Carnegie Mellon

Machine-Level Programming I: Basics

15-213/18-213: Introduction to Computer Systems
5th Lecture, Sep. 11, 2012

Instructors:
Dave O’Hallaron, Greg Ganger, and Greg Kesden

1
 Carnegie Mellon

Today: Machine Programming I: Basics

 History of Intel processors and architectures
 C, assembly, machine code
 Assembly Basics: Registers, operands, move
 Intro to x86-64

2
 Carnegie Mellon

Intel x86 Processors

 Totally dominate laptop/desktop/server market

 Evolutionary design
 Backwards compatible up until 8086, introduced in 1978
 Added more features as time goes on

 Complex instruction set computer (CISC)

 Many different instructions with many different formats
 But, only small subset encountered with Linux programs
 Hard to match performance of Reduced Instruction Set Computers
(RISC)
 But, Intel has done just that!
 In terms of speed. Less so for low power.

3
 Carnegie Mellon

Intel x86 Evolution: Milestones

Name Date Transistors MHz
 8086 1978 29K 5-10
 First 16-bit Intel processor. Basis for IBM PC & DOS
 1MB address space
 386 1985 275K 16-33
 First 32 bit Intel processor , referred to as IA32
 Added “flat addressing”, capable of running Unix
 Pentium 4F 2004 125M 2800-3800
 First 64-bit Intel processor, referred to as x86-64
 Core 2 2006 291M 1060-3500
 First multi-core Intel processor
 Core i7 2008 731M 1700-3900
 Four cores (our shark machines)
4
 Carnegie Mellon

Intel x86 Processors, cont.

 Machine Evolution
 386 1985 0.3M
 Pentium 1993 3.1M
 Pentium/MMX 1997 4.5M
 PentiumPro 1995 6.5M
 Pentium III 1999 8.2M
 Pentium 4 2001 42M
 Core 2 Duo 2006 291M
 Core i7 2008 731M
 Added Features
 Instructions to support multimedia operations
 Instructions to enable more efficient conditional operations
 Transition from 32 bits to 64 bits
 More cores

5
 Carnegie Mellon

x86 Clones: Advanced Micro Devices (AMD)

 Historically
 AMD has followed just behind Intel
 A little bit slower, a lot cheaper
 Then
 Recruited top circuit designers from Digital Equipment Corp. and
other downward trending companies
 Built Opteron: tough competitor to Pentium 4
 Developed x86-64, their own extension to 64 bits

6
 Carnegie Mellon

Intel’s 64-Bit
 Intel Attempted Radical Shift from IA32 to IA64
 Totally different architecture (Itanium)
 Executes IA32 code only as legacy
 Performance disappointing
 AMD Stepped in with Evolutionary Solution
 x86-64 (now called “AMD64”)
 Intel Felt Obligated to Focus on IA64
 Hard to admit mistake or that AMD is better
 2004: Intel Announces EM64T extension to IA32
 Extended Memory 64-bit Technology
 Almost identical to x86-64!
 All but low-end x86 processors support x86-64
 But, lots of code still runs in 32-bit mode

7
 Carnegie Mellon

Our Coverage
 IA32
 The traditional x86
 shark> gcc –m32 hello.c
 x86-64
 The emerging standard
 shark> gcc hello.c
 shark> gcc –m64 hello.c

 Presentation
 Book presents IA32 in Sections 3.1—3.12
 Covers x86-64 in 3.13
 We will cover both simultaneously
 Some labs will be based on x86-64, others on IA32

8
 Carnegie Mellon

Today: Machine Programming I: Basics

 History of Intel processors and architectures
 C, assembly, machine code
 Assembly Basics: Registers, operands, move
 Intro to x86-64

9
 Carnegie Mellon

Definitions
 Architecture: (also ISA: instruction set architecture) The
parts of a processor design that one needs to understand
to write assembly code.
 Examples: instruction set specification, registers.
 Microarchitecture: Implementation of the architecture.
 Examples: cache sizes and core frequency.

 Example ISAs (Intel): x86, IA

10
 Carnegie Mellon

Assembly Programmer’s View

CPU Memory
Addresses
Registers
Data Code
PC Data
Condition Instructions Stack
Codes

Programmer-Visible State
 PC: Program counter  Memory
  Byte addressable array
Address of next instruction
 Called “EIP” (IA32) or “RIP” (x86-  Code and user data

64)  Stack to support procedures

 Register file
 Heavily used program data
 Condition codes
 Store status information about
most recent arithmetic operation
11
 Carnegie Mellon

Turning C into Object Code

 Code in files p1.c p2.c
 Compile with command: gcc –O1 p1.c p2.c -o p
 Use basic optimizations (-O1)
 Put resulting binary in file p

text C program (p1.c p2.c)

Compiler (gcc -S)

text Asm program (p1.s p2.s)

Assembler (gcc or as)

binary Object program (p1.o p2.o) Static libraries

(.a)
Linker (gcc or ld)

binary Executable program (p)

12
 Carnegie Mellon

Compiling Into Assembly

C Code Generated IA32 Assembly
int sum(int x, int y) sum:
{ pushl %ebp
int t = x+y; movl %esp,%ebp
return t; movl 12(%ebp),%eax
} addl 8(%ebp),%eax
popl %ebp
ret

Obtain with command

/usr/local/bin/gcc –O1 -S code.c
Produces file code.s

13
 Carnegie Mellon

Assembly Characteristics: Data Types

 “Integer” data of 1, 2, or 4 bytes
 Data values
 Addresses (untyped pointers)

 Floating point data of 4, 8, or 10 bytes

 No aggregate types such as arrays or structures

 Just contiguously allocated bytes in memory

14
 Carnegie Mellon

Assembly Characteristics: Operations

 Perform arithmetic function on register or memory data

 Transfer data between memory and register

 Load data from memory into register
 Store register data into memory

 Transfer control
 Unconditional jumps to/from procedures
 Conditional branches

15
 Carnegie Mellon

Object Code
Code for sum  Assembler
0x401040 <sum>:  Translates .s into .o
0x55  Binary encoding of each instruction
0x89  Nearly-complete image of executable code
0xe5  Missing linkages between code in different
0x8b
files
0x45
0x0c  Linker
0x03  Resolves references between files
0x45 • Total of 11 bytes
0x08
 Combines with static run-time libraries
• Each instruction 
E.g., code for malloc, printf
0x5d
1, 2, or 3 bytes
0xc3  Some libraries are dynamically linked
• Starts at address
 Linking occurs when program begins
0x401040
execution

16
 Carnegie Mellon

Machine Instruction Example

 C Code
int t = x+y;  Add two signed integers
 Assembly
 Add 2 4-byte integers
addl 8(%ebp),%eax  “Long” words in GCC parlance
Similar to expression:  Same instruction whether signed

x += y or unsigned
More precisely:  Operands:
int eax; x: Register %eax
int *ebp; y: Memory M[%ebp+8]
eax += ebp[2] t: Register %eax
– Return function value in %eax
 Object Code
0x80483ca: 03 45 08
 3-byte instruction
 Stored at address 0x80483ca
17
 Carnegie Mellon

Disassembling Object Code

Disassembled
080483c4 <sum>:
80483c4: 55 push %ebp
80483c5: 89 e5 mov %esp,%ebp
80483c7: 8b 45 0c mov 0xc(%ebp),%eax
80483ca: 03 45 08 add 0x8(%ebp),%eax
80483cd: 5d pop %ebp
80483ce: c3 ret

 Disassembler
objdump -d p
 Useful tool for examining object code
 Analyzes bit pattern of series of instructions
 Produces approximate rendition of assembly code
 Can be run on either a.out (complete executable) or .o file
18
 Carnegie Mellon

Alternate Disassembly
Object Disassembled
0x401040:
0x55 Dump of assembler code for function sum:
0x89 0x080483c4 <sum+0>: push %ebp
0xe5 0x080483c5 <sum+1>: mov %esp,%ebp
0x8b 0x080483c7 <sum+3>: mov 0xc(%ebp),%eax
0x45 0x080483ca <sum+6>: add 0x8(%ebp),%eax
0x0c 0x080483cd <sum+9>: pop %ebp
0x03 0x080483ce <sum+10>: ret
0x45
0x08
0x5d  Within gdb Debugger
0xc3 gdb p
disassemble sum
 Disassemble procedure
x/11xb sum
 Examine the 11 bytes starting at sum
19
 Carnegie Mellon

What Can be Disassembled?

% objdump -d WINWORD.EXE

WINWORD.EXE: file format pei-i386

No symbols in "WINWORD.EXE".
Disassembly of section .text:

30001000 <.text>:
30001000: 55 push %ebp
30001001: 8b ec mov %esp,%ebp
30001003: 6a ff push $0xffffffff
30001005: 68 90 10 00 30 push $0x30001090
3000100a: 68 91 dc 4c 30 push $0x304cdc91

 Anything that can be interpreted as executable code

 Disassembler examines bytes and reconstructs assembly source
20
 Carnegie Mellon

Today: Machine Programming I: Basics

 History of Intel processors and architectures
 C, assembly, machine code
 Assembly Basics: Registers, operands, move
 Intro to x86-64

21
 Carnegie Mellon

Integer Registers (IA32) Origin

(mostly obsolete)

%eax %ax %ah %al accumulate

%ecx %cx %ch %cl counter

general purpose

%edx %dx %dh %dl data

%ebx %bx %bh %bl base

source
%esi %si index

destination
%edi %di index
stack
%esp %sp
pointer
base
%ebp %bp
pointer

16-bit virtual registers

(backwards compatibility) 22
 Carnegie Mellon

Moving Data: IA32 %eax

 Moving Data %ecx
movl Source, Dest: %edx
 Operand Types %ebx
 Immediate: Constant integer data %esi
Example: $0x400, $-533 %edi
 Like C constant, but prefixed with ‘$’
 Encoded with 1, 2, or 4 bytes
%esp
 Register: One of 8 integer registers %ebp
 Example: %eax, %edx
 But %esp and %ebp reserved for special use
 Others have special uses for particular instructions
 Memory: 4 consecutive bytes of memory at address given by register
 Simplest example: (%eax)
 Various other “address modes”

23
 Carnegie Mellon

movl Operand Combinations

Source Dest Src,Dest C Analog

Reg movl $0x4,%eax temp = 0x4;

Imm
Mem movl $-147,(%eax) *p = -147;

Reg movl %eax,%edx temp2 = temp1;

movl Reg
Mem movl %eax,(%edx) *p = temp;

Mem Reg movl (%eax),%edx temp = *p;

Cannot do memory-memory transfer with a single instruction

24
 Carnegie Mellon

Simple Memory Addressing Modes

 Normal (R) Mem[Reg[R]]
 Register R specifies memory address
 Aha! Pointer dereferencing in C

movl (%ecx),%eax

 Displacement D(R) Mem[Reg[R]+D]

 Register R specifies start of memory region
 Constant displacement D specifies offset

movl 8(%ebp),%edx

25
 Carnegie Mellon

Using Simple Addressing Modes

swap:
pushl %ebp
void swap(int *xp, int *yp) movl %esp,%ebp Set
{
pushl %ebx Up
int t0 = *xp;
int t1 = *yp;
*xp = t1; movl 8(%ebp), %edx
*yp = t0; movl 12(%ebp), %ecx
} movl (%edx), %ebx
Body
movl (%ecx), %eax
movl %eax, (%edx)
movl %ebx, (%ecx)

popl %ebx
popl %ebp Finish
ret

26
 Carnegie Mellon

Using Simple Addressing Modes

swap:
pushl %ebp
void swap(int *xp, int *yp) movl %esp,%ebp Set
{
pushl %ebx Up
int t0 = *xp;
int t1 = *yp;
*xp = t1; movl 8(%ebp), %edx
*yp = t0; movl 12(%ebp), %ecx
} movl (%edx), %ebx
Body
movl (%ecx), %eax
movl %eax, (%edx)
movl %ebx, (%ecx)

popl %ebx
popl %ebp Finish
ret

27
 Carnegie Mellon

Understanding Swap
void swap(int *xp, int *yp) •
{ • Stack
int t0 = *xp; • (in memory)
Offset
int t1 = *yp;
*xp = t1; 12 yp
*yp = t0; 8 xp
}
4 Rtn adr
0 Old %ebp %ebp
-4 Old %ebx %esp
Register Value
%edx xp
%ecx yp
%ebx t0 movl 8(%ebp), %edx # edx = xp
%eax t1 movl 12(%ebp), %ecx # ecx = yp
movl (%edx), %ebx # ebx = *xp (t0)
movl (%ecx), %eax # eax = *yp (t1)
movl %eax, (%edx) # *xp = t1
movl %ebx, (%ecx) # *yp = t0
28
 Carnegie Mellon
Address
Understanding Swap 123 0x124
456 0x120
0x11c
%eax 0x118
%edx Offset
0x114
%ecx yp 12 0x120 0x110
xp 8 0x124 0x10c
%ebx
4 Rtn adr 0x108
%esi
%ebp 0 0x104
%edi -4
0x100
%esp
movl 8(%ebp), %edx # edx = xp
%ebp 0x104 movl 12(%ebp), %ecx # ecx = yp
movl (%edx), %ebx # ebx = *xp (t0)
movl (%ecx), %eax # eax = *yp (t1)
movl %eax, (%edx) # *xp = t1
movl %ebx, (%ecx) # *yp = t0

29
 Carnegie Mellon
Address
Understanding Swap 123 0x124
456 0x120
0x11c
%eax 0x118
%edx 0x124 Offset
0x114
%ecx yp 12 0x120 0x110
xp 8 0x124 0x10c
%ebx
4 Rtn adr 0x108
%esi
%ebp 0 0x104
%edi -4
0x100
%esp
movl 8(%ebp), %edx # edx = xp
%ebp 0x104 movl 12(%ebp), %ecx # ecx = yp
movl (%edx), %ebx # ebx = *xp (t0)
movl (%ecx), %eax # eax = *yp (t1)
movl %eax, (%edx) # *xp = t1
movl %ebx, (%ecx) # *yp = t0

30
 Carnegie Mellon
Address
Understanding Swap 123 0x124
456 0x120
0x11c
%eax 0x118
%edx 0x124 Offset
0x114
%ecx 0x120 yp 12 0x120 0x110
xp 8 0x124 0x10c
%ebx
4 Rtn adr 0x108
%esi
%ebp 0 0x104
%edi -4
0x100
%esp
movl 8(%ebp), %edx # edx = xp
%ebp 0x104 movl 12(%ebp), %ecx # ecx = yp
movl (%edx), %ebx # ebx = *xp (t0)
movl (%ecx), %eax # eax = *yp (t1)
movl %eax, (%edx) # *xp = t1
movl %ebx, (%ecx) # *yp = t0

31
 Carnegie Mellon
Address
Understanding Swap 123 0x124
456 0x120
0x11c
%eax 0x118
%edx 0x124 Offset
0x114
%ecx 0x120 yp 12 0x120 0x110
xp 8 0x124 0x10c
%ebx 123
4 Rtn adr 0x108
%esi
%ebp 0 0x104
%edi -4
0x100
%esp
movl 8(%ebp), %edx # edx = xp
%ebp 0x104 movl 12(%ebp), %ecx # ecx = yp
movl (%edx), %ebx # ebx = *xp (t0)
movl (%ecx), %eax # eax = *yp (t1)
movl %eax, (%edx) # *xp = t1
movl %ebx, (%ecx) # *yp = t0

32
 Carnegie Mellon
Address
Understanding Swap 123 0x124
456 0x120
0x11c
%eax 456 0x118
%edx 0x124 Offset
0x114
%ecx 0x120 yp 12 0x120 0x110
xp 8 0x124 0x10c
%ebx 123
4 Rtn adr 0x108
%esi
%ebp 0 0x104
%edi -4
0x100
%esp
movl 8(%ebp), %edx # edx = xp
%ebp 0x104 movl 12(%ebp), %ecx # ecx = yp
movl (%edx), %ebx # ebx = *xp (t0)
movl (%ecx), %eax # eax = *yp (t1)
movl %eax, (%edx) # *xp = t1
movl %ebx, (%ecx) # *yp = t0

33
 Carnegie Mellon
Address
Understanding Swap 456 0x124
456 0x120
0x11c
%eax 456
456 0x118
%edx 0x124 Offset
0x114
%ecx 0x120 yp 12 0x120 0x110
xp 8 0x124 0x10c
%ebx 123
4 Rtn adr 0x108
%esi
%ebp 0 0x104
%edi -4
0x100
%esp
movl 8(%ebp), %edx # edx = xp
%ebp 0x104 movl 12(%ebp), %ecx # ecx = yp
movl (%edx), %ebx # ebx = *xp (t0)
movl (%ecx), %eax # eax = *yp (t1)
movl %eax, (%edx) # *xp = t1
movl %ebx, (%ecx) # *yp = t0

34
 Carnegie Mellon
Address
Understanding Swap 456 0x124
123 0x120
0x11c
%eax 456 0x118
%edx 0x124 Offset
0x114
%ecx 0x120 yp 12 0x120 0x110
xp 8 0x124 0x10c
%ebx 123
4 Rtn adr 0x108
%esi
%ebp 0 0x104
%edi -4
0x100
%esp
movl 8(%ebp), %edx # edx = xp
%ebp 0x104 movl 12(%ebp), %ecx # ecx = yp
movl (%edx), %ebx # ebx = *xp (t0)
movl (%ecx), %eax # eax = *yp (t1)
movl %eax, (%edx) # *xp = t1
movl %ebx, (%ecx) # *yp = t0

35
 Carnegie Mellon

Complete Memory Addressing Modes

 Most General Form
D(Rb,Ri,S) Mem[Reg[Rb]+S*Reg[Ri]+ D]
 D: Constant “displacement” 1, 2, or 4 bytes
 Rb: Base register: Any of 8 integer registers
 Ri: Index register: Any, except for %esp
 Unlikely you’d use %ebp, either
 S: Scale: 1, 2, 4, or 8 (why these numbers?)

 Special Cases
(Rb,Ri) Mem[Reg[Rb]+Reg[Ri]]
D(Rb,Ri) Mem[Reg[Rb]+Reg[Ri]+D]
(Rb,Ri,S) Mem[Reg[Rb]+S*Reg[Ri]]

36
 Carnegie Mellon

Today: Machine Programming I: Basics

 History of Intel processors and architectures
 C, assembly, machine code
 Assembly Basics: Registers, operands, move
 Intro to x86-64

37
 Carnegie Mellon

Data Representations: IA32 + x86-64

 Sizes of C Objects (in Bytes)
C Data Type Generic 32-bitIntel IA32 x86-64
 unsigned 4 4
4
 int 4 4
4
 long int 4 4
8
 char 1 1
1
 short 2 2
2
 float 4 4
4
 double 8 8
8 38
 Carnegie Mellon

x86-64 Integer Registers

%rax %eax %r8 %r8d

%rbx %ebx %r9 %r9d

%rcx %ecx %r10 %r10d

%rdx %edx %r11 %r11d

%rsi %esi %r12 %r12d

%rdi %edi %r13 %r13d

%rsp %esp %r14 %r14d

%rbp %ebp %r15 %r15d

 Extend existing registers. Add 8 new ones.

 Make %ebp/%rbp general purpose 39
 Carnegie Mellon

Instructions
 Long word l (4 Bytes) ↔ Quad word q (8 Bytes)

 New instructions:
 movl ➙ movq
 addl ➙ addq
 sall ➙ salq
 etc.

 32-bit instructions that generate 32-bit results

 Set higher order bits of destination register to 0
 Example: addl

40
 Carnegie Mellon

32-bit code for swap

swap:
pushl %ebp
void swap(int *xp, int *yp)
movl %esp,%ebp Set
{
int t0 = *xp; pushl %ebx Up
int t1 = *yp;
*xp = t1; movl 8(%ebp), %edx
*yp = t0; movl 12(%ebp), %ecx
} movl (%edx), %ebx
Body
movl (%ecx), %eax
movl %eax, (%edx)
movl %ebx, (%ecx)

popl %ebx
popl %ebp Finish
ret

41
 Carnegie Mellon

64-bit code for swap

swap:
Set
void swap(int *xp, int *yp)
{ Up
int t0 = *xp; movl (%rdi), %edx
int t1 = *yp; movl (%rsi), %eax
*xp = t1; movl %eax, (%rdi) Body
*yp = t0; movl %edx, (%rsi)
}
ret Finish
 Operands passed in registers (why useful?)
 First (xp) in %rdi, second (yp) in %rsi
 64-bit pointers
 No stack operations required
 32-bit data
 Data held in registers %eax and %edx
 movl operation 42
 Carnegie Mellon

64-bit code for long int swap

swap_l:
Set
void swap(long *xp, long *yp)
{ Up
long t0 = *xp; movq (%rdi), %rdx
long t1 = *yp; movq (%rsi), %rax
*xp = t1; movq %rax, (%rdi) Body
*yp = t0; movq %rdx, (%rsi)
}
ret Finish
 64-bit data
 Data held in registers %rax and %rdx
 movq operation
 “q” stands for quad-word

43
 Carnegie Mellon

Machine Programming I: Summary

 History of Intel processors and architectures
 Evolutionary design leads to many quirks and artifacts
 C, assembly, machine code
 Compiler must transform statements, expressions, procedures into
low-level instruction sequences
 Assembly Basics: Registers, operands, move
 The x86 move instructions cover wide range of data movement
forms
 Intro to x86-64
 A major departure from the style of code seen in IA32

44