Real-World Instruction Set Architectures Focus on IA-32
description
Transcript of Real-World Instruction Set Architectures Focus on IA-32
1
Real-World Instruction Set ArchitecturesFocus on IA-32
http://www.pds.ewi.tudelft.nl/~iosup/Courses/2012_ti1400_5.ppt
Course website:http://www.pds.ewi.tudelft.nl/~iosup/Courses/2012_ti1400_results.htm
TU-DelftTI1400/12-PDS
2
IA family
• IA (Intel Architecture) is a family of processors
• Each processor—same architecture, but different organization- same instruction set- different performance
• 32-bit memory addresses and variable length instructions
• Very large instruction set (not RISC)
1982
1985
1989
1993
TU-DelftTI1400/12-PDS
3
Floorplan IA-32
TU-DelftTI1400/12-PDS
4
Other Example: PowerPC
Floating-pointunit
Integer unit
Instruction unit
instructions instructions
Cache
main memory
TU-DelftTI1400/12-PDS
5
Floorplan PowerPC
TU-DelftTI1400/12-PDS
6
FPU
DataCache
Instr.Cache
Registers
MMU
Load/Store
Unit
Floorplan PowerPC
TU-DelftTI1400/12-PDS
7
IA-32
1. Introduction2. Memory Layout3. Registers4. Instructions5. Examples of Assembler Code for IA-326. Subroutines
TU-DelftTI1400/12-PDS
8
Memory
• Memory is byte addressable• Doublewords can start at any byte location• Data Operands are 8 or 32 bits wide• Mode is little-endian scheme
(vs big-endian PowerPC)
TU-DelftTI1400/12-PDS
9
Addressable data units
byte 3 byte 0
31 0 Bit
Byte
Doubleword 0
TU-DelftTI1400/12-PDS
10
IA-32
1. Introduction2. Memory Layout3. Registers4. Instructions5. Examples of Assembler Code for IA-326. Subroutines
TU-DelftTI1400/12-PDS
11
IA register structure
FP0
FP7
floating -pointregisters
R0
R7
general- purpose registers
TU-DelftTI1400/12-PDS
12
Register Naming
R0 EAXR1 EBXR2 ECXR3 EDX
R4 ESPR5 EBPR6 ESIR7 EDI
EIPEFLAGS
Data registers
Pointer registers
Index registers
Instruction PointerStatus Register
ALAH
AX
TU-DelftTI1400/12-PDS
13
Status Register
OF IF
31 13 12 11 0
Status Register
CFTF SF ZF
6 7 8 9
CFCarry
ZFZero
SFSign
IOPL I/O privilege level
OF Overflow
IF Interrupt enable
IOPL
TU-DelftTI1400/12-PDS
14
Special registers
Code Segment CSStack Segment SS
DSESFSGS
Data Segments
TU-DelftTI1400/12-PDS
15
IA-32
1. Introduction2. Memory Layout3. Registers4. Instructions5. Examples of Assembler Code for IA-326. Subroutines
TU-DelftTI1400/12-PDS
16
Instructions
• Variable length instructions 1-12 bytes• Five type of instructions
- Copy instructions (MOV)- Arithmetic and logic instructions- Flow control- Processor control instructions- I/O instructions
• Format: INSTR Rdst,Rsrc
TU-DelftTI1400/12-PDS
17
Instruction Format
Opcode Addressing Displacement Immediate
1 or 2 bytes 1 or 2 bytes 1 or 4 bytes 1 or 4 bytes
variable opcode length
TU-DelftTI1400/12-PDS
18
Addressing modes
• Many addressing modes:1. Immediate value2. Direct M(value)
3. Register [reg]4. Register Indirect M([reg])5. Base with displacement M([reg]) +Disp6. Index with displacement M([reg]S +Disp) 7. Base with index M([reg1]+[reg2]S)8. Base with index and M([reg1]+[reg2]S+Disp)
displacement S=1,2,4 or 8 Disp= 8 or 32-bit signed number
Q CISC or RISC?Q Why both 5 and 6?
TU-DelftTI1400/12-PDS
19
Immediate and Direct
• ImmediateMOV EAX, 25 [EAX] #25MOV EAX, 3FA00H [EAX] # 3FA00H
• DirectMOV EAX, loc [EAX] M(loc)orMOV EAX, [loc] [EAX] M(loc)
TU-DelftTI1400/12-PDS
20
Register indirect
• RegisterMOV EBX,OFFSET loc [EBX] #locorLEA EBX,loc [EBX] #loc
• Register indirectMOV EAX,[EBX] [EAX] M(EBX)andMOV [EBX], 10 [EBX] 10MOV DWORD PTR [EBX], 10 [EBX] 10
Q Why DWORD PTR?
TU-DelftTI1400/12-PDS
21
Base with Index and Displacement
• MOV EAX,[EBP+ESI*4+200]EAX M([EBP] + [ESI]*4 + #200)
Operand
1000
40
EBP
ESI
1000
1200
1360
TU-DelftTI1400/12-PDS
22
Arithmetic instructions
• May have one or two operands
ADD dst,scr
meaning [dst] [dst] + [src]
TU-DelftTI1400/12-PDS
23
Compare
• Used to compare values and leave register contents unchanged
CMP dst, src [dst] - [src]
TU-DelftTI1400/12-PDS
24
Flow control
• Two basic branch instructions:• JMP [loc] Branch unconditionally
• JG, JZ, JS, etc Branch if condition is satisfied
TU-DelftTI1400/12-PDS
25
IA-32
1. Introduction2. Memory Layout3. Registers4. Instructions5. Examples of Assembler Code for IA-326. Subroutines
TU-DelftTI1400/12-PDS
26
Summation example
Java code
int[] listarray = new list[n];int sum=0;for(index=n-1, index>=0, index--){
sum += list[index];}
TU-DelftTI1400/12-PDS
27
Summation example
Assembler code, Version 1 [1/4]
LEA EBX, NUM1 [EBX] #NUM1MOV ECX, N [EXC] M(N)MOV EAX, 0 [EAX] #0MOV EDI, 0 [EDI] #0
L: ADD EAX, [EBX+EDI*4] Add next number to EAXINC EDI [EDI] [EDI] +1DEC ECX [ECX] [ECX] -1JG L Branch if [ECX]>0MOV SUM, EAX M(SUM) [EAX]
TU-DelftTI1400/12-PDS
28
Summation example
Assembler code, Version 1 [2/4]
LEA EBX, NUM1 [EBX] #NUM1MOV ECX, N [EXC] M(N)MOV EAX, 0 [EAX] #0MOV EDI, 0 [EDI] #0
L: ADD EAX, [EBX+EDI*4] Add next number to EAXINC EDI [EDI] [EDI] +1DEC ECX [ECX] [ECX] -1JG L Branch if [ECX]>0MOV SUM, EAX M(SUM) [EAX]
TU-DelftTI1400/12-PDS
29
Summation example
Assembler code, Version 1 [3/4]
LEA EBX, NUM1 [EBX] #NUM1MOV ECX, N [EXC] M(N)MOV EAX, 0 [EAX] #0MOV EDI, 0 [EDI] #0
L: ADD EAX, [EBX+EDI*4] Add next number to EAXINC EDI [EDI] [EDI] +1DEC ECX [ECX] [ECX] -1JG L Branch if [ECX]>0MOV SUM, EAX M(SUM) [EAX]
TU-DelftTI1400/12-PDS
30
Summation example
Assembler code, Version 1 [4/4]
LEA EBX, NUM1 [EBX] #NUM1MOV ECX, N [EXC] M(N)MOV EAX, 0 [EAX] #0MOV EDI, 0 [EDI] #0
L: ADD EAX, [EBX+EDI*4] Add next number to EAXINC EDI [EDI] [EDI] +1DEC ECX [ECX] [ECX] -1JG L Branch if [ECX]>0MOV SUM, EAX M(SUM) [EAX]
TU-DelftTI1400/12-PDS
31
Summation example
Assembler code, Version 1
LEA EBX, NUM1 [EBX] #NUM1MOV ECX, N [EXC] M(N)MOV EAX, 0 [EAX] #0MOV EDI, 0 [EDI] #0
L: ADD EAX, [EBX+EDI*4] Add next number to EAXINC EDI [EDI] [EDI] +1DEC ECX [ECX] [ECX] -1JG L Branch if [ECX]>0MOV SUM, EAX M(SUM) [EAX]
TU-DelftTI1400/12-PDS
32
Summation example
Assembler code, Version 2
LEA EBX, NUM1 [EBX] #NUM1SUB EBX, 4MOV ECX, N [EXC] M(N)MOV EAX, 0 [EAX] #0
L: ADD EAX, [EBX+ECX*4]Add next number to EAXLOOP L [ECX] [ECX] -1
Branch if [ECX]>0MOV SUM, EAX M(SUM) [EAX]
Q Why SUB EBX,4?
TU-DelftTI1400/12-PDS
33
Summation example
Performance, Version 1 vs Version 2
LEA EBX, NUM1SUB EBX, 4MOV ECX, NMOV EAX, 0
L: ADD EAX, [EBX+ECX*4]LOOP L
MOV SUM, EAX
LEA EBX, NUM1MOV ECX, NMOV EAX, 0MOV EDI, 0
L: ADD EAX, [EBX+EDI*4]INC EDIDEC ECXJG LMOV SUM, EAX
1. Replaced 1xMOV with 1xSUB2. Replaced 1xINC+1xDEC+1xJG with
1xLOOPQ What is the performance loss/gain?
TU-DelftTI1400/12-PDS
34
Summation example
The .asm File .dataNUM1DD 0, 1, 2, -1, -2N DD 5SUM DD 0
.codeMAIN:LEA EBX, NUM1
SUB EBX, 4MOV ECX, NMOV EAX, 0
L: ADD EAX, [EBX+ECX*4]LOOP LMOV SUM, EAXCMP SUM,0END MAIN
TU-DelftTI1400/12-PDS
35
Sorting example
Java code
int[] listarray = new list[n];int temp;for(j=n-1, j>0, j--){
for(k=j-1, k>=0, k--){if(list[j] > list[k]) {
temp = list[k];list[k] = list[j];list[j] = temp;
}}
}
TU-DelftTI1400/12-PDS
36
Sorting Example
Assembler code [1/4]LEA EAX, list [EAX] #listMOV EDI, N [EDI] nDEC EDI [EDI] n-1 init(j)
outer: MOV ECX, EDI [ECX] jDEC ECX [ECX] j-1 init (k)MOV DL, [EAX+EDI] load list(j) into DL
inner: CMP [EAX+ECX], DL compare list(k) to list(j)JLE next if list(j) >= list(k)XCNG [EAX+ECX], DL swap list(j), list(k)MOV [EAX+ECX], DL new list(j) in DL
next: DEC ECX decrement kJGE inner repeat or terminate DEC EDI decrement jJGE outer repeat or terminate
TU-DelftTI1400/12-PDS
37
Sorting Example
Assembler code [2/4]LEA EAX, list [EAX] #listMOV EDI, N [EDI] nDEC EDI [EDI] n-1 init(j)
outer: MOV ECX, EDI [ECX] jDEC ECX [ECX] j-1 init (k)MOV DL, [EAX+EDI] load list(j) into DL
inner: CMP [EAX+ECX], DL compare list(k) to list(j)JLE next if list(j) >= list(k)XCNG [EAX+ECX], DL swap list(j), list(k)MOV [EAX+ECX], DL new list(j) in DL
next: DEC ECX decrement kJGE inner repeat or terminate DEC EDI decrement jJGE outer repeat or terminate
TU-DelftTI1400/12-PDS
38
Sorting Example
Assembler code [3/4]LEA EAX, list [EAX] #listMOV EDI, N [EDI] nDEC EDI [EDI] n-1 init(j)
outer: MOV ECX, EDI [ECX] jDEC ECX [ECX] j-1 init (k)MOV DL, [EAX+EDI] load list(j) into DL
inner: CMP [EAX+ECX], DL compare list(k) to list(j)JLE next if list(j) >= list(k)XCNG [EAX+ECX], DL swap list(j), list(k)MOV [EAX+ECX], DL new list(j) in DL
next: DEC ECX decrement kJGE inner repeat or terminate DEC EDI decrement jJGE outer repeat or terminate
TU-DelftTI1400/12-PDS
39
Sorting Example
Assembler code [4/4]LEA EAX, list [EAX] #listMOV EDI, N [EDI] nDEC EDI [EDI] n-1 init(j)
outer: MOV ECX, EDI [ECX] jDEC ECX [ECX] j-1 init (k)MOV DL, [EAX+EDI] load list(j) into DL
inner: CMP [EAX+ECX], DL compare list(k) to list(j)JLE next if list(j) >= list(k)XCNG [EAX+ECX], DL swap list(j), list(k)MOV [EAX+ECX], DL new list(j) in DL
next: DEC ECX decrement kJGE inner repeat or terminate DEC EDI decrement jJGE outer repeat or terminate
TU-DelftTI1400/12-PDS
40
Sorting Example
Assembler code [4/4]LEA EAX, list [EAX] #listMOV EDI, N [EDI] nDEC EDI [EDI] n-1 init(j)
outer: MOV ECX, EDI [ECX] jDEC ECX [ECX] j-1 init (k)MOV DL, [EAX+EDI] load list(j) into DL
inner: CMP [EAX+ECX], DL compare list(k) to list(j)JLE next if list(j) >= list(k)XCNG [EAX+ECX], DL swap list(j), list(k)MOV [EAX+ECX], DL new list(j) in DL
next: DEC ECX decrement kJGE inner repeat or terminate DEC EDI decrement jJGE outer repeat or terminate
Q Is this code a correctimplementation of the Java code?
int[] listarray = new list[n];int temp;for(j=n-1, j>0, j--){
for(k=j-1, k>=0, k--){if(list[j] > list[k]) {
temp = list[k];list[k] = list[j];list[j] = temp;
}}
}
TU-DelftTI1400/12-PDS
41
IA-32
1. Introduction2. Registers3. Memory Layout4. Instructions5. Examples of Assembler Code for IA-326. Subroutines really long
TU-DelftTI1400/12-PDS
42
Subroutines
• CALL sub• Return address is saved on stack (ESP
register)
• Return is RET
[EIP] #sub
[EIP] [ESP][ESP] [ESP]+4
TU-DelftTI1400/12-PDS
43
Stack instructions
• ESP register is used as stack pointer• PUSH src [ESP] [ESP] - #4
M([ESP]) [src]
• POP dst [dst] M([ESP]) [ESP] [ESP] + #4
• PUSHAD (POPAD) push (pop) all 8 registers on (from) stack
TU-DelftTI1400/12-PDS
44
Stack frames [1/4]
....PUSH N Parameter n on stack
2000 CALL Sub1 Call subroutine at 2400...........
2004
N
10056
2400
ESP
EIP 10052
Note: Sub1 starts at address 2400
Stack Pointer
Stack
program counter
stack pointer
TU-DelftTI1400/12-PDS
45
Stack frames [2/4]
....PUSH N Parameter N on stack
2000 CALL Sub1 Call subroutine at 2400...........
N
10052
2000
ESP
EIP 10052
Note: Sub1 starts at address 2400
Stack Pointer
Stack
program counter
stack pointer
TU-DelftTI1400/12-PDS
46
Stack frames [3/4]
....PUSH N Parameter n on stack
2000 CALL Sub1 Call subroutine at 2400...........
2004
N
10048
2000
ESP
EIP 10052
Note: Sub1 starts at address 2400
Stack Pointer
Stack
program counter
stack pointer
10048
TU-DelftTI1400/12-PDS
47
Stack frames [4/4]
....PUSH N Parameter n on stack
2000 CALL Sub1 Call subroutine at 2400...........
2004
N
10048
2400
ESP
EIP 10052
Note: Sub1 starts at address 2400
Stack Pointer
Stack
program counter
stack pointer
10048
TU-DelftTI1400/12-PDS
48
Subroutine Sub1
Sub1: PUSH EAX Save EAXPUSH EBX Save EBXMOV EAX, [EDI + 12] n to EAXDEC EAX....PUSH EAX Load n-1 on stack
L: CALL Sub2 Call subroutinePOP N Put result in M(N)POP EBX Restore EBXPOP EAX Restore EAXRET return
TU-DelftTI1400/12-PDS
49
Stack frame in Sub1
[EBX]
[EAX]
Return Address
N
10040
?
ESP
EIP 10052
Stack frame at arrow
10036
2400: PUSH EAXPUSH EBXMOV EAX, [EDI + 12]DEC EAX
Q What is the value op EIP?
After PUSH EBX
10040
TU-DelftTI1400/12-PDS
50
Subroutine Sub1
2400 PUSH EAX Save EAXPUSH EBX Save EBXMOV EAX, [EDI + 12] n to EAXDEC EAX....PUSH EAX Load n-1 on stack
L: CALL Sub2 Call subroutinePOP N Put result in M(N)POP EBX Restore EBXPOP EAX Restore EAXRET return
After DEC EAX
TU-DelftTI1400/12-PDS
51
Stack frame in Sub1
Stack frame at arrow
[EBX]
[EAX]
Return Address
N
10040
?EIP 10052
10040
n-1EAX
ESP
2400: PUSH EAXPUSH EBXMOV EAX, [EDI + 12]DEC EAXAfter DEC EAX
TU-DelftTI1400/12-PDS
52
Subroutine Sub1
2400: PUSH EAX Save EAXPUSH EBX Save EBXMOV EAX, [EDI + 12] n to EAXDEC EAX....PUSH EAX Load n-1 on stack
L: CALL Sub2 Call subroutinePOP N Put result in M(N)POP EBX Restore EBXPOP EAX Restore EAXRET return
After PUSH EAX
TU-DelftTI1400/12-PDS
53
Stack frame in Sub1
Stack frame at arrow
N-1
[EBX]
[EAX]
Return Address
N
10036
?EIP 10052
10036
N-1EAX
ESP
2400: PUSH EAXPUSH EBXMOV EAX, [EDI + 12]DEC EAX....PUSH EAXAfter PUSH EAX
10040
TU-DelftTI1400/12-PDS
54
Stack frame in Sub1
Stack frame at arrow
Return Address
[EBX]
[EAX]
Return Address
N
10032
?EIP 10052
10036
N-1EAX
ESP
2400: PUSH EAX....PUSH EAX
L: CALL Sub2After CALL SUB2
N-1
10032
10040
TU-DelftTI1400/12-PDS
55
Stack frame in Sub2
Stack frame at arrowReturn Address
N-1
[EBX]
[EAX]
Return Address
n
10032
?EIP 10052
10036
N-2EAX
ESP
Sub2: MOV EAX, [EDI+4]DEC EAXMOV [EDI+4], EAXRET
After DEC EAX
10040
TU-DelftTI1400/12-PDS
56
Stack frame in Sub2
Stack frame at arrow
Return Address
N-1
[EBX]
[EAX]
Return Address
n
10032
?EIP 10052
10040 N-2EAX
ESP
Sub2: MOV EAX, [EDI+4]DEC EAXMOV [EDI+4], EAXRET
After MOV…