CS 3843 Computer Organization

1

CS 3843 Computer Organization

Prof. Qi TianFall 2013

http://www.cs.utsa.edu/~qitian/CS3843/

2

Chapter 3 Machine-Level Representations of Programs

• 11/11/2013 (Monday)– Section 3.7.5 Procedure– Quiz 4

3


• 11/08/2013 (Friday)– Tracking a recursive procedure Section 3.7.5– Solution is posted under Resources.

• 11/06/2013 (Wednesday)– Tracking a procedure Section 3.7.4– Tracking a recursive procedure Section 3.7.5– Reminder: Quiz on Friday Nov. 8

• 11/04/2013 (Monday)– Section 3.7.4 Procedure– 2nd Midterm Exam on Friday Nov. 15

4


• 11/01/2013 (Friday)– Loop slides 89-96– Questions on Assignment 4

• 10/30/2013 (Wednesday)– Practice Problems on Conditional Flags– Reminder: Quiz on Friday Nov. 1st

• 10/28/2013 (Monday)– Jump Instructions slides 76-87– Assignment 4 is due Nov. 4.

5


• The week of 10/21-10/25– Replacement Lectures by Prof. Turgay Korkmaz

and TA – Slides 52-75

6


• 10/18/2013 (Friday)– Shift Operations– Examples 4-8– Note: Conference Travel Oct. 21-25.

• Replacement Lectures by Prof. Turgay Korkmaz and TA

• 10/16/2013 (Wednesday)– Examples 2-3– Arithmetic and Logical Operations– Practice Problems 4 and 5– Slides 33-42

• 10/14/2013 (Monday)– Movement Instructions– Practice Problems 2 and 3, Example 1– Slides 26-32

7


• 10/11/2013 (Friday)– Operand forms– Practice Problem 1

• 10/09/2013 (Wednesday)– An introduction to Assembly Code

• Read Sections 3.1-3.3• Slides 1-16

8

Example of Assembly Codes

• Example 1 – sum.cint add(int x, int y) {

int z;z=x+y;return z;

}

• What is its assembly code?gcc –O1 –S sum.c

• Department Machines: elk01(~08).cs.utsa.edu

9

sum.s .file "sum.c" .text.globl add .type add, @functionadd: pushl %ebp movl %esp, %ebp movl 12(%ebp), %eax addl 8(%ebp), %eax popl %ebp ret .size add, .-add .ident "GCC: (Ubuntu 4.3.3-5ubuntu4) 4.3.3" .section .note.GNU-stack,"",@progbits

• Ignore the lines that start with .

• The pushl and popl save and restore %ebp

• In movl, the first argument is the source, and the second is the destination

• addl adds the source and destination and stores the results in the destination

• %eax is used to hold the return value.

• x and y are at 8(%ebp) and 12(%ebp)

• Stack set-up and completion

10

Assembly Code

• Highly machine specific• Why study it?

– Being able to read and understand it is an important skill for serious programmers.

– Shifted over the years from one of being able to write programs directly in assembly to one of being able to read and understand the code generated by compilers.

11

An Introduction to Assembly Language

• IA32 – Intel Architecture 32-bits– The dominant machine language of most computers, and x86-64, its

extension to run on 64-bit machine.– All the examples in this chapter are related mainly to 32-bits IA32 – it is

our focus.– Computers execute machine code.

• Sequences of bytes encoding low-level operations.– Assembly Code: a textual representation for the machine code giving

the individual instructions in the program.– Complier, e.g., gcc C complier invokes an assembler and a linker to

generate the executable machine code from the assembly code.• We take a close look at machine code and its human-readable

representation as assembly code.

12

ATT versus Intel Assembly-code formats

• In our representation, we use ATT-format– The default format for GCC, OBJDUMP, and the

other tools • Other programming tools, including those

from Microsoft as well as the documentations from Intel, use Intel-format.– gcc –O1 –S –masm=intel sum.c

13

In the simplest assembly language model, a computer consists of -• A main memory

– An array of bytes– Consecutive numbered start at 0.

• These numbers are called memory addresses.

• A program counter or PC– Hold a memory address.– Called %eip in IA32.

• A register file containing a small number of named locations.– Each location (register) can hold a fixed amount of information corresponding to the word size of the machines

• Typical word size is 4 bytes (32-bits machine)• %eax, %edx, %ecx, %ebx, %esi, %edi, %esp, %ebp (8 registers)

• Conditional code registers– Contain information about the last arithmetic or logical operation.– For example, ZF (zero flag) is set if the last operation resulted in 0.– For example, SF (sign flg) is set if the last operation yielded a negative value.

• A set of floating-point registers for holding floating-point data

14

Section 3.1 History of Intel Processor Line

• 1972: 8008 (3.5K) - first Intel microprocessor with 8-bit words. The instruction set was designed by Datapoint Corporation which was a leading maker of programmable CRT terminals. Datapoint was based in San Antonio, so you might say that the Intel architecture started just a few miles from here.

• 1974: 8080 (4.5K) - first successful Intel microprocessor, had some 16-bit instructions. • 1978: 8086 (29K) - One of the first 16-bit microprocessors.

20-bit addresses with segmented address space. • 1979: 8088 (29K) - An 8086 with an 8-bit external bus - basis of the original IBM PC • 1980: 8087 (45K) - A floating point coprocessor for the 8086 and 8088, formed the bases for IEEE floating point standard. • 1982: 80286 (134K) - basis of the IBM PC-AT and MS Windows • 1985: 80386 (275K) (also called i386 – expanded the architecture to 32 bits) - added flat address space, could run Linux. • 1989: 80486 (1.2M) - integrated the floating point processor • 1993: Pentium (3.1M) - improved performance • 1995: PentiumPro (5.5M) - new processor design • 1997: Pentium 2 (7M) - more of the same • 1999: Pentium 3 (8.2M) - new floating point instructions • 2000: Pentium 4 (42M) - double precision floating point and many new instructions. • 2004: Pentium 4E (125M) - added hyperthreading • 2006: Core2 Duo (291M) - multiple cores, not hyperthreading • 2008: Core i7 Quad (781M) - multiple cores and hyperthreading • 2010: Itanium Tukwila (2B) - instruction-level parallelism • 2011: Xeon Westmere (2.6B) - 10 cores

15

Stack

• Stack– Some region of memory– A data structure where values can be added or

deleted, but only according to a “last-in, first-out” discipline

– push: add data– pop: remove data

16

Consider the followingint sum(int x, int y) {

return x + y;}• Before the function is entered, a stack is set up with the stack pointer contained in

a designated register (%esp).• The stack grows toward low memory.• The stack pointer points to the last item pushed on the stack.• The values of x and y are pushed on the stack.• The return address is also pushed on the stack.• Assume %esp is the stack pointer and all items are 4 bytes.• The return address is at 0(%esp) and the return value stored in %eax.• x is at 4(%esp).• y is at 8(%esp).

17

Machine code• cc –c sum.s• objdump –d sum.o which produces---------------------------------------------------------sum.o: file format elf32-i386

Disassembly of section .text:

00000000 <add>: 0: 55 push %ebp 1: 89 e5 mov %esp,%ebp 3: 8b 45 0c mov 0xc(%ebp),%eax 6: 03 45 08 add 0x8(%ebp),%eax 9: 5d pop %ebp a: c3 ret

• To inspect the contents of machine-code files, a class of programs known as disasemblers can be invaluable.

• objdump (for “object dump”) generates a format similar to assembly code from the machine code.

• Each instruction takes up 1 to 15 bytes

• Common instructions such as push, pop, or ret, are short

18

Machine Code• To use this program, we need a main to call it:• e1.c --------------------------------------------------------------------

int add(int x, int y);int main() {

int x = 12; int y = 31; int z; z=add(x, y); printf("x is %d, y is %d, and z is %d\n", x, y, z); return 0;

}

• We do: cc –O1 –S e1.c to create: e1.s which is…

19

e1.s – Machine codemain: leal 4(%esp), %ecx andl $-16, %esp pushl -4(%ecx) pushl %ebp movl %esp, %ebp pushl %ecx subl $20, %esp movl $31, 4(%esp) movl $12, (%esp) call add movl %eax, 12(%esp) movl $31, 8(%esp) movl $12, 4(%esp) movl $.LC0, (%esp) call printf movl $0, %eax addl $20, %esp popl %ecx popl %ebp leal -4(%ecx), %esp ret

21

Section 3.2 Program Encoding• gcc –O1 –o sum sum.c

– The -O1 is a compiler directive telling it to limit the optimizations used. – The compiler generates assembly code: sum.s – The assembler converts the assembly code into object code: sum.o – The linker combines the object code with the libraries to produce an

executable: sum– The sum.s file is not saved by default.

• You can look at the assembly code generated using:gcc -O1 -S sum.c– This produces a file sum.s in ATT format.

• gcc –O1 –o sum sum.c– This produces a file sum.s in Intel format.

• gcc –O1 –S –masm=intel sum.c

22

IA32 32-bit registers

• Eight 32-bits registers %eax: accumulator

%ecx: counter %edx: data

%ebx: base %esi: source %edi: destination %esp: stack pointer%ebp: frame pointer

23

Section 3.4 Access Information• IA32 Registers

− 8 8-bit registers− 8 16-bit registers− 8 32-bit registers

• The first 6 32-bits registers can be considered general purpose registers, but historically they had specific uses.

• You can modify the 8-bit registers without modifying the rest of the bits of the corresponding 32-bit register.

24

Why these strange names?

• goes back to the 8080, an 8-bit machine with registers: A, B, C, D, etc.– The 8086 had 16-bit registers: ax, bx, cx, dx, where ax was

made up of 2 8-bit registers, al and ah.– Similarly with bx, cx, and dx.– The 32-bit version (80386) extended these to 32 bits, making

eax, ebx, etc.– The low 16 bits of eax are just ax, and ax is made up of ah

and al. • The 64-bit architecture has 128 64-bit registers called r0

- r127.

25

Section 3.3 Data Formats for IA 32• b Byte: 8 bits (of course)

– used for char • w Word: 16 bits (for compatability with 16-bit architecture)

– used for short • l Double Word: 32 bits

– used for int, long, and pointers • s Single Precision: 32 bits

– used for float • l Double Precision: 64 bits

– used for double • t Extended Precision: 80 or 96 bits

– used for long double • No direct support for long long (64-bit ints).

Operations must be done in pieces.

26

Section 3.4.1 Operand Specifiers

• There are 11 basic forms for operands.– 1 for immediate (constant) values– 1 for registers– The rest are for memory.

• Three operand types:– Immediate, is for constant values

• Written with a $ followed by an integer, e.g., $-577 or $0x17

– Register, denote the contents of one of the registers• Its value R[Ea]

– Memory, • Mb[Addr] to denote the b-byte value stored in memory starting at address Addr

27

Operand Forms

• Operands can denote immediate (constant) values, register values, or values from memory. • The scaling factor s must be either 1, 2, 4, or 8• The general form is shown at the bottom of the table.

28

Practice Problem 1• Assume the following values are stored at the indicated memory

addresses and registers Address Values Register Values --------------------------------------------------- 0x100 0xFF %eax 0x100 0x104 0xAB %ecx 0x1 0x108 0x13 %edx 0x3 0x10C 0x11 Fill the following table:

Operand Value Operand Value ---------------------------------------------------- --------------------------------------------------- %eax ________ 9(%eax, %edx) __________ 0x104 ________ 260(%ecx, %edx) __________ $0x108 _________ 0xFC(, %ecx, 4) __________ (%eax) _________ (%eax, %edx, 4) __________ 4(%eax) _________

29

Practice Problem 1 - Solution• Assume the following values are stored at the indicated memory


Operand Value Operand Value ---------------------------------------------------- --------------------------------------------------- %eax _0x100___ 9(%eax, %edx) _0x11_____ 0x104 _0xAB____ 260(%ecx, %edx) _0x13_____ $0x108 _0x108____ 0xFC(, %ecx, 4) _0xFF_____ (%eax) __0xFF____ (%eax, %edx, 4) _0x11_____ 4(%eax) __0xAB___

30

Data Movement Instructions

• MOV classes– movb, movw, movl– Operate on the data size of 1, 2, and 4 bytes,

respectively– movs, movz classes

• movsbw, movsbl, movswl– Sign-extended

• movzbw, movzbl, movzwl– Zero-extended

Data Movement InstructionsInstruction Effect DescriptionMOV S, D D S Movemovb Move bytesmovw Move wordsmovl Move double words

MOVS S, D D SignExtend(S) Move with sign extensionmovsbw Move sign-extended byte to wordmovsbl Move sign-extended byte to double wordmovswl Move sign-extended word to double word

MOVZ S,D D ZeroExtend(S) Move with zero extensionmovzbw Move zero-extended byte to wordmovzbl Move zero-extended byte to double wordmovzwl Move zero-extended word to double word

pushl S R[%esp] R[%esp]-4 Push double wordM[R[%esp]] S

popl D D M[R[%esp]]; Pop double wordR[%esp] R[%esp]+4

32

Practice Problem 2• Assume initially that %dh = 0xCD, %eax = 0x98765432

1. movb %dh, %al %eax =?2. movsbl %dh, %eax %eax = ?3. movzbl %dh, %eax %eax = ?

33

Practice Problem 2- Solution• Assume initially that %dh = 0xCD, %eax = 0x98765432

1. movb %dh, %al %eax = 0x987654CD2. movsbl %dh, %eax %eax = 0xFFFFFFCD3. movzbl %dh, %eax %eax = 0x000000CD

34

Practice Problem 3

• What’s wrong with each line?1. movb $0xF, (%bl)2. movl %ax, (%esp)3. movw (%eax), 4(%esp)4. movb %ah, %sh5. movl %eax, $0x1236. movl %eax, %dx7. movb %si, 8(%ebp)

35

Practice Problem 3 - Solution• What’s wrong with each line?

1. movb $0xF, (%bl) Ans: cannot use %bl as address register

2. movl %ax, (%esp)Ans: mismatch between suffix with register ID

3. movw (%eax), 4(%esp)Ans: cannot have both source and destination be memory address

4. movb %ah, %shAns: no register named %sh

5. movl %eax, $0x123Ans: Cannot have immediate as destination

6. movl %eax, %dxAns: Destination operand incorrect size

7. movb %si, 8(%ebp)Ans: Mismatch between instruction suffix with register ID.

36

Example 1

Example 1: int simple(int x) {

return x+17; }Complies to:simple: pushl %ebp movl %esp, %ebp movl 8(%ebp), %eax // x into %eax addl $17, %eax // x+17 into %eax popl %ebp ret

37

Example 2Example 2: int array(int* s, int i) { return s[i];}Complies to:array: pushl %ebp movl %esp, %ebp movl 12(%ebp), %eax movl 8(%ebp), %edx movl (%edx,%eax,4), %eax popl %ebp ret

Question: if we changed this to an array of short, could we just change the 4 to 2?

38

Example 2Example 2: int array(int* s, int i) { return s[i];}Complies to:array: pushl %ebp movl %esp, %ebp movl 12(%ebp), %eax // i into %eax movl 8(%ebp), %edx // s into %edx movl (%edx,%eax,4), %eax // M[S+4*i] -> %eax popl %ebp ret

Question: if we changed this to an array of short, could we just change the 4 to 2?

39

Example 3Example 3short array(short* s, int i) { return s[i];}Complies to:

array: pushl %ebp movl %esp, %ebp movl 12(%ebp), %eax movl 8(%ebp), %edx movzwl (%edx,%eax,2), %eax popl %ebp retQuestions: 1) what does the movzwl do? 2) What value would be returned in %eax if the array contained -1?

40

Example 3Example 3short array(short* s, int i) { return s[i];}Complies to:

array: pushl %ebp movl %esp, %ebp movl 12(%ebp), %eax // i into %eax movl 8(%ebp), %edx // s into %edx movzwl (%edx,%eax,2), %eax // M[s+i*2] -> %eax popl %ebp retQuestions: 1) what does the movzwl do? 2) What value would be returned in %eax if the array contained -1?

41

3.5 Arithmetic and Logical OperationsInstruction Effect Descriptionleal S, D D &S Load effective address

INC D D D+1 IncrementDEC D D D-1 DecrementNEG D D -D NegateNOT D D ~D Complement

ADD S, D D S+D AddSUB S, D D D-S SubtractIMUL S, D D D*S MultiplyXOR S, D D D^S Exclusive-orOR S, D D D | S OrAND S, D D D & S And

SAL k, D D D<< k Left ShiftSHL k, D D D<< k Left Shift (same as SAL)SAR k, D D D>>A k Arithmetic right shiftSHR k, D D D>>L k Logical right shift

Figure 3.7 Integer arithmetic operations. The load effective address (leal) instruction is commonly used to perform simple arithmetic. The remaining ones are more standard unary or binary operations. We use the notation >>A and >>L to denote arithmetic and logical right shift, respectively.

42

Section 3.5.2 Unary and Binary Operations

• Unary operations: inc, dec, neg, not

• Binary operations: – Operate on source and destination, storing results

in destination– add, sub, imul– xor, or, and

• Bitwise operations

43

Practice Problem 4 Suppose register %eax holds value x and %ecx holds value y. Fill in the table below with formulas indicating the value that will be stored in register %edx for each of the given assembly code instructions:

Instruction Result______________________________________________________________________

leal 6(%eax), %edx _____________leal (%eax, %ecx), %edx _____________leal 7(%eax, %eax, 8), %edx _____________leal 0xA(, %ecx, 4), %edx _____________leal 9(%eax, %ecx, 2), %edx _____________

44

Practice Problem 4 - SolutionSuppose register %eax holds value x and %ecx holds value y. Fill in the table below with formulas indicating the value that will be stored in register %edx for each of the given assembly code instructions:

Instruction Result______________________________________________________________________

leal 6(%eax), %edx ____6+x______leal (%eax, %ecx), %edx ___x+y______leal 7(%eax, %eax, 8), %edx ___7+x+8y___leal 0xA(, %ecx, 4), %edx ___10+4y____leal 9(%eax, %ecx, 2), %edx ___9+x+2y___

45

Practice Problem 5• Assume the following values are stored at the indicated memory


Instruction Destination Value ________________________________________________________ addl %ecx, (%eax) ________ ________ subl %edx, 4(%eax) ________ ________ imul $16, (%eax, %edx, 4) ________ ________ incl 8(%eax) ________ ________ decl %ecx ________ ________ subl %edx, %eax ________ ________

46

Practice Problem 5 Solution• Assume the following values are stored at the indicated memory


Instruction Destination Value ________________________________________________________ addl %ecx, (%eax) _0x100__ __0x100_ subl %edx, 4(%eax) _0x104__ __0xA8__ imul $16, (%eax, %edx, 4) _0x10C_ __0x110__ incl 8(%eax) _0x108__ __0x14_ decl %ecx _%ecx__ __0x0___ subl %edx, %eax _%eax___ _0xFD__

47

Section 3.5.3: Shift Operations• D=[xn-1,xn-2, …, x0]• Left Shift

– SAL, SHL are same– D<<k = [xn-k-1,xn-k-2, …, x0, 0,0,…0]

• Dropping off the k most significant bits

• Right Shift– SAR: arithmetic right shift

• D>>Ak = [xn-1, xn-1, …, xn-1,xn-2, …, xk]

– SHR: logical right shift• D>>Lk = [0, 0, …, 0,xn-1,xn-2, …, xk]

• Shift Amounts– k is encoded as a single byte, since only shift amounts between 0 and 31 are possible

(only the low-order 5 bits of the shift amounts are considered)– Shift amount is given either as an immediate or in the single byte register element %cl

48

Practice Problem 6Suppose we want to generate assembly code for the following C function:int shift_left2_rightn(int x, int n) { x << = 2; x >> = n;}The code that follows is a portion of the assembly code that performs the actual shifts and leaves the final value in register %eax. Two key instructions have been omitted. Parameters x and n are stored at memory locations with offsets 8 and 12, respectively to the address in register %ebp.

1. movl 8(%ebp), %eax // get x2. _____________________ // x << =23. movl 12(%ebp), %ecx // get n4. _____________________ // x >> = n

49

Practice Problem 6 - SolutionSuppose we want to generate assembly code for the following C function:int shift_left2_rightn(int x, int n) { x << = 2; x >> = n;}The code that follows is a portion of the assembly code that performs the actual shifts and leaves the final value in register %eax. Two key instructions have been omitted. Parameters x and n are stored at memory locations with offsets 8 and 12, respectively to the address in register %ebp.

1. movl 8(%ebp), %eax // get x2. _sall $2, %eax_____ // x << =23. movl 12(%ebp), %ecx // get n4. __sarl %cl, %eax____ // x >> = n

50

Example 4 Example 4void array_set(int* s, int i, int value) {

s[i]= value;}

Compiles to:array_set: pushl %ebp movl %esp, %ebp // add comments movl 16(%ebp), %ecx // movl 12(%ebp), %edx // movl 8(%ebp), %eax // movl %ecx, (%eax,%edx,4) // popl %ebp ret

51

Example 4 Example 4void array_set(int* s, int i, int value) {

s[i]= value;}

Compiles to:array_set: pushl %ebp movl %esp, %ebp movl 16(%ebp), %ecx // value into %ecx movl 12(%ebp), %edx // i into %edx movl 8(%ebp), %eax // s into %eax movl %ecx, (%eax,%edx,4) // value into memory at (s + 4*i) popl %ebp ret

52

Example 5Example 5: Examples 4 using shortvoid array_set(short* s, short i, short value) {

s[i]= value;}Compiles to:array_set: pushl %ebp movl %esp, %ebp // add comments here movl 16(%ebp), %ecx // movl 12(%ebp), %edx // movl 8(%ebp), %eax // movw %cx, (%eax,%edx,2) // popl %ebp ret

Note: the use of movw and cx instead of movl and ecxNote: 4 bytes are used to store value on the stack, even though only 2 are needed.

53

Example 5Example 5: Examples 4 using shortvoid array_set(short* s, short i, short value) {

s[i]= value;}Compiles to:array_set: pushl %ebp movl %esp, %ebp movl 16(%ebp), %ecx // value into %ecx movl 12(%ebp), %edx // i into %edx movl 8(%ebp), %eax // s into %eax movw %cx, (%eax,%edx,2) // value into memory at (s+ 2*i) popl %ebp ret

Note: the use of movw and cx instead of movl and ecxNote: 4 bytes are used to store value on the stack, even though only 2 are needed.

54

Example 6 Example 6: using long longlong long array(long long* s, int i) {

return s[i];}Compiles to:array: pushl %ebp movl %esp, %ebp // add comments here movl 12(%ebp), %edx // movl 8(%ebp), %eax // leal (%eax,%edx,8), %edx // movl (%edx), %eax // movl 4(%edx), %edx // popl %ebp ret

55

Example 6 Example 6: using long longlong long array(long long* s, int i) {

return s[i];}Compiles to:array: pushl %ebp movl %esp, %ebp movl 12(%ebp), %edx // mov i into %edx movl 8(%ebp), %eax // s into %eax leal (%eax,%edx,8), %edx // address of s[i] into %edx movl (%edx), %eax // low 32 bits of s[i] into %edx movl 4(%edx), %edx // high 32 bits of s[i] into %edx popl %ebp // 64-bit return value in %edx, %eax ret

56

Example 7: Using Pointer Parametervoid exchange(int *xp, int *yp) { int temp; temp = *xp; *xp = *yp; *yp = temp;}Compiles to

exchange: pushl %ebp movl %esp, %ebp pushl %ebx // add comments movl 8(%ebp), %edx // movl 12(%ebp), %ecx // movl (%edx), %ebx // movl (%ecx), %eax // movl %eax, (%edx) // movl %ebx, (%ecx) // popl %ebx // popl %ebp // retQuestion: It takes 4 movl instructions to do the exchange. The C source code does this in 3 moves? Why?

57

Example 7: Using Pointer Parametervoid exchange(int *xp, int *yp) { int temp; temp = *xp; *xp = *yp; *yp = temp;}Compiles to

exchange: pushl %ebp movl %esp, %ebp pushl %ebx movl 8(%ebp), %edx // %edx = xp movl 12(%ebp), %ecx // %ecx = yp movl (%edx), %ebx // %ebx = *xp movl (%ecx), %eax // %eax = *yp movl %eax, (%edx) // *xp = *yp movl %ebx, (%ecx) // *yp = *xp popl %ebx popl %ebp retQuestion: It takes 4 movl instructions to do the exchange. The C source code does this in 3 moves? Why?

58

Example 8: Arithmetic and Logical Operations

int arith(int x, int y, int z) { int t1 = x + y; int t2 = z + t1; int t3 = x + 4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval;}Compiles toarith: pushl %ebp movl %esp, %ebp // add comments here movl 8(%ebp), %ecx // movl 12(%ebp), %edx // leal (%edx,%edx,2), %eax // sall $4, %eax // leal 4(%ecx,%eax), %eax // addl %ecx, %edx // addl 16(%ebp), %edx // imull %edx, %eax // popl %ebp ret

59

Example 8: Arithmetic and Logical Operations

int arith(int x, int y, int z) { int t1 = x + y; int t2 = z + t1; int t3 = x + 4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval;}Compiles toarith: pushl %ebp movl %esp, %ebp movl 8(%ebp), %ecx // %ecx = x movl 12(%ebp), %edx // %edx = y leal (%edx,%edx,2), %eax // %eax = y+2*y = 3y sall $4, %eax // %eax = 16*3y=48y =t4 leal 4(%ecx,%eax), %eax // %eax = 4+x+48y =t3+t4=t5 addl %ecx, %edx // %edx = x + y=t1 addl 16(%ebp), %edx // %edx = z+t1 = t2 imull %edx, %eax // %eax = t2*t5 popl %ebp ret

60

3.5.4 Discussions

• What does the following instruction do?

xorl %eax, %eax

61

3.5.4 Discussions

• What does the following instruction do?

xorl %eax, %eax

Ans: Set %eax to zero

62

Section 3.5. Special Arithmetic Operations

• 5 special operations– imull, mull, cltd, idivl, divl

Instruction Effect Descriptionimull S R[%edx]: R[%eax] S × R[%eax] Signed full multiply

mull S R[%edx]: R[%eax] S × R[%eax] Unsigned full multiply

cltd R[%edx]: R[%eax] SignExtend(R[%eax]) Convert to quad word

idivl S R[%edx] R[%edx] : R[%eax] mod S; Signed divide (remainder)

R[%eax] R[%edx] : R[%eax] S; Quotient

divl S R[%edx] R[%edx] : R[%eax] mod S; Unsigned divide (remainder)

R[%eax] R[%edx] : R[%eax] S; Quotient

63

imull and mull

• Take one operand: imull S• Multiply the operand by %eax• The resulting 64 bits are put in %edx (high

bits) and %eax (low bits)– Compared to imull S, D

• imull throws away the high order bits that do not fit in the destination

• imull is for signed and mull is for unsigned

64

ExampleSuppose we have signed numbers x and y stored at positions 8 and 12 relative to %ebp, and we want to store their full 64-bit product as 8 bytes on top of the stack.

1. movl 12(%ebp), %eax // y into %eax2. imul 8(%ebp) // x * y in R[%edx]:R[%eax]3. movl %eax, (%esp) // store low 32 bits4. movl %edx, 4(%esp) // store high 32 bits

Note: Assume little endian machine

65

idivl and divl

• Take one operand: idvil S• Divide the 64-bit R[%edx]:R[%eax] by the operand• The low 32 bits of the quotient are put in %eax• The remainder is put into %edx

66

Example 9

• Suppose we have signed numbers x and y stored at positions 8 and 12 relative to %ebp

1. movl 8(%ebp), %eax2. cltd3. idivl 12(%ebp)4. movl %eax, 4(%esp)5. movl %edx, (%esp)

67

Example 9

• Suppose we have signed numbers x and y stored at positions 8 and 12 relative to %ebp

1. movl 8(%ebp), %eax // x into %eax2. cltd // sign extended into %edx3. idivl 12(%ebp) // divide x by y4. movl %eax, 4(%esp) // x/y 5. movl %edx, (%esp) // x % y = x mod y

68

Section 3.6 Control

• Section 3.6.1 Conditional CodesIA32 uses four single-bit flags called conditional codes which are set by certain instructions based on the result of the instruction.

Flag Name UseCF Carry flag Carry out of the most significant bit. Used to detect overflow

for unsigned operations.ZF Zero flag The most recent operation yielded zero.SF Sign flag The most recent operation yielded a negative value.OF Overflow flag The most recent operation caused a two's-complement

overflow - either positive or negative. (for signed overflow)

69

Conditional Codes

• OF flag: result of add or sub has wrong sign– addl sets the OF if both operands have the same

sign, but the result has a different sign.– Subl A, B calculates B-A and sets OF if B>0, A<0, and B-A <0 or B<0, A>0, and B-A > 0

70

Conditional Codes

• CF flag: carry out of high bit– addl sets CF if unsigned result does not fit. e.g., 8-bit unsigned operation: 127+ 131 = 2 – For shift operations

• CF is set to be the last bit shifted out. • sal and shl set the carry bit to the former MSB (most

significant bit)• sar and shr set the carry bit to the former LSB (least

significant bit)

71

Conditional Codes

• The following instructions set the conditional codes appropriately:inc, dec, neg, not, add, sub, mul, imul, div, idiv, xor, or, and, sal, shl, sar, shr

• The following instructions do not modify the condition codes:

mov, leal, push, pop, call, ret, cltd

72

Comparison and Test Instructions

Instruction Based on DescriptionCMP S2, S1 S1- S2 Comparecmpb Compare bytecmpw Compare wordcmpl Compare double word

TEST S2, S1 S1 & S2 Testtestb Test bytetestw Test wordtestl Test double word

These do not store the resulting computation in the destination, only the conditional codes are set.

73

Example

• Suppose we used one of the ADD instructions to perform the equivalent of the C assignment t=a+b, where variables a, b, and t are integers.

• CF: (unsigned) t < (unsigned) a Unsigned Overflow• ZF: (t == 0) Zero• SF: (t < 0) Negative• OF: (a < 0 == b < 0) && (t < 0 != a < 0) signed overflow

74

3.6.2 Accessing the Condition Codes

• You can set a byte to 0 or 1 on the condition flags with the set instructions.

• These take a single byte operand as the destination: either an 8-bit register or a single byte of memory.

75

The SET instructionsInstruction Synonym Effect Descriptionsete D setz D = ZF Equal or zeroSetne D setnz D=~ZF Not equal or not zerosets D D = SF negativesetns D D = ~SF nonnegative

setg D setnle D ~(SFÔF) & ~ZF Greater (signed >)setge D setnl D ~(SFÔF) Greater or equal (signed >=)setl D setnge D SFÔF Less (signed <)setle D Setng D (SFÔF) | ZF Less or equal (signed <=)

seta D setnbe D ~CF & ~ZF Above (unsigned >)setae D setnb D ~CF Above or equal (unsigned >=)setb D setnae D CF Below (unsigned <)Setbe D setna D CF|ZF Below or equal (unsigned <=)

• The important part of this table is the effect field which shows how the 4 condition codes are related to various tests.

• The description field is based on a previous instruction of the form cmp S2, S1

negative refers to the value of S1-S2

greater, less, above, or below refer to comparing S1 to S2

signed

unsigned

76

Unsigned Comparison• In interpreting the effect and description, consider the instruction: cmpl S2, S1 which calculates S1-S2

If S1 and S2 are unsigned, S1 is above S2 if the result of S1-S2 is not zero and does not set the carry flag.

D ~CF & ~ZF

• The other three comparisons can be understood from this one using de Morgan’s laws.

77

Signed Comparison• The signed comparison are a bit more complicated• Consider greater than or equal test condition.

o Under what conditions S1 >= S2o Answer: S1 – S2 >=0o This would indicate that we just want SF =0o But recall, that sometimes the SF is incorrect.o This is indicated by the OF flag.o So if SF is correct (OF=0), we just test SF=0, or ~SF.o If SF is incorrect (OF=1), we want SF=1.o This is ~(SF^OF)o ^ is exclusive or

• Other signed comparison can be gotten from >= using De Morgan’s laws.

78

Example

• Consider the following code segment: cmpl $10, $20 jle .L1Does this jump?

79

Example

• Consider the following code segment: cmpl $10, $20 jle .L1Does this jump?

Ans: No

80

Section 3.6.3 Jump Instructions and Their Encoding

• Jump instruction change the flow of control so that the next instruction executed is not the next instruction.

• Traditional instruction cycle, also called fetch-and-execute cycle or fetch-decode-execute cycle.

• The program counter (PC) register contains the address of the next instruction to execute.– Fetch: read the instruction whose address is in the PC– Increment PC: increment PC so that it points to the next

instruction.– Decode: determine what instruction this is.– Execute: do what the instruction indicates.– Store: store the result.

81

Section 3.6.3 Jump Instructions and Their Encoding

Instruction Synonym Jump condition Descriptionjmp Label 1 Direct jumpJmp *Operand 1 Indirect jump

je Label jz ZF Equal /zerojne Label jnz ~ZF Not equal / not zero

js Label SF Negativejns Label ~SF Nonnegative

jg Label jnle ~(SFÔF) & ~ZF Greater (signed >)jge Label jnl ~(SFÔF) Greater or equal (signed >=)jl Label jnge SFÔF Less (signed <)jle Label jng (SFÔF) | ZF Less or equal (signed <=)

ja Label jnbe ~CF & ~ZF Above (unsigned >)jae Label jnb ~CF Above or equal (unsigned >=)jb Label jnae CF Below (unsigned <)jbe Label jna CF |ZF Below or equal (unsigned <=)

Figure. 3.12. The jump instructions. These instructions jump to a labeled destination when the jump condition holds. Some instructions have “synonyms”, alternate names for the same machine instructions.

unconditional

conditional

82

Unconditional jump Instruction1. mov1 $0, %eax // set %eax to 02. jmp .L1 // goto .L13. movl (%eax), %edx // will be skipped4. .L1:5. popl %edx

• IA 32 unconditional jump instructions:Two types: direct and indirectjmp Label jmp *Operand jmp *%eax // use the value in register %eax as the jump target

jmp *(%eax) // use the value in register %eax as the read address

• Unconditional jumps are rarely used, except with conditional jumps.

83

Conditional jump ExampleAn example: jump.c int simple_jump(int x, int y, int z) { if (x == 0) return y-z; return z-y;}

After cc –O1 –S jump.c, jump.s contains

simple_jump: pushl %ebp movl %esp, %ebp cmpl $0, 8(%ebp) jne .L2 movl 12(%ebp), %eax subl 16(%ebp), %eax jmp .L3.L2: movl 16(%ebp), %eax subl 12(%ebp), %eax.L3: popl %ebp ret

84

Conditional jump ExampleAn example: jump.c int simple_jump(int x, int y, int z) { if (x == 0) return y-z; return z-y;}

After cc –O1 –S jump.c, jump.s contains

simple_jump: pushl %ebp movl %esp, %ebp cmpl $0, 8(%ebp) // compare x to 0 jne .L2 // jmp if x ! = 0 movl 12(%ebp), %eax // y into %eax subl 16(%ebp), %eax // y-z into %eax jmp .L3 // done.L2: // this is the case x != 0 movl 16(%ebp), %eax // get z into %eax subl 12(%ebp), %eax // z-y into %eax.L3: // common return popl %ebp ret

85

Jump instruction encoding• There are several ways that jump instructions are encoded, the simplest of which is with PC-relative

destination.• After cc –c –O1 jump.c and objdump –d jump.o, we get

00000000 <simple_jump>: 0: 55 push %ebp 1: 89 e5 mov %esp,%ebp 3: 83 7d 08 00 cmpl $0x0,0x8(%ebp) 7: 75 08 jne 11 9: 8b 45 0c mov 0xc(%ebp),%eax c: 2b 45 10 sub 0x10(%ebp),%eax f: eb 06 jmp 17 11: 8b 45 10 mov 0x10(%ebp),%eax 14: 2b 45 0c sub 0xc(%ebp),%eax 17: 5d pop %ebp 18: c3 ret

• Labels have been replaced by the address relative to the start of the program.

• During the executable phase of the jne instruction at 7, the PC has the value 9 (point to the next instruction).

• The encoding of jne shows a jump offset of 8, 9+8 = 17=0x11

• During the execution of jmp instruction at f, the PC has value 11.

• The jump offset is 6, giving 0x11 +0x6 = 0x17

86

Practice Problem 7In the following excerpts from a disassembled binary, some of the information has been replaced by Xs. Answer the following questions about these instructions

A. What is the target of the je instructions below? (You don’t need to know anything about the call instruction here.)

804828f: 74 05 je XXXXXXX 8048291: e8 1e 00 00 00 call 80482b4

B. What is the target of the jb instruction below? 8048357: 72 e7 jb XXXXXXX 8048359: c6 05 10 a0 04 08 01 movb $0x1, 0x804a010

C. What is the address of the mov instruction? XXXXXXX: 74 12 je 8048391 XXXXXXX: b8 00 00 00 00 mov $0x0, %eax

87

Practice Problem 7 SolutionIn the following excerpts from a disassembled binary, some of the information has been replaced by Xs. Answer the following questions about these instructions

A. What is the target of the je instructions below? (You don’t need to know anything about the call instruction here.) 804828f: 74 05 je XXXXXXX 8048291: e8 1e 00 00 00 call 80482b4

Ans: PC = 8048291; Offset = 05; Dest = PC + Offset = 8048291 + 0x05 = 8048296

B. What is the target of the jb instruction below? 8048357: 72 e7 jb XXXXXXX 8048359: c6 05 10 a0 04 08 01 movb $0x1, 0x804a010

Ans: PC = 8048359 Offset = e7= 1110,0111=N*=-N=-[0001,1001]=-25=-0x19 Dest = PC + Offset = 8048359 -0x19 = 8048340

C. What is the address of the mov instruction? XXXXXXX: 74 12 je 8048391 XXXXXXX: b8 00 00 00 00 mov $0x0, %eax

Ans: Dest = PC + Offset => PC = Dest – Offset = 8048391 – 0x12 = 804837F Address of Jump Instruction = 804837F – 0x2= 804837D

88

Practice Problem 8D. In the code that follows, the jump target is encoded in PC-relative form as a 4-byte,

two’s-complement number. The bytes are listed from least significant to most, reflecting the little-endian byte ordering of IA32. What is the address of the jump target?

80482bf: e9 e0 ff ff ff jmp XXXXXXX 80482c4: 90 nop

E. Explain the relation between the annotation on the right and the byte coding on the left.

80482aa: ff 25 fc 9f 04 08 jmp *0x8049ffc

89

Practice Problem 8 SolutionD. In the code that follows, the jump target is encoded in PC-relative form as a 4-byte, two’s-

complement number. The bytes are listed from least significant to most, reflecting the little-endian byte ordering of IA32. What is the address of the jump target?

80482bf: e9 e0 ff ff ff jmp XXXXXXX 80482c4: 90 nop

Ans: Offset = ffff,ffe0 = -32 = -0x20; PC = 80482c4 Dest = PC + Offset = 80482c4 – 0x20 = 80482A4

E. Explain the relation between the annotation on the right and the byte coding on the left.

80482aa: ff 25 fc 9f 04 08 jmp *0x8049ffc

Ans: An indirect jump is denoted by instruction code ff 25. The address from which the jump target is to read is encoded explicitly by the following 4 bytes. Since the machine is little endian, these are given in reverse order as fc 9f 04 08.

90

Section 3.6.5 Loops• C provides several looping constructs – namely, do-while, while, and

for.• No corresponding instructions exist in machine codes. Instead,

combinations of conditional test and jumps are used to implement the effect of loops.

91

Section 3.6.5 Loops

Do-while loops While loops For loops

do body-statement while(test-expr);

while (test-expr) body-statement

for (init-expr; test-expr; update-expr) body-statement

• The effect of the loop is to repeatedly execute body-statement, evaluate test-expr, and continue the loop if the evaluation result is nonzero.

• The body-statement is executed at least once.

It differs from do-while in that test-expr is evaluated and the loops is potentially terminating before the first execution of body-statement.

Identical to the following code: init-expr; while (test-expr) { body-statement update-expr; }

92

Example 1: A do-while loopint fact_do(int n) { int result = 1; do { result *= n; n--; } while (n > 1); return result;}

And the corresponding assembly code:

fact_do: pushl %ebp movl %esp, %ebp movl 8(%ebp), %edx movl $1, %eax.L2: imull %edx, %eax subl $1, %edx cmpl $1, %edx jg .L2 popl %ebp ret

93

Example 1: A do-while loopint fact_do(int n) { int result = 1; do { result *= n; n--; } while (n > 1); return result;}

And the corresponding assembly code:

fact_do: pushl %ebp movl %esp, %ebp movl 8(%ebp), %edx // n into %edx movl $1, %eax // result is in %eax, initial value =1.L2: imull %edx, %eax // result = result * n subl $1, %edx // n--; cmpl $1, %edx // compare n to 1 jg .L2 // jump if n > 1 popl %ebp ret

94

Example 2: A while loopC code: int fact_while(int n) { int result = 1; while (n > 1) { result *= n; n--; } return result;}

The corresponding assembly code:

fact_while: pushl %ebp movl %esp, %ebp movl 8(%ebp), %edx movl $1, %eax cmpl $1, %edx jle .L3.L6: imull %edx, %eax subl $1, %edx cmpl $1, %edx jg .L6.L3: popl %ebp ret

95

Example 2: A while loopC code: int fact_while(int n) { int result = 1; while (n > 1) { result *= n; n--; } return result;}


fact_while: pushl %ebp movl %esp, %ebp movl 8(%ebp), %edx // get n into %edx movl $1, %eax // result in %eax cmpl $1, %edx // see if n > 1 jle .L3 // no, we are done.L6: imull %edx, %eax // yes, result = result * n subl $1, %edx // n--; cmpl $1, %edx // compare again jg .L6 // keep going if n > 1.L3: popl %ebp ret

96

Example 3: A for loopC code: int fact_for(int n) { int i; int result = 1; for (i=2; i <=n; i++) result *= i; return result;}


fact_for: pushl %ebp movl %esp, %ebp movl 8(%ebp), %ecx movl $2, %edx movl $1, %eax cmpl $1, %ecx jle .L3 (continue if n > =2).L6: imull %edx, %eax addl $1, %edx cmpl %edx, %ecx jge .L6).L3: popl %ebp ret

97

Example 3: A for loopC code: int fact_for(int n) { int i; int result = 1; for (i=2; i <=n; i++) result *= i; return result;}


fact_for: pushl %ebp movl %esp, %ebp movl 8(%ebp), %ecx // n into %ecx movl $2, %edx // 2 into %edx (this is i) movl $1, %eax // 1 into %eax (the result) cmpl $1, %ecx // compare n to 1 jle .L3 // done if n <=1 (continue if n > =2).L6: imull %edx, %eax // result = result * i addl $1, %edx // i++ cmpl %edx, %ecx // compare n to i jge .L6 // continue if n >=i (done if n < i).L3: popl %ebp ret

98

• We will skip the sections 3.6.6 and 3.6.7.

99

Section 3.7 Procedure

• A procedure involves:– Passing data in the form of procedure parameters

and return values– Passing control from one part of program to

another.– Allocate space for the local variables of the

procedure on entry and deallocate them on exit.

100

Section 3.7.1 Stack Frame Structure

• Procedure P calls procedure Q– P: caller– Q: callee

• The stack is used for passing parameters, for local variables, and storing other values.

• The stack is organized into pieces called Stack Frames.

• Stack frame has 2 pointers– %ebp the frame pointer

• Most information is accessed relative to the frame pointer

– %esp, the stack pointer• Can move

101

Section 3.7.1 Stack Frame Structure• The %ebp frame pointer points to the saved

%ebp register on the stack

• Usually %ebp does not change

• The first parameter is at 8(%ebp) because of the return address and saved %ebp.

• %ebp is used to address data on the caller’s stack (such as parameters)

• In our examples, %esp usually did not change during execution, but in general it will when space on the stack is allocated for

– Saved registers– Local variables– Parameters of procedures that will be called, e.g., in

Q, it calls R

102

Section 3.7.2 Transferring Control

Instruction Descriptioncall Label Procedure call – directcall *Operand Procedure call - indirectleave Prepare stack for returnret Return from call

Three instructions used for supporting procedures

• call pushes the return address (current PC) on the stack and sets the PC to the label— Current PC holds the return address – the address of next instruction— direct and indirect call

• leave is equivalent to: mov %ebp, %esp popl %ebp The purpose of the first of these is to restore the stack pointer to the value it had after

the initial push of %ebp We haven’t seen leave before because none of our procedures have needed to change

%esp, so the first of these was not necessary.

• ret pops the return address and jumps to this address.

103

Practice Problem 9• Example Section 3.2.2 sum and main - the following are excerpts of the disassembled code for the two

functions:

Beginning of function sum: 1 08048394 <sum>: 2 8048394: 55 push %ebp … Return from function sum 3 80483a4: c3 ret … call to sum from main 4 80483dc: e8 b3 ff ff ff call 8049394 <sum> 5 80483e1: 83 c4 14 add $0x14, %esp

Trace the registers %eip (PC) and %esp:

1) Before executing call, PC(%eip) = ________; % esp = 0xff9b960 2) When executing call, PC value (return address) is pushed into stack; %esp = _______; %eip = ________3) After return from call, %eip = _________; %esp = __________

104

Practice Problem 9 Solution• Example Section 3.2.2 sum and main - the following are excerpts of the disassembled code for the two

functions:

Beginning of function sum: 1 08048394 <sum>: 2 8048394: 55 push %ebp … Return from function sum 3 80483a4: c3 ret … call to sum from main 4 80483dc: e8 b3 ff ff ff call 8049394 <sum> 5 80483e1: 83 c4 14 add $0x14, %esp

Trace the registers %eip (PC) and %esp:

1) Before executing call, PC(%eip) = 80483dc; % esp = 0xff9b960 2) When executing call, PC value (return address) is pushed into stack; %esp = 0xff9b95c; %eip = 0x80483943) After return from call, %eip = 0x80483e1; %esp = 0xff9b960

105

Section 3.7.3 Register Usage Conventions

• The set of program registers acts as a single resource shared by all of the procedures.

• Only one procedure can be active at a given time• caller-save registers:

– %eax, %edx, %ecx– When Q is called by P, it can overwrite these registers without destroying any data

required by P.

• callee-save registers: – %ebx, %esi, %edi– Q must save the values of any of these registers on the stack before overwriting

them, and store them before returning. P might need these values for its further computation.

– %ebp, %esp must be maintained according to the conventions described here.

106

ExampleAssembly Code Sequence:

1. Subl $12, %esp2. movl %ebx, (%esp)3. movl %esi, 4(%esp)4. movl %edi, 8(%esp)5. movl 8(%ebp), %ebx6. movl 12(%ebp), %edi7. movl (%ebx), %esi8. movl (%edi), %eax9. movl 16(%ebp), %edx10. movl (%edx), %ecx

• Three registers (%ebx, %esi, %edi) are saved on the stack (Lines 2-4). The program modifies these and three other registers (%eax, %ecx, %edx)

• At the end of the procedure, the values of registers %edi, %esi, %ebx are restored (not shown), while the other three are left in their modified states.

107

A procedure example of Section 3.7.4

Here is the assembly code generated:

swap_add: pushl %ebp movl %esp, %ebp pushl %ebx // movl 8(%ebp), %edx // movl 12(%ebp), %ecx // movl (%edx), %ebx // movl (%ecx), %eax // movl %eax, (%edx) // movl %ebx, (%ecx) // addl %ebx, %eax // popl %ebx popl %ebp ret

C Code:

int swap_add(int *xp, int *yp) { int x = *xp; int y = *yp; *xp = y; *yp = x; return x + y;}

108



swap_add: pushl %ebp movl %esp, %ebp pushl %ebx movl 8(%ebp), %edx // xp into %edx movl 12(%ebp), %ecx // yp into %ecx movl (%edx), %ebx // x, i.e. %ebx = *xp movl (%ecx), %eax // y, i.e. %eax = *yp movl %eax, (%edx) // *xp = *yp movl %ebx, (%ecx) // *yp = *xp addl %ebx, %eax // %eax = x +y for return popl %ebx popl %ebp ret

C Code (swap_add.c)

int swap_add(int *xp, int *yp) { int x = *xp; int y = *yp; *xp = y; *yp = x; return x + y;}

109



caller: pushl %ebp movl %esp, %ebp subl $24, %esp // movl $534, -4(%ebp) // movl $1057, -8(%ebp) // leal -8(%ebp), %eax // movl %eax, 4(%esp) // leal -4(%ebp), %eax // movl %eax, (%esp) // call swap_add .R1 movl -4(%ebp), %edx // subl -8(%ebp), %edx // imull %edx, %eax // leave // ret

C Code (caller.c)

int caller() { int arg1 = 534; int arg2 = 1057; int sum = swap_add(&arg1, &arg2); int diff = arg1 - arg2; return sum*diff;}

110



caller: pushl %ebp movl %esp, %ebp subl $24, %esp //allocate 6 double words on the stack movl $534, -4(%ebp) // 534 on stack movl $1057, -8(%ebp) // 1057 on the stack leal -8(%ebp), %eax // &1057 into %eax movl %eax, 4(%esp) // &1057 on stack leal -4(%ebp), %eax // &534 on into %eax movl %eax, (%esp) // &534 on stack call swap_add .R1 movl -4(%ebp), %edx // arg1 into %edx subl -8(%ebp), %edx // arg1 – arg2 into %edx imull %edx, %eax // diff * return value in %eax leave // restore the stack pointer ret

C Code (caller.c)

int caller() { int arg1 = 534; int arg2 = 1057; int sum = swap_add(&arg1, &arg2); int diff = arg1 - arg2; return sum*diff;}

111


Practice Problem 1:

Keep track of register values: %eax, %ebx, %ecx, %edx, %ebp, %esp

112


Why did the compiler reserve 6 words = 24 bytes on the stack when it only needed 4?

Answer:• Convention: the total number of stack bytes used by a function

should be a multiple of 16, e.g., 16, 32, 48.• This counts the 4 bytes for the return address and the 4 bytes for

the saved %ebp• If only 4 words were reserved, this would be 16+8=24 bytes• To get this up to 32, we need to add 8 more bytes, or 2 more

words.• This does not reduce the speed of execution.• It does use a small amount of extra memory.

113

A recursive procedure example of Section 3.7.5

C code:

int rfact(int n) { int result; if (n <1 ) result =1; else result = n * rfact(n-1); return result;}


rfact: pushl %ebp movl %esp, %ebp pushl %ebx subl $4, %esp movl 8(%ebp), %ebx movl $1, %eax testl %ebx, %ebx jle .L3 leal -1(%ebx), %eax movl %eax, (%esp) call rfact.R1 imull %ebx, %eax.L3: addl $4, %esp popl %ebx popl %ebp ret

115


Practice Problem 2:

Keep track of register values: %eax, %ebx, %ebp, %esp

CS 3843 Computer Organization

Documents

Transcript of CS 3843 Computer Organization