1

Flow Control Instructions andFlow Control Instructions andAddressing ModesAddressing Modes

Chapter 3Chapter 3

2

Jumps and LoopsJumps and Loops

The basic instructions for branching are jumps and loops

Loops are instructions to repeat a block of code a certain number of times

Jumps are instructions that branch to a distant labeled instruction when a flag condition is met Status flags are modified by arithmetic instructions

so these are normally used just before a jump Example: the JNZ (jump if not zero) instruction

jumps to the destination-label if ZF = 0. Usage:JNZ destination-label

3

Simple Example Using JNZSimple Example Using JNZ

This program prints all the lower case letters in increasing order

We jump to again whenever ZF=0 (when ebx != eax)

We do not jump (and execute ret) when ZF=1 (when ebx = eax)

The code would be simpler if the sub instruction would not change the value of the destination operandWe do have such an instruction. It is the CMP (compare) instruction.

.386

.model flatinclude csi2121.inc

.code main: mov eax,61h ;char 'a'again: mov ebx,7bh ;one after 'z' putch eax inc eax sub ebx,eax jnz again retend

4

The CMP InstructionThe CMP Instruction

Usage:cmp destinat,source

Performs: destination - source but does not store the result of the subtraction into destination

But the flags are affected just like SUB

Same restrictions on operands as for SUB

Very often used just before performing a jump

The previous program is now simpler

.386

.model flatinclude csi2121.inc

.code main:

mov eax,61h ;char'a'again:

putch eaxinc eaxcmp eax,7bhjnz againret

end

5

Single-Flag JumpsSingle-Flag Jumps

These are jumps where the flag condition consist of a single flag. The following are often used:

Instruction Description Condition for Jump

JZ / JE Jump if zero ZF = 1Jump if equal

JNZ / JNE Jump if not zero ZF = 0Jump if not equal

JS Jump if negative SF = 1JNS Jump if nonnegative SF = 0JO Jump if overflow OF = 1JNO Jump if no overflow OF = 0JC Jump if carry CF = 1JNC Jump if no carry CF = 0

Note: sometimes the same instruction has 2 different mnemonics (like JZ and JE)

6

Jumping on a Register ConditionJumping on a Register Condition

There exists two jumps where the condition for jumping is given by a register

The JCXZ instruction jumps if the content of register CX is zero. Usage:

JCXZ destination-label

The JECXZ instruction jumps if the content of register ECX is zero. Usage:

JECXZ destination-label

7

Jumping on a Inequality ConditionJumping on a Inequality Condition

Often, we need to branch when some value is larger (or smaller) than an other. Ex:

CMP eax, ebx

;now jump somewhere when eax > ebx

However, integer order (larger or smaller) depends on the chosen interpretation

Ex: if AL contains 05h and BL contains A0h. Then: AL > BL for a signed interpretation AL < BL for a unsigned interpretation

Hence, we have these two types jumps: Unsigned comparison jumps: for an unsigned interpretation of

a comparison used just before the jump (ex: with CMP) Signed comparison jumps: for a signed interpretation of a

comparison used just before the jump (ex: with CMP)

8

Unsigned Comparison JumpsUnsigned Comparison Jumps

Instruction Description Jump Condition

JA / JNBE Jump if above (if op1>op2) CF=0 and ZF=0Jump if not below or equal

JAE / JNB Jump if above or equal CF=0Jump if not below

JB / JNAE Jump if below (if op1<op2) CF=1Jump if not above or equal

JBE / JNA Jump if below or equal CF=1 or ZF=1Jump if not above

Each of these instructions have 2 different mnemonics

We normally used them just after a CMP op1,op2 instruction and the jumping condition is given by a unsigned interpretation of the comparison

9

Signed Comparison JumpsSigned Comparison Jumps

Instruction Description Jump Condition

JG / JNLE Jump if greater (op1>op2) ZF=0 and SF=OFJump if not less or equal

JGE / JNL Jump if greater or equal SF=OFJump if not less

JL / JNGE Jump if less (if op1<op2) SF!=OFJump if not greater or equal

JLE / JNG Jump if less or equal ZF=1 or SF!=OFJump if not greater

Each of these instructions have 2 different mnemonics

We normally used them just after a CMP op1,op2 instruction and the jumping condition is given by a signed interpretation of the comparison

10

Using Comparison JumpsUsing Comparison Jumps

CMP is normally used before a comparison jump Ex: to branch to exit when AX > BX under a signed

interpretation (ex: AX=1, BX=FFFFh):cmp ax,bx

jg exit

But to branch to exit when AX > BX under a unsigned interpretation:

cmp ax,bx

ja exit

Note that the jump is not performed when AX=1 and BX =FFFFh

11

Unconditional JumpUnconditional Jump

Sometimes we need to jump without any condition

Just use the JMP instruction.

JMP destination

.386

.model flatinclude csi2121.inc

.code main: jmp over msg db "hello!",0over: putstr msg retend

12

Application: an Echo ProgramApplication: an Echo Program

The input buffer is initially empty. So getch returns only when the user press <CR>

The macro putch prints the first character entered.

When getch is executed again, then the next character in the input buffer is printed.

Hence this program echoes on the screen the user string entered on the keyboard

But if the user press <ctrl-z>, then getch returns –1 in eax and the program exits.

Try it!

.386

.model flatinclude csi2121.inc

.code main: getch cmp eax,-1 ;<ctrl-z> ? je exit ;yes then exit putch eax ;no, print char jmp mainexit: retend

13

File Redirection of I/OFile Redirection of I/O I/O operations done with macros in csi2121.inc can be

redirected to/from files. If the previous (executable) program is called echo1.exe, then

echo1 < infile > outfile Takes its input from the file infile and writes its output to the

file outfile If infile is a text file, then outfile will be an identical copy

because getch return –1 when the EOF is reached But if infile is a binary file, then outfile will generally not be

an identical copy because: getch returns –1 if it reads 1Ah (the ASCII code of <ctrl-z>)

from infile. So echo1 will exit on the first occurrence of 1Ah in infile

When getch reads 0Ah, putch will output 0Dh, 0Ah Each 0Dh on input will be ignored by getch

This does not occur in Unix and an equivalent C program that uses getchar() and putchar() can copy any file

14

Exercise 1Exercise 1

Without modifying the content of AX, write a sequence of 2 instructions that will transfer the execution to the instruction labeled by L1 when: (a) the signed value of AX is greater than –128 (b) the unsigned value of AX is lower or equal to

255 (c) AL contains an upper case letter (supposing

that AL always contains a letter) (d) AL contains an lower case letter (supposing that

AL always contains a letter)

15

High-Level Flow Control StructuresHigh-Level Flow Control Structures

High-level languages uses high-level structures such as if-then-else, case, while... to control the flow of execution algorithms are normally expressed in terms of

these high-level structures Processors only provide conditional and

unconditional jumps and loops thus we need to decompose the high-level control

flow structures into low-level ones We give here a few examples on how this can be

done by using jumps

16

If-Then-ElseIf-Then-Else

HLL Observation

If Condition {

Code-Block-1

} else {

Code-Block-2

}

The program branches to Code-Block-2 if Condition is False

•Assembler Observation

Jcc Code-Block-2

The program branches to Code-Block-2 if cc e.g.,JE or JNZ, is True

•Therefore HLL not Condition Assembler Jcc

17

If-Then-Else (If-Then-Else (Continued…Continued…))

Example:if (op1 < op2) then

statement 1

else

statement 2

end if Analysis:

there is a conditional jump (JXXX) to else when op1 >= op2there is a unconditional jump (JMP) from end of statement 1 to end_if

ASM solution for signed comparison:

cmp op1,op2

jge else_

;statement 1

jmp end_if

else_:

;statement 2

end_if: Note: “else” is a ASM

reserved word. We use “else_” instead

18

WhileWhile

Example :

do while (op1 < op2)

statement

end do

Analysis: JXXX to end_do when op1 >= op2JMP from end_do to while

ASM solution for an unsigned comparison:

do_while:

cmp op1,op2

jae end_do

;statement

jmp do_while

end_do:

19

CaseCase

Example:

case input of

‘A’ :DestA

‘B’ :DestB

‘C’ :DestC

end case

Analysis: CMP and JXXX for each case

ASM solution:

cmp input,’A’

jne L1

JMP DestA

L1:

cmp input,’B’

jne L2

JMP DestB

L2:

cmp input,’C’

jne L3

JMP DestC

L3:

20

Case Case ((Continued…Continued…))

Example:

case input of

‘A’ :DestA

‘B’ :DestB

‘C’ :DestC

end case

Analysis: CMP and JXXX for each case

ASM solution 2:

cmp input,’A’

jne L1

DestA Code

Jmp L3

L1:

cmp input,’B’

jne L2

DestB Code

Jmp L3

L2:

cmp input,’C’

jne L3

DestC Code

L3:

21

The LOOP InstructionThe LOOP Instruction

LOOP provides the easiest way to repeat a block of statements a specific number of times. Usage:

LOOP destination-label

where the destination-label must precede LOOP by less than 128 bytes of code This restriction does not exists for jumps

(conditional and unconditional)

The execution of LOOP produces the following sequence of events: (1) ECX is decremented by 1 (2) IF (ECX=0) THEN go to the instruction following

LOOP, ELSE go to destination-label

22

The LOOP Instruction (cont.)The LOOP Instruction (cont.)

Example: the following code fragment will print all the ASCII codes by starting with 7Fh:

mov ecx,7Fhnext: putch ecx loop next

If (instead) ECX would be initialized to zero, then:after executing the block for the 1st time, ECX would be decremented by 1 and thus contain 0FFFFFFFFh. the loop would thus be repeated again 0FFFFFFFFh times!!

Hence, if ECX contains an unspecified value, it is better to write:

;a loop to be ;executed ECX times

jecxz over

next:

putch ecx

loop next

over:

23

Conditional LoopsConditional Loops

LOOPZ and LOOPE continues a loop while ZF=1 and ECX!=0ECX is first decremented, then the condition is tested (a trivial extension of LOOP)

LOOPNZ and LOOPNE continues a loop while ZF=0 and ECX != 0

Syntax (same as LOOP):loop** dest-label

The dest-label must precede loop** by < 128 bytes

The following program will print character 20h before exiting

.386

.model flatinclude csi2121.inc

.code

main:

mov ecx,7Fh

next:putch ecxcmp ecx,20hloopnz next

ret

end

24

Exercise 2Exercise 2

Write a small piece of code that will display the character in AL iff it is an uppercase letter

Write a small piece of code that will count the number of characters in a user input line

25

Addressing ModesAddressing Modes

Operands specify the data to be used by an instruction An addressing mode refers to the way in which the data is

specified by an operand An operand is said to be direct when it specifies directly the

data to be used by the instruction. This is the case for imm, reg, and mem operands (see previous chapter)

An operand is said to be indirect when it specifies the address (in virtual memory) of the data to be used by the instruction

To specify to the assembler that an operand is indirect we enclose it between […]

Indirect addressing is a necessity when we want to manipulate values that are stored in large arrays because we need then an operand that can index (and run along) the array Ex: to compute an average of values

26

Register Indirect AddressingRegister Indirect Addressing

When a register contains the address of the value that we want to use for an instruction, we can provide [reg] for the operand This is called register indirect addressing The register must be 32 bits wide because offset addresses are

on 32 bits. Hence, we must use either EAX, EBX, ECX, EDX, ESI, EDI, ESP, EBP

Ex: Suppose that the double word located at address 100h contains 37A68AF2h. If ESI contains 100h, the next instruction will load EAX with the

double word located at address 100h:mov eax,[esi] ;EAX=37A68AF2h (indirect addressing)

In contrast, the next instruction will load EAX with the double word contained in ESI:

mov eax, esi ;EAX=100h (direct addressing)

27

Getting the Address of a Memory LocationGetting the Address of a Memory Location To use indirect register addressing we need a way to load a

register with the address of a memory location For this we can use the OFFSET operator. The next

instruction loads EAX with the offset address of the memory location named “result”

.dataresult dd 25

.codemov eax, offset result;EAX now contains the offset address of result

We can also use the LEA (load effective address) instruction to perform the same task

lea eax, result;EAX now contains the offset address of result

In contrast, the following transfers the content of the operand

mov eax, result ; EAX = 25

28

Ex: Summing the Elements of an ArrayEx: Summing the Elements of an Array

Register EBX holds the sum Register ECX holds the

number of elements to sum Register EAX holds the

address of the current double word elementWe say that EAX points to the current double word

ADD EBX, [EAX] increases EBX by the number pointed by EAX

When EAX is increased by 4, it points to the next double word

The sum is printed by

putint ebx

.386

.model flatinclude csi2121.inc .data arr dd 10,23,45,3,37,66 count dd 6 ;numb of elmts.code main: mov ebx, 0 ;holds the sum mov ecx, count mov eax, offset arrnext: add ebx,[eax] add eax,4 loop next putint ebx retend

29

The Type of an Indirect OperandThe Type of an Indirect Operand

The type of an indirect operand is determined by the assembler when it is used in an instruction that needs two operands of the same type. Ex:

mov eax,[ebx] ;a double word is movedmov ax,[ebx] ;a word is movedmov [ebx],ah ;a byte is moved

However, in some cases, the assembler cannot determine the type. Ex:

mov [eax],1 ;error Indeed, how many bytes should be moved at the address

contained in EAX? Sould we move 01h? or 0001h? or 00000001h ?? Here we

need to specify explicitly the type to the assembler The PTR operator forces the type of an operand. Hence:

mov byte ptr [eax], 1 ;moves 01hmov word ptr [eax], 1 ;moves 0001hmov dword ptr [eax], 1 ;moves 00000001hmov qword ptr [eax], 1 ;error, illegal op. size

30

The LABEL DirectiveThe LABEL Directive It gives a name and a size to an existing storage

location. It does not allocate storage. It must be used in conjunction with byte, word,

dword, qword....data

val16 label word ;no allocation

val32 dd 12345678h ;allocates storage

.code

mov eax,val32 ;EAX = 12345678h

mov ax,val32 ;error

mov ax,val16 ;AX = 5678h val16 is just an alias for the first two bytes of the

storage location val32

31

Indirect Addressing with DisplacementIndirect Addressing with Displacement

We can add a constant (positive or negative) and a variable name to a register indirect operand. These are called displacements.

Here are some forms that are permitted: .dataA dw 10,20,30,40,50,60.codemov ebp, offset Amov esi, 2mov ax, [ebp+4] ;AX = 30mov ax, 4[ebp] ;same as abovemov ax, [esi+A] ;AX = 20mov ax, A[esi] ;same as abovemov ax, A[esi+4] ;AX = 40Mov ax, [esi-2+A];AX = 10

We can also multiply by 1, 2, 4, or 8. Ex:mov ax, A[esi*2+2] ;AX = 40

32

Using Indirect Addressing with DisplacementUsing Indirect Addressing with Displacement

This is the same program as before for summing the elements of an array

Except that the loop now contains only this instruction

add ebx,arr[(ecx-1)*4]

It uses indirect addressing with displacement and a scaling factor

It should be more efficient than the previous program

.386

.model flatinclude csi2121.inc .data arr dd 10,23,45,3,37,66 count dd 6 ;numb of elmts.code main: mov ebx, 0 ;holds the sum mov ecx, countnext: add ebx,arr[(ecx-1)*4] loop next putint ebx retend

33

Indirect Addressing with Two Registers*Indirect Addressing with Two Registers* We can also use two registers. Ex:

.dataA DB 10,20,30,40,50,60.codemov eax, 2mov ebx, 3mov dh, [A+eax+ebx] ;DH = 60mov dh, A[eax+ebx] ;same as abovemov dh, A[eax][ebx] ;same as above

A two-dimensional array example: .data arr db 10h, 20h, 30h db 0Ah, 0Bh, 0Ch.code mov ebx, 3 ;choose 2nd row mov esi,2 ;choose 3rd column mov al, arr[ebx][esi] ;AL = 0Ch add ebx, offset arr ;EBX = address of arr+3 mov ah, [ebx][esi] ;AH = 0Ch

34

Exercise 3Exercise 3

We have the following data segment :.data

YOU dw 3421h, 5AC6h

ME dd 8AF67B11h

Given that MOV ESI, OFFSET YOU has just been executed, write the hexadecimal content of the destination operand immediately after the execution of each instruction below:

MOV BH, BYTE PTR [ESI+1] ; BH =

MOV BH, BYTE PTR [ESI+2] ; BH =

MOV BX, WORD PTR [ESI+6] ; BX =

MOV BX, WORD PTR [ESI+1] ; BX =

MOV EBX, DWORD PTR [ESI+3] ; EBX =

35

Exercise 4Exercise 4 Given the data segment

.DATAA DW 1234HB LABEL BYTE DW 5678HC LABEL WORDC1 DB 9AHC2 DB 0BCH

Tell whether the following instructions are legal, if so give the number moved

MOV AX,BMOV AH,BMOV CX,CMOV BX, WORD PTR BMOV DL, WORD PTR CMOV AX, WORD PTR C1MOV BX,[C]MOV BX,C