CSE 2421
Autumn 2013
S. Preston
Y86 programmer-visible state
• The Y86 has:
•
•
•

•
•

8 32-bit registers with the same names as the IA32 32-bit
register...
Condition Codes
• 3 condition codes in y86
• ZF – Set if the result of the last arithmetic
operation is 0
• SF – Set if th...
Conditions
• FLAGS: Zero, Sign, Overflow
• Less or Equal
•

Z = 1, S = 1, O = X

•

Z = 0, S = 1, O = X

•

Z = 1, S = 0, ...
Simple Addressing Modes
• Normal = (R) = Mem[Reg[R]]
• Register Reg specifies memory address
• denoted by a register in ( ...
Simple Addressing Modes
• Displacement = D(R) = Mem[Reg[R]+D]
• Register R specifies start of memory address
• Constant di...
Y86 example program w/ loop

# y86loop.ys
.pos 0x0
irmovl $0,%eax
irmovl $1,%ecx
Loop:
addl %ecx,%eax
irmovl $1,%edx
addl ...
Y86 example program w/ loop
# y86loop.ys
.pos 0x0
irmovl $0,%eax
irmovl $1,%ecx
Loop:
addl %ecx,%eax
irmovl $1,%edx
addl %...
Y86 Stack
• Stack top address always held in
esp
• Stack grows towards lower
addresses

Stack “Top”
%esp

•
•
•

Stack “Bo...
Y86 Stack - Push
• Pushing
• Decrement the stack register by 4
then store new data
(1)
addr

value

(2)
addr

value

0x11B...
Y86 Stack - Pop
• Pushing
• Save new data on stack, Increment
the stack register by 4
(1)
addr

//(1) esp = 0x11C
pop eax
...
Stack Example 2

==PUSH==
subl $4, %esp
movl %ebp, (%esp)

==POP===
movl (%esp), %eax
addl $4, %esp
Y86 Instruction Set

13
Fetch Cycle
Executing  rmmovl
• Fetch
•

Read 6 bytes

•

Read operand
registers

• Decode

• Execute
•

Compute
effective address

•...
Executing  Arithmetic/Logical Ops
• Fetch
•

Read 2 bytes

•

Read operand
registers

• Decode

• Execute
•
•

Perform op...
Executing  popl
•
•
•

•
•

Fetch

•

Decode

•

Read stack pointer

Execute

•

Increment stack
pointer by 4

Memory

•
...
Jumps
•
•
•

•
•

•

Fetch

•
•

Read 5 bytes
Increment PC by 5

Decode

•

Do nothing

Execute

•

Determine whether to
t...
Executing  Call
•
•
•
•
•
•

Fetch

•
•

Read 5 bytes
Increment PC by 5

Decode

•

Read stack pointer

Execute

•

Decre...
Executing  ret
•
•
•
•
•
•

Fetch

•
•

Read 1 bytes
Increment PC by 1

Decode

•

Read stack pointer

Execute

•

Decrem...
Instruction encoding practice
•

Determine the byte encoding of the following Y86 instruction
sequence given ―.pos 0x100‖ ...
Instruction encoding practice
0x100: 30f30f000000 //irmovl $15, %ebx
rrmovl
%ebx, %ecx
rmmovl
%ecx, -3(%ebx)
loop:
addl %e...
Instruction encoding practice
0x100: 30f30f000000 //irmovl $15, %ebx
0x106: 2031
//rrmovl %ebx, %ecx
loop:
rmmovl
%ecx, -3...
Instruction encoding practice
0x100: 30f30f000000 //irmovl $15, %ebx
0x106: 2031
//rrmovl %ebx, %ecx
loop:
0x108: 4013fdff...
Instruction encoding practice
0x100: 30f30f000000 //irmovl $15, %ebx
0x106: 2031
//rrmovl %ebx, %ecx
loop:
0x108: 4013fdff...
Instruction encoding practice
0x100:
0x106:
loop:
0x108:
0x10e:
0x110:

30f30f000000 //irmovl $15, %ebx
2031
//rrmovl %ebx...
Instruction encoding practice (cont)
What about disassembling?
0x200: a06f80080200000030f30a00000090
0x400: 61137300040000...
Instruction encoding practice (cont)
What about disassembling?
0x200: a06f
push %esi
0x202: 80080200000030f30a00000090
0x4...
Instruction encoding practice (cont)
What about disassembling?
0x200: a06f
0x202: 8008020000
0x208: 30f30a00000090
0x400: ...
Instruction encoding practice (cont)
What about disassembling?
0x200: a06f
0x202: 800802000000
0x208: 30f30a000000
0x20F: ...
Instruction encoding practice (cont)
What about disassembling?
0x200: a06f
0x202: 800802000000
0x208: 30f30a000000
0x20F: ...
Instruction encoding practice (cont)
What about disassembling?
0x200: a06f
0x202: 800802000000
0x208: 30f30a000000
0x20F: ...
Instruction encoding practice (cont)
What about disassembling?
0x200: a06f
0x202: 800802000000
0x208: 30f30a000000
0x20F: ...
Y86

int Sum(int *Start, int Count)
{
int sum = 0;
while (Count)
{
sum += *Start;
Start++;
Count--;
}
}

36
x86
• 8 32 bit registers
• General Purpose Registers
•
•
•
•
•
•

eax
ebx
ecx
edx
esi
edi

• Stack Register
• esp

• Base ...
x86 - Registers
x86 Registers
•
•
•
•
•
•

eax, ebx, ecx, edx
Registers can be accessed in parts
Rrx – Referes to the 64 bit register
erx ...
Condition Flags
• CF – Carry – Last arithmetic resulted in a
carry
• PF – Parity – Last arithmetic/logical operation
resul...
Condition Flags
• AF – Adjust – Last arithmetic results in a carry
out of the lowest 4 bits (Used for BCD
arithmetic)
• TF...
Verbiage
• Opcode operand1, operand2
• operand1 and/or operand2 are not always
required, depending on the opcode
• mov

ea...
Operand Specifiers
• Source operand
• Constants, registers, or memory

• Destination operand
• Registers or memory

• Cann...
IA32 – Intel Architecture
• 32-bit address bus
•
•

normal physical address space of 4 GBytes (232 bytes)
addresses rangin...
Addressing Modes
• An addressing mode is a mechanism for specifying an
address.
• Immediate
• Register
• Memory
•
•
•
•

A...
Operand addressing example
Address Value
0x100

0xFF

0x104

0xAB

0x108

0x13

0x10C

0x11

Register

Value

ax

0x100

c...
Operand Combinations example
Source

Dest

Src,Dest*

C analog

Immediate Register

movl $0x4, %eax

temp = 0x4;

Immediat...
Size Directive
• Typically you can infer the size being operated
on by which variation of the register is in use
• mov (eb...
Size Directive
• Sometimes it is unclear though.
• mov $2, (%ebx)
• How many bytes do you move into memory @
address ebx. ...
x86 Instructions
• Three categories
• Data Movement
• Arithmetic/Logic
• Control-Flow

• We will not cover ALL x86 instruc...
x86 Instructions
<reg32>

Any 32-bit register (EAX, EBX, ECX,
EDX, ESI, EDI, ESP, or EBP)
<reg16> Any 16-bit register (AX,...
Data Movement
• mov source, destination
• Move data from source to destination
• Syntax
mov <reg>,<reg>
mov <reg>,<mem>
mo...
Data Movement
• push
• add 4 bytes on top of the stack
• Syntax
push <reg32>
push <mem>
push <con32>
• Examples
push %eax ...
Data Movement
• pop
• remove top 4 byte value from stack
• Syntax
pop <reg32>
pop <mem>
• Examples
pop %eax — pop off stac...
Data Movement
• lea – Load Effective Address
• loads the address of the source into the
registers in the second operand
• ...
Arithmetic and Logic

• add
• adds together the two operands and stores result
in the second operand
• Syntax
add <reg>,<r...
Arithmetic and Logic

• sub
• subtracts the two operands and stores result in the
second operand
• Syntax
sub <reg>,<reg>
...
17
17
Upcoming SlideShare
Loading in …5
×

17

413 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

17

  1. 1. CSE 2421 Autumn 2013 S. Preston
  2. 2. Y86 programmer-visible state • The Y86 has: • • • • • 8 32-bit registers with the same names as the IA32 32-bit registers 3 condition codes: ZF, SF, OF • no carry flag - interpret integers as signed a program counter (PC) • Holds the address of the instruction currently being executed a program status byte: AOK, HLT, ADR, INS • State of program execution memory: up to 4 GB to hold program and data (4096 = 2^12) RF: Program registers %eax %esi %ecx %edi %edx %esp %ebx CC: Condition codes Stat: Program Status %ebp ZF SF OF DMEM: Memory PC 2
  3. 3. Condition Codes • 3 condition codes in y86 • ZF – Set if the result of the last arithmetic operation is 0 • SF – Set if the result of the last arithmetic operation resulted in the sign bit being set • OF – Set if the result of the last arithmetic operation resulted in an overflow
  4. 4. Conditions • FLAGS: Zero, Sign, Overflow • Less or Equal • Z = 1, S = 1, O = X • Z = 0, S = 1, O = X • Z = 1, S = 0, O = X • Z = 0, S = X, O = X • Z = 1, S = 0, O = X • Z = 0, S = 0, O = X • Less • Equal • Not Equal • Greater or Equal • Greater
  5. 5. Simple Addressing Modes • Normal = (R) = Mem[Reg[R]] • Register Reg specifies memory address • denoted by a register in ( ) • Example value 0x120 0x11 0x121 0x22 0x122 0x33 0x123 ecx = 0x00000120 addr 0x44 movl (%ecx),%eax move the value that is at the address in ecx into eax Moves 0x11223344 into eax 5
  6. 6. Simple Addressing Modes • Displacement = D(R) = Mem[Reg[R]+D] • Register R specifies start of memory address • Constant displacement D specifies offset • In bytes loads 0x33445566 into edx value 0x120 0x11 0x121 0x22 0x122 0x33 0x123 0x44 0x124 • Denoted by displacement(register) ebp = 0x120 movl 2(%ebp),%edx move the value at ebp (0x120) + 2 into edx addr 0x55 0x125 0x66 6
  7. 7. Y86 example program w/ loop # y86loop.ys .pos 0x0 irmovl $0,%eax irmovl $1,%ecx Loop: addl %ecx,%eax irmovl $1,%edx addl %edx,%ecx irmovl $1000,%edx subl %ecx,%edx jge Loop halt # sum = 0 # num = 1 CONVERT TO C sum=0; num = 1; do { sum += num; num++; } while (1000 – num >= 0) # sum += num # tmp = 1 # num++ # lim = 1000 # if lim - num >= 0 # loop again 7
  8. 8. Y86 example program w/ loop # y86loop.ys .pos 0x0 irmovl $0,%eax irmovl $1,%ecx Loop: addl %ecx,%eax irmovl $1,%edx addl %edx,%ecx irmovl $1000,%edx subl %ecx,%edx jge Loop halt # sum = 0 # num = 1 CONVERT TO C sum=0; num = 1; do { sum += num; num++; } while (1000 – num >= 0) # sum += num # tmp = 1 # num++ # lim = 1000 # if lim - num >= 0 # loop again Why don’t we just do addl $1, %edx?? Cant! not allowed, only register to register 8
  9. 9. Y86 Stack • Stack top address always held in esp • Stack grows towards lower addresses Stack “Top” %esp • • • Stack “Bottom” Increasing Addresses
  10. 10. Y86 Stack - Push • Pushing • Decrement the stack register by 4 then store new data (1) addr value (2) addr value 0x11B //(1)esp = 0x120 movl 0xFECA8712, %eax push %eax //(1)esp = 0x11C 0x11B 0x11C 0x11C 0x12 0x11D 0x11D 0x87 0x11E 0x11E 0xCA 0x11F 0x11F 0xFE 0x120 0x11 0x120 0x11 0x121 0x22 0x121 0x22 0x122 0x33 0x122 0x33
  11. 11. Y86 Stack - Pop • Pushing • Save new data on stack, Increment the stack register by 4 (1) addr //(1) esp = 0x11C pop eax //(2) esp = 0x120 //eax = 0xFECA8712 value (2) addr value 0x11B 0x11B 0x11C 0x12 0x11C 0x11D 0x87 0x11D 0x11E 0xCA 0x11E 0x11F 0xFE 0x11F 0x120 0x11 0x120 0x11 0x121 0x22 0x121 0x22 0x122 0x33 0x122 0x33
  12. 12. Stack Example 2 ==PUSH== subl $4, %esp movl %ebp, (%esp) ==POP=== movl (%esp), %eax addl $4, %esp
  13. 13. Y86 Instruction Set 13
  14. 14. Fetch Cycle
  15. 15. Executing  rmmovl • Fetch • Read 6 bytes • Read operand registers • Decode • Execute • Compute effective address • Memory • Write to memory • Do nothing • Increment PC by 6 • Write back • PC Update 16
  16. 16. Executing  Arithmetic/Logical Ops • Fetch • Read 2 bytes • Read operand registers • Decode • Execute • • Perform operation Set condition codes • Do nothing • Update register • Increment PC by 2 • Memory • Write back • PC Update 17
  17. 17. Executing  popl • • • • • Fetch • Decode • Read stack pointer Execute • Increment stack pointer by 4 Memory • Read from old stack pointer Write back • • • Read 2 bytes Update stack pointer Write result to register PC Update • Increment PC by 2 18
  18. 18. Jumps • • • • • • Fetch • • Read 5 bytes Increment PC by 5 Decode • Do nothing Execute • Determine whether to take branch based on jump condition and condition codes Memory • Do nothing Write back • Do nothing PC Update • Set PC to Dest if branch taken or to incremented PC if not branch 19
  19. 19. Executing  Call • • • • • • Fetch • • Read 5 bytes Increment PC by 5 Decode • Read stack pointer Execute • Decrement stack pointer by 4 Memory • Write incremented PC to new value of stack pointer Write back • Update stack pointer PC Update • Set PC to Dest 20
  20. 20. Executing  ret • • • • • • Fetch • • Read 1 bytes Increment PC by 1 Decode • Read stack pointer Execute • Decrement stack pointer by 4 Memory • Write incremented PC to new value of stack pointer Write back • Update stack pointer PC Update • Set PC to Dest 21
  21. 21. Instruction encoding practice • Determine the byte encoding of the following Y86 instruction sequence given ―.pos 0x100‖ specifies the starting address of the object code to be 0x100 (practice problem 4.1) .pos 0x100 # start code at address 0x100 irmovl $15, %ebx #load 15 into %ebx rrmovl %ebx, %ecx #copy 15 to %ecx loop: rmmovl %ecx, -3(%ebx)#save %ecx at addr 15-3=12 addl %ebx, %ecx #increment %ecx by 15 jmp loop # goto loop 23
  22. 22. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx rrmovl %ebx, %ecx rmmovl %ecx, -3(%ebx) loop: addl %ebx, %ecx jmp loop
  23. 23. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: rmmovl %ecx, -3(%ebx) addl %ebx, %ecx jmp loop
  24. 24. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: 0x108: 4013fdffffff //rmmovl %ecx, -3(%ebx) addl %ebx, %ecx jmp loop
  25. 25. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: 0x108: 4013fdffffff //rmmovl %ecx, -3(%ebx) 0x10e: 6031 //addl %ebx, %ecx jmp loop
  26. 26. Instruction encoding practice 0x100: 0x106: loop: 0x108: 0x10e: 0x110: 30f30f000000 //irmovl $15, %ebx 2031 //rrmovl %ebx, %ecx 4013fdffffff //rmmovl %ecx, -3(%ebx) 6031 //addl %ebx, %ecx 708010000 //jmp loop
  27. 27. Instruction encoding practice (cont) What about disassembling? 0x200: a06f80080200000030f30a00000090 0x400: 6113730004000000 29
  28. 28. Instruction encoding practice (cont) What about disassembling? 0x200: a06f push %esi 0x202: 80080200000030f30a00000090 0x400: 6113730004000000 30
  29. 29. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 8008020000 0x208: 30f30a00000090 0x400: 6113730004000000 pop %esi call 0x208 31
  30. 30. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113730004000000 pop %esi call 0x208 irmovl $a0, %ebx 32
  31. 31. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113730004000000 pop %esi call 0x208 irmovl $a0, %ebx ret 33
  32. 32. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113 0x402: 730004000000 pop %esi call 0x208 irmovl $a0, %ebx ret subl %ecx, %ebx 34
  33. 33. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113 0x402: 73004000000 pop %esi call 0x208 irmovl $a0, %ebx ret subl %ecx, %ebx je 0x400 35
  34. 34. Y86 int Sum(int *Start, int Count) { int sum = 0; while (Count) { sum += *Start; Start++; Count--; } } 36
  35. 35. x86 • 8 32 bit registers • General Purpose Registers • • • • • • eax ebx ecx edx esi edi • Stack Register • esp • Base Register • ebp
  36. 36. x86 - Registers
  37. 37. x86 Registers • • • • • • eax, ebx, ecx, edx Registers can be accessed in parts Rrx – Referes to the 64 bit register erx – Refers to 32 bit register rx – Referes to the lower 16 bits of erx rh – Refers to the top 8 bits of the rx bit register • rl – Refers to the lower 8 bits of the rx register
  38. 38. Condition Flags • CF – Carry – Last arithmetic resulted in a carry • PF – Parity – Last arithmetic/logical operation results in even parity (even number of 1’s) • ZF – Zero – Last arithmetic/logical operation resulted in a zero • SF – Sign – Last arithmetic operation resulted in the sign bit being set • OF – Overflow – Last arithmetic resulted in an overflow
  39. 39. Condition Flags • AF – Adjust – Last arithmetic results in a carry out of the lowest 4 bits (Used for BCD arithmetic) • TF – Trap – Enables CPU single step mode – Used for debugging • IF – Interrupt Enable – Enables cpu to handle system interrupts • DF – Direction – Sets the direction of string processing from R->L
  40. 40. Verbiage • Opcode operand1, operand2 • operand1 and/or operand2 are not always required, depending on the opcode • mov eax, ebx • Opcode – mov • operand1 – eax • operand2 - ebx
  41. 41. Operand Specifiers • Source operand • Constants, registers, or memory • Destination operand • Registers or memory • Cannot do Memory-Memory transfer with a single instruction • 3 types of operands • Immediate • Register • Memory 43
  42. 42. IA32 – Intel Architecture • 32-bit address bus • • normal physical address space of 4 GBytes (232 bytes) addresses ranging continuously from 0 to 0xFFFFFFFF • Data formats  • • Primitive data types of C Single letter suffix • • denotes size of operand No aggregate types • Arrays, structures C Declaration Suffix Size char B 8 bits short W or S 16 bits int L 32 bits * (pointer) L 32 bits float S 32 bits 44
  43. 43. Addressing Modes • An addressing mode is a mechanism for specifying an address. • Immediate • Register • Memory • • • • Absolute • specify the address of the data Indirect • use register to calculate address Base + displacement • use register plus absolute address to calculate address Indexed • • Indexed • Add contents of an index register Scaled index • Add contents of an index register scaled by a constant 45
  44. 44. Operand addressing example Address Value 0x100 0xFF 0x104 0xAB 0x108 0x13 0x10C 0x11 Register Value ax 0x100 cx 0x01 dx 0x03 Operand %eax 0x104 $0x108 (%eax) Value Comment 0x100 Register 0xAB Absolute Address - memory 0x108 Immediate 0xFF Address 0x100 - indirect Address 0x104 - base+displacement 4(%eax) 0XAB (4+register) Address 0x10C – indexed 9(%eax,%edx) 0X11 (9 + eax+edx) Address 0x108 – indexed 0x104(%ecx,%edx) 0X13 (0x104+ecx+edx) Address 0x100 - scaled index 0xFC(,%ecx,4) 0XFF (0xfc+0+ecx*4) Address 0x10C - scaled index (%eax,%edx,4) 0X11 (eax+edx*4) *scaled index multiplies the 2nd argument by the scaled value (the 3rd argument) which must be a value of 1, 2, 4 or 8 (sizes of the primitive data types) 46
  45. 45. Operand Combinations example Source Dest Src,Dest* C analog Immediate Register movl $0x4, %eax temp = 0x4; Immediate Memory movl $-147, (%eax) *p = -147; Register Register movl %eax, %edx temp2 = temp1; Register Memory movl %eax, (%edx) *p = temp; Memory Register movl (%eax), %edx temp = *p; • Each statement should be viewed separately. • REMINDER: cannot do memory-memory transfer with a single instruction. • The parentheses around the register tell the assembler to use the register as a pointer. 47
  46. 46. Size Directive • Typically you can infer the size being operated on by which variation of the register is in use • mov (ebx), %eax • Destination EAX, implies moving 4 bytes • mov (ebx), %ax • Destination AX implies moving only 2 bytes • mov (ebx), %ah • Destination ah implies moving only 1 bytes
  47. 47. Size Directive • Sometimes it is unclear though. • mov $2, (%ebx) • How many bytes do you move into memory @ address ebx. 2? 4? 8? • Have to explicitly specify size when dealing with immediate values • movw $2, (%ebx) • Explicitly move 2 bytes • movl $2, (%ebx) • Explicitly move 4 bytes C Declaration Suffix Size char b 8 bits short w or s 16 bits int l 32 bits * (pointer) l 32 bits float s 32 bits long q 64 bits
  48. 48. x86 Instructions • Three categories • Data Movement • Arithmetic/Logic • Control-Flow • We will not cover ALL x86 instructions, there are numerous obscure ones • We will cover all of the common instructions • For full list of operands see Intel’s instruction set reference
  49. 49. x86 Instructions <reg32> Any 32-bit register (EAX, EBX, ECX, EDX, ESI, EDI, ESP, or EBP) <reg16> Any 16-bit register (AX, BX, CX, or DX) <reg8> Any 8-bit register (AH, BH, CH, DH, AL, BL, CL, or DL) <reg> Any register <mem> A memory address (e.g., [eax], [var + 4], or dword ptr [eax+ebx]) <con32> Any 32-bit constant <con16> Any 16-bit constant <con8> Any 8-bit constant <con> Any 8-, 16-, or 32-bit constant
  50. 50. Data Movement • mov source, destination • Move data from source to destination • Syntax mov <reg>,<reg> mov <reg>,<mem> mov <mem>,<reg> mov <const>, <reg> mov <const>, <mem> • Examples mov %eax, %ebx — copy the value in eax into ebx
  51. 51. Data Movement • push • add 4 bytes on top of the stack • Syntax push <reg32> push <mem> push <con32> • Examples push %eax — push eax on the stack
  52. 52. Data Movement • pop • remove top 4 byte value from stack • Syntax pop <reg32> pop <mem> • Examples pop %eax — pop off stack into eax
  53. 53. Data Movement • lea – Load Effective Address • loads the address of the source into the registers in the second operand • Syntax lea <mem>, <reg32> • Examples lea (var), %eax — address of var is placed into eax
  54. 54. Arithmetic and Logic • add • adds together the two operands and stores result in the second operand • Syntax add <reg>,<reg> add <reg>,<mem> add <mem>,<reg> add <imm>,<reg> add <imm>,<mem> Examples add $10, %eax — add 10 to the current value in eax, and store result in eax
  55. 55. Arithmetic and Logic • sub • subtracts the two operands and stores result in the second operand • Syntax sub <reg>,<reg> sub <reg>,<mem> sub <mem>,<reg> sub <imm>,<reg> sub <imm>,<mem> Examples sub $10, %eax — subtracts 10 from the current value in eax, and store result in eax

×