c The CodeBreakers-Journal, Vol. 1, No.

1 (2004)


http://www.CodeBreakers-Journal.com

64-Bit - Programming and Assembly Issues

Thorsten Schneider
University of Bielefeld, Germany

Abstract
The 64-Bit technology introduces several new and and complex tasks for software-developers. Even that the hardware
developing industry claims that future software development
should take care about the new introduced compiler systems,
it is necessary to have a deep inside view on how the
new underlaying 64-Bit assembly language works. This paper
describes what 64-Bit means for future software devlopments,
how 64-Bit influences assembly programming and how to port
applications programmed under 32-Bit to 64-Bit. It is heavy
R operationsysbased on the IA architecture and the Windows

tem.
Keywords: Assembly; 64-Bit; win64; Itanium; Athlon64; PortR Linux; EPIC
ing win32 to win64; Windows
;

Kruse [15]. Since assembly programming is a comfortable task

under 32-Bit systems (e.g. MASM, TASM, NASM, FASM and
others), the question stays on how to port software and which
changes of the architecture affects the current programming
techniques.

II. The 64-Bit Architecture

The new 64-Bit Architecture introduces many innovations.
Some of them are described by Jarp [14]:

I. Introduction

The introduction of the 64-Bit technology leads into several

discussions if this change is really necessary [21]. Some
arguments are to speed up computation time or to make
calculations more precise. These affords lead into hard problems which have to be solved by upcoming compilers or
operationsystems. Especially the necessary changes of the
operationsystem infrastructure causes heavy problem porting
older 32-Bit applications to 64-Bit compatibility. Examples for
enhanced operatingsystem detection have been described by

Rich Instruction Set

Bundled Execution
Predicated Instructions
Large Register Files
Register Stack
Rotating Registers
Modulo Scheduled Loops
Control/Data Speculation
Cache Control Instructions
High-precision Floating-Point

Compared to the IA-32 architecture the new IA-64 architecture

allows several advantages for the programmer. One of them
is the clear and explicit programming technique which results
in EPIC (Explicit Parallel Instruction Computing). EPIC is a
R IA-64 technique. Additional the programmer can code
Intel

now more register-based, which means that everything is kept

The CodeBreakers-Journal, Vol. 1, No. 1 (2004)

in registers as long as possible. The resulting assembly is code

has a clear structure (example by Intel [9]):
.align 32
.section .text
.proc demo
demo:: ld4
r32 = [r32]
mov
r55 = r24
add
r44 = 32, r10
mov
r17 = 3
;;
j_loop:
cmp.le
p15,p0 = r32,r0
add
r32 = -1,r32
;;
(p15) br.cond.spnt.few j_loop_end
;;
add
r55 = r44, r43
fadd
f6 = f4, f6
nop.m
0
(p17) ld8
r40 = [r50]
;;
j_loop_end:
(p16) add
r50 = r40,r0
nop.f
0
br.ctop.sptk.few j_loop
;;
_done:
br.ret.sptk.few b0
;;
.endp

Fig. 1.

AMD new programming model. Source: [21].

[21] [23] [22] [24]. So using of 64-Bit integer for example

gives additional place to store data. A 64-bit architecture can
(theoretically) address up to 18 million terabytes. Unfortunatly
this can lead into wasting memory. Such problems have to be
optimized in the future and are a problem of future compiler
construction.

R offers SSE3 with the introduction

It is noticeable that Intel

of the Prescott processor. These instructions are included
R too (this
therefore in the real 64-Bit processors of Intel

information has been given by Kruse [15]. Kruse got this
information from IDF 2004, San Francisco [8]). From this
integration it is clear, that Prescott is nothing else than a 64Bit processor which includes all remaining support but has not
unlocked this support.

As one resulting example Win64 Pointers are eight bytes long,

and not 4 as defined by Win32 systems. Another example is
that the size of LRESULT, WPARAM and LPARAM will all
expand to 64 bits, so message handlers will have to be checked
R IA-64 structure
for inappopriate casts [17]. Under the Intel

the number of available registers have exploded. The assembly
programmer should ignore most of them and can focus on a
few sets of them. As Pietrek describes [19]:

The AMD x86-64 differes from the IA-64 structure in important details (See figure 1). The developer has...

To begin with, the IA-64 has 128 general-purpose

registers, each 64 bits wide. These registers are
conceptually similar to the general-purpose registers
such as EAX on the x86. The IA-64 general-purpose
registers are named with an r, followed by the
register number. Thus, r0 is the first general-purpose
register, and r127 is the last general-purpose register. The first 32 general-purpose registers (r0-r31)
are static. That is, any code that refers to one of
these registers will always be referring to the exact
same register in silicon. All of the x86 registers act
this way, and thus can be considered static. Some of
the static registers have predefined meanings, and
are usually referred to some other way than their
r name. The global pointer and the stack pointer
are two of the most important registers that fit this
category. The r12 register is used as the stack pointer
and is thus called the sp register. The r1 register is
the global pointer, and youll see it referred to as

...access to eight additional GPRs, for a total of

16 GPRs. Furthermore, there are eight new SIMD
registers, added for use in SSE/SSE2 code. So the
number of GPRs and SIMD registers available to
x86-64 programmers will go from eight each to
sixteen each [21].

III. The IA-64 Registers

64-Bit simply designate the number of bits that each of the
processors general-purpose registers (GPRs) can hold [21].
This affects the number of instructions on a 64-Bit processor
too.
In general the registers of a 64-Bit CPU are twice as wide as
those in the 32-Bit CPU. As difference the instruction register
(IR) size has the same size for 32-Bit and for 64-Bit processors
2

c 2004 and published by the CodeBreakers-Journal. Single print or electronic copies for personal use only are permitted. Reproduction and
Copyright

distribution without permission is prohibited.

The CodeBreakers-Journal, Vol. 1, No. 1 (2004)

registers

assembly indirect
mnemonic access
--------------------------------------------application
ar
n
branch
b
n
control
cr
n
CPU identification
cpuid
y
data breakpoint
dbr
y
instriction breakpoint
ibr
y
data TLB translation
dtr
y
floating point
f
n
general
r
n
instruction TLB translation itr
y
protection key
pkr
y
performance monitor config pmc
y
performance monitor data
pmd
y
predicate
p
n
region
rr
y

the gp register.
and
In addition to the 32 static general-purpose registers,
the IA-64 also has 96 dynamic general-purpose
registers [...]. Dynamic means that a given register
name doesnt always refer to the exact same physical
register on the CPU. That is, a register such as
r34 in one function is likely to be assigned to a
completely different physical register than r34 in
another function.
For the dynamic registers he states:

Fig. 2.

Whats the point of dynamic registers? Everything

about the IA-64 is focused on speed. Keeping values
in registers and out of memory is one way to keep
things running quickly. If a parameter is passed
on the stack, and if that stack location isnt in
the memory cache, the CPU might waste dozens
of clock cycles just to read the parameter from
the slow main memory. In contrast, registers can
always be accessed in a single clock cycle. The
dynamic registers exist so that each function can
have its own set of up to 96 registers to work
with. Inside a function, registers r32 through r127
are all essentially reserved for just that function.
Hopefully, all of the functions local variables and
parameters can be stored in these 96 registers. Of
course, a function may not need all 96 registers,
but they are available nonetheless. [...] In addition
to the 128 general-purpose registers, the IA-64 also
has 128 floating-point registers. Theyre named f0
through f127 (somebody probably gets paid a lot of
money to come up with these names). The floatingpoint registers are 82 bits in length, allowing them
to hold up to a C++ long double. As with the
integer registers, certain floating-point registers have
predefined meanings. For instance, the f0 register is
always set to 0.0, while the f1 register always holds
the value 1.0. [...] The last set of registers you need
to know here are the branch registers. The IA-64
defines eight branch registers, named b0 through b7.
These are 64-bit registers that contain the address
of a code location that the CPU can transfer control
to. On the IA-64, all control transfers take the form
of a branch. The br.call instruction is equivalent to
the x86 CALL; the br.ret instruction is like the x86
RET; and a simple br instruction is like an x86 JMP.

Example for understanding the new registers.

AR0-AR7
AR8-AR15
AR16

equ AR.KR0-AR.KR7
equ AR.RSC

AR17

equ AR.BSP

AR18

equ AR.BSPRESTORE

AR19
AR20
AR21

equ AR.RNAT
equ AR.FCR

AR22,AR23
AR24
AR25

equ AR.EFLAG
equ AR.CSD

AR26

equ AR.SSD

AR27
AR28
AR29
AR30
AR31
AR32

equ
equ
equ
equ

equ AR.CCV

AR33-AR35
AR36
AR37-AR39
AR40
AR41-AR43
AR44
AR45-AR63
AR64
AR65
AR66
AR67-AR127

Fig. 3.

AR.CFLG
AR.FSR
AR.FIR
AR.FDR

equ AR.UNAT
equ AR.FPSR
equ AR.ITC
equ AR.PFS
equ AR.LC
equ AR.EC

kernel registers
RESERVED
register stack
configuration
backing store pointer
(read only)
backing store pointer
mem stores
RSE NaT collection
RESERVED
IA-32 floating-point
control
RESERVED
IA-32 EFLAG
IA-32 code segment
descriptor ||
compare and store data
IA-32 stack segment
descriptor
IA-32 combined CR0 and CR4
IA-32 floating point status
IA-32 floating point instr.
IA-32 floating point data
RESERVED
compare and exchange
compare value
RESERVED
user NaT collection
RESERVED
floatint point status
RESERVED
interval time counter
RESERVED / AR48- IGNORED
previous function state
loop count
epilog count
RESERVED / AR112- IGNORED

Application register example: thinking with names.

IV. Porting Applications for Win64

Since there are hard changes between the architectures of 32Bit and 64-Bit there evolve several problems for software
developers in porting their software. We put our focus here
on the new Win64 operationsystem. The Microsoft platform
SDK ships with a pre-beta release of an IA-64 compiler, which
allows it to test compile code for Win64.

An example on how to do Parameter Passing on the IA-64

has been descibed by Pietrek in another article [20]. An inside
R 64-Bit architecture has been described in
view on the Intel

detail by Jarp [14].
3

c 2004 and published by the CodeBreakers-Journal. Single print or electronic copies for personal use only are permitted. Reproduction and
Copyright

distribution without permission is prohibited.

The CodeBreakers-Journal, Vol. 1, No. 1 (2004)

V. Programming and Assembly under 64-Bit

Therefore Win64 offers 4 different porting options for existing

applications:
1)
2)
3)
4)

One important change for the 64-Bit programmer is the Global

Pointer and its support code which has no equivalent on 32Bit systems [18]. The Global Pointer is a preassigned value
which makes it possible to access data within a load module.
On the IA64, each instruction is 41 bits in length. The Global
Pointer concept has been described by Pietrek [18].

64-bit Full Port

Small Address Space with 64-bit Pointers
Small Address Space with 32-bit Pointers
Win32 Application

A detailed description of all 4 options including all necessary

steps for porting applications from Win32 to Win64 are
R Corporation [13]:
described by Intel

VI. Assembly Optimization

Optimizing assembly code for 64-Bit has been described by
Fletcher [7] using the example of the bubble sort algorithm:

Win64 uses the LLP64 (or P64) uniform data model

in which pointers and long long are 64 bits, but int
and long are 32 bits. To support this data model
and to provide compatibility with the existing Win32
code, new data types have been defined in Win64.
Some of them are fixed precision data types, for
instance INT32 or INT64. Others change size depending on the architecture, for instance INT PTR.

void bubblesort(int count, int array[]) {

for(int pass = 1; pass < count; pass++) {
for(int i = 0; i < count-1; i++) {
if(array[i] > array[i+1]) {
int hold = array[i];
array[i] = array[i+1];
array[i+1] = hold;
}
}
}
}

In general simply compiling a Win32 application as Win64

application can cause several compiler errors. To prevent such
a behaviour it is necessary to change for example the Win32
API Calls from:

R C++
After cleaning up some name mangling the Intel

Compiler produces the following assembly code [7]:

LONG iVal = GetWindowLong(hWnd, GWL_HINSTANCE);

.proc bubblesort
bubblesort:
to
{ .mii
cmp4.ge.unc p9,p0=1,r32 //0: 20 7
mov r20=ar.lc //0: 19 2
LONG_PTR iVal = GetWindowLongPtr(hWnd, GWLP_HINSTANCE);add r19=1,r0 //0: 20 6
}
{ .mmb
The problem is here that four of the existing Win32 APIs that add r16=4,r33 //0: 21 31
are used to set or get polymorphic window class data items add r18=-1,r32 //0: 21 32
(p9) br.cond.dpnt .b1_1 ;; //0: 20 8
have been changed [13]:
// Block 2: lentry Pred: 0 3 Succ: 3 7
// Freq 5.0e+001, Prob 0.50
Get/SetClassLong changed to Get/SetClassLongPtr
}
.b1_2:
Get/SetWindowLong changed to Get/SetWindowLongPtr
{ .mii
add r19=1,r19 //0: 20 15
Concerning all those problems it is necessary to adapt the cmp4.ge.unc p8,p0=r0,r18 //0: 21 13
sxt4 r17=r18 //0: 21 27
source code in a massive way:
}
{ .mmb
#if defined(_WIN32)
mov r9=r16 //0: 20 12
// stuff related to Win32
mov r3=r33 //0: 20 11
#if !defined(_WIN64)
(p8) br.cond.dpnt .b1_3 ;; //0: 21 14
// Win32 without Win64 (regular Win32)
// Block 7: prolog Pred: 2
#else /* is _WIN64 also */
// Succ: 17 Freq 5.0e+002, Prob 1.00
// Win64 variant of Win32
}
#endif /* _WIN64 ? */
{ .mmi
#elif defined(__unix) ||
add r11=-1,r17 ;; //0: 0 28
// various UNIXes
nop.m 0
#else /* some other OS */
sxt4 r10=r11 ;; //1: 0 29
#error Unhandled OS;
}
#endif
{ .mii
nop.m 0
mov ar.lc=r10 //2: 0 30
Problems and solutions for adapting source code have been nop.i 0 ;;
// Block 17: lentry lexit ltail collapsed Pred: 7 17
given by Chen [2].

4
c 2004 and published by the CodeBreakers-Journal. Single print or electronic copies for personal use only are permitted. Reproduction and
Copyright

distribution without permission is prohibited.

The CodeBreakers-Journal, Vol. 1, No. 1 (2004)

One of the next steps should be the finding of outer loops

which is described by Fletcher [7] in detail. A explicit detailed description of the assembly language for the Itanium
R Corporation [10] [12] [11].
architecture is provided by Intel

// Succ: 17 3 Freq 2.5e+003, Prob 0.80

}
.b1_17:
{ .mmi
ld4 r8=[r9] //0: 22 46
ld4 r2=[r3] //0: 22 45
nop.i 0 ;;
}
{ .mii
cmp4.le.unc p0,p6=r2,r8 //1: 22 54
nop.i 0
nop.i 0 ;;
}
{ .mmi
(p6) st4 [r3]=r8 //2: 24 52
(p6) st4 [r9]=r2 //2: 25 53
add r9=4,r9 //2: 21 50
}
{ .mib
nop.m 0
add r3=4,r3 //2: 21 49
br.cloop.sptk .b1_17 ;; //2: 21 51
// Block 3: lexit epilog ltail Pred: 2 17 Succ: 2 1
// Freq 5.0e+001, Prob 0.80
}
.b1_3:
{ .mib
cmp4.lt.unc p7,p0=r19,r32 //0: 20 16
nop.i 0
(p7) br.cond.dptk .b1_2 ;; //0: 20 17
// Block 1: exit epilog Pred: 0 3 Succ:
// Freq 1.0e+000, Prob 1.00
}
.b1_1:
{ .mib
nop.m 0
mov ar.lc=r20 //0: 29 9
br.ret.sptk.many b0 ;; //0: 29 10
}
.endp

VII. Problems of IA-64

Since the IA-64 is not using an absolute addressing mode the
global variables are accessed through the r1 register which
synonym is the Global Pointer (See section (V)). The addl
instruction provided by the IA-64 architecture allows only
adding constants up to 22 bit. This results in a maximum size
of 4 MB of global variables [3]. For solving this problem the
R C++ Compiler optimzes the code (See section (VI)).
Intel

The IA-64 compiler solves this problem by splitting global
variables into two categories, small and large where the
difference between small and large can be set via compiler
settings. This results into a difference how assembly code
looks like. The small variable would look like [3]:
addl
ld4

r30 = -205584, gp;;

// r30 -> global variable
r30 = [r30]
// load a DWORD from the global variable

whereas the large variant result into the following larger code
snippet where the variable itself is allocated in a separate
section of the file and a pointer to the variable is placed into
the small globals variables section of the module [3]:
addl
ld8

Optimizing the code above needs several steps. One of such

steps is eliminating instructions where three instructions can
be eliminated when 2 assumptions can be made. For example

ld4

r30 = -205584, gp;;

// r30 -> global variable forwarder
r30 = [r30];;
// r30 -> global variable
r30 = [r30]
// load a DWORD from the global variable

Such difference between small and large global variables needs

a explicit definition of variables even in C++ code. Using
extern BYTE b[]; will results in that the compiler uses
the large global variables concept to be on the save side. This
results in larger compiled code and possible inefficiency of the
code. Additionaly the programmer should take care if he defines a short global variable when its is large. The programmer
has to take care about this difference when using same definitions within different headers. Using extern BYTE b; in
one file and extern BYTE b[256]; in another one will
result for sure in some confusion [3].

cmp4.ge.unc p9,p0=1,r32 //0: 20 7

(p9) br.cond.dpnt .b1_1 ;; //0: 20 8
mov r20=ar.lc //0: 19 2

can be optimized to
add r19=1,r0 //0: 20 6
add r16=4,r33 //0: 21 31
add r18=-1,r32 //0: 21 32

Using a bundle the above code results in the following

template. It is important here that m and i is used for the
bundle template.

Another problem has been described by Chen [4]. The IA-64

introduces another possible bad consequence of a mismatched
function signature.

{ .mmi
add r19=1,r0 //0: 20 6
add r16=4,r33 //0: 21 31
add r18=-1,r32 ;; //0: 21 32
}

5
c 2004 and published by the CodeBreakers-Journal. Single print or electronic copies for personal use only are permitted. Reproduction and
Copyright

distribution without permission is prohibited.

The CodeBreakers-Journal, Vol. 1, No. 1 (2004)

References

One example of such a bogous code is [5] [4] [25] [6]:

[1] A SCHE , R UEDIGER R.:

Putting
DLDETECT
to
Work.
http://msdn.microsoft.com/library/default.asp?url=/library/enus/dndllpro/html/msdn dldwork.asp, 2004.
[2] C HEN , B ILL : Intel Itanium Intel Itanium Porting Methodologies.
http://mail.gnu.org/archive/html/tsp-devel/2003-05/pdf00000.pdf, 2004.
[3] C HEN , R AYMOND : ia64 - misdeclaring near and far data.
http://blogs.msdn.com/oldnewthing/archive/2004/01/20/60603.aspx,
2004.
[4] C HEN , R AYMOND: Uninitialized garbage on ia64 can be deadly.
http://blogs.msdn.com/oldnewthing/archive/2004/01/19/60162.aspx,
2004.
[5] C LIPCODE : Clipcode Snippets for the Clipcode Systems SDK - Synchronisation. http://www.clipcode.net/content/win32 4.htm, 2004.

[6] D EVI , M.: Mutex. http://phoenix.liunet.edu/mdevi/win32/Mutex.htm,

2004.
[7] F LETCHER , JASON A.: Optimizing Itanium Processor Family Assembly
Code. http://www.intel.com/cd/ids/developer/asmo-na/eng/53764.htm,
2004.
[8] I NTEL : IDF 2004, San Francisco. http://www.intel.com/idf/, 2004.
[9] I NTEL : Intel Corporation Website. http://www.intel.com, 2004.
R
R
Itanium

Architecture Software Developers
[10] I NTEL : Intel

Manual - Volume 1: Application Architecture, Revision 2.1.
http://www.intel.com/design/itanium/manuals/iiasdmanual.htm, 2004.
R
R
[11] I NTEL : Intel

Itanium

Architecture Software Developers
Manual - Volume 1: Instruction Set Reference, Revision 2.1.
http://www.intel.com/design/itanium/manuals/iiasdmanual.htm, 2004.
R
R
[12] I NTEL : Intel

Itanium

Architecture Software Developers
Manual - Volume 1: System Architecture, Revision 2.1.
http://www.intel.com/design/itanium/manuals/iiasdmanual.htm, 2004.
[13] I NTEL : Quick Start Guide for Porting Applications for Win64.
http://h21007.www2.hp.com/dspp/files/unprotected/Itanium/Windows/
Win64 Rev4.pdf, 2004.
[14] JARP, S VERRE : A Detailed Tutorial of the IA-64 architecture.
http://sverre.home.cern.ch/sverre/IA64 1.pdf, 1999.
[15] K RUSE , T: Processless Applications - Remotethreads on Microsoft
R 2000, XP and 2003. CodeBreakers-Journal, 1(1), 2004.
Windows

[16] L OUGHRAN , S TEVE : Code for Speed - Writing High Performance
Win32 Code. http://www.iseran.com/Win32/CodeForSpeed/, 2004.
[17] L OUGHRAN , S TEVE : Frequently Asked Questions about Windows Programming. http://www.iseran.com/Win32/FAQ, 2004.
[18] P IETREK ,
M ATT :
Programming
for
64-bit
Windows.
MSDN
Magazine,
November
2000,
2000.
http://msdn.microsoft.com/msdnmag/issues/1100/hood/.
[19] P IETREK , M ATT : IA-64 Registers. MSDN Magazine, June 2001, 2001.
http://msdn.microsoft.com/msdnmag/issues/01/06/hood/.
[20] P IETREK , M ATT : IA-64 Registers, Part 2. MSDN Magazine, July 2001,
2001. http://msdn.microsoft.com/msdnmag/issues/01/07/hood/.
[21] S TOKES , J ON : An Introduction to 64-bit Computing and x86-64.
http://www.arstechnica.com/cpu/03q1/x86-64/x86-64-1.html, 2004.
[22] S TOKES , J ON : The Pentium 4 and the G4e: an Architectural Comparison. http://arstechnica.com/cpu/01q2/p4andg4e/p4andg4e-1.html, 2004.
[23] S TOKES , J ON : Understanding the Microprocessor - Part I: Basic
Computing Concepts. http://arstechnica.com/paedia/c/cpu/part-1/cpu11.html, 2004.
[24] S TOKES ,
J ON :
Understanding
the
Microprocessor
Part
II:
Pipelining
and
Superscalar
Execution.
http://www.arstechnica.com/paedia/c/cpu/part-2/cpu2-1.html, 2004.
[25] W ILD ,
C HRIS :
Single
Thread/Process
Global
Variable.
http://www.cs.odu.edu/wild/windowsNT/Fall97/version3.htm#SLIDE6,

2004.

void MyCritSectProc(LPVOID /*nParameter*/)

{ ... }
hMyThread = CreateThread(NULL, 0,
(LPTHREAD_START_ROUTINE) MyCritSectProc,
NULL, 0, &MyThreadID);
R MSDN misdeclares both: the
Another example by Microsoft

return value and the input parameter. The result is a crash on
Win64 [1]. More examples are described by Chen [4].

VIII. Conclusions and Future Work

64-Bit is a necessary evolution in processor architecture.
Nevertheless the problems of porting software from 32-Bit
to 64-Bit will cause problems under Win64. As well the
R and the AMD

R Architectures
differences between the Intel

seem to result in software adaption problems which have been
described before in the mid eighties of the last century. It
seems to me more important than before to stay in touch with
assembly code since the different approaches of compilers
and vendors produce not always good and reliable code.
Future work should focus on detailed compiler analysis to
pinpoint the absolute differences in resulting assembly code
and in evaluation of the performance of the different compiler
dependant assembly codes which has been done by Loughran
before for Win32 environments [16].

6
c 2004 and published by the CodeBreakers-Journal. Single print or electronic copies for personal use only are permitted. Reproduction and
Copyright

distribution without permission is prohibited.