5. Assembly Language Programming

Part of 22C:60, Computer Organization Notes
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Assembly into Memory

To run a program, you must translate it from its source language to machine language and load it in memory. While there are assemblers that directly assemble into memory, most do not, and our SMAL assembler is typical. When the SMAL assembler processes a source file, say hello.a for the classic hello-world program, the assembled output is placed in an object file called hello.o, with the .o suffix used to indicate that it is an object file. Most assemblers also produce a listing file that shows the source and a textual summary of the object code together. In the case of the SMAL assembler, this will be named hello.l, with the .l suffix indicating that it is a listing.

Typical SMAL assembler inputs and outputs
inputs hello.a
outputs hello.o

If the source file was a stand-alone program, that is, one that does not call functions defined elsewhere, and if the source file used only absolute assembly and never assembled data into a relocatable address (a topic mentioned briefly in chapter 3), the object file can be loaded directly into memory.

In the usual case, the object file will need to be linked with other object files in order to create a loadable and executable file. For example, most of our example programs use a package called the monitor, with an interface description stored in the file monitor.h and object code in the file monitor.o. The .h and .o suffixes are identical to those commonly used with C and C++ and have the same meanings.

The Hawk monitor is a minimal package of input-output routines just sufficient to run simple demonstation programs. Before we run our hello-world program, we must link the object file hello.o with monitor.o to make an executable program. By default, the Hawk linker stores the executable program in link.o, and by default, the executable code is linked so that it will be loaded in read-only memory within the Hawk emulator.

Typical SMAL Hawk linker inputs and outputs
inputs hello.o
outputs link.o

Finally, a program called the loader is used to load the program into memory so that it can be executed. The loader is usually a built-in part of the operating system on a modern computer, and each time you run a machine-language program, the loader is called on to load that program before it is run.

Another way to run a loadable object file is to run it under a debugger. Debuggers typically offer a way to observe the internal state of the processor as it executes a program, and they typically also allow examination of the program as it sits in memory. Our Hawk debugger, for example, includes a disassembler that tries to reconstruct the assembly language source from the machine code it finds in memory. This disassembled code is not always the same as the original assembly source because there are many possible source programs that will produce the same machine code. On the other hand, the relationship between the disassembled code displayed by the debugger and the assembler's listing file is usually clear.

Typical Hawk debugger inputs and outputs
inputs link.o
outputs display

Assuming we start with a single source file called hello.a in the current directory of a Unix-like system, and assuming that the SMAL assembler and linker are smart enough to look elsewhere for the other input files required, as indeed they are, then the dialog between the programmer and the assembler to load and run the hello-world program would be as follows:

Assembling, linking and running the example
                  $ ls
$ smal hello.a
  no errors
$ ls
hello.a hello.l hello.o
$ link hello.o
  no errors
$ ls
hello.a hello.l hello.o link.o
$ hawk link.o

The user typed in the ls command before and after each of the constructive commands in the above example; this requests a listing of all the files in the current directory, and as a result, it is easy to see what files were created at each step between the source program and the executable result.

In the above example, input to the computer system has been shown in boldface, and the prompt output by the system to solicit each command is shown as a dollar sign. It is likely that you will see a different prompt on your computer system, since the string used for the prompt can be easily customized.

The Skeleton of a Hawk Application

Since the publication of The C Programming Language by Kernighan and Ritchie in 1978, introductory tutorials for programming languages have usually begun with an example program that produces some variation on the string "hello world" to the output. Producing such output from an assembly language program takes a bit more work than it does in the original version of the C language, where the following sufficed:

The original C hello-world program
main() {
        printf("hello, world\n");

In our assembly language, we must do many things that are done automatically typical high-level languages such as C or C++. Where a C programmer writes main(){} as the skeleton of an empty main program, a Hawk programmer will have to write more:

The skeleton of an empty Hawk program
        USE     "hawk.h"
        USE     "monitor.h"
ARSIZE  =       4
        INT     MAIN
        S       MAIN
MAIN:                           ; executable code begins here
        STORES  R1,R2
        ADDI    R2,R2,ARSIZE

; ----  application code goes here ----

        ADDI    R2,R2,-ARSIZE
        LOADS   R1,R2
        JUMPS   R1              ; return to the monitor to stop!

You do not need to understand this code at this point. All you need to do is use it, verbatim, as a wrapper around whatever code you write. Despite this, some of this code should already make sense from what we discussed in the previous chapters, since there is only one new machine instruction here.

The USE directives insert material from other files. We used one to get definitions from hawk.h in the assembly language example in Chapter 4. We do that again here, and we also get definitions from a file called monitor.h, the interface to the Hawk monitor. The definitions of the symbol ARSIZE allows for the number of bytes used by the local variables of the main program. The use of this symbol will become clearer when we discuss local variables in the next chapter.

The label MAIN marks the start of the executable code. When you run a program, it will be loaded in memory along with the code of the Hawk monitor, a rudimentary operating system. The monitor runs first, and when it has initialized the computer, it calls your main program. By default, all symbols defined an assembly file are local, so this code includes a special assembler directive, INT MAIN, to tell the assembler that the internal or local symbol MAIN should be globally visible. This allows the monitor to see it and call it.

By default, once you start the Hawk computer, it will just run whatever code is in memory, starting at location zero. The directive S MAIN changes this, telling the Hawk computer to stop when it gets to the start of your code. The S directive does not assemble any value into memory; what it does is communicate through the linker and the loader to tell the Hawk system where to set the initial breakpoint to use when running your code. The S directive is optional, if you leave it off, your program will run, but if you want to inspect the registers or executing your code one instruction at a time, the S directive gives you a chance. Once you have a partially debugged program, you may find it convenient to change the S directive to make your program stop just before some instruction that you suspect might be wrong.

This skeleton code given here does not specify an assembly origin. This leaves the question of where the instructions will be loaded to be answered by the linker. By default, the linker will put all code in read-only memory so that programs may not modify themselves.


c) Type in the skeleton of an empty Hawk program given above, then compile it, link it, and load it under the Hawk emulator so you can inspect the machine code loaded into memory.

d) Hand translate the skeleton of an empty Hawk program given above into a sequence of halfwords starting with first executable instruction and continuing until the LOADS instruction.

The Hawk Monitor

The header file monitor.h includes the interface definition for all of the routines in our Hawk monitor, a very minimal operating system for the Hawk computer. Your main program may allocate local variables, and many of the routines in the monitor allocate their own local variables. To allow this, before the monitor calls your main program, it sets up register 2 as a pointer to the lowest unused memory address in RAM. This block of unused memory is called the stack. Any function, procedure or method is free to allocate space on this stack, and in fact, as we will see, the Hello World program uses one word of space on the stack.

The terms method, function and procedure all carry baggage. Methods in object-oriented languages apply to objects that are instances of classes, and we have not discussed classes yet. In mathematics, a function must compute a value from its arguments, and in some languages, procedures may not have return values. We use the term subroutine here as a generic term to covers all of these. A subroutine is simply a subsidiary part of a program, with no implication of object orientation or a return value. The only implication of the term subroutine is that it refers to something that can be called and that will eventually return.

Main programs under the Hawk monitor are pure procedures, with no return value or implication of object orientation. In some languages, they are more complex. In C and C++, for example, the main program is a function that returns an integer, although most programmers ignore this return value. In Java, you are required to put the main method inside some class, so many programmers create a gratuitous class as a wrapper.

The Hawk monitor itself consists of a number of subroutines. To call a routine in the monitor, we must first load the parameters to that routine into the appropriate registers, and then load the address of the desired routine into some other register, and then execute a jump-to-subroutine instruction to transfer control from the caller to the called routine. This is far more complex than the apparent simplicity of a call in a high level language, but all of the key ideas are the same.

What registers do we use to pass parameters? The answer is determined buy whoever wrote the routine we are calling. By convention, parameters are passed in registers 3 and up. Typically, if the routine has just one parameter, this will be passed in R3, while if it has two parameters, they will be passed in R3 and R4. Some monitor routines do not follow this convention exactly, so whenever you call any subroutine, first check the documentation for that routine to see what registers it uses. By convention, calls to monitor routines use R1 as a temporary pointer to the routine. The reasons for this will be clear when we discuss how subroutine calls actually work.

Some Useful Hawk Monitor Routines

Many of the input/output routines in the Hawk monitor correspond to similar routines in the C and C++ standard libraries. This is particularly true of the input/output routines in the Hawk monitor: PUTCHAR, PUTS, GETCHAR and GETS conform closely to C, while the numeric output routines are only slightly innovative. The full documentation of the Hawk monitor is provided in the comments in the monitor.h file; the following documentation is lifted from that file:

PUTCHAR -- display one character on the screen
Parameters: R3 -- the character to display
Return value: None.
Side effects: Uses R4 to R5
The character will be displayed at the current row and column number on the display, and then the column number will be incremented.

PUTS -- display one null-terminated string
Parameters: R3 -- address of the first byte of the string.
Return value: None.
Side effects: Uses R3 to R7
The characters of the string will be displayed in sequence.

PUTHEX -- display one integer in hexadecimal
Parameters: R3 -- integer to output.
Return value: None.
Side effects: Uses R3 to R7
The hexidecimal number will be displayed.

PUTDEC -- display one two's complement integer in decimal
PUTDECU -- display one unsigned integer in decimal
Parameters: R3, R4 -- integer to output and field width.
Return value: None.
Side effects: Uses R3 to R6
The hexidecimal number will be displayed.

PUTAT -- set output display coordinates
Parameters: Column/X = R3, Row/Y = R4
Return value: None.
Side effects: Uses R3 to R7
The next character output will appear at the indicated row and column on the display, where the upper left is row 0, column 0.

GETCHAR -- get one character from the keyboard
Parameters: None.
Return value: R3 -- the character typed.
Side effects: Also uses R4
The program will wait until some character is typed.

GETS -- get one line from the keyboard
Parameters: R3 -- memory address of the string buffer
Return value: None.
Side effects: Uses R3 to R7
The line of text typed on the keyboard will be echoed to the screen and stored in memory as a null-terminated string, starting at the indicated memory address.

The monitor contains more, but two other routines are noteworthy: The monitor calls DSPINI to initialize the display software immediately before it calls your main program, leaving the return values from DSPINI as parameters to your main program. When the main program returns, the monitor immediately calls EXIT.

DSPINI -- initialize the output display device
Parameters: None.
Return value: Screen dimensions, Width = R3, Height = R4
Side effects:
The next output character will appear at row 0, column 0, the upper left-hand corner of the display. Without this, none of the other output routines will work.

EXIT -- terminates the application
Parameters: None.
Return value: Does not return
Side effects: Does not return

On entry, all Hawk monitor routines expect the return address in R1, and they all expect that R2 will hold the stack pointer, pointing to the first free word beyond any part of the stack that is already in use. The main program is expected to follow the same rules.

The Hawk monitor routines follow the pattern we will use for all Hawk subroutines throughtout this text. All subroutines will be called with the return address in R1, all use R2 as the stack pointer if they need a stack, all use registers from R3 up for parameters and results, all may destroy the contents of registers R3 through R7, and all are required to leave R8 through R15 unchanged when the routine returns. These conventions are arbitrary and will be reviewed again in the next chapter.

Calling a Monitor Routine

Suppose we want to output the character X to the display screen. In C, we would write putchar('X'); the analogous assembly language code to call PUTCHAR in the Hawk monitor is:

Code equivalent to putchar('X')
        LIS     R3,'X'          ; put parameter in place
        LIL     R1,PUTCHAR      ; get address of subroutine
        JSRS    R1,R1           ; call the subroutine

The comments in the above assembly language code describe what each instruction does. The first two instructions were discussed in the previous chapter. Both simply load constant values into registers. The character constant 'X' is only an 8-bit value, so the LIS instruction is used. The address of the subroutine PUTCHAR is unknown, but we know we can load it with the LIL instruction since this can load any 24-bit value, and the the highest RAM address in our minimal Hawk computer is 1FFFF16, only 17 bits.

The actual call to the monitor routine is done by the next (and final) instruction in our example, JSRS. All of the Hawk jump-to-subroutine instructions save the current value of the program counter in a register in order to allow for a later return. After they save the program counter, they change the program counter in order to effect the transfer of control to the desired destination. The Hawk has two jump-to-subroutine instructions, one long, JSR, and one short, JSRS. These are memory reference instructions, with the same formats as other memory reference instructions. The short form takes its destination address from a register, while the long form includes a 16-bit constant that is used to compute the destination. The JSRS instruction we used has the following form:

The Hawk JSRS instruction
07 06 05 04 03 02 01 00   15 14 13 12 11 10 09 08
1 1 1 1 dst 1 0 1 1 x

Formally, this does r[dst]=program_counter; program_counter=r[x]

These two assignments are done by the hardware in parallel, so JSRS R1,R1 exchanges the value of the program counter with the value stored in R1. Since we have just loaded the address of the first instruction of the Hawk monitor routine PUTCHAR into R1, the JSRS instruction will transfer control to PUTCHAR while it leaves the address of whatever instruction follows the JSRS instruction in R1.

Because the JSRS instruciton copied the previous value of the program counter to a register, the called routine can use this value to return when it is done. We call that register the linkage register, and we also say that the linkage register holds the return address for the call. Because of this use, we also say that the Hawk architecture uses register linkage for subprogram calls. Some other architectures have call instructions that automatically push the calling address on the stack. This was popular in the 1970's when the Intel 8086 was designed, and therefore, the Intel Pentium does this.

Our skeleton main program is itself a subroutine, so as we will discuss in the next chapter, it begins by saving the return address and ends by restoring the return address and using it to return. While the body of the main program is running, the return address is saved on the stack.

A Working Hello-World Program

We now have enough information in hand to write a program that outputs the string "Hello world!" to the display and then halts. Here is the source code for this program:

A working hello-world program
        TITLE   "A Hello-World Program"
        USE     "hawk.h"
        USE     "monitor.h"
ARSIZE  =       4
        INT     MAIN
        S       MAIN
MAIN:                        ; entry point
        STORES  R1,R2

;  --- begin aplication code ---
        LIL     R3,HELLO
        LIL     R1,PUTS
        JSRS    R1,R1        ; puts(HELLO)
;  --- end aplication code ---

        ADDI    R2,R2,-ARSIZE
        LOADS   R1,R2
        JUMPS   R1           ; return

; --- begin aplication constants ---
HELLO:  ASCII   "Hello world!",0

The program is built around the skeleton presented above, with a TITLE directive at the start. This directive is basically an expensive comment telling the assembler what text to put at the top of each page of the listing file. The application code added to this program calls just one Hawk monitor routine, PUTS to display the null-terminated string "Hello world!". The program uses the LIL instruction to load the address of the string as a parameter to the PUTS routine. There are other ways to do this that we will discuss later. Here is the listing file produced by the SMAL assembler:

Listing the hello-world program
SMAL32 (rev  8/11)              A Hello-World Program        16:14:15  Page  1
                                                             Mon Aug 15 2011

                                 1          TITLE   "A Hello-World Program"
                                 2          USE     "hawk.h"
                                 3          USE     "monitor.h"
                                 4  ARSIZE  =       4
                                 5          INT     MAIN
                                 6          S       MAIN
                                 7  MAIN:                        ; entry point
+00000000: F1  A2                8          STORES  R1,R2
+00000002: F2  62  0004          9          ADDI    R2,R2,ARSIZE
                                11  ;  --- begin aplication code ---
+00000006: E3 +000018           12          LIL     R3,HELLO
+0000000A: E1 +000000           13          LIL     R1,PUTS
+0000000E: F1  B1               14          JSRS    R1,R1        ; puts(HELLO)
                                15  ;  --- end aplication code ---
+00000010: F2  62  FFFC         17          ADDI    R2,R2,-ARSIZE
+00000014: F1  D2               18          LOADS   R1,R2
+00000016: F0  B1               19          JUMPS   R1           ; return
                                21  ; --- begin aplication constants ---
+00000018: 48  65  6C  6C       22  HELLO:  ASCII   "Hello world!",0
+0000001C: 6F  20  77  6F 
+00000020: 72  6C  64  21 
+00000024: 00 
                                23          END

This listing does not show the contents of the monitor.h file, but if the definitions from that file had not been included, the symbol PUTS would have been undefined. The listing shows the value of PUTS as +000000. The plus sign indicates that the linker will add something to this to make the correct address. The linker will also adjust the address of the string, HELLO, defined on line 20 and used on line 13. Here, it will add the address of the first location of the program to the 1816 the assembler outputs.

After linking this program and loading the linked result with the Hawk emulator, the emulator will display the initial system state. You can inspect this state if you want before you start the emulator.

The Hawk emulator at startup
   /------------------CPU------------------\   /----MEMORY----\
   PC:  00000000                R8: 00000000 ->000000: LIL     R2,#01003C
   PSW: 00000000  R1: 00000000  R9: 00000000   000004: JSR     R1,#000160
   NZVC: 0 0 0 0  R2: 00000000  RA: 00000000   000008: LIL     R1,#001000
                  R3: 00000000  RB: 00000000   00000C: JSRS    R1,R1
                  R4: 00000000  RC: 00000000   00000E: BR      #000000
                  R5: 00000000  RD: 00000000   000010: CPUSET  R1,#3
                  R6: 00000000  RE: 00000000   000012: LIL     R1,#01001C
                  R7: 00000000  RF: 00000000   000016: STORES  R5,R1

 **HALTED**  r(run) s(step) q(quit) ?(help)

This display shows the initial PC value, 0000000016, and in the column labeled MEMORY, it shows the disassembled value of the instruction at address 00000016 as an LIL instruction. Pressing the r key at this point starts the emulator running the Hawk monitor until the program counter equals the breakpoint address that was set by the S MAIN directive in your main program. At that point, it stops again, with this display:

Ready to run the hello-world program
   /------------------CPU------------------\   /----MEMORY----\
   PC:  00001000                R8: 00000000   000FFC: NOP
   PSW: 00000000  R1: 0000000E  R9: 00000000   000FFE: NOP
   NZVC: 0 0 0 0  R2: 0001003C  RA: 00000000 -*001000: STORES  R1,R2  
                  R3: 00000050  RB: 00000000   001002: LEACC   R2,R2,#0004
                  R4: 00000015  RC: 00000000   001006: LIL     R3,#001018 
                  R5: 00000000  RD: 00000000   00100A: LIL     R1,#0001B6
                  R6: 00000000  RE: 00000000   00100E: JSRS    R1,R1
                  R7: 00000000  RF: 00000000   001010: LEACC   R2,R2,#FFFC

 **HALTED**  r(run) s(step) q(quit) ?(help)

This display shows that the PC now equals 0000100016; this is where linker puts the main program by default. To the right, the memory inspection column shows that the instruction at this address is STORES R1,R2, the first instruction of our program. The emulator does not use the assembly source file to display this column; instead, it decodes the actual contents of memory. This is why it shows the second instruction as LEACC instead of the ADDI in the source file, and why it does not show symbolic operand names. Look up ADDI in the Hawk manual and you will find that it an alternate name for LEACC. Despite such changes, the sequence of instructions disassembled and displayed by the emulator should be fairly easy to match up with the assembly listing.

Why did the assembly listing say that the first STORES instruction was at address +00000000 while the emulator's display shows it at address 00001000? The answer lies in a concept that was mentioned in chapter 3, relocation. The assembler did not assign absolute memory addresses to the code it assembled, but only relative addresses, relying on the linker to set the absolute address. In the assembly listing, this is signified by the leading plus sign on the address. The linker, in this case, has added 100016 to each address, loading the object code for our example into addresses 0000100016 through 0000105C16.

If we hit the r (run) key at the point where the emulator display window shows the above text, the emulator will run, producing the output "Hello world!" in the bottom half of the screen, and then it will halt back at location zero, ready to run the program again, if needed.

Instead of hitting the r key to run the program, we could have watched the program execute one instruction at a time in order to observe the fetch-execute cycle in action. The emulator interprets the The s (step) key as a request to run just one fetch-execute step, and it interprets the n (next) key as a request set the breakpoint at the next consecutive instruction and then run until the program counter points to the breakpoint. These do much the same thing except when the next instruction is a subroutine call or a branch. For subroutines, s will step into the body of the called routine, while n will execute the called routine if it were one instruction, Here is the state of our system after executing the first three instructions of the main program using the s key:

The hello-world program after three instructions
   /------------------CPU------------------\   /----MEMORY----\
   PC:  0000100A                R8: 00000000   000FFC: NOP
   PSW: 00000100  R1: 0000000E  R9: 00000000   000FFE: NOP
   NZVC: 0 0 0 0  R2: 00010040  RA: 00000000  *001000: STORES  R1,R2
                  R3: 00001018  RB: 00000000   001002: LEACC   R2,R2,#0004
                  R4: 00000009  RC: 00000000   001006: LIL     R3,#001018
                  R5: 00000000  RD: 00000000 ->00100A: LIL     R1,#0001B6
                  R6: 00000000  RE: 00000000   00100E: JSRS    R1,R1
                  R7: 00000000  RF: 00000000   001010: LEACC   R2,R2,#FFFC

Several fields have changed from the values shown in the previous illustration. The program counter has advanced from 0000100016 to 0000100A16. The three instructions that were executed stored the contents of R1, incremented R2 by 4, and loaded R3 with 0000101816. The starred instruction in the memory display shows that the breakpoint has not been changed; it still marks the start of the main program. The memory display also includes an arrow (->) marking the instruction pointed to by the program counter.

What about those two NOP instructions that the emulator found in locations FFC16 and FFE16? The answer to this question is simple! The emulator's disassembler made a mistake. These two memory locations were not intended to be interpreted as instructions. If you use the emulator's t command to toggle the memory display, you will see a display of memory as a table of 32-bit words, each shown in hexadecimal and also as 4-character text strings. When viewed as a hexadecimal number, the word at location FFC16 holds the value zero. If the Hawk processor did try to execute the contents of this location, it would be interpreted as a NOP (do nothing) instruction.


e) Modify the hello-world program given above so that it uses the PUTAT monitor routine to output its message starting on line 5 column 35 of the screen, so the message is more or less centered.

f) Modify the hello-world program given above so that it outputs the message "Hi!" using 3 successive calls to the PUTCHAR monitor routine.

g) A very bright programmer decides to output the message "Hi" using this fragment of code, loading R1 just once and then using the value twice:

    LIS R3,'H'
    JSRS R1,R1
    LIS R3,'i'
    JSRS R1,R1

When the programmer tries this, it outputs the H, but then it starts to behave strangely. What happened? What was the mistake?

Load Effective Address and Load

In the hello-world program given above, we used LIL to load the address of the string "Hello world!". This left work to the linker, since the assembler does not know where in memory the code will be loaded. It is up to the linker to adjust such addresses once they are known. The Hawk architecture includes several alternatives to this. Generally, load instructions load values into registers. As we have seen, load immediate instructions load constants. LOAD loads the contents of a memory location into a register, while LEA (load effective address) loads the effective address of a memory location. LOAD and LEA have identical format and syntax. One gets the contents of a memory location while the other gets the address of that location. The term effective address refers to the memory address of the operand of an instruciton. All Hawk memory reference instructions begin by computing an effective address before doing any load or store operation. The simplest forms of the LOAD and LEA instructions are:

The Hawk LOAD instruction
07 06 05 04 03 02 01 00   15 14 13 12 11 10 09 08
1 1 1 1 dst 0 1 0 1 0 0 0 0
15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00

The Hawk LEA instruction
07 06 05 04 03 02 01 00   15 14 13 12 11 10 09 08
1 1 1 1 dst 0 1 1 1 0 0 0 0
15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00

Formally, LOAD does R[dst]=M[program_counter+sxt(15,const16)], while LEA does R[dst]=program_counter+sxt(15,const16). This is called program-counter-relative addressing or PC-relative addressing because the constant operand is used as a displacement from the program counter. This form of LOAD and LEA can be used to load the contents or address of any location from 32764 bytes before the instruction to 32771 bytes after it. Why not 32768 before to 32767 after? Because the program counter is incremented by the instruction size before the instruction is executed.

In our assembly language, as defined by a macro in hawk.h, the instructions LOAD R1,X and LEA R1,X are assembled into the forms shown above with a twist. The constant X is not assembled directly into the instruction. Instead, the assembler uses X-(.+4). As a result, if X is the label on a nearby word, these instructions will compute the address of that word as their effective address. The next example shows three ways to load the address of the "hello world" string to show the use of these instructions:

Three ways to load the address of the same string
        LIL     R3,HELLO 
        LEA     R3,HELLO 
         LOAD    R3,PHELLO 


	ALIGN   4

Each of the above approaches to loading the constant address HELLO into a register has advantages and disadvantages. Using the LIL instruction, as we have already noted, only works if the constant to be loaded can be expressed in 24 bits. If that constant is an address, this only works if the address is somewhere in the first 8 megabytes of memory. Using the LEA instruction, the address loaded must be near the address of the instruction that loads it, but may be anywhere in memory. The final example is the most general and also the least convenient. This uses the LOAD instruction to load a nearby word holding the desired 32-bit value. This can load any 32-bit value, but it is slower and it takes extra memory to hold the 32-bit constant.

In general, when loading the address of a location defined in the same source file, the LEA instruction should be used. We only used the LIL instruction in the hello-world example in order to limit the variety of different instructions used there. If you change that one LIL instruction to an LEA instruction in the hello-world example, and then assemble, link and run the program, it will work exactly as it originally did.

We cannot use LEA R1,DSPST instead of LIL R1,DSPST to call monitor routines. This is because LEA only works if the assembler knows the relative distance, in bytes, between the instruction and the address to be loaded. So long as these are both defined in the same source file, the assembler can use this information easily, but in this case, DSPST is defined in the monitor and depending on how the program is linked, it could easily end up more than 32K bytes away from the point of call.


h) Write a program that outputs the string "Hello " followed by the string "world!" (the output will be equivalent to the original hello-world program, but it will call DSPST twice. Use LEA instructions where appropriate.

Control Structures

A program that just outputs the text "Hello world!" is not very interesting. The instructions we have covered so far offered us many different ways to load constants, to add and subtract integers and to load and store from any memory address. More arithmetic operations would be nice, but in theory, all arithmetic can be done with just addition and subtraction. The big thing we are missing is support for control structures.

At the machine level, the fundamental primitive from which control structures are built is assignment to the program counter. In high-level languages such as C or C++, this is done using the goto statement to transfer control to a specific labeled statement. When goto is mentioned in introductory programming courses, it is usually in the context of a warning to never use it. At the machine language level, it is unavoidable.

All more complex control structures must therefore be translated into assignments to the program counter. For example, at the end of each loop body, there must be an assignment that forces a jump back to the start of the loop body, and any break statements within the loop must be translated to assignments that force jumps out of the loop. Similarly, if statements will translate to jumps that are conditional on the value of some expression.

Just as the Hawk provides short and efficient ways to load small constants, but it requires longer instructions to load large constants, the Hawk also provides a short efficient way jump short distances within the program, while providing longer and more cumbersome support for control transfers that make larger changes to the program counter. It is worth noting that the Intel Pentium/80x86 family offers similar tradeoffs, as do many other successful computer architectures.

All of the common control transfer instrucitons on the Hawk use program-counter-relative addressing. The short fast instruction is called the branch instruction, while the long and slower form is called the jump instruction. The short form is given first:

The Hawk BR instruction
07 06 05 04 03 02 01 00   15 14 13 12 11 10 09 08
0 0 0 0 0 0 0 0 const8

The shorthand notation program_counter=program_counter+(2×sxt(7,const8)) describes this. Here, the sxt(7,const8) function takes bit 7 of the operand const8 and sign extends the result by replicating this bit in all the places to the left, making it the sign bit of the result.

Notice that if the constant in this instruction is zero, the program counter is unchanged. As a result, the instruction halfword 000016 is a no-op. As we already noted, in chapter 4, the instruction FFFF16 (a register to register move instruction) is also a no-op. This has a small value to developers of programs in read-only memory because it allows patching such a program by forcing existing instructions to either 000016 or FFFF16 (whichever is possible in the ROM technology being used) when it is discovered that they need to be deleted from the program, and because blocks of no-ops (either 000016 or FFFF16, depending on which can be changed to other instructions) can be left in programs as patch space to hold instructions added later.

The Hawk jump instruction is two halfwords long, and it may be used to compute the next address in a program in several ways. The simplest form of jump instruction does close to the same thing as the branch instruction:

The Hawk JUMP instruction
07 06 05 04 03 02 01 00   15 14 13 12 11 10 09 08
1 1 1 1 0 0 0 0 0 0 1 1 0 0 0 0
15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 00

The shorthand notation program_counter=program_counter+sxt(15,const16) describes this.

The big practical difference between this form of the JUMP instruction and the BR instruction is that the jump instruction can change the program counter to any value in a 64K byte range, from about +32K to -32K, while the branch instruction is limited to a range from +127 to -128 halfwords. Thus, the branch instruction should be used when the destination address is nearby, while the jump instruction should be used when the destination address is far away.

As with other instructions that use program-counter-relative addressing, the SMAL assembler, or rather, the macro definitions in hawk.h take care of the details of program-counter relative addressing, so that all a programmer needs to do is label the destination instruction and then use that label on the jump or branch that transfers control to it. The following rather foolish example illustrates this:

Using the branch and jump instructions
                                 1          USE     "hawk.h"
                                 2  .       =       #1000
                                 3          S       L1
 00001000: 11  C1                4  L1:     ADDSI   R1,1
 00001002: 00  03                5          BR      L3
 00001004: 11  C2                6  L2:     ADDSI   R1,2
 00001006: F0  30  FFF6          7          JUMP    L1
 0000100A: 11  C4                8  L3:     ADDSI   R1,4
 0000100C: 00  FB                9          BR      L2
                                10          END

This example program was written using absolute assembly, setting the assembly origin to 100016 so that it will appear in exactly the same memory locations as are shown on the assembly listing. Because of this and the fact that it does not use any Hawk monitor routines, the object file can be loaded directly into the Hawk emulator without first running it through the linker.

If you untangle the control structure of this example, you will find that it is an infinite loop. During each iteration, R1 is incremented by 1 by the instruction with the label L1, then by 4 by the instruction with the label L3, and finally by 2 by the instruction with the label L2.

The important thing to observe in this listing is that the BR and JUMP instructions look very similar in assembly language, but that the machine code generated is different. The machine code for the forward branch on line 5 is easy to understand. In this case, the instruction skips over 3 halfwords to get to the line with the label L3, and the constant in the instruction itself is 0316.

The backward branch on line 9 contains the constant FB16 or 111110112. This is the two's complement of 000001012 or 5, and 5 halfwords are skipped over between the backward branch instruction and the label if you count both the halfword containing the branch itself and the size of the labeled instruction. In the forward direction, both of these were excluded from the count.

The jump instruction on line 7 has the 16-bit constant FFF616 as an operand. Interpreting this as a two's complement number, this is -1010, and it turns out that the destination label is 10 bytes prior to the jump instruction, including both the bytes of the jump instruction itself and the destination instruction.


j) Give the machine code for the shortest infinite loop, expressed using a BR instruction that branches to itself.

k) Give the machine code for the second shortest infinite loop, expressed using a JUMP instruction that branches to itself.

An Example Program

Here is the body of a little program, expressed in a C-like notation, that incorporates an infinite loop and calls some of the service routines in the hawk monitor:

An example
int x = 0;
char ch = 'a';
while (TRUE) {
        putat( x, x );
        putchar( ch );
        x = x + 1;
        ch = ch + 1;

Running this program displays successive characters, one per iteration, starting with the letter 'a'. The call to putat() causes each character to displayed one line below and one character right of its predecessor, so the expected output is a diagonal line of characters extending down and to the right forever. If we slow down the computer sufficiently, it will be easy to see this row of characters grow.

When we translate this to Hawk machine code, we need a place to put the variables. Here, we will use R8 and R9 because none of the Hawk monitor routines use them. This allows us to replace the application code part of the Hawk hello world program with this code:

The example, translated to Hawk assembly language
; --- begin application code ---
        LIS     R8,1            ; x = 1
        LIS     R9,'a'          ; ch = 'a'
LOOP:                           ; while (TRUE) {

        MOVE    R3,R8           ;   -- parameter x
        MOVE    R4,R8           ;   -- parameter x
        LIL     R1,PUTAT
        JSRS    R1,R1           ;   putat( x, x )

        MOVE    R3,R9           ;   -- parameter ch
        LIL     R1,PUTCHAR
        JSRS    R1,R1           ;   putchar( ch )

        ADDSI   R8,1            ;   x = x + 1
        ADDSI   R9,1            ;   ch = ch + 1
        BR      LOOP            ; } -- end while
; --- end application code ---

If you substitute this text into the Hawk version of the hello world program, and then assemble and run it, it will go into an infinite loop that begins by printing this text on the screen:

The output

Computers are fast enough that it is not terribly interesting to watch this program produce this output at full speed. If you use the the s emulator command to step through the code one instruction at a time for a few iterations, or the i (iterate) emulator command to advance one full iteration of the loop at a time, you will see how the program works. Be careful not to use the i command until the program counter is inside the loop.

Look back at the C-like code given in planning the example and the the final assembly code. Note how the comments in the assembly code relate to the orignal C-like code. Some statements in the original reduce to single instructions, while others reduce to sequences of instructions. We used the label LOOP for the infinite while loop of the original. Also, the syntactic complexity of the loop header in the original reduced to just a label, while the single end brace marking the end of the loop in the orignal reduced to one machine instruction, the branch back to the loop top.

Using names like LOOP for labels in assembly language is very common. A branch or jump instruction gives no hint about whether it is being used to skip the else clause in an if statement or to return to the top of a loop, but if we adopt a systematic way of assigning labels, for example, using the label LOOP to mark the top of a loop, we can make it clear that BR LOOP marks the end of a loop and not something else.

Subroutine calls to the monitor routines are a bit complicated, but each call follows a strict steriotypical form. First, the parameters are placed into the registers the subroutine requires. Second, the subroutine address is put in R1, and finally, the JSRS instruction is used to actually call the subroutine. To make this clearer, blank lines have been added to the code to set off the blocks of code making up each subroutine call.


l) Modify the example program so that it outputs the diagonal line of letters on a sharper diagonal, that is, so that the letter on line i is output in column 2i. You can add a number to itself in order to double it.

m) Modify the example program so that it outputs the diagonal line of letters backwards, starting with z and working back toward a.

n) The example program does not use registers ten and up. Rewrite the example so these hold the addresses of DSPAT and DSPCH and are loaded before the loop begins, instead of being loaded over and over within the loop. How much does this shorten the machine code of the problem, and how many instructions does it eliminate from each iteration?

Condition Codes and Conditional Branches

The branch and jump instructions are sufficient to allow infinite loops, but to write real programs, we need a way to build control structures that don't loop forever. This requires branch instructions that are conditional, branching or not branching depending on the results of previous computations.

In 1965, when IBM introduced the System 360, one of the innovations in that machine was the inclusion of 2 bits in the processor status word called the condition codes. Whenever the machine loaded data into a register or performed arithmetic, these bits were set to report a small amount of information about the result, and this machine had several conditional branch instructions to test the condition codes.

In 1970, Digital Equipment Corporation introduced the PDP-11; this computer introduced the model of condition codes used in the Hawk and many later computers, including the Intel 80x86/Pentium family. The PDP-11 and its successors have the following condition codes:

N - negative
Set to one when the result of the operation was negative; otherwise zero.

Z - zero
Set to one when the result of the operation was zero; otherwise zero.

V - overflow
Set to one if an arithmetic operation produces an incorrect two's complement result, for example, if adding two positive numbers produces a negative result; otherwise zero.

C - carry
Set to one if an arithmetic operation produces a carry out of the most significant bit; otherwise zero.

The Hawk condition codes are stored in the least significant 4 bits of the processor status word. In the Hawk emulator display, they are also shown as single bit value below the processor status word so you can easily see them.

The Hawk ADD and SUB instructions set the condition codes, as do the ADDSI and ADDI instructions. The other instructions we have discussed do not change the condition codes, but there are variants of these that do. Thus, while LOADS, LOAD and MOVE do not change the condition codes, the Hawk architecture offers alternatives, LOADSCC, LOADCC and MOVECC that do. These variants have identically the same formats as the originals, except for a one bit change in the binary representation.

To see if a number is zero or negative, a Hawk programmer can use a load or move instruction such as MOVECC to set the condition codes. To compare two numbers, a Hawk programmer would subtract them so that the condition codes report on the result. When the destination register field of a load, move or arithmetic instruction is zero, the Hawk still computes the desired result and sets the condition codes, but then it discards the result instead of saving it to a register.

Most of the Hawk instructions that discard their results after setting the condition codes have special names. The most important of these is the compare instruction, really SUB (subtract) storing the result in R0:

The Hawk CMP instruction
07 06 05 04 03 02 01 00   15 14 13 12 11 10 09 08
1 1 0 1 0 0 0 0 s1 s2

The instruction CMP R1,R2 subtracts R2 from R1, and we could write it as SUB R0,R1,R2 to mean exactly the same thing. After comparison or subtraction, the Z condition code will be set if the two operands were equal, and the N conditon code will be set if the result was negative, a result that usually indicates that R1 was less than R2.

Similarly, the Hawk has a compare immediate instruction, CMPI to compare a register with a 16-bit immediate constant. This is really just the add immediate instruction, ADDI with the destination field set to zero so the result gets discarded. The assembler negates the constant so CMPI R1,C is assembled as if it had been written ADDI R0,R1,-C. Programmers can ignore this because adding a negated value sets the condition codes the same way way they would have been set by subtracting the original.

The Hawk architecture offers the same 14 conditional branches that were originally offered by the DEC PDP-11. 8 of these are trivial to understand: BNS, BZS, BVS, and BCS each test one of the condition code bits and branch if that bit is set. These names are mnemonic. For example, BCS stands for branch if C set. For each of these, there is an inverse test, BNR, BZR, BVR, and BCR that branches only if the corresponding condition code bit is reset.

After a comparison using the CMP instruction, use BEQ to branch if the operands were equal, and BNE to branch if they were unequal. These are really just BZS and BZR, renamed for better documentation.

After CMP R1,R2, where R1 and R2 hold two's complement integers, use BGT, BGE, BLE or BLT to branch if R1>R2, R1R2, R1R2, or R1<R2, respectively. These do not just test the N and Z conditon codes, as you might imagine, but they also check the V (overflow) condition code. If V is set, the sign of the result after subtraction was wrong.

After CMP R1,R2, where R1 and R2 hold unsigned positive integers, use BGTU, BGEU, BLEU or BLTU to branch if R1>R2, R1R2, R1R2, or R1<R2, respectively. Two of these, BGTU and BLEU are new machine instructions, while the other two, BGEU and BLTU are synonyms for BCS and BCR; why this works is best left for later, when we discuss the arithmetic unit within the central processor.


o) Give the Hawk machine code corresponding to CMPI R1,100; try doing this by hand, working from the information given above, before testing your solution using the assembler.

p) CMPI is the same as ADDI with the destination field set to zero. Why can't we convert ADDSI to some kind of CMPSI instruction by setting its destination field to zero?

q) Suppose you use the Hawk to compute the two's complement of one by subtracting it from zero with the SUB instruction. Recall that, in two's complement arithmetic, subtraction is done by adding the one's complement of the subtrahend, with a carry of one added to the rightmost bit. Give the values you would expect this to put in the Hawk condition codes.

r) Suppose you use the Hawk to compute the two's complement of zero by subtracting zero from zero with the SUB instruction. Recall that, in two's complement arithmetic, subtraction is done by adding the one's complement of the subtrahend, with a carry of one added to the rightmost bit. Give the values you would expect this to put in the Hawk condition codes.

Examples illustrating definite loops

We can now modify our example program to halt after a finite number of iterations. In a high level language, we can do this with a construct such as for(x=1;x++;x<9) but this for-loop construct is quite complex, including initialization, increment and exit conditions all together. This is convenient, but an assembly-language programmer must deal with each of these issues separately. Therefore, we must rewrite our program using simpler control structures such as do-while loops. This is shown here:

The example, modified to contain a definite loop
; --- begin application code ---
        LIS     R8,1            ; x = 1
        LIS     R9,'a'          ; ch = 'a'
LOOP:                           ; do {

        MOVE    R3,R8           ;   -- parameter
        MOVE    R4,R8           ;   -- parameter
        LIL     R1,PUTAT
        JSRS    R1,R1           ;   putat( x, x )

        MOVE    R3,R9           ;   -- parameter
        LIL     R1,PUTCHAR
        JSRS    R1,R1           ;   putchar( ch )

        ADDSI   R8,1            ;   x = x + 1
        ADDSI   R9,1            ;   ch = ch + 1

        CMPI    R8,9
        BLT     LOOP            ; } while (x < 9)
; --- end application code end ---

The example above illustrates what is known as a post-test loop. One mildly inconvenient feature of this control structure is that the loop control variable x and the character in ch (in registers 8 and 9) are both incremented before the loop termination test is done. In some circumstances, a programmer may want to avoid changing the values of any variables from their values during the final iteration of the loop body. If this is desired, we must replace the post-test with a test for loop termination before the variables are incremented.

In languages descended from C, mid-loop exits are done with a conditional break in the loop body, testing the loop exit condition and exiting the loop at the appropriate place. If we test the loop control variable before it is incremented, we must rewrite our termination test. In the example above, we loop while(x<9) but with the termination test moved until before the increment, we must change this to if(x>=8)break.

We need to add a new label to mark the end of the loop. The name ENDLOOP is natural when a program contains just one loop. This is the destination address for the conditional branch that we use to implement the if-break construct. Assembly language programmers are strongly urged to adopt systematic naming conventions for labels so that the label names hint at their function in the control structures of a program. Long names can detract from readability, so if there is more than one loop in a program, we might use the suffix LP to mean loop, allowing us to build labels such as FIXLP and ENDFIXLP to mark the start and end of a loop to fix something. The above ideas are incorporated into a second version of our example program, presented below:

The example, with the loop exit in mid loop
; --- begin application code ---
        LIS     R8,1            ; x = 1
        LIS     R9,'a'          ; ch = 'a'
LOOP:                           ; while (TRUE) {

        MOVE    R3,R8           ;   -- parameter
        MOVE    R4,R8           ;   -- parameter
        LIL     R1,PUTAT
        JSRS    R1,R1           ;   putat( x, x )

        MOVE    R3,R9           ;   -- parameter
        LIL     R1,PUTCHAR
        JSRS    R1,R1           ;   putchar( ch )

        CMPI    R8,8
        BGE     ENDLOOP         ;   if (x >= 8) break;

        ADDSI   R8,1            ;   x = x + 1
        ADDSI   R9,1            ;   ch = ch + 1
        BR      LOOP
ENDLOOP:                        ; } -- end while
; --- end application code ---

A more fully developed convention for labels used to form control structures might add, in addition to the suffix LP for loops, the suffix IF for labels involved with if statements. Another convention to consider is labels that make assertions about variables in the program, so for example, the label XBIGGER might be natural at the point where the variable x is bigger than something else.


s) Translate the following example program to Hawk assembly language:

int x = 0;
char ch = 'a';
while (x < 9) {
    dspat( x, x );
    dspch( ch );
    x = x + 1;
    ch = ch + 1;

t) Translate the following example program to Hawk assembly language:

int x;
for (x = 1; x < 9; x++) {
    dspat( x, x );
    dspch( '*' );

u) Write a Hawk program that produces the following output using a loop that iterates exactly 6 times, where each iteration outputs one letter 4 times, with appropriate calls to dspat(), as needed, to put the letters in the correct rows and columns.

        A      A
        B      B
        C      C
        D      D
        E      E
        F      F

v) Add a nested loop to the example program so that it produces the output: