# Lecture Note 6. IA Assembly Programming

October 12, 2020 Jongmoo Choi Dept. of Software Dankook University

http://embedded.dankook.ac.kr/~choijm

(Copyright © 2020 by Jongmoo Choi, All Rights Reserved. Distribution requires permission)

DANKOOK UNIVERSI

## **Objectives**

- Understand various viewpoints about CPU
- Apprehend the concept of ISA (Instruction Set Architecture)
  - ✓ Learn the IA Register model
  - ✓ Learn the IA Memory model
  - ✓ Learn the IA Program model
- Make a program with IA assembly language
- Refer to Chapter 3 in the CSAPP and Intel SW Developer



## Introduction (1/2)

#### Summarizing what we have learnt

- ✓ Program development: compile, linking, ELF, ...
- ✓ Program execution: task (text, data, stack), load, fetch, ...
  - text: consists of machine instructions



# Introduction (2/2)

### Assembly language

- ✓ Language hierarchy
  - locate between high-level language and machine language
  - Symbolic (mnemonic) representation of machine language
    - · One-to-one mapping, CPU dependent (Not easy)
- ✓ Application field
  - Hardware control: system initialization, device driver, interrupt handler, embedded systems, IoT, ECU, CPS, Wearable computer, ...
  - Vulnerability test (Virus identification, IDS)
  - Optimization
  - SW copyright protection, SW similarity analysis, ...
- ✓ Importance
  - Making a program, debugging, analyzing binary
  - Understand the behavior of hardware (especially CPU)
  - Grape the mechanism how hardware and software are cooperated (hardware software co-design)



# CPU (1/5)

• What is a Processor?





# CPU (2/5)

## Various Viewpoints of Processor

✓ 1. Transistor + Gate + Logic + Clock





2. ALU (Arithmetic Logic Unit) + Registers + CU (Control Unit) + BUS



Figure 1.6 MU0 register transfer level organization.

#### (Source: MU0 in Appendix 1)

- ✓ 3. Instruction Set Architecture (CISC, RISC, VLIW, EPIC, ...)
- ✓ 4. Performance Characteristics (Pipeline, Superscalar, Cache, ...)



Instruction Set Architecture: Register + Instructions





# CPU (4/5)

Performance Characteristics: Pipeline, Superscalar, Cache



- ✓ For efficient pipeline
  - Similar latency of instructions (not complex) •
  - Conflict between L fetch and D, fetch •
  - Branch prediction, Out-of order executions ٠
  - L1, L2 cache ...

Details will be discussed in LN 7



•Res: Results write

# CPU (5/5)

Performance Characteristics: Pipeline, Superscalar, Cache



(Source: Intel SW Developer's Manual, Volume 1: Basic Architecture)



## Register Model (1/3)

#### Register definition

- ✓ A small amount of memory available in a CPU
- Can be accessed quickly, compared with main memory

### IA registers



Figure 3-4. General System and Application Programming Registers

#### (Source: Intel SW Developer's Manual, Volume 1: Basic Architecture)



## Register Model (2/3)

- Functionality of each register
  - ✓ Segment register
    - CS(code segment): the base location of all executable instructions
    - DS(data segment): the base location for variables
    - SS(stack segment): the base location of the stack
    - ES(extra segment): an additional base location for variables
  - ✓ General purpose register
    - EAX (accumulator): for arithmetic operation (operand and result data)
    - EBX (base): pointer to data in the DS segment
    - ECX (counter): counter for loop and string operations
    - EDX (data): I/O pointer, a special role in multiply and divide operations
    - ESP (stack pointer): pointer to the top of the stack
    - EBP (base pointer): used as base for accessing variables on the stack (base for stack frame)
    - ESI (source index): source pointer for string operations
    - EDI (destination index): destination pointer for string operations
    - Having its specialty, but commonly being used for general purpose
  - EIP (instruction pointer): role of PC(Program counter)
  - EFLAGS: Control and Status Register rax, rbx, rip, ... for Intel 64



## Register Model (3/3)

## Details of EFLAGS register

✓ Set of control and status Flags



Figure 3-8. EFLAGS Register

**Refer to the IA-32 Basic Architecture, Chapter 3.4.3 for the role of each bit** 

Intel CPU has several additional registers such as CR0, CR2, CR3, IDTR, GDTR, debugging registers, FPU registers, and MMX registers. (see LN\_chapter 7)

## Quiz for 9<sup>th</sup>-Week 1<sup>st</sup>-Lesson

## Quiz

- 1. There are various viewpoints regarding CPU. What is the ISA? Explain three components of ISA.
- ✓ 2. There are 8 GP registers in 32-bit Intel CPU. It increases 16 in 64bit Intel CPU. Discuss the merit and demerit of larger registers.
- ✓ Due: until 6 PM Friday of this week (30<sup>th</sup>, October)



(Source: http://melonicedlatte.com/computerarchitecture/2019/01/30/192433.html)



## Memory Model (1/6)



## Memory Model (2/6)

#### Paging and Segmentation in detail

- ✓ Segmentation: variable size
  - Address translation: base address + offset, using segment table (segment descriptor table)
- ✓ Paging: fixed size
  - page start address (PT + index) + offset, using page table (commonly multi-level tables)



Figure 3-1. Segmentation and Paging

Some CPUs make use of paging only or segmentation only



## Memory Model (3/6)



## Memory Model (4/6)

Revisit

- $\checkmark\,$  Process structure in LN 4 vs. After fork in LN 5
- Virtual memory vs. Using Segmentation



## Memory Model (Optional) (5/6)

Segmentation on IA

real address model

- Real Address Model: 8086 compatible, support 1MB (seg.<<4+offset)</li>
- Flat Model: protected mode with segment descriptor
- Segmented Model: protected mode with segment descriptor table





segmented model



# Memory Model (Optional) (6/6)

## Paging on IA

- Usually make use of multi-level structure
  - 32 bit: 2-level paging
    - · Page directory, page table
  - 64 bit: 4-level paging
    - PML4, page directory pointer, page directory, page table



Table

22 21

10

> PTE

Directory

31

Page Directory

PDE with PS=0

CR3

10

32



Figure 4-2. Linear-Address Translation to a 4-KByte Page using 32-Bit Paging

Figure 4-8. Linear-Address Translation to a 4-KByte Page using IA-32e Paging

(Source: Intel SW Developer's Manual, Volume 1: Basic Architecture)

The basic concept of address mapping is similar to the indexing in the index



64 bit CPU

## Instruction Model (1/2)

#### Instruction format 2 3 4 5 7 Hex digit 0 1 6 Decimal value 2 3 5 0 1 4 6 7 Binary value 0000 0001 0010 0011 0100 0101 0110 0111 0x8049388, %eax here: mov 9 B D E F 8 A C Hex digit Decimal value 8 9 10 11 12 13 14 15 addl 0x8049384, %eax 1010 1100 Binary value 1000 1001 1011 1101 1110 1111 movl %eax, 0x804946c Figure 2.2 Hexadecimal notation. Each Hex digit encodes one of 16 values. (Source: CSAPP) 1.3.2.1 Instruction Operands When instructions are represented symbolically, a subset of the IA-32 assembly language is used. In this subset, an instruction has the following format: label: mnemonic argument1, argument2, argument3 where: A label is an identifier which is followed by a colon. A mnemonic is a reserved name for a class of instruction opcodes which have the same function. The operands argument1, argument2, and argument3 are optional. There may be from zero to three operands, depending on the opcode. When present, they take the form of either literals or identifiers for data items. Operand identifiers are either reserved names of registers or are assumed to be assigned to data items declared in another part of the program (which may not be shown in the example). (Source: Intel SW Developer's Manual, Volume 1: Basic Architecture)

## Instruction Model (2/2)

- Opcode summary
  - ✓ General Purpose
    - Data Transfer Instruction: MOV, CMOVNZ, XCHG, PUSH, POP
    - Arithmetic Instruction: ADD, SUB, MUL, DIV, DEC, INC, CMP
    - Logical Instruction: AND, OR, XOR, NOT
    - Shift and Rotate Instruction: SHR, SHL, SAR, SAL, ROR, ROL
    - Bit and Byte Instruction: BT, BTS, BTC
    - Control Transfer Instruction: JMP, JE, JZ, JNE, LOOP
    - Function related Instruction: CALL, RET, LEAVE
    - String Instruction: MOVS, CMPS, LODS
    - Flag Control Instruction: STC, CLC, STD, CLD, STI, CLI
    - Segment Register Instruction: LDS, LES
    - Miscellaneous: INT, NOP, CPUID
  - ✓ Special Purpose
    - FPU Instruction: FLD, FST, FADD, FSUB, FCOM
    - SIMD Instruction (MMX) : MOVD, MOVQ, PADD, PSUB
    - SSE Instruction: MOVSS, ADDSS
    - System Instruction: LGDT, SGDT, LIDT, ...



## Instruction Detail: Component (1/11)

#### Data Transfer Instruction

- ✓ Edit move\_exam.c and create assembly program using gcc –S
  - Using gcc version 3.4.6 (Since the obfuscation techniques employed in higher gcc version make learning rather complex)



## Instruction Detail: Component (2/11)

#### Data Transfer Instruction (cont')



## Instruction Detail: Component (3/11)

### AT&T vs. Intel (cf. Microsoft ASM)



## Quiz for 9th-Week 2nd-Lesson

## Quiz

- ✓ 1. Explain the three components of an IA instruction format.
- 2. There are various optimization options in gcc such as "O0, O2, O3 and Os". What if we create an assembly program using O3 when we create the move\_exam.s in slide 22?
- Bonus. What if we create an assembly program using O3 when we declare the a, b, c as local variables?
- ✓ Due: until 6 PM Friday of this week (30<sup>th</sup>, October)

| Workflow       | CPU time per event |      |     | choijr<br>Choijr<br>Readir<br>Config                     |
|----------------|--------------------|------|-----|----------------------------------------------------------|
|                | -O2 (default)      | -Os  | -03 | efix=/<br>-enabl<br>rogram<br>cxx-de<br>Thread<br>gcc ve |
| Simulation     | 156                | 171  | 140 | choijm<br>choijm<br>choijm<br>/* Dat<br>#inclu           |
| Digitization   | 22                 | 25   | 20  | int a<br>int c;<br>int ma                                |
| Trigger        | 7.9                | 11.2 | 7.6 | ť                                                        |
| Reconstruction | 10.0               | 11.4 | 9.4 | }                                                        |

noijm@embedded: ~/Syspro/chap6 × m@embedded:~/Syspro/chap6\$ gcc -v ng specs from /usr/lib/gcc/i486-linux-gnu/3.4.6/specs gured with: ../src/configure -v --enable-languages=c,c++,f /usr --libexecdir=/usr/lib --with-gxx-include-dir=/usr/inc le-shared --with-system-zlib --enable-nls --without-includ m-suffix=-3.4 --enable-\_\_cxa\_atexit --enable-clocale=gnu lebug --with-tune=i686 i486-linux-gnu ad model: posix version 3.4.6 (Debian 3.4.6-5) m@embedded:~/Syspro/chap6\$ m@embedded:~/Syspro/chap6\$ vi move\_exam.c jm@embedded:~/Syspro/chap6\$ more move\_exam.c ta transfer example by J. Choi, choijm@dankook.ac.kr \*/ lude <stdio.h> = 20, b = 30;... nain() a = 2; b = a;c = a + b;printf("c =  $d\n$ ", c); m@embedded:~/Syspro/chap6\$ gcc -S -mpush-args -mno-accumul ate-outgoing-args move exam.c choijm@embedded:~/Syspro/chap6\$ choijm@embedded:~/Syspro/chap6\$

## Instruction Detail: Component (4/11)

#### Arithmetic Instruction



## Instruction Detail: Component (5/11)

Control Transfer Instruction: if



switch statement: extension of "if else" statement



## Instruction Detail: Component (6/11)

## Control Transfer Instruction: for



## Instruction Detail: Component (7/11)

- Function-related Instruction: stack revisit
  - ✓ Stack operation: push and pop
  - ✓ Stack management: bottom and top (SS and esp)





#### (Source: CSAPP)



## Instruction Detail: Component (8/11)

#### Function-related Instruction: before function call



## Instruction Detail: Component (9/11)

#### Function-related Instruction: in function



## Instruction Detail: Component (10/11)

#### Function-related Instruction: after function



## Instruction Detail: Component (11/11)

#### Function-related Instruction: stack frame illustration





## **Revisit Stack Destroy in LN4**

#### Stack example 2

```
/* stack_destroy.c: 스택 구조 분석 2, 9월 19일, choijm@dku.edu */
#include <stdio.h>
void f1() {
  int i;
  printf("In func1\n");
}
void f2() {
  int j, *ptr;
  printf("f2 local: \t%p, \t%p\n", &j, &ptr);
  printf("In func2 \n");
  ptr = &j;
  *(ptr+2) = f1;
}
void f3() {
  printf("Before invoke f2()\n");
  f2();
  printf("After invoke f2()\n");
}
main() {
  f3();
                                                          34
```



## Quiz for 10<sup>th</sup>-Week 1<sup>st</sup>-Lesson

## Quiz

- 1. Explain two ways how the C statement "d = b \* 7" is translated into assembly language.
- 2. Describe how arguments and local variables are accessed in CPU.
- ✓ Due: until 6 PM Friday of this week (6<sup>th</sup>, November)





## **Revisit CSAPP**

#### Assembly code example from CSAPP

#### 3.2.2 Code Examples

Suppose we write a C code file code. c containing the following procedure definition:

```
int accum = 0;
int sum(int x, int y)
{
    int t = x + y;
    accum += t;
    return t;
}
```

To see the assembly code generated by the C compiler, we can use the "-S" option on the command line:

```
unix> gcc -O1 -S code.c
```

This will cause GCC to run the compiler, generating an assembly file code.s, and go no further. (Normally it would then invoke the assembler to generate an object-code file.)

The assembly-code file contains various declarations including the set of lines:

#### sum:

| pushl | %ebp           |
|-------|----------------|
| movl  | %esp, %ebp     |
| movl  | 12(%ebp), %eax |
| addl  | 8(%ebp), %eax  |
| addl  | %eax, accum    |
| popl  | %ebp           |
| ret   |                |

| Instruction |          | Synonym | Jump condition   | Description                  |  |
|-------------|----------|---------|------------------|------------------------------|--|
| jmp         | Label    |         | 1                | Direct jump                  |  |
| jmp         | *Operand |         | 1                | Indirect jump                |  |
| je          | Label    | jz      | ZF               | Equal / zero                 |  |
| jne         | Label    | jnz     | -ZF              | Not equal / not zero         |  |
| ja          | Label    |         | SF               | Negative                     |  |
| jna         | Label    |         | -SF              | Nonnegative                  |  |
| jg          | Label    | jnle    | -(SF ^ OF) & ~ZF | Greater (signed >)           |  |
| jge         | Label    | jnl     | -(SF ^ OF)       | Greater or equal (signed >=) |  |
| j1          | Label    | jnge    | SF ^ OF          | Less (signed <)              |  |
| jle         | Label    | jng     | (SF ^ OF)   ZF   | Less or equal (signed <=)    |  |
| ja          | Label    | jnbe    | -CF&-ZF          | Above (unsigned >)           |  |
| jae         | Label    | jnb     | -CF              | Above or equal (unsigned >=) |  |
| jb          | Label    | jnae    | CF               | Below (unsigned <)           |  |
| jbe         | Label    | jna     | CF   ZF          | Below or equal (unsigned <=) |  |

Figure 3.12 The Jump Instructions. These instructions jump to a labeled destination when the jump condition holds. Some instructions have "synonyms," alternate names for the same machine instruction.

#### Practice Problem 3.20

For the C code

```
int dw_loop(int x, int y, int n) {
    do {
        x += n;
        y *= n;
        n--;
        ywhile ((n > 0) && (y < n));
        return x;
        }
</pre>
```

GCC generates the following assembly code:

|       | z at %ebp+6 | 3. y at %ebp+12. n at %ebp+16 |
|-------|-------------|-------------------------------|
| 1     | movl        | 8(%ebp), %eax                 |
| -2    | movl        | 12(%ebp), %ecx                |
| 3     | movl        | 16(%ebp), %edx                |
| 4     | .L2:        |                               |
| 5 6 7 | add1        | %edx. %eax                    |
| 6     | imull.      | %edx, %ecx                    |
| 7     | subl        | \$1, %edx                     |
| 8     | test1       | %edx, %edx                    |
| 9     | jle         | .L5                           |
| 10    | cmp1        | %edx, %ecx                    |
| 11    | j1          | .L2                           |
| 12    | .L5:        |                               |

A. Make a table of register usage, similar to the one shown in Figure 3.14(b).

#### See Chapter 3 in CSAPP for more examples



## Instruction Detail: Make a Program (1/6)

### Practice1: function example

result = asm\_sum(final\_number), written by assembly language



## Instruction Detail: Make a Program (2/6)

#### Execution results of Practice 1



### Instruction Detail: Make a Program (3/6)

Practice 2: Standalone assembly program



## Instruction Detail: Make a Program (4/6)

### directive

- Meta-statements (pseudo-instruction)
- Used for giving information to assembler (affect how the assembler operates. not directly executed on CPU)
- ✓ Begin with . (period)
- Representative directive
  - .file, .include
  - .text, .data, .comm, .section
  - .long, .byte,. string, .ascii, .float, .quad
  - .global, .align, .size
  - .set, .equal, .rept, .space
  - .macro, .endm
  - .if, .else, .endif
  - .cfi\_startproc, .cfi\_endproc for debugging
  - ...

refer to "GNU assembler" in the lecture site or "info as" on the Linux shell



## Instruction Detail: Make a Program (5/6)

### Software Interrupt

✓ write() system call

| /* 어셈블리 0<br>/* 11월 3일,<br>.data<br>W_buf:<br>.string '<br>W_size:<br>.long 12<br>P_arg:<br>.string '<br>.text<br>.global main<br>main: | nost:~/syspro_examples<br>예제 : Software int<br>choijm@dku.edu */<br>'Hello world\n"<br>'Result = %d\n" | errupt */                                                                    | <pre>choijm@localhost:~/syspro_examples/chap6<br/>[choijm@localhost chap6]\$<br/>[choijm@localhost chap6]\$ Is asm_swint.s<br/>asm_swint.s<br/>[choijm@localhost chap6]\$<br/>[choijm@localhost chap6]\$ gcc asm_swint.s<br/>[choijm@localhost chap6]\$<br/>[choijm@localhost chap6]\$ ./a.out<br/>Hello world<br/>Result = 12<br/>[choijm@localhost chap6]\$<br/>[choijm@localhost chap6]\$</pre> |  |  |  |  |  |  |
|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|--|--|
| pushl<br>movl                                                                                                                           | %ebp<br>%esp, %ebp                                                                                     |                                                                              |                                                                                                                                                                                                                                                                                                                                                                                                    |  |  |  |  |  |  |
| movi<br>movi<br>movi                                                                                                                    | \$1, %ebx<br>\$W_buf, %ecx<br>W_size, %edx                                                             | # syscall 첫번째 인자<br># syscall 두번 <u>째 인자</u><br># sysca <del>ll</del> 제번째 인자 | system call arguments                                                                                                                                                                                                                                                                                                                                                                              |  |  |  |  |  |  |
| movi<br>int                                                                                                                             | \$4, %eax<br>\$0x <del>80</del>                                                                        | # sysca <u>ll numb</u> er                                                    |                                                                                                                                                                                                                                                                                                                                                                                                    |  |  |  |  |  |  |
| pushl<br>pushl<br>call<br>addl                                                                                                          | %eax<br>\$P_arg<br>printf<br>\$8, %esp                                                                 |                                                                              | system call index                                                                                                                                                                                                                                                                                                                                                                                  |  |  |  |  |  |  |
| leave<br>re <mark>t</mark>                                                                                                              |                                                                                                        |                                                                              | IDT table index                                                                                                                                                                                                                                                                                                                                                                                    |  |  |  |  |  |  |
| ~                                                                                                                                       | '[바뀜] 31 줄1                                                                                            | 00%                                                                          | 31,7 모두 <b>- SYSPROG</b>                                                                                                                                                                                                                                                                                                                                                                           |  |  |  |  |  |  |

# Instruction Detail: Make a Program (6/6)

- Software Interrupt (cont')
  - Interrupt and system call handling





# Summary

- Understand ISA
- Know about IA register, memory, and instruction model
- Learn the format of IA instruction
  - ✓ label, opcode, operands, comments
- Learn the types of IA opcode
  - ✓ mov, add, cmp, jmp, push, call, ret, int, ...
- Homework 5: Make an assembly program
  - ✓ Requirements
    - print out the prime number from 1 to 100 (using loop -> 28 page)
    - using a function (36 page)
    - shows student's ID and date (using whoami and date)
    - Make a report that includes a snapshot and discussion.
      - 1) Upload the report to the e-Campus (pdf format!!, 30<sup>th</sup> October)
      - 2) Send the report and source code to TA (이성현: wwbabaww@gmail.com)
  - ✓ Warn: DO NOT utilize "gcc –S option" (easily detected)



### Quiz for 10<sup>th</sup>-Week 2<sup>nd</sup>-Lesson

### Quiz

- ✓ 1. What is the make utility in Linux? What is the role of a Makefile?
- 2. Discuss the differences between function call and system call at an assembly language viewpoint (at least three).
- ✓ Due: until 6 PM Friday of this week (6<sup>th</sup>, November)



(System call and function call at the abstract viewpoint Source: https://pediaa.com/what-is-the-difference-between-system-call-and-function-call/)



- Simple CPU from Manchester University
- Architecture
  - ✓ Register set
    - PC : program counter
    - ACC : accumulator
    - IR : Instruction Register
  - ✓ ALU : Arithmetic-Logic Unit
  - CU : Control Unit (instruction decode and control logic)
  - ✓ Memory



Figure 1.5 MU0 datapath example.

(Source: ARM System-on-Chip Architecture, by S. Furber)



### Data Transfer



Figure 1.6 MU0 register transfer level organization.

✓ fetch and execution



### MU0 instruction set

- ✓ 16-bit machine with 12-bit address space
- ✓ 8 instructions (4-bit opcode)
- ✓ 12-bit operand (4096 address space)

| Instruction | Opcode | Effect                     |  |  |  |  |  |  |
|-------------|--------|----------------------------|--|--|--|--|--|--|
| LDA S       | 0000   | ACC := $mem_{16}[S]$       |  |  |  |  |  |  |
| STO S       | 0001   | $mem_{16}[S] := ACC$       |  |  |  |  |  |  |
| ADD S       | 0010   | $ACC := ACC + mem_{16}[S]$ |  |  |  |  |  |  |
| SUB S       | 0011   | $ACC := ACC - mem_{16}[S]$ |  |  |  |  |  |  |
| JMP S       | 0100   | PC := S                    |  |  |  |  |  |  |
| JGE S       | 0101   | if $ACC \ge 0$ PC := S     |  |  |  |  |  |  |
| JNE S       | 0110   | if ACC $\neq 0$ PC := S    |  |  |  |  |  |  |
| STP         | 0111   | stop                       |  |  |  |  |  |  |

| Table 1.1 | The MU0 instruction set. |
|-----------|--------------------------|



### Control Logic

| Inputs     |               |       |       |       |     | Outputs |          |            |     |              |     |                |          |            |       |  |
|------------|---------------|-------|-------|-------|-----|---------|----------|------------|-----|--------------|-----|----------------|----------|------------|-------|--|
| Instructio | Opcode<br>n ↓ | Reset | Ex/ft | t ACC | €15 | Asel    | Bse<br>↓ | el<br>ACCe | PCo | ce A<br>IRce | CCa | oe<br>ALUfs    | MEN<br>↓ | 1rq<br>RnW | Ex/ft |  |
| Reset      | xxxx          | 1     | x     | x     | x   | 0       | 0        | 1          | 1   | 1            | 0   | = 0            | 1        | 1          | 0     |  |
| LDA S      | 0000          | 0     | 0     | x     | x   | 1       | 1        | 1          | 0   | 0            | 0   | $= \mathbf{B}$ | 1        | 1          | 1     |  |
| 2011 5     | 0000          | 0     | 1     | х     | x   | 0       | 0        | 0          | 1   | 1            | 0   | B+1            | 1        | 1          | 0     |  |
| STO S      | 0001          | 0     | 0     | х.    | x   | 1       | x        | 0          | 0   | 0            | 1   | x              | 1        | 0          | 1     |  |
|            | 0001          | 0     | 1     | x     | x   | 0       | 0        | 0          | 1   | 1            | 0   | B+1            | 1        | 1          | 0     |  |
| ADD S      | 0010          | 0     | 0     | x     | x   | 1       | 1        | 1          | 0   | 0            | 0   | A+B            | 1        | 1          | 1     |  |
|            | 0010          | 0     | 1     | х     | x   | 0       | 0        | 0          | 1   | 1            | 0   | B+1            | 1        | 1          | 0     |  |
| SUB S      | 0011          | 0     | 0     | x     | x   | 1       | 1        | 1          | 0   | 0            | 0   | A–B            | 1        | 1          | 1     |  |
|            | 0011          | 0     | 1     | х     | x   | 0       | 0        | 0          | 1   | 1            | 0   | B+1            | 1        | 1          | 0     |  |
| JMP S      | 0100          | 0     | x     | x     | x   | 1       | 0        | 0          | 1   | 1            | 0   | B+1            | 1        | 1          | 0     |  |
| JGE S      | 0101          | 0     | x     | x     | 0   | 1       | 0        | 0          | 1   | 1            | 0   | B+1            | 1        | 1          | 0     |  |
|            | 0101          | 0     | х     | x     | 1   | 0       | 0        | 0          | 1   | 1            | 0   | B+1            | 1        | 1          | 0     |  |
| JNE S      | 0110          | 0     | x     | 0     | x   | 1       | 0        | 0          | 1   | 1            | 0   | <b>B</b> +1    | 1        | 1          | 0     |  |
|            | 0110          | 0     | x     | 1     | x   | 0       | 0        | 0          | 1   | 1            | 0   | B+1            | 1        | 1          | 0     |  |
| STP        | 0111          | 0     | x     | х     | x   | 1       | x        | 0          | 0   | 0            | 0   | x              | - 0      | 1          | 0     |  |

Table 1.2MU0 control logic.

- FSM(Finite State Machine): Execute, Fetch state
  - Initialization: reset (known state) makes the ALU output as zero
  - Register change: when XXce is '1'
  - Multiplexer: Asel, Bsel



- ALU logic for one bit
  - ✓ ALU functions required
    - A+B: normal adder
    - A-B: complement and adding
    - B: force A and carry-in to zero
    - B+1: force A to zero and carry-in to 1
    - 0: reset



Figure 1.7 MU0 ALU logic for one bit.



### MU0 extensions

- Extending the address space
- Adding more addressing modes
- Allowing the PC to be saved in order to support a subroutine mechanism
- ✓ Adding more registers
- Support interrupts
- ✓ …

