1. 1 COMP 2130 Introduction to Computer Systems Computing Science Thompson Rivers University Machine Level Programming

2. Contents 2 Data Movement Instructions Arithmetic and Logical Operations Control Procedures Arrays

3. Review: Sections of the program 3 An assembly program can be divided into three sections: The data section – for declaring initialized constant data or constants. The data may not change at runtime The bss section – for declaring variables The text section – the section containing code

4. Memory Segments 4 Data Segment Code Segment Stack Assembly follows the segmented memory model, which divides the system memory into groups of independent segments referenced by pointers located in the segment registers.

5. Memory Segments 5 Data segment Represented by.data section and the.bss and is used to declare the memory region, where data elements are stored for the program. Once declared, it cannot be extended and it remains static throughout the program. This buffer memory is zero-filled. DS register stores the starting address of the data segment. It is pointed by DS(data segment register)

6. Memory Segments 6 Code segment Represented by.text section. This defines an area in memory that stores the instruction codes. This is also a fixed area. CS register stores the starting address of the code segment. It is pointed by CS(Code segment register)

7. Memory Segments 7 Stack This segment contains data values passed to functions and procedures within the program. SSR (Stack Segment Register stores the starting address of the stack) Extra segment – Extra data stored there. It is pointed by ES(Extra segment register)

8. Review: Addressing Modes 8 There are three basic addressing modes a. Register addressing b. Immediate Addressing c. Memory addressing Direct Memory Addressing (register) Indirect Memory Addressing Offset Addressing (register, offset)

9. Data Movement Instructions 9 The first Opcode (Assembly statements), we need to learn is: Mov. The syntax is : mov? Source, destination There are various versions of this command:

10. Examples 10 movl $0x4050,%eax ;Immediate--Register, 4 bytes movw %bp,%sp ;Register--Register, 2 bytes movb (%edi,%ecx),%ah;Memory--Register, 1 byte movb $-17,(%esp) ;Immediate--Memory, 1 byte movl %eax,-12(%ebp) ;Register--Memory, 4 bytes

11. Examples Given below is the information Fill in the following table showing the values %eax0x100 0x1040xAB $0x1080x108 (%eax)0xFF 4(%eax)0xAB 9(%eax, %edx)-> data at location %eax + %edx + 9 -> 0x11 260(%ecx,%edx) -> data at location %ecx + %edx + 260 -> 0x13 (%eax,%edx,4) -> data at %eax + %edx * 4 -> 0x11 TRU-COMP2130 Introduction 11

12. Data Movement Instructions 12 movs vs. movz Both the movs and the movz instruction classes serve to copy a smaller amount of source data to a larger data location, filling in the upper bits by either sign expansion (movs) or by zero expansion (movz). With sign expansion, the upper bits of the destination are filled in with copies of the most significant bit of the source value. With zero expansion, the upper bits are filled with zeros.

13. Data Movement Instructions 13 Comparing byte movement instructions Assume initially that %dh = CD, %eax = 98765432 1 movb %dh,%al %eax = 987654CD 2 movsbl %dh,%eax %eax = FFFFFFCD 3 movzbl %dh,%eax %eax = 000000CD

14. More Instructions (OPCODES) 14 PUSHL – push word, double-word or Quad-word on the stack It automatically decrements the stack pointer esp, by 4 POPL – pops the data from the stack Sets the esp automatically It would increment esp

15. More Instructions (Pushl & popl) 15 Increasing address Stack “top” Stack “bottom” 0x108 Stack “top” Stack “bottom” 0x104 Stack “top” Stack “bottom” 0x108 0x123 0 0x108 %eax %edx %esp Initially 0x123 0 0x104 %eax %edx %esp pushl %eax 0x123 0x108 %eax %edx %esp popl %edx 0x123 0x108

16. Sample Code 16.globl _start.text _start: movl $len, %edx movl $msg, %ecx movl $1, %ebx movl $4, %eax int $0x80 movl $0, %ebx movl $1, %eax int $0x80.data msg:.ascii "Hello, world!\n" len =. - msg

17. Compilation & Execution 17

18. Arithmetic and Logical Operations 18  The load effective address instruction leal is actually a variant of the movl instruction.  It has the form of an instruction that reads from memory to a register, but it does not reference memory at all.  Its first operand appears to be a memory reference, but instead of reading from the designated location, the instruction copies the effective address to the destination  For example, if register %edx contains value x, then the instruction leal 7(%edx,%edx,4), %eax will set register %eax to 5x + 7. Load Effective Address

19. Integer arithmetic operations 19 leal S,D D ← &S Load effective address inc D D ← D + 1 Increment dec D D ← D - 1 Decrement neg D D ← -D Negate not D D ← ~D Complement add S,D D ← D + S Add sub S,D D ← D - S Subtract imul S,D D ← D * S Multiply xor S,D D ← D ^ S Exclusive-or or S,D D ← D | S Or and S,D D ← D & S And sal k,D D ← D << k Left shift (Arithmetic) shl k,D D ← D << k Left shift (same as sal) sar k,D D ← D >>A k Arithmetic right shift shr k,D D ← D >>L k Logical right shift

20. Special Arithmetic Operations 20 These operations provide full 64-bit multiplication and division, for both signed and unsigned numbers. The pair of registers %edx and %eax are viewed as forming a single 64-bit quad word.

21. Special Arithmetic Operations 21 Example: Suppose we have signed numbers x and y stored at positions 8 and 12 relative to %ebp, and we want to store their full 64-bit product as 8 bytes on top of the stack. The code would proceed as follows: x at %ebp+8, y at %ebp+12 1 movl 12(%ebp), %eax Put y in %eax 2 imull 8(%ebp) Multiply by x 3 movl %eax, (%esp)Store low-order 32 bits 4 movl %edx, 4(%esp) Store high-order 32 bits

22. Control 22 In addition to the integer registers, the CPU maintains a set of single-bit condition code registers describing attributes of the most recent arithmetic or logical operation. These registers can then be tested to perform conditional branches. The most useful condition codes are: CF: Carry Flag. The most recent operation generated a carry out of the most significant bit. Used to detect overflow for unsigned operations. ZF: Zero Flag. The most recent operation yielded zero. SF: Sign Flag. The most recent operation yielded a negative value. OF: Overflow Flag. The most recent operation caused a two’s-complement overflow—either negative or positive.

23. Control 23 Comparison and test instructions. These instructions set the condition codes without updating any other registers.

24. Control 24 Example: A typical instruction sequence to compute the C expression a < b, where a and b are both of type int, proceeds as follows: Assume that a is in %edx, b is in %eax cmpl %eax, %edx Compare a:b setl %al Set low order byte of %eax to 0 or 1 movzbl %al, %eax Set remaining bytes of %eax to 0 setl; sets the byte in the operand to 1 if the Sign Flag is not equal to the Overflow Flag, otherwise sets the operand to 0.

25. Control 25 Jump Instructions and Their Encodings Under normal execution, instructions follow each other in the order they are listed. A jump instruction can cause the execution to switch to a completely new position in the program. These jump destinations are generally indicated in assembly code by a label. Consider the following (very contrived) assembly-code sequence: movl $0,%eax Set %eax to 0 jmp.L1 Goto.L1 movl (%eax),%edx Null pointer dereference.L1: popl %edx

26. Control 26

27. Control 27 Examples: jmp *%eax uses the value in register %eax as the jump target, and the instruction jmp *(%eax) reads the jump target from memory, using the value in %eax as the read address.

28. Control 28 Jump encoding In assembly code, jump targets are written using symbolic labels. The assembler, and later the linker, generate the proper encodings of the jump targets. There are several different encodings for jumps, but some of the most commonly used ones are PC relative and absolute address encoding.

29. Control 29 An example of PC-relative addressing The following fragment of assembly code was generated by compiling a file silly.c. It contains two jumps: The jle instruction on line 1 jumps forward to a higher address, while the jg instruction on line 8 jumps back to a lower one.

30. Control 30 An example of PC-relative addressing The disassembled version of the “.o” format generated by the assembler is as follows: 0xd + 0xa = 0x17

31. Control 31  Looking at the byte encodings of the instructions, however, we see that the target of the first jump instruction is encoded (in the second byte) as 0xd (decimal 13). Adding this to 0xa (decimal 10), the address of the following instruction, we get jump target address 0x17 (decimal 23), the address of the instruction on line 8.  Similarly, the target of the second jump instruction is encoded as 0xf3 (decimal −13) using a single-byte, two’s- complement representation. Adding this to 0x17 (decimal 23), the address of the instruction on line 8, we get 0xa (decimal 10), the address of the instruction on line 2.

32. Control 32  The following shows the disassembled version of the program after linking: The instructions have been relocated to different addresses, but the encodings of the jump targets in lines 1 and 7 remain unchanged. By using a PC-relative encoding of the jump targets, the instructions can be compactly encoded (requiring just 2 bytes), and the object code can be shifted to different positions in memory without alteration.

33. Translating Conditional Branches 33 The most general way to translate conditional expressions and statements from C into machine code is to use combinations of conditional and unconditional jumps.

34. Translating Conditional Branches 34 The most general way to translate conditional expressions and statements from C into machine code is to use combinations of conditional and unconditional jumps.

35. Procedures 35 A procedure call involves passing both data (in the form of procedure parameters and return values) and control from one part of a program to another. In addition, it must allocate space for the local variables of the procedure on entry and deallocate them on exit. Most machines, including IA32, provide only simple instructions for transferring control to and from procedures. The passing of data and the allocation and deallocation of local variables is handled by manipulating the program stack.

36. 36 Current frame Caller’s frame Saved %ebp Saved registers, local variables, and temporaries Argument build area Return address Argument 1 Argument n Frame pointer %ebp Stack pointer %esp Stack “top” Stack “bottom” Increasing address +4 +8 +4+4n –4 Earlier frames Stack Frame Structure The stack is used for passing arguments, for storing return information, for saving registers, and for local storage

37. 37 Example of procedure definition and call Stack frames for caller and swap_add. Procedure swap_add retrieves its arguments from the stack frame for caller.

38. 38 Example of procedure definition and call

39. Arrays 39 Arrays in C are one means of aggregating scalar data into larger data types. C uses a particularly simple implementation of arrays, and hence the translation into machine code is fairly straightforward. One unusual feature of C is that we can generate pointers to elements within arrays and perform arithmetic with these pointers. These are translated into address computations in machine code.

40. Arrays 40 As examples, consider the following declarations: char A[12]; char *B[8]; double C[6]; double *D[5]; These declarations will generate arrays with the following parameters:

41. Arrays 41 The memory referencing instructions of IA32 are designed to simplify array access. For example, suppose E is an array of int’s, and we wish to evaluate E[i], where the address of E is stored in register %edx and i is stored in register %ecx. Then the instruction movl (%edx,%ecx,4),%eax will perform the address computation, read that memory location, and copy the result to register %eax. The allowed scaling factors of 1, 2, 4, and 8 cover the sizes of the common primitive data types.

42. Questions? 42