Computer Organization and Assembly language

Chapter 4- Data Transfers, Addressing, and Arithmetic

Assembly language for x86 processors
Kip Irivine

Dr. Danish Mahmood

SZABIST- Isamabad.
RECAP
 x86 architecture
• The x86 architecture has 8 General-Purpose
Registers (GPR), 6 Segment Registers, 1 Flags
Register and an Instruction Pointer. 64-bit x86 has
additional registers.
 General-Purpose Registers (GPR)
16-bit naming conventions
• The 8 GPRs are:
• Accumulator register (AX). Used in arithmetic operations
• Counter register (CX). Used in shift/rotate instructions and loops.
• Data register (DX). Used in arithmetic operations and I/O operations.
• Base register (BX). Used as a pointer to data (located in segment register DS,
when in segmented mode).
• Stack Pointer register (SP). Pointer to the top of the stack.
• Stack Base Pointer register (BP). Used to point to the base of the stack.
• Source Index register (SI). Used as a pointer to a source in stream operations.
• Destination Index register (DI). Used as a pointer to a destination in stream
operations.

All registers can be accessed in 16-bit and 32-bit modes. In 16-bit mode,
the register is identified by its two-letter abbreviation from the list above. In
32-bit mode, this two-letter abbreviation is prefixed with an 'E' (extended).
For example, 'EAX' is the accumulator register as a 32-bit value. Similarly,
in the 64-bit version, the 'E' is replaced with an 'R' (register), so the 64-bit
version of 'EAX' is called 'RAX'.
 General-purpose registers (64-bit
naming conventions)
• 64-bit x86 adds 8 more general-purpose registers,
named R8, R9, R10 and so on up to R15.
• R8D–R15D are the lowermost 32 bits of each register.
• R8W–R15W are the lowermost 16 bits of each register.
• R8B–R15B are the lowermost 8 bits of each register.
• As well, 64-bit x86 includes SSE2, so each 64-bit x86
CPU has at least 8 registers (named XMM0–XMM7)
that are 128 bits wide, but only accessible through 
SSE instructions.
Identifiers to access registers
 Segment Registers
• The 6 Segment Registers are:
• Stack Segment (SS). Pointer to the stack.
• Code Segment (CS). Pointer to the code.
• Data Segment (DS). Pointer to the data.
• Extra Segment (ES). Pointer to extra data ('E' stands for 'Extra').
• F Segment (FS). Pointer to more extra data ('F' comes after 'E').
• G Segment (GS). Pointer to still more extra data ('G' comes after
'F').
 EFLAGS Register
• The EFLAGS is a 32-bit register used as a collection
of bits representing Boolean values to store the
results of operations and the state of the processor.
EFLAGS Register
 Instruction Pointer
• The EIP register contains the address of
the next instruction to be executed if no branching is
done.
• EIP can only be read through the stack after a call
instruction.
Addressing modes
 Stack Operation
The stack is a Last In First Out (LIFO) data structure;
data is pushed onto it and popped off of it in the reverse
order.
 Assembly Language for Intel-Based
Computers
Kip R. Irvine

Chapter 4: Data Transfers,

Addressing, and Arithmetic

(c) Pearson Education, 2003. All rights reserved. You may modify and copy this slide show for your personal use, or for
use in the classroom, as long as this copyright statement, the author's name, and the title are not changed.
 Chapter Overview

• Data Transfer Instructions

• Addition and Subtraction
• Data-Related Operators and Directives
• Indirect Addressing
• JMP and LOOP Instructions
 Data Transfer Instructions

• Operand Types
• Instruction Operand Notation
• Direct Memory Operands
• MOV Instruction
• Zero & Sign Extension
• XCHG Instruction
• Direct-Offset Instructions
 Operand Types

• Three basic types of operands:

• Immediate – a constant integer (8, 16, or 32 bits)
• value is encoded within the instruction
• Register – the name of a register
• register name is converted to a number and encoded
within the instruction
• Memory – reference to a location in memory
• memory address is encoded within the instruction, or a
register holds the address of a memory location
Instruction Operand Notation
 Direct Memory Operands
• A direct memory operand is a named reference to
storage in memory
• The named reference (label) is automatically
dereferenced by the assembler

.data
var1 BYTE 10h
.code
mov al,var1 ; AL = 10h
mov al,[var1] ; AL = 10h

alternate format
 MOV Instruction
• Move from source to destination. Syntax:
MOV destination,source
• Both operands must be the same size
• No more than one memory operand permitted
• CS, EIP, and IP cannot be the destination
• No immediate to segment moves

.data
count BYTE 100
wVal WORD 2
.code
mov bl,count
mov ax,wVal
mov count,al
mov al,wVal ; error
mov ax,count ; error
mov eax,count ; error
 Your turn . . .
Explain why each of the following MOV statements are invalid:

.data
bVal BYTE 100
bVal2 BYTE ?
wVal WORD 2
dVal DWORD 5
.code
mov ds,45 immediate move to DS not permitted
mov esi,wVal
mov eip,dVal size mismatch
mov 25,bVal EIP cannot be the destination
mov bVal2,bVal immediate value cannot be destination
memory-to-memory move not permitted
 Zero Extension
When you copy a smaller value into a larger destination, the
MOVZX instruction fills (extends) the upper half of the destination
with zeros.
0 10001111 Source

00000000 10001111 Destination

mov bl,10001111b
movzx ax,bl ; zero-extension

The destination must be a register.

 Sign Extension
The MOVSX instruction fills the upper half of the destination
with a copy of the source operand's sign bit.
10001111 Source

11111111 10001111 Destination

mov bl,10001111b
movsx ax,bl ; sign extension

The destination must be a register.

 XCHG Instruction
XCHG exchanges the values of two operands. At least one
operand must be a register. No immediate operands are
permitted.
.data
var1 WORD 1000h
var2 WORD 2000h
.code
xchg ax,bx ; exchange 16-bit regs
xchg ah,al ; exchange 8-bit regs
xchg var1,bx ; exchange mem, reg
xchg eax,ebx ; exchange 32-bit regs

xchg var1,var2 ; error: two memory operands

 Direct-Offset Operands
A constant offset is added to a data label to produce an
effective address (EA). The address is dereferenced to get the
value inside its memory location.

.data
arrayB BYTE 10h,20h,30h,40h
.code
mov al,arrayB+1 ; AL = 20h
mov al,[arrayB+1] ; alternative notation
 Your turn. . .
Write a program that rearranges the values of three doubleword
values in the following array as: 3, 1, 2.
.data
arrayD DWORD 1,2,3

Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.

25
 Solution
Write a program that rearranges the values of three doubleword
values in the following array as: 3, 1, 2.
.data
arrayD DWORD 1,2,3

• Step1: copy the first value into EAX and exchange it with the
value in the second position.

mov eax,arrayD
xchg eax,[arrayD+4]

• Step 2: Exchange EAX with the third array value and copy the
value in EAX to the first array position.

xchg eax,[arrayD+8]
mov arrayD,eax

26
 Addition and Subtraction

• INC and DEC Instructions

• ADD and SUB Instructions
• NEG Instruction
• Implementing Arithmetic Expressions
• Flags Affected by Arithmetic
• Zero
• Sign
• Carry
• Overflow
 INC and DEC Instructions

• Add 1, subtract 1 from destination operand

• operand may be register or memory
• INC destination
• Logic: destination  destination + 1
• DEC destination
• Logic: destination  destination – 1
 INC and DEC Examples

.data
myWord WORD 1000h
myDword DWORD 10000000h
.code
inc myWord ; 1001h
dec myWord ; 1000h
inc myDword ; 10000001h

mov ax,00FFh
inc ax ; AX = 0100h
mov ax,00FFh
 Your turn...
Show the value of the destination operand after each of the
following instructions executes:

.data
myByte BYTE 0FFh, 0
.code
mov al,myByte ; AL =
mov ah,[myByte+1] ; AH = FFh
00h
dec ah ; AH =
inc al ; AL = FFh
00h
dec ax ; AX =
FEFF
 ADD and SUB Instructions

• ADD destination, source

• Logic: destination  destination + source
• SUB destination, source
• Logic: destination  destination – source
• Same operand rules as for the MOV
instruction
• Source remains unchanged
• Both operands must be of the same size
• Cannot be both mem operands at the same
time

• ADD and SUB affect all status flags

 ADD and SUB Examples

.data
var1 DWORD 10000h
var2 DWORD 20000h
.code ; ---EAX---
mov eax,var1 ; 00010000h
add eax,var2 ; 00030000h
add ax,0FFFFh ; 0003FFFFh
add eax,1 ; 00040000h
sub ax,1 ; 0004FFFFh
 Evaluate this . . .
• We want to write a program that adds the following three bytes:
.data
myBytes BYTE 80h,66h,0A5h

• What is your evaluation of the following code?

mov al,myBytes
add al,[myBytes+1]
add al,[myBytes+2]

• What is your evaluation of the following code?

mov ax,myBytes
add ax,[myBytes+1]
add ax,[myBytes+2]

• Any other possibilities?

 NEG (negate) Instruction
Reverses the sign of an operand. Operand can be a register or
memory operand.

.data
valB BYTE -1
valW WORD +32767
.code
mov al,valB ; AL = -1
neg al ; AL = +1
neg valW ; valW = -32767

Suppose AX contains –32,768 and we apply NEG to it. Will

the result be valid?
 NEG Instruction and the Flags

The processor implements NEG using the following internal

operation:
SUB 0,operand
Any nonzero operand causes the Carry flag to be set.

.data
valB BYTE 1,0
valC SBYTE -128
.code
neg valB ; CF = 1, OF = 0
neg [valB + 1] ; CF = 0, OF = 0
neg valC ; CF = 1, OF = 1
 Implementing Arithmetic Expressions
HLL compilers translate mathematical expressions into
assembly language. You can do it also. For example:
Rval = -Xval + (Yval – Zval)

Rval DWORD ?
Xval DWORD 26
Yval DWORD 30
Zval DWORD 40
.code
mov eax,Xval
neg eax ; EAX = -26
mov ebx,Yval
sub ebx,Zval ; EBX = -10
add eax,ebx
mov Rval,eax ; -36
 Your turn...
Translate the following expression into assembly language. Do
not permit Xval, Yval, or Zval to be modified:
Rval = Xval - (-Yval + Zval)

Assume that all values are signed doublewords.

mov ebx,Yval
neg ebx
add ebx,Zval
mov eax,Xval
sub eax,ebx
mov Rval,eax
 Signed and Unsigned Integers
A Hardware Viewpoint
• All CPU instructions operate exactly the same on
signed and unsigned integers

• The CPU cannot distinguish between signed and

unsigned integers

• YOU, the programmer, are solely responsible for

using the correct data type with each instruction

• You are also responsible for determining/using the

correct interpretation of the results of operations
 Flags Affected by Arithmetic

• The ALU has a number of status flags that reflect the

outcome of arithmetic (and bitwise) operations
• based on the contents of the destination operand
• Essential flags:
• Zero flag – set when destination equals zero
• Sign flag – set when destination is negative
• Carry flag – set when unsigned value is out of range
• Overflow flag – set when signed value is out of range
• The MOV instruction never affects the flags.
 Zero Flag (ZF)

The Zero flag is set when the result of an operation produces

zero in the destination operand.

mov cx,1
sub cx,1 ; CX = 0, ZF = 1
mov ax,0FFFFh
inc ax ; AX = 0, ZF = 1
inc ax ; AX = 1, ZF = 0

Remember...
• A flag is set when it equals 1.
• A flag is clear when it equals 0.
 Sign Flag (SF)
The Sign flag is set when the destination operand is negative.
The flag is clear when the destination is positive.
mov cx,0
sub cx,1 ; CX = -1, SF = 1
add cx,2 ; CX = 1, SF = 0

The sign flag is a copy of the destination's highest bit:

mov al,0
sub al,1 ; AL = 11111111b, SF = 1
add al,2 ; AL = 00000001b, SF = 0
 Overflow and Carry Flags
A Hardware Viewpoint
• How the ADD instruction modifies OF and CF:
• OF = (carry out of the MSB) XOR (carry into the MSB)
• CF = (carry out of the MSB)

• How the SUB instruction modifies OF and CF:

• NEG the source and ADD it to the destination
• OF = (carry out of the MSB) XOR (carry into the MSB)
• CF = INVERT (carry out of the MSB)

MSB = Most Significant Bit (high-order bit)

XOR = eXclusive-OR operation
NEG = Negate (same as SUB 0,operand )

Added Slide. Gerald Cahill, Antelope Valley College

 Carry Flag (CF)
The Carry flag is set when the result of an operation generates an
unsigned value that is out of range (too big or too small for the
destination operand).

mov al,0FFh
add al,1 ; CF = 1, AL = 00

; Try to go below zero:

mov al,0
sub al,1 ; CF = 1, AL = FF
 Your turn . . .
For each of the following marked entries, show the values of
the destination operand and the Sign, Zero, and Carry flags:

mov ax,00FFh
add ax,1 ; AX= SF= ZF= CF=
0100h 0 0 0
sub ax,1 ; AX= SF= ZF= CF=
add al,1 ; AL= 00FFh SF= 0 ZF= 0 CF= 0
00h 0 1 1
mov bh,6Ch
add bh,95h ; BH= SF= ZF= CF=
01h 0 0 1
mov al,2
sub al,3 ; AL= SF= ZF= CF=
FFh 1 0 1
 Overflow Flag (OF)

The Overflow flag is set when the signed result of an operation is

invalid or out of range.

; Example 1
mov al,+127
add al,1 ; OF = 1, AL = ??

; Example 2
mov al,7Fh ; OF = 1, AL = 80h
add al,1

The two examples are identical at the binary level because 7Fh
equals +127. To determine the value of the destination operand,
it is often easier to calculate in hexadecimal.
 Your turn . . .
What will be the values of the given flags after each operation?

mov al,-128
neg al ; CF = 1 OF = 1

mov ax,8000h
add ax,2 ; CF = 0 OF = 0

mov ax,0
sub ax,2 ; CF = 1 OF = 0

mov al,-5
sub al,+125 ; OF =
1
 JMP Instruction
• JMP is an unconditional jump to a label that is usually within
the same procedure.
• Syntax: JMP target
• Logic: EIP  target
• Example:
top:
.
.
jmp top

A jump outside the current procedure must be to a special type of

label called a global label (see Section 5.5.2.3 for details).
 LOOP Instruction
• The LOOP instruction creates a counting loop
• Syntax: LOOP target
• Logic:
• ECX  ECX – 1
• if ECX != 0, jump to target
• Implementation:
• The assembler calculates the distance, in bytes, between
the offset of the following instruction and the offset of the
target label. It is called the relative offset.
• The relative offset is added to EIP.
 LOOP Example
The following loop calculates the sum of the integers
5 + 4 + 3 +2 + 1:
offset machine code source code
00000000 66 B8 0000 mov ax,0
00000004 B9 00000005 mov ecx,5

00000009 66 03 C1 L1: add ax,cx

0000000C E2 FB loop L1
0000000E

When LOOP is assembled, the current location = 0000000E (offset of

the next instruction). –5 (FBh) is added to the the current location,
causing a jump to location 00000009:
00000009  0000000E + FB
 Your turn . . .

If the relative offset is encoded in a single signed byte,

(a) what is the largest possible backward jump?
(b) what is the largest possible forward jump?

(a) -128
(b) +127
 Your turn . . .
mov ax,6
mov ecx,4
What will be the final value of AX? L1:
inc ax
10 loop L1

mov ecx,0
How many times will the loop X2:
execute? inc ax
4,294,967,296= loop X2
2^32
 Nested Loop
If you need to code a loop within a loop, you must save the
outer loop counter's ECX value. In the following example, the
outer loop executes 100 times, and the inner loop 20 times.

.data
count DWORD ?
.code
mov ecx,100 ; set outer loop count
L1:
mov count,ecx ; save outer loop count
mov ecx,20 ; set inner loop count
L2: .
.
loop L2 ; repeat the inner loop
mov ecx,count ; restore outer loop
count
loop L1 ; repeat the outer loop
 Summing an Integer Array
The following code calculates the sum of an array of 16-bit
integers.

.data
intarray WORD 100h,200h,300h,400h
.code
mov edi,OFFSET intarray ; address of intarray
mov ecx,LENGTHOF intarray ; loop counter
mov ax,0 ; zero the accumulator
L1:
add ax,[edi] ; add an integer
add edi,TYPE intarray ; point to next integer
loop L1 ; repeat until ECX = 0
 Your turn . . .

What changes would you make to the

program on the previous slide if you were
summing a doubleword array?
 Copying a String

The following code copies a string from source to target:

.data
source BYTE "This is the source string",0
good use of
target BYTE SIZEOF source DUP(0) SIZEOF

.code
mov esi,0 ; index register
mov ecx,SIZEOF source ; loop counter
L1:
mov al,source[esi] ; get char from source
mov target[esi],al ; store it in the target
inc esi ; move to next character
loop L1 ; repeat for entire string
 Your turn . . .

Rewrite the program shown in the

previous slide, using indirect addressing
rather than indexed addressing.
The End