Chapter 1 Quiz: Why Assembly Language?
15 questions covering the compilation pipeline, what assembly is, and why it matters.
Multiple Choice
1. What is the correct order of stages in the GCC compilation pipeline?
A) Assembler → Preprocessor → Compiler → Linker B) Preprocessor → Compiler → Assembler → Linker C) Compiler → Preprocessor → Linker → Assembler D) Preprocessor → Assembler → Compiler → Linker
2. The objdump -d command is used to:
A) Display the ELF file header information B) Disassemble an executable or object file, showing machine instructions C) List the symbol table of an object file D) Link object files into an executable
3. In the x86-64 sum_array example from the chapter, the compiler replaced mov eax, 0 with xor eax, eax in the optimized version. The primary reason for this is:
A) xor eax, eax is logically clearer
B) xor eax, eax encodes in fewer bytes and benefits from microarchitectural "zero idiom" recognition
C) mov eax, 0 does not zero the full 64-bit register
D) xor eax, eax is supported on more CPU generations
4. Which of the following is NOT a valid reason a security researcher needs assembly language knowledge?
A) Writing exploit payloads that chain together short instruction sequences B) Analyzing malware that has been stripped of debug symbols C) Understanding what code a compiler generates for a given C pattern D) Compiling exploit code faster than high-level language compilers
5. The syscall instruction in x86-64 Linux transfers control to:
A) The C library's system call wrapper in libc.so
B) The dynamic linker (ld.so)
C) The operating system kernel
D) The _start function in the executable
6. In x86-64 Linux, which register holds the system call number before the syscall instruction?
A) RDI B) RSI C) RAX D) RCX
7. An x86-64 instruction can be at most how many bytes long?
A) 8 bytes B) 10 bytes C) 15 bytes D) There is no maximum
8. Which compiler flag produces an assembly language (.s) file as output without assembling it?
A) gcc -c
B) gcc -E
C) gcc -S
D) gcc -o
9. The file produced by the assembler (as) and consumed by the linker (ld) is called a(n):
A) Executable B) Object file C) Shared library D) Preprocessed source
10. ARM64 (AArch64) uses fixed-width 32-bit instructions, while x86-64 uses variable-length instructions from 1-15 bytes. What is a practical consequence of ARM64's fixed-width encoding?
A) ARM64 cannot encode immediate values in instructions B) ARM64 code is always larger than equivalent x86-64 code C) An ARM64 disassembler always knows where instruction boundaries are; an x86-64 disassembler must decode sequentially D) ARM64 runs all instructions faster than x86-64 equivalents
True/False
11. A C program compiled with -O0 (no optimization) will always run faster than one compiled with -O2 (standard optimization), because -O0 produces more straightforward instruction sequences.
True / False
12. The readelf and objdump tools can be used on ARM64 binaries on an x86-64 machine without any special setup (they handle both architectures).
True / False
13. When GCC compiles a simple function like int add(int a, int b) { return a+b; } with -O2, it may eliminate the function entirely and compute the result at compile time if the arguments are constant.
True / False
Short Answer
14. The chapter says "the machine does exactly what you tell it." In one or two sentences, explain what practical implication this has for debugging assembly code compared to debugging Python or JavaScript.
15. A student argues: "I use Python for everything, so I never need to understand assembly. Python handles all the low-level details for me." Give a specific, concrete scenario where a Python programmer would benefit from understanding assembly language, and explain why the assembly knowledge would help in that specific situation.
Bonus (Ungraded)
B1. The ELF magic bytes are 7f 45 4c 46. What do bytes 2, 3, and 4 spell in ASCII? What does this abbreviation stand for?
B2. The chapter mentions that x86-64 grew from x86, which grew from the 8086 (1978). What is one specific aspect of x86-64 assembly that you can directly attribute to this backward-compatibility requirement? (Hint: think about the register names.)