Machine-Level Programming:

Arithmetic and Logical Operations

Condition Codes
Assembly instructions
• Instruction Format: ins Source, Dest
• ins: opcode (instruction)
• source, dest: operands
• Most opcodes have two operands, but some only have one

• Operand Types
• Immediate: Constant integer data
• Value is the constant
• Example: $0x400, $-533
• Like C constants, but prefixed with $
• Encoded with either 1, 2, 4, or 8 bytes depending on the size of the constant
• Register: One of the integer register names prefixed with a %
• Value is the contents of the register
• Example: %rax, %r13
• Some registers have special uses for particular instructions
• Memory: Consecutive bytes of memory at a given address
• Value is the contents at the specified memory address
• Simplest example: (%rax)
• Various other “addressing modes”
• Note: an address can also be specified with as a constant without the $ prefix

2
Complete Memory Addressing Modes
• Most General Form

D(Rb,Ri,S) Mem[Reg[Rb]+S*Reg[Ri]+ D]

• D: Constant “displacement” 1, 2, or 4 bytes

• R b: Base register: Any of 16 integer registers
• R i: Index register: Any, except for %rsp
• S: Scale: 1, 2, 4, or 8

3
Move (mov) instructions
• movq Source, Dest
• Moves (copies) the source operand to the destination operand
• Has many purposes
• Load an immediate value (number) into a register
• Copy a value from one register into another register
• Read a value from a memory address
• Write a value from a memory address
• In other hardware architectures, these operations are done with several
different instructions

4
movq Operand Combinations
Source Dest Src,Dest

Reg movq $0x4,%rax

Imm
Mem movq $-147,(%rax)

movq Reg Reg movq %rax,%rdx

Mem movq %rax,(%rdx)

Mem Reg movq (%rax),%rdx

Cannot do memory-memory transfer with a single instruction

5
Address calculation: load effective address (lea)
• leaq mem, reg

• Computes the memory address of the source operand and saves it in the
destination register

• Uses:
• Computes the memory address for array and structure access
• Compiler will also use it to perform simple arithmetic

6
Address Computation Examples
Value at Register Value
Operand Address
Address
%rax 0x100
0x104
%rcx 0x1
(%rax)
%rdx 0x3
4(%rax)
9(%rax, %rdx) Memory
Value
Address
260(%rcx, %rdx)
0x100 0xFF
0xFC(, %rcx, 4)
0x104 0xAB
(%rax, %rdx, 4)
0x108 0x13
0x10C 0x11

7
Address Computation Examples
Value at Register Value
Operand Address
Address
%rax 0x100
0x104 0x104 0xAB
%rcx 0x1
(%rax)
%rdx 0x3
4(%rax)
9(%rax, %rdx) Memory
Value
Address
260(%rcx, %rdx)
0x100 0xFF
0xFC(, %rcx, 4)
0x104 0xAB
(%rax, %rdx, 4)
0x108 0x13
0x10C 0x11

8
Address Computation Examples
Value at Register Value
Operand Address
Address
%rax 0x100
0x104 0x104 0xAB
%rcx 0x1
(%rax) 0x100 0xFF
%rdx 0x3
4(%rax)
9(%rax, %rdx) Memory
Value
Address
260(%rcx, %rdx)
0x100 0xFF
0xFC(, %rcx, 4)
0x104 0xAB
(%rax, %rdx, 4)
0x108 0x13
0x10C 0x11

9
Address Computation Examples
Value at Register Value
Operand Address
Address
%rax 0x100
0x104 0x104 0xAB
%rcx 0x1
(%rax) 0x100 0xFF
%rdx 0x3
4(%rax) 0x104 0xAB

9(%rax, %rdx) Memory

Value
Address
260(%rcx, %rdx)
0x100 0xFF
0xFC(, %rcx, 4)
0x104 0xAB
(%rax, %rdx, 4)
0x108 0x13
0x10C 0x11

10
Address Computation Examples
Value at Register Value
Operand Address
Address
%rax 0x100
0x104 0x104 0xAB
%rcx 0x1
(%rax) 0x100 0xFF
%rdx 0x3
4(%rax) 0x104 0xAB

9(%rax, %rdx) 0x100 + 3 + 9 = 0x10C 0x11 Memory

Value
Address
260(%rcx, %rdx)
0x100 0xFF
0xFC(, %rcx, 4)
0x104 0xAB
(%rax, %rdx, 4)
0x108 0x13
0x10C 0x11

11
Address Computation Examples
Value at Register Value
Operand Address
Address
%rax 0x100
0x104 0x104 0xAB
%rcx 0x1
(%rax) 0x100 0xFF
%rdx 0x3
4(%rax) 0x104 0xAB

9(%rax, %rdx) 0x100 + 3 + 9 = 0x10C 0x11 Memory

Value
Address
260(%rcx, %rdx) 0x104 + 1 + 3 = 0x108 0x13
0x100 0xFF
0xFC(, %rcx, 4)
0x104 0xAB
(%rax, %rdx, 4)
0x108 0x13
0x10C 0x11

12
Address Computation Examples
Value at Register Value
Operand Address
Address
%rax 0x100
0x104 0x104 0xAB
%rcx 0x1
(%rax) 0x100 0xFF
%rdx 0x3
4(%rax) 0x104 0xAB

9(%rax, %rdx) 0x100 + 3 + 9 = 0x10C 0x11 Memory

Value
Address
260(%rcx, %rdx) 0x104 + 1 + 3 = 0x108 0x13
0x100 0xFF
0xFC(, %rcx, 4) 0xFC + 1*4 = 0x100 0xFF
0x104 0xAB
(%rax, %rdx, 4)
0x108 0x13
0x10C 0x11

13
Address Computation Examples
Value at Register Value
Operand Address
Address
%rax 0x100
0x104 0x104 0xAB
%rcx 0x1
(%rax) 0x100 0xFF
%rdx 0x3
4(%rax) 0x104 0xAB

9(%rax, %rdx) 0x100 + 3 + 9 = 0x10C 0x11 Memory

Value
Address
260(%rcx, %rdx) 0x104 + 1 + 3 = 0x108 0x13
0x100 0xFF
0xFC(, %rcx, 4) 0xFC + 1*4 = 0x100 0xFF
0x104 0xAB
(%rax, %rdx, 4) 0x100 + 3*4 = 0x10c 0x11
0x108 0x13
0x10C 0x11

14
Memory access
long add10(long x) { add10:
// x is in %rdi leaq 10(%rdi), %rax
x = x + 10; ret
return x;
}

long add10_pointer(long *x) { add10_pointer:

// x is in %rdi movq (%rdi), %rax
*x = *x + 10; addq $10, %rax
return *x; movq %rax, (%rdi)
} ret

void main(void) {
long x = 100;

add10(x);
printf("x is %ld\n", x); // x is still 100
add10_pointer(&x);
printf("x is %ld\n", x); // x is 110
}
15
Some Arithmetic Operations
• Two Operand Instructions:
Format Computation
addq Src, Dest Dest = Dest + Src
subq Src, Dest Dest = Dest − Src
imulq Src, Dest Dest = Dest * Src
sarq Src, Dest Dest = Dest >> Src Arithmetic shift
shrq Src, Dest Dest = Dest >> Src Logical shift
salq Src, Dest Dest = Dest << Src Also called shlq
xorq Src, Dest Dest = Dest ^ Src
andq Src, Dest Dest = Dest & Src
orq Src, Dest Dest = Dest | Src
• Watch out for argument order, subq in particular
• No distinction between signed and unsigned int (why?)
16
Some Arithmetic Operations
• One Operand Instructions
incq Dest Dest = Dest + 1
decq Dest Dest = Dest − 1
negq Dest Dest = − Dest
notq Dest Dest = ~Dest

• See book for more instructions

17
 Vassar College

x86-64 Processor State

• Information about currently executing program
• Temporary data Registers
( %rax, … ) %rax %r8
• Location of current code control point %rbx %r9
( %rip) %rcx %r10
• Status of recent tests %rdx %r11
( CF, ZF, SF, OF ) %rsi %r12
%rdi %r13
%rsp %r14
%rbp %r15

%rip Instruction pointer

CF ZF SF OF Condition codes

18
 Vassar College

Condition Codes
• Single bit registers set by arithmetic and logic operations
•ZF Zero Flag – The most recent operation yielded zero
•SF Sign Flag – The most recent operation yielded a negative value (signed)
•CF Carry Flag – The most recent operation generated a carry out of the MSB
•Designates overflow (unsigned)
•OF Overflow Flag – The most recent operation caused a two’s-complement overflow,
either positive or negative (signed)

CF ZF SF OF Condition codes

19
Comparing Numbers
• By subtracting two numbers you can compare them!
• Example: A – B

• Equality: when A and B are equal, A – B == 0 (ZF)

• Not Equal: When A – B != 0 (~ZF)
• Greater than: when A > B, A – B == Positive number and not zero (~SF & ~ZF)
• Greater than or equal: when A >= B, A – B == Positive number or zero (~SF | ZF)
• Less than: when A < B, A – B == Negative number (SF)
• Less than or equal: when A <= B, A – B == Negative number or zero (SF | ZF)

20
 Vassar College

Setting Condition Codes

• They are implicitly set (think of it as side effect) by arithmetic/logic
operations based on the result of the operation
• For logical operations, the carry and overflow flags are set to zero
• For shift operations, CF is set to the last bit shifted out, OF is set to zero
• INC and DEC set OF and ZF, but leave the carry flag unchanged

• Not set by leaq instruction

• Condition Codes are not accessed directly, but some instructions alter their
behavior based on the value of the Condition Codes

21
 Vassar College

Setting Condition Codes Explicitly with Compare

• Compare Instruction: cmp S1, S2
• Similar to the sub (subtract) instruction
• Sets the condition codes according to the differences of their two operands (S2 – S1)
but without setting the destination operand
• Used to compare two numbers
• Example: cmp b,a
Read as: a compare b (also as a:b)
• Operands are reversed for a compare
• Why? AT&T vs Intel assembler syntax
• In Intel syntax, operands are reversed
• We use AT&T style syntax, so remember to switch the order of operands for
compare

22
 Vassar College

Test instruction
•Like the cmp instruction, test is used to set condition codes
•Test Instruction: test S1, S2
• Similar to the and (bitwise and) instruction
• Sets the ZF and the SF based on (S2 & S1) but without setting the destination
operand
• Often the same operand is repeated (testq %rax, %rax) to check if the value is
zero, positive, or negative
• The above is the same as cmpq $0, %rax
• Compare %rax to 0

23
 Vassar College

Reading Condition Codes (SetX instrutions)

• SetX Instructions Instruction Synonym Effect Set condition
sete D setz D  ZF Equal / zero
• Set destination to 0
or 1 based on setne D setnz D  ~ZF Not equal / not zero
combinations of sets D D  SF Negative
condition codes setns D D  ~SF Nonnegative
• Destination must setg D setnle D  ~(SF ^ OF) & ~ZF Greater (signed >)
be a low-order setge D setnl D  ~(SF ^ OF) Greater or equal (signed >=)
byte register or setl D setnge D  SF ^ OF Less (signed <)
single byte setle D setng D  (SF ^ OF) | ZF Less or equal (signed <=)
memory location seta D setnbe D  ~CF & ~ZF Above (unsigned >)
• Does not alter setae D setnb D  ~CF Above or equal (unsigned >=)
remaining 7 bytes setb D setnae D  CF Below (unsigned <)
for register
setbe D setna D  CF | ZF Below or equal (unsigned <=)
destinations
24
 Vassar College

Reading Condition Codes (Cont.)

• SetX Instructions:
• Set single byte based on combination of condition codes; descriptions apply after a
cmpq instruction – remember to reverse your operands!
• One of addressable byte registers Register Use(s)
%rdi Argument x
• Does not alter remaining bytes
%rsi Argument y
• Typically use movzbl to finish job
• 32-bit instructions also set upper 32 bits to 0 %rax Return value

long gt (long x, long y)

cmpq %rsi, %rdi # Compare x:y
{
setg %al # Set when x > y
return x > y;
movzbl %al, %eax # Zero rest of %rax
}
ret

%rax
63 0
25