Assembly: REP MOVS mechanism

蹲街弑〆低调 提交于 2021-02-07 05:28:08

问题


Looking at the following assembly code:

MOV ESI, DWORD PTR [EBP + C]
MOV ECX, EDI
MOV EAX, EAX
SHR ECX, 2
LEA EDI, DWORD PTR[EBX + 18]
REP MOVS DWORD PTR ES:[EDI], DWORD PTR [ESI]
MOV ECX, EAX
AND ECX, 3
REP MOVS BYTE PTR ES:[EDI], BYTE PTR[ESI]

The book I got the code excerpt from explains the first REP MOVS as copying over 4-byte chunks, with the second REP MOVS copying the remaining 2-byte chunk, if it exists.

How do the REP MOVS instructions operate? According to MSDN, "The instruction can be prefixed by REP to repeat the operation the number of times specified by the ecx register." Wouldn't that just repeat the same operation over and over again?


回答1:


For questions about particular instructions always consult the instruction set reference.

In this case, you will need to look up rep and movs. In short, rep repeats the following string operation ecx times. movs copies data from ds:esi to es:edi and increments or decrements the pointers based on the setting of the direction flag. As such, repeating it will move a range of memory to somewhere else.

PS: usually the operation size is encoded as an instruction suffix, so people use movsb and movsd to indicate byte or dword operation. Some assemblers however allow specifying the size as in your example, by byte ptr or dword ptr. Also, the operands are implicit in the instruction, and you can not modify them.




回答2:


The short explanation about syntax

At the assembly-code level, two forms of this instruction are allowed: the “explicit-operands” form and the “nooperand” form. The explicit-operands form allows the source and the destination address of the memory to be specified explicitly with symbols. This explicit-operands form is provided to allow documentation; however, note that the documentation provided by this form can be misleading. That is, the symbol does not have to specify the correct source and destination address. The source address is always specified by DS:(RSI/ESI/SI) and the destination address is always specified by ES:(RDI/EDI/DI) registers, which must be loaded correctly before the movsb instruction is executed. This is how I understand the official position of Intel on this issue.

The long explanation about syntax

REP MOVS DWORD PTR ES:[EDI], DWORD PTR [ESI] is a synonym for REP MOVSD; and REP MOVS BYTE PTR ES:[EDI], BYTE PTR[ESI] is a synonym of REP MOVSB.

There are the following MOVS commands, based on data sizes:

  • MOVSB (byte, 8-bit)
  • MOVSW (word, 16-bit)
  • MOVSD (dword, 32-bit)
  • MOVSQ (qword, 64 bit) - only available in 64-bit mode

The MOVS command copies data from DS:(SI/ESI/RSI) to ES:(DI/EDI/RDI) -- the size of SI/DI register is based on your current mode - 16-bit, 32-bit or 64-bit. It also increases (decreases) SI and DI registers (based on the D flag, set CLD to increase the registers).

The MOVS command cannot use other registers than SI/DI, so it is not necessary to specify them.

If the MOVS command is prefixed by REP, it is repeated to copy CX(ECX/RCX) number of bytes, decreasing CX, so at the end CX becomes zero.

The explanation on relative performance

Since first Pentium CPU produced in 1993, Intel began to make simple commands to be executed faster and complex commands (like REP MOVS) -- slower. So, REP MOVS became very slow, and there were no more reason to use it in Pentium CPUs based on P5 microarchitecture (1993-1997).

In parallel with the P5 microarchitecture, Intel developed the P6 microarchitecture, where it has decided to revisit REP MOVS, and, since 1996, implemented the "fast strings" feature which made REP MOVS fast again.

In 2013, Intel decided to revisit REP MOVS again, and implemented CPUID ERMSB (Enhanced REP MOVSB) bit, which was supposed to indicate that the CPU implements byte-sized move and store instructions (movsb, stosb) in a fast and efficient manner. On practice, it is only fast for large blocks, 256 bytes and larger, and only when certain conditions are met:

  • both the source and destination addresses have to be aligned to a 16-byte boundary (this boundary size is recommended for Ivy Bridge processors, on newer the boundary may be larger, up to 64 bytes for Cannonlake);
  • the source region should not overlap with the destination region;
  • the length have to be a multiple of 64 bytes to produce higher performance;
  • the direction have to be forward (CLD).

See the Intel Manual on Optimization, section 3.7.6 Enhanced REP MOVSB and STOSB operation (ERMSB) http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf

REP MOVS instructions are very slow on small blocks because the startup cost is about 35 cycles. If you do plain simple MOV EAX (or something like that) in a loop, there are no startup costs and you can copy lots of data during these 35 cycles.

Please note that ERMSB produces best results for REP MOVSB, not REP MOVSD (MOVSQ). All REP MOVS instructions became significantly faster, but REP MOVSB is fastest of all with ERMSB. This is in contrast with older processors (before 2013) where largest MOVS size available (MOVSQ on 64-bit, MOVSD on 32-bit) produced fastest outcome.

So the code that you have shown is not optimal for processors with ERMSB, because only MOVSB is fast, not MOVSD, although the difference is not that big, and a single REP MOVSB should be enough - it will incur startup costs only once rather than twice for fist REP MOVSD and then REP MOVSB.

However, for processors without ERMBS, your code is OK, except for P5-based Pentium processors released in 1993 where plain simple MOV EAX copy (or using larger x87 registers) in a loop would be faster. The code that you have given will also give best results on very old processors like 80386 released in 1985.



来源:https://stackoverflow.com/questions/27804852/assembly-rep-movs-mechanism

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!