SlideShare a Scribd company logo

17

Download as PPTX, PDF
D
dano2osu

The Y86 architecture has 8 32-bit registers, 3 condition codes (ZF, SF, OF), a program counter (PC), and up to 4GB of memory. It supports normal, register, and displacement addressing modes. Instructions include arithmetic, logical operations, jumps, calls, returns, and memory load/store. The execution cycle fetches, decodes, executes, and updates the PC for each instruction. Condition codes track the results of arithmetic operations for conditional jumps.

TechnologyBusiness
1 of 57
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
CSE 2421 Autumn 2013 S. Preston
Y86 programmer-visible state • The Y86 has: • • • • • 8 32-bit registers with the same names as the IA32 32-bit registers 3 condition codes: ZF, SF, OF • no carry flag - interpret integers as signed a program counter (PC) • Holds the address of the instruction currently being executed a program status byte: AOK, HLT, ADR, INS • State of program execution memory: up to 4 GB to hold program and data (4096 = 2^12) RF: Program registers %eax %esi %ecx %edi %edx %esp %ebx CC: Condition codes Stat: Program Status %ebp ZF SF OF DMEM: Memory PC 2
Condition Codes • 3 condition codes in y86 • ZF – Set if the result of the last arithmetic operation is 0 • SF – Set if the result of the last arithmetic operation resulted in the sign bit being set • OF – Set if the result of the last arithmetic operation resulted in an overflow
Conditions • FLAGS: Zero, Sign, Overflow • Less or Equal • Z = 1, S = 1, O = X • Z = 0, S = 1, O = X • Z = 1, S = 0, O = X • Z = 0, S = X, O = X • Z = 1, S = 0, O = X • Z = 0, S = 0, O = X • Less • Equal • Not Equal • Greater or Equal • Greater
Simple Addressing Modes • Normal = (R) = Mem[Reg[R]] • Register Reg specifies memory address • denoted by a register in ( ) • Example value 0x120 0x11 0x121 0x22 0x122 0x33 0x123 ecx = 0x00000120 addr 0x44 movl (%ecx),%eax move the value that is at the address in ecx into eax Moves 0x11223344 into eax 5
Simple Addressing Modes • Displacement = D(R) = Mem[Reg[R]+D] • Register R specifies start of memory address • Constant displacement D specifies offset • In bytes loads 0x33445566 into edx value 0x120 0x11 0x121 0x22 0x122 0x33 0x123 0x44 0x124 • Denoted by displacement(register) ebp = 0x120 movl 2(%ebp),%edx move the value at ebp (0x120) + 2 into edx addr 0x55 0x125 0x66 6
Y86 example program w/ loop # y86loop.ys .pos 0x0 irmovl $0,%eax irmovl $1,%ecx Loop: addl %ecx,%eax irmovl $1,%edx addl %edx,%ecx irmovl $1000,%edx subl %ecx,%edx jge Loop halt # sum = 0 # num = 1 CONVERT TO C sum=0; num = 1; do { sum += num; num++; } while (1000 – num >= 0) # sum += num # tmp = 1 # num++ # lim = 1000 # if lim - num >= 0 # loop again 7
Y86 example program w/ loop # y86loop.ys .pos 0x0 irmovl $0,%eax irmovl $1,%ecx Loop: addl %ecx,%eax irmovl $1,%edx addl %edx,%ecx irmovl $1000,%edx subl %ecx,%edx jge Loop halt # sum = 0 # num = 1 CONVERT TO C sum=0; num = 1; do { sum += num; num++; } while (1000 – num >= 0) # sum += num # tmp = 1 # num++ # lim = 1000 # if lim - num >= 0 # loop again Why don’t we just do addl $1, %edx?? Cant! not allowed, only register to register 8
Y86 Stack • Stack top address always held in esp • Stack grows towards lower addresses Stack “Top” %esp • • • Stack “Bottom” Increasing Addresses
Y86 Stack - Push • Pushing • Decrement the stack register by 4 then store new data (1) addr value (2) addr value 0x11B //(1)esp = 0x120 movl 0xFECA8712, %eax push %eax //(1)esp = 0x11C 0x11B 0x11C 0x11C 0x12 0x11D 0x11D 0x87 0x11E 0x11E 0xCA 0x11F 0x11F 0xFE 0x120 0x11 0x120 0x11 0x121 0x22 0x121 0x22 0x122 0x33 0x122 0x33
Y86 Stack - Pop • Pushing • Save new data on stack, Increment the stack register by 4 (1) addr //(1) esp = 0x11C pop eax //(2) esp = 0x120 //eax = 0xFECA8712 value (2) addr value 0x11B 0x11B 0x11C 0x12 0x11C 0x11D 0x87 0x11D 0x11E 0xCA 0x11E 0x11F 0xFE 0x11F 0x120 0x11 0x120 0x11 0x121 0x22 0x121 0x22 0x122 0x33 0x122 0x33
Stack Example 2 ==PUSH== subl $4, %esp movl %ebp, (%esp) ==POP=== movl (%esp), %eax addl $4, %esp
Y86 Instruction Set 13
17
Fetch Cycle
Executing  rmmovl • Fetch • Read 6 bytes • Read operand registers • Decode • Execute • Compute effective address • Memory • Write to memory • Do nothing • Increment PC by 6 • Write back • PC Update 16
Executing  Arithmetic/Logical Ops • Fetch • Read 2 bytes • Read operand registers • Decode • Execute • • Perform operation Set condition codes • Do nothing • Update register • Increment PC by 2 • Memory • Write back • PC Update 17
Executing  popl • • • • • Fetch • Decode • Read stack pointer Execute • Increment stack pointer by 4 Memory • Read from old stack pointer Write back • • • Read 2 bytes Update stack pointer Write result to register PC Update • Increment PC by 2 18
Jumps • • • • • • Fetch • • Read 5 bytes Increment PC by 5 Decode • Do nothing Execute • Determine whether to take branch based on jump condition and condition codes Memory • Do nothing Write back • Do nothing PC Update • Set PC to Dest if branch taken or to incremented PC if not branch 19
Executing  Call • • • • • • Fetch • • Read 5 bytes Increment PC by 5 Decode • Read stack pointer Execute • Decrement stack pointer by 4 Memory • Write incremented PC to new value of stack pointer Write back • Update stack pointer PC Update • Set PC to Dest 20
Executing  ret • • • • • • Fetch • • Read 1 bytes Increment PC by 1 Decode • Read stack pointer Execute • Decrement stack pointer by 4 Memory • Write incremented PC to new value of stack pointer Write back • Update stack pointer PC Update • Set PC to Dest 21
17
Instruction encoding practice • Determine the byte encoding of the following Y86 instruction sequence given ―.pos 0x100‖ specifies the starting address of the object code to be 0x100 (practice problem 4.1) .pos 0x100 # start code at address 0x100 irmovl $15, %ebx #load 15 into %ebx rrmovl %ebx, %ecx #copy 15 to %ecx loop: rmmovl %ecx, -3(%ebx)#save %ecx at addr 15-3=12 addl %ebx, %ecx #increment %ecx by 15 jmp loop # goto loop 23
Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx rrmovl %ebx, %ecx rmmovl %ecx, -3(%ebx) loop: addl %ebx, %ecx jmp loop
Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: rmmovl %ecx, -3(%ebx) addl %ebx, %ecx jmp loop
Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: 0x108: 4013fdffffff //rmmovl %ecx, -3(%ebx) addl %ebx, %ecx jmp loop
Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: 0x108: 4013fdffffff //rmmovl %ecx, -3(%ebx) 0x10e: 6031 //addl %ebx, %ecx jmp loop
Instruction encoding practice 0x100: 0x106: loop: 0x108: 0x10e: 0x110: 30f30f000000 //irmovl $15, %ebx 2031 //rrmovl %ebx, %ecx 4013fdffffff //rmmovl %ecx, -3(%ebx) 6031 //addl %ebx, %ecx 708010000 //jmp loop
Instruction encoding practice (cont) What about disassembling? 0x200: a06f80080200000030f30a00000090 0x400: 6113730004000000 29
Instruction encoding practice (cont) What about disassembling? 0x200: a06f push %esi 0x202: 80080200000030f30a00000090 0x400: 6113730004000000 30
Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 8008020000 0x208: 30f30a00000090 0x400: 6113730004000000 pop %esi call 0x208 31
Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113730004000000 pop %esi call 0x208 irmovl $a0, %ebx 32
Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113730004000000 pop %esi call 0x208 irmovl $a0, %ebx ret 33
Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113 0x402: 730004000000 pop %esi call 0x208 irmovl $a0, %ebx ret subl %ecx, %ebx 34
Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113 0x402: 73004000000 pop %esi call 0x208 irmovl $a0, %ebx ret subl %ecx, %ebx je 0x400 35
Y86 int Sum(int *Start, int Count) { int sum = 0; while (Count) { sum += *Start; Start++; Count--; } } 36
x86 • 8 32 bit registers • General Purpose Registers • • • • • • eax ebx ecx edx esi edi • Stack Register • esp • Base Register • ebp
x86 - Registers
x86 Registers • • • • • • eax, ebx, ecx, edx Registers can be accessed in parts Rrx – Referes to the 64 bit register erx – Refers to 32 bit register rx – Referes to the lower 16 bits of erx rh – Refers to the top 8 bits of the rx bit register • rl – Refers to the lower 8 bits of the rx register
Condition Flags • CF – Carry – Last arithmetic resulted in a carry • PF – Parity – Last arithmetic/logical operation results in even parity (even number of 1’s) • ZF – Zero – Last arithmetic/logical operation resulted in a zero • SF – Sign – Last arithmetic operation resulted in the sign bit being set • OF – Overflow – Last arithmetic resulted in an overflow
Condition Flags • AF – Adjust – Last arithmetic results in a carry out of the lowest 4 bits (Used for BCD arithmetic) • TF – Trap – Enables CPU single step mode – Used for debugging • IF – Interrupt Enable – Enables cpu to handle system interrupts • DF – Direction – Sets the direction of string processing from R->L
Verbiage • Opcode operand1, operand2 • operand1 and/or operand2 are not always required, depending on the opcode • mov eax, ebx • Opcode – mov • operand1 – eax • operand2 - ebx
Operand Specifiers • Source operand • Constants, registers, or memory • Destination operand • Registers or memory • Cannot do Memory-Memory transfer with a single instruction • 3 types of operands • Immediate • Register • Memory 43
IA32 – Intel Architecture • 32-bit address bus • • normal physical address space of 4 GBytes (232 bytes) addresses ranging continuously from 0 to 0xFFFFFFFF • Data formats  • • Primitive data types of C Single letter suffix • • denotes size of operand No aggregate types • Arrays, structures C Declaration Suffix Size char B 8 bits short W or S 16 bits int L 32 bits * (pointer) L 32 bits float S 32 bits 44
Addressing Modes • An addressing mode is a mechanism for specifying an address. • Immediate • Register • Memory • • • • Absolute • specify the address of the data Indirect • use register to calculate address Base + displacement • use register plus absolute address to calculate address Indexed • • Indexed • Add contents of an index register Scaled index • Add contents of an index register scaled by a constant 45
Operand addressing example Address Value 0x100 0xFF 0x104 0xAB 0x108 0x13 0x10C 0x11 Register Value ax 0x100 cx 0x01 dx 0x03 Operand %eax 0x104 $0x108 (%eax) Value Comment 0x100 Register 0xAB Absolute Address - memory 0x108 Immediate 0xFF Address 0x100 - indirect Address 0x104 - base+displacement 4(%eax) 0XAB (4+register) Address 0x10C – indexed 9(%eax,%edx) 0X11 (9 + eax+edx) Address 0x108 – indexed 0x104(%ecx,%edx) 0X13 (0x104+ecx+edx) Address 0x100 - scaled index 0xFC(,%ecx,4) 0XFF (0xfc+0+ecx*4) Address 0x10C - scaled index (%eax,%edx,4) 0X11 (eax+edx*4) *scaled index multiplies the 2nd argument by the scaled value (the 3rd argument) which must be a value of 1, 2, 4 or 8 (sizes of the primitive data types) 46
Operand Combinations example Source Dest Src,Dest* C analog Immediate Register movl $0x4, %eax temp = 0x4; Immediate Memory movl $-147, (%eax) *p = -147; Register Register movl %eax, %edx temp2 = temp1; Register Memory movl %eax, (%edx) *p = temp; Memory Register movl (%eax), %edx temp = *p; • Each statement should be viewed separately. • REMINDER: cannot do memory-memory transfer with a single instruction. • The parentheses around the register tell the assembler to use the register as a pointer. 47
Size Directive • Typically you can infer the size being operated on by which variation of the register is in use • mov (ebx), %eax • Destination EAX, implies moving 4 bytes • mov (ebx), %ax • Destination AX implies moving only 2 bytes • mov (ebx), %ah • Destination ah implies moving only 1 bytes
Size Directive • Sometimes it is unclear though. • mov $2, (%ebx) • How many bytes do you move into memory @ address ebx. 2? 4? 8? • Have to explicitly specify size when dealing with immediate values • movw $2, (%ebx) • Explicitly move 2 bytes • movl $2, (%ebx) • Explicitly move 4 bytes C Declaration Suffix Size char b 8 bits short w or s 16 bits int l 32 bits * (pointer) l 32 bits float s 32 bits long q 64 bits
x86 Instructions • Three categories • Data Movement • Arithmetic/Logic • Control-Flow • We will not cover ALL x86 instructions, there are numerous obscure ones • We will cover all of the common instructions • For full list of operands see Intel’s instruction set reference
x86 Instructions <reg32> Any 32-bit register (EAX, EBX, ECX, EDX, ESI, EDI, ESP, or EBP) <reg16> Any 16-bit register (AX, BX, CX, or DX) <reg8> Any 8-bit register (AH, BH, CH, DH, AL, BL, CL, or DL) <reg> Any register <mem> A memory address (e.g., [eax], [var + 4], or dword ptr [eax+ebx]) <con32> Any 32-bit constant <con16> Any 16-bit constant <con8> Any 8-bit constant <con> Any 8-, 16-, or 32-bit constant
Data Movement • mov source, destination • Move data from source to destination • Syntax mov <reg>,<reg> mov <reg>,<mem> mov <mem>,<reg> mov <const>, <reg> mov <const>, <mem> • Examples mov %eax, %ebx — copy the value in eax into ebx
Data Movement • push • add 4 bytes on top of the stack • Syntax push <reg32> push <mem> push <con32> • Examples push %eax — push eax on the stack
Data Movement • pop • remove top 4 byte value from stack • Syntax pop <reg32> pop <mem> • Examples pop %eax — pop off stack into eax
Data Movement • lea – Load Effective Address • loads the address of the source into the registers in the second operand • Syntax lea <mem>, <reg32> • Examples lea (var), %eax — address of var is placed into eax
Arithmetic and Logic • add • adds together the two operands and stores result in the second operand • Syntax add <reg>,<reg> add <reg>,<mem> add <mem>,<reg> add <imm>,<reg> add <imm>,<mem> Examples add $10, %eax — add 10 to the current value in eax, and store result in eax
Arithmetic and Logic • sub • subtracts the two operands and stores result in the second operand • Syntax sub <reg>,<reg> sub <reg>,<mem> sub <mem>,<reg> sub <imm>,<reg> sub <imm>,<mem> Examples sub $10, %eax — subtracts 10 from the current value in eax, and store result in eax

More Related Content

PPT
Lec20 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Da...
Hsien-Hsin Sean Lee, Ph.D.
 
PDF
The Stack and Buffer Overflows
UTD Computer Security Group
 
PPT
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Hsien-Hsin Sean Lee, Ph.D.
 
PPTX
Seh based attack
Mihir Shah
 
PPT
Assem -lect-6
Dolly Angel
 
PPT
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Hsien-Hsin Sean Lee, Ph.D.
 
PPT
Windows debugging sisimon
Sisimon Soman
 
PDF
X86 assembly & GDB
Jian-Yu Li
 
Lec20 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Da...
Hsien-Hsin Sean Lee, Ph.D.
 
The Stack and Buffer Overflows
UTD Computer Security Group
 
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Hsien-Hsin Sean Lee, Ph.D.
 
Seh based attack
Mihir Shah
 
Assem -lect-6
Dolly Angel
 
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Hsien-Hsin Sean Lee, Ph.D.
 
Windows debugging sisimon
Sisimon Soman
 
X86 assembly & GDB
Jian-Yu Li
 

What's hot (20)

PDF
[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
Functional Thursday
 
PPSX
L293D IC interfacing with ATmega16
Varun A M
 
PDF
ROP
Jian-Yu Li
 
PPTX
Input Output programming in AVR microcontroller
Robo India
 
PPTX
How Functions Work
Saumil Shah
 
PDF
Class9
Sai Santosh Praveen
 
PPSX
Programming ATmega microcontroller using Embedded C
Varun A M
 
PPT
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
Hsien-Hsin Sean Lee, Ph.D.
 
PDF
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
Code Engn
 
PPT
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
Hsien-Hsin Sean Lee, Ph.D.
 
PDF
Getting Started with Raspberry Pi - DCC 2013.1
Tom Paulus
 
PPT
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
Hsien-Hsin Sean Lee, Ph.D.
 
PDF
Dsd lab Practical File
Soumya Behera
 
PPT
W10: Interrupts
Daniel Roggen
 
PPTX
Microprocessor Week 8: Subroutine
Arkhom Jodtang
 
PDF
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
Anne Nicolas
 
PPT
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
RootedCON
 
PPTX
Page table manipulation attack
Jungseung Lee 이정승
 
PDF
Microcontroller Instruction Set atmel
Ruderocker Billy
 
PDF
Using Timers in PIC18F Microcontrollers
Corrado Santoro
 
[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
Functional Thursday
 
L293D IC interfacing with ATmega16
Varun A M
 
ROP
Jian-Yu Li
 
Input Output programming in AVR microcontroller
Robo India
 
How Functions Work
Saumil Shah
 
Class9
Sai Santosh Praveen
 
Programming ATmega microcontroller using Embedded C
Varun A M
 
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
Hsien-Hsin Sean Lee, Ph.D.
 
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
Code Engn
 
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
Hsien-Hsin Sean Lee, Ph.D.
 
Getting Started with Raspberry Pi - DCC 2013.1
Tom Paulus
 
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
Hsien-Hsin Sean Lee, Ph.D.
 
Dsd lab Practical File
Soumya Behera
 
W10: Interrupts
Daniel Roggen
 
Microprocessor Week 8: Subroutine
Arkhom Jodtang
 
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
Anne Nicolas
 
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
RootedCON
 
Page table manipulation attack
Jungseung Lee 이정승
 
Microcontroller Instruction Set atmel
Ruderocker Billy
 
Using Timers in PIC18F Microcontrollers
Corrado Santoro
 
Ad

Similar to 17 (20)

PPTX
Assembly language.pptx
ShaistaRiaz4
 
PDF
Intel8086_Flags_Addr_Modes_sample_pgms.pdf
Anonymous611358
 
PPTX
Coal (1)
talhashahid40
 
PPT
Unit 3 assembler and processor
Abha Damani
 
PDF
Lecture6.pdf computer architecture for computer science
kareem mohamed
 
PPT
8051assembly language
Hisham Mat Hussin
 
PPTX
Lec06
siddu kadiwal
 
PPTX
The 8051 microcontroller
PallaviHailkar
 
PPTX
Introduction of 8086 micro processor .
Siraj Ahmed
 
PDF
reductio [ad absurdum]
Shakacon
 
PPTX
Microcontroller Introduction and the various features
vipulkondekar
 
PPTX
Assembly Language and microprocessor
Khaled Sany
 
PPT
Instructions_introductionM2.1.about.microcontrollerppt
yesmskai
 
PDF
Avr instruction set
Kendar Donayre Manrique
 
PDF
mca is a microcontroller and accmulator is a third year couse
gauravsharma4365
 
PPT
Assembly language
Piyush Jain
 
PPT
instruction_set_8051_microcontroller.ppt
KhairulAlam98
 
PPT
microcontroller_instruction_set for ENGINEERING STUDENTS
ssuser2b759d
 
PPTX
Intro to reverse engineering owasp
Tsvetelin Choranov
 
PPT
Material com Conceitos de Assembler Mainframe
Flavio787771
 
Assembly language.pptx
ShaistaRiaz4
 
Intel8086_Flags_Addr_Modes_sample_pgms.pdf
Anonymous611358
 
Coal (1)
talhashahid40
 
Unit 3 assembler and processor
Abha Damani
 
Lecture6.pdf computer architecture for computer science
kareem mohamed
 
8051assembly language
Hisham Mat Hussin
 
Lec06
siddu kadiwal
 
The 8051 microcontroller
PallaviHailkar
 
Introduction of 8086 micro processor .
Siraj Ahmed
 
reductio [ad absurdum]
Shakacon
 
Microcontroller Introduction and the various features
vipulkondekar
 
Assembly Language and microprocessor
Khaled Sany
 
Instructions_introductionM2.1.about.microcontrollerppt
yesmskai
 
Avr instruction set
Kendar Donayre Manrique
 
mca is a microcontroller and accmulator is a third year couse
gauravsharma4365
 
Assembly language
Piyush Jain
 
instruction_set_8051_microcontroller.ppt
KhairulAlam98
 
microcontroller_instruction_set for ENGINEERING STUDENTS
ssuser2b759d
 
Intro to reverse engineering owasp
Tsvetelin Choranov
 
Material com Conceitos de Assembler Mainframe
Flavio787771
 
Ad

Recently uploaded (20)

PDF
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PDF
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
PDF
Doc9.....................................
SofiaCollazos
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
The Evolution of KM Roles (Presented at Knowledge Summit Dublin 2025)
Enterprise Knowledge
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
Doc9.....................................
SofiaCollazos
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
The Evolution of KM Roles (Presented at Knowledge Summit Dublin 2025)
Enterprise Knowledge
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 

17

  • 2. Y86 programmer-visible state • The Y86 has: • • • • • 8 32-bit registers with the same names as the IA32 32-bit registers 3 condition codes: ZF, SF, OF • no carry flag - interpret integers as signed a program counter (PC) • Holds the address of the instruction currently being executed a program status byte: AOK, HLT, ADR, INS • State of program execution memory: up to 4 GB to hold program and data (4096 = 2^12) RF: Program registers %eax %esi %ecx %edi %edx %esp %ebx CC: Condition codes Stat: Program Status %ebp ZF SF OF DMEM: Memory PC 2
  • 3. Condition Codes • 3 condition codes in y86 • ZF – Set if the result of the last arithmetic operation is 0 • SF – Set if the result of the last arithmetic operation resulted in the sign bit being set • OF – Set if the result of the last arithmetic operation resulted in an overflow
  • 4. Conditions • FLAGS: Zero, Sign, Overflow • Less or Equal • Z = 1, S = 1, O = X • Z = 0, S = 1, O = X • Z = 1, S = 0, O = X • Z = 0, S = X, O = X • Z = 1, S = 0, O = X • Z = 0, S = 0, O = X • Less • Equal • Not Equal • Greater or Equal • Greater
  • 5. Simple Addressing Modes • Normal = (R) = Mem[Reg[R]] • Register Reg specifies memory address • denoted by a register in ( ) • Example value 0x120 0x11 0x121 0x22 0x122 0x33 0x123 ecx = 0x00000120 addr 0x44 movl (%ecx),%eax move the value that is at the address in ecx into eax Moves 0x11223344 into eax 5
  • 6. Simple Addressing Modes • Displacement = D(R) = Mem[Reg[R]+D] • Register R specifies start of memory address • Constant displacement D specifies offset • In bytes loads 0x33445566 into edx value 0x120 0x11 0x121 0x22 0x122 0x33 0x123 0x44 0x124 • Denoted by displacement(register) ebp = 0x120 movl 2(%ebp),%edx move the value at ebp (0x120) + 2 into edx addr 0x55 0x125 0x66 6
  • 7. Y86 example program w/ loop # y86loop.ys .pos 0x0 irmovl $0,%eax irmovl $1,%ecx Loop: addl %ecx,%eax irmovl $1,%edx addl %edx,%ecx irmovl $1000,%edx subl %ecx,%edx jge Loop halt # sum = 0 # num = 1 CONVERT TO C sum=0; num = 1; do { sum += num; num++; } while (1000 – num >= 0) # sum += num # tmp = 1 # num++ # lim = 1000 # if lim - num >= 0 # loop again 7
  • 8. Y86 example program w/ loop # y86loop.ys .pos 0x0 irmovl $0,%eax irmovl $1,%ecx Loop: addl %ecx,%eax irmovl $1,%edx addl %edx,%ecx irmovl $1000,%edx subl %ecx,%edx jge Loop halt # sum = 0 # num = 1 CONVERT TO C sum=0; num = 1; do { sum += num; num++; } while (1000 – num >= 0) # sum += num # tmp = 1 # num++ # lim = 1000 # if lim - num >= 0 # loop again Why don’t we just do addl $1, %edx?? Cant! not allowed, only register to register 8
  • 9. Y86 Stack • Stack top address always held in esp • Stack grows towards lower addresses Stack “Top” %esp • • • Stack “Bottom” Increasing Addresses
  • 10. Y86 Stack - Push • Pushing • Decrement the stack register by 4 then store new data (1) addr value (2) addr value 0x11B //(1)esp = 0x120 movl 0xFECA8712, %eax push %eax //(1)esp = 0x11C 0x11B 0x11C 0x11C 0x12 0x11D 0x11D 0x87 0x11E 0x11E 0xCA 0x11F 0x11F 0xFE 0x120 0x11 0x120 0x11 0x121 0x22 0x121 0x22 0x122 0x33 0x122 0x33
  • 11. Y86 Stack - Pop • Pushing • Save new data on stack, Increment the stack register by 4 (1) addr //(1) esp = 0x11C pop eax //(2) esp = 0x120 //eax = 0xFECA8712 value (2) addr value 0x11B 0x11B 0x11C 0x12 0x11C 0x11D 0x87 0x11D 0x11E 0xCA 0x11E 0x11F 0xFE 0x11F 0x120 0x11 0x120 0x11 0x121 0x22 0x121 0x22 0x122 0x33 0x122 0x33
  • 12. Stack Example 2 ==PUSH== subl $4, %esp movl %ebp, (%esp) ==POP=== movl (%esp), %eax addl $4, %esp
  • 16. Executing  rmmovl • Fetch • Read 6 bytes • Read operand registers • Decode • Execute • Compute effective address • Memory • Write to memory • Do nothing • Increment PC by 6 • Write back • PC Update 16
  • 17. Executing  Arithmetic/Logical Ops • Fetch • Read 2 bytes • Read operand registers • Decode • Execute • • Perform operation Set condition codes • Do nothing • Update register • Increment PC by 2 • Memory • Write back • PC Update 17
  • 18. Executing  popl • • • • • Fetch • Decode • Read stack pointer Execute • Increment stack pointer by 4 Memory • Read from old stack pointer Write back • • • Read 2 bytes Update stack pointer Write result to register PC Update • Increment PC by 2 18
  • 19. Jumps • • • • • • Fetch • • Read 5 bytes Increment PC by 5 Decode • Do nothing Execute • Determine whether to take branch based on jump condition and condition codes Memory • Do nothing Write back • Do nothing PC Update • Set PC to Dest if branch taken or to incremented PC if not branch 19
  • 20. Executing  Call • • • • • • Fetch • • Read 5 bytes Increment PC by 5 Decode • Read stack pointer Execute • Decrement stack pointer by 4 Memory • Write incremented PC to new value of stack pointer Write back • Update stack pointer PC Update • Set PC to Dest 20
  • 21. Executing  ret • • • • • • Fetch • • Read 1 bytes Increment PC by 1 Decode • Read stack pointer Execute • Decrement stack pointer by 4 Memory • Write incremented PC to new value of stack pointer Write back • Update stack pointer PC Update • Set PC to Dest 21
  • 23. Instruction encoding practice • Determine the byte encoding of the following Y86 instruction sequence given ―.pos 0x100‖ specifies the starting address of the object code to be 0x100 (practice problem 4.1) .pos 0x100 # start code at address 0x100 irmovl $15, %ebx #load 15 into %ebx rrmovl %ebx, %ecx #copy 15 to %ecx loop: rmmovl %ecx, -3(%ebx)#save %ecx at addr 15-3=12 addl %ebx, %ecx #increment %ecx by 15 jmp loop # goto loop 23
  • 24. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx rrmovl %ebx, %ecx rmmovl %ecx, -3(%ebx) loop: addl %ebx, %ecx jmp loop
  • 25. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: rmmovl %ecx, -3(%ebx) addl %ebx, %ecx jmp loop
  • 26. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: 0x108: 4013fdffffff //rmmovl %ecx, -3(%ebx) addl %ebx, %ecx jmp loop
  • 27. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: 0x108: 4013fdffffff //rmmovl %ecx, -3(%ebx) 0x10e: 6031 //addl %ebx, %ecx jmp loop
  • 28. Instruction encoding practice 0x100: 0x106: loop: 0x108: 0x10e: 0x110: 30f30f000000 //irmovl $15, %ebx 2031 //rrmovl %ebx, %ecx 4013fdffffff //rmmovl %ecx, -3(%ebx) 6031 //addl %ebx, %ecx 708010000 //jmp loop
  • 29. Instruction encoding practice (cont) What about disassembling? 0x200: a06f80080200000030f30a00000090 0x400: 6113730004000000 29
  • 30. Instruction encoding practice (cont) What about disassembling? 0x200: a06f push %esi 0x202: 80080200000030f30a00000090 0x400: 6113730004000000 30
  • 31. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 8008020000 0x208: 30f30a00000090 0x400: 6113730004000000 pop %esi call 0x208 31
  • 32. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113730004000000 pop %esi call 0x208 irmovl $a0, %ebx 32
  • 33. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113730004000000 pop %esi call 0x208 irmovl $a0, %ebx ret 33
  • 34. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113 0x402: 730004000000 pop %esi call 0x208 irmovl $a0, %ebx ret subl %ecx, %ebx 34
  • 35. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113 0x402: 73004000000 pop %esi call 0x208 irmovl $a0, %ebx ret subl %ecx, %ebx je 0x400 35
  • 36. Y86 int Sum(int *Start, int Count) { int sum = 0; while (Count) { sum += *Start; Start++; Count--; } } 36
  • 37. x86 • 8 32 bit registers • General Purpose Registers • • • • • • eax ebx ecx edx esi edi • Stack Register • esp • Base Register • ebp
  • 39. x86 Registers • • • • • • eax, ebx, ecx, edx Registers can be accessed in parts Rrx – Referes to the 64 bit register erx – Refers to 32 bit register rx – Referes to the lower 16 bits of erx rh – Refers to the top 8 bits of the rx bit register • rl – Refers to the lower 8 bits of the rx register
  • 40. Condition Flags • CF – Carry – Last arithmetic resulted in a carry • PF – Parity – Last arithmetic/logical operation results in even parity (even number of 1’s) • ZF – Zero – Last arithmetic/logical operation resulted in a zero • SF – Sign – Last arithmetic operation resulted in the sign bit being set • OF – Overflow – Last arithmetic resulted in an overflow
  • 41. Condition Flags • AF – Adjust – Last arithmetic results in a carry out of the lowest 4 bits (Used for BCD arithmetic) • TF – Trap – Enables CPU single step mode – Used for debugging • IF – Interrupt Enable – Enables cpu to handle system interrupts • DF – Direction – Sets the direction of string processing from R->L
  • 42. Verbiage • Opcode operand1, operand2 • operand1 and/or operand2 are not always required, depending on the opcode • mov eax, ebx • Opcode – mov • operand1 – eax • operand2 - ebx
  • 43. Operand Specifiers • Source operand • Constants, registers, or memory • Destination operand • Registers or memory • Cannot do Memory-Memory transfer with a single instruction • 3 types of operands • Immediate • Register • Memory 43
  • 44. IA32 – Intel Architecture • 32-bit address bus • • normal physical address space of 4 GBytes (232 bytes) addresses ranging continuously from 0 to 0xFFFFFFFF • Data formats  • • Primitive data types of C Single letter suffix • • denotes size of operand No aggregate types • Arrays, structures C Declaration Suffix Size char B 8 bits short W or S 16 bits int L 32 bits * (pointer) L 32 bits float S 32 bits 44
  • 45. Addressing Modes • An addressing mode is a mechanism for specifying an address. • Immediate • Register • Memory • • • • Absolute • specify the address of the data Indirect • use register to calculate address Base + displacement • use register plus absolute address to calculate address Indexed • • Indexed • Add contents of an index register Scaled index • Add contents of an index register scaled by a constant 45
  • 46. Operand addressing example Address Value 0x100 0xFF 0x104 0xAB 0x108 0x13 0x10C 0x11 Register Value ax 0x100 cx 0x01 dx 0x03 Operand %eax 0x104 $0x108 (%eax) Value Comment 0x100 Register 0xAB Absolute Address - memory 0x108 Immediate 0xFF Address 0x100 - indirect Address 0x104 - base+displacement 4(%eax) 0XAB (4+register) Address 0x10C – indexed 9(%eax,%edx) 0X11 (9 + eax+edx) Address 0x108 – indexed 0x104(%ecx,%edx) 0X13 (0x104+ecx+edx) Address 0x100 - scaled index 0xFC(,%ecx,4) 0XFF (0xfc+0+ecx*4) Address 0x10C - scaled index (%eax,%edx,4) 0X11 (eax+edx*4) *scaled index multiplies the 2nd argument by the scaled value (the 3rd argument) which must be a value of 1, 2, 4 or 8 (sizes of the primitive data types) 46
  • 47. Operand Combinations example Source Dest Src,Dest* C analog Immediate Register movl $0x4, %eax temp = 0x4; Immediate Memory movl $-147, (%eax) *p = -147; Register Register movl %eax, %edx temp2 = temp1; Register Memory movl %eax, (%edx) *p = temp; Memory Register movl (%eax), %edx temp = *p; • Each statement should be viewed separately. • REMINDER: cannot do memory-memory transfer with a single instruction. • The parentheses around the register tell the assembler to use the register as a pointer. 47
  • 48. Size Directive • Typically you can infer the size being operated on by which variation of the register is in use • mov (ebx), %eax • Destination EAX, implies moving 4 bytes • mov (ebx), %ax • Destination AX implies moving only 2 bytes • mov (ebx), %ah • Destination ah implies moving only 1 bytes
  • 49. Size Directive • Sometimes it is unclear though. • mov $2, (%ebx) • How many bytes do you move into memory @ address ebx. 2? 4? 8? • Have to explicitly specify size when dealing with immediate values • movw $2, (%ebx) • Explicitly move 2 bytes • movl $2, (%ebx) • Explicitly move 4 bytes C Declaration Suffix Size char b 8 bits short w or s 16 bits int l 32 bits * (pointer) l 32 bits float s 32 bits long q 64 bits
  • 50. x86 Instructions • Three categories • Data Movement • Arithmetic/Logic • Control-Flow • We will not cover ALL x86 instructions, there are numerous obscure ones • We will cover all of the common instructions • For full list of operands see Intel’s instruction set reference
  • 51. x86 Instructions <reg32> Any 32-bit register (EAX, EBX, ECX, EDX, ESI, EDI, ESP, or EBP) <reg16> Any 16-bit register (AX, BX, CX, or DX) <reg8> Any 8-bit register (AH, BH, CH, DH, AL, BL, CL, or DL) <reg> Any register <mem> A memory address (e.g., [eax], [var + 4], or dword ptr [eax+ebx]) <con32> Any 32-bit constant <con16> Any 16-bit constant <con8> Any 8-bit constant <con> Any 8-, 16-, or 32-bit constant
  • 52. Data Movement • mov source, destination • Move data from source to destination • Syntax mov <reg>,<reg> mov <reg>,<mem> mov <mem>,<reg> mov <const>, <reg> mov <const>, <mem> • Examples mov %eax, %ebx — copy the value in eax into ebx
  • 53. Data Movement • push • add 4 bytes on top of the stack • Syntax push <reg32> push <mem> push <con32> • Examples push %eax — push eax on the stack
  • 54. Data Movement • pop • remove top 4 byte value from stack • Syntax pop <reg32> pop <mem> • Examples pop %eax — pop off stack into eax
  • 55. Data Movement • lea – Load Effective Address • loads the address of the source into the registers in the second operand • Syntax lea <mem>, <reg32> • Examples lea (var), %eax — address of var is placed into eax
  • 56. Arithmetic and Logic • add • adds together the two operands and stores result in the second operand • Syntax add <reg>,<reg> add <reg>,<mem> add <mem>,<reg> add <imm>,<reg> add <imm>,<mem> Examples add $10, %eax — add 10 to the current value in eax, and store result in eax
  • 57. Arithmetic and Logic • sub • subtracts the two operands and stores result in the second operand • Syntax sub <reg>,<reg> sub <reg>,<mem> sub <mem>,<reg> sub <imm>,<reg> sub <imm>,<mem> Examples sub $10, %eax — subtracts 10 from the current value in eax, and store result in eax

Editor's Notes

  • #3: Start of Chapter 4http://vip.cs.utsa.edu/classes/cs3843f2011/notes/ch04-1.html
  • #8: Technically, the bits are set to ZF=1, SF=0 and OF=0 when the program startsWhy not add 1 to %ecx addl $1,%edx… CAN’T not allowed – only reg to reg Op
  • #9: Technically, the bits are set to ZF=1, SF=0 and OF=0 when the program startsWhy not add 1 to %ecx addl $1,%edx… CAN’T not allowed – only reg to reg Op
  • #24: 0x100: 30f30f0000000x106: 20310x108: 4013fdffffff0x10e: 60310x110: 7008010000
  • #30: Parts A, B and D of practice problem 4.2See pages 458-459 for solutions*** C and E have exceptions
  • #44: Of course can’t have a constant as a destination operand
  • #45: Similar to Y86 .long but Y86 has only one operand size (32-bit)
  • #46: Reminder: Y86 has two addressing modes:(reg) = get the value at that address designated by the reg this is “indirect” for IA32D(reg) = displacement + reg then get the value at the address of D+R  this is “base + displacement” for IA32