Week 6

Assembly Language

Flow Control Instructions

Flow chart and Pseudocode

Arithmetic Logic Instructions

These lecture notes are based on the book by Muhammed Ali Mazidi,
Janice Gillispie Mazidi, Danny Causey; «The x86 PC assembly language,
design, ad interfacing», 5the Ed., Prentice Hall
Control Transfer Instructions
CONTROL TRANSFER INSTRUCTIONS
FAR and NEAR
u In the sequence of instructions, it is often necessary to
transfer program control to a different location.
u If control is transferred to a memory location within the
current code segment, it is NEAR.
u Sometimes called intrasegment. (within segment)
u If control is transferred outside the current code segment, it
is a FAR jump.
u Or intersegment. (between segments)
CONTROL TRANSFER INSTRUCTIONS
FAR and NEAR

u As the CS:IP registers always point to the address of the

next instruction to be executed, they must be updated
when a control transfer is executed.
u In a NEAR jump, the IP is updated, and CS remains the same,
since control is still inside the current code segment.
u In a FAR jump, because control is passing outside the current
code segment, both CS and IP have to be updated to the new
values.
CONTROL TRANSFER INSTRUCTIONS
conditional jumps
u Conditional jumps have mnemonics such as JNZ (jump not zero) and JC
(jump if carry).
u In the conditional jump, control is transferred to a new location if a certain
condition is met.
u The flag register indicates the current condition.
u For example, with "JNZ label", the processor looks at the zero flag to see if
it is raised.
u If not, the CPU starts to fetch and execute instructions from the address of the
label.
u If ZF = 1, it will not jump but will execute the next instruction below the JNZ.
CONTROL TRANSFER INSTRUCTIONS
conditional jumps
CONTROL TRANSFER INSTRUCTIONS
short jumps
u All conditional jumps are short jumps.
u The address of the target must be within -128 to +127 bytes of the IP.
u The conditional jump is a two-byte instruction.
u One byte is the opcode of the J condition.
u The second byte is a value between 00 and FF.
u An offset range of 00 to FF gives 256 possible addresses.

u In a jump backward, the second byte is the 2's complement

of the displacement value
Offset value mov bx,0
L1: add bx,[di]
inc di
inc di
dec cx
jnz L1
mov word ptr[si], sum

F9 is 2’s complement of 7,
(15H-0EH)
15 is the offset of next
instruction after the “jmp”
Example program
CONTROL TRANSFER INSTRUCTIONS
short jumps
u After the program was assembled and linked, using debug
c>debug prog2-1.exe
-u cs:0 19 The IP value of MOV, at 0013, is
1067:0000 B86610 MOVE AX, 1066
added to FA to calculate the address of
1067:0003 8ED8 MOVE DS, AX
1067:0005 B90500 MOVE CX, 0005 label AGAIN, and the carry is dropped.
1067:0008 BB0000 MOVE BX, 0000
1067:000B B000 MOVE AL, 00
1067:000D 0207 ADD AL, [BX] FA is 2’s complement of 6 (-6): 0000 0110
1067:000F 43 INC BX (1111 1010)
1067:0010 49 DEC CX When you add FA + 13 = 0D (carry is
1067:0011 75FA JNZ 000D dropped)
1067:0013 A20500 MOVE [500], AL
1067:0016 B44C MOV AH, 4CH FA
1067:0008 CD21 INT 21H 13
10D
-"JNZ AGAIN" was assembled as "JNZ 000D", and 000D is the address of the
instruction with the label AGAIN.
"JNZ 000D" has the opcode 75 and the target address FA.
CONTROL TRANSFER INSTRUCTIONS
short jumps
u Calculate a forward jump target address by adding the IP of the following instruction
to the operand.
u The displacement value is positive, as shown.

– "JB NEXT" has the opcode 72, the target address

displacement 06, and is located at IP = 000A and 000B.
• The jump is 6 bytes from the next instruction, i.e. IP = 000C.
• Adding gives us 000CH + 0006H = 0012H, which is the exact
address of the NEXT label.
CONTROL TRANSFER INSTRUCTIONS
short jumps

u For conditional jumps, the address of the target

address can never be more than -128 to +127 bytes
away from the IP associated with the instruction
following the jump.
u Any attempt is made to violate this rule will generate a
"relative jump out of range" message.
CONTROL TRANSFER INSTRUCTIONS
unconditional jumps
u An unconditional jump transfers control to the target location label
unconditionally, in the following forms:
u SHORT JUMP - in the format "JMP SHORT label".
u A jump within -128 to +127 bytes of memory relative to the address of the
current IP, opcode EB.
u NEAR JUMP - the default, has the format "JMP label".
u A jump within the current code segment, opcode E9.
u The target address can be any of the addressing modes of direct, register,
register indirect, or memory indirect:
u Direct JUMP - exactly like the short jump.
u Except that the target address can be anywhere in the segment in the range
+32767 to -32768 of the current IP.
CONTROL TRANSFER INSTRUCTIONS
unconditional jumps
u An unconditional jump transfers control to the target location label
unconditionally, in the following forms:

– Register indirect JUMP - target address is in a register.

• In "JMP BX", IP takes the value BX.

– Memory indirect JMP - target address is the contents of two memory locations,
pointed at by the register.
• "JMP [DI]" will replace the IP with the contents of memory locations pointed
at by DI and DI+1.
– FAR JUMP - in the format "JMP FAR PTR label". A jump out of the current code
segment
• IP and CS are both replaced with new values.
CONTROL TRANSFER INSTRUCTIONS
CALL statements
u The CALL instruction is used to call a procedure, to perform tasks
that need to be performed frequently.
u The target address could be in the current segment, in which case it will
be a NEAR call or outside the current CS segment, which is a FAR call.
u The microprocessor saves the address of the instruction following
the call on the stack.
u To know where to return, after executing the subroutine.
u In the NEAR call only the IP is saved on the stack.
u In a FAR call both CS and IP are saved.
 CONTROL TRANSFER INSTRUCTIONS
CALL statements
u For control to be transferred back to the caller, the last subroutine instruction
must be RET (return).
u For NEAR calls, the IP is restored.
u For FAR calls, CS & IP are restored.
u Assume SP = FFFEH:

– Since this is a NEAR call, only IP

is saved on the stack.
• The IP address 0206, which belongs to the "MOV AX,142F"
instruction, is saved on the stack.
• It is assumed that BX is first pushed into the stack (missing
in the code)
 CONTROL TRANSFER INSTRUCTIONS
short jumps
u The last instruction of the called subroutine must be a RET
instruction that directs the CPU to POP the top 2 bytes of
the stack into the IP and resume executing at offset address
0206.
u The number of PUSH and POP instructions (which alter the SP) must
match.
u For every PUSH there must be a POP.
 Example topla proc
pop bp
.model small pop cx
.code pop dx
push ax add cx,dx
main proc far push bx push bp
mov ax,@data call fark ret
mov ds,ax mov [fark1],cl topla endp

mov dx,0 fark proc

mov ax,0 son: mov ah,4ch pop bp
mov al,00h pop cx
lea di, notlar int 21h pop dx
mov ax,[di] main endp sub cx,dx
inc di push bp
inc di ret
mov bx,[di] fark endp
push ax
push bx .data
call topla notlar db 20h,0,32h
mov [averaj],cl averaj db 0
fark1 db ?
CONTROL TRANSFER INSTRUCTIONS
assembly language subroutines

It is common to have one main program and

many subroutines to be called from the main.
Each subroutine can be a separate module,
tested separately, then brought together.
If there is no specific mention of FAR after
the directive PROC, it defaults to NEAR.
CONTROL TRANSFER INSTRUCTIONS
rules for names in Assembly language
u The names used for labels in Assembly language programming
consist of…
u Alphabetic letters in both upper- and lowercase.
u The digits 0 through 9.
u Question mark (?); Period (.); At (@)
u Underline (_); Dollar sign ($)

• Each label name must be unique.

– They may be up to 31 characters long.
• The first character must be an alphabetic or special character.
– It cannot be a digit.
CONTROL TRANSFER INSTRUCTIONS
rules for names in Assembly language

u The period can only be used as the first character.

u This is not recommended since later versions of TASM
and MASM have several reserved words that begin with
a period.