machine-level programming i: topics history of intel processors – short...incomplete assembly...

Machine-Level Programming I:Machine-Level Programming I:

TopicsTopics History of Intel Processors – short...incomplete Assembly Programmer’s Execution Model Accessing Information

RegistersMemory

Arithmetic operations

X86.1.ppt

CS 105“Tour of the Black Holes of

Computing”

– 2 – CS 105

IA32 ProcessorsIA32 Processors

Totally Dominate Computer Market – but not game or Totally Dominate Computer Market – but not game or embedded marketsembedded markets

Evolutionary DesignEvolutionary Design Starting in 1978 with 8086 (Really 1971 with 4004) Added more features as time goes on Still support old features, although obsolete

Complex Instruction Set Computer (CISC) vs RISCComplex Instruction Set Computer (CISC) vs RISC Many different instructions with many different formats

But, only small subset encountered with Linux programs

Hard to match performance of Reduced Instruction Set Computers (RISC)

But, Intel has done just that! – Why? Chip Space & Speed

– 3 – CS 105

Intel x86 Evolution: MilestonesIntel x86 Evolution: MilestonesNameName DateDate TransistorsTransistors MHzMHz

80868086 19781978 29K29K 5-105-10 First 16-bit processor. Basis for IBM PC & DOS 1MB address space

386386 19851985 275K275K 16-3316-33 First 32 bit processor , referred to as IA32 Added “flat addressing” Capable of running Unix Until recently, 32-bit Linux/gcc used no instructions introduced

in later models

Pentium 4FPentium 4F 20052005 230M230M 2800-38002800-3800 First 64-bit processor Meanwhile, Pentium 4s (Netburst arch.) phased out in favor of

“Core” line

– 4 – CS 105

Intel x86 Processors: OverviewIntel x86 Processors: Overview

X86-64 / EM64t

X86-32/IA32

X86-16 8086

286

386486

PentiumPentium MMX

Pentium III

Pentium 4

Pentium 4E

Pentium 4F

Core 2 DuoCore i7

IA: often redefined as latest Intel architecture

time

Architectures Processors

MMX

SSE

SSE2

SSE3

SSE4

– 5 – CS 105

Intel x86 Processors, contd.Intel x86 Processors, contd.Machine EvolutionMachine Evolution

486 1989 1.9M Pentium 1993 3.1M Pentium/MMX 1997 4.5M PentiumPro 1995 6.5M Pentium III 1999 8.2M Pentium 4 2001 42M Core 2 Duo 2006 291M

Added FeaturesAdded Features Instructions to support multimedia operations

Parallel operations on 1, 2, and 4-byte data, both integer & FP

Instructions to enable more efficient conditional operations

Linux/GCC EvolutionLinux/GCC Evolution Very limited, needs to get better – trying to maintain compatibility

– 6 – CS 105

New Species: ia64, then IPF, then Itanium,… New Species: ia64, then IPF, then Itanium,…

NameName DateDate TransistorsTransistors

ItaniumItanium 20012001 10M10M First shot at 64-bit architecture: first called IA64 Radically new instruction set designed for high performance Can run existing IA32 programs

On-board “x86 engine”

Joint project with Hewlett-Packard - Boat Anchor

Itanium 2Itanium 2 20022002 221M221M Big performance boost

Itanium 2 Dual-CoreItanium 2 Dual-Core 20062006 1.7B1.7B

Itanium has not taken off in marketplaceItanium has not taken off in marketplace Lack of backward compatibility, no good compiler support,

Pentium 4 too good

– 7 – CS 105

x86 Clones: Advanced Micro Devices (AMD)x86 Clones: Advanced Micro Devices (AMD)HistoricallyHistorically

AMD has followed just behind IntelA little bit slower, a lot cheaper

ThenThenRecruited top circuit designers from Digital Equipment

Corp. and other downward trending companiesBuilt Opteron: tough competitor to Pentium 4Developed x86-64, their own extension to 64 bits

RecentlyRecentlyIntel much quicker with dual core designIntel currently far ahead in performanceem64T backwards compatible to x86-64

– 8 – CS 105

Intel’s 64-Bit HistoryIntel’s 64-Bit HistoryIntel Attempted Radical Shift from IA32 to IA64Intel Attempted Radical Shift from IA32 to IA64

Totally different architecture (Itanium) Executes IA32 code only as legacy Performance disappointing

AMD Stepped in with Evolutionary SolutionAMD Stepped in with Evolutionary Solution x86-64 (now called “AMD64”)

Intel Felt Obligated to Focus on IA64Intel Felt Obligated to Focus on IA64 Hard to admit mistake or that AMD is better

2004: Intel Announces EM64T extension to IA322004: Intel Announces EM64T extension to IA32 Extended Memory 64-bit Technology Almost identical to x86-64! Knuth and other cs machines

Meanwhile: EM64T well introduced, Meanwhile: EM64T well introduced, however, still often not used by OS, programshowever, still often not used by OS, programs

– 9 – CS 105

Our CoverageOur Coverage

IA32 – X86IA32 – X86 The traditional x86

x86-64/EM64Tx86-64/EM64T The emerging standard, look at later

PresentationPresentation Lecture will cover X86/IA32 until the end Labs are X86/IA32 Concepts are the same

– 10 – CS 105

DefinitionsDefinitionsArchitecture:Architecture: (also instruction set architecture: ISA) (also instruction set architecture: ISA)

The parts of a processor design that one needs to The parts of a processor design that one needs to understand to write assembly code. understand to write assembly code.

Microarchitecture:Microarchitecture: Implementation of the architecture. Implementation of the architecture. Change the microarchitecture to gain performanceChange the microarchitecture to gain performance

Architecture examples: Architecture examples: instruction set specification, instruction set specification, registers.registers.

Microarchitecture examples: Microarchitecture examples: cache sizes and core cache sizes and core frequency, microprogrammingfrequency, microprogramming

Example ISAs (Intel): x86, IA, IPFExample ISAs (Intel): x86, IA, IPF

– 11 – CS 105

von Neumann Machinevon Neumann Machine

Execution CycleExecution CyclePC = 0 // init pgm counterPC = 0 // init pgm counter

dodo

{{

IR = Memory[PC++] // fetch instIR = Memory[PC++] // fetch inst

decode(IR) // decode actiondecode(IR) // decode action

fetch(operands) // get datafetch(operands) // get data

execute // do itexecute // do it

store(results) // remember changesstore(results) // remember changes

}}

while (IR != HALT) // stopwhile (IR != HALT) // stop

PC

Accumulator

CPUMemory

Object CodeProgram Data

Addresses

Data

InstructionsALU

Memory addressable memory

elements Code, user data, (some) OS

data

IR

– 12 – CS 105

Assembly Programmer’s ViewAssembly Programmer’s View

Programmer-Visible StateProgrammer-Visible State EIP Program Counter (PC)

RIP in x86-64Address of next instruction

Register FileHeavily used program data

Condition CodesStore status information about

most recent arithmetic operationUsed for conditional branching

EIP

Registers

CPU Memory

Object CodeProgram Data

OS Data

Addresses

Data

Instructions

Stack

ConditionCodes

Memory Byte addressable array Code, user data, (some) OS

data Includes stack used to support

procedures/functions ???

– 13 – CS 105

text

text

binary

binary

Compiler (gcc -S)

Assembler (gcc or as)

Linker (gcc or ld)

C program (p1.c p2.c)

Asm program (p1.s p2.s)

Object program (p1.o p2.o)

Executable program (p)

Static libraries (.a)

Turning C into Object CodeTurning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p

Use optimizations (-O)Put resulting binary in file p

– 14 – CS 105

Compiling Into AssemblyCompiling Into Assembly

C CodeC Code

int sum(int x, int y){ int t = x+y; return t;}

Generated Assembly

_sum:pushl %ebpmovl %esp,%ebpmovl 12(%ebp),%eaxaddl 8(%ebp),%eaxmovl %ebp,%esppopl %ebpret

Obtain with command

gcc -O -S code.c

Produces file code.s

%ebp – register

(%ebp) contents of register

Format: opcode, operand1, operand2

– 15 – CS 105

Assembly CharacteristicsAssembly CharacteristicsMinimal Data TypesMinimal Data Types

“Integer” data of 1, 2, or 4 bytesData valuesAddresses (untyped pointers)

Floating point data of 4, 8, or 10 bytes No aggregate types such as arrays or structures

Just contiguously allocated bytes in memory

Primitive OperationsPrimitive Operations Perform arithmetic function on register or memory data

Want to avoid memory data --- why?

Transfer data between memory and registerLoad data from memory into registerStore register data into memory

Transfer controlUnconditional jumps to/from procedures/functionsConditional branches

– 16 – CS 105

Code for sum

0x401040 <sum>:0x550x890xe50x8b0x450x0c0x030x450x080x890xec0x5d0xc3

Object CodeObject CodeAssemblerAssembler

Translates .s into .o Binary encoding of each instruction Nearly-complete image of executable

code Missing linkages between code in

different files

LinkerLinker Resolves references between files Combines with static run-time

librariesE.g., code for malloc, printf

Some libraries are dynamically linked???

Linking occurs when program begins execution

• Total of 13 bytes

• Each instruction 1, 2, or 3 bytes

• Starts at address 0x401040

– 17 – CS 105

Machine Instruction ExampleMachine Instruction ExampleC CodeC Code

Add two signed integers

AssemblyAssembly Add 2 4-byte integers

“Long” words in GCC parlanceSame instruction whether signed

or unsigned

Operands:x: Register %eaxy: Memory M[%ebp+8]t: Register %eax

» Return function value in %eax

Object CodeObject Code 3-byte instruction Stored at address 0x401046

int t = x+y;

addl 8(%ebp),%eax

0x401046: 03 45 08

Similar to expression x += y

– 18 – CS 105

Disassembled00401040 <_sum>: 0: 55 push %ebp 1: 89 e5 mov %esp,%ebp 3: 8b 45 0c mov 0xc(%ebp),%eax 6: 03 45 08 add 0x8(%ebp),%eax 9: 89 ec mov %ebp,%esp b: 5d pop %ebp c: c3 ret d: 8d 76 00 lea 0x0(%esi),%esi

Disassembling Object CodeDisassembling Object Code

DisassemblerDisassemblerobjdump -d p Useful tool for examining object code Analyzes bit pattern of series of instructions Produces approximate rendition of assembly code Can be run on either a.out (complete executable) or .o file

– 19 – CS 105

Disassembled

0x401040 <sum>: push %ebp0x401041 <sum+1>: mov %esp,%ebp0x401043 <sum+3>: mov 0xc(%ebp),%eax0x401046 <sum+6>: add 0x8(%ebp),%eax0x401049 <sum+9>: mov %ebp,%esp0x40104b <sum+11>: pop %ebp0x40104c <sum+12>: ret 0x40104d <sum+13>: lea 0x0(%esi),%esi

Alternate DisassemblyAlternate Disassembly

Within gdb DebuggerWithin gdb Debuggergdb p

disassemble sum Disassemble procedure

x/13b sum – sum is a label Examine the 13 bytes starting at sum

Object0x401040:

0x550x890xe50x8b0x450x0c0x030x450x080x890xec0x5d0xc3

– 20 – CS 105

What Can be Disassembled?What Can be Disassembled?

Anything that can be interpreted as executable code Disassembler examines bytes and reconstructs assembly

source Bits are bits – disassembler sees bits

% objdump -d WINWORD.EXE

WINWORD.EXE: file format pei-i386

No symbols in "WINWORD.EXE".Disassembly of section .text:

30001000 <.text>:30001000: 55 push %ebp30001001: 8b ec mov %esp,%ebp30001003: 6a ff push $0xffffffff30001005: 68 90 10 00 30 push $0x300010903000100a: 68 91 dc 4c 30 push $0x304cdc91

– 21 – CS 105

Integer Registers (IA32)Integer Registers (IA32)

%eax

%ecx

%edx

%ebx

%esi

%edi

%esp

%ebp

%ax

%cx

%dx

%bx

%si

%di

%sp

%bp

%ah

%ch

%dh

%bh

%al

%cl

%dl

%bl

16-bit virtual registers(backwards compatibility)

gene

ral p

urpo

se

accumulate

counter

data

base

source index

destinationindex

stack pointer

basepointer

– 22 – CS 105

Moving Data: IA32Moving Data: IA32

Moving DataMoving Data movx Source, Dest x in {b, w, l}

movl Source, Dest:

Move 4-byte “long word” movw Source, Dest:

Move 2-byte “word” movb Source, Dest:

Move 1-byte “byte”

Lots of these in typical codeLots of these in typical code

%eax

%ecx

%edx

%ebx

%esi

%edi

%esp

%ebp

– 23 – CS 105

Moving Data: IA32Moving Data: IA32Moving DataMoving Data

movl Source, Dest:

Operand TypesOperand Types Immediate: Constant integer data

Example: $0x400, $-533Like C constant, but prefixed with ‘$’Encoded with 1, 2, or 4 bytes

Register: One of 8 integer registersExample: %eax, %edxBut %esp and %ebp reserved for special useOthers have special uses for particular instructions

Memory: 4 consecutive bytes of memory at address given by register

Simplest example: (%eax)Various other “address modes”

%eax

%ecx

%edx

%ebx

%esi

%edi

%esp

%ebp

– 24 – CS 105

movl Operand Combinationsmovl Operand Combinations

Cannot do memory-memory transfers with single instruction - ???

movl

Imm

Reg

Mem

Reg

Mem

Reg

Mem

Reg

Source Destination

movl $0x4,%eax

movl $-147,(%eax)

movl %eax,%edx

movl %eax,(%edx)

movl (%eax),%edx

C Analog

temp = 0x4;

*p = -147;

temp2 = temp1;

*p = temp;

temp = *p;

– 25 – CS 105

Simple Addressing ModesSimple Addressing Modes

NormalNormal (R)(R) Mem[Reg[R]]Mem[Reg[R]] Register R specifies memory address

movl (%ecx),%eax

DisplacementDisplacement D(R)D(R) Mem[Reg[R]+D]Mem[Reg[R]+D] Register R specifies start of memory region Constant displacement D specifies offset

movl 8(%ebp),%edx

contents of ebp + 8 used as mem addr

– 26 – CS 105

Using Simple Addressing ModesNext Slides expandUsing Simple Addressing ModesNext Slides expand

void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0;}

swap:pushl %ebpmovl %esp,%ebppushl %ebx

movl 12(%ebp),%ecxmovl 8(%ebp),%edxmovl (%ecx),%eaxmovl (%edx),%ebxmovl %eax,(%edx)movl %ebx,(%ecx)

movl -4(%ebp),%ebxmovl %ebp,%esppopl %ebpret

Body

SetUp

Finish

– 27 – CS 105

Understanding Swap – after Set UpUnderstanding Swap – after Set Up

void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0;}

movl 12(%ebp),%ecx # ecx = yp

movl 8(%ebp),%edx # edx = xp

movl (%ecx),%eax # eax = *yp (t1)

movl (%edx),%ebx # ebx = *xp (t0)

movl %eax,(%edx) # *xp = eax

movl %ebx,(%ecx) # *yp = ebx

Stack

Register Variable

%ecx yp

%edx xp

%eax t1

%ebx t0

yp

xp

Rtn adr

Old %ebp %ebp 0

4

8

12

Offset

•••

Old %ebx-4

– 28 – CS 105

Understanding Swap – details Understanding Swap – details







0x120

0x124

Rtn adr

%ebp 0

4

8

12

Offset

-4

123

456

Address

0x124

0x120

0x11c

0x118

0x114

0x110

0x10c

0x108

0x104

0x100

yp

xp

%eax

%edx

%ecx

%ebx

%esi

%edi

%esp

%ebp 0x104

– 29 – CS 105

Understanding SwapUnderstanding Swap







0x120

0x124

Rtn adr

%ebp 0

4

8

12

Offset

-4

123

456

Address

0x124

0x120

0x11c

0x118

0x114

0x110

0x10c

0x108

0x104

0x100

yp

xp

%eax

%edx

%ecx

%ebx

%esi

%edi

%esp

%ebp

0x120

0x104

Using (%ebp) asPointer with index

– 30 – CS 105








0x120

0x124

Rtn adr

%ebp 0

4

8

12

Offset

-4

123

456

Address

0x124

0x120

0x11c

0x118

0x114

0x110

0x10c

0x108

0x104

0x100

yp

xp

%eax

%edx

%ecx

%ebx

%esi

%edi

%esp

%ebp

0x124

0x120

0x104

– 31 – CS 105








0x120

0x124

Rtn adr

%ebp 0

4

8

12

Offset

-4

123

456

Address

0x124

0x120

0x11c

0x118

0x114

0x110

0x10c

0x108

0x104

0x100

yp

xp

%eax

%edx

%ecx

%ebx

%esi

%edi

%esp

%ebp

456

0x124

0x120

0x104

– 32 – CS 105








0x120

0x124

Rtn adr

%ebp 0

4

8

12

Offset

-4

123

456

Address

0x124

0x120

0x11c

0x118

0x114

0x110

0x10c

0x108

0x104

0x100

yp

xp

%eax

%edx

%ecx

%ebx

%esi

%edi

%esp

%ebp

456

0x124

0x120

123

0x104

– 33 – CS 105








0x120

0x124

Rtn adr

%ebp 0

4

8

12

Offset

-4

456

456

Address

0x124

0x120

0x11c

0x118

0x114

0x110

0x10c

0x108

0x104

0x100

yp

xp

%eax

%edx

%ecx

%ebx

%esi

%edi

%esp

%ebp

456

0x124

0x120

123

0x104

– 34 – CS 105








0x120

0x124

Rtn adr

%ebp 0

4

8

12

Offset

-4

456

123

Address

0x124

0x120

0x11c

0x118

0x114

0x110

0x10c

0x108

0x104

0x100

yp

xp

%eax

%edx

%ecx

%ebx

%esi

%edi

%esp

%ebp

456

0x124

0x120

123

0x104

– 35 – CS 105

Memory Addressing ModesMemory Addressing ModesMost General FormMost General Form

D(Rb,Ri,S)D(Rb,Ri,S) Mem[Reg[Rb]+S*Reg[Ri]+ D]Mem[Reg[Rb]+S*Reg[Ri]+ D] D: Constant “displacement” 1, 2, or 4 bytes. Part of inst. Rb: Base register: Any of 8 integer registers Ri: Index register: Any, except for %esp

Unlikely you’d use %ebp, either

S: Scale: 1, 2, 4, or 8 – why these values???

Special CasesSpecial Cases

(Rb,Ri)(Rb,Ri) Mem[Reg[Rb]+Reg[Ri]]Mem[Reg[Rb]+Reg[Ri]]

D(Rb,Ri)D(Rb,Ri) Mem[Reg[Rb]+Reg[Ri]+D]Mem[Reg[Rb]+Reg[Ri]+D]

(Rb,Ri,S)(Rb,Ri,S) Mem[Reg[Rb]+S*Reg[Ri]]Mem[Reg[Rb]+S*Reg[Ri]]

– 36 – CS 105

Address Computation ExamplesAddress Computation Examples

%edx

%ecx

0xf000

0x100

Expression Address Computation Address

0x8(%edx) 0xf000 + 0x8 0xf008

(%edx,%ecx) 0xf000 + 0x100 0xf100

(%edx,%ecx,4) 0xf000 + 4*0x100 0xf400

0x80(,%edx,2) 2*0xf000 + 0x80 0x1e080

will disappearblackboard?

– 37 – CS 105

Address Computation ExamplesAddress Computation Examples

%edx

%ecx

0xf000

0x100

ExpressionExpression ComputationComputation AddressAddress

0x8(%edx)0x8(%edx) 0xf000 + 0x80xf000 + 0x8 0xf0080xf008

(%edx,%ecx)(%edx,%ecx) 0xf000 + 0x1000xf000 + 0x100 0xf1000xf100

(%edx,%ecx,4)(%edx,%ecx,4) 0xf000 + 4*0x1000xf000 + 4*0x100 0xf4000xf400

0x80(,%edx,2)0x80(,%edx,2) 2*0xf000 + 0x802*0xf000 + 0x80 0x1e0800x1e080

– 38 – CS 105

Address Computation InstructionAddress Computation Instruction

lealleal SrcSrc,,DestDest Src is address mode expression Set Dest to address denoted by expression Builds an address not using ALU

UsesUses Computing address without doing memory reference

E.g., translation of p = &x[i]; Computing arithmetic expressions of the form x + k*y

k = 1, 2, 4, or 8.

Learn This Instruction!!!Learn This Instruction!!! Used heavily by compiler Appears regularly in example problems

– 39 – CS 105

Some Arithmetic OperationsSome Arithmetic Operations

Format Computation

Two Operand InstructionsTwo Operand Instructionsaddl Src,Dest Dest = Dest + Src

subl Src,Dest Dest = Dest - Src

imull Src,Dest Dest = Dest * Src

sall k,Dest Dest = Dest << k Also called shll

sarl k,Dest Dest = Dest >> k Arithmetic

shrl k,Dest Dest = Dest >> k Logical

k is an immediate value or contents of %cl

xorl Src,Dest Dest = Dest ^ Src

andl Src,Dest Dest = Dest & Src

orl Src,Dest Dest = Dest | Src

– 40 – CS 105

Some Arithmetic OperationsSome Arithmetic Operations

Format Computation

One Operand InstructionsOne Operand Instructionsincl Dest Dest = Dest + 1

decl Dest Dest = Dest - 1

negl Dest Dest = - Dest

notl Dest Dest = ~ Dest

– 41 – CS 105

Using leal for Arithmetic ExpressionsUsing leal for Arithmetic Expressions

int arith (int x, int y, int z){ int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval;}

arith:pushl %ebpmovl %esp,%ebp

movl 8(%ebp),%eaxmovl 12(%ebp),%edxleal (%edx,%eax),%ecxleal (%edx,%edx,2),%edxsall $4,%edxaddl 16(%ebp),%ecxleal 4(%edx,%eax),%eaximull %ecx,%eax

movl %ebp,%esppopl %ebpret

Body

SetUp

Finish

– 42 – CS 105

Understanding arith - detailsUnderstanding arith - detailsint arith (int x, int y, int z){ int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval;}

movl 8(%ebp),%eax # eax = xmovl 12(%ebp),%edx # edx = yleal (%edx,%eax),%ecx # ecx = x+y (t1)leal (%edx,%edx,2),%edx # edx = 3*ysall $4,%edx # edx = 48*y (t4)addl 16(%ebp),%ecx # ecx = z+t1 (t2)leal 4(%edx,%eax),%eax # eax = 4+t4+x (t5)imull %ecx,%eax # eax = t5*t2 (rval)

y

x

Rtn adr

Old %ebp %ebp 0

4

8

12

OffsetStack

•••

z16

– 43 – CS 105

Understanding arithUnderstanding arithint arith (int x, int y, int z){ int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval;}


y

x

Rtn adr

Old %ebp %ebp 0

4

8

12

OffsetStack

•••

z16

will disappearblackboard?

– 44 – CS 105



y

x

Rtn adr

Old %ebp %ebp 0

4

8

12

OffsetStack

•••

z16

– 45 – CS 105



y

x

Rtn adr

Old %ebp %ebp 0

4

8

12

OffsetStack

•••

z16

– 46 – CS 105



y

x

Rtn adr

Old %ebp %ebp 0

4

8

12

OffsetStack

•••

z16

– 47 – CS 105



y

x

Rtn adr

Old %ebp %ebp 0

4

8

12

OffsetStack

•••

z16

– 48 – CS 105

Understanding arithUnderstanding arith

int arith (int x, int y, int z){ int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval;}

# eax = xmovl 8(%ebp),%eax

# edx = ymovl 12(%ebp),%edx

# ecx = x+y (t1)leal (%edx,%eax),%ecx

# edx = 3*yleal (%edx,%edx,2),%edx

# edx = 48*y (t4)sall $4,%edx

# ecx = z+t1 (t2)addl 16(%ebp),%ecx

# eax = 4+t4+x (t5)leal 4(%edx,%eax),%eax

# eax = t5*t2 (rval)imull %ecx,%eax

– 49 – CS 105

Another ExampleAnother Example

int logical(int x, int y){ int t1 = x^y; int t2 = t1 >> 17; int mask = (1<<13) - 7; int rval = t2 & mask; return rval;}

logical:pushl %ebpmovl %esp,%ebp

movl 8(%ebp),%eaxxorl 12(%ebp),%eaxsarl $17,%eaxandl $8185,%eax


Body

SetUp

Finish

movl 8(%ebp),%eax eax = xxorl 12(%ebp),%eax eax = x^y (t1)sarl $17,%eax eax = t1>>17 (t2)andl $8185,%eax eax = t2 & 8185

213 = 8192, 213 – 7 = 8185

– 50 – CS 105






Body

SetUp

Finish


– 51 – CS 105






Body

SetUp

Finish


– 52 – CS 105






Body

SetUp

Finish


213 = 8192, 213 – 7 = 8185

– 53 – CS 105

CISC PropertiesCISC Properties

Instruction can reference different operand typesInstruction can reference different operand types Immediate, register, memory

Arithmetic operations can read/write memoryArithmetic operations can read/write memory

Memory reference can involve complex computationMemory reference can involve complex computation Rb + S*Ri + D Useful for arithmetic expressions, too

Instructions can have varying lengthsInstructions can have varying lengths IA32 instructions can range from 1 to 15 bytes

– 54 – CS 105

Summary: Abstract MachinesSummary: Abstract Machines

1) loops2) conditionals3) switch4) Proc. call5) Proc. return

Machine Models Data Control

1) char2) int, float3) double4) struct, array5) pointer

mem proc

C

Assembly1) byte2) 2-byte word3) 4-byte long word4) contiguous byte allocation5) address of initial byte

3) branch/jump4) call5) retmem regs alu

processorStack Cond.Codes

– 55 – CS 105

Pentium Pro (P6)Pentium Pro (P6)HistoryHistory

Announced in Feb. ‘95 Basis for Pentium II, Pentium III, and Celeron processors Pentium 4 similar idea, but different details

FeaturesFeatures Dynamically translates instructions to more regular format

Very wide, but simple instructions

Executes operations in parallelUp to 5 at once

Very deep pipeline12–18 cycle latency

PentiumPro Block DiagramPentiumPro Block Diagram

Microprocessor Report2/16/95

– 57 – CS 105

PentiumPro OperationPentiumPro Operation

Translates instructions dynamically into “Uops”Translates instructions dynamically into “Uops” 118 bits wide Holds operation, two sources, and destination

Executes Uops with “Out of Order” engineExecutes Uops with “Out of Order” engine Uop executed when

Operands availableFunctional unit available

Execution controlled by “Reservation Stations”Keeps track of data dependencies between uopsAllocates resources

ConsequencesConsequences Indirect relationship between IA32 code & what actually gets

executed Tricky to predict / optimize performance at assembly level

– 58 – CS 105

PipeLinePipeLine

Look at the 2 separate powerpoint figuresLook at the 2 separate powerpoint figures

– 59 – CS 105

Whose Assembler?Whose Assembler?

Intel/Microsoft Differs from GASIntel/Microsoft Differs from GAS Operands listed in opposite order

mov Dest, Src movl Src, Dest

Constants not preceded by ‘$’, Denote hex with ‘h’ at end100h $0x100

Operand size indicated by operands rather than operator suffixsub subl

Addressing format shows effective address computation[eax*4+100h] $0x100(,%eax,4)

lea eax,[ecx+ecx*2]sub esp,8cmp dword ptr [ebp-8],0mov eax,dword ptr [eax*4+100h]

leal (%ecx,%ecx,2),%eaxsubl $8,%espcmpl $0,-8(%ebp)movl $0x100(,%eax,4),%eax

Intel/Microsoft Format GAS/Gnu Format

– 60 – CS 105

The EndThe End

DefinitionsDefinitions Linker Disassembler RISC, CISC

ProblemsProblems Problem

machine-level programming i: topics history of intel processors – short...incomplete assembly...

Documents

pentium pentium mmx

intel x86 processors

intel x86 evolution

history intel

e pentium

pentium iii19998

em64t x8632ia32 x86

x86 clones