Binary Representations
Bits, Bytes, and Integers 0 1 0
3.3V CSci 2021: Machine Architecture and Organization Lectures #2-4, January 23rd-28th, 2015 2.8V
Your instructor: Stephen McCamant 0.5V 0.0V Based on slides originally by: Randy Bryant, Dave O’Hallaron, Antonia Zhai
1 2
Encoding Byte Values Byte-Oriented Memory Organization
Byte = 8 bits
. Binary 000000002 to 111111112 0 0 0000 • • • . Decimal: 010 to 25510 1 1 0001 2 2 0010 . Hexadecimal 0016 to FF16 3 3 0011 4 4 0100 . Base 16 number representation Programs Refer to Virtual Addresses 5 5 0101 . Use characters ‘0’ to ‘9’ and ‘A’ to ‘F’ 6 6 0110 . Conceptually very large array of bytes 7 7 0111 . Write FA1D37B16 in C as 8 8 1000 . Actually implemented with hierarchy of different memory types – 0xFA1D37B 9 9 1001 . System provides address space private to particular “process” A 10 1010 – 0xfa1d37b B 11 1011 . Program being executed C 12 1100 . Program can clobber its own data, but not that of others D 13 1101 E 14 1110 Compiler + Run-Time System Control Allocation F 15 1111 . Where different program objects should be stored . All allocation within single virtual address space
3 4
Machine Words Word-Oriented Memory Organization 32-bit 64-bit Bytes Addr. Machine Has “Word Size” Addresses Specify Byte Words Words . Nominal size of integer-valued data Locations 0000 Addr 0001 . Including addresses . Address of first byte in word = 0000?? 0002 . Most current machines use 32 bits (4 bytes) words . Addresses of successive words differ Addr 0003 . by 4 (32-bit) or 8 (64-bit) = Limits addresses to 4GB 0000?? 0004 . Becoming too small for memory-intensive applications Addr 0005 = . High-end systems use 64 bits (8 bytes) words 0004?? 0006 . Potential address space ≈ 1.8 X 1019 bytes 0007 0008 . x86-64 machines support 48-bit addresses: 256 Terabytes Addr 0009 . = Machines support multiple data formats 0008?? 0010 Addr . Fractions or multiples of word size = 0011 . Always integral number of bytes 0008?? 0012 Addr 0013 = 0012?? 0014 0015 5 6
1 Data Representations Byte Ordering
How should bytes within a multi-byte word be ordered in C Data Type Typical 32-bit Intel IA32 x86-64 memory? char 1 1 1 Conventions short 2 2 2 . Big Endian: Sun, PPC Mac, Internet convention int 4 4 4 . Least significant byte has highest address
long 4 4 8 . Little Endian: x86, VAX . Least significant byte has lowest address long long 8 8 8
float 4 4 4
double 8 8 8
long double 8 10/12 10/16
pointer 4 4 8
7 8
Byte Ordering Example Reading Byte-Reversed Listings
Big Endian Disassembly . Least significant byte has highest address . Text representation of binary machine code Little Endian . Generated by program that reads the machine code . Least significant byte has lowest address Example Fragment Example Address Instruction Code Assembly Rendition . Variable x has 4-byte representation 0x01234567 8048365: 5b pop %ebx 8048366: 81 c3 ab 12 00 00 add $0x12ab,%ebx . Address given by &x is 0x100 804836c: 83 bb 28 00 00 00 00 cmpl $0x0,0x28(%ebx)
Deciphering Numbers Big Endian 0x100 0x101 0x102 0x103 . Value: 0x12ab 01 23 45 67 . Pad to 32 bits: 0x000012ab Little Endian 0x100 0x101 0x102 0x103 . Split into bytes: 00 00 12 ab 67 45 23 01 . Reverse: ab 12 00 00
9 10
Examining Data Representations show_bytes Execution Example
Code to Print Byte Representation of Data int a = 15213; . Casting pointer to unsigned char * creates byte array printf("int a = 15213;\n"); show_bytes((unsigned char *) &a, sizeof(int));
void show_bytes(unsigned char *start, int len){ int i; for (i = 0; i < len; i++) printf(”%p\t0x%.2x\n",start+i, start[i]); Result (Linux): printf("\n"); } int a = 15213; 0xbffffcb8 0x6d 0xbffffcb9 0x3b 0xbffffcba 0x00 Printf directives: %p: Print pointer 0xbffffcbb 0x00 %x: Print Hexadecimal
11 12
2 Decimal: 15213 Representing Integers Binary: 0011 1011 0110 1101 Representing Pointers Hex: 3 B 6 D int B = -15213; int *P = &B; int A = 15213; long int C = 15213; IA32, x86-64 Sun Sun IA32 x86-64 IA32 x86-64 Sun 6D 00 EF D4 0C 6D 6D 00 3B 00 FF F8 89 3B 3B 00 00 3B FB FF EC 00 00 3B 00 6D 00 00 6D 2C BF FF 00 FF int B = -15213; 00 7F 00 IA32, x86-64 Sun 00 00 93 FF 00 C4 FF FF C4 FF 93 Two’s complement representation Different compilers & machines assign different locations to objects (Covered later) 13 14
Representing Strings Aside: ASCII table char S[6] = "18243"; Strings in C . Represented by array of characters 0 1 2 3 4 5 6 7 8 9 a b c d e f . Each character encoded in ASCII format Linux/Alpha Sun 0x0_ \0 ^A ^B ^C ^D ^E ^F ^G ^H \t \n ^K ^L ^M ^N ^O . Standard 7-bit encoding of character set 31 31 0x1_ ^P ^Q ^R ^S ^T ^U ^V ^W ^X ^Y ^Z ESC FS GS RS US . Character “0” has code 0x30 38 38 0x2_ SPC ! " # $ % & ' ( ) * + , - . / – Digit i has code 0x30+i 32 32 0x3_ 0 1 2 3 4 5 6 7 8 9 : ; < = > ? . String should be null-terminated 34 34 0x4_ @ A B C D E F G H I J K L M N O . Final character = 0 33 33 0x5_ P Q R S T U V W X Y Z [ \ ] ^ _ Compatibility 00 00 0x6_ ` a b c d e f g h I j k l m n o . Byte ordering not an issue 0x7_ p q r s t u v w x y z { | } ~ DEL
15 16
Today: Bits, Bytes, and Integers Homework turn-in process
Representing information as bits For full credit: turn in at the beginning of class on the due
(Logistics interlude) date . On-time = 3:35pm, or when I start lecturing, whichever is later Bit-level manipulations . Yes, this means you have to come to class on time (that day) Integers We strongly recommend typing your assignments on a . Representation: unsigned and signed computer, not hand-writing . Conversion, casting . Expanding, truncating Late submissions only will be online using the Moodle . Addition, negation, multiplication, shifting Do not turn in paper assignments at other times Summary . This helps us stay organized
17 18
3 2021-dedicated VMs now available Boolean Algebra
SSH into: xA-B.cselabs.umn.edu Developed by George Boole in 19th Century . Where A is 21, 22, or 23 . Algebraic representation of logic . And B is 01, 02, 03, 04, or 05 . Encode “True” as 1 and “False” as 0 . E.g., x22-02.cselabs.umn.edu And (math: ∧) Or (math: ∨)
32-bit version of Ubuntu Linux version 14.04 A&B = 1 when both A=1 and B=1 A|B = 1 when either A=1 or B=1 Do not run graphical programs (Firefox, etc.) on these machines (it would be slow anyway)
If you prefer to use other CSE Labs Linux machines, give the -m32 option to GCC to get 32-bit binaries Not (math: ¬) Exclusive-Or “xor” (math: ⊕)
~A = 1 when A=0 A^B = 1 when either A=1 or B=1, but not both
19 20
Application of Boolean Algebra General Boolean Algebras
Applied to Digital Systems by Claude Shannon Operate on Bit Vectors . 1937 MIT Master’s Thesis . Operations applied bitwise . Reason about networks of relay switches 01101001 01101001 01101001 . Encode closed switch as 1, open switch as 0 & 01010101 | 01010101 ^ 01010101 ~ 01010101 01000001 01111101 00111100 10101010 A&~B Connection when All of the Properties of Boolean Algebra Apply A ~B A&~B | ~A&B ~A B
~A&B = A^B
21 22
Representing & Manipulating Sets Bit-Level Operations in C
Representation Operations &, |, ~, ^ Available in C . Width w bit vector represents subsets of {0, …, w–1} . Apply to any “integral” data type . . aj = 1 if j ∈ A long, int, short, char, unsigned . View arguments as bit vectors . 01101001 { 0, 3, 5, 6 } . Arguments applied bit-wise . 76543210 Examples (Char data type) . ~0x41 → 0xBE . 01010101 { 0, 2, 4, 6 } . ~010000012 → 101111102 . 76543210 . ~0x00 → 0xFF . ~000000002 → 111111112 Operations . 0x69 & 0x55 → 0x41 . & Intersection 01000001 { 0, 6 } . 011010012 & 010101012 → 010000012 . | Union 01111101 { 0, 2, 3, 4, 5, 6 } . 0x69 | 0x55 → 0x7D
. ^ Symmetric difference 00111100 { 2, 3, 4, 5 } . 011010012 | 010101012 → 011111012 . ~ Complement 10101010 { 1, 3, 5, 7 } 23 24
4 Contrast: Logic Operations in C Shift Operations
Contrast to Logical Operators Left Shift: x << y Argument x 01100010 . &&, ||, ! . Shift bit-vector x left y positions << 3 00010000 . View 0 as “False” – Throw away extra bits on left Log. >> 2 00011000 . Anything nonzero as “True” . Fill with 0’s on right Arith. >> 2 00011000 . Always return 0 or 1 Right Shift: x >> y . Early termination (AKA “short-circuit evaluation”) . Shift bit-vector x right y positions Examples (char data type) . Throw away extra bits on right Argument x 10100010 . !0x41 → 0x00 . Logical shift << 3 00010000 . !0x00 → 0x01 . Fill with 0’s on left Log. >> 2 00101000 . !!0x41 → 0x01 . Arithmetic shift Arith. >> 2 11101000 . 0x69 && 0x55 → 0x01 . Replicate most significant bit on right . 0x69 || 0x55 → 0x01 Undefined Behavior . p && *p (avoids null pointer access) . Shift amount < 0 or ≥ word size
25 26
Exercise break: flip case Today: Bits, Bytes, and Integers
/* Convert lowercase to uppercase and vice-versa, Representing information as bits return any other characters unchanged */ char flip_case(char c){ Bit-level manipulations if (c >= 'A' && c <= 'Z') { /* 0x41 through 0x5A */ Integers return ______;c | 0x20 } else if (c >= 'a' && c <= 'z') { . Representation: unsigned and signed /* 0x61 through 0x7A */ . Conversion, casting return ______;c & ~0x20 } else { . Expanding, truncating return c; . Addition, negation, multiplication, shifting } } Summary
Fill in the blanks, using bitwise operators
27 28
Encoding Integers Encoding Example (Cont.) x = 15213: 00111011 01101101 Unsigned Two’s Complement y = -15213: 11000100 10010011 w1 w2 i w1 i B2U(X) xi 2 B2T(X) xw1 2 xi 2 i0 i0 Weight 15213 -15213 1 1 1 1 1 short int x = 15213; 2 0 0 1 2 short int y = -15213; Sign 4 1 4 0 0 Bit 8 1 8 0 0 C short 2 bytes long 16 0 0 1 16 32 1 32 0 0 Decimal Hex Binary x 15213 3B 6D 00111011 01101101 64 1 64 0 0 y -15213 C4 93 11000100 10010011 128 0 0 1 128 256 1 256 0 0 Sign Bit 512 1 512 0 0 . For 2’s complement, most significant bit indicates sign 1024 0 0 1 1024 2048 1 2048 0 0 . 0 for nonnegative 4096 1 4096 0 0 . 1 for negative 8192 1 8192 0 0 16384 0 0 1 16384 -32768 0 0 1 -32768
29 Sum 15213 -15213 30
5 Numeric Ranges Values for Different Word Sizes
Unsigned Values Two’s Complement Values W . UMin = 0 w–1 . TMin = –2 8 16 32 64 000…0 100…0 UMax 255 65,535 4,294,967,295 18,446,744,073,709,551,615 . UMax = 2w – 1 . TMax = 2w–1 – 1 TMax 127 32,767 2,147,483,647 9,223,372,036,854,775,807 111…1 011…1 TMin -128 -32,768 -2,147,483,648 -9,223,372,036,854,775,808
Other Values . Minus 1 Observations C Programming 111…1 . |TMin | = TMax + 1 . #include
31 32
Unsigned & Signed Numeric Values Today: Bits, Bytes, and Integers X B2U(X) B2T(X) Equivalence 0000 0 0 . Same encodings for nonnegative Representing information as bits 0001 1 1 values Bit-level manipulations 0010 2 2 Uniqueness 0011 3 3 Integers 0100 4 4 . Every bit pattern represents . Representation: unsigned and signed unique integer value 0101 5 5 . Conversion, casting . Each representable integer has 0110 6 6 . Expanding, truncating 0111 7 7 unique bit encoding . Addition, negation, multiplication, shifting 1000 8 –8 Can Invert Mappings 1001 9 –7 Summary . U2B(x) = B2U-1(x) 1010 10 –6 1011 11 –5 . Bit pattern for unsigned 1100 12 –4 integer 1101 13 –3 . T2B(x) = B2T-1(x) 1110 14 –2 . Bit pattern for two’s comp 1111 15 –1 integer
33 34
Announcement interlude: Lab 1 out Mapping Between Signed & Unsigned
Lab 0 (Hello, world) is due tonight Two’s Complement Unsigned Lab 1 on data representation is out T2U x T2B B2U ux Basic idea: puzzles implementing operations with other X operations . E.g., implement logical right shift using only arithmetic right shift Maintain Same Bit Pattern Most problems relate to bitwise operations and two’s Two’s Complement complement rules Unsigned U2T ux U2B B2T x . I.e., you can start working on them now X Increasing difficulty, try the easier ones first Maintain Same Bit Pattern Two questions relating to floating point
Mappings between unsigned and two’s complement numbers: keep bit representations and reinterpret
35 36
6 Mapping Signed Unsigned Mapping Signed Unsigned
Bits Signed Unsigned Bits Signed Unsigned 0000 0 0 0000 0 0 0001 1 1 0001 1 1 0010 2 2 0010 2 2 0011 3 3 0011 3 = 3 0100 4 4 0100 4 4 0101 5 T2U 5 0101 5 5 0110 6 6 0110 6 6 0111 7 U2T 7 0111 7 7 1000 -8 8 1000 -8 8 1001 -7 9 1001 -7 9 1010 -6 10 1010 -6 10 1011 -5 11 1011 -5 +/- 16 11 1100 -4 12 1100 -4 12 1101 -3 13 1101 -3 13 1110 -2 14 1110 -2 14 1111 -1 15 1111 -1 15
37 38
Relation between Signed & Unsigned Conversion Visualized
2’s Comp. Unsigned Two’s Complement Unsigned . Ordering Inversion UMax T2U UMax – 1 x T2B B2U ux . Negative Big Positive X
Maintain Same Bit Pattern TMax + 1 Unsigned TMax TMax Range w–1 0 ux + + + • • • + + + x - + + • • • + + + x x 0 2’s Complement 0 0 ux w Range x 2 x 0 –1 Large negative weight –2 becomes Large positive weight TMin 39 40
Signed vs. Unsigned in C Casting Surprises Expression Evaluation Constants . If there is a mix of unsigned and signed in single expression, . By default are considered to be signed integers signed values implicitly cast to unsigned . Unsigned if have “U” as suffix . Including comparison operations <, >, ==, <=, >= 0U, 4294967259U . Examples for W = 32: TMIN = -2,147,483,648 , TMAX = 2,147,483,647 Casting Constant1 Constant2 Relation Evaluation . Explicit casting between signed & unsigned same as U2T and T2U 0 0U == unsigned int tx, ty; -1 0 < signed unsigned ux, uy; tx = (int) ux; -1 0U > unsigned uy = (unsigned) ty; 2147483647 -2147483647-1 > signed 2147483647U -2147483647-1 < unsigned . Implicit casting also occurs via assignments and procedure calls -1 -2 > signed tx = ux; (unsigned)-1 -2 > unsigned uy = ty; 2147483647 2147483648U < unsigned 2147483647 (int) 2147483648U > signed 41 42
7 Code Security Example Typical Usage
/* Kernel memory region holding user-accessible data */ /* Kernel memory region holding user-accessible data */ #define KSIZE 1024 #define KSIZE 1024 char kbuf[KSIZE]; char kbuf[KSIZE];
/* Copy at most maxlen bytes from kernel region to user buffer */ /* Copy at most maxlen bytes from kernel region to user buffer */ int copy_from_kernel(void *user_dest, int maxlen) { int copy_from_kernel(void *user_dest, int maxlen) { /* Byte count len is minimum of buffer size and maxlen */ /* Byte count len is minimum of buffer size and maxlen */ int len = KSIZE < maxlen ? KSIZE : maxlen; int len = KSIZE < maxlen ? KSIZE : maxlen; memcpy(user_dest, kbuf, len); memcpy(user_dest, kbuf, len); return len; return len; } }
#define MSIZE 528 Similar to code found in FreeBSD’s implementation of void getstuff() { getpeername char mybuf[MSIZE]; copy_from_kernel(mybuf, MSIZE); There are legions of smart people trying to find printf(“%s\n”, mybuf); vulnerabilities in programs }
43 44
Malicious Usage /* Declaration of library function memcpy */ Summary void *memcpy(void *dest, void *src, size_t n); Casting Signed ↔ Unsigned: Basic Rules /* Kernel memory region holding user-accessible data */ #define KSIZE 1024 char kbuf[KSIZE]; Bit pattern is maintained
/* Copy at most maxlen bytes from kernel region to user buffer */ But reinterpreted int copy_from_kernel(void *user_dest, int maxlen) { w /* Byte count len is minimum of buffer size and maxlen */ Can have unexpected effects: adding or subtracting 2 int len = KSIZE < maxlen ? KSIZE : maxlen; memcpy(user_dest, kbuf, len); return len; Expression containing signed and unsigned int } . int is cast to unsigned!!
#define MSIZE 528
void getstuff() { char mybuf[MSIZE]; copy_from_kernel(mybuf, -MSIZE); . . . }
45 46
Today: Bits, Bytes, and Integers Sign Extension
Task: Representing information as bits . Given w-bit signed integer x Bit-level manipulations . Convert it to w+k-bit integer with same value Integers Rule: . Representation: unsigned and signed . Make k copies of sign bit: . Conversion, casting . X = xw–1 ,…, xw–1 , xw–1 , xw–2 ,…, x0 . Expanding, truncating . Addition, negation, multiplication, shifting k copies of MSB w Summary X • • •
• • • X • • • • • • k w 47 48
8 Sign Extension Example Summary:
short int x = 15213; Expanding, Truncating: Basic Rules int ix = (int) x; short int y = -15213; int iy = (int) y; Expanding (e.g., short int to int) . Unsigned: zeros added (“zero extension”)
Decimal Hex Binary . Signed: sign extension x 15213 3B 6D 00111011 01101101 . Both yield expected result ix 15213 00 00 3B 6D 00000000 00000000 00111011 01101101 y -15213 C4 93 11000100 10010011 iy -15213 FF FF C4 93 11111111 11111111 11000100 10010011 Truncating (e.g., unsigned to unsigned short) . Unsigned/signed: bits are truncated . Result reinterpreted Converting from smaller to larger integer data type . Unsigned: mod operation C automatically performs sign extension . Signed: similar to mod . For small numbers yields expected behaviour
49 50
Today: Bits, Bytes, and Integers Negation: Complement & Increment
Claim: Following Holds for 2’s Complement Representing information as bits ~x + 1 == -x Bit-level manipulations Complement Integers . Observation: ~x + x == 1111…111 == -1 . Representation: unsigned and signed x 1 0 0 1 1 1 0 1 . Conversion, casting . Expanding, truncating + ~x 0 1 1 0 0 0 1 0 . Addition, negation, multiplication, shifting -1 1 1 1 1 1 1 1 1 Summary Where would we fill in gaps for a more complete proof? Note: operation can apply to unsigned as well
Two values for which x and -x have the same sign
51 52
Complement & Increment Examples Unsigned Addition
x = 15213 Operands: w bits u • • • Decimal Hex Binary + v • • • x 15213 3B 6D 00111011 01101101 True Sum: w+1 bits u + v ~x -15214 C4 92 11000100 10010010 • • • ~x+1 C4 93 11000100 10010011 -15213 Discard Carry: w bits UAddw(u , v) • • • y -15213 C4 93 11000100 10010011
Standard Addition Function x = 0 . Ignores carry output Decimal Hex Binary 0 0 00 00 00000000 00000000 Implements Modular Arithmetic ~0 FF FF 11111111 11111111 w -1 s = UAddw(u , v) = u + v mod 2 ~0+1 0 00 00 00000000 00000000 u v u v 2 w UAddw(u,v) w w u v 2 u v 2
53 54
9 Visualizing (Mathematical) Integer Addition Visualizing Unsigned Addition
Overflow Integer Addition Add4(u , v) Wraps Around . 4-bit integers u, v Integer Addition . If true sum ≥ 2w . Compute true sum . At most once UAdd4(u , v) Add4(u , v) . Values increase linearly 32 with u and v 28 16 24 True Sum . Forms planar surface w+1 14 20 2 Overflow 12 16 10 14 12 12 8 14 10 w 8 6 12 8 2 4 4 10 6 8 0 2 4 v 6 0 v 2 0 4 2 0 4 6 0 8 0 2 10 4 2 u 12 Modular Sum 6 14 8 10 0 12 u 14
55 56
Mathematical Properties Two’s Complement Addition
Modular Addition Forms an Abelian Group Operands: w bits u • • • . Closed under addition + v • • • w True Sum: w+1 bits 0 UAddw(u , v) 2 –1 u + v • • • . Commutative Discard Carry: w bits TAddw(u , v) • • • UAddw(u , v) = UAddw(v , u) . Associative UAddw(t, UAddw(u , v)) = UAddw(UAddw(t, u ), v) TAdd and UAdd have Identical Bit-Level Behavior . 0 is additive identity . Signed vs. unsigned addition in C: int s, t, u, v; UAddw(u , 0) = u . Every element has additive inverse s = (int) ((unsigned) u + (unsigned) v); w t = u + v . Let UCompw (u ) = 2 – u . Will give s == t UAddw(u , UCompw (u )) = 0
57 58
TAdd Overflow Visualizing 2’s Complement Addition
NegOver Functionality True Sum Values . True sum requires w+1 0 111…1 2w–1 PosOver . 4-bit two’s comp. TAdd (u , v) bits TAdd Result 4 . Range from -8 to +7 . Drop off MSB 0 100…0 2w –1 011…1 . Treat remaining bits as Wraps Around 8 0 000…0 w–1 2’s comp. integer 0 000…0 . If sum 2 6 . Becomes negative 4 2 1 011…1 w –1 –2 –1 100…0 0 . At most once 6 w–1 -2 4 . If sum < –2 -4 2 NegOver 0 1 000…0 w -6 –2 . Becomes positive -2 -8 -4 -8 -6 v . At most once -4 -6 -2 0 2 -8 4 u 6 PosOver
59 60
10 Characterizing TAdd Mathematical Properties of TAdd
Positive Overflow Functionality TAdd(u , v) Isomorphic Group to unsigneds with UAdd . True sum requires w+1 bits . TAdd (u , v) = U2T(UAdd (T2U(u ), T2U(v))) > 0 w w . Drop off MSB v . Since both have identical bit patterns . Treat remaining bits as 2’s < 0 comp. integer < 0 > 0 Two’s Complement Under TAdd Forms a Group u Negative Overflow . Closed, Commutative, Associative, 0 is additive identity . Every element has additive inverse
u u TMin w TComp w (u) w 1 TMin u TMin u v 2 w u v TMin (NegOver) w w 2 w TAdd w (u,v) u v TMin w u v TMax w ww1 u v 22 TMax w u v (PosOver)
61 62
Exercise break: ten’s complement Ten’s complement answer
Before digital computers, there were mechanical We want x ≡ -21 mod 10000, or x + 21 + 10000k = 0 for computers that used base 10 integer k There’s an analog of two’s complement called ten’s x = 10000 - 21 = 9979 complement that works in decimal (The equivalent of ~ is called nines’ complement: Suppose we have an adding machine with 10 decimal digits, 104 instead of 232. ~21 = 9978) What should be the ten’s complement representation of -21? I.e., we want a number x so that adding x is the same as subtracting 21, when you only have 4 digits
63 64
Signed/Unsigned Overflow Differences Multiplication
Computing Exact Product of w-bit numbers x, y UAdd(u , v) Carry Out Unsigned: . Either signed or unsigned . Overflow if carry out of last Ranges position v . Unsigned: 0 ≤ x * y ≤ (2w – 1) 2 = 22w – 2w+1 + 1 . Also just called “carry” (C) TAdd(u , v) . Up to 2w bits u Signed: < 0 . Two’s complement min: x * y ≥ (–2w–1)*(2w–1–1) = –22w–2 + 2w–1 . Result wrong if input signs are v . Up to 2w–1 bits the same but output sign is > 0 . w–1 2 2w–2 different > 0 < 0 Two’s complement max: x * y ≤ (–2 ) = 2 u 2 . In CPUs, unqualified TAdd(u , v) Negative Overflow . Up to 2w bits, but only for (TMinw) Sign Bit Set “overflow” usually means < 0 Maintaining Exact Results signed (O or V) v . Would need to keep expanding word size with each product computed > 0 . Done in software by “arbitrary precision” arithmetic packages > 0 < 0 Positive Overflowu
65 66
11 Unsigned Multiplication in C Code Security Example #2
SUN XDR library u • • • Operands: w bits . Widely used library for transferring data between machines * v • • • True Product: 2*w bits u · v • • • • • • void* copy_elements(void *ele_src[], int ele_cnt, size_t ele_size); UMult (u , v) • • • Discard w bits: w bits w ele_src
Standard Multiplication Function . Ignores high order w bits Implements Modular Arithmetic w UMultw(u , v)= u · v mod 2 malloc(ele_cnt * ele_size)
67 68
XDR Code XDR Vulnerability
void* copy_elements(void *ele_src[], int ele_cnt, size_t ele_size) { malloc(ele_cnt * ele_size) /* * Allocate buffer for ele_cnt objects, each of ele_size bytes * and copy from locations designated by ele_src What if: */ 20 void *result = malloc(ele_cnt * ele_size); . ele_cnt = 2 + 1 if (result == NULL) . ele_size = 4096 = 212 /* malloc failed */ return NULL; . Allocation = ?? void *next = result; int i; for (i = 0; i < ele_cnt; i++) { How can I make this function secure? /* Copy object i to destination */ memcpy(next, ele_src[i], ele_size); /* Move pointer to next memory region */ next += ele_size; } return result; }
69 70
Signed Multiplication in C Power-of-2 Multiply with Shift
u • • • Operation Operands: w bits . u << k gives u * 2k * v • • • . Both signed and unsigned k u · v True Product: 2*w bits • • • • • • u • • • TMult (u , v) • • • Operands: w bits Discard w bits: w bits w * 2k 0 ••• 0 1 0 ••• 0 0 True Product: w+k bits u · 2k • • • 0 ••• 0 0 k Standard Multiplication Function Discard k bits: w bits UMultw(u , 2 ) ••• 0 ••• 0 0 k . Ignores high order w bits TMultw(u , 2 ) Examples . Some of which are different for signed vs. unsigned multiplication . u << 3 == u * 8 . Lower bits are the same . u << 5 - u << 3 == u * 24 . Most machines shift and add faster than multiply . Compiler generates this code automatically
71 72
12 Compiled Multiplication Code Background: Rounding in Math C Function How to round to the nearest integer? int mul12(int x) { Cannot have both: return x*12; . round(x + k) = round(x) + k (k integer), “translation invariance” } . round(-x) = -round(x) “negation invariance” x , read “floor”: always round down (to -∞): Compiled Arithmetic Operations Explanation 2.0 = 2, 1.7 = 1, -2.2 = -3 leal (%eax,%eax,2), %eax t <- x+x*2 sall $2, %eax return t << 2; x , read “ceiling”: always round up (to +∞): 2.0 = 2, 1.7 = 2, -2.2 = -2
C integer operators mostly use round to zero, which is like floor for positive and ceiling for negative C compiler automatically generates shift/add code when multiplying by constant
73 74
Divison in C Unsigned Power-of-2 Divide with Shift
Quotient of Unsigned by Power of 2 Integer division /: rounds towards 0 . u >> k gives u / 2k . Choice (settled in C99) is historical, via FORTRAN and most CPUs . Uses logical shift Division by zero: undefined, usually fatal k Unsigned division: no overflow possible u ••• ••• Binary Point Operands: Signed division: overflow almost impossible / 2k 0 ••• 0 1 0 ••• 0 0 . Exception: TMin/-1 is un-representable, and so undefined Division: u / 2k 0 ••• 0 0 ••• . ••• . On x86 this too is a default-fatal exception Result: u / 2k 0 ••• 0 0 •••
Division Computed Hex Binary x 15213 15213 3B 6D 00111011 01101101 x >> 1 7606.5 7606 1D B6 00011101 10110110 x >> 4 950.8125 950 03 B6 00000011 10110110 x >> 8 59.4257813 59 00 3B 00000000 00111011
75 76
Compiled Unsigned Division Code Signed Power-of-2 Divide with Shift
C Function Quotient of Signed by Power of 2 k unsigned udiv8(unsigned x) . x >> k gives x / 2 { . Uses arithmetic shift return x/8; . Rounds wrong direction when u < 0 } k x ••• ••• Binary Point Operands: k 0 ••• 0 1 0 ••• 0 0 Compiled Arithmetic Operations Explanation / 2 shrl $3, %eax # Logical shift Division: x / 2k 0 ••• ••• . ••• return x >> 3; Result: RoundDown(x / 2k) 0 ••• •••
Uses logical shift for unsigned Division Computed Hex Binary y -15213 -15213 C4 93 11000100 10010011 For Java Users y >> 1 -7606.5 -7607 E2 49 11100010 01001001 . Logical shift written as >>> y >> 4 -950.8125 -951 FC 49 11111100 01001001 y >> 8 -59.4257813 -60 FF C4 11111111 11000100
77 78
13 Correct Power-of-2 Divide Correct Power-of-2 Divide (Cont.) Quotient of Negative Number by Power of 2 . Want x / 2k (Round Toward 0) Case 2: Rounding . Compute as (x+2k-1)/ 2k k 1 ••• ••• . In C: (x + (1<
79 80
Compiled Signed Division Code Remainder operator C Function Written as % in C int idiv8(int x) { x % y is the remainder after division x / y return x/8; } E.g., x % 10 is the lowest digit of non-negative x Behavior for negative values matches /’s rounding toward Compiled Arithmetic Operations Explanation zero testl %eax, %eax if x < 0 . b*(a / b) + (a % b) = a js L4 x += 7; L3: # Arithmetic shift I.e. sign of remainder matches sign of dividend sarl $3, %eax return x >> 3; (Some other languages have other conventions: sign of ret L4: result equals sign of divisor, sometimes distinguished as addl $7, %eax Uses arithmetic shift for int “modulo”, or always positive) jmp L3 For Java Users . Arith. shift written as >>
81 82
Arithmetic: Basic Rules Arithmetic: Basic Rules
Addition: Unsigned ints, 2’s complement ints are isomorphic rings: . Unsigned/signed: Normal addition followed by truncate, isomorphism = casting same operation on bit level . Unsigned: addition mod 2w Left shift . Mathematical addition + possible subtraction of 2w . Unsigned/signed: multiplication by 2k . Signed: modified addition mod 2w (result in proper range) . Always logical shift . Mathematical addition + possible addition or subtraction of 2w
Right shift Multiplication: . Unsigned: logical shift, div (division + round to zero) by 2k . Unsigned/signed: Normal multiplication followed by truncate, same operation on bit level . Signed: arithmetic shift k . Unsigned: multiplication mod 2w . Positive numbers: div (division + round to zero) by 2 k . Signed: modified multiplication mod 2w (result in proper range) . Negative numbers: div (division + round away from zero) by 2 Use biasing to fix
83 84
14 Today: Integers Properties of Unsigned Arithmetic
Representation: unsigned and signed Unsigned Multiplication with Addition Forms Conversion, casting Commutative Ring . Addition is commutative group Expanding, truncating . Closed under multiplication Addition, negation, multiplication, shifting w 0 UMultw(u , v) 2 –1 Summary . Multiplication Commutative
UMultw(u , v) = UMultw(v , u) . Multiplication is Associative
UMultw(t, UMultw(u , v)) = UMultw(UMultw(t, u ), v) . 1 is multiplicative identity
UMultw(u , 1) = u . Multiplication distributes over addtion
UMultw(t, UAddw(u , v)) = UAddw(UMultw(t, u ), UMultw(t, v))
85 86
Properties of Two’s Comp. Arithmetic Why Should I Use Unsigned? Isomorphic Algebras . Unsigned multiplication and addition Don’t Use Just Because Number Nonnegative . Truncating to w bits . Easy to make mistakes . Two’s complement multiplication and addition unsigned i; for (i = cnt-2; i >= 0; i--) . Truncating to w bits a[i] += a[i+1]; Both Form Rings . Can be very subtle w . Isomorphic to ring of integers mod 2 #define DELTA sizeof(int) Comparison to (Mathematical) Integer Arithmetic int i; . Both are rings for (i = CNT; i-DELTA >= 0; i-= DELTA) . Integers obey ordering properties, e.g., . . . u > 0 u + v > v Do Use When Performing Modular Arithmetic u > 0, v > 0 u · v > 0 . E.g., used in multiprecision arithmetic . These properties are not obeyed by two’s comp. arithmetic Do Use When Using Bits to Represent Sets TMax + 1 == TMin . Logical right shift, no sign extension 15213 * 30426 == -10030 (16-bit words) 87 88
Integer C Puzzles
• x < 0 ((x*2) < 0) • ux >= 0 • x & 7 == 7 (x<<30) < 0 • ux > -1 • x > y -x < -y • x * x >= 0 Initialization • x > 0 && y > 0 x + y > 0 • x >= 0 -x <= 0 int x = foo(); • x <= 0 -x >= 0 int y = bar(); • (x|-x)>>31 == -1 unsigned ux = x; • ux >> 3 == ux/8 unsigned uy = y; • x >> 3 == x/8 • x & (x-1) != 0
89
15