CHAPTER 4
A PROGRAMMER'S VIEW OF
COMPUTER ORGANIZATION
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Two Alternative Input/Output
Configurations
I/O
CPU
CPU
Memory
Memory
I/O
CPU
coordinates
transfer
between I/O
and memory.
Direct Memory
Access (DMA).
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Central Processing Unit and
Main Memory of a Computer.
Operations
performed
here.
Address
Bus
CPU
Control
Bus
Data Bus
Memory
Operands and
results are
stored here.
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
The Central Processing Unit
Control Unit
Program Counter
Memory Address
Register
Instruction
Register
Memory Data
Register
Instruction Decoder
General Purpose
Registers
Address Bus
Data Bus
Control Bus
Arithmetic and
Logic Unit (ALU)
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
ALU Data Paths for Dyadic Operations
Using a Single Accumulator Register.
Operand #1: Current
contents of accumulator
A
Result: Replaces old
contents of accumulator
Memory
Data Bus
B
ALU
Operand #2: Read
from memory
Accumulator
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
result  op1 + op2
Single Accumulator Machine:
ACC  MEM[adrs_of_op1]
ACC  ACC + MEM[adrs_of_op2]
MEM[adrs_of_result]  ACC
Register Machine:
REG[r]  MEM[adrs_of_op1]
REG[r]  REG[r] + MEM[adrs_of_op2]
MEM[adrs_of_result]  REG[r]
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
The Fetch-Execute Cycle
Program counter
provides the address.
Fetch The Next
Instruction
Additional instruction bytes
retrieved here as necessary.
Execute the
Fetched
Instruction
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
The Fetch Phase
1.
2.
3.
4.
5.
6.
Memory_Address_Bus  Program_Counter
Start Memory Read Operation
Increment Program_Counter
Wait for Memory Read to Complete
Instruction_Register  Memory_Data_Bus
Go to execute phase.
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
The Fetch Phase
Program Counter
+1
1001
1000
Main Memory
Address
Instruction Register
LDA
[x]
1000
1001
1002
Data
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
LDA
ADD
STA
[x]
[y]
[z]
Control Flow Portion of a CPU
Memory Data Bus
Memory Address Bus
Control Unit
(Opcode decoding
and sequencing)
Branch Address
+1
Program
Counter
Control
Signals
Opcode bits.
Instruction
Register
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
The Intel Processor Family
Processor
Year
MIPS
CPU
Frequency
Register Size
Data Bus
Address Space
CPU Cache
8086
1978
0.8
8.0 MHz
16
16
1 MB
None
286
1982
2.7
12.5 MHz
16
16
16 MB
None
386
1985
6.0
20 MHz
32
32
4 GB
None
486
1989
20
25 MHz
32
32
4 GB
8 KB L1
Pentium
1993
100
60 MHz
32
64
4 GB
16 KB L1
Pentium Pro
1995
440
200 MHz
32
64
64 GB
16 KB L1;
512 KB L2
Pentium II
1997
466
266
32
64
64 GB
32 KB L1;
512 KB L2
Pentium III
1999
1000
500
32
64
64 GB
32 KB L1;
512 KB L2
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Operating Modes of Intel IA
• Real-address Mode: This mode corresponds to
the original 8086 processor and is supported by all
processors in the IA family. It is the initial
operating mode when a hardware reset signal is
applied to the processor at start-up. Only a limited
number of processor features are available in real
mode and the physical address space is limited to
one megabyte.
• Protected Mode
• System Management Mode
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Operating Modes of Intel IA
• Real-address Mode
• Protected Mode: This mode was originally
introduced with the Intel 286, and later enhanced
in the Intel 386. Protected mode offers greater
performance than real mode. All of the features of
the processor are available and a much larger
physical address space.
• System Management Mode
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Operating Modes of Intel IA
• Real-address Mode
• Protected Mode
• System Management Mode: This mode was
originally introduced with the Intel 386SL. This
mode is primarily used to implement power
management and system security. It is not
described in this text.
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Four Types of Instruction Operands
1. A constant embedded within the
instruction representation, or
2. The contents of a register, or
3. The contents of a memory location, or
4. The contents of an I/O port.
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Instruction Formats
Operand Fields
0
1
2
Example
Description
CLC
Clear the carry flag to 0.
INC
AX
Increment contents of register AX
MOV AX,BX Copy contents of BX into AX.
“Destination” operand
“Source” operand
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
General Purpose Registers
31
16
15
0
(E)AX: Accumulator
MSW of EAX
AH
AL
(E)BX: Base Register
MSW of EBX
BH
BL
(E)CX: Count Register
MSW of ECX
CH
CL
(E)DX: Data Register
MSW of EDX
DH
DL
(E)SP: Stack Pointer
MSW of ESP
SP
(E)BP: Base Pointer
MSW of EBP
BP
(E)SI: Source Index
MSW of ESI
SI
(E)DI: Destination Index
MSW of EDI
DI
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Segment Registers
“Hidden” Part
79
“Visible” Part
16 15
0
CS
DS
SS
ES
Copies of GDT entries
corresponding to value
of segment selectors
(not used in Real Mode)
Segment Selector
FS
GS
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
EFlags and EIP Registers
0
31
(E)Flags Register:
MSW of EFLAGS
FLAGS
MSW of EIP
IP
(E)IP: Instruction Pointer
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Flags Register
15
14
13
12
Flag
Overflow
Direction
Interrupt Enable
Trap
Sign
Zero
Auxiliary Carry
Parity
Carry
11
10
9
8
7
6
5
4
OF
DF
IF
TF
SF
ZF
Bit
11
10
9
8
7
6
4
2
0
Description
Previous result caused arithmetic overflow.
1 = auto-decrement, 0 = auto-increment.
Interrupts are enabled
Single step mode enabled
Previous result was negative
Previous result was zero
Previous result produced a BCD carry
Previous result had even parity
Previous result produced a carry put of MSB
AF
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
3
2
1
PF
0
CF
Byte Ordering of 32-bit Value
With Little Endian Format.
32-bit value = 1234567816
0001 0010
0011 0100
0101 0110
0111 1000
Byte N+3
Byte N+2
Byte N+1
Byte N
In little endian format, the address of a 32-bit
quantity is the same as the address of its least
significant byte.
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
The Stack
Instruction
sequence:
Address
PUSH EBX
SS:[ESP+10]
value from
EBX(32 bits)
PUSH AX
SS:[ESP+8]
value from AX
(16 bits)
PUSH CS
SS:[ESP+4]
value from CS
(32 bits)
PUSH EDX
SS:[ESP]
Memory contents
value from EDX
(32 bits)
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Stack
"grows"
downward.

 Top of stack
Real-Mode Addressing
16-bit segment
0000
12 MSBs of offset
padded with four 0's
on the left
16-bit offset
4 LSBs
of offset
16-bit Adder
16 MSBs
of result
4 LSBs
of result
20-bit physical address
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Real-Mode Addressing
The segment value establishes a reference
point to the beginning of a 64kb block of
memory; the offset is a positive
displacement from this reference.
Memory
Operand
8B40316
Offset = 012316
Segment = 8B2E16
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
8B2E016
Instruction Operands
Constant
• Immediate Mode
– Embedded within
representation of
instruction.
Register
• Register Mode
Memory Location
• Real Mode:
Address = RB + RI + constant
• Protected Mode:
Address = R1 + C1  R2 + C2
I/O Port
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Immediate Mode
(Example: MOV AX,12345)
opcode
16-bit operand
Operand is embedded within
instruction representation.
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Instruction Operands
Constant
• Immediate Mode
– Embedded within
representation of
instruction.
Register
• Register Mode
Memory Location
• Real Mode:
Address = RB + RI + constant
• Protected Mode:
Address = R1 + C1  R2 + C2
I/O Port
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Register Mode
(Example: MOV AX,CX)
opcode
code
Instruction has code to select
register contents as operand
AH
CH
AX
SI
DS
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
registers
AL BH
CL DH
BX CX
DI
SP
CS SS
BL
DL
DX
BP
ES
Instruction Operands
Constant
• Immediate Mode
– Embedded within
representation of
instruction.
Register
• Register Mode
Memory Location
• Real Mode:
Address = RB + RI + constant
• Protected Mode:
Address = R1 + C1  R2 + C2
I/O Port
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
ADDRESSING MEMORY
IN
REAL MODE
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Real-Mode Addressing
Base
Index
BX
SI
BP
None
+
DI
Constant
16-bit
+
None
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
8-bit
None
Direct Addressing Mode
(Example: MOV AX,[TOTAL])
opcode
16-bit offset
Instruction provides
offset
memory
operand
Address = RB + RI + constant
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Register Indirect Mode
(Example: MOV AX,[BX])
opcode
code
memory
BX, BP, SI, or DI
Register provides offset
or
Address = RB + RI + constant
Address = RB + RI + constant
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
operand
Indexed and Based Address Mode
(Example: MOV AX,[BX+3])
opcode
code
Code selects
register to use
displacement
Offset is sum of selected
register and displacement.
+
BX, BP, SI, DI
memory
operand
Based: BX or BP
Indexed: SI or DI
Address = RB + RI + constant
or
Address = RB + RI + constant
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Based-indexed Address Mode
(Example: MOV AX,[BX+SI+3])
opcode
code
code
displacement
BX or BP
memory
+
SI or DI
Address = RB + RI + constant
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
operand
ADDRESSING MEMORY
IN
PROTECTED MODE
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
How Segment Registers are Used
GDTR Register
Global Descriptor Table
Physical Address (& Length)
of Global Descriptor Table
Resides in
Main Memory
32
bits
Segment Start Address
+
32 bits
...
Segment Register
16
bits
16-bit Segment Selector
+
32-bit offset from effective address calculation
32 bits
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Physical
Address
The Flat Memory Model
• GDT configured so that all segments start at
physical address zero and have a size of 4GB.
• There's a one-to-one correspondence between
physical addresses and the 32-bit offsets produced
by effective address calculations.
• Memory looks like a single continuous space,
called a linear address space.
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Instruction Operands
Constant
• Immediate Mode
– Embedded within
representation of
instruction.
Register
• Register Mode
Memory Location
• Real Mode:
Address = RB + RI + constant
• Protected Mode:
Address = R1 + C1  R2 + C2
I/O Port
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Protected-Mode Addressing
Base
Index
EAX
EBX
ECX
EDX
ESI
EDI
EBP
ESP
None
EAX
EBX
ECX
EDX
ESI
EDI
EBP
None
+

Scale Factor
Displacement
1
None
2
8-bit
3
+
4
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
16-bit
32-bit
Restrictions: MOV dst,src
• No more than 1 operand
in memory.
• Only 8, 16, or 32 bit
operands.
• No more than 1 operand
in a segment register.
• Operand sizes must
match (or else extend
the length using
MOVSX or MOVZX).
• If destination is a segment register, source cannot
be an immediate constant.
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Operand Sizes
May be implicit:
INC EAX
– Size of register EAX is 32 bits.
May be inferred:
MOV AL,[EBX]
– AL is 8 bits, so register EBX contains the address of
an 8-bit memory operand.
May be explicit:
INC DWORD [EBX]
– Ambiguous without “DWORD”!
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Real Mode Defaults
• Address Field of Instructions is 16 bits
– Precede instruction by 0x67 to use 32 bits:
DB 67H
MOV AX,[BX]
Equivalent to MOV AX,[EBX]
• Operands are either 8 or 16 bits
– Precede instruction by 0x66 to use 32 bits:
DB 66H
MOV AX,[BX]
Equivalent to MOV EAX,[BX]
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Protected Mode Defaults
• Address Field of Instructions is 32 bits
– Precede instruction by 0x67 to use 16 bits:
DB 67H
MOV EAX,[EBX]
Equivalent to MOV EAX,[BX]
• Operands are either 8 or 32 bits
– Precede instruction by 0x66 to use 16 bits:
DB 66H
MOV EAX,[EBX]
Equivalent to MOV AX,[EBX]
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
16 vs. 32-bit Operands
Real Mode
PUSH AX
Protected Mode
0101 0000
PUSH EAX
Prefix Byte
(66h)
PUSH EAX
0110 0110
0101 0000
PUSH AX
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
16 vs. 32-bit Operands
Real Mode
MOV AX,imm16
(2 bytes follow)
MOV EAX,imm32
(4 bytes follow)
Protected Mode
1011 1000
Prefix Byte
(66h)
0110 0110
1011 1000
MOV EAX,imm32
(4 bytes follow)
MOV AX,imm16
(2 bytes follow)
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
16 vs. 32-bit Address Field
Real Mode
MOV
AX,[mem16]
Protected Mode
1010 0001
(2-byte adrs field)
MOV AX,[mem32]
(4-byte adrs field)
Prefix Byte
(67h)
0110 0111
1010 0001
MOV
EAX,[mem32]
(4-byte adrs field)
MOV
EAX,[mem16]
(2-byte adrs field)
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Data Movement Instructions
MOV dst,src
LEA reg32,mem
MOVZX reg32,src
MOVSX reg32,src
XCHG dst,src
; dst  src
; reg32  offset32 (mem)
; reg32  zero extended src
; reg32  sign extended src
; temp  dst
dst  src
src  temp
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Stack Instructions
PUSH src16
; ESP  ESP-2, MEM[SS:ESP]  src16
PUSH src32
PUSHF
PUSHA
; ESP  ESP-4, MEM[SS:ESP]  src32
; ESP  ESP-4, MEM[SS:ESP]  EFlags
; Pushes EAX, ECX, EDX, EBX, ESP, EBP, ESI, EDI
POP dst16
POP dst32
POPF
POPA
; dst16  MEM[SS:ESP], ESP  ESP+2
; dst32  MEM[SS:ESP], ESP  ESP+4
; EFlags  MEM[SS:ESP], ESP  ESP+4
; Pops EDI, ESI, EBP, skip, EBX, EDX, ECX, EAX
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Arithmetic Instructions
ADD dst,src
ADC dst,src
SUB dst,src
SBB dst,src
INC dst
DEC dst
NEG dst
MUL src ; unsigned
IMUL src ; signed
DIV src ; unsigned
IDIV src ; signed
CBW
CWD/CDQ
CMP dst,src
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Extended Precision ADD/SUB
MOV
instructions
have no
effect on
EFlags!
MOV
EAX,[x]
ADD
EAX,[y]
MOV
[z],EAX
MOV
EAX,[x+4]
ADC
EAX,[y+4]
MOV
[z+4],EAX
63
32 31
[x+4]
63
0
[x]
32 31
[y+4]
63
0
[y]
32 31
[z+4]
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
0
[z]
MUL & IMUL
Example
Operation
Product
MUL src8
AL  src8
AX
MUL src16
AX  src16
DX.AX
MUL src32
EAX  src32
EDX.EAX
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
DIV & IDIV
Example
Operation
DIV src8
AX  src8
AL
AH
DIV src16
DX.AX  src16
AX
DX
EAX
EDX
DIV src32 EDX.EAX  src32
Quotient Remainder
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
CBW, CWD, & CDQ
Opcode
Source
Destination
CBW
AL
AX
CWD
AX
DX.AX
CDQ
EAX
EDX.EAX
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Signed vs. Unsigned Division
unsigned int a, b, c ;
…
signed int a, b, c ;
…
a=b/c;
a=b/c;
MOV EAX,[b]
SUB EDX,EDX
DIV DWORD [c]
MOV [a],EAX
MOV EAX,[b]
CDQ
IDIV DWORD [c]
MOV [a],EAX
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Bitwise Logical Instructions
AND
OR
XOR
NOT
TEST
dst,src
dst,src
dst,src
dst
dst,src
; dst  dst & src
; dst  dst | src
; dst  dst ^ src
; dst  ~dst
; dst & src
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Shift Instructions: opc dst,count
RCL:
RCR:
ROL:
ROR:
SAL:
0
SAR:
SHL:
0
SHR:
0
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
64-bit Logical Right Shift
63
32
Step #1:
CF
SHR [X+4],1
[x+4]
31
Step #2:
0
RCR [X],1
CF
[x]
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Conditional Jump Instructions
Signed Tests:
JG/JNLE label
JGE/JNL label
JL/JNGE label
JLE/JNG label
Unsigned Tests:
JA/JNBE label
JAE/JNB label
JB/JNAE label
JBE/JNA label
Equality Tests:
JE/JZ
label
JNE/JNZ label
Other Tests:
JC, JNC, JO, JNO, JS,
JNS, JPO, JNP, JECXZ
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.
Other Jump Instructions
Unconditional:
JMP label
JMP regptr
JMP memptr
Loops (count in register ECX):
LOOP
short-label
LOOPE/LOOPZ
short-label
LOOPNE/LOOPNZ
short-label
Copyright © 2000, Daniel W. Lewis. All Rights Reserved.