Chapter 4

Data Transfer, Addressing and Arithmetic

Lecture by: Atiya Jokhio

General Concepts

• This chapter introduces some essential instructions for transferring data , performing
arithmetic, basic addressing modes, such as direct, immediate, and indirect, which
make it possible to process arrays.
• Along with that, we show how to create loops, and use some of the basic operators,
such as OFFSET, PTR, and LENGTHOF.

2
Operand Types

• Instructions can have zero, one, two, or three operands.

• Mnemonic
• mnemonic [destination]
• mnemonic [destination],[source]
• mnemonic [destination],[source-1],[source-2]

3
Operand Types (Cont.)

• There are three basic types of operands

- Immediate—uses a numeric literal expression/ a constant integer (8, 16, 32 bits)
- Register—uses a named register in the CPU
- Memory—references a memory location
Operand Types (Cont.)
Direct Memory Operands

• Variable names are references to offsets within the data segment.

• A direct memory operand is a named reference to storage in memory

• The named reference(label) is automatically dereferenced by the assembler

MOV Instruction
The MOV instruction copies data from a source operand to a destination operand. Known
as a data transfer instruction.

The destination operand’s contents change, but the source operand is unchanged.
• Both operands must be the same size.
• Both operands cannot be memory operands.
• The instruction pointer register (IP, EIP, or RIP) cannot be a destination operand.
Here is a list of the standard MOV instruction formats:
MOV reg,reg
MOV mem,reg
MOV reg,mem
MOV mem,imm
MOV reg,imm
MOV Instruction
• Memory to Memory
A single MOV instruction cannot be used to move data directly from one memory
location to another. Instead, you must move the source operand’s value to a
register before assigning its value to a memory operand:

.data
var1 WORD ?
var2 WORD ?
.code
mov ax,var1
mov var2,ax
Zero/Sign Extension of Integers
• Although MOV cannot directly copy data from a smaller operand to a larger
one
Zero/Sign Extension of Integers
Zero/Sign Extension of Integers
The effective result of this example was to use the highest bit of the source operand (1) to fill
the upper 16 bits of the destination operand, ECX. This technique is called sign extension.

• MOVZX Instruction
The MOVZX instruction (move with zero-extend) copies the contents of a source operand into
a destination operand and zero-extends the value to 16 or 32 bits.
This instruction is only used with unsigned integers.
There are three variants:
MOVZX reg32,reg/mem8
MOVZX reg32,reg/mem16
MOVZX reg16,reg/mem8
Zero/Sign Extension of Integers

• MOVZX Instruction
Zero/Sign Extension of Integers

• MOVZX Instruction

.data
Byte1 BYTE 9Bh
Word1 WORD 0A69Bh

.code
Movzx eax,word1 ;EAX=0000A69Bh
Movzx edx,byte1 ;EDX=0000009Bh
Movzx cx,byte1 ;CX=009Bh
Zero/Sign Extension of Integers

• MOVSX Instruction

The MOVSX instruction (move with sign-extend) copies the contents of a source operand into
a destination operand and sign-extends the value to 16 or 32 bits.
This instruction is only used with signed integers.
There are three variants:
MOVSX reg32,reg/mem8
MOVSX reg32,reg/mem16
MOVSX reg16,reg/mem8
Zero/Sign Extension of Integers

• MOVSX Instruction
Example:
XCHG Instruction
The XCHG (exchange data) instruction exchanges the contents of two operands. There are
three variants:
XCHG reg,reg
XCHG reg,mem
XCHG mem,reg

The rules for operands in the XCHG instruction are the same as those for the MOV
instruction except that XCHG does not accept immediate operands.
XCHG Instruction (Cont.)
Direct-Offset Operands

Lets you access memory locations that may not have explicit labels.
A constant is added to a data label to produce an effective address (EA). The address is
dereferenced to get the value inside its memory location.

Furthermore for third element,

mov al,[arrayB+2] ; AL = 30h
Direct-Offset Operands

• Word and Doubleword Arrays

Addition & Subtraction
• INC and DEC Instructions
The INC (increment) and DEC (decrement) instructions, respectively, add 1 and
subtract 1 from a register or memory operand.
The syntax is
INC reg/mem
DEC reg/mem
Addition & Subtraction
• ADD Instruction
The ADD instruction adds a source operand to a destination operand of the same
size.
The syntax is
ADD dest,source

• SUB Instruction
The SUB instruction subtracts a source operand from a destination operand.
The syntax is
SUB dest,source

• The set of possible operands is the same as for the ADD and MOV instructions.
Addition & Subtraction
Addition & Subtraction

• NEG Instruction
The NEG (negate) instruction reverses the sign of a number by converting the
number to its two’s complement.
The following operands are permitted:
NEG reg
NEG mem
Addition & Subtraction

• Flags Affected by Addition and Subtraction

• The ALU has a number of status flags that reflect the out come of arithmetic
(and bitwise) operations.
•based on the contents of the destination operand

• We use the values of CPU status flags to check the outcome of arithmetic
operations and to activate conditional branching instructions.
Addition & Subtraction

• Flags Affected by Addition and Subtraction

Addition & Subtraction

• Unsigned Operations: Zero, Carry, and Auxiliary Carry

• Addition and the Carry Flag

When adding two unsigned integers, the Carry flag is a copy of the carry out of the
most significant bit of the destination operand.
we can say CF=1, when the sum exceeds the storage size of its destination operand.
Addition & Subtraction

• Subtraction and the Carry Flag

A subtract operation sets the Carry flag when a larger unsigned integer is subtracted
from a smaller one.
Addition & Subtraction

• Auxiliary Carry
The Auxiliary Carry (AC) flag indicates a carry or borrow out of bit 3 in the destination
operand.
• It is primarily used in binary coded decimal (BCD) arithmetic.
Addition & Subtraction

• Parity Flag
The Parity flag (PF) is set when the least significant byte of the destination has an
even number of 1 bits.
Addition & Subtraction

• Signed Operations: Sign and Overflow Flags

• Sign Flag
The Sign flag is set when the result of a signed arithmetic operation is negative.

• Overflow Flag
The Overflow flag is set when the result of a signed arithmetic operation overflows or
underflows the destination operand
Addition & Subtraction

NEG Instruction
The NEG instruction produces an invalid result if the destination operand cannot
be stored correctly. For example, if we move 128 to AL and try to negate it, the
correct value (128) will not fit into AL. The Overflow flag is set, indicating that AL
contains an invalid value:

mov al,-128 ; AL = 10000000b

neg al ; AL = 10000000b, OF = 1
Data-Related Operators and Directives
• Operators and directives are not executable instructions; instead, they are interpreted by the
assembler.
Data-Related Operators and Directives
• OFFSET OPERATOR
• The OFFSET operator returns the offset of a data label. The offset represents the
distance, in bytes, of the label from the beginning of the data segment.
Data-Related Operators and Directives
• OFFSET OPERATOR
Assuming, data segment begins at 00404000h:

OFFSET can also be applied to a direct-offset operand.

Data-Related Operators and Directives
• PTR OPERATOR
• You can use the PTR operator to override the declared size of an operand.
• Suppose, for example, that you would like to move the lower 16 bits of a doubleword
variable named myDouble into AX. The assembler will not permit the following move
because the operand sizes do not match:

• But the WORD PTR operator makes it possible to move the low-order word (5678h)
to AX:
Data-Related Operators and Directives
• PTR OPERATOR [Cont.]

• Moving Smaller Values into Larger Destinations

Data-Related Operators and Directives
• TYPE OPERATOR
The TYPE operator returns the size, in bytes, of a single element of a variable.
For example:

.code
mov ax, type var1 ; AX = 0001
Data-Related Operators and Directives
• LENGTHOF OPERATOR
The LENGTHOF operator counts the number of elements in an array, defined by the values
appearing on the same line as its label.
For example:

.code
mov ax, LENGTHOF byte1 ; AX = 3
Data-Related Operators and Directives
• SIZEOF OPERATOR
The SIZEOF operator returns a value that is equivalent to multiplying LENGTHOF by TYPE.
For example:
Data-Related Operators and Directives
• LABEL Directive
• The LABEL directive assigns an alternate label name and type to an existing storage
location. LABEL does not allocate any storage of its own.
• A common use of LABEL is to provide an alternative name and size attribute for the variable
declared next in the data segment.

For example:
Indirect Addressing
• Indirect operand
• Direct addressing is rarely used for array processing because it is impractical to use constant
off-sets to address more than a few array elements. Instead, we use a register as a pointer
(called indirect addressing) and manipulate the register’s value.
• An indirect operand holds the address of a variable, usually an array or string. It can be
dereferenced (just like a pointer).
For example
Indirect Addressing
• Indirect operand [Cont.]
The size of an operand may not be evident from the context of an instruction.

The assembler does not know whether ESI points to a byte, word, doubleword, or some other
size. The PTR operator confirms the operand size
Indirect Addressing
• Arrays
Indirect operands are ideal tools for stepping through arrays.

array of 8-bit integers array of 16-bit integers array of 32-bit integers

Indirect Addressing
• Indexed Operands
• An indexed operand adds a constant to a register to generate an effective address. Any of the 32-bit
general-purpose registers may be used as index registers. There are two notational forms:
Indirect Addressing
• Indexed Operands [Cont.]
Adding Displacements:
• The second type of indexed addressing combines a register with a constant offset.
Indirect Addressing
• Indexed Operands [Cont.]
Scale Factors in Indexed Operands
It is done by setting ESI to the array subscript and multiplying ESI by the scale factor.
Indirect Addressing
• Pointers
A variable containing the address of another variable is called a pointer.
Jump and Loop Instructions

• By default, the CPU loads and executes programs sequentially. But the current instruction
might be conditional, meaning that it transfers control to a new location in the program
based on the values of CPU status flags (Zero, Sign, Carry, etc.)
• A transfer of control, or branch, is a way of altering the order in which statements are
executed. There are two basic types of transfers:

• Unconditional Transfer: Control is transferred to a new location in all cases; a new

address is loaded into the instruction pointer, causing execution to continue at the new
address. The JMP instruction does this.

• Conditional Transfer: The program branches if a certain condition is true. A wide variety
of conditional transfer instructions can be combined to create conditional logic structures.
The CPU interprets true/false conditions based on the contents of the ECX and Flags
registers.
Jump and Loop Instructions

JMP instruction
• The JMP instruction causes an unconditional transfer to a destination, identified by a code label that is
translated by the assembler into an offset.
• The syntax is
JMP destination
• When the CPU executes an unconditional transfer, the offset of destination is moved into the instruction
pointer, causing execution to continue at the new location.

SAMPLE:
inc eax
mov bx,ax
jmp SAMPLE
Jump and Loop Instructions

Loop instruction
• The LOOP instruction, formally known as Loop According to ECX Counter, repeats a block
of statements a specific number of times.
• ECX is automatically used as a counter and is decremented each time the loop
repeats. Its syntax is
LOOP destination

• The loop destination must be within -128 to +127 bytes of the current location
counter.
• -128 bytes is the largest backward jump from current instruction +127 bytes is the
largest forward jump.
Jump and Loop Instructions
Loop instruction
• The execution of the LOOP instruction involves two steps:
1. First, it subtracts 1 from ECX.
2. it compares ECX to zero.

• If ECX is not equal to zero, a jump is taken to the label identified by destination.
Otherwise, if ECX equals zero, no jump takes place, and control passes to the instruction
following the loop.
.code
main PROC
mov eax,0
mov ecx,5
L1:
inc ax
call DumpRegs
loop L1
Jump and Loop Instructions
Loop instruction

INCLUDE Irvine32.inc
.data
intArray WORD 100h, 200h, 300h, 400h, 500h

.code
main PROC
mov esi,0
mov eax,0
mov ecx,LENGTHOF intArray
L1:
mov ax, intArray[esi]
add esi, TYPE intArray
call DumpRegs
loop L1
TASK
• Calculates the sum of the integers 5 + 4 + 3 +2 + 1 using Loop
TASK
• Calculates the sum of the integers 5 + 4 + 3 +2 + 1 using Loop
Jump and Loop Instructions
Loop instruction

If you need to modify ECX inside a loop, you can save it in a variable at the beginning of the loop and
restore it just before the LOOP instruction
Jump and Loop Instructions
Nested Loop instruction

When creating a loop inside another loop, special consideration must be given to the outer loop counter in
ECX. You can save it in a variable.
Jump and Loop Instructions
Nested Loop instruction

INCLUDE Irvine32.inc
.code
main PROC
mov eax, 0
mov ebx, 0
mov ecx, 5
L1:
inc eax
mov edx, ecx
call dumpregs
mov ecx, 10
L2:
inc ebx
call dumpregs
loop L2
mov ecx, edx
loop L1
Jump and Loop Instructions