What’s the best way to remember the x86-64 System V arg register order?

by

If you remember C memcpy‘s arg order, and how rep movsb works, that’s most of the way to remembering x86-64 System V.

The design makes memcpy(dst, src, size) cheap to implement with rep movsb, except leaving RCX unused in more functions because it’s needed for variable-count shifts more often than anything needs RDX.

Then R8 and R9 are the first two “high” registers. Using them requires a REX prefix, which costs an extra byte of code size in instructions that wouldn’t otherwise need one. Thus they’re a sensible choice for the last 2 args. (Windows x64 makes the same choice of using R8, R9 for the last 2 register args).

The actual design process involved minimizing a cost tradeoff of instruction count and code-size for compiling something (perhaps SPECcpu) with a then-current AMD64 port of GCC. I don’t know whether inlining memcpy as rep movsb was relevant, or whether glibc at the time actually implemented it that way, or what.

My answer on Why does Windows64 use a different calling convention from all other OSes on x86-64? cites some sources for the calling convention design decisions. (Early x86-64.org mailing list posts from GCC devs, notably Jan Hubicka who experimented with a few register orders before coming up with this one.)

Of particular note for remembering the RDX, RCX part of the order is this quote:

We are trying to avoid RCX early in the sequence, since it is register
used commonly for special purposes, like EAX, so it has same purpose
to be missing in the sequence. Also it can’t be used for syscalls and
we would like to make syscall sequence to match function call sequence
as much as possible.

User-space vs. syscall difference:

R10 replaces RCX in the system call convention because the syscall instruction itself destroys RCX (using it to save RIP, avoiding using the user-space stack, and it can’t use the kernel stack because it leaves stack switching up to software). Like how it uses R11 to save RFLAGS.

Keeping it as similar as possible allows libc wrappers to just mov %rcx, %r10, not shuffle over multiple args to fill the gap. R10 is the next available register after R8 and R9.

Alternative: a mnemonic:

Diane’s silk dress costs $89

(Suggested by the CS:APP blog)

More Related Contents:

  1. What are callee and caller saved registers?
  2. Where exactly is the red zone on x86-64?
  3. What are the calling conventions for UNIX & Linux system calls (and user-space functions) on i386 and x86-64
  4. Why do x86-64 instructions on 32-bit registers zero the upper part of the full 64-bit register?
  5. Where is the x86-64 System V ABI documented?
  6. Why does Windows64 use a different calling convention from all other OSes on x86-64?
  7. What registers are preserved through a linux x86-64 function call
  8. Why does the x86-64 / AMD64 System V ABI mandate a 16 byte stack alignment?
  9. Is a sign or zero extension required when adding a 32bit offset to a pointer for the x86-64 ABI?
  10. How to print a single-precision float with printf
  11. What do the E and R prefixes stand for in the names of Intel 32-bit and 64-bit registers?
  12. Why are rbp and rsp called general purpose registers?
  13. Why is the address of static variables relative to the Instruction Pointer?
  14. What is the ‘shadow space’ in x64 assembly?
  15. What are the names of the new X86_64 processors registers?
  16. Assembly registers in 64-bit architecture
  17. x86_64 registers rax/eax/ax/al overwriting full register contents [duplicate]
  18. Why not store function parameters in XMM vector registers?
  19. Does each PUSH instruction push a multiple of 8 bytes on x64?
  20. C++ on x86-64: when are structs/classes passed and returned in registers?
  21. How do vararg functions find out the number of arguments in machine code?
  22. Why can I access lower dword/word/byte in a register but not higher?
  23. Is reserving stack space necessary for functions less than four arguments?
  24. Why use RIP-relative addressing in NASM?
  25. How do AX, AH, AL map onto EAX?
  26. Why is there not a register that contains the higher bytes of EAX?
  27. Why NASM on Linux changes registers in x86_64 assembly
  28. Why isn’t the instruction pointer a normal register usable with MOV or ADD?
  29. Load from a 64-bit address into other register than rax
  30. Can rip be used with another register with RIP-relative addressing?

Leave a Comment