Assembly Language Conventions on DEC Alpha Systems

ID: Q159455

The information in this article applies to:

Microsoft Windows NT 3.1
Microsoft Windows NT Advanced Server, version 3.1
Microsoft Windows NT Workstation versions 3.5, 3.51, 4.0
Microsoft Windows NT Server versions 3.5, 3.51, 4.0

SUMMARY

When you do kernel debugging of Windows NT on a DEC Alpha-based system, there are a number of commonly used assembly language conventions that are useful to know. Some of them are very simple; others are more complicated. Debugging can go much faster after you are aware of these conventions.

MORE INFORMATION

Alpha assembly language has a very small number of instructions. The set used in Windows NT operating system code is made even smaller by the fact that floating point commands are generally not used. Because of that, knowing the following types of assembly instructions should give you a good start at debugging Windows NT on a DEC Alpha computer.

Registers

DEC Alpha computers, like many RISC-based systems, have a large number of registers. There are 32 integer registers (R0-R31) and 32 floating point registers (F0-F31), all of which are 64-bit. In most operating system assembly code, only the integer registers will be used. Additionally, the assembly language does not refer to the registers using R0 through R31, instead, it uses a naming convention that indicates the general purpose of the registers:


   Register  Name   Purpose
   --------  ----   -------
   R0        V0     Frequently used to store function addresses
   R1-R8     T0-T7  Temporary registers, used to store interim
                    values in calculations
   R9-R14    S0-S5  Primary registers, used to store local variables
                    and other important 'permanent' values
   R15       FP/S6  Frame pointer, also referred to as S6
   R16-R21   A0-A5  Argument registers, used to pass arguments in
                    function calls.
   R22-R25   T8-T11 More temporary registers
   R26       RA     Return Address register
   R27       PV/T12 Pointer value/Temporary storage
   R28       AT     Assembler temporary register
   R29       GP     Global Pointer
   R30       SP     Stack Pointer
   R31       ZERO   Special constant register which always holds
                    zero

The T and A registers are all temporary-use registers, and the S registers are more permanent (in the sense that the S registers will always be saved off onto the stack at the beginning of each function and restored at the end of each function), so they can be counted on to hold the same values before and after a function call has been made (where the A and T registers may have been changed by the function call). The FP and SP registers will also be saved in the same manner.

Store and Load Instructions

The two types of instructions you will commonly see are load and store, some examples of which are:


   ldl          t5,0x8(s3)
   ldq          t1,0x460(t1)
   stl          t6,0x4(s2)
   stq          s0,0x50(sp)

The general format of both of these commands is:


   ldX   rY,<offset>(rZ)
   stX   rY,<offset>(rZ)

where X is the size of the value (longword or quadword), rY is the first Register, and rZ is the second. The notation <offset>(rZ) means to add the literal offset to the value in register Z and use that as a memory address, much like the Intel instruction 'dword ptr[eax+0x4]'. In the case of the load command, the value at <offset>(rZ) is loaded into register Y, in the case of the store command, the value in register Y is written to the memory at <offset>(rZ).

There are also special forms of these instructions, but the only one you will see frequently is the load address instruction (LDA), that has the same operands as the other load commands. A load address will compute the address in the second operand ( <offset>(rZ) ) and put that result in rY, rather than loading the value at that address.

Moving Data Between Registers

In Alpha assembly, you will often see the following types of commands as well, all of which have a very similar effect:


   1. bis          fp,zero,a2
   2. bis          zero,zero,a3
   3. bis          zero,#0x3,a1
   4. bis          zero,zero,zero

In all of the above commands, zero is a special literal that refers to a fixed register on the processor that is always set to zero. 'bis' is the mnemonic for a bitwise or and is a very fast instruction, taking one processor cycle to run. The four commands above have the following results:

bis rX,zero,rY is a fast way of moving the value in register X into register Y.

bis zero,zero,rX is a fast way of zeroing out register X.

bis zero,#0xX,rY moves the literal value X into register Y.

The last form of the bis command, bis zero,zero,zero, effectively does nothing. It is used when the next command is waiting on the results of a command that is still being carried out. Because it wastes exactly 1 processor cycle and no more, it is a convenient way for assembler to say "wait one cycle and then start doing things again".

Branch Commands

On an Intel-based system, there are a number of different types of comparison and branch commands that are generally used sequentially; that is, a cmp followed by a jne or a test followed by a jle. On the Alpha, the branch command set is much smaller and each command combines the test with the branch. The conditional branch commands have the following format


   Bxx rY,<address>

where xx is a two or three letter sequence indicating the type of test to be performed on the value in register Y and <address> is the address to jump to if the test is true. For example:


   bne t5,ExFreePool+0x27c - If t5 is not equal to zero, branch to
                             ExFreePool+0x27c
   ble a1,KiWaitTest+0x198 - If a1 is less than or equal to zero, branch
                             to KiWaitTest+0x198

Conditional branch commands will almost always come after some kind of bitwise Boolean operation on the register being tested. For example:


   xor          t5,a2,t5
   bne          t5,ExFreePool+0x27c

These examples will cause code execution to jump to ExFreePool+0x27c if the value in t5 and a2 are equal, as an exclusive or (xor) will result in zero for equal values and non zero for unequal values.

Alpha assembly also has unconditional branch and jump commands - br, bsr, jsr, jmp and ret. All of these except ret have the following format:


   bXX  rY,<address>
   jXX  rY,<address>

In all 4 of the commands, the address of the next instruction is stored in register Y and execution jumps to <address>. The ret instruction performs the standard return.

For more information on Alpha assembly language, see the Alpha AXP Architecture reference manual, written by Richard L. Sites and Richard T. Witek. For information on basic debugging procedures on RISC systems, search the Microsoft Knowledge Base on the following keywords:

RISC and DEBUG and WINNT

Additional query words: debug risc debugref

Keywords : NTSrvWkst
Version : winnt:3.1,3.5,3.51,4.0; :3.1
Platform : winnt
Issue type : kbinfo