CS 301 Fall 2001

1
CS 301 Fall 2001 Chapter 7

• Slides by Prof. Hartman, following IBM PC
  Assembly Language Programming by Peter Abel

2
Address types

• Short Same segment, one byte offset, -128 to
  127
• Near Same segment, two byte (80286 and earlier)
  or four byte (80386 and later) offset.
• Far Different segment

3
Branching Instructions

• JMP can jump to Short, Near, or Far addresses
• Jxx can jump to Short or Near (80386) addresses
• LOOP can jump to Short addresses
• CALL can jump to Near or Far addresses

4
Short Jumps

• If the label is before the jump (jumping back)
  NASM will automatically choose a Short jump if
  possible.
• If the label is after the jump (jumping forward)
  NASM will always use a Near jump, unless you
  specify
• jmp short label

5
NASM labels

• Labels beginning with a period are local labels
  they are associated with the most recent
  non-local label.

6
Converting high-level control structures if/else

• if ( condition )
• // body of then_block
• else
• // body of else_block
• In C is roughly equivalent to the following
  assembly code. Note the use of local labels.
• code to set flags based on condition
• jxx .else_block select xx to branch if false
• code for body of then_block
• jmp .endif
• .else_block
• code for body of else_block
• .endif

7
Converting high-level control structures while

• while ( condition )
• // body of loop
• In C is roughly equivalent to the following
  assembly code. Note the use of local labels.
• .while
• code to set flags based on condition
• jxx .endwhile select xx so that branches if
  false
• body of loop
• jmp .while
• .endwhile

8
Converting high-level control structures
do/while

• do
• // body of loop
• while ( condition )
• In C is roughly equivalent to the following
  assembly code. Note the use of local labels.
• .do
• code for body of loop
• code to set flags based on condition
• jxx .do select xx so branches if true

9
Converting high-level control structures for

• Should put here a slide converting for loop

10
LOOP instruction

• LOOP label
• Decrements ecx (or cx in 16-bit mode) and
  branches to label unless ecx is then zero.
• LOOPE/LOOPZ label
• Adds condition that ZF1.
• LOOPNE/LOOPNZ label
• Adds condition that ZF0.

11
Converting high-level control structures for
(again!)

• And should put here a slide using LOOP to convert
  a for loop.

12
CALL and RET

• CALL proc_name
• Pushes IP, sets IP to offset of proc_name (and
  clears processors prefetch instruction queue)
• RET n
• Pops IP (and clears processors prefetch
  instruction queue)
• Possibly pops n arguments from the stack

13
Passing parameters

• Can pass parameters by reference (address) or
  value.
• Can pass parameters in registers or on stack.
• Examples using registers regpassing.asm

14
Passing parameters on the stack 1

• Push parameters on the stack before the CALL
  instruction
• Procedure doesnt pop them off, it accesses them
  directly on the stack
• Avoids having to pop off return address then put
  it back on
• Allows using the parameter multiple times
• Need to use indirect addressing
• Examples using stack stackpassing.asm

15
Indirect Addressing

• Can add registers and/or constants and/or a
  location and get at what is located in the result
• MOV eax,data
• MOV eax,ebx
• MOV eax,dataebx
• MOV eax,ebx2
• MOV eax,ebx8esp4

16
Passing parameters on the stack 2

• CALL places return address on stack, so
  parameters are at esp4 (last parameter
  pushed), esp8 (next to last), etc.
• What if the subroutine pushes something? Now esp
  has changed, so parameters are at esp8 (last
  parameter), etc. Yuck!
• Solution is to set ebp to esp when entering. Then
  esp may change, but ebp wont.

17
Passing parameters on the stack 3

• But what if the routine that called us was using
  ebp? Well have to save it first, and restore it
  when were done.
• push ebp
• mov ebp,esp
• pop ebp
• Parameters are now at ebp8 (last parameter
  pushed), ebp12, etc.

18
C Calling Convention

• Parameters are pushed onto stack in reverse
  order.
• Caller is responsible for removing parameters
  from stack
• Subroutine maintains ebx, esi, edi, ebp, cs, ds,
  ss, es. (and could change eax, ecx, edx)
• Return values are passed via eax (extended to 32
  bits) or ST0 (floating point).

19
Local Variables

• Corresponding to Cs auto (automatic), the
  default of any C/C variable.
• Allow reentrant code.
• Stored on the stack. To make space, subtract
  storage amount from esp. To restore, just put ebp
  back into esp.
• Example factorial.asm

20
More Local Variables Examples

• local1.asm
• local2.asm

21
Prologue and Epilogue

• So the start (prologue) of most subroutines looks
  like
• push ebp
• mov ebp,esp
• sub esp,n where n is immediate, how much space
• And the end (epilogue) looks like
• mov esp,ebp
• pop ebp
• Local storage is from ebp-1 to ebp-n.
  Typically n is a multiple of 4 and you would use
  ebp-4, ebp-8,
• Parameters are located at ebp8 (last parameter
  pushed), ebp12, and so on.

22
ENTER and LEAVE

• ENTER takes two immediate mode parameters. First
  is number of bytes of local storage, second is
  (for C programs) always 0. (The second parameter
  is nesting level, for languages like Pascal that
  can have nested procedures.)
• ENTER n,0 replaces prologue.
• LEAVE (no parameters) replaces epilogue.

23
The Way Its Done

• So the start (prologue) of most subroutines looks
  like
• enter n,0 nhow much local storage space (in
  bytes)
• And the end (epilogue) looks like
• leave
• Local storage is from ebp-1 to ebp-n.
  Typically n is a multiple of 4 and you would use
  ebp-4, ebp-8,
• Parameters are located at ebp8 (last parameter
  pushed), ebp12, and so on.

24
Boolean Operations

• AND, OR, XOR, TEST, NOT
• Useful to set, clear, or test bits
• AND/OR/XOR reg/mem, reg/mem/imm
• Affect CF, OF, PF, SF, and ZF. AF undefined.
• NOT reg/mem
• Reverses 1s and 0s (ones complement)

25
Boolean Operations AND

• AND reg/mem, reg/mem/imm
• Affects CF(0), OF(0), PF, SF, and ZF. AF
  undefined.
• To clear some bits, AND with a binary value with
  0s where you wish to clear and 1s elsewhere.

26
Boolean Operations OR

• OR reg/mem, reg/mem/imm
• Affects CF(0), OF(0), PF, SF, and ZF. AF
  undefined.
• To set some bits, OR with a binary value with 1s
  where you wish to set and 0s elsewhere.

27
Boolean Operations XOR

• XOR reg/mem, reg/mem/imm
• Affects CF(0), OF(0), PF, SF, and ZF. AF
  undefined.
• To flip some bits, XOR with a binary value with
  1s where you wish to flip and 0s elsewhere.
• XOR reg,reg
• The shortest way to set a register to 0

28
Boolean Operations TEST

• TEST reg/mem, reg/mem/imm
• Affects CF(0), OF(0), PF, SF, and ZF. AF
  undefined.
• Just like AND but doesnt put the result in the
  destination (sets flags only)

29
Boolean Operations NOT

• NOT reg/mem
• Affects no flags
• Reverses 1s and 0s (ones complement)

30
Shifting And Rotating Bits

• SHR/SAR/SHRD Shifting right
• SHL/SAL/SHLD Shifting left
• ROR/RCR Rotating right
• ROL/RCL Rotating left
• op reg/mem, CL/imm
• opD reg/mem, reg/mem/imm, CL/imm
• Flags all affect CF, OF, PF, SF, ZF. AF
  undefined.

31
C (and C) Bitwise Operations

• is AND (note is not )
• is OR (again, is different from )
• is NOT
• is XOR
• ltlt is SAL/SHL
• gtgt is SAR/SHR (depending on whether type is
  signed or not)

32
Examples Counting Bits

• Well talk about four methods
• Rotate through all bits, counting for each 1 we
  find.
• Add the 1s up bitcount.c
• Use a table lookup bitcount2.c
• Clear one 1 per iteration of a loop, count how
  many times bitcount3.c