Lect 4: Instruction Set and Addressing Modes
Download
Report
Transcript Lect 4: Instruction Set and Addressing Modes
Lect 4: Instruction Encoding and
Instruction Set
1
Instruction Encoding
General Instruction Format
TTTTTTTT
7
0
TTTTTTTT
7
0
opcode
(one or two bytes)
(T represents an
opcode bit.)
mod TTT r/m
7 6 5 32 0
“mode r/m”
byte
ss index base
76 5 3 2 0
“s-i-b”
byte
d32| 16 | 8 | none
data32 |16 |8 | none
address
displacement
immediate
data
register and address
mode specifier
Field Name
Description
Number of Bits
w
d
s
reg
mod r/m
Specifies if data is byte or full size (Full size is either 16 or 32 bits)
Specifies Direction of Data Operation
Specifies if an Immediate Data Field Must Sign-Extended
General Register Specifier
Address Mode Specifier (Effective Address can be a General
Register)
Scale Factor for Scaled Index Address Mode
General Register to be used as Index Register
General Register to be used as Base Register
Segment Register Specifier for CS, SS, DS, ES
Segment Register Specifier for CS, SS, DS, ES, FS, GS
For a Conditional Instructions, Specifies a Condition Asserted or a
Condition Negated
1
1
1
3
2 for mod;
3 for r/m
2
3
3
2
3
ss
index
base
sreg2
sreg3
tttn
4
Maeng Lect04-2
Encoding of Operand Length Field
w Field Operation Size
During 16-bit
Data Operations
0
8 Bits
1
16 Bits
Operation Size
During 16-bit
Data Operations
8 Bits
16 Bits
Encoding of reg Field When w Field is not present in Instruction
reg Field
000
001
010
011
100
101
110
111
Register Selected
During
16-bit
Data Operations
AX
CX
DX
BX
SP
BP
SI
DI
Register Selected
During
32-bit
Data Operations
EAX
ECX
EDX
EBX
ESP
EBP
ESI
EDI
Maeng Lect04-3
Encoding of 16-bit Address Mode with “mod
r/m” Byte
mod r/m
Effective Address
mod r/m
Effective Address
00 000
00 001
00 010
00 011
00 100
00 101
00 110
00 111
DS:[BX + SI]
DS:[BX + DI]
SS:[BP + SI]
SS:[BP + SI]
DS:[SI]
DS:[DI]
DS:d16
DS:[BX]
10 000
10 001
10 010
10 011
10 100
10 101
10 110
10 111
DS:[BX + SI+d16]
DS:[BX + DI+d16]
SS:[BP + SI+d16]
SS:[BP + SI+d16]
DS:[SI+d16]
DS:[DI+d16]
SS:[BP+d16]
DS:[BX+d16]
01 000
01 001
01 010
01 011
01 100
01 101
01 110
01 111
DS:[BX+SI+d8]
DS:[BX+DI+d8]
SS:[BP+SI+d8]
SS:[BP+DI+d8]
DS:[SI+d8]
DS:[DI+d8]
SS:[BP+d8]
DS:[BX+d8]
11 000
11 001
11 010
11 011
11 100
11 101
11 110
11 111
register – see left
register – see left
register – see left
register – see left
register – see left
register – see left
register – see left
register – see left
Register Specified by r/m During 16-bit Operations
mod r/m
Function of w Field
w=0
w=1
11 000
AL
AX
11 001
CL
CX
11 010
DL
DX
11 011
BL
BX
11 100
AH
SP
11 101
CH
BP
11 110
DH
SI
11 111
BH
DI
Register Specified by r/m During 32-bit Operations
mod r/m
Function of w Field
w=0
w=1
11 000
AL
EAX
11 001
CL
ECX
11 010
DL
EDX
11 011
BL
EBX
11 100
AH
ESP
11 101
CH
EBP
11 110
DH
ESI
11 111
BH
EDI
Maeng Lect04-4
Encoding of 32-bit Address Mode with “mod
r/m” Byte (no ‘s-i-b’)
mod r/m
Effective Address
mod r/m
Effective Address
00 000
00 001
00 010
00 011
00 100
00 101
00 110
00 111
DS:[EAX]
DS:[ECX]
DS:[EDX]
DS:[EBX]
s-i-b is present
DS:d32
DS:[ESI]
DS:[EDI]
10 000
10 001
10 010
10 011
10 100
10 101
10 110
10 111
DS:[EAX+d32]
DS:[ECX+d32]
DS:[EDX+d32]
DS:[EBX+d32]
s-i-b is present
SS:[EBP+d32]
DS:[ESI+d32]
DS:[EDI+d32]
01 000
01 001
01 010
01 011
01 100
01 101
01 110
01 111
DS:[EAX+d8]
DS:[ECX+d8]
DS:[EDX+d8]
DS:[EBX+d8]
s-i-b is present
SS:[EBP+d8]
DS:[ESI+d8]
DS:[EDI+d8]
11 000
11 001
11 010
11 011
11 100
11 101
11 110
11 111
register – see left
register – see left
register – see left
register – see left
register – see left
register – see left
register – see left
register – see left
Register Specified by r/m During 16-bit Operations
mod r/m
Function of w Field
w=0
w=1
11 000
AL
AX
11 001
CL
CX
11 010
DL
DX
11 011
BL
BX
11 100
AH
SP
11 101
CH
BP
11 110
DH
SI
11 111
BH
DI
Register Specified by r/m During 32-bit Operations
mod r/m
Function of w Field
w=0
w=1
11 000
AL
EAX
11 001
CL
ECX
11 010
DL
EDX
11 011
BL
EBX
11 100
AH
ESP
11 101
CH
EBP
11 110
DH
ESI
11 111
BH
EDI
Maeng Lect04-5
Encoding of 32-bit Address Mode( “mod r/m”
byte and “s-i-b” byte present):
mod base
00 000
00 001
00 010
00 011
00 100
00 101
00 110
00 111
Effective Address
DS:[EAX+ (scaled index)]
DS:[ECX+ (scaled index)]
DS:[EDX+ (scaled index)]
DS:[EBX+ (scaled index)]
SS:[ESP+ (scaled index)]
DS:[d32+ (scaled index)]
DS:[ESI+ (scaled index)]
DS:[EDI+ (scaled index)]
01 000
01 001
01 010
01 011
01 100
01 101
01 110
01 111
DS:[EAX+ (scaled index) +d8]
DS:[ECX+ (scaled index) +d8]
DS:[EDX+ (scaled index) +d8]
DS:[EBX+ (scaled index) +d8]
SS:[ESP+ (scaled index) +d8]
SS:[EBP+ (scaled index) +d8]
DS:[ESI+ (scaled index) +d8]
DS:[EDI+ (scaled index) +d8]
10 000
10 001
10 010
10 011
10 100
10 101
10 110
10 111
DS:[EAX+ (scaled index) +d32]
DS:[ECX+ (scaled index) +d32]
DS:[EDX+ (scaled index) +d32]
DS:[EBX+ (scaled index) +d32]
SS:[ESP+ (scaled index) +d32]
SS:[EBP+ (scaled index) +d32]
DS:[ESI+ (scaled index) +d32]
DS:[EDI+ (scaled index) +d32]
ss
Scale Factor
00
01
10
11
x1
x2
x4
x8
index
Index register
000
001
010
011
100
101
110
111
EAX
ECX
EDX
EBX
no index reg
EBP
ESI
EDI
* Important Note:
When index field is 100, indicating no index register, then
ss field MUST equal 00. If index is 100 and ss does not
equal 00, the effective address is undefined.
Maeng Lect04-6
Encoding the instruction in Machine code
• Example:
– MOV BL, AL ; MOV opcode byte: 100010dw
• d = 0 REG field is source; w =1 for word operation; mod r/m = 11
011; REG = 000
• First byte : 10001000 (88H); Second byte: 11 000 011 (C3H)
– ADD [BX][DI]+1234H, AX; ADD opcode byte : 000000dw
• d=0 REG field is source; w =1 for word operation; mod r/m = 10 001;
REG = 000
• First byte : 00000001 (01H); Second byte: 10 000 001 (81H)
• Resulting Machine code: 01813412H
Maeng Lect04-7
Encoding the instruction in Machine code
– MOV ECX,2 ; MOV opcode byte: 1011w reg (immediate to reg short form)
MOV AX,[EBX+2*ECX] MOV opcode byte: 1000101w (reg/mem to reg)
• MOV ECX,2 ; 1011 1 001 (B9H) 0000 0010 0000 0000 0000 0000 0000 0000
• MOV AX, [EBX+2*ECX]
• First byte : 10001011 Second Byte: 00 000 100 Third byte: 01 001 011
mod REG r/m
ss index base
• The Resulting Machine code: 8B044B
• Address size prefix : 01100111 (67) ; Operand size prefix: 01100110 (66)
• The Result: 66 | B9 00000002
67 | 8B 04 4B
Maeng Lect04-8
80386 Instruction Set
• 80386 base instruction set encoding table: See Fig 4.5
• Instruction Types
–
–
–
–
–
–
–
–
General Data Transfer
Arithmetic/Logic
Shift/Rotate
Bit test and bit scan
Flag Control
Control Transfer
String handling
System Control
Maeng Lect04-9
General Data Transfer
• Data Transfer Instructions
– MOV : 8 instructions ; operation: (dest) (src), Flags Affected: none
• MOV AX,[BP] 10001011 01 000 110 0000 0000
mod reg r/m displacement
• There are several machine codes to represent one MOV instruction.
The assembler must choose an efficient one.
– MOVSX: sign-extend MOVSX EBX, AX (reg from reg/mem)
– MOVZX: zero-extend MOVZX CX, DATA (reg from reg/mem)
Maeng Lect04-10
General Data Transfer
– XCHG operation (dest) (src) ; flags affected : none
• reg/mem with reg, reg with accumulator (short form)
• XCHG AX,DX
– XLAT : Translate String ; operation (AL) ((AL)+(BX)) ; flags
affected: none
– Load Effective Address and Load Pointer Instructions
• LEA : Load effective address ; LEA SI, [DI+BX+5H]
• LDS, LSS, LES, LFS, LGS : Load full pointer (offset: SBA)
into reg and seg reg
– PUSH operation : ((SP)) (src) (SP) (SP)-2 flags affected:
none
– POP
– PUSHA, POPA (all general registers onto/from stack)
– PUSHF, POPF
Maeng Lect04-11
Arithmetic Instructions
• Arithmetic Instructions
• ADD, ADC, INC, AAA, DAA
• SUB, SBB, DEC, NEG, AAS, DAS
• MUL, IMUL, AAM, DIV, IDIV, AAD, CBW, CWD
– AAA : ASCII adjust for addition; flags affected: AF, CF, OF, SF,
ZF, PF undefined
• operation: ALcarry (AL) >0F9H;
if ((AL)&0FH) >9 or (AF) = 1 then (AL)(AL)+6)&0FH;
(AH) (AH)+1+ALcarry; (AF) 1; (CF) 1;
else AF 0; CF 0; (AL) (AL)&0FH ;
Maeng Lect04-12
Arithmetic Instructions
• Example : AL : 32H ASCII code for number 2; BL: 34H
ASCII code for 4
ADD AL,BL ---- AL :66H
AAA
----- AL : 6H
– DAA (Decimal adjust for addition: two packed decimal)
• operation:
if ((AL)&0FH)>9 or (AF)=1 then (AL) (AL)+6, (AF) 1
if ((AL)&0F0H) >90H or (CF) =1 then (AL) (AL)+60H,
(CF) 1
Maeng Lect04-13
Logic Instructions
• Logic Instructions
– AND, OR, XOR, NOT
• Shift Instructions
– SAL/SHL, SHR/SAR, SHLD, SHRD:
– SHL AX, 1; SAR AX, CL
• Rotate Instructions
– ROL, ROR, RCL, RCR
– ROR AX,1; ROL AX, CL
Maeng Lect04-14
Bit Test Instructions
• Bit Test and Bit Scan Instructions
– BT(Bit Test), BTR(Bit test and reset), BTS(Bit test and set),
BTC(Bit test and complement), BSF(Bit scan forward), BSR(Bit
scan reverse)
– BT D, S ; CF BIT[D,S]; saves the value of the bit indicated by
the first operand and the bit offset into the CF flag
– BSF r16,r/m16 or BSF r32, r/m32 ;
scans the bits in the second word or double word operand starting
with bit 0. The ZF flag is set if all the bits are 0; otherwise, the ZF
flag is cleared and the destination register is loaded with the bit
index of the first set bit.
Maeng Lect04-15
Flag Control Set
• Flag-Control Instructions
– LAHF(Load AH from flags), SAHF(Store AH into flags), CLC,
STC, CMC, CLI, STI
– AH : |SF|ZF| - |AF| - |PF| - |CF|
• Compare and Set Instructions
– CMP
– SETcc r/m8: if condition then r/m8 1(not FF) else r/m8 0;
• SETA, SETAE,.....
Maeng Lect04-16
Control Transfer
• Jump Instructions
– Unconditional(JMP) and Conditional Jumps(JA, JAE, .... )
– JMP : Intrasegment jump, Intersegment jump
• Intrasegment jump : short(8-bit displacement: -126 to +129),
direct within segment (16-bit or 32-bit relative), r/m indirect
with segment
• Intersegment jump : direct intersegment (full offset and
selector), indirect intersegment
– Jcc : conditional jump; 8-bit or full displacement
• JA, JAE, ....
Maeng Lect04-17
Control Transfer
• Subroutines and Subroutine-Handling Instructions
– CALL and Return Instructions
– CALL : intrasegment and intersegment call;
• Intrasegment : CALL rel16, or rel32, CALL indirect within
segment
• Intersegment : CALL direct intersegment, CALL indirect
intersegment
– RET
• Intrasegment : RET within segment, RET within segment
Adding Immediate to SP
• Intersegment : RET, RET adding immediate to SP
Maeng Lect04-18
Control Transfer
– Stack Frame Instructions: ENTER and LEAVE
• to allocate and deallocate a data area called a stack frame
• ENTER : make a stack frame
– ENTER imm16,0; Make procedure stack frame
– ENTER imm16,1; Make stack frame for procedure parameter
– ENTER imm16,imm8: Make stack frame for procedure
parameter
– first operand : the number of bytes to be allocated on the stack
for local data storage
second operand: lexical nesting level of the routine
Maeng Lect04-19
Control Transfer
Data for Proc. C
(16 bytes)
BP when executing
Procedure C
BP for Proc. C
BP for Proc. B
BP for Proc. A
BP for Proc. B
Ret addr for proc. B
Procedure A
Procedure B
Enter 32, 1
Enter 12, 2
Leave
Ret
Leave
Ret
Procedure C
Enter 16, 3
Stack
frame
for C
Leave
Ret
Data for Proc. B
(12 bytes)
BP when executing
Procedure B
BP for Proc. B
BP for Proc. A
BP for Proc. A
Ret addr for proc. A
Data for Proc. A
(32 bytes)
BP when executing
Procedure A
Stack frame
for B
Stack frame
for A
BP for Proc. A
Old BP
Maeng Lect04-20
String Handling
• Loop and Loop-handling Instructions
– LOOP, LOOPE/Z, LOOPNE/NZ: CX must be preloaded with a
count
• String and String-Handling Instructions
– MOVSB/W/D, compare string, scan string, load string, store string
– the contents of both SI and DI are automatically incremented or
decremented.
– REP : repeat string;
• Check Array Index Against Bounds
– BOUND r16, m16&16 : check if r16 is within bounds
– BOUND r32, m32&m32: check if r32 is within bounds
operation: if (LeftSRC < [RightSRC] or LeftSRC>
[RightSRC+OperandSize/8])
Maeng Lect04-21
then Interrupt 5;