Scribd
Upload
7 views

Machine Control

Uploaded by

navid.panah1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

Machine Control

Uploaded by

navid.panah1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 71

Carnegie Mellon

14-513 18-613

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 1


Carnegie Mellon

Machine-Level Programming II: Control


15-213/18-213/14-513/15-513/18-613: Introduction to Computer Systems
6th Lecture, September 16, 2020

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 2


Carnegie Mellon

Announcements
 Lab 1 (datalab)
▪ Due Thurs, Sept. 17, 11:59pm ET
 Written Assignment 1 peer grading
▪ Due Wed, Sept. 23, 11:59pm ET
 Written Assignment 2 available on Canvas
▪ Due Wed, Sept. 23, 11:59pm ET
 Lab 2 (bomblab) will be available at midnight via Autolab
▪ Due Tues, Sept. 29, 11:59 pm ET

 Recitation on bomblab this Monday


▪ In person: you have been contacted with your recitation info
▪ Online: use the zoom links provided on the Canvas homepage

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 3


Carnegie Mellon

Catching Up
 Reviewing LEAQ (based on after-class questions)
 Reviewing Arithmetic Expressions in ASM
 C -> Assembly -> Machine Code

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 4


Carnegie Mellon

LEA: Evaluate Memory Address Expression


Without Accessing Memory
 leaq Src, Dst
▪ Src is address computation expression D(Rb,Ri,S): Reg[Rb]+S*Reg[Ri]+ D
▪ Set Dst to address denoted by expression

 Uses
▪ Computing address/pointer WITHOUT ACCESSING MEMORY
E.g., translation of p = &x[i];

▪ Compute arbitrary expressions of form: b+(s*i)+d, where s = 1, 2, 4, or 8
▪ [also w/o accessing memory]

 Example
long m12(long x) Converted to ASM by compiler:
{ leaq (%rdi,%rdi,2), %rax # t = x+2*x
return x*12; salq $2, %rax # return t<<2
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 5
Carnegie Mellon

LEA vs. other instructions (e.g., MOV)


 leaq D(Rb,Ri,S), dst
▪ dst Reg[Rb]+S*Reg[Ri]+ D
▪ NO MEMORY ACCESS HAPPENS!

 movq D(Rb,Ri,S), dst


▪ dst Mem[Reg[Rb]+S*Reg[Ri]+ D]
▪ MEMORY ACCESS HAPPENS!

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 6


Carnegie Mellon

Arithmetic Expression Example


arith:
leaq (%rdi,%rsi), %rax
long arith addq %rdx, %rax
(long x, long y, long z) leaq (%rsi,%rsi,2), %rdx
{ salq $4, %rdx
long t1 = x+y; leaq 4(%rdi,%rdx), %rcx
long t2 = z+t1; imulq %rcx, %rax
long t3 = x+4; ret
long t4 = y * 48;
long t5 = t3 + t4; Interesting Instructions
long rval = t2 * t5; ▪ leaq: address computation
return rval; ▪ salq: shift
}
▪ imulq: multiplication
▪ Curious: only used once…

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 8


Carnegie Mellon

Understanding Arithmetic Expression


Example arith:
leaq (%rdi,%rsi), %rax # t1
long arith addq %rdx, %rax # t2
(long x, long y, long z) leaq (%rsi,%rsi,2), %rdx
{ salq $4, %rdx # t4
long t1 = x+y; leaq 4(%rdi,%rdx), %rcx # t5
long t2 = z+t1; imulq %rcx, %rax # rval
long t3 = x+4; ret
long t4 = y * 48;
long t5 = t3 + t4; Register Use(s)
long rval = t2 * t5;
return rval; %rdi Argument x
} %rsi Argument y
%rdx Argument z,
t4
%rax t1, t2, rval
D(Rb,Ri,S): Mem[Reg[Rb]+S*Reg[Ri]+ D]
%rcx t5

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 9


Carnegie Mellon

Today: Machine Programming I: Basics


 History of Intel processors and architectures
 Assembly Basics: Registers, operands, move
 Arithmetic & logical operations
 C, assembly, machine code

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 10


Carnegie Mellon

Turning C into Object Code


▪ Code in files p1.c p2.c
▪ Compile with command: gcc –Og p1.c p2.c -o p
▪ Use basic optimizations (-Og) [New to recent versions of GCC]
▪ Put resulting binary in file p

text C program (p1.c p2.c)

Compiler (gcc –Og -S)

text Asm program (p1.s p2.s)

Assembler (gcc or as)

binary Object program (p1.o p2.o) Static libraries


(.a)
Linker (gcc or ld)

binary Executable program (p)

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 11


Carnegie Mellon

Compiling Into Assembly


C Code (sum.c) Generated x86-64 Assembly
long plus(long x, long y); sumstore:
pushq %rbx
void sumstore(long x, long y, movq %rdx, %rbx
long *dest) call plus
{ movq %rax, (%rbx)
long t = plus(x, y); popq %rbx
*dest = t; ret
}
Obtain (on shark machine) with command
gcc –Og –S sum.c
Produces file sum.s
Warning: Will get very different results on non-Shark
machines (Andrew Linux, Mac OS-X, …) due to different
versions of gcc and different compiler settings.
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 12
Carnegie Mellon

What it really looks like


.globl sumstore
.type sumstore, @function
sumstore:
.LFB35:
.cfi_startproc
pushq %rbx
.cfi_def_cfa_offset 16
.cfi_offset 3, -16
movq %rdx, %rbx
call plus
movq %rax, (%rbx)
popq %rbx
.cfi_def_cfa_offset 8
ret
.cfi_endproc
.LFE35:
.size sumstore, .-sumstore

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 13


Carnegie Mellon

What it really looks like


.globl sumstore
Things that look weird
.type sumstore, @function and are preceded by a ‘.’
sumstore: are generally directives.
.LFB35:
.cfi_startproc
pushq %rbx
.cfi_def_cfa_offset 16 sumstore:
.cfi_offset 3, -16 pushq %rbx
movq %rdx, %rbx
movq %rdx, %rbx
call plus
call plus
movq %rax, (%rbx)
movq %rax, (%rbx)
popq %rbx
popq %rbx
ret
.cfi_def_cfa_offset 8
ret
.cfi_endproc
.LFE35:
.size sumstore, .-sumstore

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 14


Carnegie Mellon

Object Code
Code for sumstore
 Assembler
0x0400595:
0x53
▪ Translates .s into .o
0x48 ▪ Binary encoding of each instruction
0x89 ▪ Nearly-complete image of executable code
0xd3
0xe8
▪ Missing linkages between code in different
0xf2 files
0xff  Linker
0xff
0xff ▪ Resolves references between files
• Total of 14 bytes
0x48 ▪ Combines with static run-time libraries
0x89 • Each instruction
E.g., code for malloc, printf

0x03 1, 3, or 5 bytes
0x5b • Starts at address
▪ Some libraries are dynamically linked
0xc3 0x0400595 ▪ Linking occurs when program begins
execution

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 17


Carnegie Mellon

Machine Instruction Example


 C Code
*dest = t;
▪ Store value t where designated by
dest
 Assembly
movq %rax, (%rbx)
▪ Move 8-byte value to memory
▪Quad words in x86-64 parlance
▪ Operands:
t: Register %rax
dest: Register %rbx
*dest: Memory M[%rbx]
 Object Code
0x40059e: 48 89 03
▪ 3-byte instruction
▪ Stored at address 0x40059e

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 18


Carnegie Mellon

Disassembling Object Code


Disassembled
0000000000400595 <sumstore>:
400595: 53 push %rbx
400596: 48 89 d3 mov %rdx,%rbx
400599: e8 f2 ff ff ff callq 400590 <plus>
40059e: 48 89 03 mov %rax,(%rbx)
4005a1: 5b pop %rbx
4005a2: c3 retq

 Disassembler
objdump –d sum
▪ Useful tool for examining object code
▪ Analyzes bit pattern of series of instructions
▪ Produces approximate rendition of assembly code
▪ Can be run on either a.out (complete executable) or .o file
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 19
Carnegie Mellon

Alternate Disassembly
Disassembled

Dump of assembler code for function sumstore:


0x0000000000400595 <+0>: push %rbx
0x0000000000400596 <+1>: mov %rdx,%rbx
0x0000000000400599 <+4>: callq 0x400590 <plus>
0x000000000040059e <+9>: mov %rax,(%rbx)
0x00000000004005a1 <+12>:pop %rbx
0x00000000004005a2 <+13>:retq

 Within gdb Debugger


▪ Disassemble procedure
gdb sum
disassemble sumstore

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 20


Carnegie Mellon

Alternate Disassembly
Disassembled
Object
Code
Dump of assembler code for function sumstore:
0x0400595: 0x0000000000400595 <+0>: push %rbx
0x53 0x0000000000400596 <+1>: mov %rdx,%rbx
0x48 0x0000000000400599 <+4>: callq 0x400590 <plus>
0x89 0x000000000040059e <+9>: mov %rax,(%rbx)
0xd3 0x00000000004005a1 <+12>:pop %rbx
0xe8 0x00000000004005a2 <+13>:retq
0xf2
0xff
0xff
0xff  Within gdb Debugger
0x48 ▪ Disassemble procedure
0x89 gdb sum
0x03
0x5b disassemble sumstore
0xc3 ▪ Examine the 14 bytes starting at sumstore
x/14xb sumstore
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 21
Carnegie Mellon

What Can be Disassembled?


% objdump -d WINWORD.EXE

WINWORD.EXE: file format pei-i386

No symbols in "WINWORD.EXE".
Disassembly of section .text:

30001000 <.text>:
30001000: 55 push %ebp
30001001: 8b ec mov %esp,%ebp
30001003: 6a ffReverse engineering
push forbidden by
$0xffffffff
30001005: 68Microsoft
90 10 00 End User License
30 push Agreement
$0x30001090
3000100a: 68 91 dc 4c 30 push $0x304cdc91

 Anything that can be interpreted as executable code


 Disassembler examines bytes and reconstructs assembly source
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 22
Carnegie Mellon

Machine Programming I: Summary


 History of Intel processors and architectures
▪ Evolutionary design leads to many quirks and artifacts
 C, assembly, machine code
▪ New forms of visible state: program counter, registers, ...
▪ Compiler must transform statements, expressions, procedures into
low-level instruction sequences
 Assembly Basics: Registers, operands, move
▪ The x86-64 move instructions cover wide range of data movement
forms
 Arithmetic
▪ C compiler will figure out different instruction combinations to
carry out computation

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 23


Carnegie Mellon

Today
 Control: Condition codes
 Conditional branches
 Loops
 Switch Statements

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 24


Carnegie Mellon

Processor State (x86-64, Partial)


 Information about
currently executing Registers
program %rax %r8
▪ Temporary data %rbx %r9
( %rax, … ) %rcx %r10
▪ Location of runtime stack %rdx %r11
( %rsp ) %rsi %r12
▪ Location of current code %rdi %r13
control point %rsp %r14
( %rip, … )
%rbp %r15
▪ Status of recent tests
( CF, ZF, SF, OF )
%rip Instruction pointer
Current stack top
CF ZF SF OF Condition codes
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 29
Carnegie Mellon

Condition Codes (Implicit Setting)


 Single bit registers
▪CF Carry Flag (for unsigned) SF Sign Flag (for signed)
▪ZF Zero Flag OF Overflow Flag (for signed)

 Implicitly set (as side effect) of arithmetic operations


Example: addq Src,Dest ↔ t = a+b
CF set if carry/borrow out from most significant bit (unsigned overflow)
ZF set if t == 0
SF set if t < 0 (as signed)
OF set if two’s-complement (signed) overflow
(a>0 && b>0 && t<0) || (a<0 && b<0 && t>=0)

 Not set by leaq instruction


Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 30
Carnegie Mellon

ZF set when

000000000000…00000000000

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 31


Carnegie Mellon

SF set when

yxxxxxxxxxxxx...

+ yxxxxxxxxxxxx...

1xxxxxxxxxxxx...

For signed arithmetic, this reports when result is a negative number

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 32


Carnegie Mellon

CF set when

1xxxxxxxxxxxx...

+ 1xxxxxxxxxxxx... Carry

1 xxxxxxxxxxxxx...

1 0xxxxxxxxxxxx...
Borrow
- 1xxxxxxxxxxxx...

1xxxxxxxxxxxx...

For unsigned arithmetic, this reports overflow


Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 33
Carnegie Mellon

OF set when

yxxxxxxxxxxxx... a

+ yxxxxxxxxxxxx... b

zxxxxxxxxxxxx... t

z = ~y

(a>0 && b>0 && t<0) || (a<0 && b<0 && t>=0)

For signed arithmetic, this reports overflow

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 34


Carnegie Mellon

Condition Codes (Explicit Setting: Compare)


 Explicit Setting by Compare Instruction
▪ cmpq Src2, Src1
▪ cmpq b,a like computing a-b without setting destination

▪ CF set if carry/borrow out from most significant bit


(used for unsigned comparisons)
▪ ZF set if a == b
▪ SF set if (a-b) < 0 (as signed)
▪ OF set if two’s-complement (signed) overflow
(a>0 && b<0 && (a-b)<0) || (a<0 && b>0 && (a-b)>0)

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 35


Carnegie Mellon

Condition Codes (Explicit Setting: Test)


 Explicit Setting by Test instruction
▪ testq Src2, Src1
▪ testq b,a like computing a&b without setting destination

▪ Sets condition codes based on value of Src1 & Src2


▪ Useful to have one of the operands be a mask

▪ ZF set when a&b == 0


▪ SF set when a&b < 0

Very often:
testq %rax,%rax

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 36


Carnegie Mellon

Condition Codes (Explicit Reading: Set)


 Explicit Reading by Set Instructions
▪ setX Dest: Set low-order byte of destination Dest to 0 or 1
based on combinations of condition codes
▪ Does not alter remaining 7 bytes of Dest
SetX Condition Description
sete ZF Equal / Zero
setne ~ZF Not Equal / Not Zero
sets SF Negative
setns ~SF Nonnegative
setg ~(SF^OF)&~ZF Greater (signed)
setge ~(SF^OF) Greater or Equal (signed)
setl SF^OF Less (signed)
setle (SF^OF)|ZF Less or Equal (signed)
seta ~CF&~ZF Above (unsigned)
setb CF Below (unsigned)
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 37
Carnegie Mellon

Example: setl (Signed <)


 Condition: SF^OF
SF OF SF ^ OF Implication
0 0 0 No overflow, so SF implies not <
1 0 1 No overflow, so SF implies <
0 1 1 Overflow, so SF implies negative overflow, i.e. <
1 1 0 Overflow, so SF implies positive overflow, i.e. not <

negative overflow case


1xxxxxxxxxxxx... a

- 0xxxxxxxxxxxx... b

0xxxxxxxxxxxx... t
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 38
Carnegie Mellon

x86-64 Integer Registers


%rax %al %r8 %r8b

%rbx %bl %r9 %r9b

%rcx %cl %r10 %r10b

%rdx %dl %r11 %r11b

%rsi %sil %r12 %r12b

%rdi %dil %r13 %r13b

%rsp %spl %r14 %r14b

%rbp %bpl %r15 %r15b

▪ Can reference low-order byte


Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 39
Carnegie Mellon

Explicit Reading Condition Codes (Cont.)


 SetX Instructions:
▪ Set single byte based on combination of condition codes
 One of addressable byte registers
▪ Does not alter remaining bytes
▪ Typically use movzbl to finish job
▪ 32-bit instructions also set upper 32 bits to 0

Register Use(s)
int gt (long x, long y)
{ %rdi Argument x
return x > y; %rsi Argument y
}
%rax Return value

cmpq %rsi, %rdi # Compare x:y


setg %al # Set when >
movzbl %al, %eax # Zero rest of %rax
ret
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 40
Carnegie Mellon

Explicit Reading Condition Codes (Cont.)


 SetX Instructions:
Beware weirdness movzbl (and others)
▪ Set single byte based on combination of condition codes
 One of addressable byte registers
▪ Does notmovzbl
alter remaining%al,
bytes %eax
▪ Typically use movzbl to finish job
▪ 32-bit instructions also set upper%al
0x000000 32 bits to 0
%rax
0x00000000 0x000000
%eax %al

Register Use(s)
int gt (long x, long y)
{ %rdi Argument x
Zapped toreturn
all 0’s x > y; %rsi Argument y
}
%rax Return value

cmpq %rsi, %rdi # Compare x:y


setg %al # Set when >
movzbl %al, %eax # Zero rest of %rax
ret
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 41
Carnegie Mellon

Today
 Control: Condition codes
 Conditional branches
 Loops
 Switch Statements

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 42


Carnegie Mellon

Jumping
 jX Instructions
▪ Jump to different part of code depending on condition codes
▪ Implicit reading of condition codes

jX Condition Description
jmp 1 Unconditional
je ZF Equal / Zero
jne ~ZF Not Equal / Not Zero
js SF Negative
jns ~SF Nonnegative
jg ~(SF^OF)&~ZF Greater (signed)
jge ~(SF^OF) Greater or Equal (signed)
jl SF^OF Less (signed)
jle (SF^OF)|ZF Less or Equal (signed)
ja ~CF&~ZF Above (unsigned)
jb CF Below (unsigned)
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 43
Carnegie Mellon

Conditional Branch Example (Old Style)


 Generation Get to this shortly
shark> gcc –Og -S –fno-if-conversion control.c
absdiff:
long absdiff cmpq %rsi, %rdi # x:y, x-y
(long x, long y) jle .L4
{ movq %rdi, %rax
long result; subq %rsi, %rax
if (x > y) ret
result = x-y; .L4: # x <= y
else movq %rsi, %rax
result = y-x; subq %rdi, %rax
return result; ret
}
Register Use(s)
%rdi Argument x
%rsi Argument y
%rax Return value
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 44
Carnegie Mellon

Expressing with Goto Code


 C allows goto statement
 Jump to position designated by label

long absdiff long absdiff_j


(long x, long y) (long x, long y)
{ {
long result; long result;
if (x > y) int ntest = (x <= y);
result = x-y; if (ntest) goto Else;
else result = x-y;
result = y-x; goto Done;
return result; Else:
} result = y-x;
Done:
return result;
}

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 45


Carnegie Mellon

General Conditional Expression Translation


(Using Branches)
C Code
val = Test ? Then_Expr : Else_Expr;

val = x>y ? x-y : y-x;

Goto Version
ntest = !Test; ▪ Create separate code regions for
if (ntest) goto Else;
then & else expressions
val = Then_Expr;
goto Done; ▪ Execute appropriate one
Else:
val = Else_Expr;
Done:
. . .

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 46


Carnegie Mellon

Using Conditional Moves

 Conditional Move Instructions


▪ Instruction supports:
if (Test) Dest  Src C Code
▪ Supported in post-1995 x86 processors val = Test
▪ GCC tries to use them ? Then_Expr
▪ But, only when known to be safe
: Else_Expr;

Goto Version
 Why?
result = Then_Expr;
▪ Branches are very disruptive to eval = Else_Expr;
instruction flow through pipelines nt = !Test;
▪ Conditional moves do not require if (nt) result = eval;
control transfer return result;

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 47


Carnegie Mellon

Conditional Move Example


long absdiff
(long x, long y)
{ Register Use(s)
long result;
if (x > y) %rdi Argument x
result = x-y; %rsi Argument y
else %rax Return value
result = y-x;
return result;
}

absdiff:
movq %rdi, %rax # x
subq %rsi, %rax # result = x-y
movq %rsi, %rdx
When is subq %rdi, %rdx # eval = y-x
this bad? cmpq %rsi, %rdi # x:y
cmovle %rdx, %rax # if <=, result = eval
ret
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 48
Carnegie Mellon

Bad Cases for Conditional Move


Expensive Computations
val = Test(x) ? Hard1(x) : Hard2(x);

 Both values get computed


Bad Performance
 Only makes sense when computations are very simple

Risky Computations
val = p ? *p : 0;

Both values get computed



Unsafe
 May have undesirable effects

Computations with side effects


val = x > 0 ? x*=7 : x+=3;

 Both values get computed Illegal


 Must be side-effect free
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 49
Carnegie Mellon

Exercise
SetX Condition Description
cmpq b,a like computing a-b w/o setting dest sete ZF Equal / Zero
setne ~ZF Not Equal / Not Zero
sets SF Negative
 CF set if carry/borrow out from most significant setns ~SF Nonnegative
bit (used for unsigned comparisons) setg ~(SF^OF)&~ZF Greater (signed)
 ZF set if a == b setge ~(SF^OF) Greater or Equal (signed)
setl SF^OF Less (signed)
 SF set if (a-b) < 0 (as signed)
setle (SF^OF)|ZF Less or Equal (signed)
 OF set if two’s-complement (signed) overflow seta ~CF&~ZF Above (unsigned)
setb CF Below (unsigned)

%rax SF CF OF ZF
xorq %rax, %rax 0x0000 0000 0000 0000 0 0 0 1
subq $1, %rax 0xFFFF FFFF FFFF FFFF 1 1 0 0
cmpq $2, %rax 0xFFFF FFFF FFFF FFFF 1 0 0 0
setl %al 0xFFFF FFFF FFFF FF01 1 0 0 0
movzblq %al, %eax 0x0000 0000 0000 0001 1 0 0 0

Note: setl and movzblq do not modify condition codes


Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 50
Carnegie Mellon

Exercise
SetX Condition Description
cmpq b,a like computing a-b w/o setting dest sete ZF Equal / Zero
setne ~ZF Not Equal / Not Zero
sets SF Negative
 CF set if carry/borrow out from most significant setns ~SF Nonnegative
bit (used for unsigned comparisons) setg ~(SF^OF)&~ZF Greater (signed)
 ZF set if a == b setge ~(SF^OF) Greater or Equal (signed)
setl SF^OF Less (signed)
 SF set if (a-b) < 0 (as signed)
setle (SF^OF)|ZF Less or Equal (signed)
 OF set if two’s-complement (signed) overflow seta ~CF&~ZF Above (unsigned)
setb CF Below (unsigned)

%rax SF CF OF ZF
xorq %rax, %rax 0x0000 0000 0000 0000 0 0 0 1
subq $1, %rax 0xFFFF FFFF FFFF FFFF 1 1 0 0
cmpq $2, %rax 0xFFFF FFFF FFFF FFFF 1 0 0 0
setl %al 0xFFFF FFFF FFFF FF01 1 0 0 0
movzblq %al, %eax 0x0000 0000 0000 0001 1 0 0 0

Note: setl and movzblq do not modify condition codes


Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 51
Carnegie Mellon

Today
 Control: Condition codes
 Conditional branches
 Loops
 Switch Statements

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 52


Carnegie Mellon

“Do-While” Loop Example


C Code Goto Version
long pcount_do long pcount_goto
(unsigned long x) { (unsigned long x) {
long result = 0; long result = 0;
do { loop:
result += x & 0x1; result += x & 0x1;
x >>= 1; x >>= 1;
} while (x); if(x) goto loop;
return result; return result;
} }

 Count number of 1’s in argument x (“popcount”)


 Use conditional branch to either continue looping
or to exit loop

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 53


Carnegie Mellon

“Do-While” Loop Compilation


long pcount_goto
(unsigned long x) {
Register Use(s)
long result = 0;
loop: %rdi Argument x
result += x & 0x1; %rax result
x >>= 1;
if(x) goto loop;
return result;
}

movl $0, %eax # result = 0


.L2: # loop:
movq %rdi, %rdx
andl $1, %edx # t = x & 0x1
addq %rdx, %rax # result += t
shrq %rdi # x >>= 1
jne .L2 # if(x) goto loop
rep; ret
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 54
Carnegie Mellon

Quiz Time!

Check out:

https://canvas.cmu.edu/courses/17808

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 55


Carnegie Mellon

General “Do-While” Translation


C Code Goto Version
do loop:
Body Body
while (Test); if (Test)
goto loop

 Body: {
Statement1;
Statement2;

Statementn;
}

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 56


Carnegie Mellon

General “While” Translation #1

 “Jump-to-middle” translation
 Used with -Og Goto Version
goto test;
loop:
While version Body
while (Test) test:
Body if (Test)
goto loop;
done:

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 57


Carnegie Mellon

While Loop Example #1


C Code Jump to Middle
long pcount_while Version
long pcount_goto_jtm
(unsigned long x) { (unsigned long x) {
long result = 0; long result = 0;
while (x) { goto test;
result += x & 0x1; loop:
x >>= 1; result += x & 0x1;
} x >>= 1;
return result; test:
} if(x) goto loop;
return result;
}

 Compare to do-while version of function


 Initial goto starts loop at test

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 58


Carnegie Mellon

General “While” Translation #2


While version
 “Do-while” conversion
while (Test)
 Used with –O1
Body

Goto Version
Do-While Version if (!Test)
if (!Test) goto done;
goto done; loop:
do Body
Body if (Test)
while(Test); goto loop;
done: done:
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 59
Carnegie Mellon

While Loop Example #2


C Code Do-While Version
long pcount_while long pcount_goto_dw
(unsigned long x) { (unsigned long x) {
long result = 0; long result = 0;
while (x) { if (!x) goto done;
result += x & 0x1; loop:
x >>= 1; result += x & 0x1;
} x >>= 1;
return result; if(x) goto loop;
} done:
return result;
}

 Initial conditional guards entrance to loop


 Compare to do-while version of function
▪ Removes jump to middle. When is this good or bad?
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 60
Carnegie Mellon

“For” Loop Form Init


General Form i = 0

for (Init; Test; Update ) Test


Body i < WSIZE

#define WSIZE 8*sizeof(int) Update


long pcount_for i++
(unsigned long x)
{
size_t i; Body
long result = 0; {
for (i = 0; i < WSIZE; i++) unsigned bit =
{ (x >> i) & 0x1;
unsigned bit = result += bit;
(x >> i) & 0x1; }
result += bit;
}
return result;
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 61
Carnegie Mellon

“For” Loop → While Loop


For Version
for (Init; Test; Update )
Body

While Version
Init;
while (Test ) {
Body
Update;
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 62
Carnegie Mellon

For-While Conversion
Init long pcount_for_while
i = 0 (unsigned long x)
{
size_t i;
Test long result = 0;
i < WSIZE i = 0;
while (i < WSIZE)
Update {
unsigned bit =
i++
(x >> i) & 0x1;
result += bit;
Body i++;
{ }
unsigned bit = return result;
(x >> i) & 0x1; }
result += bit;
}

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 63


Carnegie Mellon

“For” Loop Do-While Conversion


Goto Version long pcount_for_goto_dw
C Code
(unsigned long x) {
long pcount_for size_t i;
(unsigned long x) long result = 0;
{ i = 0; Init
size_t i; if (!(i < WSIZE))
long result = 0; goto done; !Test
for (i = 0; i < WSIZE; i++) loop:
{ {
unsigned bit = unsigned bit =
(x >> i) & 0x1; (x >> i) & 0x1; Body
result += bit; result += bit;
} }
return result; i++; Update
} if (i < WSIZE)
Test
goto loop;
 Initial test can be optimized done:
away – why? return result;
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 64
Carnegie Mellon

Today

 Control: Condition codes


 Conditional branches
 Loops
 Switch Statements

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 65


Carnegie Mellon

long my_switch
(long x, long y, long z) Switch Statement
{
long w = 1; Example
switch(x) {
case 1:
w = y*z;  Multiple case labels
break; ▪ Here: 5 & 6
case 2:
w = y/z;  Fall through cases
/* Fall Through */ ▪ Here: 2
case 3:
w += z;  Missing cases
break; ▪ Here: 4
case 5:
case 6:
w -= z;
break;
default:
w = 2;
}
return w;
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 66
Carnegie Mellon

Jump Table Structure


Switch Form Jump Table Jump Targets
switch(x) { jtab: Targ0
Targ0: Code Block
case val_0: 0
Block 0 Targ1
case val_1: Targ2 Targ1:
Block 1 Code Block
• 1
• • • •
case val_n-1: •
Block n–1 Targ2: Code Block
} Targn-1
2


Translation (Extended C) •
goto *JTab[x]; •

Targn-1: Code Block


n–1

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 67


Carnegie Mellon

long my_switch
(long x, long y, long z) Switch Statement
{
long w = 1; Example
switch(x) {
case 1: my_switch:
.L3: w = y*z; cmpq $6, %rdi # x:6
break; ja .L8 # if x > 6 jump
case 2: # to default
.L5: w = y/z; jmp *.L4(,%rdi,8)
/* Fall Through */
case 3:
.L9: w += z;
break; .section .rodata
case 5: .align 8
case 6: .L4:
.quad .L8 # x = 0
.L7: w -= z; .quad .L3 # x = 1
break; .quad .L5 # x = 2
default: .quad .L9 # x = 3
.quad .L8 # x = 4
.L8: w = 2;
.quad .L7 # x = 5
} .quad .L7 # x = 6
return w;
}
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 68
Carnegie Mellon

Assembly Setup Explanation


 Table Structure Jump table
▪ Each target requires 8 bytes
.section .rodata
▪ Base address at .L4 .align 8
.L4:
.quad .L8 # x = 0
.quad .L3 # x = 1
 Jumping .quad .L5 # x = 2
.quad .L9 # x = 3
▪ Direct: jmp .L8 .quad .L8 # x = 4
.quad .L7 # x = 5
▪ Jump target is denoted by label .L8 .quad .L7 # x = 6

▪ Indirect: jmp *.L4(,%rdi,8)


▪ Start of jump table: .L4
▪ Must scale by factor of 8 (addresses are 8 bytes)
▪ Fetch target from effective Address .L4 + x*8
▪ Only for 0 ≤ x ≤ 6

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 71


Carnegie Mellon

Code Blocks (x == 1)
switch(x) { .L3:
case 1: // .L3 movq %rsi, %rax # y
w = y*z; imulq %rdx, %rax # y*z
break; ret
. . .
}

Register Use(s)
%rdi Argument x
%rsi Argument y
%rdx Argument z
%rax Return value

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 73


Carnegie Mellon

Handling Fall-Through
long w = 1;
. . .
switch(x) { case 2:
. . . w = y/z;
case 2: goto merge;
w = y/z;
/* Fall Through */
case 3:
w += z;
break;
. . .
case 3:
}
w = 1;

merge:
w += z;

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 74


Carnegie Mellon

Code Blocks (x == 2, x == 3)
.L5: # Case 2
long w = 1; movq %rsi, %rax
. . . cqto # sign extend
switch(x) { # rax to rdx:rax
. . . idivq %rcx # y/z
case 2: jmp .L6 # goto merge
w = y/z; .L9: # Case 3
/* Fall Through */ movl $1, %eax # w = 1
case 3: .L6: # merge:
w += z; addq %rcx, %rax # w += z
break; ret
. . .
} Register Use(s)
%rdi Argument x
%rsi Argument y
%rcx z
%rax Return value
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 75
Carnegie Mellon

Code Blocks (x == 5, x == 6, default)


switch(x) { .L7: # Case 5,6
. . . movl $1, %eax # w = 1
case 5: // .L7 subq %rdx, %rax # w -= z
case 6: // .L7 ret
w -= z; .L8: # Default:
break; movl $2, %eax # 2
default: // .L8 ret
w = 2;
}

Register Use(s)
%rdi Argument x
%rsi Argument y
%rdx Argument z
%rax Return value
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 76
Carnegie Mellon

Summarizing
 C Control
▪ if-then-else
▪ do-while
▪ while, for
▪ switch
 Assembler Control
▪ Conditional jump
▪ Conditional move
▪ Indirect jump (via jump tables)
▪ Compiler generates code sequence to implement more complex control
 Standard Techniques
▪ Loops converted to do-while or jump-to-middle form
▪ Large switch statements use jump tables
▪ Sparse switch statements may use decision trees (if-elseif-elseif-else)
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 77
Carnegie Mellon

Summary
 Today
▪ Control: Condition codes
▪ Conditional branches & conditional moves
▪ Loops
▪ Switch statements
 Next Time
▪ Stack
▪ Call / return
▪ Procedure call discipline

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 78


Carnegie Mellon

Finding Jump Table in Binary


00000000004005e0 <switch_eg>:
4005e0: 48 89 d1 mov %rdx,%rcx
4005e3: 48 83 ff 06 cmp $0x6,%rdi
4005e7: 77 2b ja 400614 <switch_eg+0x34>
4005e9: ff 24 fd f0 07 40 00 jmpq *0x4007f0(,%rdi,8)
4005f0: 48 89 f0 mov %rsi,%rax
4005f3: 48 0f af c2 imul %rdx,%rax
4005f7: c3 retq
4005f8: 48 89 f0 mov %rsi,%rax
4005fb: 48 99 cqto
4005fd: 48 f7 f9 idiv %rcx
400600: eb 05 jmp 400607 <switch_eg+0x27>
400602: b8 01 00 00 00 mov $0x1,%eax
400607: 48 01 c8 add %rcx,%rax
40060a: c3 retq
40060b: b8 01 00 00 00 mov $0x1,%eax
400610: 48 29 d0 sub %rdx,%rax
400613: c3 retq
400614: b8 02 00 00 00 mov $0x2,%eax
400619: c3 retq

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 79


Carnegie Mellon

Finding Jump Table in Binary (cont.)


00000000004005e0 <switch_eg>:
. . .
4005e9: ff 24 fd f0 07 40 00 jmpq *0x4007f0(,%rdi,8)
. . .

% gdb switch
(gdb) x /8xg 0x4007f0
0x4007f0: 0x0000000000400614 0x00000000004005f0
0x400800: 0x00000000004005f8 0x0000000000400602
0x400810: 0x0000000000400614 0x000000000040060b
0x400820: 0x000000000040060b 0x2c646c25203d2078
(gdb)

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 80


Carnegie Mellon

Finding Jump Table in Binary (cont.)


% gdb switch
(gdb) x /8xg 0x4007f0
0x4007f0: 0x0000000000400614 0x00000000004005f0
0x400800: 0x00000000004005f8 0x0000000000400602
0x400810: 0x0000000000400614 0x000000000040060b
0x400820: 0x000000000040060b 0x2c646c25203d2078

. . .
4005f0: 48 89 f0 mov %rsi,%rax
4005f3: 48 0f af c2 imul %rdx,%rax
4005f7: c3 retq
4005f8: 48 89 f0 mov %rsi,%rax
4005fb: 48 99 cqto
4005fd: 48 f7 f9 idiv %rcx
400600: eb 05 jmp 400607 <switch_eg+0x27>
400602: b8 01 00 00 00 mov $0x1,%eax
400607: 48 01 c8 add %rcx,%rax
40060a: c3 retq
40060b: b8 01 00 00 00 mov $0x1,%eax
400610: 48 29 d0 sub %rdx,%rax
400613: c3 retq
400614: b8 02 00 00 00 mov $0x2,%eax
400619: c3 retq

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 81

You might also like