Scribd
Upload
7 views

Machine Control

Uploaded by

navid.panah1
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

Machine Control

Uploaded by

navid.panah1
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 71

Carnegie Mellon

14-513 18-613

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 1


Carnegie Mellon

Machine-Level Programming II: Control


15-213/18-213/14-513/15-513/18-613: Introduction to Computer Systems
6th Lecture, September 16, 2020

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 2


Carnegie Mellon

Announcements
 Lab 1 (datalab)
▪ Due Thurs, Sept. 17, 11:59pm ET
 Written Assignment 1 peer grading
▪ Due Wed, Sept. 23, 11:59pm ET
 Written Assignment 2 available on Canvas
▪ Due Wed, Sept. 23, 11:59pm ET
 Lab 2 (bomblab) will be available at midnight via Autolab
▪ Due Tues, Sept. 29, 11:59 pm ET

 Recitation on bomblab this Monday


▪ In person: you have been contacted with your recitation info
▪ Online: use the zoom links provided on the Canvas homepage

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 3


Carnegie Mellon

Catching Up
 Reviewing LEAQ (based on after-class questions)
 Reviewing Arithmetic Expressions in ASM
 C -> Assembly -> Machine Code

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 4


Carnegie Mellon

LEA: Evaluate Memory Address Expression


Without Accessing Memory
 leaq Src, Dst
▪ Src is address computation expression D(Rb,Ri,S): Reg[Rb]+S*Reg[Ri]+ D
▪ Set Dst to address denoted by expression

 Uses
▪ Computing address/pointer WITHOUT ACCESSING MEMORY
E.g., translation of p = &x[i];

▪ Compute arbitrary expressions of form: b+(s*i)+d, where s = 1, 2, 4, or 8
▪ [also w/o accessing memory]

 Example
long m12(long x) Converted to ASM by compiler:
{ leaq (%rdi,%rdi,2), %rax # t = x+2*x
return x*12; salq $2, %rax # return t<<2
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 5
Carnegie Mellon

LEA vs. other instructions (e.g., MOV)


 leaq D(Rb,Ri,S), dst
▪ dst Reg[Rb]+S*Reg[Ri]+ D
▪ NO MEMORY ACCESS HAPPENS!

 movq D(Rb,Ri,S), dst


▪ dst Mem[Reg[Rb]+S*Reg[Ri]+ D]
▪ MEMORY ACCESS HAPPENS!

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 6


Carnegie Mellon

Arithmetic Expression Example


arith:
leaq (%rdi,%rsi), %rax
long arith addq %rdx, %rax
(long x, long y, long z) leaq (%rsi,%rsi,2), %rdx
{ salq $4, %rdx
long t1 = x+y; leaq 4(%rdi,%rdx), %rcx
long t2 = z+t1; imulq %rcx, %rax
long t3 = x+4; ret
long t4 = y * 48;
long t5 = t3 + t4; Interesting Instructions
long rval = t2 * t5; ▪ leaq: address computation
return rval; ▪ salq: shift
}
▪ imulq: multiplication
▪ Curious: only used once…

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 8


Carnegie Mellon

Understanding Arithmetic Expression


Example arith:
leaq (%rdi,%rsi), %rax # t1
long arith addq %rdx, %rax # t2
(long x, long y, long z) leaq (%rsi,%rsi,2), %rdx
{ salq $4, %rdx # t4
long t1 = x+y; leaq 4(%rdi,%rdx), %rcx # t5
long t2 = z+t1; imulq %rcx, %rax # rval
long t3 = x+4; ret
long t4 = y * 48;
long t5 = t3 + t4; Register Use(s)
long rval = t2 * t5;
return rval; %rdi Argument x
} %rsi Argument y
%rdx Argument z,
t4
%rax t1, t2, rval
D(Rb,Ri,S): Mem[Reg[Rb]+S*Reg[Ri]+ D]
%rcx t5

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 9


Carnegie Mellon

Today: Machine Programming I: Basics


 History of Intel processors and architectures
 Assembly Basics: Registers, operands, move
 Arithmetic & logical operations
 C, assembly, machine code

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 10


Carnegie Mellon

Turning C into Object Code


▪ Code in files p1.c p2.c
▪ Compile with command: gcc –Og p1.c p2.c -o p
▪ Use basic optimizations (-Og) [New to recent versions of GCC]
▪ Put resulting binary in file p

text C program (p1.c p2.c)

Compiler (gcc –Og -S)

text Asm program (p1.s p2.s)

Assembler (gcc or as)

binary Object program (p1.o p2.o) Static libraries


(.a)
Linker (gcc or ld)

binary Executable program (p)

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 11


Carnegie Mellon

Compiling Into Assembly


C Code (sum.c) Generated x86-64 Assembly
long plus(long x, long y); sumstore:
pushq %rbx
void sumstore(long x, long y, movq %rdx, %rbx
long *dest) call plus
{ movq %rax, (%rbx)
long t = plus(x, y); popq %rbx
*dest = t; ret
}
Obtain (on shark machine) with command
gcc –Og –S sum.c
Produces file sum.s
Warning: Will get very different results on non-Shark
machines (Andrew Linux, Mac OS-X, …) due to different
versions of gcc and different compiler settings.
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 12
Carnegie Mellon

What it really looks like


.globl sumstore
.type sumstore, @function
sumstore:
.LFB35:
.cfi_startproc
pushq %rbx
.cfi_def_cfa_offset 16
.cfi_offset 3, -16
movq %rdx, %rbx
call plus
movq %rax, (%rbx)
popq %rbx
.cfi_def_cfa_offset 8
ret
.cfi_endproc
.LFE35:
.size sumstore, .-sumstore

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 13


Carnegie Mellon

What it really looks like


.globl sumstore
Things that look weird
.type sumstore, @function and are preceded by a ‘.’
sumstore: are generally directives.
.LFB35:
.cfi_startproc
pushq %rbx
.cfi_def_cfa_offset 16 sumstore:
.cfi_offset 3, -16 pushq %rbx
movq %rdx, %rbx
movq %rdx, %rbx
call plus
call plus
movq %rax, (%rbx)
movq %rax, (%rbx)
popq %rbx
popq %rbx
ret
.cfi_def_cfa_offset 8
ret
.cfi_endproc
.LFE35:
.size sumstore, .-sumstore

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 14


Carnegie Mellon

Object Code
Code for sumstore
 Assembler
0x0400595:
0x53
▪ Translates .s into .o
0x48 ▪ Binary encoding of each instruction
0x89 ▪ Nearly-complete image of executable code
0xd3
0xe8
▪ Missing linkages between code in different
0xf2 files
0xff  Linker
0xff
0xff ▪ Resolves references between files
• Total of 14 bytes
0x48 ▪ Combines with static run-time libraries
0x89 • Each instruction
E.g., code for malloc, printf

0x03 1, 3, or 5 bytes
0x5b • Starts at address
▪ Some libraries are dynamically linked
0xc3 0x0400595 ▪ Linking occurs when program begins
execution

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 17


Carnegie Mellon

Machine Instruction Example


 C Code
*dest = t;
▪ Store value t where designated by
dest
 Assembly
movq %rax, (%rbx)
▪ Move 8-byte value to memory
▪Quad words in x86-64 parlance
▪ Operands:
t: Register %rax
dest: Register %rbx
*dest: Memory M[%rbx]
 Object Code
0x40059e: 48 89 03
▪ 3-byte instruction
▪ Stored at address 0x40059e

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 18


Carnegie Mellon

Disassembling Object Code


Disassembled
0000000000400595 <sumstore>:
400595: 53 push %rbx
400596: 48 89 d3 mov %rdx,%rbx
400599: e8 f2 ff ff ff callq 400590 <plus>
40059e: 48 89 03 mov %rax,(%rbx)
4005a1: 5b pop %rbx
4005a2: c3 retq

 Disassembler
objdump –d sum
▪ Useful tool for examining object code
▪ Analyzes bit pattern of series of instructions
▪ Produces approximate rendition of assembly code
▪ Can be run on either a.out (complete executable) or .o file
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 19
Carnegie Mellon

Alternate Disassembly
Disassembled

Dump of assembler code for function sumstore:


0x0000000000400595 <+0>: push %rbx
0x0000000000400596 <+1>: mov %rdx,%rbx
0x0000000000400599 <+4>: callq 0x400590 <plus>
0x000000000040059e <+9>: mov %rax,(%rbx)
0x00000000004005a1 <+12>:pop %rbx
0x00000000004005a2 <+13>:retq

 Within gdb Debugger


▪ Disassemble procedure
gdb sum
disassemble sumstore

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 20


Carnegie Mellon

Alternate Disassembly
Disassembled
Object
Code
Dump of assembler code for function sumstore:
0x0400595: 0x0000000000400595 <+0>: push %rbx
0x53 0x0000000000400596 <+1>: mov %rdx,%rbx
0x48 0x0000000000400599 <+4>: callq 0x400590 <plus>
0x89 0x000000000040059e <+9>: mov %rax,(%rbx)
0xd3 0x00000000004005a1 <+12>:pop %rbx
0xe8 0x00000000004005a2 <+13>:retq
0xf2
0xff
0xff
0xff  Within gdb Debugger
0x48 ▪ Disassemble procedure
0x89 gdb sum
0x03
0x5b disassemble sumstore
0xc3 ▪ Examine the 14 bytes starting at sumstore
x/14xb sumstore
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 21
Carnegie Mellon

What Can be Disassembled?


% objdump -d WINWORD.EXE

WINWORD.EXE: file format pei-i386

No symbols in "WINWORD.EXE".
Disassembly of section .text:

30001000 <.text>:
30001000: 55 push %ebp
30001001: 8b ec mov %esp,%ebp
30001003: 6a ffReverse engineering
push forbidden by
$0xffffffff
30001005: 68Microsoft
90 10 00 End User License
30 push Agreement
$0x30001090
3000100a: 68 91 dc 4c 30 push $0x304cdc91

 Anything that can be interpreted as executable code


 Disassembler examines bytes and reconstructs assembly source
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 22
Carnegie Mellon

Machine Programming I: Summary


 History of Intel processors and architectures
▪ Evolutionary design leads to many quirks and artifacts
 C, assembly, machine code
▪ New forms of visible state: program counter, registers, ...
▪ Compiler must transform statements, expressions, procedures into
low-level instruction sequences
 Assembly Basics: Registers, operands, move
▪ The x86-64 move instructions cover wide range of data movement
forms
 Arithmetic
▪ C compiler will figure out different instruction combinations to
carry out computation

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 23


Carnegie Mellon

Today
 Control: Condition codes
 Conditional branches
 Loops
 Switch Statements

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 24


Carnegie Mellon

Processor State (x86-64, Partial)


 Information about
currently executing Registers
program %rax %r8
▪ Temporary data %rbx %r9
( %rax, … ) %rcx %r10
▪ Location of runtime stack %rdx %r11
( %rsp ) %rsi %r12
▪ Location of current code %rdi %r13
control point %rsp %r14
( %rip, … )
%rbp %r15
▪ Status of recent tests
( CF, ZF, SF, OF )
%rip Instruction pointer
Current stack top
CF ZF SF OF Condition codes
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 29
Carnegie Mellon

Condition Codes (Implicit Setting)


 Single bit registers
▪CF Carry Flag (for unsigned) SF Sign Flag (for signed)
▪ZF Zero Flag OF Overflow Flag (for signed)

 Implicitly set (as side effect) of arithmetic operations


Example: addq Src,Dest ↔ t = a+b
CF set if carry/borrow out from most significant bit (unsigned overflow)
ZF set if t == 0
SF set if t < 0 (as signed)
OF set if two’s-complement (signed) overflow
(a>0 && b>0 && t<0) || (a<0 && b<0 && t>=0)

 Not set by leaq instruction


Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 30
Carnegie Mellon

ZF set when

000000000000…00000000000

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 31


Carnegie Mellon

SF set when

yxxxxxxxxxxxx...

+ yxxxxxxxxxxxx...

1xxxxxxxxxxxx...

For signed arithmetic, this reports when result is a negative number

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 32


Carnegie Mellon

CF set when

1xxxxxxxxxxxx...

+ 1xxxxxxxxxxxx... Carry

1 xxxxxxxxxxxxx...

1 0xxxxxxxxxxxx...
Borrow
- 1xxxxxxxxxxxx...

1xxxxxxxxxxxx...

For unsigned arithmetic, this reports overflow


Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 33
Carnegie Mellon

OF set when

yxxxxxxxxxxxx... a

+ yxxxxxxxxxxxx... b

zxxxxxxxxxxxx... t

z = ~y

(a>0 && b>0 && t<0) || (a<0 && b<0 && t>=0)

For signed arithmetic, this reports overflow

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 34


Carnegie Mellon

Condition Codes (Explicit Setting: Compare)


 Explicit Setting by Compare Instruction
▪ cmpq Src2, Src1
▪ cmpq b,a like computing a-b without setting destination

▪ CF set if carry/borrow out from most significant bit


(used for unsigned comparisons)
▪ ZF set if a == b
▪ SF set if (a-b) < 0 (as signed)
▪ OF set if two’s-complement (signed) overflow
(a>0 && b<0 && (a-b)<0) || (a<0 && b>0 && (a-b)>0)

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 35


Carnegie Mellon

Condition Codes (Explicit Setting: Test)


 Explicit Setting by Test instruction
▪ testq Src2, Src1
▪ testq b,a like computing a&b without setting destination

▪ Sets condition codes based on value of Src1 & Src2


▪ Useful to have one of the operands be a mask

▪ ZF set when a&b == 0


▪ SF set when a&b < 0

Very often:
testq %rax,%rax

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 36


Carnegie Mellon

Condition Codes (Explicit Reading: Set)


 Explicit Reading by Set Instructions
▪ setX Dest: Set low-order byte of destination Dest to 0 or 1
based on combinations of condition codes
▪ Does not alter remaining 7 bytes of Dest
SetX Condition Description
sete ZF Equal / Zero
setne ~ZF Not Equal / Not Zero
sets SF Negative
setns ~SF Nonnegative
setg ~(SF^OF)&~ZF Greater (signed)
setge ~(SF^OF) Greater or Equal (signed)
setl SF^OF Less (signed)
setle (SF^OF)|ZF Less or Equal (signed)
seta ~CF&~ZF Above (unsigned)
setb CF Below (unsigned)
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 37
Carnegie Mellon

Example: setl (Signed <)


 Condition: SF^OF
SF OF SF ^ OF Implication
0 0 0 No overflow, so SF implies not <
1 0 1 No overflow, so SF implies <
0 1 1 Overflow, so SF implies negative overflow, i.e. <
1 1 0 Overflow, so SF implies positive overflow, i.e. not <

negative overflow case


1xxxxxxxxxxxx... a

- 0xxxxxxxxxxxx... b

0xxxxxxxxxxxx... t
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 38
Carnegie Mellon

x86-64 Integer Registers


%rax %al %r8 %r8b

%rbx %bl %r9 %r9b

%rcx %cl %r10 %r10b

%rdx %dl %r11 %r11b

%rsi %sil %r12 %r12b

%rdi %dil %r13 %r13b

%rsp %spl %r14 %r14b

%rbp %bpl %r15 %r15b

▪ Can reference low-order byte


Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 39
Carnegie Mellon

Explicit Reading Condition Codes (Cont.)


 SetX Instructions:
▪ Set single byte based on combination of condition codes
 One of addressable byte registers
▪ Does not alter remaining bytes
▪ Typically use movzbl to finish job
▪ 32-bit instructions also set upper 32 bits to 0

Register Use(s)
int gt (long x, long y)
{ %rdi Argument x
return x > y; %rsi Argument y
}
%rax Return value

cmpq %rsi, %rdi # Compare x:y


setg %al # Set when >
movzbl %al, %eax # Zero rest of %rax
ret
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 40
Carnegie Mellon

Explicit Reading Condition Codes (Cont.)


 SetX Instructions:
Beware weirdness movzbl (and others)
▪ Set single byte based on combination of condition codes
 One of addressable byte registers
▪ Does notmovzbl
alter remaining%al,
bytes %eax
▪ Typically use movzbl to finish job
▪ 32-bit instructions also set upper%al
0x000000 32 bits to 0
%rax
0x00000000 0x000000
%eax %al

Register Use(s)
int gt (long x, long y)
{ %rdi Argument x
Zapped toreturn
all 0’s x > y; %rsi Argument y
}
%rax Return value

cmpq %rsi, %rdi # Compare x:y


setg %al # Set when >
movzbl %al, %eax # Zero rest of %rax
ret
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 41
Carnegie Mellon

Today
 Control: Condition codes
 Conditional branches
 Loops
 Switch Statements

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 42


Carnegie Mellon

Jumping
 jX Instructions
▪ Jump to different part of code depending on condition codes
▪ Implicit reading of condition codes

jX Condition Description
jmp 1 Unconditional
je ZF Equal / Zero
jne ~ZF Not Equal / Not Zero
js SF Negative
jns ~SF Nonnegative
jg ~(SF^OF)&~ZF Greater (signed)
jge ~(SF^OF) Greater or Equal (signed)
jl SF^OF Less (signed)
jle (SF^OF)|ZF Less or Equal (signed)
ja ~CF&~ZF Above (unsigned)
jb CF Below (unsigned)
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 43
Carnegie Mellon

Conditional Branch Example (Old Style)


 Generation Get to this shortly
shark> gcc –Og -S –fno-if-conversion control.c
absdiff:
long absdiff cmpq %rsi, %rdi # x:y, x-y
(long x, long y) jle .L4
{ movq %rdi, %rax
long result; subq %rsi, %rax
if (x > y) ret
result = x-y; .L4: # x <= y
else movq %rsi, %rax
result = y-x; subq %rdi, %rax
return result; ret
}
Register Use(s)
%rdi Argument x
%rsi Argument y
%rax Return value
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 44
Carnegie Mellon

Expressing with Goto Code


 C allows goto statement
 Jump to position designated by label

long absdiff long absdiff_j


(long x, long y) (long x, long y)
{ {
long result; long result;
if (x > y) int ntest = (x <= y);
result = x-y; if (ntest) goto Else;
else result = x-y;
result = y-x; goto Done;
return result; Else:
} result = y-x;
Done:
return result;
}

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 45


Carnegie Mellon

General Conditional Expression Translation


(Using Branches)
C Code
val = Test ? Then_Expr : Else_Expr;

val = x>y ? x-y : y-x;

Goto Version
ntest = !Test; ▪ Create separate code regions for
if (ntest) goto Else;
then & else expressions
val = Then_Expr;
goto Done; ▪ Execute appropriate one
Else:
val = Else_Expr;
Done:
. . .

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 46


Carnegie Mellon

Using Conditional Moves

 Conditional Move Instructions


▪ Instruction supports:
if (Test) Dest  Src C Code
▪ Supported in post-1995 x86 processors val = Test
▪ GCC tries to use them ? Then_Expr
▪ But, only when known to be safe
: Else_Expr;

Goto Version
 Why?
result = Then_Expr;
▪ Branches are very disruptive to eval = Else_Expr;
instruction flow through pipelines nt = !Test;
▪ Conditional moves do not require if (nt) result = eval;
control transfer return result;

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 47


Carnegie Mellon

Conditional Move Example


long absdiff
(long x, long y)
{ Register Use(s)
long result;
if (x > y) %rdi Argument x
result = x-y; %rsi Argument y
else %rax Return value
result = y-x;
return result;
}

absdiff:
movq %rdi, %rax # x
subq %rsi, %rax # result = x-y
movq %rsi, %rdx
When is subq %rdi, %rdx # eval = y-x
this bad? cmpq %rsi, %rdi # x:y
cmovle %rdx, %rax # if <=, result = eval
ret
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 48
Carnegie Mellon

Bad Cases for Conditional Move


Expensive Computations
val = Test(x) ? Hard1(x) : Hard2(x);

 Both values get computed


Bad Performance
 Only makes sense when computations are very simple

Risky Computations
val = p ? *p : 0;

Both values get computed



Unsafe
 May have undesirable effects

Computations with side effects


val = x > 0 ? x*=7 : x+=3;

 Both values get computed Illegal


 Must be side-effect free
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 49
Carnegie Mellon

Exercise
SetX Condition Description
cmpq b,a like computing a-b w/o setting dest sete ZF Equal / Zero
setne ~ZF Not Equal / Not Zero
sets SF Negative
 CF set if carry/borrow out from most significant setns ~SF Nonnegative
bit (used for unsigned comparisons) setg ~(SF^OF)&~ZF Greater (signed)
 ZF set if a == b setge ~(SF^OF) Greater or Equal (signed)
setl SF^OF Less (signed)
 SF set if (a-b) < 0 (as signed)
setle (SF^OF)|ZF Less or Equal (signed)
 OF set if two’s-complement (signed) overflow seta ~CF&~ZF Above (unsigned)
setb CF Below (unsigned)

%rax SF CF OF ZF
xorq %rax, %rax 0x0000 0000 0000 0000 0 0 0 1
subq $1, %rax 0xFFFF FFFF FFFF FFFF 1 1 0 0
cmpq $2, %rax 0xFFFF FFFF FFFF FFFF 1 0 0 0
setl %al 0xFFFF FFFF FFFF FF01 1 0 0 0
movzblq %al, %eax 0x0000 0000 0000 0001 1 0 0 0

Note: setl and movzblq do not modify condition codes


Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 50
Carnegie Mellon

Exercise
SetX Condition Description
cmpq b,a like computing a-b w/o setting dest sete ZF Equal / Zero
setne ~ZF Not Equal / Not Zero
sets SF Negative
 CF set if carry/borrow out from most significant setns ~SF Nonnegative
bit (used for unsigned comparisons) setg ~(SF^OF)&~ZF Greater (signed)
 ZF set if a == b setge ~(SF^OF) Greater or Equal (signed)
setl SF^OF Less (signed)
 SF set if (a-b) < 0 (as signed)
setle (SF^OF)|ZF Less or Equal (signed)
 OF set if two’s-complement (signed) overflow seta ~CF&~ZF Above (unsigned)
setb CF Below (unsigned)

%rax SF CF OF ZF
xorq %rax, %rax 0x0000 0000 0000 0000 0 0 0 1
subq $1, %rax 0xFFFF FFFF FFFF FFFF 1 1 0 0
cmpq $2, %rax 0xFFFF FFFF FFFF FFFF 1 0 0 0
setl %al 0xFFFF FFFF FFFF FF01 1 0 0 0
movzblq %al, %eax 0x0000 0000 0000 0001 1 0 0 0

Note: setl and movzblq do not modify condition codes


Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 51
Carnegie Mellon

Today
 Control: Condition codes
 Conditional branches
 Loops
 Switch Statements

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 52


Carnegie Mellon

“Do-While” Loop Example


C Code Goto Version
long pcount_do long pcount_goto
(unsigned long x) { (unsigned long x) {
long result = 0; long result = 0;
do { loop:
result += x & 0x1; result += x & 0x1;
x >>= 1; x >>= 1;
} while (x); if(x) goto loop;
return result; return result;
} }

 Count number of 1’s in argument x (“popcount”)


 Use conditional branch to either continue looping
or to exit loop

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 53


Carnegie Mellon

“Do-While” Loop Compilation


long pcount_goto
(unsigned long x) {
Register Use(s)
long result = 0;
loop: %rdi Argument x
result += x & 0x1; %rax result
x >>= 1;
if(x) goto loop;
return result;
}

movl $0, %eax # result = 0


.L2: # loop:
movq %rdi, %rdx
andl $1, %edx # t = x & 0x1
addq %rdx, %rax # result += t
shrq %rdi # x >>= 1
jne .L2 # if(x) goto loop
rep; ret
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 54
Carnegie Mellon

Quiz Time!

Check out:

https://canvas.cmu.edu/courses/17808

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 55


Carnegie Mellon

General “Do-While” Translation


C Code Goto Version
do loop:
Body Body
while (Test); if (Test)
goto loop

 Body: {
Statement1;
Statement2;

Statementn;
}

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 56


Carnegie Mellon

General “While” Translation #1

 “Jump-to-middle” translation
 Used with -Og Goto Version
goto test;
loop:
While version Body
while (Test) test:
Body if (Test)
goto loop;
done:

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 57


Carnegie Mellon

While Loop Example #1


C Code Jump to Middle
long pcount_while Version
long pcount_goto_jtm
(unsigned long x) { (unsigned long x) {
long result = 0; long result = 0;
while (x) { goto test;
result += x & 0x1; loop:
x >>= 1; result += x & 0x1;
} x >>= 1;
return result; test:
} if(x) goto loop;
return result;
}

 Compare to do-while version of function


 Initial goto starts loop at test

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 58


Carnegie Mellon

General “While” Translation #2


While version
 “Do-while” conversion
while (Test)
 Used with –O1
Body

Goto Version
Do-While Version if (!Test)
if (!Test) goto done;
goto done; loop:
do Body
Body if (Test)
while(Test); goto loop;
done: done:
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 59
Carnegie Mellon

While Loop Example #2


C Code Do-While Version
long pcount_while long pcount_goto_dw
(unsigned long x) { (unsigned long x) {
long result = 0; long result = 0;
while (x) { if (!x) goto done;
result += x & 0x1; loop:
x >>= 1; result += x & 0x1;
} x >>= 1;
return result; if(x) goto loop;
} done:
return result;
}

 Initial conditional guards entrance to loop


 Compare to do-while version of function
▪ Removes jump to middle. When is this good or bad?
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 60
Carnegie Mellon

“For” Loop Form Init


General Form i = 0

for (Init; Test; Update ) Test


Body i < WSIZE

#define WSIZE 8*sizeof(int) Update


long pcount_for i++
(unsigned long x)
{
size_t i; Body
long result = 0; {
for (i = 0; i < WSIZE; i++) unsigned bit =
{ (x >> i) & 0x1;
unsigned bit = result += bit;
(x >> i) & 0x1; }
result += bit;
}
return result;
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 61
Carnegie Mellon

“For” Loop → While Loop


For Version
for (Init; Test; Update )
Body

While Version
Init;
while (Test ) {
Body
Update;
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 62
Carnegie Mellon

For-While Conversion
Init long pcount_for_while
i = 0 (unsigned long x)
{
size_t i;
Test long result = 0;
i < WSIZE i = 0;
while (i < WSIZE)
Update {
unsigned bit =
i++
(x >> i) & 0x1;
result += bit;
Body i++;
{ }
unsigned bit = return result;
(x >> i) & 0x1; }
result += bit;
}

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 63


Carnegie Mellon

“For” Loop Do-While Conversion


Goto Version long pcount_for_goto_dw
C Code
(unsigned long x) {
long pcount_for size_t i;
(unsigned long x) long result = 0;
{ i = 0; Init
size_t i; if (!(i < WSIZE))
long result = 0; goto done; !Test
for (i = 0; i < WSIZE; i++) loop:
{ {
unsigned bit = unsigned bit =
(x >> i) & 0x1; (x >> i) & 0x1; Body
result += bit; result += bit;
} }
return result; i++; Update
} if (i < WSIZE)
Test
goto loop;
 Initial test can be optimized done:
away – why? return result;
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 64
Carnegie Mellon

Today

 Control: Condition codes


 Conditional branches
 Loops
 Switch Statements

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 65


Carnegie Mellon

long my_switch
(long x, long y, long z) Switch Statement
{
long w = 1; Example
switch(x) {
case 1:
w = y*z;  Multiple case labels
break; ▪ Here: 5 & 6
case 2:
w = y/z;  Fall through cases
/* Fall Through */ ▪ Here: 2
case 3:
w += z;  Missing cases
break; ▪ Here: 4
case 5:
case 6:
w -= z;
break;
default:
w = 2;
}
return w;
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 66
Carnegie Mellon

Jump Table Structure


Switch Form Jump Table Jump Targets
switch(x) { jtab: Targ0
Targ0: Code Block
case val_0: 0
Block 0 Targ1
case val_1: Targ2 Targ1:
Block 1 Code Block
• 1
• • • •
case val_n-1: •
Block n–1 Targ2: Code Block
} Targn-1
2


Translation (Extended C) •
goto *JTab[x]; •

Targn-1: Code Block


n–1

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 67


Carnegie Mellon

long my_switch
(long x, long y, long z) Switch Statement
{
long w = 1; Example
switch(x) {
case 1: my_switch:
.L3: w = y*z; cmpq $6, %rdi # x:6
break; ja .L8 # if x > 6 jump
case 2: # to default
.L5: w = y/z; jmp *.L4(,%rdi,8)
/* Fall Through */
case 3:
.L9: w += z;
break; .section .rodata
case 5: .align 8
case 6: .L4:
.quad .L8 # x = 0
.L7: w -= z; .quad .L3 # x = 1
break; .quad .L5 # x = 2
default: .quad .L9 # x = 3
.quad .L8 # x = 4
.L8: w = 2;
.quad .L7 # x = 5
} .quad .L7 # x = 6
return w;
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 68
Carnegie Mellon

Assembly Setup Explanation


 Table Structure Jump table
▪ Each target requires 8 bytes
.section .rodata
▪ Base address at .L4 .align 8
.L4:
.quad .L8 # x = 0
.quad .L3 # x = 1
 Jumping .quad .L5 # x = 2
.quad .L9 # x = 3
▪ Direct: jmp .L8 .quad .L8 # x = 4
.quad .L7 # x = 5
▪ Jump target is denoted by label .L8 .quad .L7 # x = 6

▪ Indirect: jmp *.L4(,%rdi,8)


▪ Start of jump table: .L4
▪ Must scale by factor of 8 (addresses are 8 bytes)
▪ Fetch target from effective Address .L4 + x*8
▪ Only for 0 ≤ x ≤ 6

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 71


Carnegie Mellon

Code Blocks (x == 1)
switch(x) { .L3:
case 1: // .L3 movq %rsi, %rax # y
w = y*z; imulq %rdx, %rax # y*z
break; ret
. . .
}

Register Use(s)
%rdi Argument x
%rsi Argument y
%rdx Argument z
%rax Return value

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 73


Carnegie Mellon

Handling Fall-Through
long w = 1;
. . .
switch(x) { case 2:
. . . w = y/z;
case 2: goto merge;
w = y/z;
/* Fall Through */
case 3:
w += z;
break;
. . .
case 3:
}
w = 1;

merge:
w += z;

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 74


Carnegie Mellon

Code Blocks (x == 2, x == 3)
.L5: # Case 2
long w = 1; movq %rsi, %rax
. . . cqto # sign extend
switch(x) { # rax to rdx:rax
. . . idivq %rcx # y/z
case 2: jmp .L6 # goto merge
w = y/z; .L9: # Case 3
/* Fall Through */ movl $1, %eax # w = 1
case 3: .L6: # merge:
w += z; addq %rcx, %rax # w += z
break; ret
. . .
} Register Use(s)
%rdi Argument x
%rsi Argument y
%rcx z
%rax Return value
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 75
Carnegie Mellon

Code Blocks (x == 5, x == 6, default)


switch(x) { .L7: # Case 5,6
. . . movl $1, %eax # w = 1
case 5: // .L7 subq %rdx, %rax # w -= z
case 6: // .L7 ret
w -= z; .L8: # Default:
break; movl $2, %eax # 2
default: // .L8 ret
w = 2;
}

Register Use(s)
%rdi Argument x
%rsi Argument y
%rdx Argument z
%rax Return value
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 76
Carnegie Mellon

Summarizing
 C Control
▪ if-then-else
▪ do-while
▪ while, for
▪ switch
 Assembler Control
▪ Conditional jump
▪ Conditional move
▪ Indirect jump (via jump tables)
▪ Compiler generates code sequence to implement more complex control
 Standard Techniques
▪ Loops converted to do-while or jump-to-middle form
▪ Large switch statements use jump tables
▪ Sparse switch statements may use decision trees (if-elseif-elseif-else)
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 77
Carnegie Mellon

Summary
 Today
▪ Control: Condition codes
▪ Conditional branches & conditional moves
▪ Loops
▪ Switch statements
 Next Time
▪ Stack
▪ Call / return
▪ Procedure call discipline

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 78


Carnegie Mellon

Finding Jump Table in Binary


00000000004005e0 <switch_eg>:
4005e0: 48 89 d1 mov %rdx,%rcx
4005e3: 48 83 ff 06 cmp $0x6,%rdi
4005e7: 77 2b ja 400614 <switch_eg+0x34>
4005e9: ff 24 fd f0 07 40 00 jmpq *0x4007f0(,%rdi,8)
4005f0: 48 89 f0 mov %rsi,%rax
4005f3: 48 0f af c2 imul %rdx,%rax
4005f7: c3 retq
4005f8: 48 89 f0 mov %rsi,%rax
4005fb: 48 99 cqto
4005fd: 48 f7 f9 idiv %rcx
400600: eb 05 jmp 400607 <switch_eg+0x27>
400602: b8 01 00 00 00 mov $0x1,%eax
400607: 48 01 c8 add %rcx,%rax
40060a: c3 retq
40060b: b8 01 00 00 00 mov $0x1,%eax
400610: 48 29 d0 sub %rdx,%rax
400613: c3 retq
400614: b8 02 00 00 00 mov $0x2,%eax
400619: c3 retq

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 79


Carnegie Mellon

Finding Jump Table in Binary (cont.)


00000000004005e0 <switch_eg>:
. . .
4005e9: ff 24 fd f0 07 40 00 jmpq *0x4007f0(,%rdi,8)
. . .

% gdb switch
(gdb) x /8xg 0x4007f0
0x4007f0: 0x0000000000400614 0x00000000004005f0
0x400800: 0x00000000004005f8 0x0000000000400602
0x400810: 0x0000000000400614 0x000000000040060b
0x400820: 0x000000000040060b 0x2c646c25203d2078
(gdb)

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 80


Carnegie Mellon

Finding Jump Table in Binary (cont.)


% gdb switch
(gdb) x /8xg 0x4007f0
0x4007f0: 0x0000000000400614 0x00000000004005f0
0x400800: 0x00000000004005f8 0x0000000000400602
0x400810: 0x0000000000400614 0x000000000040060b
0x400820: 0x000000000040060b 0x2c646c25203d2078

. . .
4005f0: 48 89 f0 mov %rsi,%rax
4005f3: 48 0f af c2 imul %rdx,%rax
4005f7: c3 retq
4005f8: 48 89 f0 mov %rsi,%rax
4005fb: 48 99 cqto
4005fd: 48 f7 f9 idiv %rcx
400600: eb 05 jmp 400607 <switch_eg+0x27>
400602: b8 01 00 00 00 mov $0x1,%eax
400607: 48 01 c8 add %rcx,%rax
40060a: c3 retq
40060b: b8 01 00 00 00 mov $0x1,%eax
400610: 48 29 d0 sub %rdx,%rax
400613: c3 retq
400614: b8 02 00 00 00 mov $0x2,%eax
400619: c3 retq

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 81

You might also like