assembly - Does Program Counter hold current address or the address of the next instruction?

Question

Being a beginner and self-learner, I am learning assembly and currently reading the chapter 3 of the book, The C Companion by Allen Hollub. I can't understand the description of Program Counter or PC he describes in an imaginary demo machine with two byte word. Here is the description of PC in page 57.

"The PC always holds the address of the instruction currently being executed. It is automatically updated as each instruction executed to hold the address of the next instruction to be executed. ... ... The important concept here is that the PC holds the address of the next instruction, not the instruction itself. "

I fail to understand the difference between holding the current address and the address of the next instruction. Does PC hold the two addresses in two consecutive bytes at the same time?

Answer 1

I can't understand the description of Program Counter or PC he describes in an imaginary demo machine with two byte word.

He is describing a simple CPU which explains how CPUs work in general.

Real CPUs are much more complex:

In many manuals (for any kind of CPU) you'll find sentences like: "The PC register is pushed on the stack."

This typically means that the address of the instruction that is executed after returning from a call instruction is pushed on the stack.

However such sentences are not 100% correct: In the case of a 68k CPU (see below) the address of the next instruction is written, not the instruction of the current instruction plus 2!

For most CPUs PC-relative jump instructions are relative to the address of the next instruction; however there are counter-examples (such as PowerPC VLE).

32-bit x86 CPUs (as used in most desktop / laptop computers)

On such CPUs, only call directly reads the EIP register, and only jump instructions write EIP. This is enough "insulation" that this register is some internal circuit in the CPU, if there is a physical EIP register at all, and you don't necessarily know its content.

(You could count int instructions like int3 or int 0x80 as reading CS:EIP as well, because they have to push an exception frame. But it makes more sense to think of them as triggering the exception-handling machinery.

It is highly probable that different x86 CPUs work differently internally so the actual content of the EIP "register" is different in different CPUs. (And modern high-performance implementation won't have just one EIP register, but they do whatever is necessary to preserve the illusion and push the right return address when needed.)

(PC-relative jumps are relative to the address of the next instruction.)

64-bit x86 CPUs

These CPUs have instructions that directly use the RIP register, like mov eax,[rip+symbol_offset] to do a PC-relative load of static data; makes position-independent code for shared libraries and ASLR significantly more efficient than 32-bit x86. In this case "RIP" is the address of the next instruction.

68k

These CPUs also have a possibility to directly use the content of the PC register. In this case the PC reflects the address of the current instruction plus 2 (I'm not absolutely sure here).

Because such instructions are at least 4 bytes long the value of the PC register will reflect the address of a byte "in the middle" of an instruction.

ARM

When reading the PC on ARM CPUs (it can be read directly!) the value typically reflects the address of the current instruction plus 8, in some situations even plus 12!

(Instructions are 4 bytes long so "current instruction plus 8" means: The address of two instructions ahead!)