CS 213 Introduction to Computer Systems Thinking Inside the Box

1
CS 213Introduction to Computer SystemsThinking
Inside the Box

• Instructor Brian M. Dennis
• bmd_at_cs.northwestern.edu
• Teaching Assistant Bin Lin
• binlin_at_cs.northwestern.edu

2
Todays Topics

• So far
• Data reps/ high level
• Overall architecture
• Memory operations
• Arithmetic operations
• , -, /,
• , ,
• Condition codes
• Branching

• Today procedure calls at the machine level

3
Summary Abstract Machines
Machine Models
Data
Control
C
1) loops 2) conditionals 3) switch 4) Proc.
call 5) Proc. return
1) char 2) int, float 3) double 4) struct,
array 5) pointer
Assembly
1) byte 2) 2-byte word 3) 4-byte long word 4)
contiguous byte allocation 5) address of initial
byte
3) branch/jump 4) call 5) ret
4
IA32 Stack
Stack Bottom

• Region of memory managed with stack discipline
• Grows toward lower addresses
• Register esp indicates lowest stack address
• address of top element

0x100
Stack Grows Down
0xbc
Stack Top
5
IA32 Stack Pushing
Stack Bottom

• Pushing
• pushl Src
• Fetch operand at Src
• Decrement esp by 4
• Write operand at address given by esp

Stack Grows Down
-4

Stack Top
6
IA32 Stack Popping
Stack Bottom

• Popping
• popl Dest
• Read operand at address given by esp
• Increment esp by 4
• Write to Dest

Stack Grows Down
4

Stack Top
7
Stack Operation Examples
pushl eax
popl edx
0x110
0x110
0x110
0x10c
0x10c
0x10c
0x108
123
0x108
123
0x108
123
0x104
0x104
213
213
eax
eax
eax
213
213
213
edx
edx
edx
555
555
555
213
esp
esp
esp
0x108
0x108
0x104
0x104
0x108
8
Procedure Control Flow

• Use stack to support procedure call and return
• Procedure call
• call label Push return address on stack Jump to
  label
• Return address value
• Address of instruction beyond call
• Example from disassembly
• 804854e e8 3d 06 00 00 call 8048b90 ltmaingt
• 8048553 50 pushl eax
• Return address 0x8048553
• Procedure return
• leave Set esp to ebp, pop into ebp
• ret Pop address from stack Jump to address

9
Procedure Call Example
804854e e8 3d 06 00 00 call 8048b90
ltmaingt 8048553 50 pushl eax
call 8048b90
0x110
0x110
0x10c
0x10c
0x108
123
0x108
123
0x104
0x8048553
esp
esp
0x108
0x108
0x104
eip
eip
0x804854e
0x804854e
0x8048b90
eip is program counter
10
Procedure Return Example
8048591 c3 ret
ret
0x110
0x110
0x10c
0x10c
0x108
123
0x108
123
0x104
0x8048553
0x8048553
esp
esp
0x104
0x104
0x108
eip
eip
0x8048591
0x8048591
0x8048553
eip is program counter
11
Stack-Based Languages

• Languages that Support Recursion
• e.g., C, Pascal, Java
• Code must be Reentrant
• Multiple simultaneous instantiations of single
  procedure
• Need some place to store state of each
  instantiation
• Arguments
• Local variables
• Return pointer

• Stack Discipline
• State for given procedure needed for limited time
• From when called to when return
• Callee returns before caller does
• Stack Allocated in Frames
• state for single procedure instantiation

12
Call Chain Example
Call Chain
yoo() who()

• Code Structure

yoo
who
who() amI() amI()
amI
amI
amI() amI()
amI
amI

• Procedure amI recursive

13
Stack Frames
yoo

• Contents
• Passed arguments
• Local variables
• Return information
• Temporary space
• Management
• Space allocated when enter procedure
• Set-up code
• Deallocated when return
• Finish code
• Pointers
• Stack pointer esp indicates stack top
• Frame pointer ebp indicates start of current
  frame

who
amI
proc
Stack Top
14
Stack Operation

yoo
Call Chain
yoo() who()
yoo
15
Stack Operation

yoo
Call Chain
who() amI() amI()
yoo
who
who
16
Stack Operation

yoo
Call Chain
amI() amI()
yoo
who
who
amI
amI
17
Stack Operation

yoo
Call Chain
amI() amI()
yoo
who
who
amI
amI
amI
amI
18
Stack Operation

yoo
Call Chain
amI() amI()
yoo
who
who
amI
amI
amI
amI
amI
amI
19
Stack Operation

yoo
Call Chain
amI() amI()
yoo
who
who
amI
amI
amI
amI
amI
20
Stack Operation

yoo
Call Chain
amI() amI()
yoo
who
who
amI
amI
amI
amI
21
Stack Operation

yoo
Call Chain
who() amI() amI()
yoo
who
who
amI
amI
amI
22
Stack Operation

yoo
Call Chain
amI()
yoo
who
who
amI
amI
amI
amI
amI
23
Stack Operation

yoo
Call Chain
who() amI() amI()
yoo
who
who
amI
amI
amI
amI
24
Stack Operation

yoo
Call Chain
yoo() who()
yoo
who
amI
amI
amI
amI
25
IA32/Linux Stack Frame
Caller Frame

• Current Stack Frame (Top to Bottom)
• Parameters for function about to call
• Argument build,
• left/top to right/bottom
• Local variables
• If cant keep in registers
• Saved register context
• Old frame pointer
• Caller Stack Frame
• Return address
• Pushed by call instruction
• Arguments for this call

Arguments
Frame Pointer (ebp)
Return Addr
Old ebp
Saved Registers Local Variables
Argument Build
Stack Pointer (esp)
26
Revisiting swap
Calling swap from call_swap
call_swap pushl zip2 Global
Var pushl zip1 Global Var call swap
int zip1 60208 int zip2 90210 void
call_swap() swap(zip1, zip2)
Resulting Stack

void swap(int xp, int yp) int t0 xp
int t1 yp xp t1 yp t0
zip2
zip1
Rtn adr
esp
27
Revisiting swap
swap pushl ebp movl esp,ebp pushl
ebx movl 12(ebp),ecx movl
8(ebp),edx movl (ecx),eax movl
(edx),ebx movl eax,(edx) movl
ebx,(ecx) movl -4(ebp),ebx movl
ebp,esp popl ebp ret
Set Up
void swap(int xp, int yp) int t0 xp
int t1 yp xp t1 yp t0
Body
Just being consistent with textbook. May actually
be a leave instruction.
Finish
28
swap Setup 1
Entering Stack
Resulting Stack
ebp

zip2
zip1
swap pushl ebp movl esp,ebp pushl ebx
Rtn adr
esp
29
swap Setup 2
Resulting Stack
Entering Stack
ebp
ebp


yp
zip2
xp
zip1
swap pushl ebp movl esp,ebp pushl ebx
Rtn adr
Rtn adr
esp
Old ebp
esp
30
swap Setup 3
Resulting Stack
Entering Stack
ebp
ebp


yp
zip2
xp
zip1
swap pushl ebp movl esp,ebp pushl ebx
Rtn adr
Rtn adr
esp
Old ebp
Old ebx
esp
31
Effect of swap Setup
Entering Stack
Resulting Stack
ebp


Offset (relative to ebp)
yp
12
zip2
xp
8
zip1
Rtn adr
4
Rtn adr
esp
ebp
Old ebp
0
Old ebx
esp
movl 12(ebp),ecx get yp movl 8(ebp),edx
get xp . . .
Body
32
swap Finish 1

• Observation
• Saved restored register ebx

swaps Stack

Offset
Offset
yp
12
yp
12
xp
8
xp
8
Rtn adr
4
Rtn adr
4
ebp
Old ebp
0
ebp
Old ebp
0
Old ebx
esp
-4
Old ebx
esp
-4
movl -4(ebp),ebx movl ebp,esp popl
ebp ret
33
swap Finish 2

swaps Stack

swaps Stack
Offset
Offset
yp
12
yp
12
xp
8
xp
8
Rtn adr
4
Rtn adr
4
ebp
Old ebp
0
ebp
Old ebp
0
Old ebx
esp
-4
esp
movl -4(ebp),ebx movl ebp,esp popl
ebp ret
34
swap Finish 3
ebp

swaps Stack

swaps Stack
Offset
Offset
yp
12
yp
12
xp
8
xp
8
Rtn adr
4
Rtn adr
4
esp
Old ebp
0
ebp
esp
movl -4(ebp),ebx movl ebp,esp popl
ebp ret
35
swap Finish 4

• Observation
• Saved restored register ebx
• Didnt do so for eax, ecx, or edx

ebp

swaps Stack
ebp

Exiting Stack
Offset
yp
12
zip2
xp
8
zip1
esp
Rtn adr
4
esp
movl -4(ebp),ebx movl ebp,esp popl
ebp ret
36
Practice Problem 3.16
Scanf reads 0x46, 0x53 0x300070 ? "x x"

• int proc(void)
• int x, y
• scanf("x x", x, y)
• return x-y
• Registers at proc
• Register Value
• esp 0x800040
• ebp 0x800060
• Val of ebp at 3?
• Addresses of locals x and y?
• Val of esp after 10?
• Draw stack after scanf returns?
• Indicate regions of stack not used?

• proc
• pushl ebp
• movl esp, ebp
• subl 24,esp
• addl -4,esp
• leal -4(ebp), eax
• pushl eax
• leal -8(ebp), eax
• pushl eax
• pushl .LC0 ptr to fmt str
• call scanf
• diagrams stack frame here
• movl -8(ebp), eax
• movl -4(ebp), edx
• subl eax,edx
• movl edx,eax
• movl ebp, esp
• popl ebp
• ret

37
Register Saving Conventions

• When procedure yoo calls who
•  yoo is the caller, who is the callee
• Can Register be Used for Temporary Storage?
• Contents of register edx overwritten by who

yoo movl 60208, edx call who addl edx,
eax ret
who movl 8(ebp), edx addl 02139,
edx ret
38
Register Saving Conventions

• When procedure yoo calls who
•  yoo is the caller, who is the callee
• Can Register be Used for Temporary Storage?
• Conventions
• Caller Save
• Caller saves temporary in its frame before
  calling
• Callee Save
• Callee saves temporary in its frame before using

39
IA32/Linux Register Usage

• Integer Registers
• Two have special uses
• ebp, esp
• Three managed as callee-save
• ebx, esi, edi
• Old values saved on stack prior to using
• Three managed as caller-save
• eax, edx, ecx
• Do what you please, but expect any callee to do
  so, as well
• Register eax also stores returned value

eax
Caller-Save Temporaries
edx
ecx
ebx
Callee-Save Temporaries
esi
edi
esp
Special
ebp
40
Recursive Factorial
.globl rfact .type rfact,_at_function rfact pushl
ebp movl esp,ebp pushl ebx movl
8(ebp),ebx cmpl 1,ebx jle .L78 leal
-1(ebx),eax pushl eax call rfact imull
ebx,eax jmp .L79 .align 4 .L78 movl
1,eax .L79 movl -4(ebp),ebx movl
ebp,esp popl ebp ret
int rfact(int x) int rval if (x lt 1)
return 1 rval rfact(x-1) return rval
x

• Registers
• eax used without first saving
• ebx used, but save at beginning restore at end

41
Rfact Stack Setup
pre ebp
ebp
Entering Stack
pre ebx
rfact pushl ebp movl esp,ebp pushl ebx
rfact pushl ebp movl esp,ebp pushl ebx
rfact pushl ebp movl esp,ebp pushl ebx
pre ebp
Caller
pre ebx
x
8
Rtn adr
4
0
Callee
-4
42
Rfact Body
movl 8(ebp),ebx ebx x cmpl 1,ebx
Compare x 1 jle .L78 If lt goto Term leal
-1(ebx),eax eax x-1 pushl eax Push
x-1 call rfact rfact(x-1) imull ebx,eax
rval x jmp .L79 Goto done .L78
Term movl 1,eax return val 1 .L79
Done
Recursion
int rfact(int x) int rval if (x lt 1)
return 1 rval rfact(x-1) return rval
x

• Registers
• ebx Stored value of x
• eax
• Temporary value of x-1
• Returned value from rfact(x-1)
• Returned value from this call

43
Rfact Recursion
x
x
Rtn adr
Rtn adr
x
ebp
Old ebp
ebp
Old ebp
Rtn adr
Old ebx
esp
ebp
Old ebx
Old ebp
Old ebx
x-1
eax
x-1
eax
x
ebx
x
ebx
x-1
eax
x
ebx
44
Rfact Result
Return from Call
x
x
Rtn adr
Rtn adr
ebp
ebp
Old ebp
Old ebp
Old ebx
Old ebx
x-1
x-1
esp
esp
Assume that rfact(x-1) returns (x-1)! in register
eax
(x-1)!
eax
(x-1)!
eax
(x-1)!
x
ebx
x
ebx
45
Rfact Completion
movl -4(ebp),ebx movl ebp,esp popl
ebp ret
movl -4(ebp),ebx movl ebp,esp popl
ebp ret
movl -4(ebp),ebx movl ebp,esp popl
ebp ret
pre ebp
pre ebx
x
8
Rtn adr
4
ebp
Old ebp
0
Old ebx
-4
esp
x-1
-8
x!
eax
x
ebx
Old ebx
46
Pointer Code
Recursive Procedure
Top-Level Call
void s_helper (int x, int accum) if (x lt
1) return else int z accum x
accum z s_helper (x-1,accum)
int sfact(int x) int val 1 s_helper(x,
val) return val

• Pass pointer to update location

47
Creating Initializing Pointer
x
8
Initial part of sfact
Rtn adr
4
_sfact pushl ebp Save ebp movl esp,ebp
Set ebp subl 16,esp Add 16 bytes movl
8(ebp),edx edx x movl 1,-4(ebp) val 1
Old ebp
0
_sfact pushl ebp Save ebp movl esp,ebp
Set ebp subl 16,esp Add 16 bytes movl
8(ebp),edx edx x movl 1,-4(ebp) val 1
_sfact pushl ebp Save ebp movl esp,ebp
Set ebp subl 16,esp Add 16 bytes movl
8(ebp),edx edx x movl 1,-4(ebp) val 1
_sfact pushl ebp Save ebp movl esp,ebp
Set ebp subl 16,esp Add 16 bytes movl
8(ebp),edx edx x movl 1,-4(ebp) val 1
-4
-8
-12
-16

• Using Stack for Local Variable
• Variable val must be stored on stack
• Need to create pointer to it
• Compute pointer as -4(ebp)
• Push on stack as second argument

int sfact(int x) int val 1 s_helper(x,
val) return val
48
Passing Pointer
Calling s_helper from sfact
Stack at time of call
x
8
leal -4(ebp),eax Compute val pushl eax
Push on stack pushl edx Push x call
s_helper call movl -4(ebp),eax Return
val    Finish
leal -4(ebp),eax Compute val pushl eax
Push on stack pushl edx Push x call
s_helper call movl -4(ebp),eax Return
val    Finish
leal -4(ebp),eax Compute val pushl eax
Push on stack pushl edx Push x call
s_helper call movl -4(ebp),eax Return
val    Finish
Rtn adr
4
ebp
Old ebp
0
val 1
-4
val x!
Unused
-8
-12
int sfact(int x) int val 1 s_helper(x,
val) return val
-16
49
Using Pointer
void s_helper (int x, int accum)   
int z accum x accum z   
accumx
accumx
x
ecx
   movl ecx,eax z x imull
(edx),eax z accum movl eax,(edx)
accum z   

• Register ecx holds x
• Register edx holds pointer to accum
• Use access (edx) to reference memory

50
Thats All There Is(for instructions)
Machine Models
Data
Control
C
1) loops 2) conditionals 3) switch 4) Proc.
call 5) Proc. return
1) char 2) int, float 3) double 4) struct,
array 5) pointer
Assembly
1) byte 2) 2-byte word 3) 4-byte long word 4)
contiguous byte allocation 5) address of initial
byte
3) branch/jump 4) call 5) ret
51
Gordon Bell
John Hennessy
RISC
Celebrity Chip Designer Death Match!!
CISC
Intel Engineers
Dave Patterson
John Cocke
52
CISC Properties

• Time permitting
• Instruction can reference different operand types
• Immediate, register, memory
• Arithmetic operations can read/write memory
• Memory reference can involve complex computation
• Rb SRi D
• Useful for arithmetic expressions, too
• Instructions can have varying lengths
• IA32 instructions can range from 1 to 15 bytes

53
RISC Properties

• One operand type, register
• Operations go register to register
• No complex operand calculations, just register
• No condition codes

• Exposed pipeline
• Uniformly sized, laid out instructions
• Lots more registers
• Some used for procedure arg passing

54
Summary

• The Stack Makes Recursion Work
• Private storage for each instance of procedure
  call
• Instantiations dont clobber each other
• Addressing of locals arguments can be relative
  to stack positions
• Can be managed by stack discipline
• Procedures return in inverse order of calls

• IA32 Procedures Combination of Instructions
  Conventions
• Call / Ret instructions
• Register usage conventions
• Caller / Callee save
• ebp and esp
• Stack frame organization conventions

55
Wrapup

• Recap
• Procedure calling conventions
• Stack pointer
• Base pointer
• Arg passing
• Locals, ptrs to them
• Callee/caller save registers
• Assembly instructions
• call
• ret

• CISC v RISC
• At a high level
• Reading
• CSAPP 3.7