Lecture Topics
• x86 instructions
• Operate instructions
• Data movement instructions
• Conditional codes
• Control flow instructions
• Assembler conventions
• Code example
Aministrivia
• MP0
– In TAs office hours by 2/2
– you can hand in anytime during office hours
Lecture Recordings
ZJUI Students Lecture Recordings
Discussion Recordings
Live Discussion (Zoom link)
Lecture Slides Discussion Slides
Office Hours
Go to “Office Hours” tab on the class web sit:
Introduction and Basics
• What is x86? (Intel-32-bit architecture)
– variable-length instruction encoding (1-16 bytes)
– small register set: 8 mostly general-purpose – 32-bit, byte-addressable address space
– complex addressing modes
– many data types supported by hardware
Registers
Z. Kalbarczyk
General purpose registers
extended, i.e., 32-bit
EAX accumulator
EBX base (of array)
ECX count (for loops)
EDX data (2nd operand)
ESI source index (string copy)
EDI destination index
EBP base pointer (base of stack frame) ESP stack pointer
Registers
EIP instruction pointer EFLAGS flags/condition codes
• Use % as a prefix for registers in assembly
• Other registers: floating-point, MMX, etc. (not discussed in this class)
Data Types
• 8-, 16-, 32-bit unsigned and 2’s complement
• IEEEsingle-anddouble-precisionfloating point
• Intel “extended” f.p. (80-bit)
• ASCIIstrings
• Binary-coded decimal
Memory
• Microprocessor addresses a maximum of 2n different memory locations, where n is a number of bits on the address bus
• Memory
– x86 supports byte addressable memory
– byte (8 bits) is a basic memory unit
– e.g., when you specify address 24 in memory, you get the entire eight bits
– when the microprocessors address a 16-bit word of memory, two consecutive bytes are accessed
Z. Kalbarczyk
How are bytes stored to memory?
big-endian (big end first)
0x12345678
x86 uses this approach
0x78, 0x56, 0x34, 0x12
in consecutive memory locations
EAX (4 bytes)
little-endian (little end first)
larger addresses
x86 Instructions – Basics
• Operations, data movement, condition codes, control flow, stack ops, data size conversion
Operations
arithmetic ADD SUB NEG INC DEC
logical shift AND SHL
OR SAR NOT SHR XOR ROL
ROR
• typically 2-operand instructions (destination and one source are the same)
Operations – Example
second source destination and first source
ORL operation
%ECX, %EBX
data type (technically optional)
L = long (32b) W = word (16b)
B = byte (8b)
# EBX EBX OR ECX comment marker
$0________ octal
ANDL 0, %EAX
$53
• how big can they get? – usually up to 32 bits
decimal
Immediate Values
immediate value marker
what does the following $0x_______ hex instruction do?
answer is NOT EAX 0
instead:
EAX EAX AND M[0] (usually crashes)
1,2, …..9
– larger constants → longer instructions
– length of operand must be encoded, too
Data Movement: Memory Addressing
Memory operand has this general form
address is: displacement + SR1 + SR2 * scale
displacement(SR1,SR2,scale)
defaults to 0
1,2,4,8 (defaults to 1) any but ESP
any
Instructions
immediate, register, or memory reference
MOV src, dst LEA src, dst
register, or memory reference
register only
memory reference only – address stored in dst
• Examples:
(can’t both be memory references)
MOVW %DX, 0x10(%EBP) # M[EBP + 0x10] DX MOVB (%EBX,%ESI,4), %CL # CL M[EBX + ESI * 4]
Instructions: Examples to Solve
EAX M[0x10000 + ECX] [answer] MOVL 0x10000(%ECX), %EAX
M[LABEL] DI [answer] MOVW %DI, LABEL
[answer]
ESI LABEL + 4 (two ways!) MOVL $LABEL + 4, %ESI
LEAL LABEL + 4, %ESI
ESI LABEL + EAX + 4
LEAL LABEL + 4(%EAX), %ESI
expression calculated by assembler; instruction holds one displacement value
[answer]
[answer]
EAX M[0x10000 + ECX] MOVL 0x10000(%ECX) , %EAX
M[LABEL] DI MOVW %DI , LABEL
Instructions: Examples to Solve
[answer]
[answer] MOVL $LABEL + 4 , %ESI
ESI LABEL + 4 (two ways!) LEAL LABEL + 4 , %ESI
ESI LABEL + EAX + 4 [answer] LEAL LABEL + 4(%EAX), %ESI
Condition Codes (in EFLAGS)
• Among others (not mentioned in this class)…
SF: sign flag: result is negative when viewed as 2’s complement data type
ZF: zero flag: result is exactly zero
CF: carry flag: unsigned carry or borrow occurred
(or other, instruction-dependent meaning, e.g., on shifts)
OF: overflow flag: 2’s complement overflow (and other instruction-dependent meanings)
PF: parity flag: even parity in result (even # of 1 bits)
Z. Kalbarczyk
What Instructions Set Flags (condition codes)?
• Not all instructions set flags
• Some instructions set some flags!
• Use CMP or TEST to set flags:
CMPL %EAX, %EBX # flags (EBX – EAX) TESTL %EAX, %EBX # flags (EBX AND EAX)
• Note that EBX does not change in either case
• What combinations of flags are needed for unsigned/signed relationships comparator?
Z. Kalbarczyk
Control Flow Instructions (1)
• Consider two three-bit values A and B; How to decide if A
signed jne jl jle je jge jg
• in general, can add “n” after “j” to negate sense
• forms shown are those used when disassembling – do not expect binary to retain your version
– e.g., “jnae” becomes “jb”