Assembly Language Conventions on DEC Alpha Systems

This article was previously published under Q159455
This article has been archived. It is offered "as is" and will no longer be updated.
SUMMARY
When you do kernel debugging of Windows NT on a DEC Alpha-based system,there are a number of commonly used assembly language conventions that areuseful to know. Some of them are very simple; others are more complicated.Debugging can go much faster after you are aware of these conventions.
MORE INFORMATION
Alpha assembly language has a very small number of instructions. The setused in Windows NT operating system code is made even smaller by the factthat floating point commands are generally not used. Because of that,knowing the following types of assembly instructions should give you a goodstart at debugging Windows NT on a DEC Alpha computer.

Registers

DEC Alpha computers, like many RISC-based systems, have a large number ofregisters. There are 32 integer registers (R0-R31) and 32 floating pointregisters (F0-F31), all of which are 64-bit. In most operating systemassembly code, only the integer registers will be used. Additionally, theassembly language does not refer to the registers using R0 through R31,instead, it uses a naming convention that indicates the general purpose ofthe registers:
   Register  Name   Purpose   --------  ----   -------   R0        V0     Frequently used to store function addresses   R1-R8     T0-T7  Temporary registers, used to store interim                    values in calculations   R9-R14    S0-S5  Primary registers, used to store local variables                    and other important 'permanent' values   R15       FP/S6  Frame pointer, also referred to as S6   R16-R21   A0-A5  Argument registers, used to pass arguments in                    function calls.   R22-R25   T8-T11 More temporary registers   R26       RA     Return Address register   R27       PV/T12 Pointer value/Temporary storage   R28       AT     Assembler temporary register   R29       GP     Global Pointer   R30       SP     Stack Pointer   R31       ZERO   Special constant register which always holds                    zero				

The T and A registers are all temporary-use registers, and the S registersare more permanent (in the sense that the S registers will always be savedoff onto the stack at the beginning of each function and restored at theend of each function), so they can be counted on to hold the same valuesbefore and after a function call has been made (where the A and T registersmay have been changed by the function call). The FP and SP registers willalso be saved in the same manner.

Store and Load Instructions

The two types of instructions you will commonly see are load and store,some examples of which are:
   ldl          t5,0x8(s3)   ldq          t1,0x460(t1)   stl          t6,0x4(s2)   stq          s0,0x50(sp)				

The general format of both of these commands is:
   ldX   rY,<offset>(rZ)   stX   rY,<offset>(rZ)				

where X is the size of the value (longword or quadword), rY is the firstRegister, and rZ is the second. The notation <offset>(rZ) means to add theliteral offset to the value in register Z and use that as a memory address,much like the Intel instruction 'dword ptr[eax+0x4]'. In the case of theload command, the value at <offset>(rZ) is loaded into register Y, in thecase of the store command, the value in register Y is written to the memoryat <offset>(rZ).

There are also special forms of these instructions, but the only one youwill see frequently is the load address instruction (LDA), that has thesame operands as the other load commands. A load address will compute theaddress in the second operand ( <offset>(rZ) ) and put that result in rY,rather than loading the value at that address.

Moving Data Between Registers

In Alpha assembly, you will often see the following types of commands aswell, all of which have a very similar effect:
   1. bis          fp,zero,a2   2. bis          zero,zero,a3   3. bis          zero,#0x3,a1   4. bis          zero,zero,zero				

In all of the above commands, zero is a special literal that refers to afixed register on the processor that is always set to zero. 'bis' is themnemonic for a bitwise or and is a very fast instruction, taking oneprocessor cycle to run. The four commands above have the followingresults:

  1. bis rX,zero,rY is a fast way of moving the value in register X into register Y.
  2. bis zero,zero,rX is a fast way of zeroing out register X.
  3. bis zero,#0xX,rY moves the literal value X into register Y.
  4. The last form of the bis command, bis zero,zero,zero, effectively does nothing. It is used when the next command is waiting on the results of a command that is still being carried out. Because it wastes exactly 1 processor cycle and no more, it is a convenient way for assembler to say "wait one cycle and then start doing things again".

Branch Commands

On an Intel-based system, there are a number of different types ofcomparison and branch commands that are generally used sequentially; thatis, a cmp followed by a jne or a test followed by a jle. On the Alpha, thebranch command set is much smaller and each command combines the test withthe branch. The conditional branch commands have the following format
   Bxx rY,<address>				

where xx is a two or three letter sequence indicating the type of test tobe performed on the value in register Y and <address> is the address tojump to if the test is true. For example:
   bne t5,ExFreePool+0x27c - If t5 is not equal to zero, branch to                             ExFreePool+0x27c   ble a1,KiWaitTest+0x198 - If a1 is less than or equal to zero, branch                             to KiWaitTest+0x198				

Conditional branch commands will almost always come after some kind ofbitwise Boolean operation on the register being tested. For example:
   xor          t5,a2,t5   bne          t5,ExFreePool+0x27c				

These examples will cause code execution to jump to ExFreePool+0x27c if thevalue in t5 and a2 are equal, as an exclusive or (xor) will result in zerofor equal values and non zero for unequal values.

Alpha assembly also has unconditional branch and jump commands - br, bsr,jsr, jmp and ret. All of these except ret have the following format:
   bXX  rY,<address>   jXX  rY,<address>				

In all 4 of the commands, the address of the next instruction is stored inregister Y and execution jumps to <address>. The ret instruction performsthe standard return.

For more information on Alpha assembly language, see the Alpha AXPArchitecture reference manual, written by Richard L. Sites and Richard T.Witek. For information on basic debugging procedures on RISC systems,search the Microsoft Knowledge Base on the following keywords:
RISC and DEBUG and WINNT
debug risc debugref
Properties

Article ID: 159455 - Last Review: 02/28/2014 08:05:27 - Revision: 3.0

  • Microsoft Windows NT Advanced Server 3.1
  • Microsoft Windows NT Workstation 3.1
  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Advanced Server 3.1
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition
  • kbnosurvey kbarchive kbinfo KB159455
Feedback