1.条件表达式
lvl == level - 1 ? last ? shape_pointer->four : shape_pointer->second : gvar_9470[lvl + 1] ? shape_pointer->three : shape_pointer->first
2.有种cmp比较相等时为1,如 a == b, je跳转,表达式值为1
反汇编代码抽取相关部分:
43cf: 48 8b 05 3a 4f 00 00 mov 0x4f3a(%rip),%rax # 9310 <age_to_color@@Base+0x30> // 9310=shape_pointer43d6: 41 39 ee cmp %ebp,%r14d // level-1 ?= lvl43d9: 0f 84 49 07 00 00 je 4b28 <__sprintf_chk@plt+0x23b8> // edi=last ? (shape_pointer->four):(shape_pointer->second), jump 4409 43df: 48 8b 15 8a 50 00 00 mov 0x508a(%rip),%rdx # 9470 <stderr@@GLIBC_2.2.5+0x50> // gvar_947043e6: 42 8b 54 22 04 mov 0x4(%rdx,%r12,1),%edx // edx=gvar_9470+lvl*4+0x4=gvar_9470[lvl+1]43eb: 85 d2 test %edx,%edx // edx ?= 043ed: 0f 84 05 06 00 00 je 49f8 <__sprintf_chk@plt+0x2288> // rbx=shape_pointer->first, jmpq 440943f3: 48 8b 58 10 mov 0x10(%rax),%rbx // rbx=shape_pointer->three43f7: eb 10 jmp 4409 <__sprintf_chk@plt+0x1c99>43f9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)4400: 48 83 c3 01 add $0x1,%rbx4404: e8 87 fb ff ff callq 3f90 <__sprintf_chk@plt+0x1820> // fun_3f90(const char ch)4409: 0f be 3b movsbl (%rbx),%edi // edi=gvar_9470[lvl+1] ? shape_pointer->three:shape_pointer->first// edi=last ? (shape_pointer->four):(shape_pointer->second), 440c: 40 84 ff test %dil,%dil440f: 75 ef jne 4400 <__sprintf_chk@plt+0x1c90>4411: 48 8d 45 01 lea 0x1(%rbp),%rax // rax=(rbp+0x1)=lvl++4415: 49 39 ef cmp %rbp,%r15 // rbp=lvl, r15=level-14418: 74 06 je 4420 <__sprintf_chk@plt+0x1cb0> // 跳出 if (leaf == 0)441a: 48 89 c5 mov %rax,%rbp // rbp=lvl441d: eb 81 jmp 43a0 <__sprintf_chk@plt+0x1c30>441f: 90 nop....49f8: 48 8b 18 mov (%rax),%rbx // rbx=shape_pointer->first49fb: e9 09 fa ff ff jmpq 4409 <__sprintf_chk@plt+0x1c99>....4b28: 8b 4c 24 10 mov 0x10(%rsp),%ecx // ecx=(rsp+0x10)=last4b2c: 85 c9 test %ecx,%ecx // last ?= 04b2e: 74 1c je 4b4c <__sprintf_chk@plt+0x23dc> // rbx=shape_pointer->second4b30: 48 8b 58 18 mov 0x18(%rax),%rbx // rbx=shape_pointer->four4b34: e9 d0 f8 ff ff jmpq 4409 <__sprintf_chk@plt+0x1c99>4b39: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)....4b4c: 48 8b 58 08 mov 0x8(%rax),%rbx // rbx=shape_pointer->second4b50: e9 b4 f8 ff ff jmpq 4409 <__sprintf_chk@plt+0x1c99>....说明:以上代码就是比条件表达式的运算,执行步骤化简为
lvl == level - 1 ? last ? shape_pointer->four : shape_pointer->second : gvar_9470[lvl + 1] ? shape_pointer->three : shape_pointer->first
= (0|1) ? (last ? shape_pointer->four : shape_pointer->second) : (gvar_9470[lvl + 1] ? shape_pointer->three : shape_pointer->first)
= (0|1) ? (shape_pointer->four|shape_pointer->second) : (shape_pointer->three|shape_pointer->first)
说明:以上代码就是比条件表达式的运算,执行步骤化简为
lvl == level - 1 ? last ? shape_pointer->four : shape_pointer->second : gvar_9470[lvl + 1] ? shape_pointer->three : shape_pointer->first
= (0|1) ? (last ? shape_pointer->four : shape_pointer->second) : (gvar_9470[lvl + 1] ? shape_pointer->three : shape_pointer->first)
= (0|1) ? (shape_pointer->four|shape_pointer->second) : (shape_pointer->three|shape_pointer->first)