1

Assembly Language for x86 Processors 7th Edition

Chapter 4: Data
Transfers, Addressing,
and Arithmetic

Revision date: 01/02/2021

(c) Pearson Education, 2010. All rights reserved. You may modify and copy this slide show for your personal use, or for
use in the classroom, as long as this copyright statement, the author's name, and the title are not changed.

Chapter Overview

Data Transfer Instructions

– (see next page)
Addition and Subtraction
Data-Related Operators and Directives
Indirect Addressing
JMP and LOOP Instructions
64-Bit Programming

Ch.4 2
2
Data Transfer Instructions
Operand Types
Direct Memory Operands
MOV Instruction
Zero/Sign Extension of Integers
LAHF and SAHF Instructions
XCHG Instruction
Direct-Offset Operands
Example Program
Ch.4 3

Operand Types
[label1:] mnemonic [operands][ ; comments]

mnemonic
mnemonic [destination]
mnemonic [destination], [source]
mnemonic [destination], [source-1], [source-2]
Three types of operands
– immediate: numeric literal expression
– register: named register in the CPU
– memory: references a memory location
Ch.4 4
3
Instruction Operand Notation
(32-Bit Mode)

Ch.4 5

Direct Memory Operands

Variable names (data labels) are references to
offsets within the data segment
The label is automatically dereferenced by the
assembler

.data suppose that var1 were

var1 BYTE 10h located at offset 10400h
.code
mov al,var1 This is encoded as
mov al,[var1] A0 00010400

alternate format
Ch.4 6
4
MOV Instruction
• Move from source to destination. Syntax:
MOV destination,source
• Operands must be the same size
• No more than one memory operand permitted
• CS, IP, EIP, and RIP cannot be the destination

A list of standard MOV instruction format

MOV reg,reg
MOV mem,reg
MOV reg,mem
MOV mem,imm
MOV reg,imm
Ch.4 7

Memory to Memory
Move the source operand’s value to a
register first, then assign the register’s
value to the destination operand
.data memory CPU
var1 WORD ?
var2 WORD ? var1
.code ax
mov ax,var1
mov var2,ax var2

Ch.4 8
5
Some MOV Examples
.data
count BYTE 100
wVal WORD 2
.code
mov bl,count
mov ax,wVal
mov count,al

mov al,wVal ; error

mov ax,count ; error
mov eax,count ; error

Ch.4 9

Recall That …
8 8

AH AL 8 bits + 8 bits

AX 16 bits

EAX 32 bits

Ch.4 10
6
Overlapping Values
.data
oneByte BYTE 78h
oneWord WORD 1234h
oneDword DWORD 12345678h
.code
mov eax, 0 ; EAX = 00000000h
mov al, oneByte ; EAX = 00000078h
mov ax, oneWord ; EAX = 00001234h
mov eax, oneDword ; EAX = 12345678h
Mov ax, 0 ; EAX = 12340000h

Ch.4 11

Your turn . . .
Explain why each of the following MOV statements are invalid:
.data
bVal BYTE 100
bVal2 BYTE ?
wVal WORD 2
dVal DWORD 5
qVal QWORD ?
.code
mov rip,45
mov esi,wVal
mov eip,dVal
mov 25,bVal
mov bVal2,bVal

Ch.4 12
 Your turn . . .
Explain why each of the following MOV statements are invalid:
.data
bVal BYTE 100
bVal2 BYTE ?
wVal WORD 2
dVal DWORD 5
qVal QWORD ?
.code
mov rip,45 RIP cannot be the destination
mov esi,wVal size mismatch
mov eip,dVal EIP cannot be the destination
mov 25,bVal immediate value cannot be destination
mov bVal2,bVal memory-to-memory move not permitted
Copying Smaller Values to Larger
Ones
.data .data
count WORD 1 signedVal SWORD -16
.code .code
mov ecx,0 mov ecx,0
mov cx,count mov cx,signedVal
cx cx
ecx ecx
0000 0000 h 0000 0000 h
0001 h fff0 h
0000 0001h 0000 fff0 h
=1 ≠ -16
Copying Smaller Values to Larger
Ones
.data
signedVal SWORD -16
.code
mov ecx, FFFFFFFFh
mov cx, signedVal ; ECX = FFFFFFF0h

ecx cx
ffff ffff h
fff0 h
ffff fff0 h
= -16
10
Zero Extension (MOVZX Instruction)
When you copy a smaller value into a larger destination,
the MOVZX instruction fills (extends) the upper half of the
destination with zeros.

0 10001111 Source
Used for
unsigned
integer
0 0 0 0 0 00 0 1 0 0 0 1 11 1 Destination

mov bl,10001111b
movzx ax,bl ; zero-extension

The destination must be a register.

Ch.4
The source cannot be immediate. 13

Sign Extension (MOVSX Instruction)

The MOVSX instruction fills the upper half of the destination with
a copy of the source operand's sign bit.

10001111 Source
Used for
signed
integer
11111111 10001111 Destination

mov bl,10001111b
movsx ax,bl ; sign extension

The destination must be a register.

Ch.4 The source cannot be immediate 14
11
LAHF Instruction
.data
saveflags BYTE ?
.code
lahf ; load flags into AH
mov saveflags,ah ; save them in a variable

SAHF Instruction
mov ah,saveflags ; load saved flags into AH
sahf ; copy into Flags register

LAHF and SAHF

EFLAGS
(32 bits)

LAHF
SAHF
EAX
(32 bits)
AH (8 bits)

Ch.4 15
 XCHG Instruction
XCHG exchanges the contents of two operands. At least
one operand must be a register. No immediate operands
are permitted.
.data XCHG reg,reg
var1 WORD 1000h XCHG reg,mem
var2 WORD 2000h
XCHG mem,reg
.code
xchg ax,bx ; exchange 16-bit regs
xchg ah,al ; exchange 8-bit regs
xchg var1,bx ; exchange mem, reg
xchg eax,ebx ; exchange 32-bit regs
xchg var1,var2 ; error: two memory operands

mov ax,val1
xchg ax,val2
mov val1,ax 16
13
Direct-Offset Operands
A constant offset is added to a data label to produce an
effective address (EA). The address is dereferenced to
get the value inside its memory location.

.data
arrayB BYTE 10h,20h,30h,40h
.code
mov al,arrayB+1 ; AL = 20h
mov al,[arrayB+1] ; alternative notation

This lets us access memory locations that do not have explicit labels

Q: Why doesn't arrayB+1 produce 11h?

Ch.4 17

Word and Doubleword Arrays

.data
arrayW WORD 1000h,2000h,3000h
arrayD DWORD 1,2,3,4
.code
mov ax,[arrayW+2] ; AX = 2000h
mov ax,[arrayW+4] ; AX = 3000h
mov eax,[arrayD+4] ; EAX = 00000002h

; Will the following statements assemble?

mov ax,[arrayW-2] ; ??
mov eax,[arrayD+16] ; ??

What will happen when they run?

Ch.4 18
Example combining all the instructions covered so
far …
.data
val1 WORD 1000h
val2 WORD 2000h
arrayB BYTE 10h,20h,30h,40h,50h
arrayW WORD 100h,200h,300h
arrayD DWORD 10000h,20000h

.code

; Demonstrating MOVZX instruction:

mov bx,0A69Bh
movzx eax,bx ; EAX = 0000A69Bh
movzx edx,bl ; EDX = 0000009Bh
movzx cx,bl ; CX = 009Bh

; Demonstrating MOVSX instruction:

mov bx,0A69Bh
movsx eax,bx ; EAX = FFFFA69Bh
movsx edx,bl ; EDX = FFFFFF9Bh
mov bl,7Bh
movsx cx,bl ; CX = 007Bh

; Memory-to-memory exchange:
mov ax,val1 ; AX = 1000h
xchg ax,val2 ; AX=2000h, val2=1000h
mov val1,ax ; val1 = 2000h

; Direct-Offset Addressing (byte array):

mov al,arrayB ; AL = 10h
mov al,[arrayB+1] ; AL = 20h
mov al,[arrayB+2] ; AL = 30h

; Direct-Offset Addressing (word array):

mov ax,arrayW ; AX = 100h
mov ax,[arrayW+2] ; AX = 200h

; Direct-Offset Addressing (doubleword array):

mov eax,arrayD ; EAX = 10000h
mov eax,[arrayD+4] ; EAX = 20000h
15

Your turn. . .

Write a program that rearranges the values of three doubleword values in the following array
as: 3, 1, 2.
.data
arrayD DWORD 1,2,3

• Step1: copy the first value into EAX and exchange it with the value in the second
position.
1 => eax
mov eax,arrayD
---------------------
xchg eax,[arrayD+4]
1, 1, 3 eax=2

• Step 2: Exchange EAX with the third array value and copy the value in EAX to the first
array position.

xchg eax,[arrayD+8] 1, 1, 2 eax=3

mov arrayD,eax ---------------------
eax => arrayD

Irvine, Kip R. Assembly Language for x86 Processors 7/e, 2015.

16
Evaluate this . . .
• We want to write a program that adds the following three bytes:
.data
myBytes BYTE 80h,66h,0A5h

• What is your evaluation of the following code?

mov al,myBytes
add al,[myBytes+1]
add al,[myBytes+2]

• What is your evaluation of the following code?

mov ax,myBytes
add ax,[myBytes+1]
add ax,[myBytes+2]
• Any other possibilities?

Irvine, Kip R. Assembly Language for x86 Processors 7/e, 2015.

17
Addition and Subtraction
INC and DEC Instructions
ADD Instruction
SUB Instruction
NEG Instruction
Implementing Arithmetic Expressions
Flags Affected by Addition and Subtraction
– Zero
– Sign
– Carry
– Overflow
Ch.4 23

INC and DEC Instructions

Add 1, subtract 1 from destination
operand
– operand may be register or memory
INC reg/mem
Logic: destination  destination + 1
DEC reg/mem
Logic: destination  destination – 1
Affects Overflow, Sign, Zero, Auxiliary
Carry and Parity (but not Carry)
Ch.4 24
18
INC and DEC Examples
.data
myWord WORD 1000h
myDword DWORD 10000000h
.code
inc myWord ; 1001h
dec myWord ; 1000h
inc myDword ; 10000001h

mov ax,00FFh
inc ax ; AX = 0100h
mov ax,00FFh
Ch.4
inc al ; AX = 0000h 25
19
Your turn...
Show the value of the destination operand after each of the following instructions executes:

.data
myByte BYTE 0FFh, 0
.code
mov al,myByte ; AL = FFh
mov ah,[myByte+1] ; AH = 00h
dec ah ; AH = FFh
inc al ; AL = 00h
dec ax ; AX = FEFF

Irvine, Kip R. Assembly Language for x86 Processors 7/e, 2015.

20
ADD and SUB Instructions

• ADD destination, source

• Logic: destination  destination + source
• SUB destination, source
• Logic: destination  destination – source
• Same operand rules as for the MOV
instruction

Ch.4 27

ADD and SUB Examples

.data
var1 DWORD 10000h
var2 DWORD 20000h
.code ; ---EAX---
mov eax,var1 ; 00010000h
add eax,var2 ; 00030000h
add ax,0FFFFh; 0003FFFFh
add eax,1 ; 00040000h
sub ax,1 ; 0004FFFFh
Ch.4 28
21
NEG (negate) Instruction
Reverses the sign of an operand. Operand can
be a register or memory operand.
.data
valB BYTE -1
valW WORD +32767
.code
mov al,valB ; AL = -1
neg al ; AL = +1
neg valW ; valW = -32767

NEG Instruction and the Flags

The processor implements NEG using the following
internal operation:
SUB 0,operand
Any nonzero operand causes the Carry flag to be set.
.data
valB BYTE 1,0
valC SBYTE -128
.code
neg valB ; CF = 1, OF = 0
neg [valB + 1] ; CF = 0, OF = 0
Ch.4 30
22
Implementing Arithmetic
Expressions
HLL compilers translate mathematical expressions into assembly
language. You can do it also. For example:
Rval = -Xval + (Yval – Zval)
Rval DWORD ?
Xval DWORD 26
Yval DWORD 30
Zval DWORD 40
.code
mov eax,Xval
neg eax ; EAX = -26
mov ebx,Yval
sub ebx,Zval ; EBX = -10
add eax,ebx
mov Rval,eax ; -36
Ch.4 31

Your turn...
Translate the following expression into assembly language.
Do not permit Xval, Yval, or Zval to be modified:
Rval = Xval - (-Yval + Zval)

Assume that all values are signed doublewords.

mov ebx,Yval
neg ebx
add ebx,Zval
mov eax,Xval
sub eax,ebx
mov Rval,eax
Ch.4 32
23
Flags Affected by Arithmetic
The ALU has a number of status flags that
reflect the outcome of arithmetic (and bitwise)
operations
– based on the contents of the destination operand
Essential flags:
– Zero flag – an operation produced zero
– Sign flag – an operation produced a negative result
– Carry flag –unsigned integer overflow
– Overflow flag –signed integer overflow
The MOV instruction never affects the flags.
Ch.4 33

Zero Flag (ZF)

The Zero flag is set when the result of an
arithmetic operation equals zero.
mov ecx,1
sub ecx,1 ; ECX = 0, ZF = 1
mov eax,0FFFFFFFFh
inc eax ; EAX = 0, ZF = 1
inc eax ; EAX = 1, ZF = 0

Remember...
• A flag is set when it equals 1.
• A flag is clear when it equals 0.
Ch.4 34
24
Carry Flag (CF) in Addition
A copy of the carry out of the most
significant bit of the destination operand
mov al,0FFh
add al,1 ; CF = 1, AL = 00

1 1 1 1 1 1 1 1

+ 0 0 0 0 0 0 0 1

CF 1 0 0 0 0 0 0 0 0
Ch.4 35

Carry Flag (CF) in Subtraction

When a larger unsigned integer is
subtracted from a smaller one

mov al,1
sub al,2 ; CF = 1, AL = FF

0 0 0 0 0 0 0 1 (1)/(1h)
CF 1
1 1 1 1 1 1 1 0 (-2)/(FEh)
+
1 1 1 1 1 1 1 1 (-1)/(FFh)
Ch.4 36
25
Auxiliary Carry
A carry of borrow out of bit 3 in the
destination operand
mov al,0Fh
add al,1 ; AC = 1

0 0 0 0 1 1 1 1

+ 0 0 0 0 0 0 0 1

0 0 0 1 0 0 0 0
Ch.4 37

Parity
When the least significant byte of the
destination has an even number of 1 bits

mov al,10001100b
add al,00000010b ; AL = 10001110, PF = 1
sub al,10000000b ; AL = 00001110, PF = 0

Ch.4 38
26
Signed Operation: Sign Flag (SF)
The Sign flag is set when the result of a signed arithmetic
operation is negative. The flag is clear when the destination
is positive.
mov eax,4
sub eax,5 ; EAX = -1, SF = 1

The sign flag is a copy of the destination's highest bit:

mov bl,1 ; BL = 01h
sub bl,2 ; BL = FFh (-1), SF = 1

Ch.4 39

Signed Operation: Overflow Flag

(OF)
set when the result of a signed arithmetic operation
overflows or underflows the destination operand
; Example 1
mov al,+127
add al,1 ; OF = 1

; Example 2
mov al,-128
sub al,1 ; OF = 1

Ch.4 40
27
The Addition Test
When adding two integers, overflow occurs
when:
– Adding two positive operands generates a negative
sum
– Adding two negative operands generates a positive
sum
What will be the values of the Overflow flag?
mov al,80h ;
add al,92h ; AL = 12h , OF = 1
Overflow never occurs when the signs
mov al,-2 of two addition operands are different
add al,+127 ; OF = 0
Ch.4 41

Your turn . . .
For each of the following marked entries, show the values of
the destination operand and the Sign, Zero, and Carry flags:
mov ax,00FFh
add ax,1 ; AX=0100h SF=0 ZF=0 CF= 0
sub ax,1 ; AX=00FFh SF=0 ZF=0 CF= 0
add al,1 ; AL=00h SF=0 ZF=1 CF=1
mov bh,6Ch
add bh,95h ; BH=01h SF=0 ZF=0 CF=1

mov al,2
sub al,3 ; AL= FFh SF=1 ZF=0 CF= 1

Ch.4 42
28
Your turn . . .
What will be the values of the given flags after each operation?
mov al,-128
neg al ; CF = 1 OF = 1

mov ax,8000h
add ax,2 ; CF = 0 OF = 0

mov ax,0
sub ax,2 ; CF = 1 OF = 0

mov al,-5
sub al,+125 ; OF = 1
Ch.4 43

How the Hardware Detects

Overflow
After an addition or subtraction operation
– The value that carries out of the highest bit is
XORed with the carry into the high bit of the
result OF = 1 XOR 0
0 =1
1 0 0 0 0 0 0 0
+ 1 1 1 1 1 1 1 0
1 0 1 1 1 1 1 1 0

Ch.4 Carry out 44

29
OF of NEG Instruction
NEG instruction produces an invalid result
(OF = 1) if the destination operand cannot
be stored correctly
mov al,-128 ; AL = 10000000b
neg al ; OF = 1

mov al,+127 ; AL = 01111111b

neg al ; OF = 0

Ch.4 45

Signed and Unsigned Integers

A Hardware Viewpoint
All CPU instructions operate exactly the
same on signed and unsigned integers

The CPU cannot distinguish between

signed and unsigned integers

YOU, the programmer, are solely

responsible for using the correct data type
with each instruction
Added Slide. Gerald Cahill, Antelope Valley College
Ch.4 46
 NEG Instruction and the Flags
30
The processor implements NEG using the following
internal operation:
SUB 0,operand
Any nonzero operand causes the Carry flag to be set.
.data
valB BYTE 1,0
valC SBYTE -128
.code
neg valB ; CF = 1, OF = 0
neg [valB + 1] ; CF = 0, OF = 0
neg valC ; CF = 1, OF = 1
Ch.4 30