MachineLevel Programming II Control Flow Today Condition codes

Machine-Level Programming II: Control Flow Today Condition codes n Control flow structures n Next time n Fabián E. Bustamante, Spring 2007 Procedures

Condition codes Single bit registers CF Carry Flag ZF Zero Flag SF OF Sign Flag Overflow Flag Implicitly set by arithmetic operations addl Src, Dest C analog: t = a + b – CF set if carry out from most significant bit • Used to detect unsigned overflow – ZF set if t == 0 – SF set if t < 0 – OF set if two’s complement overflow (a>0 && b>0 && t<0) || (a<0 && b<0 && t>=0) Not set by leal instruction EECS 213 Introduction to Computer Systems Northwestern University 2

Setting condition codes Explicit setting by compare instruction cmpl Src 2, Src 1 cmpl b, a like computing a-b without setting destination – CF set if carry out from most significant bit • Used for unsigned comparisons – ZF set if a == b – SF set if (a-b) < 0 – OF set if two’s complement overflow (a>0 && b<0 && (a-b)<0) || (a<0 && b>0 && (ab)>0) EECS 213 Introduction to Computer Systems Northwestern University 3

Setting condition codes Explicit setting by test instruction testl Src 2, Src 1 – Sets condition codes based on value of Src 1 & Src 2 • Useful to have one of the operands be a mask – testl b, a like computing a&b without setting destination – ZF set when a&b == 0 – SF set when a&b < 0 EECS 213 Introduction to Computer Systems Northwestern University 4

Reading condition codes Set. X Instructions – Set single byte based on combinations of condition codes EECS 213 Introduction to Computer Systems Northwestern University 5

Reading condition codes Set. X Instructions – Set single byte based on combinations of condition codes – One of 8 addressable byte registers %eax %ah %al • Embedded within first 4 integer registers • Does not alter remaining 3 bytes • Typically use movzbl to finish job Body int gt (int x, int y) { return x > y; } movl 12(%ebp), %eax cmpl %eax, 8(%ebp) setg %al movzbl %al, %eax # # eax = y Compare x : y al = x > y Zero rest of %eax EECS 213 Introduction to Computer Systems Northwestern University %edx %dh %dl %ecx %ch %cl %ebx %bh %bl %esi %edi %esp %ebp Note inverted ordering! 6

Jumping j. X Instructions – Jump to different part of code depending on condition codes EECS 213 Introduction to Computer Systems Northwestern University 7

Conditional branch example _max: pushl %ebp movl %esp, %ebp int max(int x, int y) { if (x > y) return x; else return y; } movl 8(%ebp), %edx movl 12(%ebp), %eax cmpl %eax, %edx jle L 9 movl %edx, %eax Set Up Body L 9: movl %ebp, %esp popl %ebp ret EECS 213 Introduction to Computer Systems Northwestern University Finish 8

Conditional branch example int goto_max(int x, int y) { int rval = y; int ok = (x <= y); if (ok) goto done; rval = x; done: return rval; } movl 8(%ebp), %edx movl 12(%ebp), %eax cmpl %eax, %edx jle L 9 movl %edx, %eax L 9: # # # C allows “goto” as means of transferring control – Closer to machine-level programming style Generally considered bad coding style edx = eax = x : y if <= eax = Done: x y goto L 9 x Skipped when x y EECS 213 Introduction to Computer Systems Northwestern University 9

“Do-While” loop example C Code int fact_do (int x) { int result = 1; do { result *= x; x = x-1; } while (x > 1); return result; } Goto Version int fact_goto(int x) { int result = 1; loop: result *= x; x = x-1; if (x > 1) goto loop; return result; } Use backward branch to continue looping Only take branch when “while” condition holds EECS 213 Introduction to Computer Systems Northwestern University 10

“Do-While” loop compilation Goto Version int fact_goto (int x) { int result = 1; loop: result *= x; x = x-1; if (x > 1) goto loop; return result; } Registers %edx %eax x result Assembly _fact_goto: pushl %ebp movl %esp, %ebp movl $1, %eax movl 8(%ebp), %edx # # Setup eax = 1 edx = x L 11: imull %edx, %eax decl %edx cmpl $1, %edx jg L 11 # # result *= x x-Compare x : 1 if > goto loop movl %ebp, %esp popl %ebp ret EECS 213 Introduction to Computer Systems Northwestern University # Finish 11

General “Do-While” translation Goto Version C Code do Body while (Test); loop: Body if (Test) goto loop Body can be any C statement – Typically compound statement: { } Statement 1; Statement 2; … Statementn; Test is expression returning integer = 0 interpreted as false 0 interpreted as true EECS 213 Introduction to Computer Systems Northwestern University 12

“While” loop example #1 C Code int fact_while (int x) { int result = 1; while (x > 1) { result *= x; x = x-1; }; return result; } First Goto Version int fact_while_goto (int x) { int result = 1; loop: if (!(x > 1)) goto done; result *= x; x = x-1; goto loop; done: return result; } Is this code equivalent to the do-while version? Must jump out of loop if test fails EECS 213 Introduction to Computer Systems Northwestern University 13

Actual “While” loop translation Second Goto Version C Code int fact_while(int x) { int result = 1; while (x > 1) { result *= x; x = x-1; }; return result; } Uses same inner loop as dowhile version Guards loop entry with extra test int fact_while_goto 2 (int x) { int result = 1; if (!(x > 1)) goto done; loop: result *= x; x = x-1; if (x > 1) goto loop; done: return result; } EECS 213 Introduction to Computer Systems Northwestern University 14

General “While” translation C Code while (Test) Body Do-While Version Goto Version if (!Test) goto done; do Body while(Test); done: if (!Test) goto done; loop: Body if (Test) goto loop; done: EECS 213 Introduction to Computer Systems Northwestern University 15

“For” loop example /* Compute x raised to nonnegative power p */ int ipwr_for(int x, unsigned p) { int result; for (result = 1; p != 0; p = p>>1) { if (p & 0 x 1) result *= x; x = x*x; } return result; } Algorithm – Exploit property that p = p 0 + 2 p 1 + 4 p 2 + … 2 n– 1 pn– 1 – Gives: xp = z 0 · z 1 2 · (z 2 2) 2 · … · (…((zn – 12) 2 )…) 2 zi = 1 when pi = 0 zi = x when pi = 1 – Complexity O(log p) Example n– 1 times 310 = 32 * 38 = 32 * ((32) 2) 2 EECS 213 Introduction to Computer Systems Northwestern University 16

ipwr computation /* Compute x raised to nonnegative power p */ int ipwr_for(int x, unsigned p) { int result; for (result = 1; p != 0; p = p>>1) { if (p & 0 x 1) result *= x; x = x*x; } return result; } EECS 213 Introduction to Computer Systems Northwestern University 17

“For” loop example General Form int result; for (result = 1; p != 0; p = p>>1) { if (p & 0 x 1) result *= x; x = x*x; } for (Init; Test; Update ) Body Init result = 1 Body Test p != 0 Update p = p >> 1 { if (p & 0 x 1) result *= x; x = x*x; } EECS 213 Introduction to Computer Systems Northwestern University 18

“For” “While” For Version for (Init; Test; Update ) Body Do-While Version Init; if (!Test) goto done; do { Body Update ; } while (Test) done: While Version Init; while (Test ) { Body Update ; } Goto Version Init; if (!Test) goto done; loop: Body Update ; if (Test) goto loop; done: EECS 213 Introduction to Computer Systems Northwestern University 19

“For” loop compilation Goto Version result = 1; if (p == 0) goto done; loop: if (p & 0 x 1) result *= x; x = x*x; p = p >> 1; if (p != 0) goto loop; done: Init; if (!Test) goto done; loop: Body Update ; if (Test) goto loop; done: Init result = 1 Test p != 0 Body { if (p & 0 x 1) result *= x; x = x*x; Update p = p >> 1 } EECS 213 Introduction to Computer Systems Northwestern University 20

Switch statements typedef enum {ADD, MULT, MINUS, DIV, MOD, BAD} op_type; char unparse_symbol(op_type op) { switch (op) { case ADD : return '+'; case MULT: return '*'; case MINUS: return '-'; case DIV: return '/'; case MOD: return '%'; case BAD: return '? '; } } Implementation options – Series of conditionals • Good if few cases • Slow if many – Jump table • Lookup branch target • Avoids conditionals • Possible when cases are small integer constants – GCC • Picks one based on case structure – Bug in example code • No default given EECS 213 Introduction to Computer Systems Northwestern University 21

Jump table structure Switch form switch(op) { case val_0: Block 0 case val_1: Block 1 • • • case val_n-1: Block n– 1 } Jump targets Jump table jtab: Targ 0: Code Block 0 Targ 1: Code Block 1 Targ 2: Code Block 2 Targ 1 Targ 2 • • • Targn-1 • • • Approx. translation target = JTab[op]; goto *target; Targn-1: EECS 213 Introduction to Computer Systems Northwestern University Code Block n– 1 22

Switch statement example Branching possibilities typedef enum {ADD, MULT, MINUS, DIV, MOD, BAD} op_type; Enumerated values ADD MULT MINUS DIV MOD BAD char unparse_symbol(op_type op) { switch (op) { • • • } } Setup: unparse_symbol: pushl %ebp movl %esp, %ebp movl 8(%ebp), %eax cmpl $5, %eax ja. L 49 jmp *. L 57(, %eax, 4) # # # 0 1 2 3 4 5 Setup eax = op Compare op : 5 If > goto done goto Table[op] EECS 213 Introduction to Computer Systems Northwestern University 23

Assembly setup explanation Symbolic labels – Labels of form. LXX translated into addresses by assembler Table structure – Each target requires 4 bytes – Base address at. L 57 Jumping jmp. L 49 – Jump target is denoted by label. L 49 jmp *. L 57(, %eax, 4) – Start of jump table denoted by label. L 57 – Register %eax holds op – Must scale by factor of 4 to get offset into table – Fetch target from effective Address. L 57 + op*4 EECS 213 Introduction to Computer Systems Northwestern University 24

Jump table Table contents Targets & completion . section. rodata. align 4. L 57: . long. L 51 #Op =. long. L 52 #Op =. long. L 53 #Op =. long. L 54 #Op =. long. L 55 #Op =. long. L 56 #Op = . L 51: movl $43, %eax # ’+’ jmp. L 49. L 52: movl $42, %eax # ’*’ jmp. L 49. L 53: movl $45, %eax # ’-’ jmp. L 49. L 54: movl $47, %eax # ’/’ jmp. L 49. L 55: movl $37, %eax # ’%’ jmp. L 49. L 56: movl $63, %eax # ’? ’ # Fall Through to. L 49 0 1 2 3 4 5 Enumerated values ADD MULT MINUS DIV MOD BAD 0 1 2 3 4 5 EECS 213 Introduction to Computer Systems Northwestern University 25

Switch statement completion. L 49: movl %ebp, %esp popl %ebp ret # # Done: Finish Puzzle – What value returned when op is invalid? Answer – Register %eax set to op at beginning of procedure – This becomes the returned value Advantage of Jump Table – Can do k-way branch in O(1) operations EECS 213 Introduction to Computer Systems Northwestern University 26

Object code Setup – Label. L 49 becomes address 0 x 804875 c – Label. L 57 becomes address 0 x 8048 bc 0 08048718: 8048719: 804871 b: 804871 e: 8048721: 8048723: <unparse_symbol>: 55 pushl 89 e 5 movl 8 b 45 08 movl 83 f 8 05 cmpl 77 39 ja ff 24 85 c 0 8 b jmp %ebp %esp, %ebp 0 x 8(%ebp), %eax $0 x 5, %eax 804875 c <unparse_symbol+0 x 44> *0 x 8048 bc 0(, %eax, 4) EECS 213 Introduction to Computer Systems Northwestern University 27

Object code Jump table – Doesn’t show up in disassembled code – Can inspect using GDB gdb code-examples (gdb) x/6 xw 0 x 8048 bc 0 • Examine 6 hexadecimal format “words” (4 -bytes each) • Use command “help x” to get format documentation 0 x 8048 bc 0 <_fini+32>: 0 x 08048730 0 x 08048737 0 x 08048740 0 x 08048747 0 x 08048750 0 x 08048757 EECS 213 Introduction to Computer Systems Northwestern University 28

Extracting jump table from binary Jump table stored in read only data segment (. rodata) – Various fixed values needed by your code Can examine with objdump code-examples –s --section=. rodata – Show everything in indicated segment. Hard to read – Jump table entries shown with reversed byte ordering – E. g. , 30870408 really means 0 x 08048730 Contents 8048 bc 0 8048 bd 0 8048 be 0 … of section. rodata: 30870408 37870408 40870408 47870408 50870408 57870408 46616374 28256429 203 d 2025 6 c 640 a 00 43686172 203 d 2025 EECS 213 Introduction to Computer Systems Northwestern University 0. . . 7. . . @. . . G. . . P. . . W. . . Fact(%d) = %ld. . Char = % 29

Disassembled targets 8048730: 8048735: 8048737: 804873 c: 804873 e: 8048740: 8048745: 8048747: 804874 c: 804874 e: 8048750: 8048755: 8048757: b 8 eb 89 b 8 eb b 8 2 b 25 2 a 1 e f 6 2 d 15 2 f 0 e f 6 25 05 3 f 00 00 00 00 00 movl jmp movl jmp movl $0 x 2 b, %eax 804875 c <unparse_symbol+0 x 44> $0 x 2 a, %eax 804875 c <unparse_symbol+0 x 44> %esi, %esi $0 x 2 d, %eax 804875 c <unparse_symbol+0 x 44> $0 x 2 f, %eax 804875 c <unparse_symbol+0 x 44> %esi, %esi $0 x 25, %eax 804875 c <unparse_symbol+0 x 44> $0 x 3 f, %eax movl %esi, %esi does nothing Inserted to align instructions for better cache performance EECS 213 Introduction to Computer Systems Northwestern University 30

Matching disassembled targets Entry 0 x 08048730 0 x 08048737 0 x 08048740 0 x 08048747 0 x 08048750 0 x 08048757 8048730: b 8 8048735: eb 8048737: b 8 804873 c: eb 804873 e: 89 8048740: b 8 8048745: eb 8048747: b 8 804874 c: eb 804874 e: 89 8048750: b 8 8048755: eb 8048757: b 8 2 b 25 2 a 1 e f 6 2 d 15 2 f 0 e f 6 25 05 3 f 00 00 00 00 00 EECS 213 Introduction to Computer Systems Northwestern University movl jmp movl jmp movl 31

Sparse switch example Not practical to use jump table – Would require 1000 entries Obvious translation into if-then-else would have max. of 9 tests /* Return x/111 if x is multiple && <= 999. -1 otherwise */ int div 111(int x) { switch(x) { case 0: return 0; case 111: return 1; case 222: return 2; case 333: return 3; case 444: return 4; case 555: return 5; case 666: return 6; case 777: return 7; case 888: return 8; case 999: return 9; default: return -1; } } EECS 213 Introduction to Computer Systems Northwestern University 32

Sparse switch code Compares x to possible case values Jumps different places depending on outcomes movl 8(%ebp), %eax cmpl $444, %eax je L 8 jg L 16 cmpl $111, %eax je L 5 jg L 17 testl %eax, %eax je L 4 jmp L 14. . . # get x # x: 444 . . . L 5: movl $1, %eax jmp L 19 # x: 111 L 6: movl $2, %eax jmp L 19 # x: 0 L 7: movl $3, %eax jmp L 19 L 8: movl $4, %eax jmp L 19. . . EECS 213 Introduction to Computer Systems Northwestern University 33

Sparse switch code structure – Organizes cases as binary tree – Logarithmic performance < < 111 = 444 = > 4 > 777 < = 1 7 0 -1 = 0 > 222 555 = 2 -1 5 333 = 3 < = -1 888 = > 8 666 = 6 EECS 213 Introduction to Computer Systems Northwestern University -1 999 = 9 34

Summarizing C Control – if-then-else, do-while, switch Assembler control – Jump & conditional jump Compiler – Must generate assembly code to implement more complex control Standard techniques – All loops → do-while form – Large switch statements use jump tables Conditions in CISC – Machines generally have condition code registers Conditions in RISC – Use general registers – Special comparison instructions EECS 213 Introduction to Computer Systems Northwestern University 35