Carnegie Mellon

Machine-Level Programming I: Basics

15-213/18-213: Introduc2on to Computer Systems 5th Lecture, Sep. 10, 2013 Instructors: Randy Bryant, Dave OHallaron, and Greg Kesden

Carnegie Mellon

Today: Machine Programming I: Basics

History of Intel processors and architectures C, assembly, machine code Assembly Basics: Registers, operands, move Intro to x86-64

Carnegie Mellon

Intel x86 Processors

Totally dominate laptop/desktop/server market EvoluJonary design

Backwards compa2ble up un2l 8086, introduced in 1978 Added more features as 2me goes on

Complex instrucJon set computer (CISC)

Many dierent instruc2ons with many dierent formats
But, only small subset encountered with Linux programs Hard to match performance of Reduced Instruc2on Set Computers (RISC) But, Intel has done just that! In terms of speed. Less so for low power.

Carnegie Mellon

Intel x86 EvoluJon: Milestones

Name 8086 Date 1978 Transistors 29K MHz 5-10

First 16-bit Intel processor. Basis for IBM PC & DOS 1MB address space

386

1985

275K

16-33

First 32 bit Intel processor , referred to as IA32 Added at addressing, capable of running Unix

PenJum 4F Core 2 Core i7

2004 2006 2008

125M 291M 731M

2800-3800 1060-3500 1700-3900

4

First 64-bit Intel processor, referred to as x86-64

First mul2-core Intel processor

Four cores (our shark machines)

Carnegie Mellon

Intel x86 Processors, cont.

Machine EvoluJon
386 Pen2um Pen2um/MMX Pen2umPro Pen2um III Pen2um 4 Core 2 Duo Core i7
1985 1993 1997 1995 1999 2001 2006 2008 0.3M 3.1M 4.5M 6.5M 8.2M 42M 291M 731M

Added Features
Instruc2ons to support mul2media opera2ons Instruc2ons to enable more ecient condi2onal opera2ons Transi2on from 32 bits to 64 bits More cores
5

Carnegie Mellon

2013 State of the Art

Core i7 Haswell 2013
1.4B

Features:
4 cores
Max 4.0 GHz Clock 84 Wahs
6

Carnegie Mellon

x86 Clones: Advanced Micro Devices (AMD)

Historically
AMD has followed just behind Intel A lihle bit slower, a lot cheaper

Then
Recruited top circuit designers from Digital Equipment Corp. and
other downward trending companies Built Opteron: tough compe2tor to Pen2um 4 Developed x86-64, their own extension to 64 bits

Carnegie Mellon

Intels 64-Bit History

Intel AZempted Radical Shi[ from IA32 to IA64

Totally dierent architecture (Itanium) Executes IA32 code only as legacy Performance disappoin2ng

AMD Stepped in with EvoluJonary SoluJon

x86-64 (now called AMD64)

Intel Felt Obligated to Focus on IA64

Hard to admit mistake or that AMD is beher

2004: Intel Announces EM64T extension to IA32

Extended Memory 64-bit Technology Almost iden2cal to x86-64!

All but low-end x86 processors support x86-64

But, lots of code s2ll runs in 32-bit mode
8

Carnegie Mellon

Our Coverage

IA32
The tradi2onal x86 shark> gcc m32 hello.c

x86-64
The emerging standard shark> gcc hello.c shark> gcc m64 hello.c

PresentaJon

Book presents IA32 in Sec2ons 3.13.12 Covers x86-64 in 3.13 We will cover both simultaneously Some labs will be based on x86-64, others on IA32
9

Carnegie Mellon

Today: Machine Programming I: Basics

History of Intel processors and architectures C, assembly, machine code Assembly Basics: Registers, operands, move Intro to x86-64

10

Carnegie Mellon

DeniJons

Architecture: (also ISA: instrucJon set architecture) The parts of a processor design that one needs to understand to write assembly code.
Examples: instruc2on set specica2on, registers.

Microarchitecture: ImplementaJon of the architecture.

Examples: cache sizes and core frequency.

Example ISAs (Intel): IA32, x86-64

11

Carnegie Mellon

Assembly Programmers View

CPU Registers PC
CondiJon Codes

Addresses Data Instruc2ons

Memory
Code Data Stack

Programmer-Visible State
PC: Program counter
Address of next instruc2on Called EIP (IA32) or RIP (x86-64)

Memory
Byte addressable array Code and user data Stack to support procedures

Register le

Heavily used program data

CondiJon codes
Store status informa2on about most recent arithme2c or logical opera2on Used for condi2onal branching

12

Carnegie Mellon

Turning C into Object Code

Code in les p1.c p2.c! Compile with command: gcc O1 p1.c p2.c -o p!
Use basic op2miza2ons (-O1) Put resul2ng binary in le p

text

C program (p1.c p2.c) Compiler (gcc -S)

text binary

Asm program (p1.s p2.s) Assembler (gcc or as) Object program (p1.o p2.o) Linker (gcc or ld) StaJc libraries (.a)

binary

Executable program (p)

13

Carnegie Mellon

Compiling Into Assembly

C Code (p1.c) int sum(int x,
{ } int t = x+y; return t; int y)

Generated IA32 Assembly sum:

pushl %ebp movl %esp,%ebp movl 12(%ebp),%eax addl 8(%ebp),%eax popl %ebp ret

Obtain (on shark machine) with command gcc O1 m32 S p1.c Produces le p1.s Warning: Will get very dierent results on non-Shark machines (Andrew Linux, Mac OS-X, ) due to dierent versions of gcc and dierent compiler segngs.
14

Carnegie Mellon

Assembly CharacterisJcs: Data Types

Integer data of 1, 2, or 4 bytes

Data values Addresses (untyped pointers)

FloaJng point data of 4, 8, or 10 bytes No aggregate types such as arrays or structures

Just con2guously allocated bytes in memory

15

Carnegie Mellon

Assembly CharacterisJcs: OperaJons

Perform arithmeJc funcJon on register or memory data Transfer data between memory and register
Load data from memory into register Store register data into memory

Transfer control
Uncondi2onal jumps to/from procedures Condi2onal branches

16

Carnegie Mellon

Object Code
Code for sum 0x08483f4 <sum>:
0x55 0x89 0xe5 0x8b 0x45 0x0c 0x03 0x45 0x08 0x5d 0xc3

Assembler

Translates .s into .o Binary encoding of each instruc2on Nearly-complete image of executable code Missing linkages between code in dierent les

Linker
Resolves references between les Combines with sta2c run-2me libraries
E.g., code for malloc, printf Some libraries are dynamically linked Linking occurs when program begins execu2on

Total of 11 bytes Each instrucJon 1, 2, or 3 bytes Starts at address 0x401040

17

Carnegie Mellon

Machine InstrucJon Example

int t = x+y;

C Code
Add two signed integers

Assembly
Add 2 4-byte integers
Long words in GCC parlance Same instruc2on whether signed

addl 8(%ebp),%eax Similar to expression: x += y More precisely: int eax; int *ebp; eax += ebp[2]

or unsigned Operands: x: Register %eax y: Memory M[%ebp+8] t: Register %eax Return func2on value in %eax

0x80483fa:

03 45 08

Object Code
3-byte instruc2on Stored at address 0x80483fa
18

Carnegie Mellon

Disassembling Object Code

Disassembled
080483f4 <sum>: 80483f4: 55 80483f5: 89 e5 80483f7: 8b 45 0c 80483fa: 03 45 08 80483fd: 5d 80483fe: c3 push mov mov add pop ret %ebp %esp,%ebp 0xc(%ebp),%eax 0x8(%ebp),%eax %ebp

Disassembler
objdump -d p Useful tool for examining object code Analyzes bit pahern of series of instruc2ons Produces approximate rendi2on of assembly code Can be run on either a.out (complete executable) or .o le
19

Carnegie Mellon

Alternate Disassembly
Object 0x080483f4:
0x55 0x89 0xe5 0x8b 0x45 0x0c 0x03 0x45 0x08 0x5d 0xc3

Disassembled

Dump of assembler code for function sum: 0x080483f4 <sum+0>: push %ebp 0x080483f5 <sum+1>: mov %esp,%ebp 0x080483f7 <sum+3>: mov 0xc(%ebp),%eax 0x080483fa <sum+6>: add 0x8(%ebp),%eax 0x080483fd <sum+9>: pop %ebp 0x080483fe <sum+10>: ret

Within gdb Debugger

gdb p disassemble sum Disassemble procedure x/11xb sum Examine the 11 bytes star2ng at sum
20

Carnegie Mellon

What Can be Disassembled?

% objdump -d WINWORD.EXE WINWORD.EXE: file format pei-i386

No symbols in "WINWORD.EXE". Disassembly of section .text: 30001000 <.text>: 30001000: 55 30001001: 8b ec 30001003: 6a ff 30001005: 68 90 10 00 30 3000100a: 68 91 dc 4c 30

push mov push push push

%ebp %esp,%ebp $0xffffffff $0x30001090 $0x304cdc91

Anything that can be interpreted as executable code Disassembler examines bytes and reconstructs assembly source
21

Carnegie Mellon

Today: Machine Programming I: Basics

History of Intel processors and architectures C, assembly, machine code Assembly Basics: Registers, operands, move Intro to x86-64

22

Carnegie Mellon

Integer Registers (IA32)

%eax
general purpose %ax %cx %dx %bx %si %di %sp %bp 16-bit virtual registers (backwards compaJbility) %ah %ch %dh %bh %al %cl %dl %bl

Origin (mostly obsolete)

accumulate counter data base source index destination index

%ecx %edx %ebx %esi %edi %esp %ebp

stack pointer base pointer

23

Carnegie Mellon

Moving Data: IA32

Moving Data
movl Source, Dest:

Operand Types
Immediate: Constant integer data

Example: $0x400, $-533 Like C constant, but prexed with $ Encoded with 1, 2, or 4 bytes Register: One of 8 integer registers Example: %eax, %edx But %esp and %ebp reserved for special use Others have special uses for par2cular instruc2ons Memory: 4 consecu2ve bytes of memory at address given by register Simplest example: (%eax) Various other address modes
24

%eax %ecx %edx %ebx %esi %edi %esp %ebp

Carnegie Mellon

movl Operand CombinaJons

Source Imm movl Reg Dest Src,Dest C Analog
temp = 0x4; *p = -147; temp2 = temp1; *p = temp; temp = *p;

Reg movl $0x4,%eax Mem movl $-147,(%eax) Reg movl %eax,%edx Mem movl %eax,(%edx) Reg
movl (%eax),%edx

Mem

Cannot do memory-memory transfer with a single instrucCon

25

Carnegie Mellon

Simple Memory Addressing Modes

Normal (R) Mem[Reg[R]] Register R species memory address Aha! Pointer dereferencing in C movl (%ecx),%eax Displacement D(R) Mem[Reg[R]+D] Register R species start of memory region Constant displacement D species oset movl 8(%ebp),%edx

26

Carnegie Mellon

Example of Simple Addressing Modes

void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; }

swap: pushl %ebp movl %esp,%ebp pushl %ebx movl movl movl movl movl movl popl popl ret 8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax) %ebx %ebp

Set Up

Body

Finish

27

Carnegie Mellon

Using Simple Addressing Modes

void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; }

swap: pushl %ebp movl %esp,%ebp pushl %ebx movl movl movl movl movl movl popl popl ret 8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax) %ebx %ebp

Set Up

Body

Finish

28

Carnegie Mellon

Understanding Swap
void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; } Oset 12 8 4 yp xp Rtn adr %ebp %esp

Stack (in memory)

0 Old %ebp Register %edx %eax %ecx %ebx Value xp yp t0 t1 -4 Old %ebx

movl movl movl movl movl movl

8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax)

# # # # # #

edx eax ecx ebx *xp *yp

= = = = = =

xp yp *xp (t0) *yp (t1) t1 t0

29

Carnegie Mellon

Understanding Swap
%eax %edx %ecx %ebx %esi %edi %esp %ebp 0x104 movl movl movl movl movl movl 8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax) yp xp Oset 12 8 4 %ebp 0 -4

123 456

Address 0x124 0x120 0x11c 0x118 0x114

0x120 0x124 Rtn adr

0x110 0x10c 0x108 0x104 0x100

# # # # # #

edx eax ecx ebx *xp *yp

= = = = = =

xp yp *xp (t0) *yp (t1) t1 t0

30

Carnegie Mellon

Understanding Swap
%eax %edx %ecx %ebx %esi %edi %esp %ebp 0x104 movl movl movl movl movl movl 8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax) 0x124 yp xp Oset 12 8 4 %ebp 0 -4

123 456

Address 0x124 0x120 0x11c 0x118 0x114

0x120 0x124 Rtn adr

0x110 0x10c 0x108 0x104 0x100

# # # # # #

edx eax ecx ebx *xp *yp

= = = = = =

xp yp *xp (t0) *yp (t1) t1 t0

31

Carnegie Mellon

Understanding Swap
%eax %edx %ecx %ebx %esi %edi %esp %ebp 0x104 movl movl movl movl movl movl 8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax) 0x120 0x124 yp xp Oset 12 8 4 %ebp 0 -4

123 456

Address 0x124 0x120 0x11c 0x118 0x114

0x120 0x124 Rtn adr

0x110 0x10c 0x108 0x104 0x100

# # # # # #

edx eax ecx ebx *xp *yp

= = = = = =

xp yp *xp (t0) *yp (t1) t1 t0

32

Carnegie Mellon

Understanding Swap
%eax %edx %ecx %ebx %esi %edi %esp %ebp 0x104 movl movl movl movl movl movl 8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax) 0x120 0x124 123 yp xp Oset 12 8 4 %ebp 0 -4

123 456

Address 0x124 0x120 0x11c 0x118 0x114

0x120 0x124 Rtn adr

0x110 0x10c 0x108 0x104 0x100

# # # # # #

edx eax ecx ebx *xp *yp

= = = = = =

xp yp *xp (t0) *yp (t1) t1 t0

33

Carnegie Mellon

Understanding Swap
%eax %edx %ecx %ebx %esi %edi %esp %ebp 0x104 movl movl movl movl movl movl 8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax) 0x120 0x124 123 456 yp xp Oset 12 8 4 %ebp 0 -4

123 456

Address 0x124 0x120 0x11c 0x118 0x114

0x120 0x124 Rtn adr

0x110 0x10c 0x108 0x104 0x100

# # # # # #

edx eax ecx ebx *xp *yp

= = = = = =

xp yp *xp (t0) *yp (t1) t1 t0

34

Carnegie Mellon

Understanding Swap
%eax %edx %ecx %ebx %esi %edi %esp %ebp 0x104 movl movl movl movl movl movl 8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax) 0x120 0x124 123 456 yp xp Oset 12 8 4 %ebp 0 -4

456 456

Address 0x124 0x120 0x11c 0x118 0x114

0x120 0x124 Rtn adr

0x110 0x10c 0x108 0x104 0x100

# # # # # #

edx eax ecx ebx *xp *yp

= = = = = =

xp yp *xp (t0) *yp (t1) t1 t0

35

Carnegie Mellon

Understanding Swap
%eax %edx %ecx %ebx %esi %edi %esp %ebp 0x104 movl movl movl movl movl movl 8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax) 0x120 0x124 123 456 yp xp Oset 12 8 4 %ebp 0 -4

456 123

Address 0x124 0x120 0x11c 0x118 0x114

0x120 0x124 Rtn adr

0x110 0x10c 0x108 0x104 0x100

# # # # # #

edx eax ecx ebx *xp *yp

= = = = = =

xp yp *xp (t0) *yp (t1) t1 t0

36

Carnegie Mellon

Complete Memory Addressing Modes

Most General Form D(Rb,Ri,S)

Mem[Reg[Rb]+S*Reg[Ri]+ D]

D: Constant displacement 1, 2, or 4 bytes Rb: Base register: Any of 8 integer registers Ri: Index register: Any, except for %esp
Unlikely youd use %ebp, either

S:

Scale: 1, 2, 4, or 8 (why these numbers?)

Special Cases (Rb,Ri) D(Rb,Ri) (Rb,Ri,S)

Mem[Reg[Rb]+Reg[Ri]] Mem[Reg[Rb]+Reg[Ri]+D] Mem[Reg[Rb]+S*Reg[Ri]]

37

Carnegie Mellon

Today: Machine Programming I: Basics

History of Intel processors and architectures C, assembly, machine code Assembly Basics: Registers, operands, move Intro to x86-64

38

Carnegie Mellon

Data RepresentaJons: IA32 + x86-64

Sizes of C Objects (in Bytes)

C Data Type Generic 32-bit Intel IA32 x86-64 unsigned 4 4 4 int 4 4 4 long int 4 4 8 char 1 1 1 short 2 2 2 oat 4 4 4 double 8 8 8 long double 8 10/12 10/16 char * 4 4 8 Or any other pointer

39

Carnegie Mellon

x86-64 Integer Registers

%rax %rbx %rcx %rdx %rsi %rdi %rsp %rbp
%eax %ebx %ecx %edx %esi %edi %esp %ebp

%r8 %r9 %r10 %r11 %r12 %r13 %r14 %r15

%r8d %r9d %r10d %r11d %r12d %r13d %r14d %r15d

Extend exis2ng registers. Add 8 new ones. Make %ebp/%rbp general purpose

40

Carnegie Mellon

InstrucJons

Long word l (4 Bytes) Quad word q (8 Bytes) New instrucJons:

movl movq addl addq sall salq etc.

32-bit instrucJons that generate 32-bit results

Set higher order bits of des2na2on register to 0 Example: addl

41

Carnegie Mellon

32-bit code for swap

void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; }

swap: pushl %ebp movl %esp,%ebp pushl %ebx movl movl movl movl movl movl popl popl ret 8(%ebp), %edx 12(%ebp), %eax (%edx), %ecx (%eax), %ebx %ebx, (%edx) %ecx, (%eax) %ebx %ebp

Set Up

Body

Finish

42

Carnegie Mellon

64-bit code for swap

swap:
void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; }

movl movl movl movl ret

(%rdi), %eax (%rsi), %edx %edx, (%rdi) %eax, (%rsi)

Set Up Body Finish

Operands passed in registers (why useful?)

First (xp) in %rdi, second (yp) in %rsi 64-bit pointers

No stack operaJons required 32-bit data

Data held in registers %edx and %eax movl opera2on
43

Carnegie Mellon

64-bit code for long int swap

swap_l:
void swap(long *xp, long *yp) { long t0 = *xp; long t1 = *yp; *xp = t1; *yp = t0; }

movq movq movq movq ret

(%rdi), %rax (%rsi), %rdx %rdx, (%rdi) %rax, (%rsi)

Set Up Body Finish

64-bit data
Data held in registers %rdx and %rax movq opera2on

q stands for quad-word

44

Carnegie Mellon

Machine Programming I: Summary

History of Intel processors and architectures

Evolu2onary design leads to many quirks and ar2facts

C, assembly, machine code

Compiler must transform statements, expressions, procedures into
low-level instruc2on sequences

Assembly Basics: Registers, operands, move

The x86 move instruc2ons cover wide range of data movement
forms

Intro to x86-64
A major departure from the style of code seen in IA32

45