x64 Cheat Sheet Fall 2014

Similar documents
CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2017 Lecture 5

CSE351 Spring 2018, Midterm Exam April 27, 2018

CS429: Computer Organization and Architecture

x86 Programming II CSE 351 Winter

Assembly II: Control Flow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

x86-64 Programming II

Assembly II: Control Flow

Where We Are. Optimizations. Assembly code. generation. Lexical, Syntax, and Semantic Analysis IR Generation. Low-level IR code.

Assembly Programming III

Do not turn the page until 5:10.

x86 64 Programming II

CSE 351 Midterm Exam

Machine-Level Programming II: Control

Machine-Level Programming (2)

Machine-Level Programming II: Control

L09: Assembly Programming III. Assembly Programming III. CSE 351 Spring Guest Lecturer: Justin Hsia. Instructor: Ruth Anderson

Control. Young W. Lim Mon. Young W. Lim Control Mon 1 / 16

CS 107. Lecture 13: Assembly Part III. Friday, November 10, Stack "bottom".. Earlier Frames. Frame for calling function P. Increasing address

The Hardware/Software Interface CSE351 Spring 2013

Machine Program: Procedure. Zhaoguo Wang

Intel x86-64 and Y86-64 Instruction Set Architecture

x86 Programming I CSE 351 Winter

CS367. Program Control

CSE 351 Midterm Exam Spring 2016 May 2, 2015

Machine/Assembler Language Putting It All Together

Machine Programming 2: Control flow

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2017 Lecture 12

C to Assembly SPEED LIMIT LECTURE Performance Engineering of Software Systems. I-Ting Angelina Lee. September 13, 2012

CS 33. Machine Programming (2) CS33 Intro to Computer Systems XII 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.

Registers. Ray Seyfarth. September 8, Bit Intel Assembly Language c 2011 Ray Seyfarth

Introduction to 8086 Assembly

Machine Level Programming: Control

Carnegie Mellon. Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition

Do not turn the page until 11:30.

2/12/2016. Today. Machine-Level Programming II: Control. Condition Codes (Implicit Setting) Processor State (x86-64, Partial)

How Software Executes

CSCI 2021: x86-64 Control Flow

CS61 Section Solutions 3

Computer Processors. Part 2. Components of a Processor. Execution Unit The ALU. Execution Unit. The Brains of the Box. Processors. Execution Unit (EU)

Sungkyunkwan University

X86 Addressing Modes Chapter 3" Review: Instructions to Recognize"

Computer Architecture and System Programming Laboratory. TA Session 3

Processor state. Information about currently executing program. %rax, %rdi, ... %r14 %r15. %rsp. %rip CF ZF SF OF. Temporary data

ECE 498 Linux Assembly Language Lecture 3

CS 261 Fall Machine and Assembly Code. Data Movement and Arithmetic. Mike Lam, Professor

Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86

Computer Organization: A Programmer's Perspective

CS 33. Machine Programming (2) CS33 Intro to Computer Systems XI 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Machine-Level Programming II: Control

CSE 401/M501 Compilers

CS356 Unit 5. Translation to Assembly. Translating HLL to Assembly ASSEMBLY TRANSLATION EXAMPLE. x86 Control Flow

x86 Programming I CSE 351 Autumn 2016 Instructor: Justin Hsia

EXPERIMENT WRITE UP. LEARNING OBJECTIVES: 1. Get hands on experience with Assembly Language Programming 2. Write and debug programs in TASM/MASM

complement) Multiply Unsigned: MUL (all operands are nonnegative) AX = BH * AL IMUL BH IMUL CX (DX,AX) = CX * AX Arithmetic MUL DWORD PTR [0x10]

Von Neumann Architecture. Machine Languages. Context of this Lecture. High-Level Languages. Assembly Language: Part 1. Princeton University.

LABORATORY WORK NO. 7 FLOW CONTROL INSTRUCTIONS

Assembly I: Basic Operations. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

IFE: Course in Low Level Programing. Lecture 6

Basic Assembly Instructions

The x86 Architecture

CSC 8400: Computer Systems. Machine-Level Representation of Programs

x86 64 Programming I CSE 351 Autumn 2018 Instructor: Justin Hsia

CSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs

BAHAR DÖNEMİ MİKROİŞLEMCİLER LAB4 FÖYÜ

Princeton University Computer Science 217: Introduction to Programming Systems. Assembly Language: Part 1

Binghamton University. CS-220 Spring x86 Assembler. Computer Systems: Sections

CS 107 Lecture 10: Assembly Part I

Roadmap. Java: Assembly language: OS: Machine code: Computer system:

CS Bootcamp x86-64 Autumn 2015

Ex: Write a piece of code that transfers a block of 256 bytes stored at locations starting at 34000H to locations starting at 36000H. Ans.

Conditional Processing

Assembly Language II: Addressing Modes & Control Flow

Machine- Level Representa2on: Procedure

Roadmap. Java: Assembly language: OS: Machine code: Computer system:

Credits and Disclaimers

5.1. CS356 Unit 5. x86 Control Flow

15-213/ Final Exam Notes Sheet Spring 2013!

CS 3330 Exam 1 Fall 2017 Computing ID:

CS241 Computer Organization Spring 2015 IA

Do not turn the page until 12:30.

An Introduction to x86 ASM

CSE P 501 Compilers. x86 Lite for Compiler Writers Hal Perkins Autumn /25/ Hal Perkins & UW CSE J-1

Branching and Looping

Control flow (1) Condition codes Conditional and unconditional jumps Loops Conditional moves Switch statements

Areas for growth: I love feedback

CMSC 313 Lecture 05 [draft]

University of Washington Computer Science & Engineering Winter 2018 Instructor: Mark Wyse March 14, CSE 351 Final Exam. Last Name: First Name:

Machine- Level Programming II: Arithme6c & Control

Selection and Iteration. Chapter 7 S. Dandamudi

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2018 Lecture 4

Computer Architecture..Second Year (Sem.2).Lecture(4) مدرس المادة : م. سندس العزاوي... قسم / الحاسبات

Lecture 4: x86_64 Assembly Language

Credits to Randy Bryant & Dave O Hallaron

x86-64 Programming III

%r8 %r8d. %r9 %r9d. %r10 %r10d. %r11 %r11d. %r12 %r12d. %r13 %r13d. %r14 %r14d %rbp. %r15 %r15d. Sean Barker

Instructions and Instruction Set Architecture

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2016 Lecture 12

Outline. Review: Assembly/Machine Code View. Processor State (x86-64, Par2al) Condi2on Codes (Explicit Se^ng: Compare) Condi2on Codes (Implicit Se^ng)

Machine-Level Programming II: Control and Arithmetic

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

Transcription:

CS 33 Intro Computer Systems Doeppner x64 Cheat Sheet Fall 2014 1 x64 Registers x64 assembly code uses sixteen 64-bit registers. Additionally, the lower bytes of some of these registers may be accessed independently as 32-, 16- or 8-bit registers. The register names are as follows: 8-byte register Bytes 5-8 Bytes 7-8 Byte 8 %rax %eax %ax %al %rcx %ecx %cx %cl %rdx %edx %dx %dl %rbx %ebx %bx %bl %rsi %esi %si %sil %rdi %edi %di %dil %rsp %esp %sp %spl %rbp %ebp %bp %bpl %r8 %r8d %r8w %r8b %r9 %r9d %r9w %r9b %r10 %r10d %r10w %r10b %r11 %r11d %r11w %r11b %r12 %r12d %r12w %r12b %r13 %r13d %r13w %r13b %r14 %r14d %r14w %r14b %r15 %r15d %r15w %r15b For more details of register usage, see Register Usage, below. 2 Operand Specifiers The basic types of operand specifiers are below. In the following table, Imm refers to a constant value, e.g. 0x8048d8e or 48, E x refers to a register, e.g. %rax, R[E x ] refers to the value stored in register E x, and M[x] refers to the value stored at memory address x. Type Form Operand value Name Immediate $Imm Imm Immediate Register E a R[E a ] Register Memory Imm M[Imm] Absolute Memory (E a ) M[R[E b ]] Absolute Memory Imm(E b, E i, s) M[Imm+R[E b ]+(R[E i ] s)] Scaled indexed

More information about operand specifiers can be found on pages 169-170 of the textbook. 3 x64 Instructions In the following tables, byte refers to a one-byte integer (suffix b), word refers to a two-byte integer (suffix w), doubleword refers to a four-byte integer (suffix l), and quadword refers to an eight-byte value (suffix q). Most instructions, like mov, use a suffix to show how large the operands are going to be. For example, moving a quadword from %rax to %rbx results in the instruction movq %rax, %rbx. Some instructions, like ret, do not use suffixes because there is no need. Others, such as movs and movz will use two suffixes, as they convert operands of the type of the first suffix to that of the second. Thus, assembly to convert the byte in %al to a doubleword in %ebx with zero-extension would be movzbl %al, %ebx. In the tables below, instructions have one suffix unless otherwise stated. 3.1 Data Movement Instructions with one suffix mov S, D Move source to destination 171 push S Push source onto stack 171 pop D Pop top of stack into destination 171 Instructions with two suffixes movs S, D Move byte to word (sign extended) 171 movz S, D Move byte to word (zero extended) 171 Instructions with no suffixes cwtl Convert word in %ax to doubleword in %dx:%ax 182 cltq Convert doubleword in %eax to quadword in %edx:%eax 182 cqto Convert octoword in %rax to octoword in %rdx:%rax 182 3.2 Arithmetic Operations Unless otherwise specified, all arithmetic operation instructions have one suffix. 2

3.2.1 Unary Operations inc D Increment by 1 178 dec D Decrement by 1 178 neg D Arithmetic negation 178 not D Bitwise complement 178 3.2.2 Binary Operations leaq S, D Load effective address of source into destination 177 add S, D Add source to destination 178 sub S, D Subtract source from destination 178 imul S, D Multiply destination by source 178 xor S, D Bitwise XOR destination by source 178 or S, D Bitwise OR destination by source 178 and S, D Bitwise AND destination by source 178 3.2.3 Shift Operations sal / shl k,d Left shift destination by k bits 179 sar k, D Arithmetic right shift destination by k bits 179 shr k, D Logical right shift destination by k bits 179 3.2.4 Special Arithmetic Operations Suffixes are already included in these instructions. imulq S Signed full multiply of %rax by S Result stored in %rdx:%rax 182 mulq S Unsigned full multiply of %rax by S Result stored in %rdx:%rax 182 Signed divide %rdx:%rax by S idivq S Quotient stored in %rax Remainder stored in %rdx 182 Unsigned divide %rdx:%rax by S divq S Quotient stored in %rax Remainder stored in %rdx 182 3.3 Comparison and Test Instructions Comparison instructions also have one suffix. 3

cmp S 2,S 1 Set condition codes according to S 1 S 2 185 test S 2,S 1 Set condition codes according to S 1 &S 2 185 3.4 Accessing Condition Codes None of the following instructions have any suffixes. 3.4.1 Conditional Set Instructions Instruction Description Condition Code Page # sete / setz D Set if equal/zero ZF 187 setne / setnz D Set if not equal/nonzero ~ZF 187 sets D Set if negative SF 187 setns D Set if nonnegative ~SF 187 setg / setnle D Set if greater (signed) ~(SF^OF)&~ZF 187 setge / setnl D Set if greater or equal(signed) ~(SF^OF) 187 setl / setnge D Set if less (signed) SF^OF 187 setle / setng D Set if less or equal (SF^OF) ZF 187 seta / setnbe D Set if above (unsigned) ~CF&~ZF 187 setae / setnb D Set if above or equal (unsigned) ~CF 187 setb / setnae D Set if below (unsigned) CF 187 setbe / setna D Set if below or equal (unsigned) CF ZF 187 3.4.2 Jump Instructions Instruction Description Condition Code Page # jmp Label Jump to label 189 jmp *Operand Jump to specified location 189 je / jz Label Jump if equal/zero ZF 189 jne / jnz Label Jump if not equal/nonzero ~ZF 189 js Label Jump if negative SF 189 jns Label Jump if nonnegative ~SF 189 jg / jnle Label Jump if greater (signed) ~(SF^OF)&~ZF 189 jge / jnl Label Jump if greater or equal(signed) ~(SF^OF) 189 jl / jnge Label Jump if less (signed) SF^OF 189 jle / jng Label Jump if less or equal (SF^OF) ZF 189 ja / jnbe Label Jump if above (unsigned) ~CF&~ZF 189 jae / jnb Label Jump if above or equal (unsigned) ~CF 189 jb / jnae Label Jump if below (unsigned) CF 189 jbe / jna Label Jump if below or equal (unsigned) CF ZF 189 4

3.4.3 Conditional Move Instructions Conditional move instructions do not have any suffixes, but their source and destination operands must have the same size. Instruction Description Condition Code Page # cmove / cmovz S, D Move if equal/zero ZF 206 cmovne / cmovnz S, D Move if not equal/nonzero ~ZF 206 cmovs S, D Move if negative SF 206 cmovns S, D Move if nonnegative ~SF 206 cmovg / cmovnle S, D Move if greater (signed) ~(SF^OF)&~ZF 206 cmovge / cmovnl S, D Move if greater or equal(signed) ~(SF^OF) 206 cmovl / cmovnge S, D Move if less (signed) SF^OF 206 cmovle / cmovng S, D Move if less or equal (SF^OF) ZF 206 cmova / cmovnbe S, D Move if above (unsigned) ~CF&~ZF 206 cmovae / cmovnb S, D Move if above or equal (unsigned) ~CF 206 cmovb / cmovnae S, D Move if below (unsigned) CF 206 cmovbe / cmovna S, D Move if below or equal (unsigned) CF ZF 206 3.5 Procedure Call Instructions Procedure call instructions do not have any suffixes. call Label Push return address and jump to label 221 call *Operand Push return address and jump to specified location 221 leave Set %rsp to %rbp, then pop top of stack into %rbp 221 ret Pop return address from stack and jump there 221 5

4 Coding Practices 4.1 Commenting Each function you write should have a comment at the beginning describing what the function does and any arguments it accepts. In addition, we strongly recommend putting comments alongside your assembly code stating what each set of instructions does in pseudocode or some higherlevel language. Line breaks are also helpful to group statements into logical blocks for improved readability. 4.2 Arrays Arrays are stored in memory as contiguous blocks of data. Typically an array variable acts as a pointer to the first element of the array in memory. To access a given array element, the index value is multiplied by the element size and added to the array pointer. For instance, if arr is an array of ints, the statement: arr[i] = 3; can be expressed in x86-64 as follows (assuming the address of arr is stored in %rax and the index i is stored in %rcx): movq $3, (%rax, %rcx, 8) More information about arrays can be found on pages 232-241 of the textbook. 4.3 Register Usage There are sixteen 64-bit registers in x86-64: %rax, %rbx, %rcx, %rdx, %rdi, %rsi, %rbp, %rsp, and %r8-r15. Of these, %rax, %rcx, %rdx, %rdi, %rsi, %rsp, and %r8-r11 are considered caller-save registers, meaning that they are not necessarily saved across function calls. By convention, %rax is used to store a function s return value, if it exists and is no more than 64 bits long. (Larger return types like structs are returned using the stack.) Registers %rbx, %rbp, and %r12-r15 are callee-save registers, meaning that they are saved across function calls. Register %rsp is used as the stack pointer, a pointer to the topmost element in the stack. Additionally, %rdi, %rsi, %rdx, %rcx, %r8, and %r9 are used to pass the first six integer or pointer parameters to called functions. Additional parameters (or large parameters such as structs passed by value) are passed on the stack. In 32-bit x86, the base pointer (formerly %ebp, now %rbp) was used to keep track of the base of the current stack frame, and a called function would save the base pointer of its caller prior to updating the base pointer to its own stack frame. With the advent of the 64-bit architecture, this has been mostly eliminated, save for a few special cases when the compiler cannot determine ahead of time how much stack space needs to be allocated for a particular function(see Dynamic stack allocation). 6

4.4 Stack Organization and Function Calls 4.4.1 Calling a Function To call a function, the program should place the first six integer or pointer parameters in the registers %rdi, %rsi, %rdx, %rcx, %r8, and %r9; subsequent parameters (or parameters larger than 64 bits) should be pushed onto the stack, with the first argument topmost. The program should then execute the call instruction, which will push the return address onto the stack and jump to the start of the specified function. Example: # Call foo(1, 15) movq $1, %rdi # Move 1 into %rdi movq $15, %rsi # Move 15 into %rsi call foo # Push return address and jump to label foo If the function has a return value, it will be stored in %rax after the function call. 4.4.2 Writing a Function An x64 program uses a region of memory called the stack to support function calls. As the name suggests, this region is organized as a stack data structure with the top of the stack growing towards lower memory addresses. For each function call, new space is created on the stack to store local variables and other data. This is known as a stack frame. To accomplish this, you will need to write some code at the beginning and end of each function to create and destroy the stack frame. Setting Up: When a call instruction is executed, the address of the following instruction is pushed onto the stack as the return address and control passes to the specified function. If the function is going to use any of the callee-save registers (%rbx, %rbp, or %r12-r15), the current value of each should be pushed onto the stack to be restored at the end. For example: pushq %rbx pushq %r12 pushq %r13 Finally, additional space may be allocated on the stack for local variables. While it is possible to make space on the stack as needed in a function body, it is generally more efficient to allocate this space all at once at the beginning of the function. This can be accomplished using the call subq $N, %rsp where N is the size of the callee s stack frame. For example: subq $0x18, %rsp # Allocate 24 bytes of space on the stack This set-up is called the function prologue. 7

Using the Stack Frame: Once you have set up the stack frame, you can use it to store and access local variables: Arguments which cannot fit in registers (e.g. structs) will be pushed onto the stack before the call instruction, and can be accessed relative to %rsp. Keep in mind that you will need to take the size of the stack frame into account when referencing arguments in this manner. If the function has more than six integer or pointer arguments, these will be pushed onto the stack as well. For any stack arguments, the lower-numbered arguments will be closer to the stack pointer. That is, arguments are pushed on in right-to-left order when applicable. Local variables will be stored in the space allocated in the function prologue, when some amount is subtracted from %rsp. The organization of these is up to the programmer. Cleaning Up: After the body of the function is finished and the return value (if any) is placed in %rax, the function must return control to the caller, putting the stack back in the state in which it was called with. First, the callee frees the stack space it allocated by adding the same amount to the stack pointer: addq $0x18, %rsp # Give back 24 bytes of stack space Then, it pops off the registers it saved earlier popq %r13 # Remember that the stack is FILO! popq %r12 popq %rbx Finally, the program should return to the call site, using the ret instruction: ret Summary: Putting it together, the code for a function should look like this: foo: pushq %rbx # Save registers, if needed pushq %r12 pushq %r13 subq $0x18, %rsp # Allocate stack space # Function body addq $0x18, %rsp # Deallocate stack space popq %r13 # Restore registers popq %r12 popq %rbx ret # Pop return address and return control to caller 8

4.4.3 Dynamic stack allocation You may find that having a static amount of stack space for your function does not quite cut it. In this case, we will need to borrow a tradition from 32-bit x86 and save the base of the stack frame into the base pointer register. Since %rbp is a callee-save register, it needs to be saved before you change it. Therefore, the function prologue will now be prefixed with: pushq movq %rbp %rsp, %rbp Consequently, the epilogue will contain this right before the ret: movq popq %rbp, %rsp %rbp This can also be done with a single instruction, called leave. The epilogue makes sure that no matter what you do to the stack pointer in the function body, you will always return it to the right place when you return. Note that this means you no longer need to add to the stack pointer in the epilogue. This is an example of a function which allocates between 8-248 bytes of random stack space during its execution: pushq %rbp # Use base pointer movq %rsp, %rbp pushq %rbx # Save registers pushq %r12 subq $0x18, %rsp # Allocate some stack space... call rand # Get random number andq $0xF8, %rax # Make sure the value is 8-248 bytes and # aligned on 8 bytes subq %rax, %rsp # Allocate space... movq (%rbp), %r12 # Restore registers from base of frame movq 0x8(%rbp), %rbx movq %rbp, %rsp # Reset stack pointer and restore base pointer popq %rbp ret This sort of behavior can be accessed from C code by calling pseudo-functions like alloca, which allocates stack space according to its argument. More information about the stack frame and function calls can be found on pages 219-232 of the textbook. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback