The Netwide Assembler

On Sun, 28 Sep 2008 09:31:29 -0400
Frank Kotler <fbkotler@...> wrote:

>  > 1. The default state does not optimize as previous versions.
>  > This breaks many programs with errors saying jumps are out
>  > of range.  
> 
> Yes. This appears to be broken. I haven't looked into why...

In prior releases, jumps with backward references were optimized even
when optimization was turned off. Currently, such jumps are only
optimized when optimization is turned on. Therefore, in the default
case, the code is larger than it was before, and some short jumps can
be pushed out of range.

The desired behavior depends upon the reason for not using optimization.

In the majority of cases, optimization is disabled simply because that
is the default, and the user either doesn't know how to turn it on, or
doesn't see any reason to do so. For this user class, I recommend that
we change the default.

If the user wants optimization off in order to have more control over
the jump sizes, then the new behavior is the desired one.

If the user wants optimization off in order to speed up the assembly
process, then the old behavior is the desired one.

Because optimization is now decoupled from forward reference resolution
we have the ability to offer our users as many different optimization
choices as we care to support. I just need to know what the consensus
is.

-- 
Chuck 
http://www.pacificsites.com/~ccrayne/charles.html

Charles Crayne wrote:
> On Sun, 28 Sep 2008 09:31:29 -0400
> Frank Kotler <fbkotler@...> wrote:
> 
>>  > 1. The default state does not optimize as previous versions.
>>  > This breaks many programs with errors saying jumps are out
>>  > of range.  
>>
>> Yes. This appears to be broken. I haven't looked into why...
> 
> In prior releases, jumps with backward references were optimized even
> when optimization was turned off. Currently, such jumps are only
> optimized when optimization is turned on. Therefore, in the default
> case, the code is larger than it was before, and some short jumps can
> be pushed out of range.
> 
> The desired behavior depends upon the reason for not using optimization.
> 
> In the majority of cases, optimization is disabled simply because that
> is the default, and the user either doesn't know how to turn it on, or
> doesn't see any reason to do so. For this user class, I recommend that
> we change the default.
> 
> If the user wants optimization off in order to have more control over
> the jump sizes, then the new behavior is the desired one.
> 
> If the user wants optimization off in order to speed up the assembly
> process, then the old behavior is the desired one.
> 
> Because optimization is now decoupled from forward reference resolution
> we have the ability to offer our users as many different optimization
> choices as we care to support. I just need to know what the consensus
> is.

Okay... here's an offending bit of code (Jeff's "copy.asm"")...

...
;  jmp	short pup_ok
   jmp	pup_ok

*** "short" commented out for the 2.04 assembly***

pup_ck1:
   cmp	word [eax],'-c'	;-compare?
   jne	pup_ck2
   mov	[content_flag],byte 1 ;enable x server window list
   jmp	short pup_loop
pup_ck2:
   cmp	word [eax],'-t'	;-t time/date?
   jne	pup_ck3
   mov	[time_flag],byte 1
   jmp	short pup_loop

pup_ck3:
   cmp	word [eax],'-s'	;-s size?
   jne	pup_ck4
   mov	[size_flag],byte 1
   jmp	short pup_loop
pup_ck4:
   cmp	word [eax],'-h'	;-h help?
   jne	pup_ck5
   jmp	short parse_error
pup_ck5:
   cmp	word [eax],'-d'	;-d delete?
   jne	pup_ck6
   mov	[delete_flag],byte 1
   jmp	short pup_loop
pup_ck6:
;save from path
   push	esi
   mov	esi,eax
   mov	edi,from_path
   call	str_move
   pop	esi
;save to path
   lodsd
   or	eax,eax
   jz	parse_error	;jmp if no destination file
   mov	esi,eax
   mov	edi,to_path
   call	str_move
pup_ok:
   clc
   jmp	short parse_exit

 From "objdump -d copy.o"...

2.04rc1:

  5f0:	eb 68                	jmp    65a <pup_ok>

000005f2 <pup_ck1>:
  5f2:	66 81 38 2d 63       	cmpw   $0x632d,(%eax)
  5f7:	75 09                	jne    602 <pup_ck2>
  5f9:	c6 05 d9 01 00 00 01 	movb   $0x1,0x1d9
  600:	eb e1                	jmp    5e3 <pup_loop>

00000602 <pup_ck2>:
  602:	66 81 38 2d 74       	cmpw   $0x742d,(%eax)
  607:	75 09                	jne    612 <pup_ck3>
  609:	c6 05 da 01 00 00 01 	movb   $0x1,0x1da
  610:	eb d1                	jmp    5e3 <pup_loop>
...

and 2.04:

  718:	e9 80 00 00 00       	jmp    79d <pup_ok>

0000071d <pup_ck1>:
  71d:	66 81 38 2d 63       	cmpw   $0x632d,(%eax)
  722:	0f 85 09 00 00 00    	jne    731 <pup_ck2>
  728:	c6 05 d9 01 00 00 01 	movb   $0x1,0x1d9
  72f:	eb d2                	jmp    703 <pup_loop>

00000731 <pup_ck2>:
  731:	66 81 38 2d 74       	cmpw   $0x742d,(%eax)
  736:	0f 85 09 00 00 00    	jne    745 <pup_ck3>
  73c:	c6 05 da 01 00 00 01 	movb   $0x1,0x1da
  743:	eb be                	jmp    703 <pup_loop>

Looks to me as though the problem is not with "not optimizing backwards 
jumps", but with defaulting to "near" on jcc's.

It was "intended" that with no optimization, Nasm should behave "just 
like 0.98". Actually, John originally intended the default to be "-O2", 
IIRC. This optimizing of backward jumps deviated from that, but no one 
complained because it didn't break anything (whereas optimizing "add 
edx, 7" did!). It never occurred to me that fixing it so it *didn't* 
optimize would break code if we fixed it.

I was a little surprised that this cropped up as *often* as it (or 
another problem) did in Jeff's code... which is why I checked further.

Defaulting to "near" on an unadorned jcc has the advantage of not seeing 
a "short jump out of range" error (unless we specify "short" where we 
shouldn't have), but doesn't match previous default (no "-O" switch) 
behavior of either 0.98 or any of the "interim" versions. I don't 
*think* it's what we want to do...

I'm less sure what to do with backward jumps. "Just like 0.98" seems a 
poor criterion at this point. "Just like interim versions" might get us 
into less trouble there!

Can you - do you think we "should" - default to short on jcc's?

Best,
Frank

Charles Crayne wrote:
> On Sun, 28 Sep 2008 09:31:29 -0400
> Frank Kotler <fbkotler@...> wrote:
> 
>>  > 1. The default state does not optimize as previous versions.
>>  > This breaks many programs with errors saying jumps are out
>>  > of range.  
>>
>> Yes. This appears to be broken. I haven't looked into why...
> 
> In prior releases, jumps with backward references were optimized even
> when optimization was turned off. Currently, such jumps are only
> optimized when optimization is turned on. Therefore, in the default
> case, the code is larger than it was before, and some short jumps can
> be pushed out of range.
> 
> The desired behavior depends upon the reason for not using optimization.
> 
> In the majority of cases, optimization is disabled simply because that
> is the default, and the user either doesn't know how to turn it on, or
> doesn't see any reason to do so. For this user class, I recommend that
> we change the default.
> 
> If the user wants optimization off in order to have more control over
> the jump sizes, then the new behavior is the desired one.
> 
> If the user wants optimization off in order to speed up the assembly
> process, then the old behavior is the desired one.
> 
> Because optimization is now decoupled from forward reference resolution
> we have the ability to offer our users as many different optimization
> choices as we care to support. I just need to know what the consensus
> is.

Okay... here's an offending bit of code (Jeff's "copy.asm"")...

...
;  jmp	short pup_ok
   jmp	pup_ok

*** "short" commented out for the 2.04 assembly***

pup_ck1:
   cmp	word [eax],'-c'	;-compare?
   jne	pup_ck2
   mov	[content_flag],byte 1 ;enable x server window list
   jmp	short pup_loop
pup_ck2:
   cmp	word [eax],'-t'	;-t time/date?
   jne	pup_ck3
   mov	[time_flag],byte 1
   jmp	short pup_loop

pup_ck3:
   cmp	word [eax],'-s'	;-s size?
   jne	pup_ck4
   mov	[size_flag],byte 1
   jmp	short pup_loop
pup_ck4:
   cmp	word [eax],'-h'	;-h help?
   jne	pup_ck5
   jmp	short parse_error
pup_ck5:
   cmp	word [eax],'-d'	;-d delete?
   jne	pup_ck6
   mov	[delete_flag],byte 1
   jmp	short pup_loop
pup_ck6:
;save from path
   push	esi
   mov	esi,eax
   mov	edi,from_path
   call	str_move
   pop	esi
;save to path
   lodsd
   or	eax,eax
   jz	parse_error	;jmp if no destination file
   mov	esi,eax
   mov	edi,to_path
   call	str_move
pup_ok:
   clc
   jmp	short parse_exit

 From "objdump -d copy.o"...

2.04rc1:

  5f0:	eb 68                	jmp    65a <pup_ok>

000005f2 <pup_ck1>:
  5f2:	66 81 38 2d 63       	cmpw   $0x632d,(%eax)
  5f7:	75 09                	jne    602 <pup_ck2>
  5f9:	c6 05 d9 01 00 00 01 	movb   $0x1,0x1d9
  600:	eb e1                	jmp    5e3 <pup_loop>

00000602 <pup_ck2>:
  602:	66 81 38 2d 74       	cmpw   $0x742d,(%eax)
  607:	75 09                	jne    612 <pup_ck3>
  609:	c6 05 da 01 00 00 01 	movb   $0x1,0x1da
  610:	eb d1                	jmp    5e3 <pup_loop>
...

and 2.04:

  718:	e9 80 00 00 00       	jmp    79d <pup_ok>

0000071d <pup_ck1>:
  71d:	66 81 38 2d 63       	cmpw   $0x632d,(%eax)
  722:	0f 85 09 00 00 00    	jne    731 <pup_ck2>
  728:	c6 05 d9 01 00 00 01 	movb   $0x1,0x1d9
  72f:	eb d2                	jmp    703 <pup_loop>

00000731 <pup_ck2>:
  731:	66 81 38 2d 74       	cmpw   $0x742d,(%eax)
  736:	0f 85 09 00 00 00    	jne    745 <pup_ck3>
  73c:	c6 05 da 01 00 00 01 	movb   $0x1,0x1da
  743:	eb be                	jmp    703 <pup_loop>

Looks to me as though the problem is not with "not optimizing backwards 
jumps", but with defaulting to "near" on jcc's.

It was "intended" that with no optimization, Nasm should behave "just 
like 0.98". Actually, John originally intended the default to be "-O2", 
IIRC. This optimizing of backward jumps deviated from that, but no one 
complained because it didn't break anything (whereas optimizing "add 
edx, 7" did!). It never occurred to me that fixing it so it *didn't* 
optimize would break code if we fixed it.

I was a little surprised that this cropped up as *often* as it (or 
another problem) did in Jeff's code... which is why I checked further.

Defaulting to "near" on an unadorned jcc has the advantage of not seeing 
a "short jump out of range" error (unless we specify "short" where we 
shouldn't have), but doesn't match previous default (no "-O" switch) 
behavior of either 0.98 or any of the "interim" versions. I don't 
*think* it's what we want to do...

I'm less sure what to do with backward jumps. "Just like 0.98" seems a 
poor criterion at this point. "Just like interim versions" might get us 
into less trouble there!

Can you - do you think we "should" - default to short on jcc's?

Best,
Frank

Frank Kotler wrote:
> 
> Defaulting to "near" on an unadorned jcc has the advantage of not seeing 
> a "short jump out of range" error (unless we specify "short" where we 
> shouldn't have), but doesn't match previous default (no "-O" switch) 
> behavior of either 0.98 or any of the "interim" versions. I don't 
> *think* it's what we want to do...
> 
> I'm less sure what to do with backward jumps. "Just like 0.98" seems a 
> poor criterion at this point. "Just like interim versions" might get us 
> into less trouble there!
> 

Arguably, 0.98.39 is probably the gold standard at this point, although 
we did strive for compatibility with 0.98 for -O0, so it is at least the 
"indirect" gold standard.

> Can you - do you think we "should" - default to short on jcc's?

That would match pre-386 assemblers, for the simple reason that before 
the 386 there *were* no near conditional jumps at all.  Thus, JMP 
defaulted to near, but Jcc/JCXZ defaulted to short.

In that sense, it is consistent and historically justified.  It also, I 
believe, match 0.98 behaviour.

	-hpa

On Mon, 29 Sep 2008 12:26:42 -0400
Frank Kotler <fbkotler@...> wrote:

> Can you - do you think we "should" - default to short on jcc's?

I do indeed think that we should default to short on conditional jumps,
but I think that we should do so for both forward and backward targets.

The concept of treating forward and backward references differently
derived from necessity, rather than from design. I doubt seriously that
any user actually wants that particular distinction.

My own preference is to do this by changing the default optimization to
-Ox, but your point about "add edx, 7" is well taken, and I will change
the behavior to whatever the team decides.

-- 
Chuck 
http://www.pacificsites.com/~ccrayne/charles.html

Charles Crayne wrote:
> On Mon, 29 Sep 2008 12:26:42 -0400
> Frank Kotler <fbkotler@...> wrote:
> 
>> Can you - do you think we "should" - default to short on jcc's?
> 
> I do indeed think that we should default to short on conditional jumps,
> but I think that we should do so for both forward and backward targets.
> 
> The concept of treating forward and backward references differently
> derived from necessity, rather than from design. I doubt seriously that
> any user actually wants that particular distinction.
> 
> My own preference is to do this by changing the default optimization to
> -Ox, but your point about "add edx, 7" is well taken, and I will change
> the behavior to whatever the team decides.
> 

My gut feel is that 0.98 implemented short Jcc, and 0.98.3x formally 
documented 0.98 behaviour as the intended mimic target of -O0. 
Therefore, I think this makes sense.  -O1 should have near Jcc by 
default, and would otherwise be the same (this being the documented 
difference.)

Agreed that we shouldn't distinguish between forward and backwards jumps.

One thing we could do with the new code is reduce the "jump out of 
range" to a warning, and generate the longer jump in that case. 
However, I wouldn't worry about it if it is in any way hard.

	-hpa

On Mon, 29 Sep 2008 17:56:37 -0700
"H. Peter Anvin" <hpa@...> wrote:

> One thing we could do with the new code is reduce the "jump out of 
> range" to a warning, and generate the longer jump in that case. 
> However, I wouldn't worry about it if it is in any way hard.

I like the concept, and will see how difficult it would be to implement.

-- 
Chuck 
http://www.pacificsites.com/~ccrayne/charles.html

On Mon, 29 Sep 2008 19:15:01 -0700
Charles Crayne <ccrayne@...> wrote:

> I like the concept, and will see how difficult it would be to
> implement.

After reviewing the code, I am reasonably convinced that the "short
jump is out of range" messages are being generated exclusively by
"jcxz" and "loop" instructions, which have no "near" forms. If anyone
has an example where this is not the case, please send it to me, and I
will fix it.

-- 
Chuck 
http://www.pacificsites.com/~ccrayne/charles.html

Charles Crayne wrote:
> On Mon, 29 Sep 2008 19:15:01 -0700
> Charles Crayne <ccrayne@...> wrote:
> 
>> I like the concept, and will see how difficult it would be to
>> implement.
> 
> After reviewing the code, I am reasonably convinced that the "short
> jump is out of range" messages are being generated exclusively by
> "jcxz" and "loop" instructions, which have no "near" forms. If anyone
> has an example where this is not the case, please send it to me, and I
> will fix it.
> 

I don't think that's the issue.  The issue is that by choosing long 
forms by default, the code is bloated and the JCXZ and LOOP 
instructions, which indeed have no long form, plus explicit JMP SHORT 
(which you have to use in non-optimized code) are no longer in range.

	-hpa

On Mon, 29 Sep 2008 21:30:54 -0700
"H. Peter Anvin" <hpa@...> wrote:

> The issue is that by choosing long 
> forms by default, the code is bloated and the JCXZ and LOOP 
> instructions, which indeed have no long form, plus explicit JMP SHORT 
> (which you have to use in non-optimized code) are no longer in range.

I must have misunderstood your suggestion. Do you mean that we should
override explicit "SHORT" jumps when they are not in range? If so, that
looks easy enough to do.

-- 
Chuck 
http://www.pacificsites.com/~ccrayne/charles.html

Charles Crayne wrote:
> On Mon, 29 Sep 2008 21:30:54 -0700
> "H. Peter Anvin" <hpa@...> wrote:
> 
>> The issue is that by choosing long 
>> forms by default, the code is bloated and the JCXZ and LOOP 
>> instructions, which indeed have no long form, plus explicit JMP SHORT 
>> (which you have to use in non-optimized code) are no longer in range.
> 
> I must have misunderstood your suggestion. Do you mean that we should
> override explicit "SHORT" jumps when they are not in range? If so, that
> looks easy enough to do.

bits 32

jmp short labelB
labelA:
cmp ax, 0FFDFh
jz labelA
times 121 nop
labelB:

As of 2.02, this assembles fine either with or without "-O" switch. By 
2.03, it complains about "signed byte" on the "cmp" (with "-O"). Through 
2.04rc1, it assembles without the "-O" switch. As of 2.04, without "-O", 
it assembles the "jz" as "near", which throws the "jmp short" out of 
range (assembles with "-O" - any level(?) - but warns).

If *I* say "cmp ax, byte 0FFDFh", or "cmp ax, byte 0DFh", I expect Nasm 
to warn me. If Nasm decides on its own that that could be "byte", don't 
complain to *me* about it! But it's just a warning, and we can suppress 
it if we want... No Big Deal.

But I really don't think assembling "jz" as "near" is what we want. Too 
much of a deviation from the way we've "always done it", IMHO.

Best,
Frank

Charles Crayne wrote:
> On Mon, 29 Sep 2008 21:30:54 -0700
> "H. Peter Anvin" <hpa@...> wrote:
> 
>> The issue is that by choosing long 
>> forms by default, the code is bloated and the JCXZ and LOOP 
>> instructions, which indeed have no long form, plus explicit JMP SHORT 
>> (which you have to use in non-optimized code) are no longer in range.
> 
> I must have misunderstood your suggestion. Do you mean that we should
> override explicit "SHORT" jumps when they are not in range? If so, that
> looks easy enough to do.
> 

Hm.  I think it would be uncool to override an explicit user 
instruction, even as a warning.

	-hpa

H. Peter Anvin wrote:
> Charles Crayne wrote:
>> On Mon, 29 Sep 2008 21:30:54 -0700
>> "H. Peter Anvin" <hpa@...> wrote:
>>
>>> The issue is that by choosing long 
>>> forms by default, the code is bloated and the JCXZ and LOOP 
>>> instructions, which indeed have no long form, plus explicit JMP SHORT 
>>> (which you have to use in non-optimized code) are no longer in range.
>> I must have misunderstood your suggestion. Do you mean that we should
>> override explicit "SHORT" jumps when they are not in range? If so, that
>> looks easy enough to do.
>>
> 
> Hm.  I think it would be uncool to override an explicit user 
> instruction, even as a warning.

So if I write, say "add eax, dword 7", we should get the long form? I 
agree, but without the "strict" qualifier, we don't. Ideally, I'd like 
to see any user-supplied short/near/byte/word/dword/qword "obeyed" (even 
if it results in terminating in an error), but there was apparently some 
problem without "strict"... I don't see why...

Best,
Frank

Posted this yesterday, but haven't seen it show up, so at the risk of 
repeating myself...

Charles Crayne wrote:
 > On Mon, 29 Sep 2008 21:30:54 -0700
 > "H. Peter Anvin" <hpa@...> wrote:
 >
 >> The issue is that by choosing long forms by default, the code is 
bloated and the JCXZ and LOOP instructions, which indeed have no long 
form, plus explicit JMP SHORT (which you have to use in non-optimized 
code) are no longer in range.
 >
 > I must have misunderstood your suggestion. Do you mean that we should
 > override explicit "SHORT" jumps when they are not in range? If so, that
 > looks easy enough to do.

[this illustrates both of Jeff's observations]

bits 32

jmp short labelB
labelA:
cmp ax, 0FFDFh
jz labelA
times 121 nop
labelB:

As of 2.02, this assembles fine either with or without "-O" switch. By 
2.03, it complains about "signed byte" on the "cmp" (with "-O"). Through 
2.04rc1, it assembles without the "-O" switch. As of 2.04, without "-O", 
it assembles the "jz" as "near", which throws the "jmp short" out of 
range (assembles with "-O" - any level(?) - but warns).

If *I* say "cmp ax, byte 0FFDFh", or "cmp ax, byte 0DFh", I expect Nasm 
to warn me. If Nasm decides on its own that that could be "byte", don't 
complain to *me* about it! But it's just a warning, and we can suppress 
it if we want... No Big Deal.

But I really don't think assembling "jz" as "near" is what we want. Too 
much of a deviation from the way we've "always done it", IMHO.

Best,
Frank

> Hm.  I think it would be uncool to override an explicit user
> instruction, even as a warning.

I agree.

(Which is why I think STRICT is an atrocity, btw. ;-)

--
Christian

Frank Kotler wrote:
> 
> So if I write, say "add eax, dword 7", we should get the long form? I 
> agree, but without the "strict" qualifier, we don't. Ideally, I'd like 
> to see any user-supplied short/near/byte/word/dword/qword "obeyed" (even 
> if it results in terminating in an error), but there was apparently some 
> problem without "strict"... I don't see why...
> 

"strict" was introduced because sometimes the only thing that 
distinguishes one instruction from another is 
short/near/byte/word/dword/qword, and *then* you have an immediate-size 
option *on top of that*.

The "push immediate" instruction is a good example.

      1                                          bits 16
      2
      3 00000000 666A0D                          push dword 13
      4 00000003 6A0D                            push word 13
      5
      6 00000005 66680D000000                    push strict dword 13
      7 0000000B 680D00                          push strict word 13

The difference between "word" and "dword" isn't the size of the 
immediate, but the size of the word actually pushed onto the stack.

	-hpa

anonymous coward wrote:
>> Hm.  I think it would be uncool to override an explicit user
>> instruction, even as a warning.
> 
> I agree.
> 
> (Which is why I think STRICT is an atrocity, btw. ;-)
> 

STRICT was introduced to resolve an ambiguity in the language.  We were 
using the same specifier for operation size and immediate/displacement size.

	-hpa

H. Peter Anvin wrote:
> Frank Kotler wrote:
>> So if I write, say "add eax, dword 7", we should get the long form? I 
>> agree, but without the "strict" qualifier, we don't. Ideally, I'd like 
>> to see any user-supplied short/near/byte/word/dword/qword "obeyed" (even 
>> if it results in terminating in an error), but there was apparently some 
>> problem without "strict"... I don't see why...
>>
> 
> "strict" was introduced because sometimes the only thing that 
> distinguishes one instruction from another is 
> short/near/byte/word/dword/qword, and *then* you have an immediate-size 
> option *on top of that*.
> 
> The "push immediate" instruction is a good example.
> 
>       1                                          bits 16
>       2
>       3 00000000 666A0D                          push dword 13
>       4 00000003 6A0D                            push word 13
>       5
>       6 00000005 66680D000000                    push strict dword 13
>       7 0000000B 680D00                          push strict word 13
> 
> The difference between "word" and "dword" isn't the size of the 
> immediate, but the size of the word actually pushed onto the stack.

Ah, that explains it! Thanks!

Best,
Frank