CS325 Instructions: Language of the Machine MIPS ARCHITECTURE - AN INTRODUCTION TO THE INSTRUCTION SET by N. Guydosh 2/2/04+
MIPS Approach MIPS will be the basis of our study MIPS is a family of RISC processors developed by mips computer company ... name based on the performance metric: “millions of instructions per second” based on an experimental system developed at Stanford by Hennessy MIPS architecture and instruction set is typical of RISC designs designed since the early 80's similar to the Sun Sparc processor MIPS will be the basis of our study approach: first understand the instruction set (architecture seen by the programmer) and then design the underlying hardware to implement the instructions.
Some Basic Features Characteristic of RISC Principles Instruction format relatively fixed Only three closely related types permitted Heavy reliance on large number of general purpose registers Only two instructions use memory: load (lw) and store (sw) all other operations are done using registers. Implementation uses pipelining and cache principles
Four Basic RISC Principles In Designing An Instruction Set Simplicity favors regularity Minimal number of instruction formats and a only a fixed number of operands within a format (three for arithmetic). Smaller is faster register are faster - use a lot of them - but too many will slow things down - 32 (64) may be the limit
Four Basic RISC Principles In Designing An Instruction Set (Cont.) Good design demands compromise A limited variation in format is desirable to optimize performance - three types of related instruction formats Make the common case fast Allow immediate data in the instruction and implement it efficiently Remember Amdahls Law!
MIPS INSTRUCTIONS MIPS instructions consists of fixed sized fields, with a minimal variation (3) of formats Notation: $n, where n = 0, 1, 2, ... 31 represents a general purpose register number n Example: add $8, $17, $18 # $8 = $17 + $18 sub $8, $17, $18 # $8 = $17 - $18 Note: everything after # sign is a comment (like “;” for Intel) An alternate symbolic designation may also be used for registers (see page A23 for the correspondence) – this may be the preferred notation for real programs even though the above notation also works.
MIPS INSTRUCTIONS R - TYPE FORMAT R-TYPE FIELD MEANINGS op - the basic op-code of the instruction rs - first register source operand (ex: $17 above) rt - second register source operand (ex: $18 above) rd - register destination operand (ex: $8 above) shamt - shift amount - more later funct - function field - variations of the op code op 6 bits rs 5 bits rt rd shamt Funct
Memory Instructions We can’t work only with registers forever - sooner or later we must access memory this necessitates a different instruction type I - Type instructions - an op code and three operands Needed for moving data between register and memory Can’t treat memory cells like registers - too many of them ... We need addressability thus: the I - type instruction
I - Type instructions op 6 BITS rs 5 bits rt Immediate address 16 bits Not enough bits in a 32 bit instruction to directly give a full address ... 32 bit address formed by adding the contents of the rs register to the immediate 16 bit value in address field rt <--> memory( [rs] + address ) rt field may now serve as both a source and destination rs serves as an index register which offsets from the 16 bit base address field useful in accessing elements of an array This instruction format variation is minimal from the r-type - first three fields correspond in length The two basic memory instructions using this format are: lw and sw (load word & store word )
I - Type instructions (cont) Ex: lw $s1, 100($s2) # $s1 = memory($s2 + 100) sw $s1,100($s2) # memory($s2 + 100) = $s1 Note: in MIPS all addresses are in units of bytes - thus if $s2 represents the 3rd integer of an array of integers, then the offset in $s2 must be 2*4 = 8 and not 2… remember addressing is origin 0 not 1, thus index is 2 not 3. - how would a compiler translate the c statement? a[i] = h + a[i]; ..... ? ... see p. 114 assumptions: $19 has the value 4*i $18 is used for the variable h let astart be the symbolic value for the start of the array: lw $8, astart($19) # temp reg $8 gets a[i] add $8, $18, $8 # temp reg $8 gets h + a[i] sw $8, astart($19) # store h + a[i] back into a[i]
Other I-Type Instructions add immediate: addi rt rs + imm # imm is a 16 bit integer constant addi $1,$2,100 # $1 = $2 + 100 Set on less than immediate: slti if (rs < imm) rt = 1; else rt = 0; # imm is a 16 bit integer constant slti $s1,$s2,100 # if ($s2 < 100) $s1 =1; else $s1 = 0; Set on less than: slt if (rs < rt) rd = 1; else rd = 0; slt $s1, $s2, $s3 #if $s2<$s3 $s1=1; else $s1=0; slt is actually an R instruction but is closely related to the slti “I” instruction. load upper immediate: lui rt imm*216 # shift left 16 bits # imm is a 16 bit integer constant lui $s1, 100 # rs unused (equal to 0) # loads constant 100 to upper 16 bits of $s1, the lower half of s1 is set to zeros see “control instructions in MIPS” for applications below
J-TYPE INSTRUCTIONS op 6 bits immediate address (imm) 26 bits FORMAT: j imm # jump to target address Unconditional jump to address designated by imm 32 bit address construction: imm (26 bits) is concatenated to high 4 bits of the PC, and then two zeros are appended to the low end to give a 32 bit address to a word boundary. … “extra range” is gained by interpreting the resulting address as a word address … what is the analogous situation in Intel addressing? op 6 bits immediate address (imm) 26 bits
Control Instructions in MIPS -1 Only two conditional branches (type I): branch on equal: beq reg1, reg2, targ_addr if (reg1== reg2) goto addr; #else fall through branch on not equal: bne reg1, reg2, targ_addr if (reg1 reg2) goto addr; #else fall through Target address is 16 bits Absolute range is 0 - (216 -1) bytes
Control Instructions in MIPS -2 Q: How do we increase the range? A: By adding the branch address to the pc register (program counter - contains the address of the current instruction) ... see p. 148 Interpret the immediate branch address as words and not bytes (another factor of 2). Range from PC is 218 bytes not words (p.150). Assuming a 2’s complement representation of the immediate address, the range of the beq and bne would be ±215 words from the PC. This is pc- relative addressing – the immediate address is relative to the pc: PC = PC + conditional branch address NOTE: The ISA implies that the value of PC is actally PC+4 since it points to the next consecutive instruction to be executed. Thus PC = PCcurrent + 4 and the compiler will have to take this into account when generating the 16 bit offset for this instruction. See bottom pages 148 and 149, and pp. 347-350 This is similar to the short conditional jump in the Intel architecture
Control Instructions in MIPS -3 Q: How is a “branch on less than done (a “blt” instruction). A: This instruction is too complicated to be natively implemented in this RISC architecture. It could appear as a pseudo-instruction to be translated to one or more native MIPS instructions. … Remember Amdahl’s Law
Control Instructions in MIPS -4 Here is how the “blt function” is done: Use the slt instruction: slt $t0, $reg1, $reg2 # $t0 gets a 1 if $reg1 < $reg2 ... # type R instruction – see previous bne $t0,$0, Less # GOTO Less IF $t0 0 #Note: $0 is a read only register containing a 0
Control Instructions in MIPS -5 Unconditional jump (types J and R) 13 ... see p. 148 j address - type J jal address - type J jr register - type R The operand “address” in j and jal, is 26 bits, maximum jump is 226 words not bytes ==> 228 bytes Only the lower 28 bits of the pc are replace for the j and j jump (upper 4bits are retained) and two zero bits are appended to the low end. ... see p. 150, 130 For jal, return address stored in $ra Operation for address formation in j and jal Byte-target-address = PC-hi-nibble||address||00 Note: the low two appended zeros are bits not nibbles
Control Instructions in MIPS -6 jr jumps to the address contained in the specified register ... used to implement the C language switch statement see p. 129. There is no restrictions on the jump distance of jr - can go anywhere in memory ... See p. 129, 130, 133
Support For Procedure Calls In Mips (p. 132) Temporarily use the Word document starting on p. 7 – will be converted to ppt in this document.
Support For Procedure Calls In MIPS (p. 132) Support is given by jal proc_addr and jr $31 (“jump and link” and jump register) Not only does jal proc_addr jump to the procedure address proc_addr, but it also places the return address in register $31 ($ra or “return address register”). jal does this by incrementing the address of the current instruction being executed (PC register), as done for all instructions, and then saves it in $31 - PC incremented by 4 results is the return address jr. $31 is then used to return to the calling procedure.
Support For Procedure Calls In MIPS -1 Q: What if the called procedure calls another procedure? ... A nested procedure call. $31 has already been used . . . then what? A: The programmer would have to save the old value of $31 in memory so it won’t get clobbered – on entering the procedure called. ... An example of “spilling registers to memory” The memory structure used to save return addresses ($31) is a stack or a “lifo” queue. this is implemented in software. We must maintain a “stack pointer” (reg $29) pointing to the top of the stack and adjust it as elements (return addresses) are “pushed” and “popped” to and from the stack. Stack “grows” from high to low memory – same as in Intel. … when in doubt save registers on stack … worst that could happen is a performance hit. . . . See example text page 134
Support For Procedure Calls In MIPS -2 Passing parameters between procedures: Registers $4 through $7 ($a0,…, $a3) reserved for parameters (analogous to $31 for return address). If a process calls another process, these parameters can be saved and restored using the stack as we did with the return address. The called function/procedure (“callee”) places any returned values in registers $2 and $3 ($v0 and $v1).
Support For Procedure Calls In MIPS -3 Q: What if there are more than 4 parms to be passed: A: Out the excess of 4 on the stack - the called proc will expect the first 4 to be in regs $4 - $7, and the rest in memory addressable via the stack pointer. Conventions for saving registers across procedure calls: See pp. A-25, A-26 Most registers are classified as either Caller saved or callee saved. ... see p. A-23 for mips register usage conventions
Support For Procedure Calls In MIPS -4 Caller saved registers Assumes that registers are not preserved across the call ... caller must do it (registers $t0,…, $t7) – see p. A23. Used for short-lived “callee” values which usually do not persist across a call (immediate values etc.) ... the callee assumes they will get overwritten when the caller restores the registers on returning. - they are used with impunity by the callee without having to save anything.
Support For Procedure Calls In MIPS -5 Callee saved registers See p. A23 for register usage convention Assumes that callee registers are preserved across the call ... callee must do it (registers $s0,…, $s6) – see p. A23. Used for long-lived values which are expected to persist across a call (user provided values ...). These registers are only saved during a procedure call if the callee expects to use the register. Since these registers (for long lived values) may be used less frequently, there will be an advantage in not having to save these registers if they are not used by the callee.
Support For Procedure Calls In MIPS -6 An example Translate the c code for a word memory swap into MIPS code: C code: /* remember this is a function which may be called by another function */ swap( int v[ ], int k ) { int temp; temp = v[k]; v[k] = v[k + 1]; v[k + 1] = temp; }
Support For Procedure Calls In MIPS -7 MIPS code: # Since parms passed via regs $4, $5, $6, $7 or ($a0, …, $a3) # thus parms v and k are in $4 and $5 # first preserve registers across proc invocation # swap is the callee - technically we need only to save registers # $2 and $15, but this proc will save ‘em all ... See p. A-23 # other register assignments : # $2 is the address of v[k] # local variable temp assigned to $15 # register $16 used to store v[k+1] # register $29 is the stack pointer # register $31 is the return address
Support For Procedure Calls In MIPS -8 swap: addi $29, $29,-12 # allocate stack space for 3 registers (12 bytes) # Callee saves registers sw $2, 0($29) # save $2 on the stack, $29 = $sp sw $15, 4($29) # save $15 on the stack sw $16, 8($29) # save $16 on the stack # Main guts of the program: muli $2, $5, 4 # reg $2 = k * 4 ... see later for muli add $2, $4, $2 # reg $2 = v(array base address) + k*4 # reg $2 now has the address of v[k] lw $15, 0($2) # reg $15 (temp) = v[k] lw $16, 4($2) # reg $16 = v[k+1] ... next element of v sw $16, 0($2) # v[k] = reg $16 = v[k+1] sw $15, 4($2) # v[k+1] = reg $15 = temp = v[k] # Callee restored registers: lw $2, 0($29) # restore $2 from stack, $sp is still as in 1st instruction lw $15, 4($29) # restore $15 from stack lw $16, 8($29) # restore $16 from stack addi $29, $29, 12 # restore stack pointer # Procedure return jr $31 # return to caller routine, call was not nested use $31=$ra
Summary of addressing in MIPS (3.8) RISC principle: make the common case fast Majority of used instructions use “small” constants, for example incrementing an offset by 4. Rather than having to first load a register with a constant (say from memory), why not simple include it in the instruction itself as a 16 bit constant: Hence some instruction we have already seen have “Immediate” counterparts. Example: addi $sp, $sp, 4 #$sp = $sp + 4 slti $t0, $s2, 10 # $t0 = 1 if $s2 < 10 lui $t0, 255 # loads 255 (16 bits) to upper half of $t0, zeros lower half # already covered
Summary of addressing in MIPS (3.8) Addressing in Branches and Jumps j target_address # target_address is a 26 bit immediate # number as described before: full 32 bit address is: high 4 bits of PC concatenated with target_address, then concatenated with 00 (two zero bits). It points to word boundaries. bne $s0, $s1, target # target is 16 bits as described before: full 32 bit address is: target is added to PC+4 (address of next instruction) as opposed to current instruction (see bottom page 148).
Summary of addressing in MIPS (3.8) Addressing Example MIPS C code (Text, p. 149):
Summary of addressing in MIPS (3.8) Addressing Example Machine Code (Text, p. 149): Note: bne adds specifies branch destination relative to instruction 6 (the add instruction) rather than instruction 5 (bne itself).
Summary of addressing in MIPS (3.8) Far Conditional Branches If the 16 bit immediate field in beq or bne is not large enough the assemble can still do this far branch as follows: beq $s0, $s1, L1 # L1 symbolically is out of range of short jump maps to: bne $s0, $s1, L2 #fall thru on equal j L1 L2: …
Addressing modes for MIPS ( p. 151 ) Register addressing - operand is a register (type R) Base or displacement addressing - operand address is sum of a register and an immediate value in the instruction (type I) Immediate addressing - operand is an immediate constant value within the instruction itself (type I) pc-relative addressing - address is the sum of the pc and an immediate constant in the instruction Pseudodirect addressing - address is the 26 bits from the instruction concatenated with upper 4 bits of the PC and tw zeros appended on low end (word level address)
Addressing modes for MIPS ( p. 152 )