Carnegie Mellon

14-513 18-613

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition

 Carnegie Mellon

Machine-Level Programming I: Basics

14-513/18-613: Introduction to Computer Systems
5th Lecture, May 27, 2020

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 2

 Carnegie Mellon

Today: Machine Programming I: Basics

 History of Intel processors and architectures
 Assembly Basics: Registers, operands, move
 Arithmetic & logical operations
 C, assembly, machine code

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 3

 Carnegie Mellon

Levels of Abstraction
#include <stdio.h>
int main(){
C programmer int i, n = 10, t1 = 0, t2 = 1, nxt;
for (i = 1; i <= n; ++i){
printf("%d, ", t1);
nxt = t1 + t2;
t1 = t2;
t2 = nxt; } Nice clean layers,
return 0; }
but beware…
Assembly programmer

Computer Designer
Gates, clocks, circuit layout, …

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 4

 Carnegie Mellon

Definitions
 Architecture: (also ISA: instruction set architecture) The
parts of a processor design that one needs to understand
for writing correct machine/assembly code
 Examples: instruction set specification, registers
 Machine Code: The byte-level programs that a processor executes
 Assembly Code: A text representation of machine code

 Microarchitecture: Implementation of the architecture

 Examples: cache sizes and core frequency

 Example ISAs:
 Intel: x86, IA32, Itanium, x86-64
 ARM: Used in almost all mobile phones
 RISC V: New open-source ISA
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 5
 Carnegie Mellon

Assembly/Machine Code View

CPU Memory
Addresses
Registers
Data Code
PC Data
Condition Instructions Stack
Codes

Programmer-Visible State
 PC: Program counter  Memory
 Byte addressable array
 Address of next instruction
 Code and user data
 Called “RIP” (x86-64)
 Stack to support procedures
 Register file
 Heavily used program data
 Condition codes
 Store status information about most
recent arithmetic or logical operation
 Used for conditional branching
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 6
 Carnegie Mellon

Assembly Characteristics: Data Types

 “Integer” data of 1, 2, 4, or 8 bytes
 Data values
 Addresses (untyped pointers)

 Floating point data of 4, 8, or 10 bytes

 (SIMD vector data types of 8, 16, 32 or 64 bytes)

 Code: Byte sequences encoding series of instructions

 No aggregate types such as arrays or structures

 Just contiguously allocated bytes in memory

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 7

 Carnegie Mellon

x86-64 Integer Registers

%rax %eax %r8 %r8d

%rbx %ebx %r9 %r9d

%rcx %ecx %r10 %r10d

%rdx %edx %r11 %r11d

%rsi %esi %r12 %r12d

%rdi %edi %r13 %r13d

%rsp %esp %r14 %r14d

%rbp %ebp %r15 %r15d

 Can reference low-order 4 bytes (also low-order 1 & 2 bytes)

 Not part of memory (or cache)
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 8
 Carnegie Mellon

Assembly Characteristics: Operations

 Transfer data between memory and register
 Load data from memory into register
 Store register data into memory

 Perform arithmetic function on register or memory data

 Transfer control
 Unconditional jumps to/from procedures
 Conditional branches
 Indirect branches

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 9

 Carnegie Mellon

Memory Addressing Modes

 Most General Form
D(Rb,Ri,S) Mem[Reg[Rb]+S*Reg[Ri]+ D]
 D: Constant “displacement” 1, 2, or 4 bytes
 Rb: Base register: Any of 16 integer registers
 Ri: Index register: Any, except for %rsp
 S: Scale: 1, 2, 4, or 8 (why these numbers?)

 Special Cases
(Rb,Ri) Mem[Reg[Rb]+Reg[Ri]]
D(Rb,Ri) Mem[Reg[Rb]+Reg[Ri]+D]
(Rb,Ri,S) Mem[Reg[Rb]+S*Reg[Ri]]

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 10

 Carnegie Mellon

Address Computation Examples

%rdx 0xf000
%rcx 0x0100

Address
Expression Address
Computation
0x8(%rdx) 0xf000 + 0x8 0xf008
(%rdx,%rcx) 0xf000 + 0x100 0xf100
(%rdx,%rcx,4) 0xf000 + 4*0x100 0xf400
0x80(,%rdx,2) 2*0xf000 + 0x80 0x1e080
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 11
 Carnegie Mellon

Address Computation Examples

%rdx 0xf000
%rcx 0x0100

Address
Expression Address
Computation
0x8(%rdx) 0xf000 + 0x8 0xf008
(%rdx,%rcx) 0xf000 + 0x100 0xf100
(%rdx,%rcx,4) 0xf000 + 4*0x100 0xf400
0x80(,%rdx,2) 2*0xf000 + 0x80 0x1e080
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 12
 Carnegie Mellon

Moving Data %rax

 Moving Data %rcx
movq Source, Dest %rdx
 Operand Types %rbx
 Immediate: Constant integer data %rsi

Example: $0x400, $-533 %rdi
 Like C constant, but prefixed with ‘$’
 Encoded with 1, 2, or 4 bytes
%rsp
 Register: One of 16 integer registers %rbp
 Example: %rax, %r13
 But %rsp reserved for special use %rN
 Others have special uses for particular instructions
 Memory: 8 consecutive bytes of memory at address given by register
 Simplest example: (%rax)
 Various other “addressing modes” Warning: Intel docs use
mov Dest, Source
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 13
 Carnegie Mellon

movq Operand Combinations

Source Dest Src,Dest C Analog

Reg movq $0x4,%rax temp = 0x4;

Imm
Mem movq $-147,(%rax) *p = -147;

Reg movq %rax,%rdx temp2 = temp1;

movq Reg
Mem movq %rax,(%rdx) *p = temp;

Mem Reg movq (%rax),%rdx temp = *p;

Cannot do memory-memory transfer with a single instruction

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 14
 Carnegie Mellon

Understanding Swap()
Memory
void swap Registers
(long *xp, long *yp)
{ %rdi
long t0 = *xp;
%rsi
long t1 = *yp;
*xp = t1; %rax
*yp = t0;
} %rdx

Register Value
%rdi xp
%rsi yp
swap:
%rax t0
movq (%rdi), %rax # t0 = *xp
%rdx t1 movq (%rsi), %rdx # t1 = *yp
movq %rdx, (%rdi) # *xp = t1
movq %rax, (%rsi) # *yp = t0
ret
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 15
 Carnegie Mellon

Understanding Swap()
Memory
Registers Address
123 0x120
%rdi 0x120
0x118
%rsi 0x100
0x110
%rax 0x108
%rdx 456 0x100

swap:
movq (%rdi), %rax # t0 = *xp
movq (%rsi), %rdx # t1 = *yp
movq %rdx, (%rdi) # *xp = t1
movq %rax, (%rsi) # *yp = t0
ret

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 16

 Carnegie Mellon

Understanding Swap()
Memory
Registers Address
123 0x120
%rdi 0x120
0x118
%rsi 0x100
0x110
%rax 123 0x108
%rdx 456 0x100

swap:
movq (%rdi), %rax # t0 = *xp
movq (%rsi), %rdx # t1 = *yp
movq %rdx, (%rdi) # *xp = t1
movq %rax, (%rsi) # *yp = t0
ret

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 17

 Carnegie Mellon

Understanding Swap()
Memory
Registers Address
123 0x120
%rdi 0x120
0x118
%rsi 0x100
0x110
%rax 123 0x108
%rdx 456 456 0x100

swap:
movq (%rdi), %rax # t0 = *xp
movq (%rsi), %rdx # t1 = *yp
movq %rdx, (%rdi) # *xp = t1
movq %rax, (%rsi) # *yp = t0
ret

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 18

 Carnegie Mellon

Understanding Swap()
Memory
Registers Address
456 0x120
%rdi 0x120
0x118
%rsi 0x100
0x110
%rax 123 0x108
%rdx 456 456 0x100

swap:
movq (%rdi), %rax # t0 = *xp
movq (%rsi), %rdx # t1 = *yp
movq %rdx, (%rdi) # *xp = t1
movq %rax, (%rsi) # *yp = t0
ret

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 19

 Carnegie Mellon

Understanding Swap()
Memory
Registers Address
456 0x120
%rdi 0x120
0x118
%rsi 0x100
0x110
%rax 123 0x108
%rdx 456 123 0x100

swap:
movq (%rdi), %rax # t0 = *xp
movq (%rsi), %rdx # t1 = *yp
movq %rdx, (%rdi) # *xp = t1
movq %rax, (%rsi) # *yp = t0
ret

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 20

 Carnegie Mellon

Today: Machine Programming I: Basics

 History of Intel processors and architectures
 Assembly Basics: Registers, operands, move
 Arithmetic & logical operations
 C, assembly, machine code

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 21

 Carnegie Mellon

Address Computation Instruction

 leaq Src, Dst
 Src is address mode expression
 Set Dst to address denoted by expression

 Uses
 Computing addresses without a memory reference

E.g., translation of p = &x[i];
 Computing arithmetic expressions of the form x + k*y
 k = 1, 2, 4, or 8
 Example
long
long m12(long
m12(long x)
x)
{
Converted to ASM by compiler:
{
return
return x*12;
x*12; leaq
leaq (%rdi,%rdi,2),
(%rdi,%rdi,2), %rax
%rax #
# t
t =
= x+2*x
x+2*x
}
} salq
salq $2,
$2, %rax
%rax #
# return
return t<<2
t<<2
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 22
 Carnegie Mellon

Some Arithmetic Operations

 Two Operand Instructions:
FormatComputation
addq Src,Dest Dest = Dest + Src
subq Src,Dest Dest = Dest  Src
imulq Src,Dest Dest = Dest * Src
shlq Src,Dest Dest = Dest << Src Synonym: salq
sarq Src,Dest Dest = Dest >> Src Arithmetic
shrq Src,Dest Dest = Dest >> Src Logical
xorq Src,Dest Dest = Dest ^ Src
andq Src,Dest Dest = Dest & Src
orq Src,Dest Dest = Dest | Src
 Watch out for argument order! Src,Dest
(Warning: Intel docs use “op Dest,Src”)
 No distinction between signed and unsigned int (why?)
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 23
 Carnegie Mellon

Some Arithmetic Operations

 One Operand Instructions
incq Dest Dest = Dest + 1
decq Dest Dest = Dest  1
negq Dest Dest =  Dest
notq Dest Dest = ~Dest

 See book for more instructions

 Depending how you count, there are 2,034 total x86 instructions

 (If you count all addr modes, op widths, flags, it’s actually 3,683)

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 24

 Carnegie Mellon

Arithmetic Expression Example

arith:
leaq (%rdi,%rsi), %rax
long
long arith
arith addq %rdx, %rax
(long
(long x,
x, long
long y,y, long
long z)z) leaq (%rsi,%rsi,2), %rdx
{
{ salq $4, %rdx
long
long t1
t1 == x+y;
x+y; leaq 4(%rdi,%rdx), %rcx
long
long t2
t2 == z+t1;
z+t1; imulq %rcx, %rax
long
long t3
t3 == x+4;
x+4; ret
long
long t4
t4 == y
y ** 48;
48;
long
long t5
t5 == t3
t3 ++ t4;
t4;
Interesting Instructions
long
long rval
rval == t2
t2 *
* t5;
t5;  leaq: address computation
return
return rval;
rval;  salq: shift
}
}  imulq: multiplication
 Curious: only used once…

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 25

 Carnegie Mellon

Understanding Arithmetic Expression

Example arith:
leaq (%rdi,%rsi), %rax # t1
long
long arith
arith addq %rdx, %rax # t2
(long
(long x,
x, long
long y,y, long
long z)z) leaq (%rsi,%rsi,2), %rdx
{
{ salq $4, %rdx # t4
long
long t1
t1 == x+y;
x+y; leaq 4(%rdi,%rdx), %rcx # t5
long
long t2
t2 == z+t1;
z+t1; imulq %rcx, %rax # rval
long
long t3
t3 == x+4;
x+4; ret
long
long t4
t4 == y
y ** 48;
48;
long
long t5
t5 == t3
t3 ++ t4;
t4; Register Use(s)
long
long rval
rval == t2
t2 *
* t5;
t5; %rdi Argument x
return
return rval;
rval;
}
} %rsi Argument y
%rdx Argument z,
t4
%rax t1, t2, rval
%rcx t5

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 26

 Carnegie Mellon

Today: Machine Programming I: Basics

 History of Intel processors and architectures
 Assembly Basics: Registers, operands, move
 Arithmetic & logical operations
 C, assembly, machine code

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 27

 Carnegie Mellon

Turning C into Object Code

 Code in files p1.c p2.c
 Compile with command: gcc –Og p1.c p2.c -o p
 Use basic optimizations (-Og) [New to recent versions of GCC]
 Put resulting binary in file p

text C program (p1.c p2.c)

Compiler (gcc –Og -S)

text Asm program (p1.s p2.s)

Assembler (gcc or as)

binary Object program (p1.o p2.o) Static libraries

(.a)
Linker (gcc or ld)

binary Executable program (p)

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 28

 Carnegie Mellon

Compiling Into Assembly

C Code (sum.c) Generated x86-64 Assembly
long plus(long x, long y); sumstore:
pushq %rbx
void sumstore(long x, long y, movq %rdx, %rbx
long *dest) call plus
{ movq %rax, (%rbx)
long t = plus(x, y); popq %rbx
*dest = t; ret
}
Obtain (on shark machine) with command
gcc –Og –S sum.c
Produces file sum.s
Warning: Will get very different results on non-Shark
machines (Andrew Linux, Mac OS-X, …) due to
different versions of gcc and different compiler
settings. 29
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition
 Carnegie Mellon

What it really looks like

.globl sumstore
Things that look weird
.type sumstore, @function and are preceded by a ‘.’
sumstore: are generally directives.
.LFB35:
.cfi_startproc
pushq %rbx
.cfi_def_cfa_offset 16 sumstore:
.cfi_offset 3, -16 pushq %rbx
movq %rdx, %rbx movq %rdx, %rbx
call plus call plus
movq %rax, (%rbx) movq %rax, (%rbx)
popq %rbx popq %rbx
.cfi_def_cfa_offset 8 ret
ret
.cfi_endproc
.LFE35:
.size sumstore, .-sumstore

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 30

 Carnegie Mellon

Assembly Characteristics: Data Types

 “Integer” data of 1, 2, 4, or 8 bytes
 Data values
 Addresses (untyped pointers)

 Floating point data of 4, 8, or 10 bytes

 (SIMD vector data types of 8, 16, 32 or 64 bytes)

 Code: Byte sequences encoding series of instructions

 No aggregate types such as arrays or structures

 Just contiguously allocated bytes in memory

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 31

 Carnegie Mellon

Assembly Characteristics: Operations

 Transfer data between memory and register
 Load data from memory into register
 Store register data into memory

 Perform arithmetic function on register or memory data

 Transfer control
 Unconditional jumps to/from procedures
 Conditional branches

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 32

 Carnegie Mellon

Object Code
Code for sumstore  Assembler
0x0400595:  Translates .s into .o
0x53
0x48  Binary encoding of each instruction
0x89  Nearly-complete image of executable code
0xd3  Missing linkages between code in different
0xe8
files
0xf2
0xff  Linker
0xff  Resolves references between files
0xff •
0x48
Total of 14 bytes  Combines with static run-time libraries
• Each instruction 
E.g., code for malloc, printf
0x89
1, 3, or 5 bytes
0x03  Some libraries are dynamically linked
0x5b • Starts at address  Linking occurs when program begins
0xc3 0x0400595
execution

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 33

 Carnegie Mellon

Machine Instruction Example

 C Code
*dest = t;  Store value t where designated by
dest
 Assembly
movq %rax, (%rbx)  Move 8-byte value to memory
Quad words in x86-64 parlance
 Operands:
t: Register %rax
dest: Register %rbx
*dest: Memory M[%rbx]
 Object Code
0x40059e: 48 89 03  3-byte instruction
 Stored at address 0x40059e

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 34

 Carnegie Mellon

Disassembling Object Code

Disassembled
0000000000400595 <sumstore>:
400595: 53 push %rbx
400596: 48 89 d3 mov %rdx,%rbx
400599: e8 f2 ff ff ff callq 400590 <plus>
40059e: 48 89 03 mov %rax,(%rbx)
4005a1: 5b pop %rbx
4005a2: c3 retq

 Disassembler
objdump –d sum
 Useful tool for examining object code
 Analyzes bit pattern of series of instructions
 Produces approximate rendition of assembly code
 Can be run on either a.out (complete executable) or .o file

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 35

 Carnegie Mellon

Alternate Disassembly
Disassembled

Dump of assembler code for function sumstore:

0x0000000000400595 <+0>: push %rbx
0x0000000000400596 <+1>: mov %rdx,%rbx
0x0000000000400599 <+4>: callq 0x400590 <plus>
0x000000000040059e <+9>: mov %rax,(%rbx)
0x00000000004005a1 <+12>:pop %rbx
0x00000000004005a2 <+13>:retq

 Within gdb Debugger

 Disassemble procedure
gdb sum
disassemble sumstore

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 36

 Carnegie Mellon

Alternate Disassembly
Disassembled
Object
Code
Dump of assembler code for function sumstore:
0x0400595: 0x0000000000400595 <+0>: push %rbx
0x53 0x0000000000400596 <+1>: mov %rdx,%rbx
0x48 0x0000000000400599 <+4>: callq 0x400590 <plus>
0x89 0x000000000040059e <+9>: mov %rax,(%rbx)
0xd3 0x00000000004005a1 <+12>:pop %rbx
0xe8 0x00000000004005a2 <+13>:retq
0xf2
0xff
0xff
0xff
 Within gdb Debugger
0x48  Disassemble procedure
0x89 gdb sum
0x03
disassemble sumstore
0x5b
0xc3  Examine the 14 bytes starting at sumstore
x/14xb sumstore
Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 37
 Carnegie Mellon

Machine Programming I: Summary

 History of Intel processors and architectures
 Evolutionary design leads to many quirks and artifacts
 C, assembly, machine code
 New forms of visible state: program counter, registers, ...
 Compiler must transform statements, expressions, procedures into
low-level instruction sequences
 Assembly Basics: Registers, operands, move
 The x86-64 move instructions cover wide range of data movement
forms
 Arithmetic
 C compiler will figure out different instruction combinations to
carry out computation

Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition 38