1 Machine-Level Representation of Programs Ⅱ

2 Outline Data movement Data manipulation Control structure Suggested reading –Chap 3.4, 3.5, 3.6

3 Indexed Addressing Mode Figure 3.3 P137 Most general form –Imm(E b, E i, s) –M[Imm+ R[E b ]+ R[E i ]*s] –Constant “displacement” Imm: 1, 2, or 4 bytes –Base register E b : Any of 8 integer registers –Index register E i : Any, except for %esp –S: Scale: 1, 2, 4, or 8

4 Data Movement Figure 3.4 P139 InstructionEffectDescription movl S, DD  S Move double word movw S, DD  S Move word movb S, DD  S Move byte movsbl S, DD  SignedExtend( S) Move sign-extended byte movzbl S, DD  ZeroExtend(S) Move zero-extended byte pushl SR[%esp]  R[%esp]-4 M[R[%esp]]  S Push popl DD  M[R[%esp]] R[%esp]  R[%esp]+4 Pop

5 Move Instructions Format –movl src, dest –src and dest can only be one of the following Immediate (except dest) Register Memory

6 Move Instructions Format –The only possible combinations of the (src, dest) are (immediate, register) (memory, register)load (register, register) (immediate, memory)store (register, memory)store

7 Data Movement Example P139 movl $0x4050, %eax immediateregister movl %ebp, %esp registerregister movl (%edx, %ecx), %eaxmemoryregister movl $-17, (%esp)immediatememory movl %eax, -12(%ebp)registermemory

8 Data Movement Example P139 Initial value %dh=8d %eax = movb %dh, %al%eax= d 2movsbl %dh, %eax%eax=ffffff8d (Move sign-extended byte) 3movzbl %dh, %eax%eax= d ( Move zero-extended byte)

9 Stack operations Figure 3.5 P140 %eax0x123 %edx0 %esp0x108 Increasing address 0x108 Stack “top” %esp

10 Stack operations %eax0x123 %edx0 %esp0x104 Stack “top” 0x123 0x108 %esp pushl %eax

11 Stack operations %eax0x123 %edx0x123 %esp0x104 Stack “top” 0x123 0x108 %esp popl %edx

12 Data Movement Example P141 int exchange(int *xp, int y) { int x = *xp ;/* operator * performs dereferencing */ *xp = y ; return x ; } int a = 4 ; int b = exchange(&a, 3);/* “address of” operator creates a pointer */ printf(“a = %d, b = %d\n”, a, b);

13 Data Movement Example P142 int exchange(int *xp, int y) { int x = *xp ; *xp = y ; return x ; } 1 pushl %ebp 2 movl %esp, %ebp 3 movl 8(%ebp), %eax 4 movl 12(%ebp), %edx 5 movl (%eax), %ecx 6 movl %edx, (%eax) 7 movl %ecx, %eax 8 movl %ebp, %esp 9 popl %ebp Assembly code

14 Data Movement Example y xp Rtn adr %esp Offset Stack

15 Data Movement Example y xp Rtn adr Old % ebp %esp Offset Stack 1 pushl %ebp y xp Rtn adr %esp Offset Stack

16 Data Movement Example y xp Rtn adr Old % ebp %ebp %esp Offset Stack 2 movl %esp, %ebp y xp Rtn adr Old % ebp %esp Offset Stack

17 Data Movement Example y xp Rtn adr Old % ebp %ebp %esp Offset Stack 3 movl 8(%ebp), %eax 4 movl 12(%ebp), %edx 5 movl (%eax), %ecx 6 movl %edx, (%eax) 7 movl %ecx, %eax

18 Data Movement Example y xp Rtn adr %esp Offset Stack 8 movl %ebp, %esp 9 popl %ebp

19 Arithmetic and Logical Operations Figure 3.7 P144 InstructionEffectDescription leal S, D D  &S Load effective address incl D D  D + 1 Increment decl D D  D – 1 Decrement negl D D  -D Negate notl D D  ~D Complement addl S, D D  D + S Add subl S, D D  D – S Subtract imull S, D D  D * S Multiply 3.5 P143

20 Examples for Lea Instruction (Practice Problem 3.3 P143) %eax holds x, %ecx holds y 6+x leal 6(%eax), %edx x+y leal (%eax, %ecx), %edx x+4*y leal (%eax, %ecx, 4), %edx 7+9*x leal 7(%eax, %eax, 8), %edx 9+x+2*y leal 9(%eax, %ecx, 2), %edx 10+4*y leal 0xA(, %ecx, 4), %edx ResultExpression

21 Arithmetic and Logical Operations (Cont’d) Figure 3.7 P144 InstructionEffectDescription xorl S, D D  D ^ S Exclusive-or orl S, D D  D | S Or andl S, D D  D & S And sall k, D D  D << k Left shift shll k, D D  D << k Left shift sarl k, D D  D >> k Arithmetic right shift shrl k, D D  D >> k Logical right shift

22 Arithmetic and Logical Operations (Practice Problem 3.4 P145) AddressValue 0x1000xFF 0x1040xAB 0x1080x13 0x10C0x11 RegisterValue %eax0x100 %ecx0x1 %edx0x3 0xFD (0x100-0x3) %eaxsubl %edx, %eax 0x0 (0x1-1) %ecxdecl %ecx 0x14 (0x13+1) 0x108incl 8(%eax) 0x110 ($16*0x11) 0x10Cimull $16, (%eax, %edx, 4) 0xA8 (0xAB-0x3) 0x104subl %edx, 4(%eax) 0x100 (1+0xFF) 0x100addl %ecx, (%eax) ValueDestinationInstruction

23 Assembly Code for Arithmetic Expressions Figure 3.8 P146 int arith(int x, int y, int z) { int t1 = x+y; int t2 = z*48; int t3 = t1&0xFFFF; int t4 = t2*t3; return t4; } movl 12(%ebp),%eaxGet y movl 16(%ebp),%edx Get z addl 8(%ebp),%eaxCompute t1=x+y leal (%edx,%edx,2),%edx Compute 3*z sall $4,%edxCompute t2=48*z=3*16*z andl $0xFFFF,%eaxCompute t3=t1&FFFF imull %eax,%edx Compute t4=t2*t3 movl %edx,%eaxSet t4 as return val

24 Special Arithmetic Operations Figure 3.9 P147 imull SR[%edx]:R[%eax]  S*R[%eax]Signed full multiply mull SR[%edx]:R[%eax]  S*R[%eax]Unsigned full multiply CltdR[%edx]:R[%eax]  SignExtend(R[%eax])Convert to quad word idivl SR[%edx]  R[%edx]:R[%eax] mod S ( 余 数 ) R[%eax]  R[%edx]:R[%eax]  S ( 商 ) Signed divide divl SR[%edx]  R[%edx]:R[%eax] mod S R[%eax]  R[%edx]:R[%eax]  S Unsigned divide

25 Examples P148 Initially x at %ebp+8, y at %ebp+12, their full 64- bit product as 8 bytes on top of the stack 1 movl 8(%ebp), %eax 2 imull 12(%ebp) 3 pushl %edx 4 pushl %eax Store x/y and x%y on the stack. 1 movl 8(%ebp), %eax 2 cltd 3 idivl 12(%ebp) 4 pushl %eax 5 pushl %edx

26 Control Two of the most important parts of program execution –Data flow (Accessing and operating data) –Control flow (control the sequence of operations) 3.6 P148

27 Control Sequential execution is default –The statements in C and –the instructions in assembly code –are executed in the order they appear in the program Chang the control flow –Control constructs in C –Jump in assembly

28 Assembly Programmer’s View FF BF 7F7F 3F3F C Stack DLLs Text Data Heap 08 %eax %edx %ecx %ebx %esi %edi %esp %ebp %al%ah %dl%dh %cl%ch %bl%bh %eip %eflag Addresses Data Instructions

29 Condition codes –A set of single-bit –Maintained in a condition code register –Describe attributes of the most recently arithmetic or logical operation

30 Condition codes EFLAGS –CF: Carry Flag The most recent operation generated a carry out of the most significant bit Used to detect overflow for unsigned operations –OF: Overflow Flag The most recent operation caused a two’s complement overflow — either negative or positive

31 Condition codes EFLAGS –ZF: Zero Flag The most recent operation yielded zero –SF: Sign Flag The most recent operation yielded a negative value

32 Setting Conditional Codes Implicit Setting By Arithmetic Operations addl Src,Dest C analog: t = a+b –CF set if carry out from most significant bit Used to detect unsigned overflow –ZF set if t == 0 –SF set if t < 0 –OF set if two’s complement overflow (a>0 && b>0 && t =0)

33 Conditional Code lea instruction –has no effect on condition codes Xorl instruction –The carry and overflow flags are set to 0 Shift instruction –carry flag is set to the last bit shifted out –Overflow flag is set to 0

34 Setting Conditional Codes Explicit Setting by Compare Instruction cmpl Src2,Src1 – cmpl b,a like computing a-b without setting destination –CF set if carry out from most significant bit Used for unsigned comparisons –ZF set if a == b –SF set if (a-b) < 0 –OF set if two’s complement overflow (a>0 && b<0 && (a-b)<0) || (a 0 && (a-b)>0)

35 Setting Conditional Codes Explicit Setting by Test instruction testl Src2,Src1 –Sets condition codes based on value of Src1 & Src2 Useful to have one of the operands be a mask – testl b,a like computing a&b without setting destination –ZF set when a&b == 0 –SF set when a&b < 0

36 Accessing Conditional Codes The condition codes cannot be read directly One of the most common methods of accessing them is –setting an integer register based on some combination of condition codes –Set commands

37 Accessing Conditional Codes after each set command is executed –A single byte to 0 or to 1 is obtained The descriptions of the different set commands apply to the case –where a comparison instruction has been executed

38 Accessing Conditional Codes Figure 3.10 P150 InstructionSynonymEffectSet Condition SeteSetzZFEqual/zero SetneSetnz~ZFNot equal/not zero SetsSFNegative Setns~SFNonnegative SetlSetngeSF^OFLess SetleSetng(SF^OF)|ZFLess or Equal SetgSetnle~(SF^OF)&~ZFGreater SetgeSetnl~(SF^OF)Greater or Equal SetaSetnbe~CF&~ZFAbove SetaeSetnb~CFAbove or equal SetbSetnaeCFBelow SetbeSetnaCF|ZFBelow or equal

39 Accessing Conditional Codes The destination operand is either –one of the eight single-byte register elements or –a memory location where the single byte is to be stored To generate a 32-bit result –we must also clear the high-order 24 bits

40 Accessing Conditional Codes P151 Initially a is in %edx, b is in %eax 1 cmpl %eax, %edx #compare a:b 2 setl %al #set low order by to 0 or 1 3 movzbl %al, %eax #set remaining bytes of %eax to 0

41 Jump Instructions P152 Under normal execution –instructions follow each other in the order they are listed A jump instruction can cause –the execution to switch to a completely new position in the program. Label –Jump destinations

42 Jump Instructions P152 1 xorl %eax, %eax Set %eax to 0 2 jmp.L1 Goto.L1 3 movl (%eax), %edx Null pointer dereference 4.L1: 5 popl %edx

43 Unconditional jump P153 Jumps unconditionally Direct jump: jmp label –jmp.L Indirect jump: jmp *Operand –jmp *%eax –jmp *(%eax)

44 Conditional jump Either jump or continue executing at the next instruction in the code sequence –Depending on some combination of the condition codes All direct jump

45 Jump Instructions P154 1 jle.L4 2.p2align 4,,7align next instruction to multiple of 8 3.L5: 4movl %edx, %eax 5sarl $1, %eax ； Arithmetic right shift 6subl %eax, %edx 7testl %edx, %edx 8jg.L5 9.L4: 10movl %edx, %eax

46 Jump Instructions PC-relative –Jump target is an offset relative to the address of the instruction just followed jump (pointed by PC) Absolute address –Jump target is an absolute address

47 1 8: 7e 11jle1b 2 a: 8d b lea0x0(%esi), %esi 3 10: 89 d0movl %edx, %eax dest1: 412: c1 f8 01sarl $1, %eax 515: 29 c2subl %eax, %edx 617: 85 d2testl %edx, %edx 719: 7f f5jg 10 81b: 89 d0movl %edx, %eax dest2: dest1: 11+a = 1b dest2: 1b+f5(-b) =10 F5=-11=0X(-b) Example for Jump P154

c8: 7e 11jle80483db ca: 8d b lea0x0(%esi), %esi d0: 89 d0movl %edx, %eax dest1: d2: c1 f8 01sarl $1, %eax d5: 29 c2subl %eax, %edx d7: 85 d2testl %edx, %edx d9: 7f f5jg 80483d db: 89 d0movl %edx, %eax dest2: 11+a = 1b => 11+ca=db 1b+f5(-b) =10 => db+f5(-b)=d0 Example for Jump P155

49 Translating Conditional Branches P157 if ( test-expr ) then-statement else else-statement t = test-expr ; if ( t ) goto true ; else-statement goto done true: then-statement done:

50 Translating Conditional Branches P int absdiff(int x, int y) 2.{ 3. if (x < y) 4. return y – x; 5. else 6. return x – y; 7.} 1. int gotodiff(int x, int y) 2.{ 3. int rval ; 4. if (x < y) 5. goto less 6. rval = x – y ; 7. goto done; 8. less: 9. rval = y – x; 10. done: 11. return rval; 12.}

51 Jump Instructions P movl 8(%ebp), %edx get x 2. movl 12(%ebp), %eax get y 3. cmpl %eax, %edx cal x - y 4. jl.L3 if x < y goto less 5. subl %eax, %edx compute x – y (subl: des-src) 6. movl %edx, %eax set return val 7. jmp.L5 goto done 8..L3:less: 9. subl %edx, %eax compute y – x (subl: des-src) 10..L5:done: Begin Completion code

52 Do-while Translation P158 do body-statement while (test-expr) loop: body-statement t = test-expr; if ( t ) goto loop ;

53 Do-while Translation P159 int fib_dw(int n) { int i = 0; int val = 0 ; int nval = 1 ; do { int t = val + nval ; val = nval ; nval = t ; i++; } while ( i<n) ; return val ; } registervalueinitially %ecxi0 %esinn %ebxval0 %edxnval1 %eaxt-

54 Do-while Translation P159.L6: lea (%ebx, %edx), %eax movl %edx, %ebx movl %eax, %edx incl %ecx cmpl %esi, %ecx jl.L6 movl %ebx, %eax registervalueinitially %ecxi0 %esinn %ebxval0 %edxnval1 %eaxt- lea: %ebx+%edx => %eax

55 While Loop Translation P161 while (test-expr) body-statement loop:if ( !test-expr) t = test-expr goto done; if ( !t )do goto done; body-statement body-statementwhile(test-expr) goto loop; done: done:

56 While Loop Translation P162 int fib_w(int n) { int i=1; int val=1; int nval=1; while ( i<n ) { int t=val+nval ; val = nval ; nval = t ; i = i+1; } return val ; } int fib_w_got0(int n) { int val=1; int nval=1; int nmi, t ; if ( val >= n ) goto done ; nmi = n-1; loop: t=val+nval ; val = nval ; nval = t ; nmi--; if ( nmi ) goto loop done: return val }

57 While Loop Translation P movl 8(%ebp), %eax 2. movl $1, %ebx 3. movl $1, %ecx 4. cmpl %eax, ebx 5. jge.L9 6. lea –1(%eax), %edx 7..L10: 8. lea (%ecx, %ebx), %eax 9. movl %ecx, %ebx 10. movl %eax, %ecx 11. decl %edx 12. jnz.L L9: Register usage RegisterVariableInitially %edxnmin-1 %ebxval1 %ecxnval1

58 For Loop Translation P164 for ( init-expr, test-expr, update-expr) body-statement init-expr while ( test-expr) { body-statement update-expr }

59 For Loop Translation P165 int fib_f(int n) { int i; int val=1; int nval=1; for ( i=1; i<n; i++ ) { int t = val + nval ; val = nval ; nval = t ; } return val ; }

60 Switch statements P167 int switch_eg(int x) { int result = x ; switch ( x ) { case 100: result *= 13 ; break ; case 102: result += 10 ; /* fall through */ case 103 result += 11; break ; case 104: case 106: result *= result ; break ; default: result = 0 ; } return result ; }

61 Switch Construct Properties of Switch Construct –Integer testing –Multiple outcomes (may be a large number) –Improve the readability of the source code

62 case 103 result += 11; break ; case 104: case 106: result *= result ; break ; default: result = 0 ; } return result ; } Switch Statements int switch_eg(int x) { int result = x ; switch ( x ) { case 100: result *= 13 ; break ; case 102: result += 10 ; /* fall through */ Integer testing Multiple cases

63 Switch Form switch(op) { case val_0: Block 0 case val_1: Block 1 case val_n-1: Block n–1 }

64 Jump Table Efficient implementation Avoid long sequence of if-else statement Criteria –the number of cases and the sparsity of the case value

65 Jump Table Implementation Targ0 Targ1 Targ2 Targn-1 jtab: Jump Table target = JTab[op]; goto *target; Approx. Translation Code Block 0 Targ0: Code Block 1 Targ1: Code Block 2 Targ2: Code Block n–1 Targn-1: Jump Targets

66 case 103 result += 11; break ; case 104: case 106: result *= result ; break ; default: result = 0 ; } return result ; } Switch Statements int switch_eg(int x) { int result = x ; switch ( x ) { case 100: result *= 13 ; break ; case 102: result += 10 ; /* fall through */ Integer testing Multiple cases

67 Jump Table Implementation P167 int switch_eg_goto ( int x) { unsigned xi = x-100; int result = x ; if ( xi >6 ) goto loc_def ; goto jt[xi]; loc_a: result *= 13 ; goto done ; loc_b: result += 10 ; loc_c: result +=11; goto done ; loc_d: result *= result ; goto done ; loc_def: result = 0 ; done: return result ; } code jt[7] = {loc_a, loc_def, loc_b, loc_c, loc_d, loc_def, loc_d};

68 Jump Table Implementation P lea –100(%edx), %eax 2. cmpl $6, %eax 3. ja. L9 4. jmp *.L10(, %eax, 4) 5..L4: 6. leal ( %edx, %edx, 2), %eax 7. leal (%edx, %eax, 4), %edx 8. jmp.L3 9..L5: 10. addl $10, %edx

69 Jump Table Implementation 11..L6: 12. addl $11, %edx 13. jmp.L3 14..L8: 15. imull %edx, %edx 16. jmp.L3 17..L9: 18. xorl %edx, %edx 19..L3: 20. movl %edx, %eax

70 Jump Table P section.rodata 2..align 4 3..L10: 4..long.L4case 100: loc_a 5..long.L9case 101: loc_def 6..long.L5case 102: loc_b 7..long.L6case 103: loc_c 8..long.L8case 104: loc_d 9..long.L9case 105: loc_def 10..long.L8case 106: loc_d