# 16.317: Microprocessor-Based Systems I Spring 2012 ## Exam 2 April 4, 2012 | Vame: | _ ID #: | Section: | |-------|---------|----------| |-------|---------|----------| For this exam, you may use a calculator and one 8.5" x 11" double-sided page of notes. All other electronic devices (e.g., cellular phones, laptops, PDAs) are prohibited. If you have a cellular phone, please turn it off prior to the start of the exam to avoid distracting other students. The exam contains 3 questions for a total of 100 points. Please answer the questions in the spaces provided. If you need additional space, use the back of the page on which the question is written and clearly indicate that you have done so. The last four pages of the exam (beginning with page 7) contain reference material for the exam: lists of 80386 instructions and condition codes. You may detach these pages and do not have to submit them when you turn in your exam. You will have 50 minutes to complete this exam. | Q1: Multiple choice | / 20 | |-----------------------|-------| | Q2: Protected mode | / 40 | | memory accesses | / 40 | | Q3: Assembly language | / 40 | | TOTAL SCORE | / 100 | 1. (20 points, 5 points per part) *Multiple choice* For each of the multiple choice questions below, clearly indicate your response by circling or underlining the single choice you think best answers the question. - a. Given CS = 1000H, IP = E000, and EBX = 1E001000, which of the following CALL instructions will transfer control to an instruction at physical address 1F000H? - A. CALL 1000H - B. CALL F000H - C. CALL BX - D. CALL EBX - E. CALL HOME\_BECAUSE\_YOUR\_MOTHER\_MISSES\_YOU (hey, for all you know, that could be a valid instruction label) - i. A and C - ii. B and C - iii. A and D - iv. B and D b. How many iterations does the following loop execute? MOV CX, 0008H MOV AX, 0000H START: ADD AX, 0002H CMP AX, CX LOOPNE START - i. 2 - ii. 3 - iii. 4 - iv. 6 - v. 8 #### 1 (cont.) c. Assuming A, B, C, and D are all signed integers, what compound condition does the following instruction sequence test? ``` MOV AX, D CMP A, AX SETL BL SUB AX, B CMP AX, C SETGE BH AND BL, BH ``` - i. (A < D) && (B >= C) - ii. (A < D) && (D >= C) - iii. $(A \le D) \&\& (D B \ge C)$ - iv. (A < D) && (D B >= C) - V. (A <= D) && (B D >= C) - d. Which of the following statements about virtual memory are <u>true?</u> - A. When translating a virtual address to a physical address, the virtual page number is replaced by the appropriate physical frame number, while the lower bits of the address—the page offset—remain the same. - B. The number of bits in the page offset depends on the number of pages in the virtual address space. - C. Because all virtual pages cannot fit in physical memory, each page table entry requires a valid bit to indicate if the frame number in that entry is valid. - D. The TLB is a sandwich containing the same ingredients as a BLT, but with those ingredients stacked in the opposite order. - i. Only A - ii. Only C - iii. A and B - iv. A and C - v. A, B, and C ## 2. (40 points) **Protected mode memory accesses** Assume the 80386 is running in protected mode with the state given below. Note that each memory location shown contains a descriptor for a particular segment. GDTR = 123000080017 LDTR = 0008 LDTR cache: base = 12300028 LDTR cache: limit = 0027 DS = 0006 ESI = 0000CD04 EBX = 00031A0 | Memory | Address | Memory | Address | |-----------------|----------|-----------------|----------| | Base = 030010F0 | 12300000 | Base = AC000000 | 12300028 | | Limit = 020F | | Limit = 0317 | | | Base = 12300020 | 12300008 | Base = 01610200 | 12300030 | | Limit = 0007 | | Limit = 03F7 | | | Base = 12300028 | 12300010 | Base = 03170214 | 12300038 | | Limit = 0027 | | Limit = 030F | | | Base = 1200C000 | 12300018 | Base = 06B01000 | 12300040 | | Limit = FFFF | | Limit = 0F07 | | | Base = 12340000 | 12300020 | Base = 05000120 | 12300048 | | Limit = 00FF | | Limit = 000F | | What address does each of the following instructions access? (<u>Hint</u>: solving part (a) should help you solve parts (b) and (c)). ### 3. (40 points) Assembly language For each instruction sequence shown below, list <u>all</u> changed registers, memory locations, and/or flags, as well as their new values. #### a. Initial state: - (EAX) = 0000ABC0H - (EBX) = 000012ACH - (ECX) = 00000020H - (EDX) = 00000000H - (ESI) = 00000100H - (EDI) = 00000200H - (DS:100H) = 00H - (DS:101H) = F0H - (DS:110H) = 00H - (DS:111H) = FFH - (DS:200H) = 30H - (DS:201H) = 00H - (DS:210H) = AAH - (DS:211H) = AAH - (DS:220H) = 55H - (DS:221H) = 55H - (DS:300H) = AAH - (DS:301H) = 55H Also, assume all flags (ZF, CF, SF, PF, OF) are initialized to 0. ### **Instructions:** BSF DX, AX JNZ END BT BX, DX SETNC [100H] END: AND CL, [100H] ## 3 (cont.) ### b. Initial state: - (EAX) = 00000016H - (EBX) = 00000317H - (ECX) = 00000010H - (EDX) = 0000ABCDH - (ESI) = 00000100H - (EDI) = 00000106H - (DS:100H) = 0FH - (DS:101H) = F0H - (DS:102H) = 00H - (DS:103H) = FFH - (DS:104H) = 30H - (DS:105H) = 00H - (DS:106H) = AAH - (DS:107H) = AAH - (DS:108H) = 55H - (DS:109H) = 55H - (DS:10AH) = AAH - (DS:10BH) = 55H Also, assume all flags (ZF, CF, SF, PF, OF) are initialized to 0. ### **Instructions:** | | CMP | AX, BX | |------|-----|--------------| | | JE | L1 | | | JG | L2 | | | INC | AX | | | JMP | END | | L1: | DEC | AX | | | JMP | END | | L2: | MOV | AX, BX | | END: | MOV | [DI+02H], AX | The following pages contain references for use during the exam: tables containing the 80386 instruction set and condition codes. You may detach these sheets from the exam and do not need to submit them when you finish. #### Remember that: - Most instructions can have at most one memory operand. - Brackets [] around a register name, immediate, or combination of the two indicates an effective address. That address is in the data segment unless otherwise specified. - o Example: MOV AX, [10H] → contents of DS:10H moved to AX - Parentheses around a logical address mean "the contents of memory at this address". - Example: (DS:10H) $\rightarrow$ the contents of memory at logical address DS:10H | Category | Instruction | Example | Meaning | |------------|------------------------------------|---------------------|----------------------------------------------------------| | | Move | MOV AX, BX | AX = BX | | | Move & sign-extend | MOVSX EAX, DL | EAX = DL, sign-extended to 32 bits | | | Move and zero-extend | MOVZX EAX, DL | EAX = DL, zero-extended to 32 bits | | Data | Exchange | XCHG AX, BX | Swap contents of AX, BX | | transfer | Load effective address | LEA AX, [BX+SI+10H] | AX = BX + SI + 10H | | | Load full pointer | LDS AX, [10H] | AX = (DS:10H)<br>DS = (DS:12H) | | | | LSS EBX, [100H] | EBX = (DS:100H)<br>SS = (DS:104H) | | | Add | ADD AX, BX | AX = AX + BX | | | Add with carry | ADC AX, BX | AX = AX + BX + CF | | | Increment | INC [DI] | (DS:DI) = (DS:DI) + 1 | | | Subtract | SUB AX, [10H] | AX = AX - (DS:10H) | | | Subtract with borrow | SBB AX, [10H] | AX = AX - (DS:10H) - CF | | | Decrement | DEC CX | CX = CX - 1 | | | Negate (2's complement) | NEG CX | CX = -CX | | | Unsigned multiply | MUL BH | AX = BH * AL | | | (all operands are non- | MUL CX | (DX,AX) = CX * AX | | Arithmetic | negative, regardless of MSB value) | MUL DWORD PTR [10H] | (EDX,EAX) = (DS:10H) *<br>EAX | | 7 | Signed multiply | IMUL BH | AX = BH * AL | | | (all operands are | IMUL CX | (DX,AX) = CX * AX | | | signed integers in 2's | IMUL DWORD PTR[10H] | (EDX,EAX) = (DS:10H) * | | | complement form) | | EAX | | | Unsigned divide | DIV BH | AL = AX / BH (quotient)<br>AH = AX % BH (remainder) | | | | DIV CX | AX = EAX / CX (quotient) DX = EAX % CX (remainder) | | | | DIV EBX | EAX = (EDX, EAX) / EBX (Q)<br>EDX = (EDX, EAX) % EBX (R) | | Category | Instruction | Example | Meaning | |-----------------------|----------------------------------------|-------------|------------------------------------------| | Logical | Logical AND | AND AX, BX | AX = AX & BX | | | Logical inclusive OR | OR AX, BX | AX = AX BX | | | Logical exclusive OR | XOR AX, BX | AX = AX ^ BX | | | Logical NOT | NOT AX | AX = ~AX | | | (1's complement) | | | | | Shift left | SHL AX, 7 | $AX = AX \ll 7$ | | | | | | | | | SAL AX, CX | AX = AX << CX | | | Logical shift right | SHR AX, 7 | AX = AX >> 7 | | | (treat value as | | (upper 7 bits = 0) | | | unsigned, shift in 0s) | | AX = AX >> 7 | | | Arithmetic shift right | SAR AX, 7 | (upper 7 bits = MSB of | | Shift/rotate | (treat value as signed; maintain sign) | | original value) | | (NOTE: for | Rotate left | ROL AX, 7 | AX = AX rotated left by 7 | | all | Notate icit | ROLL PAR, 7 | (lower 7 bits of AX = | | instructions | | | upper 7 bits of original | | except | | | value) | | RCL/RCR,<br>CF = last | Rotate right | ROR AX, 7 | AX=AX rotated right by 7 | | bit shifted | | | (upper 7 bits of AX = | | out) | | | lower 7 bits of original | | out) | | | value) | | | Rotate left through | RCL AX, 7 | (CF,AX) rotated left by 7 | | | carry | | (Treat CF & AX as 17-bit | | | Datata sinkt there enk | DGD 344 F | value with CF as MSB) | | | Rotate right through | RCR AX, 7 | (AX,CX) rotated right by | | | carry | | (Treat CF & AX as 17-b8t | | | | | value with CF as LSB) | | | Bit test | BT AX, 7 | CF = Value of bit 7 of AX | | | Bit test and reset | BTR AX, 7 | CF = Value of bit 7 of AX | | | | · | Bit 7 of $AX = 0$ | | | Bit test and set | BTS AX, 7 | CF = Value of bit 7 of AX | | | | | Bit 7 of AX = 1 | | | Bit test and | BTC AX, 7 | CF = Value of bit 7 of AX | | | complement | | Bit 7 of AX is flipped | | Bit test/ | Bit scan forward | BSF DX, AX | DX = index of first non- | | scan | | | zero bit of AX, starting | | | | | with bit 0 | | | | | <pre>ZF = 0 if AX = 0, 1 otherwise</pre> | | | Rit scan roverce | BSR DX, AX | DX = index of first non- | | | Bit scan reverse | DOK DA, AA | zero bit of AX, starting | | | | | with MSB | | | | | ZF = 0 if AX = 0, 1 | | | | | otherwise | | | | | | | Category | Instruction | Example | Meaning | |-----------------|------------------------|--------------|---------------------------------------------------| | | Clear carry flag | CLC | CF = 0 | | | Set carry flag | STC | CF = 1 | | | Complement carry | CMC | CF = ~CF | | | flag | | | | Floa | Clear interrupt flag | CLI | IF = 0 | | Flag<br>control | Set interrupt flag | STI | IF = 1 | | CONTROL | Load AH with | LAHF | AH = FLAGS | | | contents of flags | | | | | register | | | | | Store contents of AH | SAHF | FLAGS = AH | | | in flags register | | (Updates SF,ZF,AF,PF,CF) | | | Compare | CMP AX, BX | Subtract AX - BX | | Conditional | | | Updates flags | | tests | Byte set on condition | SETCC AH | AH = FF if condition true | | | | | AH = 0 if condition false | | | Unconditional jump | JMP label | Jump to label | | | Conditional jump | Jcc label | Jump to label if | | | 1 | 7000 1 1 1 | condition true | | | Loop | LOOP label | Decrement CX; jump to | | Jumps and | | TOODE label | label if CX != 0 | | loops | Loop if equal/zero | LOOPE label | Decrement CX; jump to label if (CX != 0) && | | | | LOOPZ label | (ZF == 1) | | | Loop if not equal/zero | LOOPNE label | Decrement CX; jump to | | | Loop ii not equal/zero | LOOPNE label | label if (CX != 0) && | | | | HOOFNZ TABEL | (ZF == 0) | | Subroutine- | Call subroutine | CALL label | Jump to label; save | | related | Can caproanie | | address of instruction | | instructions | | | after CALL | | | Return from | RET label | Return from subroutine | | | subroutine | | (jump to saved address | | | | | from CALL) | | | Push | PUSH AX | SP = SP - 2 | | | | | (SS:SP) = AX | | | | | | | | | PUSH EAX | SP = SP - 4 | | | | | (SS:SP) = EAX | | | Pop | POP AX | AX = (SS:SP) | | | | | SP = SP + 2 | | | | DOD EAN | EAV - (CC.CD) | | | | POP EAX | EAX = (SS:SP)<br>SP = SP + 4 | | | Duch flogs | DIIGUE | Store flags on stack | | | Push flags | PUSHF | | | | Pop flags | POPF | Remove flags from stack Store all general purpose | | | Push all registers | PUSHA | registers on stack | | | Pop all registers | POPA | Remove general purpose | | | i op all registers | IOFA | registers from stack | | | | | TOSTBUCTO THOM SUREN | | Condition code | Meaning | Flags | | |----------------|---------------------------|-------------------------|--| | 0 | Overflow | OF = 1 | | | NO | No overflow | OF = 0 | | | В | Below | | | | NAE | Not above or equal | CF = 1 | | | С | Carry | | | | NB | Not below | | | | AE | Above or equal | CF = 0 | | | NC | No carry | | | | S | Sign set | SF = 1 | | | NS | Sign not set | SF = 0 | | | Р | Parity | PF = 1 | | | PE | Parity even | 11 – 1 | | | NP | No parity | PF = 0 | | | PO | Parity odd | 11 = 0 | | | E | Equal | ZF = 1 | | | Z | Zero | 21 - 1 | | | NE | Not equal | ZF = 0 | | | NZ | Not zero | 21 - 0 | | | BE | Below or equal | CF OR ZF = 1 | | | NA | Not above | 01 01(21 = 1 | | | NBE | Not below or equal | CF OR ZF = 0 | | | Α | Above | GI GIV ZI = 0 | | | L | Less than | SF XOR OF = 1 | | | NGE | Not greater than or equal | | | | NL | Not less than | SF XOR OF = 0 | | | GE | Greater than or equal | | | | LE | Less than or equal | (SF XOR OF) OR ZF = 1 | | | NG | Not greater than | | | | NLE | Not less than or equal | (SF XOR OF) OR ZF = 0 | | | G | Greater than | (3. 7.3.(3. ) 3.(2. = 0 | |