cs 301 fall 2001 – chapter 7
DESCRIPTION
CS 301 Fall 2001 – Chapter 7. Slides by Prof. Hartman, following “IBM PC Assembly Language Programming” by Peter Abel . Address types. Short – Same segment, one byte offset, -128 to +127 Near – Same segment, two byte (80286 and earlier) or four byte (80386 and later) offset. - PowerPoint PPT PresentationTRANSCRIPT
04/22/23 1
CS 301 Fall 2001 – Chapter 7
Slides by Prof. Hartman, following “IBM PC Assembly Language Programming” by Peter Abel
04/22/23 2
Address types
Short – Same segment, one byte offset, -128 to +127
Near – Same segment, two byte (80286 and earlier) or four byte (80386 and later) offset.
Far – Different segment
04/22/23 3
Branching Instructions
JMP can jump to Short, Near, or Far addresses
Jxx can jump to Short or Near (80386+) addresses
LOOP can jump to Short addresses CALL can jump to Near or Far addresses
04/22/23 4
Short Jumps
If the label is before the jump (jumping back) NASM will automatically choose a Short jump if possible.
If the label is after the jump (jumping forward) NASM will always use a Near jump, unless you specify jmp short label
04/22/23 5
NASM labels
Labels beginning with a period are “local” labels – they are associated with the most recent non-local label.
04/22/23 6
Converting high-level control structures – if/elseif ( condition ) {
// body of then_block}
else {// body of else_block}
In C is roughly equivalent to the following assembly code. Note the use of local labels.
; code to set flags based on conditionjxx .else_block ; select xx to branch if false; code for body of then_blockjmp .endif
.else_block:; code for body of else_block
.endif:
04/22/23 7
Converting high-level control structures – whilewhile ( condition ) {
// body of loop}
In C is roughly equivalent to the following assembly code. Note the use of local labels.
.while:; code to set flags based on conditionjxx .endwhile ; select xx so that branches if false; body of loopjmp .while
.endwhile:
04/22/23 8
Converting high-level control structures – do/whiledo {
// body of loop} while ( condition )
In C is roughly equivalent to the following assembly code. Note the use of local labels.
.do:; code for body of loop; code to set flags based on conditionjxx .do ; select xx so branches if true
04/22/23 9
Converting high-level control structures – for Should put here a slide converting for loop
04/22/23 10
LOOP instruction
LOOP label Decrements ecx (or cx in 16-bit mode) and
branches to label unless ecx is then zero. LOOPE/LOOPZ label
Adds condition that ZF=1. LOOPNE/LOOPNZ label
Adds condition that ZF=0.
04/22/23 11
Converting high-level control structures – for (again!) And should put here a slide using LOOP to
convert a for loop.
04/22/23 12
CALL and RET
CALL proc_name Pushes IP, sets IP to offset of proc_name (and
clears processor’s prefetch instruction queue) RET [n]
Pops IP (and clears processor’s prefetch instruction queue)
Possibly “pops” n arguments from the stack
04/22/23 13
Passing parameters
Can pass parameters by reference (address) or value.
Can pass parameters in registers or on stack.
Examples using registers: regpassing.asm
04/22/23 14
Passing parameters on the stack 1
Push parameters on the stack before the CALL instruction
Procedure doesn’t pop them off, it accesses them directly on the stack: Avoids having to pop off return address then put it back
on Allows using the parameter multiple times Need to use indirect addressing
Examples using stack: stackpassing.asm
04/22/23 15
Indirect Addressing
Can add registers and/or constants and/or a location and get at what is located in the result MOV eax,[data] MOV eax,[ebx] MOV eax,[data+ebx] MOV eax,[ebx+2] MOV eax,[ebx*8+esp+4]
04/22/23 16
Passing parameters on the stack 2
CALL places return address on stack, so parameters are at [esp+4] (last parameter pushed), [esp+8] (next to last), etc.
What if the subroutine pushes something? Now esp has changed, so parameters are at [esp+8] (last parameter), etc. Yuck!
Solution is to set ebp to esp when entering. Then esp may change, but ebp won’t.
04/22/23 17
Passing parameters on the stack 3
But what if the routine that called us was using ebp? We’ll have to save it first, and restore it when we’re done.
push ebpmov ebp,esp…pop ebp
Parameters are now at [ebp+8] (last parameter pushed), [ebp+12], etc.
04/22/23 18
C Calling Convention
Parameters are pushed onto stack in reverse order.
Caller is responsible for removing parameters from stack
Subroutine maintains ebx, esi, edi, ebp, cs, ds, ss, es. (and could change eax, ecx, edx)
Return values are passed via eax (extended to 32 bits) or ST0 (floating point).
04/22/23 19
Local Variables
Corresponding to C’s “auto” (automatic), the default of any C/C++ variable.
Allow reentrant code. Stored on the stack. To make space,
subtract storage amount from esp. To restore, just put ebp back into esp.
Example: factorial.asm
04/22/23 20
More Local Variables Examples
local1.asm local2.asm
04/22/23 21
Prologue and Epilogue
So the start (prologue) of most subroutines looks like push ebpmov ebp,espsub esp,n ;where n is immediate, how much
space
And the end (epilogue) looks likemov esp,ebppop ebp
Local storage is from [ebp-1] to [ebp-n]. Typically n is a multiple of 4 and you would use [ebp-4], [ebp-8], …
Parameters are located at [ebp+8] (last parameter pushed), [ebp+12], and so on.
04/22/23 22
ENTER and LEAVE
ENTER takes two immediate mode parameters. First is number of bytes of local storage, second is (for C programs) always 0. (The second parameter is nesting level, for languages like Pascal that can have nested procedures.)
ENTER n,0 replaces prologue. LEAVE (no parameters) replaces epilogue.
04/22/23 23
The Way It’s Done
So the start (prologue) of most subroutines looks like
enter n,0 ;n=how much local storage space (in bytes)
And the end (epilogue) looks likeleave
Local storage is from [ebp-1] to [ebp-n]. Typically n is a multiple of 4 and you would use [ebp-4], [ebp-8], …
Parameters are located at [ebp+8] (last parameter pushed), [ebp+12], and so on.
04/22/23 24
Boolean Operations
AND, OR, XOR, TEST, NOT Useful to set, clear, or test bits AND/OR/XOR reg/mem, reg/mem/imm
Affect CF, OF, PF, SF, and ZF. AF undefined. NOT reg/mem
Reverses 1’s and 0’s (one’s complement)
04/22/23 25
Boolean Operations – AND
AND reg/mem, reg/mem/imm Affects CF(0), OF(0), PF, SF, and ZF. AF
undefined. To clear some bits, AND with a binary
value with 0s where you wish to clear and 1s elsewhere.
04/22/23 26
Boolean Operations – OR
OR reg/mem, reg/mem/imm Affects CF(0), OF(0), PF, SF, and ZF. AF
undefined. To set some bits, OR with a binary value
with 1s where you wish to set and 0s elsewhere.
04/22/23 27
Boolean Operations – XOR
XOR reg/mem, reg/mem/imm Affects CF(0), OF(0), PF, SF, and ZF. AF
undefined. To flip some bits, XOR with a binary value
with 1s where you wish to flip and 0s elsewhere.
XOR reg,reg The shortest way to set a register to 0
04/22/23 28
Boolean Operations – TEST
TEST reg/mem, reg/mem/imm Affects CF(0), OF(0), PF, SF, and ZF. AF
undefined. Just like AND but doesn’t put the result in
the destination (sets flags only)
04/22/23 29
Boolean Operations – NOT
NOT reg/mem Affects no flags
Reverses 1’s and 0’s (one’s complement)
04/22/23 30
Shifting And Rotating Bits
SHR/SAR/SHRD – Shifting right SHL/SAL/SHLD – Shifting left ROR/RCR – Rotating right ROL/RCL – Rotating left op reg/mem, CL/imm opD reg/mem, reg/mem/imm, CL/imm Flags – all affect CF, OF, PF, SF, ZF. AF
undefined.
04/22/23 31
C (and C++) Bitwise Operations
& is AND (note & is not &&) | is OR (again, | is different from ||) ~ is NOT ^ is XOR << is SAL/SHL >> is SAR/SHR (depending on whether
type is signed or not)
04/22/23 32
Examples – Counting Bits
We’ll talk about four methods:1. Rotate through all bits, counting for each 1
we find.2. Add the 1’s up: bitcount.c3. Use a table lookup: bitcount2.c4. Clear one 1 per iteration of a loop, count how
many times: bitcount3.c