Reverse Assembly Typical problem Given a machine language
Reverse Assembly • Typical problem: Given a machine language instruction for the SRC, it may be required to find the equivalent SRC assembly language instruction
CS 501 Advanced Computer Architecture Lecture 05 Dr. Noor Muhammad Sheikh
Review
Example: Reverse assemble the following SRC machine language instructions: 68 C 2003 A h E 1 C 60004 h 61885000 h 724 E 8000 h 1 A 4000 D 4 h 084000 D 0 h Solution: 1. Write the given hexadecimal instruction in binary form 68 C 2003 A h 0110 1000 1100 0010 0000 0011 1010 b 2. Examine the first five bits of the instruction, and pick the corresponding mnemonic from the SRC instruction set listing arranged according to ascending order of op-codes 01101 b 13 d addi add immediate
3. Now we know that this instruction uses the type C format, the two 5 -bit fields after the op-code field represent the destination and the source registers respectively, and that the remaining 17 -bits in the instruction represent a constant 0110 1000 1100 0010 0000 0011 1010 b op-code ra field addi R 3 rb field R 1 17 -bit c 1 field 3 A h = 58 d 4. Therefore, the assembly language instruction is addi R 3, R 1, 58
Summary Given machine language instruction Equivalent assembly language instruction 68 C 2003 A h E 1 C 60004 h 61885000 h 724 E 8000 h 1 A 4000 D 4 h 084000 D 0 h addi R 3, R 1, 58
We can do it a bit faster now ! Here is step 1 for all instructions Given instruction in hexadeximal Equivalent instruction in binary E 1 C 60004 h 1110 0001 1100 0110 0000 0100 b 61885000 h 0110 0001 1000 0101 0000 b 724 E 8000 h 0111 0010 0100 1110 1000 0000 b 1 A 4000 D 4 h 0001 1010 0100 0000 1101 0100 b 084000 D 0 h 0000 1000 0100 0000 1101 0000 b
Step 2: Pick up the op code for each instruction Given instruction in hexadeximal Op-code field mnemonic E 1 C 60004 h 1110 0 b shl 61885000 h 0110 0 b add 724 E 8000 h 0111 0 b sub 1 A 4000 D 4 h 0001 1 b st 084000 D 0 h 0000 1 b ld
Step 3: Determine the instruction type for each instruction Given instruction in hexadeximal mnemonic E 1 C 60004 h shl 61885000 h add 724 E 8000 h sub 1 A 4000 D 4 h st 084000 D 0 h ld Instruction type
Step 3: Determine the instruction The meaning of the instruction type for each remaining fields will depend on the Given instructiontype in mnemonic instruction (i. e. , hexadeximal the instruction format) E 1 C 60004 h shl 61885000 h add 724 E 8000 h sub 1 A 4000 D 4 h st 084000 D 0 h ld Instruction type
Step 3: Determine the instruction type for each instruction Given instruction in hexadeximal mnemonic E 1 C 60004 h shl 61885000 h add 724 E 8000 h sub 1 A 4000 D 4 h st 084000 D 0 h ld Instruction type
Summary Given machine language instruction Equivalent assembly language instruction 68 C 2003 A h E 1 C 60004 h 61885000 h 724 E 8000 h 1 A 4000 D 4 h 084000 D 0 h addi R 3, R 1, 58
Note for graphics designer Please insert the attached images one per slide according to the numbering
Using RTL to describe static properties of the SRC • Specifying registers § IRá 31. . 0ñ means bits numbered 31 to 0 of a 32 -bit register named “IR” • “Naming” using the : = naming operator: § opá 4. . 0ñ : = IRá 31. . 27ñ means that the 5 most significant bits of IR be called op, with bits 4. . 0 § this does not create a new register; it just generates another name, or “alias, ” for an already existing register or part of a register
Fields in the SRC instruction RTL naming operator opá 4. . 0ñ: = IRá 31. . 27ñ: raá 4. . 0ñ : = IRá 26. . 22ñ: rbá 4. . 0ñ : = IRá 21. . 17ñ: operation code field target register field operand, address index, or branch target register rcá 4. . 0ñ : = IRá 16. . 12ñ: second operand, conditional test, or shift count register c 1á 21. . 0ñ : = IRá 21. . 0ñ: long displacement field c 2á 16. . 0ñ : = IRá 16. . 0ñ: short displacement or immediate field c 3á 11. . 0ñ : = IRá 11. . 0ñ: count or modifier field
Describing the processor state using RTL Processor state PCá 31. . 0ñ: IRá 31. . 0ñ: Run: Strt: R[0. . 31]á 31. . 0ñ: program counter (memory addr. of next inst. ) instruction register one bit run/halt indicator start signal general purpose registers
SRC in a black box !!! Connectors at the back (to be added later on) Indicators (include the RUN indicator) Strt The SRC Made by XYZ Other switches may be added later on Start switch
Using RTL to describe the dynamic properties of the SRC • Conditional expressions, eg. (op=14) : R[ra] ¬ R[rb] - R[rc]; IF condition THEN perform this action ; is an RTL termination operator RTL assignment operator • Meaning: (describes the subtract instruction) IF the op field is equal to 14, THEN calculate the difference of the value in the register specified by the rb field and the value in the register specified by the rc field, and store the result in the register specified by the ra field.
Effective address calculations in RTL (performed at runtime) • displacement address dispá 31. . 0ñ : = ( (rb=0) : c 2á 16. . 0ñ {sign extend}, (rb¹ 0) : R[rb] + c 2á 16. . 0ñ {sign extend} ), • relative address relá 31. . 0ñ : = PCá 31. . 0ñ + c 1á 21. . 0ñ {sign extend}, The , indicates that the two statements will be executed simultaneously Two disjoint conditions imply that only one action will be performed at one time Remember: register R 0 cannot be added to displacement rb = 0 just means don’t use the R[rb] field
Instruction Fetch Operation (using RTL) instruction_Fetch : = ( !Run&Strt : Run ¬ 1, Run : (IR ¬ M[PC], PC ¬ PC + 4; instruction_execution) );
Naming operator Instruction Fetch Operation (using RTL) Logical AND Logical NOT Set the RUN bit to a 1 instruction_Fetch : = ( !Run&Strt : Run ¬ 1, Run : (IR ¬ M[PC], PC ¬ PC + 4; instruction_execution) ); Transfer from memory to the IR Sequential statements are separated by a; concurrent statements are separated by a,
Instruction Execution (Describing the Execute operation using RTL) Op code for ld ie : = ( (op<4. . 0>= 1) : R[ra] ¬ M[disp], (op<4. . 0>= 2) : R[ra] ¬ M[rel], . . . Op code for ldr. . . (op<4. . 0>=31) : Run ¬ 0, ); ii ); Op code for other instructions Op code for stop Instruction Execution can be described by using a long list of conditional operations which are inherently “disjoint”.
Instruction Execution (Describing the Execute operation using RTL) At the end of this list, i. F is invoked again ie : = ( (op<4. . 0>= 1) : R[ra] ¬ M[disp], (op<4. . 0>= 2) : R[ra] ¬ M[rel], . . . (op<4. . 0>=31) : Run ¬ 0, ); i. F ); Instruction Execution can be described by using a long list of conditional operations which are inherently “disjoint”.
Instruction Execution (Describing the Execute operation using RTL) At the end of this list, i. F is invoked again ie : = ( (op<4. . 0>= 1) : R[ra] ¬ M[disp], (op<4. . 0>= 2) : R[ra] ¬ M[rel], . . . (op<4. . 0>=31) : Run ¬ 0, ); i. F ); Thus, i. F and ie invoke each other in a loop Instruction Execution can be described by using a long list of conditional operations which are inherently “disjoint”.
Flow diagram Instruction Fetch Instruction Decode Op-code = 31 … Op-code = 30 Op-code = 1 … appropriate processing goes in this place
- Slides: 25