Something about assembly

8/7/2019 Something about assembly

1/28

Something about assembly

Paolo Bonzini

April 28th, 2010


2/28

Outline

Basic x86 assembly syntax

Registers

Addressing modes (16-bit vs. 32-bit) Instructions

Basic GCC __asm__ syntax

Resources


3/28

Prerequisites

You are not scared by assembly

Maybe you even enjoyed some of it in school

You have overheard some conversationsbetween assembly/compiler junkies

Real mode/protected mode

Position-independent code


4/28

x86 registers

31 16 15 8 7 0

%al%ah

%ax

%eax (386+)

%eax %ax %ah %al

%ebx %bx %bh %bl

%ecx %cx %ch %cl

%edx %dx %dh %dl

%esi %si --%edi %di --

%ebp %bp --

%esp %sp --


5/28

%rbp %ebp %bp %bpl

%rsp %esp %sp %spl

%r8

%r15

%r8d

%r15d

%r8w

%r15w

%r8b

%r15b

x86-64 registers

63 31 16 15 8 7 0

%rax %eax %ax %al

%rbx %ebx %bx %bl

%rcx %ecx %cx %cl

%rdx %edx %dx %dl%rsi %esi %si %sil

%rdi %edi %di %dil %ah %bh %ch %dh


6/28

Other registers

Flags

Protected mode

Control registers (%crN) Descriptor registers (ldtr, gdtr, idtr)

Model-specific registers

Hardware breakpoints

Debug registers (%drN)

Segment registers


7/28

x86 Segmentation

Real mode Protected mode

20-bit addressing 32-bit addressing

Segment register contributesto bits 4:19 of address

Segment register points intoLDT or GDT

Shifted segment registersummed to 16-bit address

Base value (from LDT/GDT)summed to 32-bit address

No paging: memory accessedonly by physical address

Optional paging (virtualaddressing)

%cs, %ds, %es, %fs, %gs,%ss often point to differentbases

%cs, %ds, %es, %ss accessthe entire address space(but it's just a convention)

%fs/%gs often don't (usede.g. for thread-local storage)


8/28


9/28

x86 Addressing examples

16-bit 32-bit

ofs(%base, %index) 8(%bp) 16(%si) (%bx,%si) %es:(%di) SYMBOL_NAME

ofs(%base, %index, %scale) 8(%ebp) (%esi,eax,4) SYMBOL(,%esi,2) %fs:24

64-bit

Same as 32-bit 8(%rbp) one addition: 8(%rip)


10/28

Instruction syntax

Three syntaxes

Intel: looks nicer, actually very quirky.Often used on Windows

AT&T: ugly as hell, but a bit more orthogonal.Most common on Unices

nasm: tries to make Intel syntax less quirky.Nice, but not widespread

I'll cover AT&T syntax only


11/28

Instruction syntax

Operand size often unnecessary, butdouble-checked by assembler

Two-operand arithmetic, destination last Immediates (incl. addresses) look like $2

Up to one memory operand usually allowed

Instruction SourceOperand size

(b,w,l,q)

Destination

movl 32(%esp), %eax


12/28

Some mnemonics mov

Arithmetics: add, sub, and, or, xor, cmp,test

dest op source, set flags cmp and test do not write to dest

Extension (two operand sizes): movs, movz

Example: movsbl

Stack: push, pop

Flow transfer: jmp, call, ret, jCOND


13/28


14/28


15/28

Advanced keywords

Protected mode

Protection levels (aka rings)

Descriptor tables

Gates

Paging

Segment descriptor cache

Big real mode


16/28

GCC asm statements

asm [volatile]

(template

: outputs

: inputs

: clobbers)

Volatile asm: cannotbe scheduled oreliminated

Four colon-separatedsections

All sections optional,

but at least one colonmust be there


17/28


18/28

GCC asm statements

asm [volatile]

(template

: outputs

: inputs

: clobbers)

Comma separated

Format:=r (C lvalue)=m (C lvalue)

=rm allows morethan one choice

If no outputs, asm isautomatically madevolatile


19/28

GCC asm statements

asm [volatile]

(template

: outputs

: inputs

: clobbers)

Comma separated

Format:r (C expression)m (C expression)i (C constant)

NN (C expression):

use same place as theNN-th output


20/28

GCC asm statements

asm [volatile]

(template

: outputs

: inputs

: clobbers)

List of registersdestroyed by the asm

Add memory if theasm reads or writesmemory

Used for register

allocation andscheduling


21/28

Why?

Provides high-level information about theoperands

Very effective inlining and CSE

Tightly integrated with register allocation

Fewer moves for inputs and outputs

Also integrated with instruction selection

r (0) becomes a xor

m (0x12345678) can be taken from .rodata


22/28

Simple example

asm volatile ("movq %0, %%cr0"

:: "r" (ctxt >cr0));

Likely becomes two instructions

Load ctxt->cr0 in a register

movq reg, %cr0

Still register allocation, inlining etc. can be

creative and optimize it to one instruction


23/28

Explicit register choices

register long _eax asm("eax") =

SYS_read;

register int _ebx asm("ebx") = fd;

register void*_ecx asm("ecx") = buf;

register long _edx asm("edx") = len;asm volatile ("int $0x80"

: "=r" (_eax)

: "0" (_eax), "r" (_ebx),

"r" (_ecx), "r" (_edx)

: "memory", "cc")

Use matching constraint if the sameregister is used for input and output


24/28

Single-register constraints

asm volatile

("movl %1,%%eax; int $0x80"

: "=a" (result)

: "i" (SYS_read), "b" (fd),

"c" (buf), "d" (len)

: "memory", "cc")

a/b/c/d/S/D for %eax...%edx, %esi...%edi

Other registers not available Use matching constraint here too


25/28


26/28


27/28

Resources

http://www.intel.com/products/processor/manuals/

http://developer.amd.com/documentation/

guides/Pages/default.aspx#Manuals http://www.ibiblio.org/gferg/ldp/GCC-Inline-

Assembly-HOWTO.html
http://www.intel.com/products/processor/manuals/http://www.intel.com/products/processor/manuals/http://developer.amd.com/documentation/guides/Pages/default.aspx#Manualshttp://developer.amd.com/documentation/guides/Pages/default.aspx#Manualshttp://www.ibiblio.org/gferg/ldp/GCC-Inline-Assembly-HOWTO.htmlhttp://www.ibiblio.org/gferg/ldp/GCC-Inline-Assembly-HOWTO.htmlhttp://www.ibiblio.org/gferg/ldp/GCC-Inline-Assembly-HOWTO.htmlhttp://www.ibiblio.org/gferg/ldp/GCC-Inline-Assembly-HOWTO.htmlhttp://developer.amd.com/documentation/guides/Pages/default.aspx#Manualshttp://developer.amd.com/documentation/guides/Pages/default.aspx#Manualshttp://www.intel.com/products/processor/manuals/http://www.intel.com/products/processor/manuals/


28/28

That's all

Q&A

Something about assembly

Documents

Transcript of Something about assembly