Transcript Chapter 6

Assembly Language for x86 Processors
6th Edition
Kip R. Irvine
Chapter 6: Bitwise Instructions
Slides prepared by the author
Revision date: 2/15/2010
(c) Pearson Education, 2010. All rights reserved. You may modify and copy this slide show for your personal use, or for
use in the classroom, as long as this copyright statement, the author's name, and the title are not changed.
Status Flags - Review
• The Zero flag is set when the result of an operation equals zero.
• The Carry flag is set when an instruction generates a result that is
too large (or too small) for the destination operand.
• The Sign flag is set if the destination operand is negative, and it is
clear if the destination operand is positive.
• The Overflow flag is set when an instruction generates an invalid
signed result (bit 7 carry is XORed with bit 6 Carry).
• The Parity flag is set when an instruction generates an even
number of 1 bits in the low byte of the destination operand.
• The Auxiliary Carry flag is set when an operation produces a carry
out from bit 3 to bit 4
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
2
Logic Instructions
 Syntax for AND, OR, XOR, and TEST instructions:
op-code destination, source
 They perform the Boolean bitwise operation and store the result into
destination.
 TEST is just an AND but the result is not stored. TEST affects the
flags just like AND does.
 Both operands must be of the same type
 either byte, word or dword
 Both operands cannot be mem
 again: mem to mem operations are forbidden
 They clear (ie: put to zero) CF and OF
 They affect SF and ZF according to the result of the operation (as
3 usual)
Logic Instructions
AND Instruction
• Performs a Boolean AND operation between each
pair of matching bits in two operands
• Syntax:
AND destination, source
AND
(same operand types as MOV)
00111011
AND 0 0 0 0 1 1 1 1
cleared
00001011
unchanged
0 clears a bit and 1 conserves a bit
• The source is often an imm operand called a bit
mask: used to fix certain bits to 0 or 1
AND al,7Fh
;msb of AL is cleared
since 7Fh = 0111 1111b
4
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
Logic Instructions
OR Instruction
• Performs a Boolean OR operation between each pair
of matching bits in two operands
• Syntax:
OR destination, source
OR
00111011
OR 0 0 0 0 1 1 1 1
unchanged
00111111
set
1 sets a bit and 0 conserves a bit
To test if ECX = 0, we can do: OR ecx,ecx since this does not change
the value in ECX and set ZF=1 if and only if ECX=0
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
5
Logic Instructions - Example
 To convert from upper case letter to lower case we can
use the usual method:
ADD dl,20h
 But 20h = 0010 0000b and bit #5 is always 0 for
characters from ‘A’ (41h) to ‘Z’ (5Ah).
Uppercase (41h-5Ah) A-Z
Lowercase (61h-Ah) a-z
0 1 0 0 XXXX
0 1 0 1 XXXX
0 1 1 0 XXXX
0 1 1 1 XXXX
 Hence, adding 20h gives the same result as setting this
bit #5 to 1. Thus:
OR dl,20h ; converts from upper to lower case
AND dl,0DFh ; converts from lower to upper case
 since DFh = 1101 1111b
6
Logic Instructions
XOR Instruction
• Performs a Boolean exclusive-OR operation between
each pair of matching bits in two operands
• Syntax:
XOR destination, source
XOR
00111011
XOR 0 0 0 0 1 1 1 1
unchanged
00110100
inverted
1 inverts a bit and 0 conserves a bit
XOR is a useful way to toggle (invert) the bits in an operand.
When initializing a register to 0 do
use XOR ax,ax instead of MOV ax,0 [compilers prefer this method]
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
7
Logic Instructions
NOT Instruction
• Performs a Boolean NOT operation on a single
destination operand
• Syntax:
NOT
NOT destination
NOT
00111011
11000100
inverted
Equivalent to: XOR destination, FFFF…FFFFh
Skip to Page 13
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
8
Bit-Mapped Sets
• Binary bits indicate set membership
• Efficient use of storage
• Also known as bit vectors
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
9
Bit-Mapped Set Operations
• Set Complement
mov eax,SetX
not eax
• Set Intersection
mov eax,setX
and eax,setY
• Set Union
mov eax,setX
or eax,setY
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
10
Applications
(1 of 3)
• Task: Jump to a label if an integer is even.
• Solution: AND the lowest bit with a 1. If the result is Zero,
the number was even.
mov ax,wordVal
and ax,1
jz EvenValue
; low bit set?
; jump if Zero flag set
JZ (jump if Zero) is covered in Section 6.3.
Your turn: Write code that jumps to a label if an integer is
negative.
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
11
Applications
(2 of 3)
• Task: Jump to a label if the value in AL is not zero.
• Solution: OR the byte with itself, then use the JNZ (jump
if not zero) instruction.
or al,al
jnz IsNotZero
; jump if not zero
ORing any number with itself does not change its value.
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
12
Logic Instructions
TEST Instruction
• Performs a nondestructive AND operation between each pair of
matching bits in two operands
• No operands are modified, but the Zero flag is affected.
• Example: jump to a label if either bit 0 or bit 1 in AL is set.
test al,00000011b
jnz ValueFound
• Example: jump to a label if neither bit 0 nor bit 1 in AL is set.
test al,00000011b
jz
ValueNotFound
• TEST is similar to CMP but for logic operation.
Skip to Page 19
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
13
Applications
(3 of 3)
• Task: Jump to label L1 if bits 0, 1, and 3 in AL are all set.
• Solution: Clear all bits except bits 0, 1,and 3. Then
compare the result with 00001011 binary.
and al,00001011b
cmp al,00001011b
je L1
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
; clear unwanted bits
; check remaining bits
; all set? jump to L1
14
Your turn . . .
• Write code that jumps to label L1 if either bit 4, 5, or 6
is set in the BL register.
• Write code that jumps to label L1 if bits 4, 5, and 6
are all set in the BL register.
• Write code that jumps to label L2 if AL has even
parity.
• Write code that jumps to label L3 if EAX is negative.
• Write code that jumps to label L4 if the expression
(EBX – ECX) is greater than zero.
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
15
Encrypting a String
The following loop uses the XOR instruction to transform every
character in a string into a new value.
KEY = 239
; can be any byte value
BUFMAX = 128
.data
buffer BYTE BUFMAX+1 DUP(0)
bufSize DWORD BUFMAX
.code
mov ecx,bufSize
mov esi,0
L1:
xor buffer[esi],KEY
inc esi
loop L1
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
; loop counter
; index 0 in buffer
; translate a byte
; point to next byte
16
String Encryption Program
• Tasks:
•
•
•
•
•
Input a message (string) from the user
Encrypt the message
Display the encrypted message
Decrypt the message
Display the decrypted message
View the Encrypt.asm program's source code. Sample output:
Enter the plain text: Attack at dawn.
Cipher text: «¢¢Äîä-Ä¢-ïÄÿü-Gs
Decrypted: Attack at dawn.
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
17
BT (Bit Test) Instruction
• Copies bit n from an operand into the Carry flag
• Syntax: BT bitBase, n
• bitBase may be r/m16 or r/m32
• n may be r16, r32, or imm8
• Example: jump to label L1 if bit 9 is set in the AX
register:
bt AX,9
jc L1
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
; CF = bit 9
; jump if Carry
18
Exercise 1
 Use only one instruction among AND, OR, XOR, and
TEST to do the following task:
 (A) Convert the ASCII code of a decimal digit ('0‘ to '9‘)
contained in AL to its numerical value.
 (B) Fix to 1 the odd numbered bits in EAX (ie: the bits
numbered 1, 3, 5…) without changing the even numbered
bits.
 (C) Clear to 0 the most significant bit and the least
significant bit of BH without changing the other bits.
 (D) Inverse the least significant bit of EBX without
changing the other bits.
19
Logical Shift
• A logical shift fills the newly created bit position with
zero:
0
CF
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
20
SHL Instruction
• The SHL (shift left) instruction performs a logical left
shift on the destination operand, filling the lowest bit
with 0.
• Operand types for SHL:
SHL reg,imm8
SHL mem,imm8
SHL reg,CL
SHL mem,CL
•
(Same for all shift and
rotate instructions)
CF always contains the last bit shifted out, when shifting multiple times.
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
21
Fast Multiplication
Shifting left 1 bit multiplies a number by 2
mov dl,5
shl dl,1
Before:
00000101
=5
After:
00001010
= 10
Shifting left n bits multiplies the operand by 2n
For example, 5 * 22 = 20
mov dl,5
shl dl,2
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
; DL = 20
22
Fast Multiplication
 Each left shift multiplies by 2 the operand for both
signed and unsigned interpretations. Ex:
mov
mov
shl
shl
ax,
bx,
ax,
bx,
4
-1
2
3
;AX
;BX
;AX
;BX
=
=
=
=
0004h
FFFFh
0010h = 16
FFF8h = -8
 Multiplication by shifting is very fast. Try to factor your
multiplier into powers of 2:
 BX * 36 = BX * (32 + 4) = BX*32 + BX*4
 So add (BX shifted by 5) to (BX shifted by 2)
23
Binary Multiplication
• mutiply 123 * 36
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
24
Binary Multiplication
• We already know that SHL performs unsigned
multiplication efficiently when the multiplier is a power
of 2.
• You can factor any binary number into powers of 2.
• For example, to multiply EAX * 36, factor 36 into 32 + 4
and use the distributive property of multiplication to
carry out the operation:
EAX * 36
= EAX * (32 + 4)
= (EAX * 32)+(EAX * 4)
mov
mov
shl
shl
add
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
eax,123
ebx,eax
eax,5
ebx,2
eax,ebx
; mult by 25
; mult by 22
25
Your turn . . .
Multiply AX by 26, using shifting and addition instructions.
Hint: 26 = 16 + 8 + 2.
mov ax,2
mov dx,ax
shl dx,4
push edx
mov dx,ax
shl dx,3
shl ax,1
add ax,dx
pop edx
add ax,dx
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
; test value
; AX * 16
; save for later
;
;
;
;
;
AX * 8
AX * 2
AX * 10
recall AX * 16
AX * 26
26
SHR Instruction
• The SHR (shift right) instruction performs a logical
right shift on the destination operand. The highest bit
position is filled with a zero.
0
CF
Shifting right n bits divides the operand by 2n
mov dl,80
shr dl,1
shr dl,2
mov bh,13
shr bh,2
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
; DL = 40
; DL = 10
; BH = 0000 1101b = 13
; BH = 0000 0011b = 3, (div by 4), CF=0
(the remainder of the division is lost) 27
Arithmetic Shift
• An arithmetic shift fills the newly created bit position
with a copy of the number’s sign bit:
CF
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
28
SAL and SAR Instructions
• SAL (shift arithmetic left) is identical to SHL.
• SAR (shift arithmetic right) performs a right arithmetic
shift on the destination operand.
CF
An arithmetic shift preserves the number's sign.
mov dl,-80
sar dl,1
sar dl,2
; DL = -40
; DL = -10
CF reflects the action of the last rotate
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
29
Arithmetic Shift SAR
 Is needed to divide the signed value by 2:
SAR dest, CL ;value of CL = number of shifts
SAR dest, imm8
 the msb of dest is filled with its previous value (so the sign is
preserved)
 the lsb of dest is moved into CF
mov ah, -15
sar ah, 1
;AH = 1111 0001b
;AH = 1111 1000b = -8
 the result is rounded to the smallest integer
(-8 instead of -7…)
 in contrast:
30
shr ah, 1 ;gives ah = 0111 1000b = 78h
Your turn . . .
Indicate the hexadecimal value of AL after each shift:
mov
shr
shl
mov
sar
sar
al,6Bh
al,1
al,3
al,8Ch
al,1
al,3
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
a. 35h
b. A8h
c. C6h
d. F8h
31
ROL Instruction
• ROL (rotate) shifts each bit to the left
• The highest bit is copied into both the Carry flag
and into the lowest bit
• No bits are lost
CF
mov al,11110000b
rol al,1
; AL = 11100001b
mov dl,3Fh
rol dl,4
; DL = F3h
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
32
ROR Instruction
• ROR (rotate right) shifts each bit to the right
• The lowest bit is copied into both the Carry flag and
into the highest bit
• No bits are lost
CF
mov al,11110000b
ror al,1
; AL = 01111000b
mov dl,3Fh
ror dl,4
; DL = F3h
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
33
Examples of ROL
34
mov
rol
rol
rol
ah,40h
ah,1
ah,1
ah,1
;ah
;ah
;ah
;ah
mov
rol
rol
rol
ax,1234h
ax,4 ;ax
ax,4 ;ax
ax,4 ;ax
=
=
=
=
0100
1000
0000
0000
0000b
0000b, CF = 0
0001b, CF = 1
0010b, CF = 0
;ax = 0001 0010 0011 0100b
= 2341h
= 3412h
= 4123h
Your turn . . .
Indicate the hexadecimal value of AL after each rotation:
mov al,6Bh
ror al,1
rol al,3
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
a. B5h
b. ADh
35
RCL Instruction
• RCL (rotate with carry left) shifts each bit to the left
• Copies the Carry flag to the least significant bit
• Copies the most significant bit to the Carry flag
CF
clc
mov bl,88h
rcl bl,1
rcl bl,1
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
;
;
;
;
CF = 0
CF,BL = 0 10001000b
CF,BL = 1 00010000b
CF,BL = 0 00100001b
36
RCR Instruction
• RCR (rotate with carry right) shifts each bit to the right
• Copies the Carry flag to the most significant bit
• Copies the least significant bit to the Carry flag
CF
stc
mov ah,10h
rcr ah,1
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
; CF = 1
; CF,AH = 1 00010000b
; CF,AH = 0 10001000b
37
Ex: inverting the content of AL*
 Ex: whenever AL = 1 1 0 0 0 0 0 1b we want to have
AL = 1 0 0 0 0 0 1 1b
mov ecx, 8
start:
shl al, 1
rcr bl, 1
loop start
mov al, bl
Skip to Page 48
38
;number of bits to rotate
;CF = msb of AL
;push CF into msb of BL
;repeat for 8 bits
;store result into AL
Exercise 2
 Give the binary content of AX immediately after the
execution of the each instruction below (Consider that
AX = 1011 0011 1100 1010b before each of these
instructions):
 (A) SHL AL,2 ; AX =
 (B) SAR AH,2 ; AX =
 (C) ROR AX,4 ; AX =
 (D) ROL AX,3 ; AX =
39
 (E) SHL AL,8 ; AX =
Your turn . . .
Indicate the hexadecimal value of AL after each rotation:
stc
mov al,6Bh
rcr al,1
rcl al,3
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
a. B5h
b. AEh
40
SHLD Instruction
• Shifts a destination operand a given number of bits to
the left
• The bit positions opened up by the shift are filled by
the most significant bits of the source operand
• The source operand is not affected
• Syntax:
SHLD destination, source, count
• Operand types:
SHLD reg16/32, reg16/32, imm8/CL
SHLD mem16/32, reg16/32, imm8/CL
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
41
SHLD Example
Shift count of 1:
mov al,11100000b
mov bl,10011101b
shld al,bl,1
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
42
Another SHLD Example
Shift wval 4 bits to the left and replace its lowest 4 bits with
the high 4 bits of AX:
.data
wval WORD 9BA6h
.code
mov ax,0AC36h
shld wval,ax,4
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
wval
AX
Before:
9BA6
AC36
After:
BA6A
AC36
43
SHRD Instruction
• Shifts a destination operand a given number of bits to
the right
• The bit positions opened up by the shift are filled by
the least significant bits of the source operand
• The source operand is not affected
• Syntax:
SHRD destination, source, count
• Operand types:
SHRD reg16/32, reg16/32, imm8/CL
SHRD mem16/32, reg16/32, imm8/CL
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
44
SHRD Example
Shift count of 1:
mov al,11000001b
mov bl,00011101b
shrd al,bl,1
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
45
Another SHRD Example
Shift AX 4 bits to the right and replace its highest 4 bits with
the low 4 bits of DX:
mov ax,234Bh
mov dx,7654h
shrd ax,dx,4
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
DX
AX
Before:
7654
234B
After:
7654
4234
46
Your turn . . .
Indicate the hexadecimal values of each destination
operand:
mov
mov
shld
shrd
ax,7C36h
dx,9FA6h
dx,ax,4
dx,ax,8
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
; DX = FA67h
; DX = 36FAh
47
Application: Binary Output
 To display the binary number in EBX:
MOV ECX,32 ; count 32 binary chars
START:
ROL EBX,1
; CF gets msb
JC ONE
; if CF =1
MOV AL, ’0’
JMP DISP
ONE:
MOV AL,’1’
DISP:
CALL WriteChar
LOOP START
48
Displaying Binary Bits
Algorithm: Shift MSB into the Carry flag; If CF = 1, append a "1"
character to a string; otherwise, append a "0" character. Repeat
in a loop, 32 times.
.data
buffer BYTE 32 DUP(0),0
.code
mov ecx,32
mov esi,OFFSET buffer
L1: shl eax,1
mov BYTE PTR [esi],'0'
jnc L2
mov BYTE PTR [esi],'1'
L2: inc esi
loop L1
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
49
Application: Binary Input
 To load EAX with the numerical value of a binary string (ex:
101100101...) entered at the keyboard:
xor ebx, ebx ;clear ebx to hold entry
next:
call ReadChar
cmp al, 0Dh ;end of input line reached?
je exit
;yes, then exit
and al, 0Fh ;no, convert to binary value
shl ebx, 1
;make room for new value
or bl, al ;put value in ls bit
jmp next
exit:
mov eax,ebx ;eax holds binary value
 In AL we have either 30h or 31h (ASCII code of ‘0’ and ‘1’)
 Hence, AND AL,0Fh converts AL to either 0h or 1h
 Hence, OR BL,AL possibly changes only the lsb of BL
50
Algorithm for Hex Output
 To display the content of EBX in hexadecimal
Repeat 8 times
{
ROL EBX, 4
;the ms 4bits goes into ls 4bits
MOV DL, BL
AND DL, 0Fh ;DL contains num value of 4bits
If
DL < 10 then convert to ‘0’..’9’
else convert to ‘A’..’F’
}
end Repeat
 The complete ASM coding is left to the reader 
51
Algorithm for Hex Input
 To load EAX with the numerical value of the hexadecimal
string entered at the keyboard:
XOR EBX, EBX ;EBX will hold result
While (input char != <CR>) DO
{
convert char into numerical value
left shift EBX by 4 bits
insert value into lower 4 bits of EBX
}
end while
MOV EAX,EBX
 The complete ASM coding is left to the reader 
Skip to Page 55
52
Shifting Multiple Doublewords
• Programs sometimes need to shift all bits within an
array, as one might when moving a bitmapped
graphic image from one screen location to another.
• The following shifts an array of 3 doublewords 1 bit to
the right (view complete source code):
.data
ArraySize = 3
array DWORD ArraySize DUP(99999999h)
; 1001 1001...
.code
mov esi,0
shr array[esi + 8],1
; high dword
rcr array[esi + 4],1
; middle dword, include Carry
rcr array[esi],1
; low dword, include Carry
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
53
Isolating a Bit String
• The MS-DOS file date field packs the year, month,
and day into 16 bits:
DH
DL
0 0 1 0 0 1 1 0
Field:
Bit numbers:
Year
9-15
0 1 1 0 1 0 1 0
Month
5-8
Day
0-4
Isolate the Month field:
mov
shr
and
mov
ax,dx
ax,5
al,00001111b
month,al
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
;
;
;
;
make a copy of DX
shift right 5 bits
clear bits 4-7
save in month variable
54
4C 6F 70 70 75 75 6E
Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.
55