Reverse Assembly Typical problem: Given a machine language instruction for the SRC, it may be required to find the equivalent SRC assembly language instruction

CS501 Advanced Computer Architecture Lecture05 Dr.Noor Muhammad Sheikh

Review

Example: Reverse assemble the following SRC machine language instructions: 68C2003A h E1C60004 h 61885000 h 724E8000 h 1A4000D4 h 084000D0 h Solution: 1. Write the given hexadecimal instruction in binary form 68C2003A h  0110 1000 1100 0010 0000 0000 0011 1010 b 2. Examine the first five bits of the instruction, and pick the corresponding mnemonic from the SRC instruction set listing arranged according to ascending order of op-codes 01101 b  13 d  addi  add immediate

4. Therefore, the assembly language instruction is addi R3, R1, 58 3. Now we know that this instruction uses the type C format, the two 5-bit fields after the op-code field represent the destination and the source registers respectively, and that the remaining 17-bits in the instruction represent a constant 0110 1000 1100 0010 0000 0000 0011 1010 b 4. Therefore, the assembly language instruction is addi R3, R1, 58 op-code ra field rb field 17-bit c1 field addi R3 R1 3A h = 58 d

Summary 68C2003A h addi R3, R1, 58 E1C60004 h 61885000 h 724E8000 h Given machine language instruction Equivalent assembly language instruction 68C2003A h addi R3, R1, 58 E1C60004 h 61885000 h 724E8000 h 1A4000D4 h 084000D0 h

We can do it a bit faster now ! Here is step 1 for all instructions Given instruction in hexadeximal Equivalent instruction in binary E1C60004 h 1110 0001 1100 0110 0000 0000 0000 0100 b 61885000 h 0110 0001 1000 1000 0101 0000 0000 0000 b 724E8000 h 0111 0010 0100 1110 1000 0000 0000 0000 b 1A4000D4 h 0001 1010 0100 0000 0000 0000 1101 0100 b 084000D0 h 0000 1000 0100 0000 0000 0000 1101 0000 b

Step 2: Pick up the op code for each instruction Given instruction in hexadeximal Op-code field mnemonic E1C60004 h 1110 0 b shl 61885000 h 0110 0 b add 724E8000 h 0111 0 b sub 1A4000D4 h 0001 1 b st 084000D0 h 0000 1 b ld

Step 3: Determine the instruction type for each instruction Given instruction in hexadeximal mnemonic Instruction type E1C60004 h shl 61885000 h add 724E8000 h sub 1A4000D4 h st 084000D0 h ld

Step 3: Determine the instruction type for each instruction The meaning of the remaining fields will depend on the instruction type (i.e., the instruction format) Given instruction in hexadeximal mnemonic Instruction type E1C60004 h shl 61885000 h add 724E8000 h sub 1A4000D4 h st 084000D0 h ld

Step 3: Determine the instruction type for each instruction Given instruction in hexadeximal mnemonic Instruction type E1C60004 h shl 61885000 h add 724E8000 h sub 1A4000D4 h st 084000D0 h ld

Summary 68C2003A h addi R3, R1, 58 E1C60004 h 61885000 h 724E8000 h Given machine language instruction Equivalent assembly language instruction 68C2003A h addi R3, R1, 58 E1C60004 h 61885000 h 724E8000 h 1A4000D4 h 084000D0 h

Note for graphics designer Please insert the attached images one per slide according to the numbering

Using RTL to describe static properties of the SRC Specifying registers IRá31..0ñ means bits numbered 31 to 0 of a 32-bit register named “IR” “Naming” using the := naming operator: opá4..0ñ := IRá31..27ñ means that the 5 most significant bits of IR be called op, with bits 4..0 this does not create a new register; it just generates another name, or “alias,” for an already existing register or part of a register

Fields in the SRC instruction RTL naming operator opá4..0ñ:= IRá31..27ñ: operation code field raá4..0ñ := IRá26..22ñ: target register field rbá4..0ñ := IRá21..17ñ: operand, address index, or branch target register rcá4..0ñ := IRá16..12ñ: second operand, conditional test, or shift count register c1á21..0ñ := IRá21..0ñ: long displacement field c2á16..0ñ := IRá16..0ñ: short displacement or immediate field c3á11..0ñ := IRá11..0ñ: count or modifier field

Describing the processor state using RTL PCá31..0ñ: program counter (memory addr. of next inst.) IRá31..0ñ: instruction register Run: one bit run/halt indicator Strt: start signal R[0..31]á31..0ñ: general purpose registers

SRC in a black box !!! Indicators (include the RUN indicator) Connectors at the back (to be added later on) Strt The SRC Made by XYZ Start switch Other switches may be added later on

Using RTL to describe the dynamic properties of the SRC Conditional expressions, eg. (op=14) : R[ra] ¬ R[rb] - R[rc]; Meaning: (describes the subtract instruction) IF the op field is equal to 14, THEN calculate the difference of the value in the register specified by the rb field and the value in the register specified by the rc field, and store the result in the register specified by the ra field. ; is an RTL termination operator IF condition THEN perform this action RTL assignment operator

Effective address calculations in RTL (performed at runtime) The , indicates that the two statements will be executed simultaneously displacement address dispá31..0ñ := ( (rb=0) : c2á16..0ñ {sign extend}, (rb¹0) : R[rb] + c2á16..0ñ {sign extend} ), relative address relá31..0ñ := PCá31..0ñ + c1á21..0ñ {sign extend}, Two disjoint conditions imply that only one action will be performed at one time Remember: register R0 cannot be added to displacement rb = 0 just means don’t use the R[rb] field

Instruction Fetch Operation (using RTL) !Run&Strt : Run ¬ 1, Run : (IR ¬ M[PC], PC ¬ PC + 4; instruction_execution) );

Instruction Fetch Operation (using RTL) Naming operator Instruction Fetch Operation (using RTL) Logical AND Set the RUN bit to a 1 Logical NOT Sequential statements are separated by a ; concurrent statements are separated by a , instruction_Fetch := ( !Run&Strt : Run ¬ 1, Run : (IR ¬ M[PC], PC ¬ PC + 4; instruction_execution) ); Transfer from memory to the IR

Instruction Execution (Describing the Execute operation using RTL) Instruction Execution can be described by using a long list of conditional operations which are inherently “disjoint”. Op code for ld ie := ( (op<4..0>= 1) : R[ra] ¬ M[disp], (op<4..0>= 2) : R[ra] ¬ M[rel], . . . (op<4..0>=31) : Run ¬ 0,); ii ); Op code for ldr Op code for stop Op code for other instructions

Instruction Execution (Describing the Execute operation using RTL) At the end of this list, iF is invoked again Instruction Execution can be described by using a long list of conditional operations which are inherently “disjoint”. ie := ( (op<4..0>= 1) : R[ra] ¬ M[disp], (op<4..0>= 2) : R[ra] ¬ M[rel], . . . (op<4..0>=31) : Run ¬ 0,); iF );

Instruction Execution (Describing the Execute operation using RTL) At the end of this list, iF is invoked again Instruction Execution can be described by using a long list of conditional operations which are inherently “disjoint”. ie := ( (op<4..0>= 1) : R[ra] ¬ M[disp], (op<4..0>= 2) : R[ra] ¬ M[rel], . . . (op<4..0>=31) : Run ¬ 0,); iF ); Thus, iF and ie invoke each other in a loop

appropriate processing goes in this place Flow diagram Instruction Fetch Instruction Decode … Op-code = 31 Op-code = 0 appropriate processing goes in this place Op-code = 30 Op-code = 1 …