Topics n Assembly Programmers Execution Model n Accessing

Topics n Assembly Programmer’s Execution Model n Accessing Information l Registers l Memory n Arithmetic operations chap 3. 1 -3. 5 1

Assembly Programmer’s View of IA 32 Architecture Memory Addresses Registers E I P Object Code Program Data Condition Codes Instructions Stack Programmer-Visible State n EIP Program Counter l Address of next instruction n Register File l Heavily used program data n n Condition Codes l Store status information about most recent arithmetic operation l Used for conditional branchingchap 3. 1 -3. 5 Memory l Byte addressable array l Code, user data l Includes stack used to support procedures 2

Turning C into Object Code in files p 1. c p 2. c n Compile with command: gcc -O p 1. c p 2. c -o p n l Use optimizations (-O) l Put resulting binary in file p text C program (p 1. c p 2. c) Compiler (gcc -S) text Asm program (p 1. s p 2. s) Assembler (gcc or as) binary Object program (p 1. o p 2. o) Static libraries (. a) Linker (gcc or ld) binary Executable program (p) chap 3. 1 -3. 5 3

Compiling Into Assembly C Code int sum(int x, int y) { int t = x+y; return t; } Generated Assembly _sum: pushl %ebp movl %esp, %ebp movl 12(%ebp), %eax addl 8(%ebp), %eax movl %ebp, %esp popl %ebp ret Obtain with command gcc -O -S code. c Produces file code. s chap 3. 1 -3. 5 4

Assembly Characteristics Minimal Data Types n “Integer” data of 1, 2, or 4 bytes l Data values l Addresses (untyped pointers) n n Floating point data of 4, 8, or 10 bytes No aggregate types such as arrays or structures l Just contiguously allocated bytes in memory Primitive Operations n n Perform arithmetic function on register or memory data Transfer data between memory and register l Load data from memory into register l Store register data into memory n Transfer control l Unconditional jumps to/from procedures l Conditional branches chap 3. 1 -3. 5 5

Object Code for sum Assembler n Translates. s into. o n Some libraries are dynamically linked 0 x 401040 <sum>: n Binary encoding of each instruction 0 x 55 • Total of 13 0 x 89 n Nearly-complete image of executable bytes 0 xe 5 code • Each 0 x 8 b instruction 1, n Missing linkages between code in 0 x 45 2, or 3 bytes different files 0 x 0 c • Starts at 0 x 03 address Linker 0 x 45 0 x 401040 0 x 08 n Resolves references between files 0 x 89 n Combines with static run-time 0 xec libraries 0 x 5 d l E. g. , code for malloc, printf 0 xc 3 l Linking occurs when program begins execution chap 3. 1 -3. 5 6

Machine Instruction Example C Code int t = x+y; n Add two signed integers Assembly addl 8(%ebp), %eax Similar to expression x += y n Add 2 4 -byte integers l “Long” words in GCC parlance l Same instruction whether signed or unsigned n Operands: x: Register %eax y: Memory M[%ebp+8] t: Register %eax » Return function value in %eax 0 x 401046: 03 45 08 Object Code 3 -byte instruction n Stored at address 0 x 401046 chap 3. 1 -3. 5 7 n

Disassembling Object Code Disassembled 00401040 <_sum>: 0: 55 1: 89 e 5 3: 8 b 45 0 c 6: 03 45 08 9: 89 ec b: 5 d c: c 3 d: 8 d 76 00 push mov add mov pop ret lea %ebp %esp, %ebp 0 xc(%ebp), %eax 0 x 8(%ebp), %eax %ebp, %esp %ebp 0 x 0(%esi), %esi Disassembler objdump -d p n n Useful tool for examining object code Analyzes bit pattern of series of instructions Produces approximate rendition of assembly code Can be run on either a. out (complete executable) or. o file chap 3. 1 -3. 5 8

Alternate Disassembly Disassembled Object 0 x 401040: 0 x 55 0 x 89 0 xe 5 0 x 8 b 0 x 45 0 x 0 c 0 x 03 0 x 45 0 x 08 0 x 89 0 xec 0 x 5 d 0 xc 3 0 x 401040 0 x 401041 0 x 401043 0 x 401046 0 x 401049 0 x 40104 b 0 x 40104 c 0 x 40104 d <sum>: <sum+1>: <sum+3>: <sum+6>: <sum+9>: <sum+11>: <sum+12>: <sum+13>: push mov add mov pop ret lea %ebp %esp, %ebp 0 xc(%ebp), %eax 0 x 8(%ebp), %eax %ebp, %esp %ebp 0 x 0(%esi), %esi Within gdb Debugger gdb p disassemble sum Disassemble procedure x/13 b sum n Examinechap 3. 1 -3. 5 the 13 bytes starting at sum n 9

Moving Data %eax %edx Moving Data %ecx movl Source, Dest: n n %ebx Move 4 -byte (“long”) word Lots of these in typical code Operand Types n Immediate: Constant integer data l Like C constant, but prefixed with ‘$’ %esi %edi %esp %ebp l E. g. , $0 x 400, $-533 l Encoded with 1, 2, or 4 bytes n Register: One of 8 integer registers l But %esp and %ebp reserved for special use l Others have special uses for particular instructions n Memory: 4 consecutive bytes of memory l Various “address modes” chap 3. 1 -3. 5 10

movl Operand Combinations Source movl Destination C Analog movl $0 x 4, %eax temp = 0 x 4; movl $-147, (%eax) *p = -147; Imm Reg Mem movl %eax, %edx temp 2 = temp 1; movl %eax, (%edx) *p = temp; Mem Reg movl (%eax), %edx temp = *p; n Cannot do memory-memory transfers with single instruction chap 3. 1 -3. 5 11

Simple Addressing Modes Normal (R) Mem[Reg[R]] Register R specifies memory address movl (%ecx), %eax n Displacement D(R) Mem[Reg[R]+D] Register R specifies start of memory region n Constant displacement D specifies offset movl 8(%ebp), %edx n chap 3. 1 -3. 5 12

Using Simple Addressing Modes void swap(int *xp, int *yp) { int t 0 = *xp; int t 1 = *yp; *xp = t 1; *yp = t 0; } swap: pushl %ebp movl %esp, %ebp pushl %ebx movl movl 12(%ebp), %ecx 8(%ebp), %edx (%ecx), %eax (%edx), %ebx %eax, (%edx) %ebx, (%ecx) movl -4(%ebp), %ebx movl %ebp, %esp popl %ebp ret chap 3. 1 -3. 5 Set Up Body Finish 13

Understanding Swap void swap(int *xp, int *yp) { int t 0 = *xp; int t 1 = *yp; *xp = t 1; *yp = t 0; } • • • Offset Stack 12 yp 8 xp 4 Rtn adr 0 Old %ebp Register %ecx %edx %eax %ebx Variable yp xp t 1 t 0 %ebp -4 Old %ebx movl 12(%ebp), %ecx movl 8(%ebp), %edx movl (%ecx), %eax movl (%edx), %ebx movl %eax, (%edx) movl %ebx, (%ecx) chap 3. 1 -3. 5 # # # ecx edx eax ebx *xp *yp = = = yp xp *yp (t 1) *xp (t 0) eax ebx 14

Address Understanding Swap 123 0 x 124 456 0 x 120 0 x 11 c %eax 0 x 118 Offset %edx %ecx %ebx %esi 12 0 x 120 0 x 110 xp 8 0 x 124 0 x 10 c 4 Rtn adr 0 x 108 0 0 x 104 -4 %esp %ebp yp %ebp %edi 0 x 114 0 x 104 movl movl 12(%ebp), %ecx 8(%ebp), %edx (%ecx), %eax (%edx), %ebx %eax, (%edx) %ebx, (%ecx) chap 3. 1 -3. 5 # # # ecx edx eax ebx *xp *yp 0 x 100 = = = yp xp *yp (t 1) *xp (t 0) eax ebx 15

Address Understanding Swap 123 0 x 124 456 0 x 120 0 x 11 c %eax 0 x 118 Offset %edx %ecx 0 x 120 %ebx %esi 12 0 x 120 0 x 110 xp 8 0 x 124 0 x 10 c 4 Rtn adr 0 x 108 0 0 x 104 -4 %esp %ebp yp %ebp %edi 0 x 114 0 x 104 movl movl 12(%ebp), %ecx 8(%ebp), %edx (%ecx), %eax (%edx), %ebx %eax, (%edx) %ebx, (%ecx) chap 3. 1 -3. 5 # # # ecx edx eax ebx *xp *yp 0 x 100 = = = yp xp *yp (t 1) *xp (t 0) eax ebx 16

Address Understanding Swap 123 0 x 124 456 0 x 120 0 x 11 c %eax 0 x 118 %edx 0 x 124 %ecx 0 x 120 Offset %ebx %esi 12 0 x 120 0 x 110 xp 8 0 x 124 0 x 10 c 4 Rtn adr 0 x 108 0 0 x 104 -4 %esp %ebp yp %ebp %edi 0 x 114 0 x 104 movl movl 12(%ebp), %ecx 8(%ebp), %edx (%ecx), %eax (%edx), %ebx %eax, (%edx) %ebx, (%ecx) chap 3. 1 -3. 5 # # # ecx edx eax ebx *xp *yp 0 x 100 = = = yp xp *yp (t 1) *xp (t 0) eax ebx 17

Address Understanding Swap 123 0 x 124 456 0 x 120 0 x 11 c %eax 456 %edx 0 x 124 %ecx 0 x 120 0 x 118 Offset %ebx %esi 12 0 x 120 0 x 110 xp 8 0 x 124 0 x 10 c 4 Rtn adr 0 x 108 0 0 x 104 -4 %esp %ebp yp %ebp %edi 0 x 114 0 x 104 movl movl 12(%ebp), %ecx 8(%ebp), %edx (%ecx), %eax (%edx), %ebx %eax, (%edx) %ebx, (%ecx) chap 3. 1 -3. 5 # # # ecx edx eax ebx *xp *yp 0 x 100 = = = yp xp *yp (t 1) *xp (t 0) eax ebx 18

Address Understanding Swap 123 0 x 124 456 0 x 120 0 x 11 c %eax 456 %edx 0 x 124 %ecx 0 x 120 %ebx 0 x 118 Offset 123 %esi 12 0 x 120 0 x 110 xp 8 0 x 124 0 x 10 c 4 Rtn adr 0 x 108 0 0 x 104 -4 %esp %ebp yp %ebp %edi 0 x 114 0 x 104 movl movl 12(%ebp), %ecx 8(%ebp), %edx (%ecx), %eax (%edx), %ebx %eax, (%edx) %ebx, (%ecx) chap 3. 1 -3. 5 # # # ecx edx eax ebx *xp *yp 0 x 100 = = = yp xp *yp (t 1) *xp (t 0) eax ebx 19

Address Understanding Swap 456 0 x 124 456 0 x 120 0 x 11 c %eax 456 %edx 0 x 124 %ecx 0 x 120 %ebx 0 x 118 Offset 123 %esi 12 0 x 120 0 x 110 xp 8 0 x 124 0 x 10 c 4 Rtn adr 0 x 108 0 0 x 104 -4 %esp %ebp yp %ebp %edi 0 x 114 0 x 104 movl movl 12(%ebp), %ecx 8(%ebp), %edx (%ecx), %eax (%edx), %ebx %eax, (%edx) %ebx, (%ecx) chap 3. 1 -3. 5 # # # ecx edx eax ebx *xp *yp 0 x 100 = = = yp xp *yp (t 1) *xp (t 0) eax ebx 20

Address Understanding Swap 456 0 x 124 123 0 x 120 0 x 11 c %eax 456 %edx 0 x 124 %ecx 0 x 120 %ebx 0 x 118 Offset 123 %esi 12 0 x 120 0 x 110 xp 8 0 x 124 0 x 10 c 4 Rtn adr 0 x 108 0 0 x 104 -4 %esp %ebp yp %ebp %edi 0 x 114 0 x 104 movl movl 12(%ebp), %ecx 8(%ebp), %edx (%ecx), %eax (%edx), %ebx %eax, (%edx) %ebx, (%ecx) chap 3. 1 -3. 5 # # # ecx edx eax ebx *xp *yp 0 x 100 = = = yp xp *yp (t 1) *xp (t 0) eax ebx 21

Indexed Addressing Modes Most General Form D(Rb, Ri, S) Mem[Reg[Rb]+S*Reg[Ri]+ D] D: Constant “displacement” 1, 2, or 4 bytes n Rb: Base register: Any of 8 integer registers n Ri: Index register: Any, except for %esp n l Unlikely you’d use %ebp, either n S: Scale: 1, 2, 4, or 8 Special Cases (Rb, Ri) Mem[Reg[Rb]+Reg[Ri]] D(Rb, Ri) Mem[Reg[Rb]+Reg[Ri]+D] (Rb, Ri, S) Mem[Reg[Rb]+S*Reg[Ri]] chap 3. 1 -3. 5 22

Address Computation Examples %edx 0 xf 000 %ecx 0 x 100 Expression Computation 0 x 8(%edx) 0 xf 000 + 0 x 8 0 xf 008 (%edx, %ecx) 0 xf 000 + 0 x 100 0 xf 100 (%edx, %ecx, 4) 0 xf 000 + 4*0 x 100 0 xf 400 0 x 80(, %edx, 2) 2*0 xf 000 + 0 x 80 0 x 1 e 080 chap 3. 1 -3. 5 Address 23

Address Computation Instruction leal Src, Dest n n Src is address mode expression Set Dest to address denoted by expression Uses n Computing address without doing memory reference l E. g. , translation of p = &x[i]; n Computing arithmetic expressions of the form x + k*y + z l k = 1, 2, 4, or 8. l z is an 8 -bit signed constant chap 3. 1 -3. 5 24

Some Arithmetic Operations Format Computation Two Operand Instructions addl Src, Dest subl Src, Dest imull Src, Dest sarl Src, Dest shrl Src, Dest xorl Src, Dest andl Src, Dest orl Src, Dest Dest Dest = = = = = Dest Dest Dest + Src - Src * Src << Src Also called shll >> Src Arithmetic >> Src Logical ^ Src & Src | Src chap 3. 1 -3. 5 25

Some Arithmetic Operations Format Computation One Operand Instructions incl Dest decl Dest negl Dest notl Dest Dest = = Dest + 1 Dest - 1 - Dest ~ Dest chap 3. 1 -3. 5 26

Using leal for Arithmetic Expressions int arith (int x, int y, int z) { int t 1 = x+y; int t 2 = z+t 1; int t 3 = x+4; int t 4 = y * 48; int t 5 = t 3 + t 4; int rval = t 2 * t 5; return rval; } arith: pushl %ebp movl %esp, %ebp movl 8(%ebp), %eax movl 12(%ebp), %edx leal (%edx, %eax), %ecx leal (%edx, 2), %edx sall $4, %edx addl 16(%ebp), %ecx leal 4(%edx, %eax), %eax imull %ecx, %eax movl %ebp, %esp popl %ebp ret chap 3. 1 -3. 5 Set Up Body Finish 27

Understanding arith int arith (int x, int y, int z) { int t 1 = x+y; int t 2 = z+t 1; int t 3 = x+4; int t 4 = y * 48; int t 5 = t 3 + t 4; int rval = t 2 * t 5; return rval; } movl 8(%ebp), %eax # eax movl 12(%ebp), %edx # edx leal (%edx, %eax), %ecx # ecx leal (%edx, 2), %edx # edx sall $4, %edx # edx addl 16(%ebp), %ecx # ecx leal 4(%edx, %eax), %eax # eax imull %ecx, %eax # eax chap 3. 1 -3. 5 Offset • • • 16 z 12 y 8 x 4 Rtn adr 0 Old %ebp = = = = x y x+y (t 1) 3*y 48*y (t 4) z+t 1 (t 2) 4+t 4+x (t 5) t 5*t 2 (rval) Stack %ebp 28

Understanding arith int arith (int x, int y, int z) { int t 1 = x+y; int t 2 = z+t 1; int t 3 = x+4; int t 4 = y * 48; int t 5 = t 3 + t 4; int rval = t 2 * t 5; return rval; } # eax = x movl 8(%ebp), %eax # edx = y movl 12(%ebp), %edx # ecx = x+y (t 1) leal (%edx, %eax), %ecx # edx = 3*y leal (%edx, 2), %edx # edx = 48*y (t 4) sall $4, %edx # ecx = z+t 1 (t 2) addl 16(%ebp), %ecx # eax = 4+t 4+x (t 5) leal 4(%edx, %eax), %eax # eax = t 5*t 2 (rval) imull %ecx, %eax chap 3. 1 -3. 5 29

Another Example int logical(int x, int y) { int t 1 = x^y; int t 2 = t 1 >> 17; int mask = (1<<13) - 7; int rval = t 2 & mask; return rval; } logical: pushl %ebp movl %esp, %ebp movl xorl sarl andl movl %ebp, %esp popl %ebp ret 213 = 8192, 213 – 7 = 8185 movl xorl sarl andl 8(%ebp), %eax 12(%ebp), %eax $17, %eax $8185, %eax eax eax = = chap 3. 1 -3. 5 Set Up Body Finish x x^y (t 1) t 1>>17 (t 2) t 2 & 8185 30

CISC Properties Instruction can reference different operand types n Immediate, register, memory Arithmetic operations can read/write memory Memory reference can involve complex computation n n Rb + S*Ri + D Useful for arithmetic expressions, too Instructions can have varying lengths n IA 32 instructions can range from 1 to 15 bytes chap 3. 1 -3. 5 31

Summary: Abstract Machines Machine Models C mem proc Assembly mem Stack regs alu Cond. processor Codes Data 1) char 2) int, float 3) double 4) struct, array 5) pointer Control 1) loops 2) conditionals 3) switch 4) Proc. call 5) Proc. return 1) byte 3) branch/jump 2) 2 -byte word 4) call 3) 4 -byte long word 5) ret 4) contiguous byte allocation 5) address of initial byte chap 3. 1 -3. 5 32

Whose Assembler? Intel/Microsoft Format GAS/Gnu Format lea sub cmp mov leal subl cmpl movl eax, [ecx+ecx*2] esp, 8 dword ptr [ebp-8], 0 eax, dword ptr [eax*4+100 h] (%ecx, 2), %eax $8, %esp $0, -8(%ebp) $0 x 100(, %eax, 4), %eax Intel/Microsoft Differs from GAS n Operands listed in opposite order mov Dest, Src n Constants not preceded by ‘$’, Denote hex with ‘h’ at end 100 h n $0 x 100 Operand size indicated by operands rather than operator suffix sub n movl Src, Dest subl Addressing format shows effective address computation [eax*4+100 h] $0 x 100(, %eax, 4) chap 3. 1 -3. 5 33