Assembly Language for x86 Processors 6th Edition Chapter 6: Bitwise Instructions (c) Pearson Education, 2010. All rights reserved. You may modify and copy

Assembly Language for x86 Processors 6th Edition

Chapter 6: Bitwise Instructions

(c) Pearson Education, 2010. All rights reserved. You may modify and copy this slide show for your personal use, or for use in the classroom, as long as this copyright statement, the author's name, and the title are not changed.

Slides prepared by the author

Revision date: 2/15/2010

Kip R. Irvine

Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010. 2

Status Flags - Review

• The Zero flag is set when the result of an operation equals zero.

• The Carry flag is set when an instruction generates a result that is

too large (or too small) for the destination operand.

• The Sign flag is set if the destination operand is negative, and it is

clear if the destination operand is positive.

• The Overflow flag is set when an instruction generates an invalid

signed result (bit 7 carry is XORed with bit 6 Carry).

• The Parity flag is set when an instruction generates an even

number of 1 bits in the low byte of the destination operand.

• The Auxiliary Carry flag is set when an operation produces a carry

out from bit 3 to bit 4

3

Logic Instructions Syntax for AND, OR, XOR, and TEST instructions:

op-code destination, source

They perform the Boolean bitwise operation and store the result into destination. TEST is just an AND but the result is not stored. TEST affects the

flags just like AND does.

Both operands must be of the same type either byte, word or dword

Both operands cannot be mem again: mem to mem operations are forbidden

They clear (ie: put to zero) CF and OF

They affect SF and ZF according to the result of the operation (as usual)

4Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.

Logic InstructionsAND Instruction

• Performs a Boolean AND operation between each pair of matching bits in two operands

• Syntax:AND destination, source

(same operand types as MOV)

0 clears a bit and 1 conserves a bit

• The source is often an imm operand called a bit mask: used to fix certain bits to 0 or 1

AND al,7Fh ;msb of AL is cleared

since 7Fh = 0111 1111b

0 0 1 1 1 0 1 10 0 0 0 1 1 1 1

0 0 0 0 1 0 1 1

AND

unchangedcleared

AND


Logic InstructionsOR Instruction

• Performs a Boolean OR operation between each pair of matching bits in two operands

• Syntax:OR destination, source

1 sets a bit and 0 conserves a bit

To test if ECX = 0, we can do: OR ecx,ecx since this does not change the value in ECX and set ZF=1 if and only if ECX=0

OR

0 0 1 1 1 0 1 10 0 0 0 1 1 1 1

0 0 1 1 1 1 1 1

OR

setunchanged

6

Logic Instructions - Example To convert from upper case letter to lower case we can

use the usual method:ADD dl,20h

But 20h = 0010 0000b and bit #5 is always 0 for characters from ‘A’ (41h) to ‘Z’ (5Ah). Uppercase (41h-5Ah) A-Z Lowercase (61h-Ah) a-z

0 1 0 0 XXXX 0 1 1 0 XXXX 0 1 0 1 XXXX 0 1 1 1 XXXX

Hence, adding 20h gives the same result as setting this bit #5 to 1. Thus:

OR dl,20h ; converts from upper to lower caseAND dl,0DFh ; converts from lower to upper case

since DFh = 1101 1111b


Logic InstructionsXOR Instruction

• Performs a Boolean exclusive-OR operation between each pair of matching bits in two operands

• Syntax:XOR destination, source

1 inverts a bit and 0 conserves a bit

XOR

0 0 1 1 1 0 1 10 0 0 0 1 1 1 1

0 0 1 1 0 1 0 0

XOR

invertedunchanged

XOR is a useful way to toggle (invert) the bits in an operand.

When initializing a register to 0 do

use XOR ax,ax instead of MOV ax,0 [compilers prefer this method]


Logic InstructionsNOT Instruction

• Performs a Boolean NOT operation on a single destination operand

• Syntax:NOT destination

Equivalent to: XOR destination, FFFF…FFFFh

Skip to Page 13

NOT

0 0 1 1 1 0 1 1

1 1 0 0 0 1 0 0

NOT

inverted


Bit-Mapped Sets

• Binary bits indicate set membership• Efficient use of storage• Also known as bit vectors


Bit-Mapped Set Operations

• Set Complementmov eax,SetXnot eax

• Set Intersectionmov eax,setXand eax,setY

• Set Unionmov eax,setXor eax,setY


Applications (1 of 3)

mov ax,wordValand ax,1 ; low bit set?jz EvenValue ; jump if Zero flag set

• Task: Jump to a label if an integer is even.

• Solution: AND the lowest bit with a 1. If the result is Zero, the number was even.

JZ (jump if Zero) is covered in Section 6.3.

Your turn: Write code that jumps to a label if an integer is negative.



or al,aljnz IsNotZero ; jump if not zero

• Task: Jump to a label if the value in AL is not zero.

• Solution: OR the byte with itself, then use the JNZ (jump if not zero) instruction.

ORing any number with itself does not change its value.


Logic InstructionsTEST Instruction

• Performs a nondestructive AND operation between each pair of matching bits in two operands

• No operands are modified, but the Zero flag is affected.• Example: jump to a label if either bit 0 or bit 1 in AL is set.

test al,00000011bjnz ValueFound

• Example: jump to a label if neither bit 0 nor bit 1 in AL is set.

• TEST is similar to CMP but for logic operation.

Skip to Page 19

test al,00000011bjz ValueNotFound



and al,00001011b ; clear unwanted bitscmp al,00001011b ; check remaining bitsje L1 ; all set? jump to L1

• Task: Jump to label L1 if bits 0, 1, and 3 in AL are all set.

• Solution: Clear all bits except bits 0, 1,and 3. Then compare the result with 00001011 binary.


Your turn . . .

• Write code that jumps to label L1 if either bit 4, 5, or 6 is set in the BL register.

• Write code that jumps to label L1 if bits 4, 5, and 6 are all set in the BL register.

• Write code that jumps to label L2 if AL has even parity.

• Write code that jumps to label L3 if EAX is negative.• Write code that jumps to label L4 if the expression

(EBX – ECX) is greater than zero.


Encrypting a String

KEY = 239 ; can be any byte valueBUFMAX = 128.databuffer BYTE BUFMAX+1 DUP(0)bufSize DWORD BUFMAX

.codemov ecx,bufSize ; loop countermov esi,0 ; index 0 in bufferL1:xor buffer[esi],KEY ; translate a byteinc esi ; point to next byteloop L1

The following loop uses the XOR instruction to transform every character in a string into a new value.


String Encryption Program

• Tasks:• Input a message (string) from the user• Encrypt the message• Display the encrypted message• Decrypt the message• Display the decrypted message

View the Encrypt.asm program's source code. Sample output:

Enter the plain text: Attack at dawn.

Cipher text: «¢¢Äîä-Ä¢-ïÄÿü-Gs

Decrypted: Attack at dawn.


BT (Bit Test) Instruction

• Copies bit n from an operand into the Carry flag• Syntax: BT bitBase, n

• bitBase may be r/m16 or r/m32• n may be r16, r32, or imm8

• Example: jump to label L1 if bit 9 is set in the AX register:

bt AX,9 ; CF = bit 9jc L1 ; jump if Carry

19

Exercise 1 Use only one instruction among AND, OR, XOR, and

TEST to do the following task: (A) Convert the ASCII code of a decimal digit ('0‘ to '9‘)

contained in AL to its numerical value.

(B) Fix to 1 the odd numbered bits in EAX (ie: the bits numbered 1, 3, 5…) without changing the even numbered bits.

(C) Clear to 0 the most significant bit and the least significant bit of BH without changing the other bits.

(D) Inverse the least significant bit of EBX without changing the other bits.


Logical Shift

• A logical shift fills the newly created bit position with zero:

CF

0


SHL Instruction

• The SHL (shift left) instruction performs a logical left shift on the destination operand, filling the lowest bit with 0.

• Operand types for SHL:

• CF always contains the last bit shifted out, when shifting multiple times.

SHL reg,imm8SHL mem,imm8SHL reg,CLSHL mem,CL

(Same for all shift and rotate instructions)


Fast Multiplication

mov dl,5shl dl,1

Shifting left 1 bit multiplies a number by 2

0 0 0 0 1 0 1 0

0 0 0 0 0 1 0 1 = 5

= 10

Before:

After:

mov dl,5shl dl,2 ; DL = 20

Shifting left n bits multiplies the operand by 2n

For example, 5 * 22 = 20

23

Fast Multiplication Each left shift multiplies by 2 the operand for both

signed and unsigned interpretations. Ex:

mov ax, 4 ;AX = 0004hmov bx, -1 ;BX = FFFFhshl ax, 2 ;AX = 0010h = 16shl bx, 3 ;BX = FFF8h = -8

Multiplication by shifting is very fast. Try to factor your multiplier into powers of 2:

BX * 36 = BX * (32 + 4) = BX*32 + BX*4 So add (BX shifted by 5) to (BX shifted by 2)


Binary Multiplication

• mutiply 123 * 36


Binary Multiplication

• We already know that SHL performs unsigned multiplication efficiently when the multiplier is a power of 2.

• You can factor any binary number into powers of 2. • For example, to multiply EAX * 36, factor 36 into 32 + 4

and use the distributive property of multiplication to carry out the operation:

EAX * 36 = EAX * (32 + 4)= (EAX * 32)+(EAX * 4)

mov eax,123mov ebx,eaxshl eax,5 ; mult by 25

shl ebx,2 ; mult by 22

add eax,ebx


Your turn . . .

mov ax,2 ; test value

mov dx,axshl dx,4 ; AX * 16push edx ; save for latermov dx,axshl dx,3 ; AX * 8shl ax,1 ; AX * 2add ax,dx ; AX * 10pop edx ; recall AX * 16add ax,dx ; AX * 26

Multiply AX by 26, using shifting and addition instructions. Hint: 26 = 16 + 8 + 2.

Irvine, Kip R. Assembly Language for x86 Processors 6/e, 2010.27

SHR Instruction

• The SHR (shift right) instruction performs a logical right shift on the destination operand. The highest bit position is filled with a zero.

CF

0

mov dl,80shr dl,1 ; DL = 40shr dl,2 ; DL = 10

mov bh,13 ; BH = 0000 1101b = 13shr bh,2 ; BH = 0000 0011b = 3, (div by 4), CF=0

(the remainder of the division is lost)

Shifting right n bits divides the operand by 2n


Arithmetic Shift

• An arithmetic shift fills the newly created bit position with a copy of the number’s sign bit:

CF


SAL and SAR Instructions

• SAL (shift arithmetic left) is identical to SHL.• SAR (shift arithmetic right) performs a right arithmetic

shift on the destination operand.

CF

An arithmetic shift preserves the number's sign.

mov dl,-80sar dl,1 ; DL = -40sar dl,2 ; DL = -10

CF reflects the action of the last rotate

30

Arithmetic Shift SAR

Is needed to divide the signed value by 2:SAR dest, CL ;value of CL = number of shiftsSAR dest, imm8

the msb of dest is filled with its previous value (so the sign is preserved)

the lsb of dest is moved into CFmov ah, -15 ;AH = 1111 0001bsar ah, 1 ;AH = 1111 1000b = -8

the result is rounded to the smallest integer

(-8 instead of -7…) in contrast:

shr ah, 1 ;gives ah = 0111 1000b = 78h


Your turn . . .

mov al,6Bhshr al,1 a.shl al,3 b.mov al,8Chsar al,1 c.sar al,3 d.

Indicate the hexadecimal value of AL after each shift:

35hA8h

C6hF8h


ROL Instruction

• ROL (rotate) shifts each bit to the left• The highest bit is copied into both the Carry flag

and into the lowest bit• No bits are lost

CF

mov al,11110000brol al,1 ; AL = 11100001b

mov dl,3Fhrol dl,4 ; DL = F3h


ROR Instruction

• ROR (rotate right) shifts each bit to the right• The lowest bit is copied into both the Carry flag and

into the highest bit• No bits are lost

CF

mov al,11110000bror al,1 ; AL = 01111000b

mov dl,3Fhror dl,4 ; DL = F3h

34

Examples of ROL

mov ah,40h ;ah = 0100 0000brol ah,1 ;ah = 1000 0000b, CF = 0rol ah,1 ;ah = 0000 0001b, CF = 1rol ah,1 ;ah = 0000 0010b, CF = 0

mov ax,1234h ;ax = 0001 0010 0011 0100brol ax,4 ;ax = 2341hrol ax,4 ;ax = 3412hrol ax,4 ;ax = 4123h


Your turn . . .

mov al,6Bhror al,1 a.rol al,3 b.

Indicate the hexadecimal value of AL after each rotation:

B5hADh


RCL Instruction

• RCL (rotate with carry left) shifts each bit to the left• Copies the Carry flag to the least significant bit• Copies the most significant bit to the Carry flag

CF

clc ; CF = 0mov bl,88h ; CF,BL = 0 10001000brcl bl,1 ; CF,BL = 1 00010000brcl bl,1 ; CF,BL = 0 00100001b


RCR Instruction

• RCR (rotate with carry right) shifts each bit to the right• Copies the Carry flag to the most significant bit• Copies the least significant bit to the Carry flag

stc ; CF = 1mov ah,10h ; CF,AH = 1 00010000brcr ah,1 ; CF,AH = 0 10001000b

CF

38

Ex: inverting the content of AL*

Ex: whenever AL = 1 1 0 0 0 0 0 1b we want to have

AL = 1 0 0 0 0 0 1 1b mov ecx, 8 ;number of bits to rotate

start: shl al, 1 ;CF = msb of AL rcr bl, 1 ;push CF into msb of BL loop start ;repeat for 8 bitsmov al, bl ;store result into AL

Skip to Page 48

39

Exercise 2 Give the binary content of AX immediately after the

execution of the each instruction below (Consider that AX = 1011 0011 1100 1010b before each of these instructions):

(A) SHL AL,2 ; AX =

(B) SAR AH,2 ; AX =

(C) ROR AX,4 ; AX =

(D) ROL AX,3 ; AX =

(E) SHL AL,8 ; AX =


Your turn . . .

stcmov al,6Bhrcr al,1 a.rcl al,3 b.

Indicate the hexadecimal value of AL after each rotation:

B5hAEh


SHLD Instruction

• Shifts a destination operand a given number of bits to the left

• The bit positions opened up by the shift are filled by the most significant bits of the source operand

• The source operand is not affected• Syntax:

SHLD destination, source, count• Operand types:

SHLD reg16/32, reg16/32, imm8/CLSHLD mem16/32, reg16/32, imm8/CL


SHLD Example

Shift count of 1:mov al,11100000bmov bl,10011101bshld al,bl,1


Another SHLD Example

.datawval WORD 9BA6h.codemov ax,0AC36hshld wval,ax,4

9BA6 AC36

BA6A AC36

wval AX

Shift wval 4 bits to the left and replace its lowest 4 bits with the high 4 bits of AX:

Before:

After:


SHRD Instruction

• Shifts a destination operand a given number of bits to the right

• The bit positions opened up by the shift are filled by the least significant bits of the source operand

• The source operand is not affected• Syntax:

SHRD destination, source, count• Operand types:

SHRD reg16/32, reg16/32, imm8/CLSHRD mem16/32, reg16/32, imm8/CL


SHRD Example

Shift count of 1:mov al,11000001bmov bl,00011101bshrd al,bl,1


Another SHRD Example

mov ax,234Bhmov dx,7654hshrd ax,dx,4

Shift AX 4 bits to the right and replace its highest 4 bits with the low 4 bits of DX:

Before:

After:

7654 234B

7654 4234

DX AX


Your turn . . .

mov ax,7C36hmov dx,9FA6hshld dx,ax,4 ; DX =shrd dx,ax,8 ; DX =

Indicate the hexadecimal values of each destination operand:

FA67h36FAh

48

Application: Binary Output To display the binary number in EBX:

MOV ECX,32 ; count 32 binary chars START:

ROL EBX,1 ; CF gets msb JC ONE ; if CF =1 MOV AL, ’0’ JMP DISP

ONE: MOV AL,’1’ DISP: CALL WriteChar

LOOP START


Displaying Binary Bits

Algorithm: Shift MSB into the Carry flag; If CF = 1, append a "1" character to a string; otherwise, append a "0" character. Repeat in a loop, 32 times.

.databuffer BYTE 32 DUP(0),0.code

mov ecx,32mov esi,OFFSET buffer

L1: shl eax,1mov BYTE PTR [esi],'0'jnc L2mov BYTE PTR [esi],'1'

L2: inc esiloop L1

50

Application: Binary Input To load EAX with the numerical value of a binary string (ex:

101100101...) entered at the keyboard:

xor ebx, ebx ;clear ebx to hold entrynext:call ReadCharcmp al, 0Dh ;end of input line reached?je exit ;yes, then exitand al, 0Fh ;no, convert to binary valueshl ebx, 1 ;make room for new valueor bl, al ;put value in ls bitjmp next

exit:mov eax,ebx ;eax holds binary value

In AL we have either 30h or 31h (ASCII code of ‘0’ and ‘1’) Hence, AND AL,0Fh converts AL to either 0h or 1h Hence, OR BL,AL possibly changes only the lsb of BL

51

Algorithm for Hex Output To display the content of EBX in hexadecimal

Repeat 8 times {ROL EBX, 4 ;the ms 4bits goes into ls 4bitsMOV DL, BLAND DL, 0Fh ;DL contains num value of 4bits

If DL < 10 then convert to ‘0’..’9’else convert to ‘A’..’F’

} end Repeat

The complete ASM coding is left to the reader

52

Algorithm for Hex Input To load EAX with the numerical value of the hexadecimal

string entered at the keyboard:

XOR EBX, EBX ;EBX will hold resultWhile (input char != <CR>) DO {convert char into numerical valueleft shift EBX by 4 bitsinsert value into lower 4 bits of EBX

} end whileMOV EAX,EBX

The complete ASM coding is left to the reader Skip to Page 55


Shifting Multiple Doublewords

• Programs sometimes need to shift all bits within an array, as one might when moving a bitmapped graphic image from one screen location to another.

• The following shifts an array of 3 doublewords 1 bit to the right (view complete source code):

.dataArraySize = 3array DWORD ArraySize DUP(99999999h) ; 1001 1001....codemov esi,0shr array[esi + 8],1 ; high dwordrcr array[esi + 4],1 ; middle dword, include Carryrcr array[esi],1 ; low dword, include Carry


Isolating a Bit String

• The MS-DOS file date field packs the year, month, and day into 16 bits:

DH DL

Year Month Day

9-15 5-8 0-4Field:

Bit numbers:

01 000 10 1 10 1 010 10

mov ax,dx ; make a copy of DXshr ax,5 ; shift right 5 bitsand al,00001111b ; clear bits 4-7mov month,al ; save in month variable

Isolate the Month field:


4C 6F 70 70 75 75 6E

Documents

Assembly Language for x86 Processors 6th Edition Chapter 6: Bitwise Instructions (c) Pearson Education, 2010. All rights reserved. You may modify and copy