 31 c0                        xor    
%eax,%eax
   4017d4:       |  |  |            48 8b 4d b8 mov    -0x48(%rbp),%rcx

Additionally here is an example of the arrows working as I usually 
encounter them:

         return true;
   40220d:       |  |   c6 45 c7 01              movb $0x1,-0x39(%rbp)
   402211:       +--|-- e9 71 00 00 00           jmp    402287 
<parse_server_url+0x177>
   402216:       |  \-> 48 8d 3d f3 f0 ff ff     lea 
-0xf0d(%rip),%rdi        # 401310 <is_s>

 > But it is also entirely possible that you have run into a
 > bug and the visualization code is using the wrong characters.

After thinking some more about this, I believe this is not the case.
I am not sure so I would welcome denial or affirmation, but it seems 
that perhaps:

* The X indicates that there is an arrow starting at this location AND 
an arrow ending at this location
* The > indicates that an arrow is splitting in the other direction-that is,
   a + indicates that there are arrows joining to go to the same location,
   while a > indicates that an arrow is splitting and may arrive at 
different locations

I am particularly unsure of the interpretation of >,
as in my highly superficial understanding of x86 assembly I am not aware 
of a way jmp can have differing destinations
(except if the destination is derived from a register,
in which case I would not expect objdump to perform static analysis to 
figure out the destinations possible)

Another, more likely interpretation I have just now (while writing this) 
come up with is that > is used to clarify
that the destination is to the right of this join, and not above or 
below it. In particular, maybe it distinguishes as follows:

/--- ORIGIN 1     | /--- ORIGIN 1
|                 | |
+--- ORIGIN 2     | >--> DESTINATION
|                 | |
\--> DESTINATION  | \--- ORIGIN 2

Do you know if this or the other interpretation is correct?

If it is, this technically unnecessary distinction lends itself to an 
easy suggestion: Why not,
to aid quick legibility further, include an arrow to indicate the 
direction on other crossings as well?
I would suggest using a v to point down and a ^ to point up. For instance:

/--- ORIGIN 1     | /--- DESTINATION
|                 | ^
+--- ORIGIN 2     | +--- ORIGIN 1
v                 | |
\--> DESTINATION  | \--- ORIGIN 2

Of course this would not be available in the case that consecutive lines 
would use the same arrow.
In this case, perhaps replace the + with the v/^.


Apologies again,
Anselm

Re: Question: What is the exact meaning of the different arrow shapes in objdump output?

[Nick Clifton]

Hi Anselm,

> I want to apologize for the pretentious message that I included underneath my original message.
> While I personally agree with the sentiment approximately,
> I have now realized that it is presumptuous and in bad form to claim to know better about the organization of a project.
> I should have qualified or omitted that segment.

No worries.  I am always happy to try to answer people's questions
if I can.


> What I am having trouble understanding is that on some occasions, instead of a > as an arrowhead, an X is used.
> This only occurs in the rightmost column that the ASCII art appears in, it certainly does not indicate lines crossing.
> Usually lines crossing is indicated by simply prioritizing the vertical line (shown with a |).
> 
> Additionally I occasionally see > being used in place of + for a line splitting.
> 
>  > Do you have an example of these effects that we could examine ?
> 
> Here is an example of the mysterious sigils (the code snippet is produced by the -S flag,
> it is not necessary to see these shapes):
> 
>    4017c2:       |              /-- 0f 85 05 00 00 00 jne    4017cd <parse_until+0x7d>
>    4017c8:       |  /-----------|-- e9 93 00 00 00 jmp    401860 <parse_until+0x110>
>          for (; !(exit_loop = start >= end) && start - offset < len; start++) {
>    4017cd:       |  |  /--------\-X e9 00 00 00 00 jmp    4017d2 <parse_until+0x82>
>    4017d2:       |  |  >----------> 31 c0                        xor %eax,%eax
>    4017d4:       |  |  |            48 8b 4d b8 mov    -0x48(%rbp),%rcx

OK, I think that this one is easy to explain.  The X here indicates
that a branch both starts and finishes as this point.  Whilst the >
indicates that rather than two lines crossing perpendicularly, you
instead have two lines, one asceding one descending that meet and join
into a horizontal line.

Hmm, that is not the clearest of explanations, is it ?

How about this, if the disassembly was allowed to duplicate lines, then
the visualization might look like this instead:

     4017c2:       |              /-- 0f 85 05 00 00 00 jne    4017cd <parse_until+0x7d>
     4017c8:       |  /-----------|-- e9 93 00 00 00 jmp    401860 <parse_until+0x110>
     4017cd:       |  |           \-> e9 00 00 00 00 jmp    4017d2 <parse_until+0x82>
     4017d2:       |  |  /----------> 31 c0                        xor %eax,%eax
     4017d4:       |  |  |            48 8b 4d b8 mov    -0x48(%rbp),%rcx

     4017c2:       |                  0f 85 05 00 00 00 jne    4017cd <parse_until+0x7d>
     4017c8:       |  /-------------- e9 93 00 00 00 jmp    401860 <parse_until+0x110>
     4017cd:       |  |  /----------- e9 00 00 00 00 jmp    4017d2 <parse_until+0x82>
     4017d2:       |  |  \----------> 31 c0                        xor %eax,%eax
     4017d4:       |  |               48 8b 4d b8 mov    -0x48(%rbp),%rcx

So there is a jump from 4017c2 to 4017cd, plus a jump from 4017cd to 4017d2,
plus a jump from somewhere further on that ends up at 4017d2.




> Another, more likely interpretation I have just now (while writing this) come up with is that > is used to clarify
> that the destination is to the right of this join, and not above or below it. In particular, maybe it distinguishes as follows:
> 
> /--- ORIGIN 1     | /--- ORIGIN 1
> |                 | |
> +--- ORIGIN 2     | >--> DESTINATION
> |                 | |
> \--> DESTINATION  | \--- ORIGIN 2
> 
> Do you know if this or the other interpretation is correct?

[I really should have read all of your email first, before starting my reply above...]

I think that this second interpretation is the correct one.


> If it is, this technically unnecessary distinction lends itself to an easy suggestion: Why not,
> to aid quick legibility further, include an arrow to indicate the direction on other crossings as well?
> I would suggest using a v to point down and a ^ to point up. For instance:
> 
> /--- ORIGIN 1     | /--- DESTINATION
> |                 | ^
> +--- ORIGIN 2     | +--- ORIGIN 1
> v                 | |
> \--> DESTINATION  | \--- ORIGIN 2
> 
> Of course this would not be available in the case that consecutive lines would use the same arrow.
> In this case, perhaps replace the + with the v/^.

Well this would certainly be possible - if there is enough room for the direction
characters to be inserted.  But it does also seem to making the visualization code
even more complicated than it already is.  Given that the visualization is only
intended as an aid to understanding the disassembly and that arbitrarily complex
execution paths are always possible, I think that keeping the display simple is
probably for the best.  But that is just my opiion.  If you would care to create
a patch to implement the changes you have suggested I will be happy to review it.

Cheers
   Nick