MEMORY in MEMORY in 80X86 Design80X86 Design

OutlineOutline

o Addressing memoryo Data typeso MOV instructiono Addressing modeso Instruction format

BasicsBasics

o Memory in the x86 processors is byte-addressableo Whenever we present an address to the

address bus, we specify the location of a byte in memory

o Byte is the basic memory unito It is possible to retrieve/store more than

one bytes with a single memory accesso 16-bit words, consecutive byteso 32-bit doublewords, consecutive bytes

Logical vs. physical Logical vs. physical memorymemory

o Logical memory is the “view” of memory seen by the programmero A large byte-addressable array of byteso We can read/write bytes, words or doublewordso We do not worry about how data is fetched from

memory, we only see the result of the memory access as 1,2, or 4 bytes

o Physical memory o The physical organization of memory cells, which is

not “visible” to the programmero The unit of access to physical memory is equal to

the width of the data buso E.g. 16 bits in 8086, 32 bits in 80386 and later

8086 physical memory8086 physical memory

o Read a byte of address 0: result=FF

o Read a word from address 0: result=ABFF

o Read a doubleword from address 0: result=5512ABFF

AB1 FF55 1214 3376 DE01 46F1 24E9 1190 87

3

5

7

9

B

D

F

0

2

4

6

8

A

C

E

Odd Bank Even Bank

Data Bus (15:8) Data Bus (7:0)

x86 byte orderingx86 byte ordering

o Memory locations 0 and 1 contain FF and AB…

o But a word access from address 0 returns ABFF

o x86 uses “little endian” byte ordero The requested address (0) points to the

lower order byte of the resulto The higher order byte of the result is taken

from the next higher sequential address (1)

Byte orderingByte ordering

o Little endian vs. big endiano In big endian ordering the higher

order byte of the result is retrieved from the requested address

o Used in many UNIX servers

o Byte ordering is a property of the architecture

Byte alignmentByte alignment

• When we read from When we read from word 0 word 0 data(15:8)=AB,data(data(15:8)=AB,data(7:0)=FF7:0)=FF

• Bytes as presented Bytes as presented in the data bus are in in the data bus are in the right order!the right order!

• This is an aligned This is an aligned memory accessmemory access

AB1 FF55 1214 3376 DE01 46F1 24E9 1190 87

3

5

7

9

B

D

F

0

2

4

6

8

A

C

E

Odd Bank Even Bank

Data Bus (15:8) Data Bus (7:0)

Byte alignmentByte alignment

• What if read a word from What if read a word from address 1 ?address 1 ?

• It is a valid memory It is a valid memory access, you can always access, you can always read from odd addressesread from odd addresses

• Result should be 12ABResult should be 12AB• But the bytes in the data But the bytes in the data

bus are not aligned bus are not aligned data(15:8)=AB,data(7:0)=1data(15:8)=AB,data(7:0)=122

AB1 FF55 1214 3376 DE01 46F1 24E9 1190 87

3

5

7

9

B

D

F

0

2

4

6

8

A

C

E

Odd Bank Even Bank

Data Bus (15:8) Data Bus (7:0)

Byte alignmentByte alignment

o Whenever we read more than one bytes from memory the bytes presented in the address bus must be aligned according to the architecture byte ordering

o If we read a word from address 1, the byte in address 2 must be stored in the higher order byte of the data bus and the byte in address 1 in the lower order byte of the data bus

o 10 years ago I had to do that by hand…o But you don’t have to do it anymore, the

processor takes care of it

Byte alignmentByte alignment

o Do we have to worry about unaligned memory accesses ?

o Yes, if you want your program to run fast!o In an unaligned memory access the processor

has too Read odd byte (one memory access)o Read even byte (second memory access)o Align the two bytes (some overhead in the hardware)

o In an aligned memory access the processor justo Reads even byte (one memory access)

o Aligned access is least twice as fast

Data TypesData Types

o Integer numberso Bits, Nibbles, Bytes, Words, Doublewordso Signed/unsigned

o Floating point numberso Different format than integers

o Texto 7-bit ASCII characters (letters, characters)o 8-bit ASCII encoding allows for 128 more

graphical symbolso Strings: sequences of characterso Documents: collection of strings

Data TypesData Types

o Arrayso Sequences of numbers, characters

o Fileso Images (.jpg, .gif, .tiff,…)o Video (MPEG, .avi, Quicktime,…)o Audio (.wav, .mp3,…)

o Everything is managed as a sequence of bytes stored in the memory of your computer!

o The data type actually depends on the way you access and use these bytes!

Data TypesData Types

o 16 signed/unsigned 8-bit integers

o 8 signed/unsigned 16-bit words

o 4 signed/unsigned 32-bit doublewords

o An incomprehensible string…

o Instructions and operands…

AB1 FF55 1214 3376 DE01 46F1 24E9 1190 87

3

5

7

9

B

D

F

0

2

4

6

8

A

C

E

Odd Bank Even Bank

Data Bus (15:8) Data Bus (7:0)

Real vs. protected modeReal vs. protected mode

o In real mode we address the first megabyte of memory (00000h-FFFFFh), we are limited to a 20-bit address bus and 16-bit registers

o In protected mode we can address 4 Gigabytes of memory using 32-bit address bus and 32-bit registers

Protected mode Protected mode at a glanceat a glance

o Used in 80286 and highero Memory accessing based on

segmentationo Segments can be considered as

“protected” regions of memoryo Somehow more more complex address

translation mechanism

Contd…

Protected mode Protected mode at a glanceat a glance

o Still segment:offset, segment is 16-bit, offset can be 16-bit or 32-bit

o Segment field used as pointer to a segment table that contains the starting address of the segment in physical memory

o You are not allowed to modify the segment table in user mode but you can in privileged mode, e.g. if writing an operating system

Using segmentsUsing segmentso Logical partitioning of your program

Data(variables) CS

Code(your program)

Unused stack

Used stack

DS

SS

DS:DI

DS:SI

CS:IP

SS:SP

SS:BP

Original SP

Memory

The MOV instructionThe MOV instruction

o Move datao From memory to a registero From a register to memoryo From a register to another registero Never from memory to memory!

o Syntaxo MOV destination, sourceo Destination and source can be registers or

memory addresses defined in different ways which we call “addressing modes”

Addressing modesAddressing modes

o Register, the fastest!o MOV AX, BXo MOV AL, BLo MOV DX, SIo MOV DS, BXo Remember, source/destination must be of

equal size

o Immediateo Load a value to a registero MOV AX, 1234h

Addressing modesAddressing modes

o Directo MOV AX, [1234h]o Move data from a memory location to a

registero 1234h is a displacement within the data

segment DSo Register Indirect (base relative, or indexed)

o MOV AX,[BX]o MOV AX,[BP]

Contd…

Addressing modesAddressing modes

o MOV AX,[SI]o MOV AX,[DI]o Displacement is put in a registero BX, SI, DI define displacements in the data

segmento BP defines a displacement in the stack

segment

Addressing modesAddressing modes

o Base plus index (base relative indexed)o MOV AX, [BX+DI]o MOV AX, [BX+SI]o Base can be BX or BP, index SI or DI

o Register relativeo MOV AX, [BX+1234h]o Register on the left can be BX, BP, SI, or DI

o Base relative plus indexo MOV AX, [BX+DI+1234h]

How do I learn all this ?How do I learn all this ?

o All you have to remember is this table

o Pick 0 or 1 item from each of the columns, just make sure you end up with at least one item

o Never pick two items from the same columno 17 valid addressing modes

BX

BP

SI

DI DIS

P

Addressing mode Addressing mode examplesexamples

89 D8 MODEOPMove to AX the 16-bit value in BXMOV AX, BX Register

Memory ContentsCommentInstructionAddressing

Mode

89 F8 MODEOPMove to AX the 16-bit value in DIMOV AX, DI Register

88 C4 MODEOPMove to AL the 8-bit value in AXMOV AH, AL Register

B4 12 DATA8OPMove to AH the 8-bit value 12HMOV AH, 12h Immediate

B8 34 DATA16OPMove to AX the value 1234hMOV AX, 1234h Immediate

B8 lsb msb DATA16OPMove to AX the constant defined as CONST

MOV AX, CONST Immediate

B8 lsb msb DATA16OPMove to AX the address or offset of the variable X

MOV AX, X Immediate

A1 34 12 DISP16OPMove to AX the value at memory location 1234h

MOV AX, [1234h] Direct

A1 lsb msb DISP16OPMove to AX the value in memory location DS:X

MOV AX, [X] Direct

Addressing mode Addressing mode examplesexamples

A3 lsb msb DATA16OPMove to the memory location pointed to by DS:X the value in AX

MOV [X], AX Direct

Memory ContentsCommentInstructionAddressing

Mode

8B 05 MODEOPMove to AX the 16-bit value pointed to by DS:DI

MOV AX, [DI] Indexed

89 05 MODEOPMove to address DS:DI the 16-bit value in AX

MOV [DI], AX Indexed

8B 07 MODEOPMove to AX the 16-bit value pointed to by DS:BX

MOV AX, [BX]Register Indirect

89 07 MODEOPMove to the memory address DS:BX the 16-bit value stored in AX

MOV [BX], AXRegister Indirect

89 46 MODEOPMove to memory address SS:BP the 16-bit value in AX

MOV [BP], AXRegister Indirect

8B 87 lsb msb MODEOPMove to AX the value in memory at DS:BX + TAB

MOV AX, TAB[BX]Register Relative

89 87 lsb msb DISP16OPMove value in AX to memory address DS:BX + TAB

MOV TAB[BX], AXRegister Relative

8B 01 MODEOPMove to AX the value in memory at DS:BX + DI

MOV AX, [BX + DI]Base Plus Index

DISP16

MODE

Addressing mode Addressing mode examplesexamples

89 01 MODEOPMove to the memory location pointed to by DS:X the value in AX

MOV [BX + DI], AXBase Plus Index

Memory ContentsCommentInstruction Addressing Mode

8B 81 34 12 MODEOPMove word in memory location DS:BX + DI + 1234h to AX register

MOV AX, [BX + DI + 1234h]Base Rel Plus Index DISP16

C7 81 34 12 78 56Move immediate value 5678h to memory location BX + DI + 1234h

MOV word [BX + DI + 1234h], 5678h

Base Rel Plus Index

Machine languageMachine language

o Everything (instructions, operands, data) is translated to bytes stored in memory

o You need to be able to interpret the meaning of these bytes to debug your programs

o In particular, we need to learn the format of instructions so that we can interpret the bytes that correspond to instructions in memory

o x86 instructions are complex, they vary in size from 1 byte to 13 bytes

Generic instruction formatGeneric instruction formatOpcode Mode Displacement Data/Immediate

No operandsExample: NOPOP

OP DATA8

OP DATA16

OP

OP

OP

DISP8

DISP16

MODE

MODEOP DISP8

MODEOP DISP16

w/8-bit dataExample: MOV AL, 15

w/16-bit dataExample: MOV AX, 1234h

w/8-bit displacementExample: JE +45

w/16-bit displacementExample: MOV AL, [1234h]

w/mode – register to registerExample: MOV AL, AH

w/mode & 8-bit displacementExample: MOV [BX + 12], AX

w/mode & 16-bit displacementExample: MOV [BX+1234], AX

Instruction BasicsInstruction Basics

o Each instruction can have only one operand that points to a memory location

o The sizes of the operands of an instruction must match

o The mode byte encodes which registers are used by the instruction

o If the data size used is ambiguous you have to specify it!o MOV BYTE [BX], 12ho MOV [BX], WORD 12h

Anatomy of an instructionAnatomy of an instruction

o Opcode contains the type of instruction we execute plus two special bits, D and W

o The mode byte is used only in instructions that use register addressing modes and encodes the source and destination for instructions with two operands

D W

OPCODE

MOD R/MREG

Opcode Mode Displacement Data/Immediate

Contd…

Anatomy of an instructionAnatomy of an instruction

o D stands for direction and defines the data flow of the instructiono D=0, data flows from REG to R/Mo D=1, data flows from R/M to REG

o W stands for the size of datao W=0, byte-sized datao W=1, word (in real mode) or double-

word sized (in protected mode)

Anatomy of Anatomy of an instructionan instruction

• MOD field specifies the addressing MOD field specifies the addressing modemode

• 00 – no displacement00 – no displacement• 01 – 8-bit displacement, sign extended01 – 8-bit displacement, sign extended• 10 – 16-bit displacement10 – 16-bit displacement• 11 – R/M is a register, register 11 – R/M is a register, register

addressing modeaddressing mode• If MOD is 00,01, or 10, the R/M field If MOD is 00,01, or 10, the R/M field

selects one of the memory addressing selects one of the memory addressing modesmodes

D W

OPCODE

MOD R/MREG

Opcode Mode Displacement Data/Immediate

Registers in the REG and Registers in the REG and R/M fieldsR/M fields

Code W=0 (Byte) W=1 (Word) W=1 (DWord)

000 AL AX EAX

001 CL CX ECX

010 DL DX EDX

011 BL BX EBX

100 AH SP ESP

101 CH BP EBP

110 DH SI ESI

111 BH DI EDI

ExampleExample

o Consider the instruction 8BECho 1000 1011 1110 1100 binaryo Opcode 100010 -> MOVo D=1 data goes from R/M to REGo W=1 data is word-sizedo MOD=11, register addressingo REG=101 destination, R/M=100

sourceo MOV BP, SP

Code W=0 W=1 W=1

000 AL AX EAX

001 CL CX ECX

010 DL DX EDX

011 BL BX EBX

100 AH SP ESP

101 CH BP EBP

110 DH SI ESI

111 BH DI EDI

Displacement addressingDisplacement addressing

o If MOD is 00, 01, or 10 R/M has an entirely different meaning

R/M Code Function

000 DS:BX+SI

001 DS:BX+DI

010 SS:BP+SI

011 SS:BP+DI

100 DS:SI

101 DS:DI

110 SS:BP

111 DS:BX

00

MOD

01

FUNCTION

10

11No displacement

8-bit sign-extended displacement

16-bit displacement

R/M is a register (register addressing mode)

Examples:Examples:

If MOD=00 and R/M=101 mode is [DI]If MOD=00 and R/M=101 mode is [DI]

If MOD=01 and R/M=101 mode is If MOD=01 and R/M=101 mode is [DI+33h][DI+33h]

If MODE=10 and R/M=101 modes is If MODE=10 and R/M=101 modes is [DI+2233h][DI+2233h]

ExampleExample

o Instruction 8A15ho 1000 1010 0001 0101o Opcode 100010 -> MOV o D=1, data flows from R/M to

REGo W=0, 8-bit argumento MOD=00 (no displacement)o REG=010 (DL)o REG=101 ([DI] addressing

mode)o MOV DL, [DI]

Code W=0 W=1 W=1

000 AL AX EAX

001 CL CX ECX

010 DL DX EDX

011 BL BX EBX

100 AH SP ESP

101 CH BP EBP

110 DH SI ESI

111 BH DI EDI

R/M Code Function

000 DS:BX+SI

001 DS:BX+DI

010 SS:BP+SI

011 SS:BP+DI

100 DS:SI

101 DS:DI

110 SS:BP

111 DS:BX

Direct Addressing ModeDirect Addressing Mode

o MOD is always 00o R/M is always 110o REG encodes the register to/from

we take data as usualo Third byte contains the lower-order

bytes of the displacement, fourth byte contains the high order byte of the displacement

Direct AddressingDirect Addressing

o Example: 8816 00 10o 1000 1000 0001 0110 0000

0000 0001 0000o Opcode 100010 -> MOVo W=0 (byte-sized data)o D=0 data flows from REGo MOD 00, REG=010 (DL),

R/M=110o Low-order byte of

displacement 00o High-order byte of

displacement 10o MOV [1000h], DL

Code W=0 W=1 W=1

000 AL AX EAX

001 CL CX ECX

010 DL DX EDX

011 BL BX EBX

100 AH SP ESP

101 CH BP EBP

110 DH SI ESI

111 BH DI EDI

OopsOops

o R/M=110 points to BP when MOD=00!o What happens with MOV DL, [BP]

o No displacement, MOD=00o [BP] addressing mode, R/M=110

o Hack…o MOV DL,[BP+0]o MOD=01 (8-bit displacement)o R/M=110o This also means that MOV [BP] instructions

are at least three bytes long (there is always a displacement even if it is 00)

Immediate addressingImmediate addressing

o MOV WORD [BX+1000h], 1234h

1 1 00 0 1 1 1 0 1 11 0 0 0 1

1 000000000000000

OPCODE W MOD R/M

Displacement-low Displacement-highByte 1 Byte 2

1 010000000101100

Data-low Data-high

Byte 3 Byte 4

Byte 5 Byte 6

R/M Code Function

000 DS:BX+SI

001 DS:BX+DI

010 SS:BP+SI

011 SS:BP+DI

100 DS:SI

101 DS:DI

110 SS:BP

111 DS:BX

Segment MOV instructionsSegment MOV instructions

o Different opcode 100011o Segments are selected by setting the REG field

REG Code Segment reg.

000 ES

001 CS

010 SS

011 DS

100 FS

101 GS

Example MOV BX, CSExample MOV BX, CS

Opcode 10001100Opcode 10001100

MOD=11 (register MOD=11 (register addressing)addressing)

REG=001 (CS)REG=001 (CS)

R/M=011 (BX)R/M=011 (BX)

8CCB8CCB