Microsoft PowerPoint – 20_X86_Assembly_Language_Part_1
O
SU
C
SE
2
42
1
J.E.Jones
• Required Reading: Computer Systems: A Programmer’s Perspective, 3rd
Edition
• Chapter 3 thru 3.2.1 (inclusive), Section 3.3 through 3.4.2 (inclusive)
O
SU
C
SE
2
42
1
J. E. Jones
“I ain’t gonna lie, I really like this stuff”
“Don’t tell anyone I said this, but I really like X86!”
“There’s so much more control! This is neat!”
“I hate it! I hate it! I hate it!”
“Once you figure it out, it’s actually kinda fun!”
*One of these I made up, guess which one
O
SU
C
SE
2
42
1
J. E. Jones
•The modern meaning of the term computer architecture
covers three aspects of computer design:
-instruction set architecture,
-computer organization and
-computer hardware.
• Instruction set architecture – ISA refers to the actual
programmer visible machine interface such as
instruction set, registers, memory organization, and
exception (i.e., interrupt) handling.
O
SU
C
SE
2
42
1
J. E. Jones
ISA
Compiler OS
CPU
Design
Circuit
Design
Chip
Layout
Application
Program
Assembly Language View
Processor state
Registers, memory, …
Instructions
addq, pushq, ret, …
How instructions are encoded as bytes
Layer of Abstraction
Above: how to program machine
Processor executes instructions in a
sequence
Below: what needs to be built
Use variety of tricks to make it run fast
E.g., execute multiple instructions
simultaneously
O
SU
C
SE
2
42
1
J. E. Jones
•Types of instruction set architectures
•RISC (Reduced Instruction Set Computer)
architecture
•CISC (Complex Instruction Set Computer)
architecture
O
SU
C
SE
2
42
1
J. E. Jones
•Fixed length encoding (All instructions are the same length)
•Simple addressing modes, typically only base and displacement
•Arithmetic & logical operations (ALU operations) work on data in
registers
•The only instructions that can affect memory are load and store
instructions
– Move data from memory to a register (load) or to memory from a
register (store), respectively; this is called load-store architecture
•No condition registers
•RISC processors use less power and generate less heat
•Large number of registers (32, 64 or 128 is typical)
•Register intensive procedural linkage
�Registers used for procedure arguments, return values and addresses
•All processors in smart phones and tablets are of RISC
architecture.
O
SU
C
SE
2
42
1
J. E. Jones
•Variable length encoding (instruction length varies)
-Intel Architecture 32-bit (IA32) instruction length ranges from 1 to
15 bytes
•More addressing modes
-X64 supports displacement, base, index, registers, scale factors, etc.
•Arithmetic and logic operations can be performed on registers or
directly on memory
•Condition codes hold the side effects of instructions
•Use more power and generate more heat, but no one cares
(well, maybe the person who pays the electric bill)
•Stack-intensive procedure linkages
-Stack is used for procedural arguments and return address/values
•This is the ISA for Intel IA-32 processors, and also the basis for the
related 64-bit versions of the ISA (these processors are now found in
over 90% of laptop and desktop computers).
O
SU
C
SE
2
42
1
J. E. Jones
• There are many kinds of assembly
language
•Each different type of processor can have a
different one
•We’re going to use X86-64 because it’s the
processor that stdlinux is based on.
O
SU
C
SE
2
42
1
J. E. Jones
CPU
Programmer-Visible State
◦ PC: Program counter
Address of next instruction
Called “RIP” (x86-64)
◦ Register file
Heavily used program data
◦ Condition codes
Store status information about most recent arithmetic or logical operation
Used for conditional branching
◦ Memory
Byte addressable array
Code and user data
Stack to support procedures
PC
Registers
Memory
Code
Data
Stack
Addresses
Data
InstructionsCondition
Codes
O
SU
C
SE
2
42
1
J. E. Jones
C Code (sum.c)
long plus(long x, long y);
void sumstore(long x, long y, long *dest)
{
long t = plus(x, y);
*dest = t;
}
Generated x86-64 Assembly subset*
sumstore:
pushq %rbx
movq %rdx, %rbx
call plus
movq %rax, (%rbx)
popq %rbx
ret
Obtain with command
gcc –S sum.c
Produces file sum.s
Warning: Will get very different results on different machines (Linux, Mac OS-
X, …) due to different versions of gcc and different compiler settings.
O
SU
C
SE
2
42
1
J. E. Jones
Sometimes, it can be educational to create a program in
C, compile it with the –S option and then inspect the .s
file to learn some assembly language instructions and
techniques.
Should you choose to do this (or use some other means
to generate assembler code rather than write it yourself)
and turn it in as part of your x86 assembler
programming assignments, you are committing
academic misconduct.
The CoAM committee will be informed.
O
SU
C
SE
2
42
1
J. E. Jones
Any processor you work with will have registers.
◦ How many and their names will change depending upon the ISA.
◦ For example, x86-64 has 16 8-byte integer registers, but x86-32 has
8 4-byte registers.
◦ There are a separate set up registers that are used for floating point
data types. These expect IEE 754 format. We will not be using them
during this course.
Registers are named storage locations in the CPU that
hold values
We can use them similarly to block scope variables
(primitive integer data types only), realizing that they will
disappear when our function ends.
O
SU
C
SE
2
42
1
J. E. Jones
O
SU
C
SE
2
42
1
J. E. Jones
%rsp
◦ Can reference low-order 4 bytes (also low-order 1 & 2 bytes)
• *See Figure 3.2, page 180 of Bryant/O’Halloran for 1-byte register names
%eax
%ebx
%ecx
%edx
%esi
%edi
%esp
%r8d
%r9d
%r10d
%r11d
%r12d
%r13d
%r14d
%r15d
%r8
%r9
%r10
%r11
%r12
%r13
%r14
%r15
%rax
%rbx
%rcx
%rdx
%rsi
%rdi
%rbp
%ax
%bx
%cx
%dx
%si
%di
%sp
%r8w
%r9w
%r10w
%r11w
%r12w
%r13w
%r14w
%r15w%ebp %bp
O
SU
C
SE
2
42
1
J. E. Jones
%eax
%ecx
%edx
%ebx
%esi
%edi
%esp
%ebp
%ax
%cx
%dx
%bx
%si
%di
%sp
%bp
%ah
%ch
%dh
%bh
%al
%cl
%dl
%bl
16-bit virtual registers
(backwards compatibility)
ge
ne
ra
l p
ur
po
se
accumulate
counter
data
base
source
index
destination
index
stack
pointer
base
pointer
Origin
(mostly obsolete)
O
SU
C
SE
2
42
1
J. E. Jones
rax, rbx, rcx, rdx
◦ These registers can be accessed in parts in x86-64 (replace R below by a,
b, c, or d):
rRx – Refers to 64-bit register
eRx – Refers to 32-bit register
Rx – Refers to the lower (least significant) 16 bits of eRx
Rh – Refers to the top (most significant) 8 bits of the Rx bit register
(buggy in x86-64, but works in 32-bit processors)
Rl – Refers to the lower 8 bits of the Rx register
Refer to Figure 3.2, page 180 of Bryant/O’Halloran
for the names of other registers of each size.
O
SU
C
SE
2
42
1
J. E. Jones
We can use *any* of the x86 registers in our programs except rsp and
rbp.
◦ There are some “rules” to follow that we’ll look at later, but for now
just know that all of them (except rsp/rbp) are usable.
rax, rbx, rcx, rdx, rdi, rsi, and r8 through r15 and their sub-parts are used as
general-purpose registers
◦ Can be used to store integer data types and addresses
rsp and rbp are used as stack management registers, and should not be
used for any other purpose
◦ rsp is the address of the top of the stack (it points to the last value
pushed onto the stack)
rsp is initialized by the operating system, we have access to the register.
Several x86-64 instructions affect its value, and we can explicitly change it,
too.
◦ rbp is a frame pointer: it points to the bottom of the stack frame of the
function which is currently executing.
rbp must be set at the beginning of the function, after preserving the value of rbp
for the caller function.
We will see how this is done in X86-64 soon.
O
SU
C
SE
2
42
1
J. E. Jones
The X86-64 CPU has:
16 64-bit general purpose registers
Up to 64 condition codes (RFLAGS/EFLAGS)
single-bit flags set by arithmetic or logical instruction
there are 4 that we care about
A program counter (%rip)
Holds the address of the current/next instruction
An instruction register, too, but we won’t explicitly access it
Memory: Consider it to be a byte-addressable storage array. Words
stored in little-endian byte order since we’re using an Intel chip.
It also has other things like an FPU, XMM registers and MXX
registers, but we aren’t going to work with those in Systems 1.
ZF SF OF
Integer registers
RFLAGS:
Condition
codes
%rip
%r8
%r9
%r10
%r11
%r12
%r13
%r14
%r15
%rax
%rcx
%rdx
%rbx
%rsp
%rbp
%rsi
%rdi
CF
O
SU
C
SE
2
42
1
J. E. Jones
•Not all 64 condition code bits are defined, here are some common
ones and their definition:
•The ones in green are of concern to us.
Symbol Bit Name Set if….
CF 0 Carry Operation generated a carry or borrow
PF 2 Parity Last byte has even number of 1‟s, else 0
AF 4 Adjust Denotes Binary Coded Decimal in-byte
carry
ZF 6 Zero Result was 0
SF 7 Sign Most significant bit of result is 1
OF 11 Overflow Overflow on signed operation
DF 10 Direction Direction string instructions operate
(increment or decrement)
ID 21 Identification Changeability denotes presence of
CPUID instruction
O
SU
C
SE
2
42
1
J. E. Jones
•ZF – Set if the result of the last ALU operation
(arithmetic/logical operation) is 0
•SF – Set if the result of the last ALU operation resulted in the
sign bit (msb, or most significant bit) of the result being set
(that is, equal to 1)
•OF – Set if the result of the last ALU operation resulted in
overflow for a signed operation (i.e. carryout/carry in of MSB
are not same value)
•CF – Set if the result of the last ALU operation resulted in
overflow for an unsigned operation (i.e. carry out of MSB is 1)
NOTE: 1) ALU operations set condition codes implicitly (other operations do not)
2) ALU doesn’t know if operation is signed or unsigned so OF/CF
are both set for both
3) There are ways to set condition codes explicitly that we’ll look at later
O
SU
C
SE
2
42
1
J. E. Jones
Four General Categories of Statements in Computer Languages
◦ Declarations (optional in some languages like Python)
◦ Data Movement
Memory to function variables (registers in assembler)
Function variables (register) to function variables (register)
Function variables (register) to memory
◦ Arithmetic/Logical Operations
Compare something
Calculate something
◦ Control-Flow
Procedure/function calls
Looping
Conditionals
O
SU
C
SE
2
42
1
J. E. Jones
All four categories
◦ Declarations (in a very simplistic manner)
◦ Data Movement
◦ Arithmetic/Logical (ALU) operations
◦ Control-Flow
We will not cover ALL x86 instructions (there are hundreds);
there are numerous obscure ones.
We will cover many of the common instructions.
For full list of instructions see Intel’s instruction set reference.
O
SU
C
SE
2
42
1
J. E. Jones
We will only learn AT&T syntax for x86.
◦ Not because I used to work there. This was the case in Systems 1
long before I got here.
Be careful when you use a search engine for questions!
◦ You may find answers that display Intel syntax rather than AT&T
syntax.
◦ Intel vs AT&T syntax switch source and destination positions within
the instruction, among other small differences
◦ Search engines also don’t necessarily discriminate between 32-bit vs
64-bit processor results unless you specifically search that way.
◦ Could be confusing.
O
SU
C
SE
2
42
1
J. E. Jones
Opcode operand1, operand2, operand3
◦ Opcode is the “name” of the instruction in assembly language, which
does a certain kind of operation on the processor: for example, mov
(which moves data), add, jmp, etc.
◦ We will use this shorthand for instruction operands: op1, op2, op3
Which operands are required or optional depends on the opcode (covered
in the slides below for each of the opcodes or instructions that we will look
at)
O
SU
C
SE
2
42
1
J. E. Jones
In AT&T format, the size of the operands is specified with suffixes, q, l, w, and b
appended to the opcode
◦ q – quad word, or 64-bit operand
◦ l – long word, or 32-bit operand
◦ w – word, or 16-bit operand
◦ b – byte, or 8-bit operand
Most instructions that we will use will have the q suffix for 64-bit operands, but we
will make some use of 1 byte, 2 byte and 4-byte operands.
If you omit the suffix, the assembler will attempt to determine it from the operands
involved, but this is dangerous (the assembler will not always generate a machine
instruction that operates on data of the size you want). This can cause bugs which
are extremely difficult to track down, so be sure to include the operand size suffix
always!
Many opcodes in the syntax information below are given without suffixes; you
must add the appropriate suffix when you write assembly language instructions.
The examples show opcodes with operand size suffixes.
O
SU
C
SE
2
42
1
J. E. Jones
Operands can be of different sizes: 1, 2, 4 or 8 bytes
◦ Data Movement and Arithmetic/Logic operations in
ATT format use an instruction opcode suffix (q, b,
w, or l) to specify operand size.
◦ Because of this, we also need registers (or parts of
registers) which have a size of 1, 2, 4, or 8 bytes
(see later slide).
X86-64 ISA uses one-bit flags (z, s, c and o) in the
RFLAGS register (more on this later); to signify that
the result of the most recent ALU operation was 0,
negative, carry out or resulted in overflow.
O
SU
C
SE
2
42
1
J. E. Jones
Integer data of 1, 2, 4, or 8 bytes
◦ Data values
◦ Addresses (untyped pointers)
Floating point data of 4, 8, or 10 bytes
Code: Byte sequences encoding series of instructions
No aggregate types such as arrays or structures
◦ Just contiguously allocated bytes in memory
◦ That doesn’t mean we can’t work something out.
O
SU
C
SE
2
42
1
J. E. Jones
Perform arithmetic function on register or memory data
Transfer data between memory and register
◦ Load data from memory into register
◦ Store register data into memory
Transfer control
◦ Unconditional jumps to/from procedures
◦ Conditional branches
O
SU
C
SE
2
42
1
J. E. Jones
The mov instruction copies a value from one location (operand1) to
another location (operand2).
◦ We must explicitly indicate how many bytes to move with the instruction suffix
◦ We must explicitly indicate with how we reference operand1 and operand2 the
size of the source and destination of the move(copy).
◦ The instruction suffix, the size of operand1 and the size of operand2 must all
match! This is consistent with what the compiler expects on either side of the
equals sign in C programming.
movq %rax, %rbx
◦ Opcode with operand size suffix – movq copy 8 bytes from
◦ Operand1 (op1) – register rax* register rax
◦ Operand2 (op2) – register rbx* to register rbx
*you must put a % in front of a register name in instructions
O
SU
C
SE
2
42
1
J. E. Jones
movl %eax, %ebx
◦ Opcode with operand size suffix – movl copy 4 bytes from
◦ Operand1 (op1) – register eax register eax
◦ Operand2 (op2) – register ebx to register ebx
movw %ax, %bx
◦ Opcode with operand size suffix – movw copy 2 bytes from
◦ Operand1 (op1) – register ax register ax
◦ Operand2 (op2) – register bx to register bx
movb %al, %bl
◦ Opcode with operand size suffix – movb copy 1 byte from
◦ Operand1 (op1) – register al register al
◦ Operand2 (op2) – register bl to register bl
O
SU
C
SE
2
42
1
J. E. Jones
Moving Data
movX Source, Dest:
Operand Types
◦ Immediate: Constant integer data
Example: $0x400, $-533, $4
Like C constant, but prefixed with ‘$’
Encoded with 1, 2, 4 or 8 bytes
◦ Register: One of 16 integer registers
Example: %rax, %r13
But %rsp reserved for special use
Others have special uses for particular
instructions
◦ Memory: 8 consecutive bytes of memory at
address given by register
Simplest example: (%rax)
Various other “address modes”
%rax
%rcx
%rdx
%rbx
%rsi
%rdi
%rsp
%rbp
%rN (8<=N<=15) Parentheses mean read from the address in the specified register! (i.e., use value in register as a pointer!) O SU C SE 2 42 1 J. E. Jones Cannot do memory-memory transfer with a single instruction movX Imm Reg Mem Reg Mem Reg Mem Reg Source Dest C Analog movq $0x4,%rax temp = 0x4; movq $-147,(%rax) *p = -147; movq %rax,%rdx temp2 = temp1; movq %rax,(%rdx) *p = temp; movq (%rax),%rdx temp = *p; Src,Dest O SU C SE 2 42 1 J. E. Jones Normal (R) Mem[Reg[R]] ◦ Register R specifies memory address ◦ Aha! Pointer dereferencing in C movq (%rcx),%rax [rax = *rcx] ◦ movq %rcx, (%rax) [*rax = rcx] Displacement D(R) Mem[Reg[R]+D] ◦ Register R specifies start of memory region ◦ Constant displacement D specifies offset movq 8(%rbp),%rdx [rdx = *(rbp+8)]