How To Move String Into Register

x86 Assembly Guide

Contents: Registers | Retention and Addressing | Instructions | Calling Convention

This is a version adapted by Quentin Carbonneaux from David Evans' original document. The syntax was changed from Intel to AT&T, the standard syntax on UNIX systems, and the HTML lawmaking was purified.

This guide describes the nuts of 32-bit x86 associates language programming, covering a small but useful subset of the available instructions and assembler directives. There are several different assembly languages for generating x86 machine code. The one nosotros will utilize in CS421 is the GNU Assembler (gas) assembler. We will uses the standard AT&T syntax for writing x86 assembly code.

The total x86 education set is large and complex (Intel's x86 instruction set manuals comprise over 2900 pages), and we do not cover it all in this guide. For example, there is a 16-bit subset of the x86 instruction set up. Using the 16-scrap programming model tin be quite circuitous. Information technology has a segmented retentivity model, more restrictions on register usage, and so on. In this guide, we will limit our attending to more modern aspects of x86 programming, and delve into the pedagogy ready merely in plenty detail to become a basic feel for x86 programming.

Registers

Mod (i.east 386 and across) x86 processors take viii 32-fleck general purpose registers, equally depicted in Figure 1. The register names are mostly historical. For case, EAX used to be called the accumulator since it was used by a number of arithmetic operations, and ECX was known equally the counter since it was used to hold a loop alphabetize. Whereas almost of the registers have lost their special purposes in the modern teaching set, by convention, two are reserved for special purposes — the stack pointer (ESP) and the base pointer (EBP).

For the EAX, EBX, ECX, and EDX registers, subsections may exist used. For example, the least significant 2 bytes of EAX can be treated equally a 16-bit register called AX. The least meaning byte of AX tin can be used every bit a single 8-flake annals called AL, while the nigh significant byte of AX tin can be used as a single 8-flake register called AH. These names refer to the same physical register. When a two-byte quantity is placed into DX, the update affects the value of DH, DL, and EDX. These sub-registers are mainly hold-overs from older, 16-bit versions of the education prepare. Nevertheless, they are sometimes user-friendly when dealing with information that are smaller than 32-bits (eastward.g. 1-byte ASCII characters).

Figure 1. x86 Registers

Memory and Addressing Modes

Declaring Static Data Regions

Yous tin can declare static information regions (coordinating to global variables) in x86 assembly using special assembler directives for this purpose. Information declarations should be preceded by the .information directive. Following this directive, the directives .byte, .brusque, and .long tin can be used to declare one, ii, and four byte data locations, respectively. To refer to the accost of the data created, nosotros can label them. Labels are very useful and versatile in assembly, they give names to retention locations that volition exist figured out later past the assembler or the linker. This is similar to declaring variables past name, but abides by some lower level rules. For example, locations alleged in sequence volition be located in retentivity next to one some other.

Example declarations:

.data

var:

.byte 64 /* Declare a byte, referred to equally location var, containing the value 64. */

.byte 10 /* Declare a byte with no label, containing the value x. Its location is var + 1. */

x:

.brusk 42 /* Declare a ii-byte value initialized to 42, referred to as location ten. */

y:

.long 30000 /* Declare a iv-byte value, referred to every bit location y, initialized to 30000. */

Unlike in high level languages where arrays tin can take many dimensions and are accessed by indices, arrays in x86 assembly language are only a number of cells located contiguously in memory. An array tin be alleged by just list the values, equally in the commencement example beneath. For the special case of an assortment of bytes, string literals can be used. In instance a large area of memory is filled with zeroes the .zip directive tin can be used.

Some examples:

s:

.long 1, 2, 3 /* Declare three iv-byte values, initialized to one, 2, and 3.
The value at location s + viii volition be 3. */

barr:

.zero ten /* Declare 10 bytes starting at location barr, initialized to 0. */

str:

.string "hello" /* Declare 6 bytes starting at the address str initialized to
the ASCII character values for hello followed past a nul (0) byte. */

Addressing Retentiveness

Modern x86-compatible processors are capable of addressing up to 2³² bytes of memory: memory addresses are 32-bits wide. In the examples above, where we used labels to refer to memory regions, these labels are actually replaced past the assembler with 32-bit quantities that specify addresses in retentivity. In addition to supporting referring to memory regions past labels (i.e. abiding values), the x86 provides a flexible scheme for computing and referring to memory addresses: up to two of the 32-chip registers and a 32-bit signed abiding can exist added together to compute a memory accost. I of the registers can be optionally pre-multiplied by 2, 4, or 8.

The addressing modes can be used with many x86 instructions (we'll describe them in the side by side section). Here we illustrate some examples using the mov didactics that moves data between registers and memory. This instruction has two operands: the get-go is the source and the second specifies the destination.

Some examples of mov instructions using address computations are:

mov (%ebx), %eax /* Load 4 bytes from the memory accost in EBX into EAX. */

mov %ebx, var(,1) /* Move the contents of EBX into the 4 bytes at memory accost var.
(Annotation, var is a 32-bit constant). */

mov -4(%esi), %eax /* Move 4 bytes at retentiveness address ESI + (-iv) into EAX. */

mov %cl, (%esi,%eax,i) /* Move the contents of CL into the byte at address ESI+EAX. */

mov (%esi,%ebx,iv), %edx /* Move the four bytes of data at address ESI+iv*EBX into EDX. */

Some examples of invalid address calculations include:

mov (%ebx,%ecx,-ane), %eax /* Tin can simply add register values. */

mov %ebx, (%eax,%esi,%edi,1) /* At well-nigh 2 registers in address computation. */

Operation Suffixes

In general, the intended size of the of the information item at a given memory address tin can be inferred from the assembly code instruction in which it is referenced. For case, in all of the in a higher place instructions, the size of the retentiveness regions could be inferred from the size of the register operand. When we were loading a 32-bit register, the assembler could infer that the region of memory we were referring to was 4 bytes broad. When nosotros were storing the value of a one byte register to memory, the assembler could infer that we wanted the address to refer to a single byte in memory.

Still, in some cases the size of a referred-to memory region is cryptic. Consider the instruction mov $2, (%ebx). Should this instruction movement the value 2 into the unmarried byte at address EBX? Peradventure information technology should move the 32-bit integer representation of ii into the 4-bytes starting at accost EBX. Since either is a valid possible estimation, the assembler must be explicitly directed equally to which is correct. The size prefixes b, w, and l serve this purpose, indicating sizes of i, 2, and iv bytes respectively.

For example:

movb $2, (%ebx) /* Move 2 into the single byte at the address stored in EBX. */

movw $ii, (%ebx) /* Move the 16-bit integer representation of ii into the 2 bytes starting at the address in EBX. */

movl $ii, (%ebx) /* Motility the 32-bit integer representation of 2 into the four bytes starting at the accost in EBX. */

Instructions

Machine instructions generally fall into three categories: data motion, arithmetic/logic, and control-catamenia. In this section, we will look at of import examples of x86 instructions from each category. This section should not be considered an exhaustive list of x86 instructions, but rather a useful subset. For a complete list, encounter Intel'south teaching set reference.

We use the following notation:

<reg32> Any 32-bit register (%eax, %ebx, %ecx, %edx, %esi, %edi, %esp, or %ebp)

<reg16> Any sixteen-bit register (%ax, %bx, %cx, or %dx)

<reg8> Whatsoever 8-bit register (%ah, %bh, %ch, %dh, %al, %bl, %cl, or %dl)

<reg> Any annals

<mem> A memory address (e.thousand., (%eax), iv+var(,1), or (%eax,%ebx,ane))

<con32> Any 32-chip immediate

<con16> Whatever 16-flake firsthand

<con8> Any 8-chip immediate

<con> Any 8-, xvi-, or 32-flake immediate

In assembly linguistic communication, all the labels and numeric constants used as firsthand operands (i.e. not in an address adding like three(%eax,%ebx,viii)) are always prefixed by a dollar sign. When needed, hexadecimal note can exist used with the 0x prefix (e.m. $0xABC). Without the prefix, numbers are interpreted in the decimal basis.

Data Movement Instructions

mov — Move

The mov instruction copies the data item referred to by its starting time operand (i.e. annals contents, retentivity contents, or a constant value) into the location referred to by its second operand (i.e. a register or retentiveness). While annals-to-annals moves are possible, straight memory-to-memory moves are not. In cases where memory transfers are desired, the source memory contents must beginning be loaded into a register, so can exist stored to the destination retentivity accost.
Syntax
mov <reg>, <reg>
mov <reg>, <mem>
mov <mem>, <reg>
mov <con>, <reg>
mov <con>, <mem>

Examples
mov %ebx, %eax — copy the value in EBX into EAX
movb $5, var(,one) — store the value v into the byte at location var

push — Push on stack

The push instruction places its operand onto the summit of the hardware supported stack in memory. Specifically, push first decrements ESP by 4, and then places its operand into the contents of the 32-scrap location at accost (%esp). ESP (the stack arrow) is decremented past push since the x86 stack grows down — i.due east. the stack grows from loftier addresses to lower addresses.
Syntax
push <reg32>
button <mem>
push <con32>

Examples
push %eax — push button eax on the stack
push var(,ane) — push the iv bytes at accost var onto the stack

popular — Popular from stack

The pop teaching removes the 4-byte data element from the top of the hardware-supported stack into the specified operand (i.e. register or retention location). It first moves the 4 bytes located at memory location (%esp) into the specified register or memory location, and then increments ESP past 4.
Syntax
pop <reg32>
pop <mem>
Examples
popular %edi — popular the top element of the stack into EDI.
pop (%ebx) — pop the top element of the stack into retention at the four bytes starting at location EBX.

lea — Load effective accost

The lea educational activity places the address specified past its commencement operand into the annals specified by its second operand. Annotation, the contents of the memory location are not loaded, but the constructive address is computed and placed into the register. This is useful for obtaining a pointer into a retention region or to perform elementary arithmetics operations.
Syntax
lea <mem>, <reg32>

Examples
lea (%ebx,%esi,viii), %edi — the quantity EBX+viii*ESI is placed in EDI.
lea val(,ane), %eax — the value val is placed in EAX.

Arithmetic and Logic Instructions

add — Integer addition

The add pedagogy adds together its 2 operands, storing the effect in its second operand. Annotation, whereas both operands may be registers, at most one operand may be a memory location.
Syntax
add <reg>, <reg>
add <mem>, <reg>
add together <reg>, <mem>
add <con>, <reg>
add <con>, <mem>

Examples
add $10, %eax — EAX is set to EAX + 10
addb $ten, (%eax) — add together 10 to the single byte stored at memory accost stored in EAX

sub — Integer subtraction

The sub education stores in the value of its second operand the effect of subtracting the value of its first operand from the value of its 2d operand. Equally with add, whereas both operands may be registers, at most one operand may be a retentiveness location.
Syntax
sub <reg>, <reg>
sub <mem>, <reg>
sub <reg>, <mem>
sub <con>, <reg>
sub <con>, <mem>

Examples
sub %ah, %al — AL is set to AL - AH
sub $216, %eax — decrease 216 from the value stored in EAX

inc, dec — Increase, Decrement

The inc teaching increments the contents of its operand past 1. The dec instruction decrements the contents of its operand by one.
Syntax
inc <reg>
inc <mem>
december <reg>
december <mem>

Examples
dec %eax — subtract i from the contents of EAX
incl var(,1) — add one to the 32-fleck integer stored at location var

imul — Integer multiplication

The imul teaching has two bones formats: two-operand (first two syntax listings in a higher place) and 3-operand (terminal ii syntax listings above).
The 2-operand form multiplies its two operands together and stores the result in the second operand. The event (i.e. 2d) operand must be a register.

The 3 operand form multiplies its second and tertiary operands together and stores the result in its terminal operand. Again, the issue operand must exist a register. Furthermore, the first operand is restricted to being a constant value.

Syntax
imul <reg32>, <reg32>
imul <mem>, <reg32>
imul <con>, <reg32>, <reg32>
imul <con>, <mem>, <reg32>

Examples

imul (%ebx), %eax — multiply the contents of EAX by the 32-bit contents of the memory at location EBX. Store the result in EAX.

imul $25, %edi, %esi — ESI is prepare to EDI * 25

idiv — Integer partitioning

The idiv pedagogy divides the contents of the 64 bit integer EDX:EAX (synthetic by viewing EDX every bit the most significant iv bytes and EAX as the to the lowest degree meaning four bytes) by the specified operand value. The quotient consequence of the partition is stored into EAX, while the residue is placed in EDX.
Syntax
idiv <reg32>
idiv <mem>

Examples

idiv %ebx — divide the contents of EDX:EAX by the contents of EBX. Place the quotient in EAX and the remainder in EDX.

idivw (%ebx) — dissever the contents of EDX:EAS by the 32-scrap value stored at the memory location in EBX. Identify the quotient in EAX and the remainder in EDX.

and, or, xor — Bitwise logical and, or, and exclusive or

These instructions perform the specified logical performance (logical bitwise and, or, and sectional or, respectively) on their operands, placing the outcome in the beginning operand location.
Syntax
and <reg>, <reg>
and <mem>, <reg>
and <reg>, <mem>
and <con>, <reg>
and <con>, <mem>

or <reg>, <reg>
or <mem>, <reg>
or <reg>, <mem>
or <con>, <reg>
or <con>, <mem>

xor <reg>, <reg>
xor <mem>, <reg>
xor <reg>, <mem>
xor <con>, <reg>
xor <con>, <mem>

Examples
and $0x0f, %eax — clear all only the last four bits of EAX.
xor %edx, %edx — prepare the contents of EDX to zero.

not — Bitwise logical non

Logically negates the operand contents (that is, flips all scrap values in the operand).
Syntax
non <reg>
not <mem>

Example
not %eax — flip all the bits of EAX

neg — Negate

Performs the two'southward complement negation of the operand contents.
Syntax
neg <reg>
neg <mem>

Example
neg %eax — EAX is set to (- EAX)

shl, shr — Shift left and right

These instructions shift the bits in their first operand's contents left and right, padding the resulting empty flake positions with zeros. The shifted operand can exist shifted up to 31 places. The number of bits to shift is specified by the 2d operand, which can be either an eight-chip constant or the register CL. In either instance, shifts counts of greater then 31 are performed modulo 32.
Syntax
shl <con8>, <reg>
shl <con8>, <mem>
shl %cl, <reg>
shl %cl, <mem>

shr <con8>, <reg>
shr <con8>, <mem>
shr %cl, <reg>
shr %cl, <mem>

Examples

shl $1, eax — Multiply the value of EAX by 2 (if the most significant fleck is 0)

shr %cl, %ebx — Shop in EBX the floor of consequence of dividing the value of EBX by 2^{due north} where northward is the value in CL. Caution: for negative integers, it is different from the C semantics of division!

Control Menstruum Instructions

The x86 processor maintains an instruction pointer (EIP) register that is a 32-bit value indicating the location in retentiveness where the electric current didactics starts. Unremarkably, it increments to point to the side by side pedagogy in memory begins afterward execution an instruction. The EIP register cannot exist manipulated directly, simply is updated implicitly by provided control menses instructions.

We utilize the note <label> to refer to labeled locations in the program text. Labels can be inserted anywhere in x86 assembly lawmaking text by entering a characterization name followed past a colon. For example,

            mov 8(%ebp), %esi begin:        xor %ecx, %ecx        mov (%esi), %eax

The second instruction in this lawmaking fragment is labeled begin. Elsewhere in the code, nosotros can refer to the memory location that this pedagogy is located at in memory using the more user-friendly symbolic name begin. This label is just a user-friendly way of expressing the location instead of its 32-bit value.

jmp — Jump

Transfers program control flow to the instruction at the memory location indicated by the operand.
Syntax
jmp <characterization>

Example
jmp begin — Jump to the educational activity labeled begin.

jcondition — Provisional jump

These instructions are conditional jumps that are based on the condition of a set up of condition codes that are stored in a special register called the machine status word. The contents of the automobile status word include data about the last arithmetic functioning performed. For example, i bit of this discussion indicates if the final outcome was zero. Some other indicates if the concluding result was negative. Based on these condition codes, a number of conditional jumps can be performed. For example, the jz education performs a leap to the specified operand label if the result of the last arithmetic operation was zero. Otherwise, command proceeds to the adjacent instruction in sequence.
A number of the conditional branches are given names that are intuitively based on the last operation performed being a special compare pedagogy, cmp (come across beneath). For instance, provisional branches such as jle and jne are based on first performing a cmp operation on the desired operands.

Syntax
je <label> (spring when equal)
jne <label> (jump when not equal)
jz <label> (jump when last result was zero)
jg <label> (bound when greater than)
jge <label> (jump when greater than or equal to)
jl <label> (jump when less than)
jle <characterization> (spring when less than or equal to)

Example
cmp %ebx, %eax jle done          
If the contents of EAX are less than or equal to the contents of EBX, jump to the label done. Otherwise, continue to the next instruction.

cmp — Compare

Compare the values of the two specified operands, setting the condition codes in the auto status word appropriately. This instruction is equivalent to the sub educational activity, except the result of the subtraction is discarded instead of replacing the first operand.
Syntax
cmp <reg>, <reg>
cmp <mem>, <reg>
cmp <reg>, <mem>
cmp <con>, <reg>

Instance
cmpb $10, (%ebx)
jeq loop

If the byte stored at the memory location in EBX is equal to the integer constant 10, jump to the location labeled loop.

call, ret — Subroutine call and return

These instructions implement a subroutine phone call and return. The call instruction first pushes the current code location onto the hardware supported stack in retentiveness (see the push instruction for details), and so performs an unconditional jump to the code location indicated by the label operand. Different the simple bound instructions, the telephone call instruction saves the location to return to when the subroutine completes.
The ret education implements a subroutine return mechanism. This instruction first pops a code location off the hardware supported in-memory stack (see the pop instruction for details). It and then performs an unconditional jump to the retrieved code location.

Syntax
call <label>
ret

Calling Convention

To allow dissever programmers to share code and develop libraries for use by many programs, and to simplify the use of subroutines in full general, programmers typically adopt a common calling convention. The calling convention is a protocol about how to call and return from routines. For example, given a set of calling convention rules, a developer need not examine the definition of a subroutine to determine how parameters should be passed to that subroutine. Furthermore, given a set of calling convention rules, high-level language compilers can be fabricated to follow the rules, thus allowing hand-coded assembly linguistic communication routines and high-level language routines to call i another.

In practice, many calling conventions are possible. We will describe the widely used C language calling convention. Post-obit this convention will permit you to write assembly linguistic communication subroutines that are safely callable from C (and C++) code, and will too enable you to phone call C library functions from your associates linguistic communication code.

The C calling convention is based heavily on the utilise of the hardware-supported stack. It is based on the push button, pop, call, and ret instructions. Subroutine parameters are passed on the stack. Registers are saved on the stack, and local variables used by subroutines are placed in memory on the stack. The vast majority of loftier-level procedural languages implemented on most processors have used like calling conventions.

The calling convention is broken into ii sets of rules. The first ready of rules is employed by the caller of the subroutine, and the 2d set up of rules is observed past the writer of the subroutine (the callee). It should be emphasized that mistakes in the observance of these rules speedily upshot in fatal program errors since the stack volition be left in an inconsistent state; thus meticulous intendance should be used when implementing the call convention in your own subroutines.

Stack during Subroutine Call

[Thanks to James Peterson for finding and fixing the bug in the original version of this figure!]

A expert way to visualize the performance of the calling convention is to draw the contents of the nearby region of the stack during subroutine execution. The image above depicts the contents of the stack during the execution of a subroutine with three parameters and three local variables. The cells depicted in the stack are 32-scrap wide memory locations, thus the memory addresses of the cells are 4 bytes apart. The first parameter resides at an offset of 8 bytes from the base of operations arrow. In a higher place the parameters on the stack (and below the base of operations pointer), the call didactics placed the render address, thus leading to an extra four bytes of starting time from the base of operations pointer to the first parameter. When the ret education is used to return from the subroutine, information technology volition leap to the return address stored on the stack.

Caller Rules

To brand a subrouting call, the caller should:

Before calling a subroutine, the caller should save the contents of certain registers that are designated caller-saved. The caller-saved registers are EAX, ECX, EDX. Since the called subroutine is immune to modify these registers, if the caller relies on their values after the subroutine returns, the caller must push the values in these registers onto the stack (so they tin can be restore after the subroutine returns.
To laissez passer parameters to the subroutine, push them onto the stack before the call. The parameters should exist pushed in inverted gild (i.east. last parameter offset). Since the stack grows downwards, the first parameter will be stored at the lowest accost (this inversion of parameters was historically used to allow functions to be passed a variable number of parameters).
To phone call the subroutine, utilise the call instruction. This pedagogy places the return address on acme of the parameters on the stack, and branches to the subroutine code. This invokes the subroutine, which should follow the callee rules beneath.

After the subroutine returns (immediately following the call instruction), the caller can expect to find the return value of the subroutine in the register EAX. To restore the machine state, the caller should:

Remove the parameters from stack. This restores the stack to its state before the call was performed.
Restore the contents of caller-saved registers (EAX, ECX, EDX) by popping them off of the stack. The caller tin can assume that no other registers were modified past the subroutine.

Example

The code below shows a role call that follows the caller rules. The caller is calling a function myFunc that takes three integer parameters. First parameter is in EAX, the second parameter is the abiding 216; the third parameter is in the memory location stored in EBX.

push (%ebx)    /* Push last parameter offset */ push $216      /* Push the second parameter */ button %eax      /* Push first parameter last */  call myFunc    /* Call the function (assume C naming) */  add $12, %esp

Note that after the call returns, the caller cleans up the stack using the add pedagogy. Nosotros have 12 bytes (iii parameters * 4 bytes each) on the stack, and the stack grows down. Thus, to get rid of the parameters, nosotros tin only add together 12 to the stack pointer.

The result produced by myFunc is now available for utilize in the annals EAX. The values of the caller-saved registers (ECX and EDX), may accept been inverse. If the caller uses them after the call, it would have needed to save them on the stack before the call and restore them later it.

Callee Rules

The definition of the subroutine should adhere to the following rules at the kickoff of the subroutine:

Push the value of EBP onto the stack, and then re-create the value of ESP into EBP using the post-obit instructions:
```
              button %ebp     mov  %esp, %ebp            
```
This initial activity maintains the base pointer, EBP. The base of operations pointer is used by convention as a bespeak of reference for finding parameters and local variables on the stack. When a subroutine is executing, the base of operations pointer holds a copy of the stack pointer value from when the subroutine started executing. Parameters and local variables will always be located at known, abiding offsets away from the base arrow value. We push the former base pointer value at the outset of the subroutine so that we tin can later restore the appropriate base pointer value for the caller when the subroutine returns. Call back, the caller is not expecting the subroutine to alter the value of the base of operations arrow. We then move the stack arrow into EBP to obtain our bespeak of reference for accessing parameters and local variables.
Next, allocate local variables by making space on the stack. Remember, the stack grows down, so to make space on the top of the stack, the stack pointer should be decremented. The corporeality past which the stack pointer is decremented depends on the number and size of local variables needed. For case, if 3 local integers (4 bytes each) were required, the stack pointer would need to be decremented by 12 to brand space for these local variables (i.e., sub $12, %esp). As with parameters, local variables will be located at known offsets from the base pointer.
Next, salve the values of the callee-saved registers that will be used by the part. To relieve registers, push them onto the stack. The callee-saved registers are EBX, EDI, and ESI (ESP and EBP will also exist preserved by the calling convention, but demand not be pushed on the stack during this step).

After these three deportment are performed, the body of the subroutine may continue. When the subroutine is returns, it must follow these steps:

Leave the render value in EAX.
Restore the old values of any callee-saved registers (EDI and ESI) that were modified. The register contents are restored by popping them from the stack. The registers should exist popped in the inverse order that they were pushed.
Deallocate local variables. The obvious way to do this might be to add the appropriate value to the stack pointer (since the space was allocated past subtracting the needed corporeality from the stack pointer). In practise, a less mistake-prone mode to deallocate the variables is to move the value in the base arrow into the stack pointer: mov %ebp, %esp. This works because the base pointer always contains the value that the stack arrow contained immediately prior to the allocation of the local variables.
Immediately before returning, restore the caller'south base of operations pointer value past popping EBP off the stack. Recall that the kickoff thing we did on entry to the subroutine was to button the base pointer to save its one-time value.
Finally, return to the caller by executing a ret educational activity. This pedagogy will find and remove the advisable return address from the stack.

Annotation that the callee's rules autumn cleanly into two halves that are basically mirror images of 1 some other. The starting time half of the rules use to the beginning of the office, and are commonly said to define the prologue to the part. The latter half of the rules use to the end of the function, and are thus commonly said to define the epilogue of the part.

Example

Here is an case office definition that follows the callee rules:

            /* Showtime the code section */   .text    /* Define myFunc as a global (exported) function. */   .globl myFunc   .type myFunc, @role myFunc:    /* Subroutine Prologue */   push %ebp      /* Salve the one-time base pointer value. */   mov %esp, %ebp /* Set up the new base of operations pointer value. */   sub $iv, %esp   /* Make room for one 4-byte local variable. */   push button %edi      /* Salve the values of registers that the function */   push %esi      /* volition modify. This office uses EDI and ESI. */   /* (no need to relieve EBX, EBP, or ESP) */    /* Subroutine Torso */   mov 8(%ebp), %eax   /* Move value of parameter i into EAX. */   mov 12(%ebp), %esi  /* Motility value of parameter 2 into ESI. */   mov xvi(%ebp), %edi  /* Move value of parameter 3 into EDI. */    mov %edi, -4(%ebp)  /* Motility EDI into the local variable. */   add %esi, -4(%ebp)  /* Add together ESI into the local variable. */   add -iv(%ebp), %eax  /* Add together the contents of the local variable */                       /* into EAX (final result). */    /* Subroutine Epilogue */   pop %esi       /* Recover register values. */   pop %edi   mov %ebp, %esp /* Deallocate the local variable. */   pop %ebp       /* Restore the caller'south base of operations pointer value. */   ret

The subroutine prologue performs the standard deportment of saving a snapshot of the stack pointer in EBP (the base of operations pointer), allocating local variables by decrementing the stack pointer, and saving register values on the stack.

In the body of the subroutine we can see the utilise of the base arrow. Both parameters and local variables are located at constant offsets from the base of operations pointer for the duration of the subroutines execution. In detail, we observe that since parameters were placed onto the stack before the subroutine was called, they are always located below the base of operations pointer (i.e. at higher addresses) on the stack. The first parameter to the subroutine can e'er be found at memory location (EBP+viii), the second at (EBP+12), the tertiary at (EBP+16). Similarly, since local variables are allocated afterwards the base pointer is ready, they ever reside above the base of operations pointer (i.e. at lower addresses) on the stack. In particular, the kickoff local variable is always located at (EBP-4), the 2d at (EBP-8), and then on. This conventional use of the base pointer allows us to quickly identify the use of local variables and parameters within a function body.

The function epilogue is basically a mirror paradigm of the function prologue. The caller'southward annals values are recovered from the stack, the local variables are deallocated by resetting the stack pointer, the caller's base pointer value is recovered, and the ret instruction is used to return to the advisable code location in the caller.

Credits: This guide was originally created by Adam Ferrari many years ago,
and since updated by Alan Batson, Mike Lack, and Anita Jones.
Information technology was revised for 216 Leap 2006 by David Evans.
Information technology was finally modified by Quentin Carbonneaux to use the AT&T syntax for Yale's CS421.