What does assembly jmp offset <label+offset> mean?

Question

I used

objdump -M intel -d test

and

objdump -d test

to disassemble a very simple for loop with gcc 686-elf cross compiler. I In both cases, I get the following:

 d:   eb 11                   jmp    20 <loop+0x20>

The full dump (INTEL) is:

00000000 <loop>:
0:   55                      push   ebp
1:   89 e5                   mov    ebp,esp
3:   83 ec 10                sub    esp,0x10
6:   c7 45 fc 00 00 00 00    mov    DWORD PTR [ebp-0x4],0x0
d:   eb 11                   jmp    20 <loop+0x20>
f:   a1 00 00 00 00          mov    eax,ds:0x0
14:   83 c0 01                add    eax,0x1
17:   a3 00 00 00 00          mov    ds:0x0,eax
1c:   83 45 fc 01             add    DWORD PTR [ebp-0x4],0x1
20:   83 7d fc 09             cmp    DWORD PTR [ebp-0x4],0x9
24:   7e e9                   jle    f <loop+0xf>
26:   90                      nop
27:   c9                      leave  
28:   c3                      ret   

This makes sense if it is jumping to offset 20, from label loop which is at 0.

What is confusing me is the syntax. Why do I have two 20's?

20 <loop+0x20>

Answer 1

Hex 20 is the jump target address. loop+0x20 is meant to be helpful, but in this case it's not very. The disassembler found the symbolic address nearest to 20. In this case it's loop. It re-computed 20 as an offset from that label. Since the label is at address 0, this simplifies to 0+0x20, which is 20, which is equal to the target as you'd expect.

This representation is more helpful in other settings. For example, if a label a were for the base of an array of ints, then <a+0x20> would specify the 32nd byte of the array, which would be a[8].