0

I am completing an assignment related to c programming and assembly language. Here is the simple c program : 

int multiply(int a, int b) {
    int k = 4; 
    int c,d, e;
    c = a*b ;
    d = a*b + k*c;
    return d;
}

And it's optimised assembly is 

_a$ = 8                                       ; size = 4
_b$ = 12                                                ; size = 4
_multiply PROC
        mov     eax, DWORD PTR _a$[esp-4]
        imul    eax, DWORD PTR _b$[esp-4]
        lea     eax, DWORD PTR [eax+eax*4]
        ret     0
_multiply ENDP

I want to know the value of eax register after this line of code in assembly 

lea     eax, DWORD PTR [eax+eax*4]

I know when add integers in assembly, it stores result in the destination. and when we multiply it stores in eax. so if I call the function multiply( 3 , 8 ), the value of eax register after that line should be 120. Am I correct?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
narayanpatra
  • 5,627
  • 13
  • 51
  • 60
  • 2
    Single step through the disassembly with a debugger and see for yourself? – Lundin Aug 21 '19 at 11:08
  • 1
    The value of `eax` after the execution of this instruction should equal `eax+eax*4` – ForceBru Aug 21 '19 at 11:09
  • 4
    If you think it through backwards, you can deduce it... the line before has `c` in `eax`, that is, the value of `a*b`. `d = a*b + c*4` is the same as `d = c + c*4` (the compiler is smart enough to figure this out). `lea eax, DWORD PTR [eax + eax*4]` loads `eax` with the value `eax + eax*4`, which is `c + c*4`, thus the desired return value of the function. I'd recommend, though, doing an interwebs search on `x86 lea instruction` as you'll find lots of information on what it does and why. – lurker Aug 21 '19 at 11:13
  • 3
    Is your question what the `lea` instruction does ? If so, refer to [What's the purpose of the LEA instruction?](https://stackoverflow.com/questions/1658294/whats-the-purpose-of-the-lea-instruction). – Sander De Dycker Aug 21 '19 at 11:14
  • *when we multiply it stores in eax*. No, that's only if you use one-operand `mul` or `imul`, and the result goes in EDX:EAX. When you use normal 2-operand `imul` it's just like `add`. You can do stuff like `imul esi, edi`. (It's faster because it doesn't have to write the high half anywhere, that's why this compiler, MSVC it looks like, chose to use `imul eax, [esp-4 + _b$]` instead of one-operand `imul dword ptr [esp-4 + _b$]`, even though it does already have the other operand in EAX and it would be safe to clobber EDX) – Peter Cordes Aug 21 '19 at 12:18
  • What are you confused about? Why would the answer *not* be exactly what you'd expect from the C source (https://godbolt.org/z/llPL8g shows an inlined caller), or from the asm? Obviously the compiler implements the C source correctly, and those inputs don't cause any C undefined behaviour (e.g. signed overflow), so what's the question? As you can see from the comments, people are having to guess about what kind of any might be useful. The way it's written, a one-word "yes" would be a complete answer to what you asked. That's usually a sign that it's not a useful or well-expressed question. – Peter Cordes Aug 21 '19 at 12:23
  • @PeterCordes : I hope you never end up in a witness box :) – mevets Aug 21 '19 at 17:16
  • @mevets: because the lawyers and judge would complain if I tried to clarify the question? Are we just supposed to assume that the question is about LEA when the only error in the question is the claim that multiply always puts the result in EAX? There are multiple canonical duplicates for LEA, so this question only has any reason for existing if it's about something else. But what? – Peter Cordes Aug 21 '19 at 18:30
  • @PeterCordes: yes. It was a well intended joke, I hope I didn't offend you. – mevets Aug 21 '19 at 19:04
  • @mevets: yeah, I got that you were joking, I just wasn't sure about which which part. Like answering a long but ultimately yes or no question with just a "yes"? Or the asking for clarification? I didn't take offense, but I thought you might be using that joke to suggest that some of my comments went too far or were being too hard on this question. If it was purely joking, then nevermind :P – Peter Cordes Aug 21 '19 at 19:37

1 Answers1

1

lea is "load effective address".

Instruction sets can have some quite complex multi-register address calculation modes that are generally used just for reading and writing data to memory, but lea allows the programmer to get the address that would be accessed by the instruction.

Effectively, it performs the calculation inside the bracket, returns that value - it doesn't access the memory (which is what bracket usually implies).

In this case it is being used as a quick way to multiply by 5, because the rest of the function has been optimised away!

Gem Taylor
  • 5,381
  • 1
  • 9
  • 27