1 machine-level representation of programs Ⅱ. 2 outline data movement data manipulation control...

1

Machine-Level Representation of Programs

Ⅱ

2

Outline

• Data movement

• Data manipulation

• Control structure

• Suggested reading

– Chap 3.4, 3.5, 3.6

3

Indexed Addressing Mode Figure 3.3 P137

• Most general form

– Imm(Eb, Ei, s)

– M[Imm+ R[Eb]+ R[Ei]*s]

– Constant “displacement” Imm: 1, 2, or 4 bytes

– Base register Eb: Any of 8 integer registers

– Index register Ei : Any, except for %esp

– S: Scale: 1, 2, 4, or 8

4

Data Movement Figure 3.4 P139

Instruction Effect Description

movl S, D D S Move double word

movw S, D D S Move word

movb S, D D S Move byte

movsbl S, D D SignedExtend( S) Move sign-extended byte

movzbl S, D D ZeroExtend(S) Move zero-extended byte

pushl S R[%esp] R[%esp]-4M[R[%esp]] S

Push

popl D D M[R[%esp]]R[%esp] R[%esp]+4

Pop

5

Move Instructions

• Format

– movl src, dest

– src and dest can only be one of the following

• Immediate (except dest)

• Register

• Memory

6

Move Instructions

• Format

– The only possible combinations of the (src,

dest) are

• (immediate, register)

• (memory, register) load

• (register, register)

• (immediate, memory) store

• (register, memory) store

7

Data Movement Example P139

movl $0x4050, %eax immediateregister

movl %ebp, %esp registerregister

movl (%edx, %ecx), %eax memoryregister

movl $-17, (%esp) immediatememory

movl %eax, -12(%ebp)register memory

8


Initial value %dh=8d %eax =98765432

1 movb %dh, %al %eax=9876548d2 movsbl %dh, %eax %eax=ffffff8d

(Move sign-extended byte)3 movzbl %dh, %eax %eax=0000008d

( Move zero-extended byte)

9

Stack operations Figure 3.5 P140

%eax 0x123

%edx 0%esp 0x108 Increasing

address

0x108

Stack “top”

%esp

10

Stack operations

%eax 0x123

%edx 0%esp 0x104

0x104

Stack “top”

0x1230x108

%esp

pushl %eax

11

Stack operations

%eax 0x123

%edx 0x123

%esp 0x104

0x104

Stack “top”

0x123

0x108%esp

popl %edx

12


int exchange(int *xp, int y)

{

int x = *xp ; /* operator * performs dereferencing */

*xp = y ;

return x ;

}

int a = 4 ;

int b = exchange(&a, 3); /* “address of” operator creates a pointer */

printf(“a = %d, b = %d\n”, a, b);

13


int exchange(int *xp, int y){

int x = *xp ;

*xp = y ;return x ;

}

1 pushl %ebp

2 movl %esp, %ebp

3 movl 8(%ebp), %eax

4 movl 12(%ebp), %edx

5 movl (%eax), %ecx

6 movl %edx, (%eax)

7 movl %ecx, %eax

8 movl %ebp, %esp

9 popl %ebpAssembly code

14

Data Movement Example

y

xp

Rtn adr %esp

OffsetStack

•••

15


y

xp

Rtn adr

Old %ebp %esp 0

4

8

12

OffsetStack

•••

1 pushl %ebp

y

xp

Rtn adr %esp

OffsetStack

•••

16


y

xp

Rtn adr

Old %ebp%ebp%esp

0

4

8

12

OffsetStack

•••

2 movl %esp, %ebp

y

xp

Rtn adr

Old %ebp %esp 0

4

8

12

OffsetStack

•••

17


y

xp

Rtn adr

Old %ebp%ebp%esp

0

4

8

12

OffsetStack

•••

3 movl 8(%ebp), %eax

4 movl 12(%ebp), %edx

5 movl (%eax), %ecx

6 movl %edx, (%eax)

7 movl %ecx, %eax

18


y

xp

Rtn adr %esp

OffsetStack

•••

8 movl %ebp, %esp

9 popl %ebp

19

Arithmetic and Logical Operations Figure 3.7 P144


leal S, D D &S Load effective address

incl D D D + 1 Increment

decl D D D – 1 Decrement

negl D D -D Negate

notl D D ~D Complement

addl S, D D D + S Add

subl S, D D D – S Subtract

imull S, D D D * S Multiply

3.5 P143

20

Examples for Lea Instruction (Practice Problem 3.3 P143)

• %eax holds x, %ecx holds y

6+x leal 6(%eax), %edx

x+y leal (%eax, %ecx), %edx

x+4*y leal (%eax, %ecx, 4), %edx 7+9*x leal 7(%eax, %eax, 8), %edx

9+x+2*y

leal 9(%eax, %ecx, 2), %edx

10+4*y leal 0xA(, %ecx, 4), %edx

ResultExpression

21

Arithmetic and Logical Operations (Cont’d) Figure 3.7 P144


xorl S, D D D ^ S Exclusive-or

orl S, D D D | S Or

andl S, D D D & S And

sall k, D D D << k Left shift

shll k, D D D << k Left shift

sarl k, D D D >> k Arithmetic right shift

shrl k, D D D >> k Logical right shift

22

Arithmetic and Logical Operations (Practice Problem 3.4 P145)

Address

Value

0x100 0xFF

0x104 0xAB

0x108 0x13

0x10C 0x11

Register

Value

%eax 0x100

%ecx 0x1

%edx 0x3

0xFD (0x100-0x3)%eaxsubl %edx, %eax

0x0 (0x1-1)%ecxdecl %ecx

0x14 (0x13+1)0x108incl 8(%eax)

0x110 ($16*0x11)

0x10Cimull $16, (%eax, %edx, 4)

0xA8 (0xAB-0x3)0x104subl %edx, 4(%eax)

0x100 (1+0xFF)0x100addl %ecx, (%eax)

ValueDestinationInstruction

23

Assembly Code for Arithmetic ExpressionsFigure 3.8 P146int arith(int x, int y, int z){ int t1 = x+y; int t2 = z*48; int t3 = t1&0xFFFF; int t4 = t2*t3; return t4;}

movl 12(%ebp),%eax Get ymovl 16(%ebp),%edx Get zaddl 8(%ebp),%eax Compute t1=x+yleal (%edx,%edx,2),%edx Compute 3*zsall $4,%edx Compute t2=48*z=3*16*zandl $0xFFFF,%eax Compute t3=t1&FFFFimull %eax,%edx Compute t4=t2*t3movl %edx,%eax Set t4 as return val

24

Special Arithmetic OperationsFigure 3.9 P147

imull S

R[%edx]:R[%eax] S*R[%eax] Signed full multiply

mull S

R[%edx]:R[%eax] S*R[%eax] Unsigned full multiply

Cltd R[%edx]:R[%eax] SignExtend(R[%eax])

Convert to quad word

idivl S

R[%edx] R[%edx]:R[%eax] mod S ( 余数 )R[%eax] R[%edx]:R[%eax] S (商 )

Signed divide

divl S R[%edx] R[%edx]:R[%eax] mod SR[%eax] R[%edx]:R[%eax] S

Unsigned divide

25

Examples P148

Initially x at %ebp+8, y at %ebp+12, their full 64-bit product as 8 bytes on top of the stack

1 movl 8(%ebp), %eax2 imull 12(%ebp)3 pushl %edx4 pushl %eax

Store x/y and x%y on the stack.1 movl 8(%ebp), %eax2 cltd3 idivl 12(%ebp)4 pushl %eax5 pushl %edx

26

Control

• Two of the most important parts of

program execution

– Data flow (Accessing and operating data)

– Control flow (control the sequence of

operations)

3.6 P148

27

Control

• Sequential execution is default– The statements in C and

– the instructions in assembly code

– are executed in the order they appear in the program

• Chang the control flow– Control constructs in C

– Jump in assembly

28

Assembly Programmer’s View

FF

BF

7F

3F

C0

80

40

00

Stack

DLLs

TextData

Heap

Heap

08

%eax

%edx

%ecx

%ebx

%esi

%edi

%esp

%ebp

%al%ah

%dl%dh

%cl%ch

%bl%bh

%eip

%eflag

Addresses

Data

Instructions

29

Condition codes

• Condition codes

– A set of single-bit

– Maintained in a condition code register

– Describe attributes of the most recently

arithmetic or logical operation

30

Condition codes

• EFLAGS– CF: Carry Flag

• The most recent operation generated a carry out of the most significant bit

• Used to detect overflow for unsigned operations

– OF: Overflow Flag

• The most recent operation caused a two’s complement overflow — either negative or positive

31

Condition codes

• EFLAGS

– ZF: Zero Flag

• The most recent operation yielded zero

– SF: Sign Flag

• The most recent operation yielded a

negative value

32

Setting Conditional Codes

• Implicit Setting By Arithmetic Operationsaddl Src,DestC analog: t = a+b– CF set if carry out from most significant bit

• Used to detect unsigned overflow

– ZF set if t == 0– SF set if t < 0– OF set if two’s complement overflow

(a>0 && b>0 && t<0) || (a<0 && b<0 && t>=0)

33

Conditional Code

• lea instruction – has no effect on condition codes

• Xorl instruction– The carry and overflow flags are set to 0

• Shift instruction– carry flag is set to the last bit shifted out– Overflow flag is set to 0

34


• Explicit Setting by Compare Instructioncmpl Src2,Src1– cmpl b,a like computing a-b without setting

destination– CF set if carry out from most significant bit

• Used for unsigned comparisons

– ZF set if a == b– SF set if (a-b) < 0– OF set if two’s complement overflow

(a>0 && b<0 && (a-b)<0) || (a<0 && b>0 && (a-b)>0)

35


• Explicit Setting by Test instruction

testl Src2,Src1

– Sets condition codes based on value of Src1 & Src2

• Useful to have one of the operands be a mask

– testl b,a like computing a&b without setting destination

– ZF set when a&b == 0

– SF set when a&b < 0

36

Accessing Conditional Codes

• The condition codes cannot be read

directly

• One of the most common methods of

accessing them is

– setting an integer register based on some

combination of condition codes

– Set commands

37


• after each set command is executed– A single byte to 0 or to 1 is obtained

• The descriptions of the different set commands apply to the case – where a comparison instruction has been

executed

38

Accessing Conditional CodesFigure 3.10 P150

Instruction Synonym Effect Set Condition

Sete Setz ZF Equal/zero

Setne Setnz ~ZF Not equal/not zero

Sets SF Negative

Setns ~SF Nonnegative

Setl Setnge SFÔF Less

Setle Setng (SFÔF)|ZF Less or Equal

Setg Setnle ~(SFÔF)&~ZF Greater

Setge Setnl ~(SFÔF) Greater or Equal

Seta Setnbe ~CF&~ZF Above

Setae Setnb ~CF Above or equal

Setb Setnae CF Below

Setbe Setna CF|ZF Below or equal

39


• The destination operand is either – one of the eight single-byte register elements

or – a memory location where the single byte is to

be stored

• To generate a 32-bit result– we must also clear the high-order 24 bits

40

Accessing Conditional Codes P151

Initially a is in %edx, b is in %eax

1 cmpl %eax, %edx#compare a:b

2 setl %al#set low order by to 0 or 1

3 movzbl %al, %eax #set remaining bytes of %eax

to 0

41

Jump Instructions P152

• Under normal execution– instructions follow each other in the order they

are listed

• A jump instruction can cause – the execution to switch to a completely new

position in the program.

• Label – Jump destinations

42


1 xorl %eax, %eax Set %eax to 0

2 jmp .L1 Goto .L1

3 movl (%eax), %edx Null pointer dereference

4 .L1:5 popl %edx

43

Unconditional jump P153

• Jumps unconditionally

• Direct jump: jmp label

– jmp .L

• Indirect jump: jmp *Operand

– jmp *%eax

– jmp *(%eax)

44

Conditional jump

• Either jump or continue executing at the next instruction in the code sequence– Depending on some combination of the

condition codes

• All direct jump

45


1 jle .L42 .p2align 4,,7 align next instruction to multiple of 83 .L5:4 movl %edx, %eax5 sarl $1, %eax ； Arithmetic right shift6 subl %eax, %edx7 testl %edx, %edx8 jg .L59 .L4:10 movl %edx, %eax

46

Jump Instructions

• PC-relative – Jump target is an offset relative to the address

of the instruction just followed jump (pointed by PC)

• Absolute address – Jump target is an absolute address

47

1 8: 7e 11 jle 1b<silly+0x1b>

2 a: 8d b6 00 00 00 00 lea 0x0(%esi), %esi

3 10: 89 d0 movl %edx, %eax dest1:

4 12: c1 f8 01 sarl $1, %eax

5 15: 29 c2 subl %eax, %edx

6 17: 85 d2 testl %edx, %edx

7 19: 7f f5 jg 10<silly+0x10>

8 1b: 89 d0 movl %edx, %eax dest2:

dest1: 11+a = 1b 11+10

dest2: 1b+f5(-b) =10 F5=-11=0X(-b)

Example for Jump P154

48

1 80483c8: 7e 11 jle80483db<silly+0x1b>

2 80483ca: 8d b6 00 00 00 00 lea 0x0(%esi), %esi

3 80483d0: 89 d0 movl %edx, %eax dest1:4 80483d2: c1 f8 01 sarl $1, %eax5 80483d5: 29 c2 subl %eax, %edx6 80483d7: 85 d2 testl %edx, %edx7 80483d9: 7f f5 jg 80483d0<silly+0x10>8 80483db: 89 d0 movl %edx, %eax dest2:

11+a = 1b => 11+ca=db1b+f5(-b) =10 => db+f5(-b)=d0

Example for Jump P155

49

Translating Conditional Branches P157

if ( test-expr )

then-statement

else

else-statement

t = test-expr ;

if ( t )

goto true ;

else-statement

goto done

true:

then-statement

done:

50

Translating Conditional Branches P156

1. int absdiff(int x, int y)

2. {

3. if (x < y)

4. return y – x;

5. else

6. return x – y;

7. }

1. int gotodiff(int x, int y)

2. {

3. int rval ;

4. if (x < y)

5. goto less

6. rval = x – y ;

7. goto done;

8. less:

9. rval = y – x;

10. done:

11. return rval;

12. }

51


1. movl 8(%ebp), %edx get x

2. movl 12(%ebp), %eax get y

3. cmpl %eax, %edx cal x - y

4. jl .L3 if x < y goto less

5. subl %eax, %edx compute x – y (subl: des-src)

6. movl %edx, %eax set return val

7. jmp .L5 goto done

8. .L3: less:

9. subl %edx, %eax compute y – x (subl: des-src)

10. .L5: done: Begin Completion code

52

Do-while Translation P158

do body-statement

while (test-expr)

loop: body-statement

t = test-expr; if ( t )

goto loop ;

53


int fib_dw(int n) { int i = 0; int val = 0 ; int nval = 1 ; do { int t = val + nval ; val = nval ; nval = t ; i++; } while ( i<n) ; return val ; }

register value initially

%ecx i 0

%esi n n

%ebx val 0

%edx nval 1

%eax t -

54


.L6:

lea (%ebx, %edx), %eax

movl %edx, %ebx

movl %eax, %edx

incl %ecx

cmpl %esi, %ecx

jl .L6

movl %ebx, %eax register value initially

%ecx i 0

%esi n n

%ebx val 0

%edx nval 1

%eax t -

lea: %ebx+%edx => %eax

55

While Loop Translation P161

while (test-expr)

body-statement

loop: if ( !test-expr)

t = test-expr goto done;

if ( !t ) do

goto done; body-statement

body-statement while(test-expr)

goto loop; done:

done:

56


int fib_w(int n) {

int i=1;int val=1;int nval=1;

while ( i<n ) {int t=val+nval ;val = nval ;nval = t ;

i = i+1; }

return val ; }

int fib_w_got0(int n) {

int val=1;int nval=1;

int nmi, t ;

if ( val >= n )goto done ;

nmi = n-1;

loop:t=val+nval ;val = nval ;nval = t ;

nmi--;if ( nmi )

goto loop done:

return val }

57


1. movl 8(%ebp), %eax 2. movl $1, %ebx3. movl $1, %ecx4. cmpl %eax, ebx5. jge .L96. lea –1(%eax), %edx7. .L10:8. lea (%ecx, %ebx), %eax9. movl %ecx, %ebx10. movl %eax, %ecx11. decl %edx12. jnz .L1013. .L9:

Register usageRegister Variable Initially

%edx nmi n-1

%ebx val 1

%ecx nval 1

58

For Loop Translation P164

for ( init-expr, test-expr, update-expr)body-statement

init-expr while ( test-expr) {

body-statementupdate-expr

}

59

For Loop Translation P165

int fib_f(int n) {

int i;int val=1;int nval=1;

for ( i=1; i<n; i++ ) {int t = val + nval ;val = nval ; nval = t ;

}return val ;

}

60

Switch statements P167

int switch_eg(int x) {

int result = x ;switch ( x ) {case 100:

result *= 13 ;break ;

case 102:result += 10 ;/* fall through */

case 103result += 11;break ;

case 104: case 106:

result *= result ;break ;

default:result = 0 ;

}return result ;

}

61

Switch Construct

• Properties of Switch Construct– Integer testing– Multiple outcomes (may be a large number)– Improve the readability of the source code

62


case 104: case 106:result *= result

;break ;


}return result ;

}

Switch Statements

int switch_eg(int x)

{

int result = x ;

switch ( x ) {

case 100:

result *= 13 ;

break ;

case 102:

result += 10 ;

/* fall through */

Integer

testing

Multiple cases

63

Switch Form

switch(op) { case val_0: Block 0 case val_1: Block 1 • • • case val_n-1: Block n–1}

64

Jump Table

• Efficient implementation• Avoid long sequence of if-else statement• Criteria

– the number of cases and the sparsity of the case value

65

Jump Table Implementation

Targ0

Targ1

Targ2

Targn-1

•••

jtab:

Jump Table

target = JTab[op];goto *target;

Approx. Translation

Code Block0

Targ0:

Code Block1

Targ1:

Code Block2

Targ2:

Code Blockn–1

Targn-1:

•••

Jump Targets

66


case 104: case 106:result *= result

;break ;


}return result ;

}

Switch Statements

int switch_eg(int x)

{

int result = x ;

switch ( x ) {

case 100:

result *= 13 ;

break ;

case 102:

result += 10 ;

/* fall through */

Integer

testing

Multiple cases

67

Jump Table Implementation P167

int switch_eg_goto ( int x) {

unsigned xi = x-100;int result = x ;if ( xi >6 )

goto loc_def ;goto jt[xi];

loc_a:result *= 13 ;goto done ;

loc_b:result += 10 ;

loc_c:result +=11;

goto done ; loc_d:

result *= result ;goto done ;

loc_def:result = 0 ;

done:return result ;

}

code jt[7] = {loc_a, loc_def, loc_b, loc_c, loc_d, loc_def, loc_d};

68

Jump Table Implementation P168

1. lea –100(%edx), %eax

2. cmpl $6, %eax

3. ja. L9

4. jmp *.L10(, %eax, 4)

5. .L4:

6. leal ( %edx, %edx, 2), %eax

7. leal (%edx, %eax, 4), %edx

8. jmp .L3

9. .L5:

10. addl $10, %edx

69

Jump Table Implementation

11. .L6:

12. addl $11, %edx

13. jmp .L3

14. .L8:

15. imull %edx, %edx

16. jmp .L3

17. .L9:

18. xorl %edx, %edx

19. .L3:

20. movl %edx, %eax

70

Jump Table P169

1. .section .rodata

2. .align 4

3. .L10:

4. .long .L4 case 100: loc_a

5. .long .L9 case 101: loc_def

6. .long .L5 case 102: loc_b

7. .long .L6 case 103: loc_c

8. .long .L8 case 104: loc_d

9. .long .L9 case 105: loc_def

10. .long .L8 case 106: loc_d

1 machine-level representation of programs Ⅱ. 2 outline data movement data manipulation control...

Documents