Assembly Language Programming Processor architecture

Zbigniew Jurkiewicz, Instytut Informatyki UW

October 10, 2017

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Processor architecture

Also called ISA (Instruction Set Architecture). Classification stack machine; accumulator-based; if additional specialized registers present (e.g. address register), then extended accumulator; register-memory; register-register + load/store. Additionally classifiers take into account the number of instruction arguments (0–3) and the number of memory addresses instructions (0–3).

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Different privilege levels

The simplest version: ordinary (user) system (supervisor). On Intel processors there are 4 levels (numbered 0–3), but in practice only 2 are used.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Memory model

Alignment problem — the legal or preferred addresses should be multiple of some basic value. Example: Pentium II has 36-bit addresses, but the address bus is only 33-bit wide. On the bus three lower address bits are always equal 0. Each fetch from memory always gets 8 bytes.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Byte order for larger units

Two possibilities:

little endian: less important (‘lower’) byte first, forces us to read strings byte after byte, otherwise multibyte register will have them in reverse order; big endian: standard for networks.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Processor state register

Often contains bits setting current working mode, for hardware supporting the privileged mode. Most flags are divided into two categories conditional, they signal the result of the last operation; control, they set parameters for current working mode.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Pentium processor flags

SF (sign) the highest bit from the result of the last arithmetic-logic operation (so equals 1 when the result was negative); ZF (zero) set when the last result was exactly zero; PF (parity) set when the lowest byte of the last result has even number of ones. CF (carry) set to the value of carry from the highest position for the last operation (important for unsigned numbers), also used in some other situations having nothing to do with arithmetic per se; OF (overflow) set when the last operation resulted in overflow (important for signed numbers); IF (interrupts) for masking interrupts; DF (direction) the order of working for block transfer instructions, 0 means increase the addrresses after each step.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Machine instructions

Machine instruction general forms byte sequences of varying lengths (“CISC”) words: (nearly) all instructions have the same size (“RISC”) Format of single instruction Divided into fields, the exact number and kind of fields may be different for different groups of instructions. Sometimes preceded by optional prefixes, either changing the instruction semantics or providing additional part of argument address. Attentions: some descriptions (and some assemblers) treat prefixes as separate instructions

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Machine instructions

Fields: Operation code, determines the computation to be done Addressing mode, describes how to find an argument or its effective address. This specifies also a rule for interpretation of address fields, e.g. whether the instruction operates on bytes, words etc. (unless this information is not contained in operation code). Adresses, specifies a register or a cell in memory Constant (so called immediate argument) There are also special fields, e.g. giving number of position shifted for rotations and shifts.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Computing effective address

Effective address = final address used for memory reference, obtained as a result of processing according to the specified addressing mode. Address space. Segment registers, segment table. Segment descriptors.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Instruction set

Types of instructions:

Arithmetical: addition, subtraction, multiplication, division for integers ADD, ADC, INC, SUB, SBB, DEC, MUL, DIV, CMP Separate arithmetical instructions for other number representations (e.g. BCD, ASCII, floating-point). Arithmetic with (saturation): if the result is too big, it is replaced by the maximum possible value. Used for DSP (e.g. MMX instructions on Pentium).

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Instruction set

Boolean operations, arguments interpreted as sequences of bits, the operation is preformed on parallel on all pairs of corresponding bits. NOT, AND, OR, XOR, TEST Rotations and shifts. Circular rotations ROR, ROL, RCR, RCL Shifts: logical and arithmetic (division/multiplication by 2) SHL, SHR, SAL, SAR

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Instruction set

Data transfer (movement). Used to move or change the contents of register/meory cell: MOV, XCHG, MOVZX, MOVSX. Stack operations: PUSH, POP, PUSHF, POPF. Input/output: IN, OUT. Some processors provide special complex operations for repeated sequences of operations, e.g. block transfers or search LODS, STOS, MOVS, SCAS, CMPS, REP

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Instruction set

Control instructions. They change the normal sequential execution of consecutive instructions, modifying the contents of instruction count. The mandatory argument (sometimes there are additional ones) is the address of the next instruction to be executed: given as absoulute or relative. Unconditional jump, always executed (JMP). Branches (conditional jumps): jump happens only when some condition is satisfied. The condition is determined by checking the appropriate processor flag or flags — those are set depending on the result of the last “computational” instruction. JZ/JE, JNZ/JNE, JC, JNC, JO, JNO, JP, JNP

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Instruction set

Separate branches for signed (JG, JGE, JL, JLE) and unsigned (JA, JAE, JB, JBE) numbers. The alternative is to put the result of comparison instruction into some register and later checking this register (e.g. DEC/Alpha processor, but also Pentium). Pro: the jump can be delayed, contra: takes one of registers. The last possibility is compare and branch instruction, which does comparison and possible jump at the same time (e.g. VAX, PA-RISC), these creates problems for aggressive pipeline processors.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Instruction set

Subroutine call/return CALL, RET Programming interrupts (extracodes) and return from interrupt INT, IRET Loops LOOP, JCXZ, LOOPE, LOOPNE Sometimes also conditional skip instruction – the single instruction is executed or not depending on a condition.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Instruction set

Manual setting of flags CLI, STI, CLC Do nothing instruction (NOP) — useful filler. Spetial instruction. Allow execution only in priviledged mode. Manipulation of protection mechanism, halting the processor (HLT).

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Addressing modes

Types of instruction arguments. The determine the method of computing argument’s location.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Addressing modes

implicit (hidden)

mul ecx immediate, the argument is contained in the address field

mov eax,10 register, the argument is in a register, address fields contains the number of register

add eax,ebx

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Addressing modes

direct, the address field contains argument address

mov eax,[100] register indirect, the argument address is given in the register specified

mov eax,[esi] indirect, the address field contains the address of the memory cell, which contains the final address, rarely used today because consumes too many cycles (does not exist on x86). relative, the address field contains the offset relative to the instruction counter; mostly in conditional jumps

jle 30

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Addressing modes

indexing, the argument address is computed by adding to elements from the instruction: address or offset specified in the address field and the contents of one or two registers. One of the registers (usually constant) is called base, the other, often changed in iteration, is called index. Index register can be scaled: its value is multiplied e.g. by 2.

mov eax,[ebx+100] mov ecx,[ebx+esi] For x86 the general address format is base address + offset + index * element-size autoincrementation/autodecrementation, automatic change of argument register after (or before) executing the current instruction.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Addressing modes

The producer documentation specifies allowed combinations of modes for each instruction. For most instructions all reasonable combinations are available.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Special modes for signal processors (DSP)

cyclic (modulo): buffer address specified, automatic increase of buffer pointer with wrap bit reverse (for FFT): destination address obtained by reversing n lowest bits of source address.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture various uses of general register

As accumulator. The register contains data for computation specified with instruction code. As pointer/address. The register contains the address of instruction operand, not an operand proper. As an automatically increased pointer for traveling over consecutive memory cells. Going forward is known as “autoincrementation”, going backward as “autodecrementation”. Most popular use is for working with tabular data. As an index (index register). In this case the contents of the register is added to the base address given in the instuction argument.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Operations on bits

Instruction BT (Bit Test) copies the value of a selected bit into CF flag. Instruction BTS (Bit Test and Set) wstawia wartos´c´ podanego bitu w argumencie do flagi CF i ustawia ten bit na 1. Klasyka systemow´ operacyjnych. Such instruction sometimes have to be preceded by prefix LOCK, especially when we have more processor eager to manipulate the memory. The instruction family SETcc sets an argument register to 0 or 1, depending on the result of the last comparison (or more precisely depending on curent flag values). Useful for delaying the execution of conditional operations.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Miscelannea

The instruction LEA (Load Effective Address) is mostly abused (e.g. for multiplying register by 5), and rarely used according to the original purpose. Addition ot two different registers with storing the result in a third one: lea rax,[rdi + rsi] The instruction RDRAND returns (if we are lucky enough to have it) a guaranteed random number. The instruction NOP does not do anything (except for losing time). Once it was the favorite instruction of crackers.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Swapping data

The instruction XCHG exchanges the contents of two arguments. It is equivalent to three MOV (or XOR) instruction and does not consume additional working cell or register. Could be used for implementing semaphores. The instruction BSWAP exchanges the order of bytes in the argument. Useful for network transfers.

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Fast change of potection level

Fast system call = change between protection levels 3 and 0 Instructions SYSENTER and SYSEXIT Instructions SYSCALL and SYSRET

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Example code: if

if (x > 0) z += x; else z++;

mov eax,[x] cmp eax,0 jle else add [z],eax jmp finish else: inc [z] finish:

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture Example code: while

while (n > 0) { z += z; n--; }

mov eax,[z] while: cmp [n],0 jle finish add eax,eax dec [n] jmp while finish: mov [z],eax

Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Processor architecture