Lecture 4: Machine Code And Assembly Language

Transcription

1 CSCI-GA PAC II Lecture 4: Machine Code And Assembly Language Some slides adapted (and slightly modified) from: Clark Barrett Jinyang Li Randy Bryant Dave O Hallaron Mohamed Zahran (aka Z) mzahran@cs.nyu.edu

2 Intel x86 Processors Evolutionary design Backwards compatible up until 8086, introduced in 1978 Complex instruction set computer (CISC) Many instructions, many formats By contrast, ARM architecture (in most cell phones) is RISC

3 Intel x86 Evolution: Milestones Name Transistors MHz 8086 (1978) 29K 5-10 First 16-bit processor. Basis for IBM PC & DOS 1MB address space 386 (1985) 275K First 32 bit processor, referred to as IA32 Capable of running Unix Pentium 4F (2004) 125M First 64-bit processor, referred to as x86-64 Core i7 (2008) 731M Xeon E7 (2011) 2.2B ~2400 Instruction Set Architecture (ISA)

4 Source Code to Execution C source Assembly Assembly Compiler Assembly Assembly Assembly Assembler Object Object File File Object File Library Library Library Linker Loader Executable DLL DLL DLL

5 Outline Assembly primer Addressing modes Arithmetic operations Condition codes: Jump and branches loops Procedures the stack

6 Assembly Programmer s View CPU Addresses Memory PC Registers Condition Codes Data Instructions Object Code Program Data OS Data Execution context PC: Program counter Address of next instruction Called EIP (IA32) or RIP (x86-64) Registers Heavily used program data Condition codes Info of recent arithmetic operation Used for conditional branching

7 Assembly Data Types Integer data of 1, 2, or 4 bytes Represent either data value or address (untyped pointer) Floating point data of 4, 8, or 10 bytes No arrays or structures

8 3 Kind of Assembly Operations Perform arithmetic on register or memory data Add, subtract, multiplication Transfer data between memory and register Load data from memory into register Store register data into memory Transfer control Unconditional jumps to/from procedures Conditional branches

9 Turning C into Object Code Code in files p1.c p2.c Optimization level Compile with command: gcc O1 p1.c p2.c -o p Output file is p text C program (p1.c p2.c) Compiler (gcc S) text Asm program (p1.s p2.s) binary binary Assembler (gcc c) Object program (p1.o p2.o) Linker Executable program (p) Static libraries (.a)

10 sum.c Compiling Into Assembly sum.s int sum(int x, int y) { int t = x+y; return t; } gcc c sum.c gcc S sum.c gcc c sum.s sum: pushl %ebp movl %esp,%ebp movl 12(%ebp),%eax addl 8(%ebp),%eax popl %ebp ret objdump d sum.o sum.o 80483c4: e5 8b 45 0c d c3 Note: If your platform is 64-bit, you may want to force it to generate 32-bit assembly by gcc m32 S sum.c to get the above output.

11 sum.c Compiling Into Assembly sum.s int sum(int x, int y) { int t = x+y; return t; } sum: pushl %ebp movl %esp,%ebp movl 12(%ebp),%eax addl 8(%ebp),%eax popl %ebp ret Refer to register %eax sum.o 80483c4: e5 8b 45 0c d c3 Refer to memory at address %ebp+8

12 general purpose Integer Registers (IA32) %eax %ax %ah %al Origin (mostly obsolete) accumulate %ecx %cx %ch %cl counter %edx %dx %dh %dl data %ebx %bx %bh %bl base %esi %si source index %edi %esp %ebp %di %sp %bp destination index stack pointer base pointer 16-bit virtual registers (backwards compatibility)

13 Moving Data: IA32 movl Source, Dest Operand Types Immediate: Integer constant e.g. $0x400 Register: One of 8 integer registers e.g. %eax Memory: 4 consecutive bytes of memory at address given by register Simplest example (%eax)

14 movl Operand Combinations Source Dest Src,Dest C Analog Imm Reg Mem movl $0x4,%eax temp = 0x4; movl $-147,(%eax) *p = -147; movl Reg Reg Mem movl %eax,%edx movl %eax,(%edx) temp2 = temp1; *p = temp; Mem Reg movl (%eax),%edx temp = *p; No memory-to-memory instruction

15 Outline Assembly primer Addressing modes Arithmetic operations Condition codes: Jump and branches loops Procedures the stack

16 Memory Addressing Modes Normal (R) Mem[Reg[R]] Register R specifies memory address movl (%ecx),%eax Displacement D(R) Mem[Reg[R]+D] Register R specifies start of memory region Constant displacement D specifies offset movl 8(%ebp),%edx

17 Using Simple Addressing void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; } Modes swap: pushl %ebp movl %esp,%ebp pushl %ebx movl 8(%ebp), %edx movl 12(%ebp), %ecx movl (%edx), %ebx movl (%ecx), %eax movl %eax, (%edx) movl %ebx, (%ecx) Set Up Point to first argument Point to second argument Body popl popl ret %ebx %ebp Finish

18 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 0x104 yp xp Offset %ebp x120 0x124 Rtn adr Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100 movl 8(%ebp), %edx # edx = xp movl 12(%ebp), %ecx # ecx = yp movl (%edx), %ebx # ebx = *xp (t0) movl (%ecx), %eax # eax = *yp (t1) movl %eax, (%edx) # *xp = t1 movl %ebx, (%ecx) # *yp = t0

19 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 0x124 0x104 yp xp Offset %ebp x120 0x124 Rtn adr Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100 movl 8(%ebp), %edx # edx = xp movl 12(%ebp), %ecx # ecx = yp movl (%edx), %ebx # ebx = *xp (t0) movl (%ecx), %eax # eax = *yp (t1) movl %eax, (%edx) # *xp = t1 movl %ebx, (%ecx) # *yp = t0

20 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 0x124 0x120 0x104 yp xp Offset %ebp x120 0x124 Rtn adr Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100 movl 8(%ebp), %edx # edx = xp movl 12(%ebp), %ecx # ecx = yp movl (%edx), %ebx # ebx = *xp (t0) movl (%ecx), %eax # eax = *yp (t1) movl %eax, (%edx) # *xp = t1 movl %ebx, (%ecx) # *yp = t0

21 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 0x124 0x x104 yp xp Offset %ebp x120 0x124 Rtn adr Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100 movl 8(%ebp), %edx # edx = xp movl 12(%ebp), %ecx # ecx = yp movl (%edx), %ebx # ebx = *xp (t0) movl (%ecx), %eax # eax = *yp (t1) movl %eax, (%edx) # *xp = t1 movl %ebx, (%ecx) # *yp = t0

22 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 456 0x124 0x x104 yp xp Offset %ebp x120 0x124 Rtn adr Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100 movl 8(%ebp), %edx # edx = xp movl 12(%ebp), %ecx # ecx = yp movl (%edx), %ebx # ebx = *xp (t0) movl (%ecx), %eax # eax = *yp (t1) movl %eax, (%edx) # *xp = t1 movl %ebx, (%ecx) # *yp = t0

23 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap x124 0x x104 yp xp Offset %ebp x120 0x124 Rtn adr Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100 movl 8(%ebp), %edx # edx = xp movl 12(%ebp), %ecx # ecx = yp movl (%edx), %ebx # ebx = *xp (t0) movl (%ecx), %eax # eax = *yp (t1) movl %eax, (%edx) # *xp = t1 movl %ebx, (%ecx) # *yp = t0

24 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 456 0x124 0x x104 yp xp Offset %ebp x120 0x124 Rtn adr Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100 movl 8(%ebp), %edx # edx = xp movl 12(%ebp), %ecx # ecx = yp movl (%edx), %ebx # ebx = *xp (t0) movl (%ecx), %eax # eax = *yp (t1) movl %eax, (%edx) # *xp = t1 movl %ebx, (%ecx) # *yp = t0

25 General Memory Addressing Modes Most General Form D ( Rb, Ri, S ) Base register Index register (no %esp) Scale (1,2,4,8) Constant displacement Mem[Reg[Rb]+S*Reg[Ri]+ D] Special Cases (Rb,Ri) D(Rb,Ri) (Rb,Ri,S) Mem[Reg[Rb]+Reg[Ri]] Mem[Reg[Rb]+Reg[Ri]+D] Mem[Reg[Rb]+S*Reg[Ri]]

26 Size of C objects on IA32 and x86-64 C Data Type Generic 32-bit Intel IA32 x86-64 unsigned int long int char short float double char * Or any other pointer

27

28 Address Computation Examples %edx %ecx 0xf000 0x0100 Expression Address Computation Address 0x8(%edx) 0xf000 0x8+%edx + 0x8 0xf008 (%edx,%ecx) 0xf000 %edx+%ecx + 0x100 0xf100 (%edx,%ecx,4) 0xf000 %edx+4*%ecx + 4*0x100 0xf400 0x80(,%edx,2) 2*0xf000 2*%edx+0x80 + 0x80 0x1e080

29 lea instruction leal Src, Dest Src is address mode expression Set Dest to address denoted by expression 2 common uses Computing address E.g., translation of p = &x[i]; Computing arithmetic expressions x + k*y for k= 1, 2, 4, or 8 Example int foo(int x) { return x*12; } leal (%eax,%eax,2), %eax ;t <- x+x*2 sall $2, %eax ;return t<<2

30 Outline Assembly primer Addressing modes Arithmetic operations Condition codes: Jump and branches loops Procedures the stack

31 Arithmetic Operations addl Src, Dest Dest = Dest + Src subl Src, Dest Dest = Dest Src imull Src, Dest Dest = Dest * Src incl Dest Dest = Dest + 1 decl Dest Dest = Dest 1 negl Dest Dest = Dest notl Dest Dest = ~Dest sall Src, Dest Dest = Dest << Src sarl Src, Dest Dest = Dest >> Src xorl Src, Dest Dest = Dest ^ Src andl Src, Dest Dest = Dest & Src orl Src, Dest Dest = Dest Src

32 Arithmetic Expression Example int foo(int x, int y, int z) { int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval; } foo: pushl %ebp movl %esp, %ebp movl 8(%ebp), %ecx movl 12(%ebp), %edx leal (%edx,%edx,2), %eax sall $4, %eax leal 4(%ecx,%eax), %eax addl %ecx, %edx addl 16(%ebp), %edx imull %edx, %eax Set Up Body popl ret %ebp Finish Note: x, y, and z are stored at offsets 8, 12, and 16 from %ebp

33 Understanding arithmetic int foo(int x, int y, int z) { int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval; } Offset 16 z 12 y 8 x Stack 4 Rtn Addr movl 8(%ebp), %ecx # ecx = x movl 12(%ebp), %edx # edx = y 0 Old %ebp leal (%edx,%edx,2), %eax # eax = y*3 sall $4, %eax # eax *= 16 (t4) leal 4(%ecx,%eax), %eax # eax = t4 +x+4 (t5) addl %ecx, %edx # edx = x+y (t1) addl 16(%ebp), %edx # edx += z (t2) imull %edx, %eax # eax = t2 * t5 (rval) %ebp

34 Observations int foo(int x, int y, int z) { int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval; } Instructions in different order from C code Some expressions require multiple instructions Some instructions cover multiple expressions movl 8(%ebp), %ecx # ecx = x movl 12(%ebp), %edx # edx = y leal (%edx,%edx,2), %eax # eax = y*3 sall $4, %eax # eax *= 16 (t4) leal 4(%ecx,%eax), %eax # eax = t4 +x+4 (t5) addl %ecx, %edx # edx = x+y (t1) addl 16(%ebp), %edx # edx += z (t2) imull %edx, %eax # eax = t2 * t5 (rval)

35 Another Example int bar(int x, int y) { int t1 = x^y; int t2 = t1 >> 17; int mask = (1<<13) - 7; int rval = t2 & mask; return rval; } bar: pushl %ebp movl %esp,%ebp movl 12(%ebp),%eax xorl 8(%ebp),%eax sarl $17,%eax andl $8185,%eax popl %ebp ret Set Up Body Finish movl 12(%ebp),%eax # eax = y xorl 8(%ebp),%eax # eax = x^y (t1) sarl $17,%eax # eax = t1>>17 (t2) andl $8185,%eax # eax = t2 & mask (rval) 2 13 = 8192, = 8185

36 Processor State (IA32) Processor state = information kept in CPU on currently executing program %eax %ecx %edx %ebx %esi %edi %esp %ebp General purpose registers Stack top Stack frame %eip Instruction pointer CF ZF SF OF Condition codes

37 Outline Assembly primer Addressing modes Arithmetic operations Condition codes Jump and branches loops Procedures the stack

38 Setting Condition Codes Can be implicitly set by arithmetic operations Example: addl Src,Dest (t = a+b) CF (Carry flag) set if carry out from most significant (31- st) bit (unsigned overflow) ZF (Zero flag) set if t == 0 SF (Sign flag) set if t < 0 (as signed) OF (Overflow flag) set if signed overflow, i.e. carry out from 30-th bit (a>0 && b>0 && t<0) (a<0 && b<0 && t>=0) Not set by lea instruction

39 Setting Condition Codes Can also be explicitly set cmpl b,a set condition codes based on (a-b) CF set if (a-b) results in unsigned overflow ZF set if a == b SF set if (a-b) < 0 (as signed) OF set if (a-b) results in signed overflow testl b,a set condition codes based on value of a & b

40 Reading Condition Codes SetX instruction: Set the lower byte of some register based on combinations of condition codes SetX Condition Description sete ZF Equal / Zero setne ~ZF Not Equal / Not Zero sets SF Negative setns ~SF Nonnegative setg ~(SF^OF)&~ZF Greater (Signed) setge ~(SF^OF) Greater or Equal (Signed) setl (SF^OF) Less (Signed) setle (SF^OF) ZF Less or Equal (Signed) seta ~CF&~ZF Above (unsigned) setb CF Below (unsigned)

41 Reading Condition Codes (Cont.) Example int gt (int x, int y) { return x > y; } %eax %ah %ax %al movl 12(%ebp),%eax cmpl %eax,8(%ebp) setg %al movzbl %al,%eax # eax = y # Compare x : y # al = x > y # Zero rest of %eax Move Zero-Extended Byte to Long

42 Outline Assembly primer Addressing modes Arithmetic operations Condition codes Jump and branches loops Procedures the stack

43 Jumping jx Instruction: Jump to different part of code depending on condition codes jx Condition Description jmp 1 Unconditional je ZF Equal / Zero jne ~ZF Not Equal / Not Zero js SF Negative jns ~SF Nonnegative jg ~(SF^OF)&~ZF Greater (Signed) jge ~(SF^OF) Greater or Equal (Signed) jl (SF^OF) Less (Signed) jle (SF^OF) ZF Less or Equal (Signed) ja ~CF&~ZF Above (unsigned) jb CF Below (unsigned)

44 Conditional Branch Example int absdiff(int x, int y) { int result; if (x > y) { result = x-y; } else { result = y-x; } return result; } absdiff: pushl %ebp movl %esp, %ebp movl 8(%ebp), %edx movl 12(%ebp), %eax cmpl %eax, %edx jle.l6 subl %eax, %edx movl %edx, %eax jmp.l7.l6: subl %edx, %eax.l7: popl %ebp ret Setup Body1 Body2a Body2b Finish

45 Conditional Branch Example int goto_ad(int x, int y) { int result; if (x <= y) goto Else; result = x-y; goto Exit; Else: result = y-x; Exit: return result; } (Cont.) absdiff: pushl %ebp movl %esp, %ebp movl 8(%ebp), %edx movl 12(%ebp), %eax cmpl %eax, %edx jle.l6 subl %eax, %edx movl %edx, %eax jmp.l7.l6: subl %edx, %eax.l7: popl %ebp ret Carnegie Mellon Setup Body1 Body2a Body2b Finish

46 Conditional Branch Example int goto_ad(int x, int y) { int result; if (x <= y) goto Else; result = x-y; goto Exit; Else: result = y-x; Exit: return result; } (Cont.) absdiff: pushl %ebp movl %esp, %ebp movl 8(%ebp), %edx movl 12(%ebp), %eax cmpl %eax, %edx jle.l6 subl %eax, %edx movl %edx, %eax jmp.l7.l6: subl %edx, %eax.l7: popl %ebp ret Carnegie Mellon Setup Body1 Body2a Body2b Finish

47 Conditional Branch Example int goto_ad(int x, int y) { int result; if (x <= y) goto Else; result = x-y; goto Exit; Else: result = y-x; Exit: return result; } (Cont.) absdiff: pushl %ebp movl %esp, %ebp movl 8(%ebp), %edx movl 12(%ebp), %eax cmpl %eax, %edx jle.l6 subl %eax, %edx movl %edx, %eax jmp.l7.l6: subl %edx, %eax.l7: popl %ebp ret Carnegie Mellon Setup Body1 Body2a Body2b Finish

48 Conditional Branch Example int goto_ad(int x, int y) { int result; if (x <= y) goto Else; result = x-y; goto Exit; Else: result = y-x; Exit: return result; } (Cont.) absdiff: pushl %ebp movl %esp, %ebp movl 8(%ebp), %edx movl 12(%ebp), %eax cmpl %eax, %edx jle.l6 subl %eax, %edx movl %edx, %eax jmp.l7.l6: subl %edx, %eax.l7: popl %ebp ret Carnegie Mellon Setup Body1 Body2a Body2b Finish

49 Do-While Loop Example C Code int pcount_do(unsigned x) { int result = 0; do { result += x & 0x1; x >>= 1; } while (x); return result; } Goto Version int pcount_do(unsigned x) { int result = 0; loop: result += x & 0x1; x >>= 1; if (x) goto loop; return result; } Count number of 1 s in argument x

50 Do-While Loop Compilation Goto Version int pcount_do(unsigned x) { int result = 0; loop: result += x & 0x1; x >>= 1; if (x) goto loop; return result; } Registers: %edx x %ecx result movl $0, %ecx # result = 0.L2: # loop: movl %edx, %eax andl $1, %eax # t = x & 1 addl %eax, %ecx # result += t shrl %edx # x >>= 1 jne.l2 # If!0, goto loop

51 General Do-While and While do Body while (Test); Translation Goto Version loop: Body if (Test) goto loop Carnegie Mellon while (Test) Body Goto Version if (!Test) goto done; loop: Body if (Test) goto loop; done:

52 For Loop Translation for (Init; Test; Update ) Body Init; if (!Test) goto done; loop: Body Update if (Test) goto loop; done:

53 For Loop Conversion Example C Code #define WSIZE 8*sizeof(int) int pcount_for(unsigned x) { int i; int result = 0; for (i = 0; i < WSIZE; i++) { unsigned mask = 1 << i; result += (x & mask)!= 0; } return result; } Goto Version int pcount_for_gt(unsigned x) { int i; int result = 0; i = 0; if (!(i < WSIZE)) goto done; loop: { unsigned mask = 1 << i; result += (x & mask)!= 0; } i++; Update if (i < WSIZE) goto loop; done: return result; } Test Init!Test Body

54 Using Conditional Moves Conditional Move Instructions Instruction supports: if (Test) Dest Src Supported in post-1995 x86 processors GCC does not always use them Wants to preserve compatibility with ancient processors Enabled for x86-64 Use switch march=686 for IA32 Why? Branches are very disruptive to instruction flow through pipelines Conditional move do not require control transfer C Code val = Test? Then_Expr : Else_Expr; Goto Version tval = Then_Expr; result = Else_Expr; t = Test; if (t) result = tval; return result;

55 Bad Cases for Conditional Move Expensive Computations val = Test(x)? Hard1(x) : Hard2(x); Both values get computed Only makes sense when computations are very simple Risky Computations val = p? *p : 0; Both values get computed May have undesirable effects Computations with side effects val = x > 0? x*=7 : x+=3; Both values get computed Must be side-effect free

56 IA32 Object Code Assembly Code switch_eg:... ja.l2 # If unsigned > goto default jmp *.L7(,%eax,4) # Goto *JTab[x] Disassembled Object Code <switch_eg>: : ja <switch_eg+0x12> b: ff jmp *0x (,%eax,4)

57 IA32 Object Code (cont.) Jump Table Doesn t show up in disassembled code, inspect using GDB (gdb) x/7xw 0x Examine 7 hexadecimal format words (4-bytes each) 0x : 0x x x b 0x x : 0x x b 0x b Address Value x 0x x x x x x804843b 2 0x804866c 0x x x x x804844b 5 0x x804844b 6

58 Matching Disassembled Targets Value 0x x x804843b 0x x x804844b 0x804844b : mov $0x2,%eax : jmp <switch_eg+0x43> : mov $0x1,%eax e: xchg %ax,%ax : jmp <switch_eg+0x36> : mov 0x10(%ebp),%eax : imul 0xc(%ebp),%eax : jmp <switch_eg+0x43> b: mov 0xc(%ebp),%edx e: mov %edx,%eax : sar $0x1f,%edx : idivl 0x10(%ebp) : add 0x10(%ebp),%eax : jmp <switch_eg+0x43> b: mov $0x1,%eax : sub 0x10(%ebp),%eax : pop %ebp : ret

59 Outline Assembly primer Addressing modes Arithmetic operations Condition codes Jump and branches loops Procedures the stack

60 IA32 Stack Region of memory managed with stack discipline Register %esp contains address of top element Stack Pointer: %esp Bottom increasing Addresses Stack Grows Down Top

61 pushl src IA32 Stack: Push Fetch operand at Src Decrement %esp by 4 Bottom Write operand at address given by %esp Increasing Addresses Stack Pointer: %esp -4 Stack Grows Down

62 IA32 Stack: Pop popl dst Write operand at address given by %esp to dst Increment %esp by 4 Bottom Increasing Addresses Stack Pointer: %esp +4 Stack Grows Down

63 Procedure Control Flow Use stack to support procedure call and return call label_of_procedure Push return address on stack Jump to label ret Pop address from stack Jump to address Return address: Address of the next instruction right after call Example: e: e8 3d call 8048b90 <main> : 50 pushl %eax Return address = 0x

64 Procedure Call Example e: e8 3d call 8048b90 <main> : 50 pushl %eax call 8048b90 0x110 0x110 0x10c 0x10c 0x x x104 0x %esp 0x108 %esp 0x104 %eip 0x804854e %eip 0x8048b90 %eip: program counter

65 Procedure Return Example : c3 ret ret 0x110 0x110 0x10c 0x10c 0x x x104 0x x %esp 0x104 %esp 0x108 %eip 0x %eip 0x %eip: program counter

66 Using stack for procedure invocation In addition to return address, stack also stores Arguments local variables Scratch space Stack allocated in Frames state for single procedure instantiation Stack is well suited for procedure invocation State for given procedure needed for from when called to when return Callee returns before caller does (last-in-firstout)

67 yoo( ) { who(); } Call Chain Example who( ) { (); (); } ( ) { (); } Example Call Chain yoo who Procedure () is recursive

68 Stack Frames Contents Local variables Return information Temporary space Frame Pointer: %ebp Stack Pointer: %esp Previous Frame Frame for proc Management Space allocated when enter procedure Set-up code Deallocated when return Finish code Stack Top

69 Example Stack yoo( ) { who(); } yoo who %ebp %esp yoo yoo

70 Example Stack yoo( ) { who( ) { who(); (); (); } } yoo who %ebp %esp yoo yoo who

71 Example Stack yoo( ) { who( ) { ( ) who(); (); { (); } (); } } yoo who %ebp %esp yoo yoo who

72 Example Stack yoo( ) { who( ) { ( ) who(); (); { ( ) (); { } (); } (); } } yoo who %ebp %esp yoo yoo who

73 Example Stack yoo( ) { who( ) { ( ) who(); (); { ( ) (); { } (); ( ) } { (); } (); } } yoo who %ebp %esp yoo yoo who

74 Example Stack yoo( ) { who( ) { ( ) who(); (); { ( ) (); { } (); } (); } } yoo who %ebp %esp yoo yoo who

75 Example Stack yoo( ) { who( ) { ( ) who(); (); { (); } (); } } yoo who %ebp %esp yoo yoo who

76 Example Stack yoo( ) { who( ) { who(); (); (); } } yoo who %ebp %esp yoo yoo who

77 Example Stack yoo( ) { who( ) { ( ) who(); (); { (); } (); } } yoo who %ebp %esp yoo yoo who

78 Example Stack yoo( ) { who( ) { who(); (); (); } } yoo who %ebp %esp yoo yoo who

79 Example Stack yoo( ) { who(); } yoo who %ebp %esp yoo yoo

80 IA32/Linux Stack Frame Current Stack Frame ( Top to Bottom) Argument build: Parameters for function about to call Local variables If can t keep in registers Saved register context Old frame pointer Caller Stack Frame Return address Pushed by call instruction Arguments for this call Frame pointer %ebp Stack pointer %esp Caller Frame Arguments Return Addr Old %ebp Saved Registers + Local Variables Argument Build

81 int course1 = 15213; int course2 = 18243; void call_swap() { swap(&course1, &course2); } Revisiting swap Calling swap from call_swap call_swap: subl movl movl call $8, %esp $course2, 4(%esp) $course1, (%esp) swap void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; } &course2 &course1 Rtn adr Resulting Stack %esp %esp %esp subl call

82 Revisiting swap void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; } swap: pushl %ebp movl %esp, %ebp pushl %ebx movl 8(%ebp), %edx movl 12(%ebp), %ecx movl (%edx), %ebx movl (%ecx), %eax movl %eax, (%edx) movl %ebx, (%ecx) popl %ebx popl %ebp ret Set Up Body Finish

83 swap Setup #1 Entering Stack %ebp Resulting Stack %ebp &course2 &course1 Rtn adr %esp yp xp Rtn adr Old %ebp %esp swap: pushl %ebp movl %esp,%ebp pushl %ebx

84 swap Setup #2 Entering Stack Resulting Stack %ebp &course2 yp &course1 xp Rtn adr %esp Rtn adr Old %ebp %ebp %esp swap: pushl %ebp movl %esp,%ebp pushl %ebx

85 swap Setup #3 Entering Stack %ebp Resulting Stack &course2 &course1 Rtn adr %esp yp xp Rtn adr swap: pushl %ebp movl %esp,%ebp pushl %ebx Old %ebp Old %ebx %ebp %esp

86 swap Body Entering Stack Resulting Stack %ebp Offset relative to %ebp &course2 &course1 Rtn adr %esp yp xp Rtn adr Old %ebp %ebp Old %ebx %esp movl 8(%ebp),%edx # get xp movl 12(%ebp),%ecx # get yp...

87 Stack Before Finish swap Finish Resulting Stack %ebp yp xp Rtn adr Old %ebp Old %ebx popl popl %ebp %esp %ebx %ebp yp xp Rtn adr %esp Saved and restored register %ebx, but not %eax, %ecx, %edx

88 Register Saving Conventions When procedure yoo calls who: yoo is the caller who is the callee Callee might use registers for temporary storage? yoo: movl $15213, %edx call who addl %edx, %eax ret who: movl 8(%ebp), %edx addl $18243, %edx ret Contents of register %edx overwritten by who This could be trouble something should be done! Need some coordination

89 Register Saving Conventions When procedure yoo calls who: yoo is the caller who is the callee Register saving Conventions Caller Save Caller saves temporary values in its stack frame before the call Callee Save Callee saves temporary values in its stack frame before using

90 IA32/Linux+Windows Register %eax, %edx, %ecx Caller saves prior to call if values are used later %eax also used to return integer value %ebx, %esi, %edi Callee saves if wants to use them %esp, %ebp special form of callee save Restored to original values upon exit from procedure Usage Caller-Save Temporaries Callee-Save Temporaries Special %eax %edx %ecx %ebx %esi %edi %esp %ebp Carnegie Mellon

91 Recursive Function /* Recursive popcount */ int pcount_r(unsigned x) { if (x == 0) return 0; else return (x & 1) + pcount_r(x >> 1); } Registers %eax, %edx used without first saving %ebx used, but saved at beginning & restored at end pcount_r: pushl %ebp movl %esp,%ebp pushl %ebx subl $4,%esp movl 8(%ebp),%ebx movl $0,%eax testl %ebx,%ebx je.l3 movl %ebx,%eax shrl %eax movl %eax,(%esp) call pcount_r movl %ebx,%edx andl $1,%edx leal (%edx,%eax),%eax.l3: addl $4,%esp popl %ebx popl %ebp ret

92 /* Recursive popcount */ int pcount_r(unsigned x) { if (x == 0) return 0; else return (x & 1) + pcount_r(x >> 1); } Actions Save old value of %ebx on stack Allocate space for argument to recursive call Store x in %ebx Recursive Call #1 %ebx x pcount_r: pushl %ebp movl %esp,%ebp pushl %ebx subl $4,%esp movl 8(%ebp),%ebx x Rtn adr Old %ebp Old %ebx %ebp %esp Carnegie Mellon

93 Recursive Call #2 /* Recursive popcount */ int pcount_r(unsigned x) { if (x == 0) return 0; else return (x & 1) + pcount_r(x >> 1); } movl $0,%eax testl %ebx,%ebx je.l3.l3: ret Actions If x == 0 (%eax), return %ebx x

94 Recursive Call #3 /* Recursive popcount */ int pcount_r(unsigned x) { if (x == 0) return 0; else return (x & 1) + pcount_r(x >> 1); } movl %ebx,%eax shrl %eax movl %eax,(%esp) call pcount_r Actions Store x >> 1 on stack Make recursive call Effect after calling pcount_r %eax set to function result %ebx still has value of x %ebx x Rtn adr Old %ebp Old %ebx x >> 1 %ebp %esp

95 Recursive Call #4 /* Recursive popcount */ int pcount_r(unsigned x) { if (x == 0) return 0; else return (x & 1) + pcount_r(x >> 1); } movl andl leal %ebx,%edx $1,%edx (%edx,%eax),%eax After calling pcount_r %eax holds value from recursive call %ebx holds x Actions Compute (x & 1) + computed value Effect %eax set to function result %ebx x

96 Recursive Call #5 /* Recursive popcount */ int pcount_r(unsigned x) { if (x == 0) return 0; else return (x & 1) + pcount_r(x >> 1); } Actions Restore %ebx,%ebp Restore %esp Rtn adr Old %ebp Old %ebx L3: %ebp %esp addl $4,%esp popl %ebx popl %ebp ret %ebx Old %ebx %ebp %esp

97 Conclusions Till Now, we have seen: Hardware: transistors gates digital structures microarchitecture (datapath + control unit) Software: bits data (signed, unsigned, floating points,..) + Instructions