Assembly Languages Assembly Languages

Computer Organization &

Computer Organization &

Assembly Languages Assembly Languages

Pu-Jen Cheng

Conditional Processing

Adapted from the slides prepared by Kip Irvine for the book, Assembly Language for Intel-Based Computers, 5th Ed.

Chapter Overview

„

Boolean and Comparison Instructions

„

Conditional Jumps

„

Conditional Loop Instructions C diti l St t

„

Conditional Structures

„

Application: Finite-State Machines

„

Decision Directives

Boolean and Comparison Instructions

„

CPU Status Flags

„

AND Instruction

„

OR Instruction

„

XOR Instruction

„

NOT Instruction

„

Applications

„

TEST Instruction

„

CMP Instruction

Status Flags - Review

„

The Zero flag is set when the result of an operation equals zero.

„

The Carry flag is set when an instruction generates a result that is too large (or too small) for the destination operand.

„

The Sign flag is set if the destination operand is negative, and it is clear if the destination operand is positive.

„

The Overflow flag is set when an instruction generates an invalid signed result.

„

The Parity flag is set when an instruction generates an even number of 1 bits in the low byte of the destination operand.

„

The Auxiliary Carry flag is set when an operation produces a carry out

from bit 3 to bit 4

AND Instruction

„

Performs a Boolean AND operation between each pair of matching bits in two operands

„

Syntax: (OF=0,CF=0,SF,ZF,PF)

AND destination, source

( d t MOV)

AND

(same operand types as MOV)

0 0 1 1 1 0 1 1 0 0 0 0 1 1 1 1 0 0 0 0 1 0 1 1

AND

unchanged cleared

OR Instruction

„

Performs a Boolean OR operation between each pair of matching bits in two operands

„

Syntax: (OF=0,CF=0,SF,ZF,PF)

OR destination, source ^OR

0 0 1 1 1 0 1 1 0 0 0 0 1 1 1 1 0 0 1 1 1 1 1 1

OR

set unchanged

XOR Instruction

„

Performs a Boolean exclusive-OR operation between each pair of matching bits in two operands

„

Syntax: (OF=0,CF=0,SF,ZF,PF)

XOR destination, source

XOR

,

0 0 1 1 1 0 1 1 0 0 0 0 1 1 1 1 0 0 1 1 0 1 0 0

XOR

inverted unchanged

XOR is a useful way to invert the bits in an operand.

NOT Instruction

„

Performs a Boolean NOT operation on a single destination operand

„

Syntax: (no flag affected)

NOT destination

NOT

0 0 1 1 1 0 1 1 1 1 0 0 0 1 0 0

NOT

inverted

Applications ^{(1 of 5)}

mov al,'a' ; AL = 01100001b and al,11011111b ; AL = 01000001b

• Task: Convert the character in AL to upper case.

• Solution: Use the AND instruction to clear bit 5.

Applications ^{(2 of 5)}

mov al,6 ; AL = 00000110b

or al,00110000b ; AL = 00110110b

• Task: Convert a binary decimal byte into its equivalent ASCII decimal digit.

• Solution: Use the OR instruction to set bits 4 and 5.

or al,00110000b ; AL 00110110b

The ASCII digit '6' = 00110110b

Applications ^{(3 of 5)}

• Task: Turn on the keyboard CapsLock key

• Solution: Use the OR instruction to set bit 6 in the keyboard flag byte at 0040:0017h in the BIOS data area.

mov ax,40h ; BIOS segment

mov ds,ax

mov bx,17h ; keyboard flag byte or BYTE PTR [bx],01000000b ; CapsLock on

This code only runs in Real-address mode, and it

does not work under Windows NT, 2000, or XP.

Applications ^{(4 of 5)}

mov ax,wordVal

• Task: Jump to a label if an integer is even.

• Solution: AND the lowest bit with a 1. If the result is Zero, the number was even.

and ax,1 ; low bit set?

jz EvenValue ; jump if Zero flag set

Applications ^{(5 of 5)}

l l

• Task: Jump to a label if the value in AL is not zero.

• Solution: OR the byte with itself, then use the JNZ (jump if not zero) instruction.

or al,al

jnz IsNotZero ; jump if not zero

ORing any number with itself does not change its value.

TEST Instruction

„

Performs a nondestructive AND operation between each pair of matching bits in two operands

„

No operands are modified, but the flags is affected.

„

Example: jump to a label if either bit 0 or bit 1 in AL is set.

test al,00000011b jnz ValueFound

• Example: jump to a label if neither bit 0 nor bit 1 in AL is set.

test al,00000011b

jz ValueNotFound

CMP Instruction ^{(1 of 3)}

„

Compares the destination operand to the source operand

¾ Nondestructive subtraction of source from destination (destination operand is not changed)

„

Syntax: CMP destination, source (OF,SF,ZF,CF,AF,PF)

„

Example: destination == source (unsigned)

mov al,5

cmp al,5 ; Zero flag set

• Example: destination < source (unsigned)

mov al,4

cmp al,5 ; Carry flag set

CMP Instruction ^{(2 of 3)}

„

Example: destination > source (unsigned)

mov al,6

cmp al,5 ; ZF = 0, CF = 0

(both the Zero and Carry flags are clear)

(both the Zero and Carry flags are clear)

CMP Instruction ^{(3 of 3)}

„

Example: destination > source (signed)

mov al,5

cmp al,-2 ; Sign flag == Overflow flag

• Example: destination < source (signed)

mov al,-1

cmp al,5 ; Sign flag != Overflow flag

Setting and Clearing Flags

and al, 0 ; set Zero

or al, 1 ; clear Zero or al, 80h ; set Sign

and al, 7Fh ; clear Sign

t t C

stc ; set Carry

clc ; clear Carry

mov al, 7Fh

inc al ; set Overflow

or eax, 0 ; clear Overflow

Pentium Flags Register

What's Next

„

Boolean and Comparison Instructions

„

Conditional Jumps

„

Conditional Loop Instructions

„

Conditional Structures

„

Application: Finite-State Machines

„

Decision Directives

Conditional Structures

„

There are no high-level logic structures such as if- then-else, in the IA-32 instruction set. But, you can use combinations of comparisons and jumps to

implement any logic structure.

First an operation such as CMP AND or SUB is

„

First, an operation such as CMP, AND or SUB is executed to modified the CPU flags. Second, a conditional jump instruction tests the flags and change the execution flow accordingly.

CMP AL, 0 JZ L1

:

L1:

J cond Instruction

„

A conditional jump instruction branches to a label when specific register or flag conditions are met

„

Examples:

JB JC j t l b l if th C fl i t

¾

JB, JC jump to a label if the Carry flag is set

¾

JE, JZ jump to a label if the Zero flag is set

¾

JS jumps to a label if the Sign flag is set

¾

JNE, JNZ jump to a label if the Zero flag is clear

¾

JECXZ jumps to a label if ECX equals 0

Conditional Jumps

„

Jumps Based On . . .

¾

Specific flags

¾

Equality

¾

Unsigned comparisons

¾

Signed Comparisons

„

Applications

„

Encrypting a String

„

Bit Test (BT) Instruction

J cond Ranges

„

Prior to the 386:

¾

jump must be within –128 to +127 bytes from current location counter

„

IA-32 processors:

32 bit offset permits jump anywhere in memory

¾

32-bit offset permits jump anywhere in memory

Jumps Based on Specific Flags

Jumps Based on Equality

Jumps Based on Unsigned Comparisons

Jumps Based on Signed Comparisons

Applications ^{(1 of 5)}

cmp eax,ebx ja Larger

• Task: Jump to a label if unsigned EAX is greater than EBX

• Solution: Use CMP, followed by JA

cmp eax,ebx jg Greater

• Task: Jump to a label if signed EAX is greater than EBX

• Solution: Use CMP, followed by JG

Applications ^{(2 of 5)}

cmp eax,Val1

jbe L1 ; below or equal

• Jump to label L1 if unsigned EAX is less than or equal to Val1

cmp eax,Val1 jle L1

• Jump to label L1 if signed EAX is less than or equal to Val1

Applications ^{(3 of 5)}

mov Large,bx cmp ax,bx jna Next

mov Large,ax Next:

• Compare unsigned AX to BX, and copy the larger of the two into a variable named Large

Next:

mov Small,ax cmp bx,ax jnl Next

mov Small,bx Next:

• Compare signed AX to BX, and copy the smaller of the two

into a variable named Small

Applications ^{(4 of 5)}

cmp WORD PTR [esi],0 je L1

• Jump to label L1 if the memory word pointed to by ESI equals Zero

• Jump to label L2 if the doubleword in memory pointed to by

test DWORD PTR [edi],1 jz L2

Jump to label L2 if the doubleword in memory pointed to by

EDI is even

Applications ^{(5 of 5)}

and al,00001011b ; clear unwanted bits cmp al,00001011b ; check remaining bits

j j

• Task: Jump to label L1 if bits 0, 1, and 3 in AL are all set.

• Solution: Clear all bits except bits 0, 1,and 3. Then compare the result with 00001011 binary.

je L1 ; all set? jump to L1

Example: Scanning a Array

.date

intArray DWORD 7,9,3,4,6,1 .code

...

• Find the first even number in an array of unsigned integers

...

mov ebx, OFFSET intArray mov ecx, LENGTHOF intArray L1: test DWORD PTR [ebx], 1

jz found add ebx, 4 loop L1

...

encoder message

(plain text)

key

Example: Encrypting a String

unintelligible string (cipher text)

encoder message

(plain text)

key

Example: Encrypting a String

KEY = 239 ; can be any byte value BUFMAX = 128

.data

buffer BYTE BUFMAX+1 DUP(0) bufSize DWORD BUFMAX

The following loop uses the XOR instruction to transform every character in a string into a new value.

bufSize DWORD BUFMAX .code

mov ecx,bufSize ; loop counter

mov esi,0 ; index 0 in buffer L1:

xor buffer[esi],KEY ; translate a byte

inc esi ; point to next byte

loop L1

String Encryption Program

„

Tasks:

¾

Input a message (string) from the user

¾

Encrypt the message

¾

Display the encrypted message Decrypt the message

¾

Decrypt the message

¾

Display the decrypted message

Enter the plain text: Attack at dawn.

Cipher text: «¢¢Äîä-Ä¢-ïÄÿü-Gs

Decrypted: Attack at dawn.

What's Next

„

Boolean and Comparison Instructions

„

Conditional Jumps

„

Conditional Loop Instructions

„

Conditional Structures

„

Application: Finite-State Machines

„

Decision Directives

Conditional Loop Instructions

„

LOOPZ and LOOPE

„

LOOPNZ and LOOPNE

LOOPZ and LOOPE

„

Syntax:

LOOPE destination LOOPZ destination

„

Logic:

¾

ECX ← ECX – 1

¾

ECX ← ECX 1

¾

if ECX > 0 and ZF=1, jump to destination

„

Useful when scanning an array for the first

element that does not match a given value.

LOOPNZ and LOOPNE

„

LOOPNZ (LOOPNE) is a conditional loop instruction

„

Syntax:

LOOPNZ destination LOOPNE destination LOOPNE destination

„

Logic:

¾

ECX ← ECX – 1;

¾

if ECX > 0 and ZF=0, jump to destination

„

Useful when scanning an array for the first element

that matches a given value.

LOOPNZ Example

.data

array SWORD -3,-6,-1,-10,10,30,40,4 sentinel SWORD 0

.code

mov esi,OFFSET array mov ecx,LENGTHOF array

The following code finds the first positive value in an array:

o ec , G O a ay next:

test WORD PTR [esi],8000h ; test sign bit

pushfd ; push flags on stack

add esi,TYPE array

popfd ; pop flags from stack

loopnz next ; continue loop

jnz quit ; none found

sub esi,TYPE array ; ESI points to value quit:

Your turn . . .

.data

array SWORD 50 DUP(?) sentinel SWORD 0FFFFh .code

Locate the first nonzero value in the array. If none is found, let ESI point to the sentinel value:

mov esi,OFFSET array mov ecx,LENGTHOF array

L1: cmp WORD PTR [esi],0 ; check for zero

(fill in your code here)

quit:

. . . (solution)

.data

array SWORD 50 DUP(?) sentinel SWORD 0FFFFh .code

mov esi,OFFSET array mov ecx,LENGTHOF array

L1 cmp WORD PTR [esi] 0 check for zero L1: cmp WORD PTR [esi],0 ; check for zero

pushfd ; push flags on stack

add esi,TYPE array

popfd ; pop flags from stack

loope L1 ; continue loop

jz quit ; none found

sub esi,TYPE array ; ESI points to value quit:

What's Next

„

Boolean and Comparison Instructions

„

Conditional Jumps

„

Conditional Loop Instructions

„

Conditional Structures

„

Application: Finite-State Machines

„

Decision Directives

Conditional Structures

•

Block-Structured IF Statements

•

Compound Expressions with AND

•

Compound Expressions with OR WHILE L

•

WHILE Loops

•

Table-Driven Selection

Block-Structured IF Statements

Assembly language programmers can easily translate logical statements written in C++/Java into assembly language. For example:

mov eax,op1 2 if( op1 == op2 )

cmp eax,op2 jne L1

mov X,1 jmp L2 L1: mov X,2 L2:

X = 1;

else

X = 2;

Your turn . . .

Implement the following pseudocode in assembly language. All values are unsigned:

cmp ebx,ecx ja next mov eax 5 if( ebx <= ecx )

{ mov eax,5

mov edx,6 next:

eax = 5;

edx = 6;

}

(There are multiple correct solutions to this problem.)

Your turn . . .

Implement the following pseudocode in assembly language. All values are 32-bit signed integers:

mov eax,var1 cmp eax,var2 jl L1

if( var1 <= var2 ) var3 = 10;

jle L1

mov var3,6 mov var4,7 jmp L2

L1: mov var3,10 L2:

else {

var3 = 6;

var4 = 7;

}

(There are multiple correct solutions to this problem.)

Compound Expression with AND ^{(1 of 3)}

„

When implementing the logical AND operator, consider that HLLs use short-circuit evaluation

„

In the following example, if the first expression is false, the second expression is skipped:

if (al > bl) AND (bl > cl) X = 1;

Compound Expression with AND ^{(2 of 3)}

cmp al,bl ; first expression...

ja L1

if (al > bl) AND (bl > cl) X = 1;

This is one possible implementation . . .

ja L1 jmp next L1:

cmp bl,cl ; second expression...

ja L2 jmp next

L2: ; both are true

mov X,1 ; set X to 1

next:

Compound Expression with AND ^{(3 of 3)}

if (al > bl) AND (bl > cl) X = 1;

But the following implementation uses 29% less code by

reversing the first relational operator. We allow the program to

"fall through" to the second expression:

cmp al,bl ; first expression...

jbe next ; quit if false

cmp bl,cl ; second expression...

jbe next ; quit if false

mov X,1 ; both are true

next:

fall through to the second expression:

Your turn . . .

Implement the following pseudocode in assembly language. All values are unsigned:

cmp ebx,ecx ja next cmp ecx edx if( ebx <= ecx

&& ecx > edx )

cmp ecx,edx jbe next mov eax,5 mov edx,6 next:

{

eax = 5;

edx = 6;

}

(There are multiple correct solutions to this problem.)

Compound Expression with OR ^{(1 of 2)}

„

When implementing the logical OR operator, consider that HLLs use short-circuit evaluation

„

In the following example, if the first expression is true, the second expression is skipped:

if (al > bl) OR (bl > cl) X = 1;

Compound Expression with OR ^{(1 of 2)}

if (al > bl) OR (bl > cl) X = 1;

cmp al,bl ; is AL > BL?

ja L1 ; yes

cmp bl,cl ; no: is BL > CL?

jbe next ; no: skip next statement

L1: mov X,1 ; set X to 1

next:

WHILE Loops

while( eax < ebx) eax = eax + 1;

A WHILE loop is really an IF statement followed by the

body of the loop, followed by an unconditional jump to the top of the loop. Consider the following example:

top: cmp eax,ebx ; check loop condition jae next ; false? exit loop

inc eax ; body of loop

jmp top ; repeat the loop

next:

This is a possible implementation:

Your Turn . . .

while( ebx <= val1) {

ebx = ebx + 5;

val1 = val1 - 1 }

Implement the following loop, using unsigned 32-bit integers:

top: cmp ebx,val1 ; check loop condition ja next ; false? exit loop

add ebx,5 ; body of loop

dec val1

jmp top ; repeat the loop

next:

}

Example: IF statement nested in a loop

while(eax < ebx) {

eax++;

if (ebx==ecx) X=2;

l

_while: cmp eax, ebx jae _endwhile inc eax

cmp ebx, ecx jne _else

X 2 else

X=3;

}

mov X, 2 jmp _while _else: mov X, 3

jmp _while

_endwhile:

Table-Driven Selection ^{(1 of 3)}

„

Table-driven selection uses a table lookup to replace a multiway selection structure

„

Create a table containing lookup values and the offsets of labels or procedures

U l h h bl

„

Use a loop to search the table

„

Suited to a large number of comparisons

Table-Driven Selection ^{(2 of 3)}

.data

CaseTable BYTE 'A' ; lookup value

DWORD Process_A ; address of procedure EntrySize = ($ - CaseTable)

Step 1: create a table containing lookup values and procedure offsets:

EntrySize = ($ CaseTable) BYTE 'B'

DWORD Process_B BYTE 'C'

DWORD Process_C BYTE 'D'

DWORD Process_D

NumberOfEntries = ($ - CaseTable) / EntrySize

Table-Driven Selection ^{(3 of 3)}

mov ebx,OFFSET CaseTable ; point EBX to the table mov ecx,NumberOfEntries ; loop counter

L1: cmp al,[ebx] ; match found?

j L2 ti

Step 2: Use a loop to search the table. When a match is found, we call the procedure offset stored in the current table entry:

jne L2 ; no: continue

call NEAR PTR [ebx + 1] ; yes: call the procedure

jmp L3 ; and exit the loop

L2: add ebx,EntrySize ; point to next entry

loop L1 ; repeat until ECX = 0

L3:

required for procedure pointers

What's Next

„

Boolean and Comparison Instructions

„

Conditional Jumps

„

Conditional Loop Instructions

„

Conditional Structures

„

Application: Finite-State Machines

„

Decision Directives

Application: Finite-State Machines

„

A finite-state machine (FSM) is a graph structure that changes state based on some input. Also called a state- transition diagram.

„

We use a graph to represent an FSM, with squares or circles called nodes, and lines with arrows between the circles called edges (or arcs).

„

A FSM is a specific instance of a more general structure called a directed graph (or digraph).

„

Three basic states, represented by nodes:

¾

Start/initial state

¾

Terminal state(s)

¾

Nonterminal state(s)

Finite-State Machine

„

Accepts any sequence of symbols that puts it into an accepting (final) state

„

Can be used to recognize, or validate a sequence of characters that is governed by language rules (called a regular expression)

regular expression)

„

Advantages:

¾

Provides visual tracking of program's flow of control

¾

Easy to modify

¾

Easily implemented in assembly language

FSM Examples

„

FSM that recognizes strings beginning with 'x', followed by letters 'a'..'y', ending with 'z':

start 'x'

'a'..'y'

'z

A B

C '

• FSM that recognizes signed integers:

start

digit

+,-

digit digit

A B

C

Your Turn . . .

„

Explain why the following FSM does not work as well for signed integers as the one shown on the previous slide:

digit start

digit

A +,- B

Implementing an FSM

StateA:

call Getnext ; read next char into AL cmp al,'+' ; leading + sign?

je StateB ; go to State B

cmp al,'-' ; leading - sign?

je StateB ; go to State B

The following is code from State A in the Integer FSM:

call IsDigit ; ZF = 1 if AL = digit

jz StateC ; go to State C

call DisplayErrorMsg ; invalid input found jmp Quit

start

digit

+,-

digit digit

A B

C

IsDigit Procedure

IsDigit PROC

cmp al,'0' ; ZF = 0 jb ID1

cmp al '9' ZF 0

Receives a character in AL. Sets the Zero flag if the character is a decimal digit.

cmp al,'9' ; ZF = 0 ja ID1

test ax,0 ; ZF = 1 ID1: ret

IsDigit ENDP

What's Next

„

Boolean and Comparison Instructions

„

Conditional Jumps

„

Conditional Loop Instructions

„

Conditional Structures

„

Application: Finite-State Machines

„

Decision Directives

Runtime Expressions

.IF eax > ebx mov edx,1

• .IF, .ELSE, .ELSEIF, and .ENDIF can be used to create block- structured IF statements.

• Examples:

.IF eax > ebx && eax > ecx mov edx,1

.ELSE

mov edx,2 .ENDIF

• MASM generates "hidden" code for you, consisting of code labels, CMP and conditional jump instructions.

.ELSE

mov edx,2 .ENDIF

Relational and Logical Operators

MASM-Generated Code

mov eax,6 cmp eax,val1 jbe @C0001 .data

val1 DWORD 5 result DWORD ? .code

mov eax,6

.IF eax > val1

Generated code:

jbe @C0001 mov result,1

@C0001:

.IF eax > val1 mov result,1 .ENDIF

MASM automatically generates an unsigned jump (JBE)

because val1 is unsigned.

MASM-Generated Code

mov eax,6 cmp eax,val1 jle @C0001 .data

val1 SDWORD 5 result SDWORD ? .code

mov eax,6

.IF eax > val1

Generated code:

jle @C0001 mov result,1

@C0001:

.IF eax > val1 mov result,1 .ENDIF

MASM automatically generates a signed jump (JLE)

because val1 is signed.

MASM-Generated Code

mov ebx,5 mov eax,6 cmp eax,ebx jbe @C0001 .data

result DWORD ? .code

mov ebx,5 mov eax,6

.IF eax > ebx

Generated code:

j

mov result,1

@C0001:

.IF eax > ebx mov result,1 .ENDIF

MASM automatically generates an unsigned jump (JBE)

when both operands are registers . . .

MASM-Generated Code

mov ebx,5 mov eax,6 cmp eax,ebx jle @C0001 .data

result SDWORD ? .code

mov ebx,5 mov eax,6

.IF SDWORD PTR eax > ebx

Generated code:

j

mov result,1

@C0001:

.IF SDWORD PTR eax > ebx mov result,1

.ENDIF

. . . unless you prefix one of the register operands with the

SDWORD PTR operator. Then a signed jump is generated.

.REPEAT Directive

; Display integers 1 – 10:

mov eax,0

Executes the loop body before testing the loop condition associated with the .UNTIL directive.

Example:

, .REPEAT

inc eax

call WriteDec call Crlf

.UNTIL eax == 10

.WHILE Directive

; Display integers 1 – 10:

mov eax 0

Tests the loop condition before executing the loop body The .ENDW directive marks the end of the loop.

Example:

mov eax,0

.WHILE eax < 10 inc eax

call WriteDec call Crlf

.ENDW