x86 controlling program flow control flow
play

x86 CONTROLLING PROGRAM FLOW CONTROL FLOW Computers execute - PowerPoint PPT Presentation

Mar 07, 2024 •218 likes •517 views

x86 CONTROLLING PROGRAM FLOW CONTROL FLOW Computers execute instructions in sequence... ...Except when we change the flow of control. Two main ways of doing this: Jump instructions (this lecture) Call instructions

  1. x86 CONTROLLING PROGRAM FLOW

  2. CONTROL FLOW Computers execute instructions in sequence... ...Except when we change the flow of control. Two main ways of doing this: ▸ “Jump” instructions (this lecture) ▹ “Call” instructions (future lecture) ▹ 2

  3. JUMP INSTRUCTIONS Types Unconditional jumps ▸ Direct jump: jmp Label ▹ Jump target is specified by a label (e.g., jmp .L1 ) ▹ Indirect jump: jmp *Operand ▹ Jump target is specified by a register or memory location ▹ (e.g., jmp *%rax ) Conditional jumps ▸ Only jump if a certain condition is true ▹ 3

  4. RECALL CONDITIONAL STATEMENTS IN C C expressions within, if, for, and while statements: if (x) {…} else {…} while (x) {…} do {…} while (x) for (i=0; i<max; i++) {…} switch (x) { case 1: … case 2: … } 4

  5. MAPPING TO THE CPU Processor flag register eflags (extended flags) Flags are set or cleared by depending on the result of an instruction Each bit is a flag, or condition code: CF Carry Flag SF Sign Flag ZF Zero Flag OF Overflow Flag 5

  6. IMPLICIT SETTING Automatically Set By Arithmetic and Logical Operations Example: addq Src, Dest CF (for unsigned integers) ▸ set if carry out from most significant bit (unsigned overflow) ▹ (unsigned long t) < (unsigned long a) ▹ ZF (zero flag) ▸ Set if t == 0 ▹ SF (Signed integers) ▸ Set if t < 0 ▹ OF (Signed integers) ▸ Set if signed (two’s complement) overflow ▹ ▹ (a>0 && b>0 && t<0) || (a<0 && b<0 && t>=0) Not set by lea, push, pop, mov instructions 6

  7. EXPLICIT SETTING VIA COMPARE Setting condition codes via compare instruction: Example: cmpq b, a Computes a - b without setting destination ▸ CF set if carry out from most significant bit ▸ Used for unsigned comparisons ▹ ZF set if a == b ▸ SF set if (a-b) < 0 ▸ OF set if two’s complement (signed) overflow ▸ (a>0 && b<0 && (a-b)<0) || (a<0 && b>0 && (a-b)>0) Byte, word, and double word versions: cmpb, cmpw, cmpl ▸ 7

  8. EXPLICIT SETTING VIA TEST Setting condition codes via test instruction: Example: testq b, a Computes a & b without setting destination ▸ Sets condition codes based on result ▹ Useful to have one of the operands be a mask ▹ Often used to test if a register is zero or positive ▸ ▹ testq %rax, %rax ZF set when a & b == 0 ▸ SF set when a & b < 0 ▸ Byte, word and double word versions: testb, testw, testl ▸ 8

  9. CONDITIONAL JUMP INSTRUCTIONS Jump to different part of code based on condition codes: Instruction - jxx Condition Description jmp 1 Unconditional / Always Jump je, jz ZF Equal / Zero jne ~ZF Not Equal / Not Zero js SF Negative jns ~SF Non-Negative jg ~(SF^OF) && ~ZF Greater (Signed) jge ~(SF^OF) Greater or Equal (Signed) jl (SF^OF) Less (Signed, Overflow Flips Result) jle ~(SF^OF) || ZF Less or Equal (Signed) ja ~CF && ~ZF Above (Unsigned) jb CF Below (Unsigned) 9

  10. COMPARE/JUMP EXAMPLE “ When compared to the decimal number 4, what is %rdx ? ” mySampleFunction: movq $5, %rdx cmp $4, %rdx “ If %rdx is LESS THAN 4, jl .lessthan jump here. ” jmp .greaterthanorequal ( “ Otherwise, ignore me ” ) .greaterthanorequal: movq $999, %rax jmp .done “ If %rdx is GREATER THAN OR EQUAL TO 4, jump here. ” .lessthan: ( “ Otherwise, ignore me ” ) movq $111, %rax jmp .done .done: ret 10

  11. CONDITIONAL JUMP EXAMPLE This example assumes a non-optimized compilation: gcc –Og -S –fno-if-conversion control.c 11

  12. GENERAL CONDITIONAL EXPRESSION TRANSLATION (USING BRANCHES) Consider the following ternary expression: val = Test ? Then_Expr : Else_Expr; val = x>y ? x-y : y-x ; In a “goto” form: if (!Test) goto Else val = Then_Expr; goto done; Create separate code regions for “then” & “else” expressions Else: val = Else_Expr; Execute the appropriate one Done: ... 12

  13. PRACTICE PROBLEM 3.18 /* x in %rdi, y in %rsi, z in %rdx */ long test(long x, long y, long z) test: { leaq (%rdi,%rsi), %rax x + y + z addq %rdx, %rax long val = ____________ ; cmpq $-3, %rdi x < -3 jge .L2 if ( ____________ ) cmpq %rdx,%rsi { jge .L3 y < z movq %rdi, %rax if ( ____________ ) imulq %rsi, %rax x * y ret val = ____________ ; .L3: movq %rsi, %rax else imulq %rdx, %rax y * z ret val = ____________ ; .L2: cmpq $2, %rdi } x > 2 jle .L4 else if ( ____________ ) movq %rdi, %rax x * z imulq %rdx, %rax val = ____________ ; .L4: ret return val; 13 }

  14. CPU PIPELINING Fetch Decode Execute Write-Back 14

  15. AVOIDING CONDITIONAL BRANCHES Modern CPUs have deep pipelines Instructions fetched far in advance of execution to mask latency going to ▸ memory Problem: What if you hit a conditional branch? ▸ Must stall or predict which branch to take! ▹ Branch prediction in CPUs well-studied, fairly effective ▹ But, best to avoid conditional branching altogether ▹ 15

  16. CONDITIONAL MOVES cmovXX Src, Dest - “Move value from src to dest if condition XX holds” Conditional execution handled within data execution unit ▸ Avoids stalling control unit with a conditional branch ▸ Added with P6 microarchitecture (PentiumPro onward, 1995) ▸ Example: # %rdi = x, %rsi = y, return value in %rax # returns max(x,y) movq %rdi, %rdx # Get x movq %rsi, %rax # rval=y (assume y) cmpq %rdx, %rax # x:y cmovl %rdx, %rax # If y < x, rval=x Performance: 14 cycles on all data ▸ Single control flow path ▸ But … overhead. Both branches are evaluated! ▸ 16

  17. GENERAL CONDITIONAL EXPRESSION TRANSLATION (USING CMOVE) Conditional Move template instruction supports: if (Test), Dest ← Src ▸ GCC attempts to restructure execution to avoid disruptive val = Test ? Then_Expr : Else_Expr; conditional branch Both values computed result = Then_Expr; ▸ Overwrite “then” value with ▸ eval = Else_Expr; “else” value if condition doesn’t hold if (!test) result = eval; return result; 17

  18. CONDITIONAL MOVE EXAMPLE 18

  19. PRACTICE PROBLEM 3.21 /* x in %rdi, y in %rsi */ long test(long x, long y) { test: 8 * x long val = ____________ ; leaq 0(,%rdi,8), %rax testq %rsi, %rsi y > 0 if ( ____________ ) jle .L2 { movq %rsi, %rax x < y if ( ____________ ) subq %rdi, %rax movq %rdi, %rdx y - x val = ____________ ; andq %rsi, %rdx cmpq %rsi, %rdi else cmovge %rdx, %rax x & y ret val = ____________ ; } .L2: y <= -2 else if ( ____________ ) addq %rsi, %rdi x + y cmpq $-2, %rsi val = ____________ ; cmovle %rdi, %rax return val; ret 19 }

  20. WHEN NOT TO USE CONDITIONAL MOVES Expensive Computations: val = Test(x) ? Hard_Function1(x) : Hard_Function2(x); Both Hard_Function1(x) and Hard_Function2(x) are computed ▸ Use branching when “then” and “else” expressions are more expensive than ▸ branch misprediction Computations with Side Effects: val = x > 0 ? x *= 7 : x += 3; Executing both values causes incorrect behavior ▸ Conditional Checks that Protect Against Fault e.g. Null pointer check 20 ▸

  21. LOOPS Implemented in assembly via tests and jumps Compilers try to implement most loops as do-while ▸ do { // Things to do } while (test-expr); 21

  22. ARE THESE EQUIVALENT? A Do-While Loop A While-Do Loop long factorial_do( long x) long factorial_while( long x) { { long result = 1; long result = 1; do while (x > 1) { { result *= x; result *= x; x = x-1; x = x-1; } while (x > 1); } return result; return result; } } 22

  23. ARE THESE EQUIVALENT? A Do-While Loop A While-Do Loop long factorial_do( long x) long factorial_while( long x) { { long result = 1; long result = 1; do while (x > 1) { { result *= x; result *= x; x = x-1; x = x-1; } while (x > 1); } return result; return result; } } factorial_while: factorial_do: movq $1, %rax movq $1, %rax jmp .L2 .L3: .L2: imulq %rdi, %rax imulq %rdi, %rax subq $1, %rdi subq $1, %rdi .L2: cmpq $1, %rdi cmpq $1, %rdi jg .L2 jg .L3 ret 23 ret

  24. FOR-LOOP EXAMPLE long factorial_for( long x) { long result; Recall, for-loops are in the following format: for (result=1; x > 1; x=x-1) { for ( init ; test ; update ) result *= x; { //loop body } } return result; } Init Test Update result = 1; x > 1; x = x - 1; Loop Body: result *= x; Is this code equivalent to the do-while version? Or the while-do version? 24

  25. PRACTICE PROBLEM 3.26 fun_a: long fun_a(long x, long y) { movq $0, %rax jmp .L5 long val = 0; .L6: xorq %rdi, %rax x while (_________) shrq $1, %rdi { .L5: val = val ^ x; ____________________; testq %rdi, %rdi jne .L6 x = x >> 1 ____________________; andq $1, %rax ret } val & 0x1 return _______________; } 25

  26. long switch_eg( long x) C SWITCH STATEMENTS { long result = x; switch (x) { case 100: result *= 13; Test whether an expression matches break ; one of a number of constant integer values and branches accordingly case 102: result += 10; /* Fall through */ Without a “break” the code falls through to the next case case 103: result += 11; break ; If x matches no case, then “default” is executed case 104: case 106: result *= result; break ; default : result = 0; } return result; } 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
12/22/2016 Control Flow Computers execute instructions in sequence. Except when we change the

12/22/2016 Control Flow Computers execute instructions in sequence. Except when we change the

12/22/2016 Control Flow Computers execute instructions in sequence. Except when we change the flow of control Jump and Call instructions Controlling Program Flow Unconditional jump Direct jump: jmp Label Jump target is specified

359 views • 11 slides
Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification and overview of main techniques TCP Tahoe, Reno, Vegas TCP Westwood Readings: (1) Keshavs book Chapter on Flow Control; (2)

374 views • 22 slides
Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful Reading: Sections 1.1-1.5, 2.1 Data-flow analysis (DFA) A framework for statically proving facts about program data. Focuses on simple, finite

1.04k views • 54 slides
Control flow Conditionals and Control Flow l A conditional branch

Control flow Conditionals and Control Flow l A conditional branch

10/2/15 Control flow Conditionals and Control Flow l A conditional branch is sufficient to implement most control Condition codes flow constructs offered in higher

356 views • 12 slides
Control Structures Lecture 4 COP 3014 Fall 2020 September 10, 2020 Control Flow Control flow

Control Structures Lecture 4 COP 3014 Fall 2020 September 10, 2020 Control Flow Control flow

Control Structures Lecture 4 COP 3014 Fall 2020 September 10, 2020 Control Flow Control flow refers to the specification of the order in which the individual statements, instructions or function calls of an imperative program are executed or

333 views • 19 slides
Big Picture: Control Flow Ordering in Program Execution Ordering/Flow Mechanisms: ! Sequencing

Big Picture: Control Flow Ordering in Program Execution Ordering/Flow Mechanisms: ! Sequencing

Big Picture: Control Flow Ordering in Program Execution Ordering/Flow Mechanisms: ! Sequencing (statements executed (evaluated) in a specified order) CSCI: 4500/6500 Programming Imperative language - very important Functional - doesn

459 views • 14 slides
Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of

Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of

Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of Computer Science, Purdue University Project 2 j Now posted on the class webpage. Due Wed, Sept. 17 at 10 pm. Start early All

663 views • 22 slides
Foundations of pred(n) = set of all immediate predecessors of n p ( ) p Dataflow Analysis

Foundations of pred(n) = set of all immediate predecessors of n p ( ) p Dataflow Analysis

Terminology: Program Representation e o ogy: og a ep ese tat o Control Flow Graph: Control Flow Graph: Nodes N statements of program Edges E flow of control Foundations of pred(n) = set of all immediate predecessors of

591 views • 17 slides
1 Why Why flow flow control? control? sender

1 Why Why flow flow control? control? sender

Lecture 7. Lecture 7. TCP mechanisms for: TCP mechanisms for: data transfer control / flow control error control congestion control Graphical examples (applet java) of several algorithms at:

589 views • 13 slides
Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

M AXIMUM F LOW How to do it... Why you want it... Where you find it... The Tao of Flow: Let your body go with the flow. -Madonna, Vogue Maximum flow...because youre worth it. -Loreal Go with the flow, Joe.

619 views • 20 slides
x86 PROCEDURES (FUNCTIONS) CONTROL FLOW Recall: Two ways to change program control flow

x86 PROCEDURES (FUNCTIONS) CONTROL FLOW Recall: Two ways to change program control flow

x86 PROCEDURES (FUNCTIONS) CONTROL FLOW Recall: Two ways to change program control flow Jump instructions Call instructions Function A unit of code we can call Similar to a jump, except it can return Must

2.43k views • 50 slides
Program Analysis Chris Hankin(clh) Efficiency Type and Effect Control Flow Analysis Systems

Program Analysis Chris Hankin(clh) Efficiency Type and Effect Control Flow Analysis Systems

Program Analysis Chris Hankin(clh) Efficiency Type and Effect Control Flow Analysis Systems Data Flow Abstract Analysis Interpretation Correctness Program Analysis p.1/23 Overview Introduction Data Flow Analysis Control Flow

279 views • 23 slides
Exceptional Control Flow: Hardware support for reacting to the rest of the world. Control Flow

Exceptional Control Flow: Hardware support for reacting to the rest of the world. Control Flow

Exceptional Control Flow: Hardware support for reacting to the rest of the world. Control Flow Processor: read instruction, execute it, go to next instruction, repeat Physical control flow Explicit changes: Jumps (conditional, unconditional)

428 views • 8 slides
Programming in C 1 Flow of Control Flow of control The order in which statements are

Programming in C 1 Flow of Control Flow of control The order in which statements are

Programming in C 1 Flow of Control Flow of control The order in which statements are executed Transfer of control When the next statement executed is not the next one in sequence 2 Flow of Control Control structures

540 views • 34 slides
V3 1/3/2015 Programming in C 1 Flow of Control Flow of control The order in which

V3 1/3/2015 Programming in C 1 Flow of Control Flow of control The order in which

V3 1/3/2015 Programming in C 1 Flow of Control Flow of control The order in which statements are executed Transfer of control When the next statement executed is not the next one in sequence 2 Flow of Control Control

310 views • 12 slides
X86 BASICS ARITHMETIC AND LOGICAL OPERATIONS LOADING AN ADDRESS Load Effective Address (Quad)

X86 BASICS ARITHMETIC AND LOGICAL OPERATIONS LOADING AN ADDRESS Load Effective Address (Quad)

X86 BASICS ARITHMETIC AND LOGICAL OPERATIONS LOADING AN ADDRESS Load Effective Address (Quad) leaq S, D (D &amp;S) Loads the address of S in D, not the contents Trivial example: leaq (%rax),%rdx Equivalent to: movq

401 views • 13 slides
Assembly part 2 1 Areas for growth: I love feedback Speed , I will go slower. Clarity. I

Assembly part 2 1 Areas for growth: I love feedback Speed , I will go slower. Clarity. I

Assembly part 2 1 Areas for growth: I love feedback Speed , I will go slower. Clarity. I will take time to explain everything on the slides. Feedback. I give more Kahoot questions and explain each answer. Pointers: I use a pointer

933 views • 72 slides
Board of Trustees June 27, 2019 1 Board Agenda Consent Agenda Finance Committee Reports

Board of Trustees June 27, 2019 1 Board Agenda Consent Agenda Finance Committee Reports

Board of Trustees June 27, 2019 1 Board Agenda Consent Agenda Finance Committee Reports Board of Trustees Retreat Equity Collaborative Consent Agenda April 2019 Board of Trustee Minutes SWACH Dash Board Report Operations

528 views • 20 slides
Lecture 3: Semidefinite Programming Lecture Outline Part I: Semidefinite programming,

Lecture 3: Semidefinite Programming Lecture Outline Part I: Semidefinite programming,

Lecture 3: Semidefinite Programming Lecture Outline Part I: Semidefinite programming, examples, canonical form, and duality Part II: Strong Duality Failure Examples Part III: Conditions for strong duality Part IV: Solving convex

579 views • 41 slides
Binarylevel program analysis: Stack Smashing Gang Tan CSE 597 Spring 2019 Penn State

Binarylevel program analysis: Stack Smashing Gang Tan CSE 597 Spring 2019 Penn State

Binarylevel program analysis: Stack Smashing Gang Tan CSE 597 Spring 2019 Penn State University 1 Program Stack For implementing procedure calls and returns Keep track of program execution and state by storing local variables

257 views • 23 slides
Recap: Assembly View of the Machine CPU Memory Addresses Registers Code Data PC Data

Recap: Assembly View of the Machine CPU Memory Addresses Registers Code Data PC Data

Recap: Assembly View of the Machine CPU Memory Addresses Registers Code Data PC Data Condi7on Stack Instruc.ons Codes Sean Barker 1 Condition Codes OF Condi&amp;on codes CF ZF SF CF: Carry flag (set if carry-out bit = 1) ZF: Zero

337 views • 13 slides
Back-end missing pieces Simone Campanoni simonec@eecs.northwestern.edu Instruction selection is

Back-end missing pieces Simone Campanoni simonec@eecs.northwestern.edu Instruction selection is

Back-end missing pieces Simone Campanoni simonec@eecs.northwestern.edu Instruction selection is part of the backend IR Back-end Tracing Instruction Register Code ..... and selection allocation generation data layout Assembly

244 views • 10 slides
Algorithm Engineering (aka. How to Write Fast Code) CS26 S260 Lecture cture 9 Yan n Gu An

Algorithm Engineering (aka. How to Write Fast Code) CS26 S260 Lecture cture 9 Yan n Gu An

Algorithm Engineering (aka. How to Write Fast Code) CS26 S260 Lecture cture 9 Yan n Gu An Overview of Computer Architecture Many slides in this lecture are borrowed from the first and second lecture in Stanford CS149 Parallel Computing.

1.02k views • 82 slides

More recommend