Chapter 40 Quiz: Your Assembly Future

Open Assembly Language Project

Chapter 40 Quiz: Your Assembly Future

Instructions: These questions review key concepts from across the book. ⭐ marks questions with answers in Appendix B. All questions are fair game from any chapter.

Question 1 ⭐ What is the encoding of mov rbp, rsp in x86-64?

A) 48 89 EC B) 48 89 E5 C) 48 8B EC D) 48 8B E5

Question 2 A function compiled with -fstack-protector-strong reads from fs:0x28 in the prologue. What is this?

A) The address of the stack frame B) The thread-local stack canary value C) A pointer to the GOT D) The saved RBP value

Question 3 ⭐ Which register holds the return address in ARM64 after a BL (Branch and Link) instruction?

A) X0 B) X8 C) X29 (FP) D) X30 (LR)

Question 4 In x86-64 SIMD, vaddps ymm0, ymm1, ymm2 adds:

A) One 32-bit float from YMM1 to one from YMM2, stores in YMM0 B) Eight 32-bit floats from YMM1 to eight from YMM2, stores in YMM0 C) Sixteen 32-bit floats using AVX-512 D) The 64-bit high and low halves of YMM1 and YMM2 as separate operations

Question 5 ⭐ The CPUID instruction is used for:

A) Identifying which process is currently executing B) Querying CPU features and capabilities at runtime C) Generating hardware random numbers D) Measuring CPU cycle count

Question 6 What does the LOCK prefix do in lock cmpxchg [mem], rbx?

A) Prevents other threads from executing while this instruction runs B) Guarantees the read-modify-write sequence is atomic at the bus/cache level C) Locks the page table entry for the accessed memory D) Disables hardware interrupts during the instruction

Question 7 ⭐ What is the red zone in the System V AMD64 ABI?

A) The area of the stack used for spilled registers B) The 128 bytes below RSP that leaf functions can use without adjusting RSP C) A guard page that causes SIGSEGV on overflow D) The stack space reserved for signal handlers

Question 8 A function that ends with jmp _other_function instead of call _other_function; ret is using:

A) An indirect function call B) A tail call optimization C) A virtual dispatch D) A computed goto

Question 9 ⭐ The instruction movzx eax, BYTE PTR [rbx] does:

A) Move a byte from [rbx] to AL, zero-extending to fill EAX B) Move a zero to [rbx] C) Move a byte from [rbx] to EAX, sign-extending D) Exchange EAX with the byte at [rbx]

Question 10 Which system call is needed to make JIT-compiled code executable on Linux?

A) mmap with PROT_EXEC B) mprotect with PROT_READ | PROT_EXEC C) execve with the generated code path D) munmap followed by mmap

Question 11 ⭐ In x86-64, what does cmpxchg [mem], rbx do?

A) Compare RBX with [mem] and exchange if equal B) Compare RAX with [mem]: if equal, write RBX to [mem]; if not, load [mem] into RAX C) Exchange RBX and [mem] unconditionally D) Compare two memory locations

Question 12 The TLB (Translation Lookaside Buffer) caches:

A) Recently used instruction bytes B) Recent virtual-to-physical address translations C) Recently allocated physical pages D) The last 64 branch predictions

Question 13 ⭐ What is the x86-64 syscall number for write on Linux? For ARM64 and RISC-V Linux?

A) x86-64: 1; ARM64: 64; RISC-V: 64 B) x86-64: 4; ARM64: 1; RISC-V: 1 C) All architectures use the same number: 1 D) x86-64: 1; ARM64: 4; RISC-V: 4

Question 14 The RISC-V instruction la a1, msg is a pseudo-instruction that expands to:

A) lw a1, msg (load word from the address labeled msg) B) auipc a1, hi20(msg); addi a1, a1, lo12(msg) (PC-relative address load) C) mov a1, msg (RISC-V does not have a mov instruction) D) lui a1, msg (load upper immediate with label value)

Question 15 ⭐ A function has this epilogue:

mov rax, [rbp-8]
xor rax, [fs:0x28]
jne __stack_chk_fail
leave
ret

What security property does this implement, and what triggers __stack_chk_fail?

A) ASLR randomization check; triggered when the address space changes B) Stack canary check; triggered when the canary value at [rbp-8] has been modified C) NX enforcement; triggered when the return address points to non-executable memory D) CFI check; triggered when the return address is not a valid function entry

Question 16 A ROP gadget chains to the next gadget because:

A) Each gadget jumps to the next explicitly with a jmp instruction B) Each gadget ends with ret, which pops the next address from RSP C) The CPU's branch predictor connects gadgets automatically D) The linker creates implicit connections between gadgets

Question 17 ⭐ In MinOS, which component is responsible for saving and restoring process registers during a context switch?

A) The C kernel's schedule() function using setjmp/longjmp B) The interrupt handler entry/exit code, which pushes/pops all registers before/after calling the C handler C) The BIOS SAVE/RESTORE interrupt D) The CPU automatically on every timer interrupt

Question 18 Which LLVM pass replaces int sum = 0; for (i=0;i<N;i++) sum += a[i]; with vpaddd ymm0, ymm0, [...] (AVX2 code)?

A) Constant folding B) Loop unrolling C) Auto-vectorization (loop vectorizer) D) Dead code elimination

Question 19 ⭐ Intel CET IBT requires that every valid indirect call target begin with which instruction?

A) nop B) endbr64 C) push rbp D) int3

Question 20 "Assembly does not abstract the machine — it IS the machine." This statement means:

A) Assembly is the only language that compiles to machine code B) Assembly instructions map directly to machine operations without hidden runtime overhead, giving you a direct view of what the hardware executes C) Machine code is identical to assembly language D) Assembly is more efficient than all other languages