machine-level programming 3 control flow
DESCRIPTION
Machine-Level Programming 3 Control Flow. Topics Control Flow Switch Statements Jump Tables. Switch Statements. Implementation Options Jump Table Lookup branch target Constant time Possible when cases are small integer constants Series of conditionals Organize in tree structure - PowerPoint PPT PresentationTRANSCRIPT
Machine-Level Programming 3Control Flow
Topics Control Flow
Switch StatementsJump Tables
– 2 – CMSC 313, F’09
Switch Statements
Implementation Options Jump Table
Lookup branch targetConstant timePossible when cases are small integer constants
Series of conditionalsOrganize in tree structureLogarithmic performance
GCCPicks one based on case structure
– 3 – CMSC 313, F’09
Switch Statement Example
Features Multiple case labels Fall through cases Missing cases
long switch_eg (long x, long y, long z){ long w = 1; switch(x) { case 1: w = y*z; break; case 2: w = y/z; /* Fall Through */ case 3: w += z; break; case 5: case 6: w -= z; break; default: w = 2; } return w;}
– 4 – CMSC 313, F’09
Jump Table Structure
Code Block0
Targ0:
Code Block1
Targ1:
Code Block2
Targ2:
Code Blockn–1
Targn-1:
•••
Targ0
Targ1
Targ2
Targn-1
•••
jtab:
target = JTab[x];goto *target;
switch(x) { case val_0: Block 0 case val_1: Block 1 • • • case val_n-1: Block n–1}
Switch Form
Approx. Translation
Jump Table Jump Targets
– 5 – CMSC 313, F’09
Switch Statement Example (IA32)
Setup: switch_eg:pushl %ebp # Setupmovl %esp, %ebp # Setuppushl %ebx # Setupmovl $1, %ebx # w = 1movl 8(%ebp), %edx # edx = xmovl 16(%ebp), %ecx # ecx = zcmpl $6, %edx # x:6ja .L61 # if > goto defaultjmp *.L62(,%edx,4) # goto JTab[x]
long switch_eg (long x, long y, long z){ long w = 1; switch(x) { . . . } return w;}
– 6 – CMSC 313, F’09
Assembly Setup Explanation
Table Structure Each target requires 4 bytes Table base address at .L62
JumpingDirect Jumpjmp .L61 Jump target is denoted by label .L61
Indirect Jumpjmp *.L62(,%edx,4) Start of jump table denoted by label .L62 Register %edx holds x Must scale by factor of 4 to get offset into table Fetch target from effective Address .L61 + x*4
Only for 0 x 6
– 7 – CMSC 313, F’09
Jump Table
.section .rodata .align 4.L62:.long .L61 # x = 0.long .L56 # x = 1.long .L57 # x = 2.long .L58 # x = 3.long .L61 # x = 4.long .L60 # x = 5.long .L60 # x = 6
Table Contents
switch(x) { case 1: // .L56 w = y*z; break; case 2: // .L57 w = y/z; /* Fall Through */ case 3: // .L58 w += z; break; case 5: case 6: // .L60 w -= z; break; default: // .L61 w = 2; }
– 8 – CMSC 313, F’09
Code Blocks (Partial).L61: // Default case
movl $2, %ebx # w = 2movl %ebx, %eax # Return wpopl %ebxleaveret
.L57: // Case 2:movl 12(%ebp), %eax # ycltd # Div prepidivl %ecx # y/z movl %eax, %ebx # w = y/z
# Fall through.L58: // Case 3:
addl %ecx, %ebx # w+= zmovl %ebx, %eax # Return wpopl %ebxleaveret
switch(x) { . . . case 2: // .L57 w = y/z; /* Fall Through */ case 3: // .L58 w += z; break; . . . default: // .L61 w = 2; }
– 9 – CMSC 313, F’09
Code Blocks (Rest).L60: // Cases 5&6:
subl %ecx, %ebx # w –= zmovl %ebx, %eax # Return wpopl %ebxleaveret
.L56: // Case 1:movl 12(%ebp), %ebx # w = yimull %ecx, %ebx # w*= zmovl %ebx, %eax # Return wpopl %ebxleaveret
switch(x) { case 1: // .L56 w = y*z; break; . . . case 5: case 6: // .L60 w -= z; break; . . . }
– 10 – CMSC 313, F’09
IA32 Object CodeContext
Label .L61 becomes address 0x8048630 Label .L62 becomes address 0x80488dc
08048610 <switch_eg>: . . . 8048622: 77 0c ja 8048630 8048624: ff 24 95 dc 88 04 08 jmp *0x80488dc(,%edx,4)
switch_eg: . . .
ja .L61 # if > goto defaultjmp *.L62(,%edx,4) # goto JTab[x]
Assembly Code
Disassembled Object Code
– 11 – CMSC 313, F’09
IA32 Object Code (cont.)Jump Table
Doesn’t show up in disassembled code Can inspect using GDB
gdb asm-cntl
(gdb) x/7xw 0x80488dcExamine 7 hexadecimal format “words” (4-bytes each)Use command “help x” to get format documentation
0x80488dc:
0x08048630
0x08048650
0x0804863a
0x08048642
0x08048630
0x08048649
0x08048649
– 12 – CMSC 313, F’09
Disassembled Targets 8048630: bb 02 00 00 00 mov $0x2,%ebx 8048635: 89 d8 mov %ebx,%eax 8048637: 5b pop %ebx 8048638: c9 leave 8048639: c3 ret 804863a: 8b 45 0c mov 0xc(%ebp),%eax 804863d: 99 cltd 804863e: f7 f9 idiv %ecx 8048640: 89 c3 mov %eax,%ebx 8048642: 01 cb add %ecx,%ebx 8048644: 89 d8 mov %ebx,%eax 8048646: 5b pop %ebx 8048647: c9 leave 8048648: c3 ret 8048649: 29 cb sub %ecx,%ebx 804864b: 89 d8 mov %ebx,%eax 804864d: 5b pop %ebx 804864e: c9 leave 804864f: c3 ret 8048650: 8b 5d 0c mov 0xc(%ebp),%ebx 8048653: 0f af d9 imul %ecx,%ebx 8048656: 89 d8 mov %ebx,%eax 8048658: 5b pop %ebx 8048659: c9 leave 804865a: c3 ret
– 13 – CMSC 313, F’09
Matching Disassembled Targets 8048630: bb 02 00 00 00 mov 8048635: 89 d8 mov 8048637: 5b pop 8048638: c9 leave 8048639: c3 ret 804863a: 8b 45 0c mov 804863d: 99 cltd 804863e: f7 f9 idiv 8048640: 89 c3 mov 8048642: 01 cb add 8048644: 89 d8 mov 8048646: 5b pop 8048647: c9 leave 8048648: c3 ret 8048649: 29 cb sub 804864b: 89 d8 mov 804864d: 5b pop 804864e: c9 leave 804864f: c3 ret 8048650: 8b 5d 0c mov 8048653: 0f af d9 imul 8048656: 89 d8 mov 8048658: 5b pop 8048659: c9 leave 804865a: c3 ret
0x08048630
0x08048650
0x0804863a
0x08048642
0x08048630
0x08048649
0x08048649
– 14 – CMSC 313, F’09
Sparse Switch Example
Not practical to use jump tableWould require 1000
entries Obvious translation into
if-then-else would have max. of 9 tests
/* Return x/111 if x is multiple && <= 999. -1 otherwise */int div111(int x){ switch(x) { case 0: return 0; case 111: return 1; case 222: return 2; case 333: return 3; case 444: return 4; case 555: return 5; case 666: return 6; case 777: return 7; case 888: return 8; case 999: return 9; default: return -1; }}
– 15 – CMSC 313, F’09
Sparse Switch Code (IA32)
Compares x to possible case values
Jumps different places depending on outcomes
movl 8(%ebp),%eax # get xcmpl $444,%eax # x:444je .L8jg .L16cmpl $111,%eax # x:111je .L5jg .L17testl %eax,%eax # x:0je .L4jmp .L14
. . .
. . ..L5:
movl $1,%eaxjmp L19
.L6:movl $2,%eaxjmp L19
.L7:movl $3,%eaxjmp L19
.L8:movl $4,%eaxjmp L19. . .
– 16 – CMSC 313, F’09
-1
-1 -1-1
Sparse Switch Code Structure
Organizes cases as binary tree Logarithmic performance
444
111 777
0 222 555 888
333 666 9990
1
4
7
5 8
9
2
3 6
<
=
>=
< >=
< >=
< >=
= = =
= =
– 17 – CMSC 313, F’09
SummarizingC Control
if-then-else do-while while, for switch
Assembler Control Conditional jump Conditional move Indirect jump
Compiler Must generate assembly
code to implement more complex control
Standard Techniques IA32 loops converted to do-while
form Large switch statements use
jump tables
Conditions in CISC CISC machines generally have
condition code registers
– 18 – CMSC 313, F’09
Quiz TimeWrite the C that produced the following assembly language code
This function takes a single integer argument located at 0x8(%ebp)
00000000 <mystery1>:
0: 55 push %ebp
1: 31 c0 xor %eax,%eax
3: 89 e5 mov %esp,%ebp
5: 8b 4d 08 mov 0x8(%ebp),%ecx
8: 85 c9 test %ecx,%ecx
a: 7e 0c jle 18 <mystery1+0x18>
c: 31 d2 xor %edx,%edx
e: 89 f6 mov %esi,%esi
10: 8d 04 50 lea (%eax,%edx,2),%eax
13: 42 inc %edx
14: 39 d1 cmp %edx,%ecx
16: 75 f8 jne 10 <mystery1+0x10>
18: 5d pop %ebp
19: c3 ret
– 19 – CMSC 313, F’09
Quiz TimeWrite the C that produced the following assembly language code
This function takes a single integer argument located at 0x8(%ebp)00000000 <mystery2>:
0: 55 push %ebp
1: 31 c0 xor %eax,%eax
3: 89 e5 mov %esp,%ebp
5: 8b 4d 08 mov 0x8(%ebp),%ecx
8: 85 c9 test %ecx,%ecx
a: 7e 0c jle 18 <mystery2+0x18>
c: 31 d2 xor %edx,%edx
e: 89 f6 mov %esi,%esi
10: 8d 04 50 lea (%eax,%edx,2),%eax
13: 42 inc %edx
14: 39 d1 cmp %edx,%ecx
16: 75 f8 jne 10 <mystery2+0x10>
18: 5d pop %ebp
19: c3 ret