The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86)...

29
The x86 INSTRUCTION SET B.1 Introduction B.1.1 Flags< B.1.2 Instruction Descriptions and Formats B.2 Instruction Set Details (Non Floating-Point) B.3 Floating-point Instructions B.1 Introduction This appendix is a quick guide to the most commonly used x86 instructions. It does riot cover sys- tem-mode instructions or instructions typically used only in operating system kernel code or protected-mode device drivers. B.1.1 Flags (EFIags) Each instruction description contains a series of boxes that describe how the instruction will affect the CPU status flags. Each flag is identified by a single letter: 0 Overflow S Sign P Parity D Direction Z Zero C Carry 1 Interrupt A Auxiliary Carry Inside the. boxes, the following notation shows how each instruction will affect the flags: 1 Sets the flag. 0 Clears the flag. ? May change the flag to an undetermined value. (blank) The flag is not changed. * Changes the flag according to specific rules associated with the flag. 620

Transcript of The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86)...

Page 1: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

The x86 INSTRUCTION SET

B.1 IntroductionB.1.1 Flags<B.1.2 Instruction Descriptions and Formats

B.2 Instruction Set Details (Non Floating-Point)B.3 Floating-point Instructions

B.1 IntroductionThis appendix is a quick guide to the most commonly used x86 instructions. It does riot cover sys-tem-mode instructions or instructions typically used only in operating system kernel code orprotected-mode device drivers.

B.1.1 Flags (EFIags)Each instruction description contains a series of boxes that describe how the instruction willaffect the CPU status flags. Each flag is identified by a single letter:

0 Overflow S Sign P Parity

D Direction Z Zero C Carry

1 Interrupt A Auxiliary Carry

Inside the. boxes, the following notation shows how each instruction will affect the flags:

1 Sets the flag.

0 Clears the flag.

? May change the flag to an undetermined value.

(blank) The flag is not changed.

* Changes the flag according to specific rules associated with the flag.

620

Page 2: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

B.I 621

For example, the following diagram of the CPU flags is taken from one of the instructiondescriptions:

G D I S Z A P C

From the diagram, we see that the Overflow, Sign, Zero, and Parity flags will be changed tounknown values. The Auxiliary Carry and Carry flags will he modified according to rules associ-ated with the flags. The Direction and Interrupt flags will not be changed.

B.1.2* Instruction Descriptions and Formats -^-^-^^-- -—When a reference to source and destination operands is made, we use the natural order of oper-ands in all x86 instructions, in which the first operand is the destination and the second is thesource. In the MOV instruction, for example, the destination will be assigned a copy of the datain the source operand:

MOV destination, source

There may be several formats available for a single instruction. Table B-l contains a list ofsymbols used in instruction formats. In the descriptions of individual instructions, we use thenatation "?;86" to indicate that an instruction or one of its variants is only available on processorsin the 32-bit x86 family (Tnlel386 onw;ird). Similarly, the notation "(80286)" indicates that atleast an Intel 80286 processor must be used.

Register notations such as (E)CX, (E)SI, (E)DI, (E)SP, (E)BP, and (E)IP differentiate betweenx86 processors that use the 32-bit registers and all earlier processors that used 16-bit registers.

B'l Symbols Used in Instruction Formats.

L f * U lly

Symbol1/; .'

reg

regS, reg!6, reg32

accum

mem

mem8, mem} 6, mem32

short label

near label

farlabel

\ ^ \ ̂ Description^1 ^ *i (

An 8-, 16-, or 32-bit general register from ihe following list: AH, AL, BH, BL, CH, CL,DH, DL, AX, BX, CX, DX, SI, DI, BP, SP, EAX, EBX, ECX, EDX, ESI, EDI, EBP,and ESP.

A general register, identified by its number of bits.

A 16-bit segment register (CS, DS, ES, SS, FS, GS).

AL, AX, or EAX.

A memory operand, using any of the standard memory-addressing modes.

A memory operand, identified by its number of bits.

A location in the code segment within —128 to + 127 bytes of the current location.

A location in the current code segment, identified by a label.

A location in an external code segment, identified by a label.

Page 3: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

Symbol

.imm

imrn8, immlfj, imtn32

instruction

- An immediate operand

An immediate operand

• Dascription

identified by its number of bits.

An 80x86 assembly language instruction.

B.2 Instruction Set Details (Non Floating-Point)

AAA ASCII Adjust After Addition

O D I S Z A P C

? ? | Ll^ '•' *JAdjusts the result in AL after two ASCII digits have been added together. If AL > 9, the highdigit of the result is placed in AH, and the Carry and Auxiliary Carry flags are set.Instruction format:

AAA

AAD ASCII Adjust Before Division

G D I S Z A P C

LL - I* V * ?

Converts unpacked BCD digits in AH and AL to a single binary value in prL-puratiun for die DIVinstruction.Instruction format:

AAD

AAM

l'Wf«l~u-

ASCll Adjust After Multiply

O D I S Z A P C

Adjusts the result in AX after two unpacked BCD digits have been multiplied together.

Instruction format:

AAM

Page 4: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

li.2 ioN SET oN FloAtiM,'Poiw) 62J

AAS ASCII Adjust After Subtraction

O D I S? ?

Z A P C

? * ? * I

Adjusts the result in AX nfter a subtraction operation. If AL > 9, AAS decrements AH and sets.jhe^Cairy and Auxiliary Carry flags. ..

Instruction format:

AAS

ADC Add CarryG D I S

EH •Z A P C

* * * *

Adds both the source operand and tt c Carry flag m the destination operand. Operands must hethe saniL" si/.e.Instruct ion formats:

ADC" reg, reg ADC r.:;g, inirnADC mem, reg- ADC mem, inunADC reg, mem ADC accum, iiwn

ADD Add0 D I S

*

Z A P C

A source operand is added to a destination operand, and the sum is stored in the destination.Operands must be the same SIM.

Instruction formats:

ADD reg, recr ADD reg, imm

ADD mem, reg ADD mem, immADD reg, mem ADD accum, imm

AND Logical ANDO 15 I S

Lii_L •Z A P C1

* ? * j 0 1

Each bit in the destination operand is ANDed with Ihe corresponding bit in the source operand.Instruction formats:

AND reg, reg AND reg, immAND mem, reg AND mem, immAND reg,mejn AND accum, imm

Page 5: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

Verilies that a signed index value is within die bounds of an array. On the 80286 processor, diedestination operand can be any 16-bit register containing the index to be checked. The sourceoperand must be a 32-bit memory operand in which the high and low words contain the upperand lower bounds of the index value. On the x86 processor, the destination can be a 32-bit regis-ter and the source can be a 64-bit memory operand.Instruction formats:

BOUND reglG,mem32 BOUND r32,niem64

BSF,BSR

Bit Scan (x86)

O D r S Z1 7 ? ?

A P C

? ? ?

Scans an operand to find die first set bit. If Hie bit is found, the Zero flag is cleared, and die destinationoperand is assigned the bit number (index) of the first set bit encountered. If no set bit is found, ZF =1 . BSF scans from bit 0 to the highest bit. and BSR starts at the highest bit and scans toward bit 0.Instruction formats (apply to both BSF and BSR):

BSF regl6/r/ml6 BSF reg32,r/m32

BSWAP Byte Swap (x86)

Reverses the byte order of a 32-bit destination register.Instruction format:

BSWAP reg32

BT,BTC,BTR,BTS

Bit Tests (x86)

O

CED I S

?z7

A

?

P?

C

*

Copies a specified bit (n) into the Carry flag. The destinalion operand contains Ihe value inwhich die bit is located, and the source operand indicates die bit's position within the destination.BT copies bit n to the Carry flag. BTC copies bit n to the Carry flag and complements bit n in thedestination operand. BTR copies bit n to the Carry flag and clears bit n in the destinalion. BTScopies bit n to the Carry flag and sets bit n in die destination.Instruction formats:

BT r/ml6,imm8 BT r/ml6,rl6BT r/m32,imm8 BT r/m32,r32

Page 6: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

B.2 INSTRUCTION SET DEmils (NoN 625

CALL Call a Procedure

G D I S 2 A P C

Pushes the location of the next instruction on the stack and transfers to the destination location.If the procedure is near (in the same segment), only the offset of the next instruction is pushed;otherwise, hoth the segment and the offset arc pushed.Instruction formats:

C7Vr,L, nea r 1 abol CALL meml 5CALL fzrl abel CALL merr.3 2CALL reg

CBW Convert Byte to Word

l )

Extends the sign hit in AL throughout the AH register.Instruction format:

CBW

CDQ Convert Doubleword to Quadword (x86)

O D 1 S 2. A P C

L_ _J_Extends the .sign bil in FLAX throughout the EDX register.Instruction format:

CDQ

CLC Clear Carry Flag

O D I S 7, A \> C

Clears the Carry flag lo /.cru.Instruction format:

CLC

Page 7: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

CLD Clear Direction Flag

O D J S 2 A P C

0

Clears the Direction fiag to zero. String primitive instructions will automatically increment(0)51 and (E)DI.Instruction format:

CLD

CLI Clear Interrupt Flag

G D I S Z A P C

0

Clears the Interrupt flag to zero. This disables maskable hardware interrupts until an STI instruc-tion is executed.Instruction format:

CLI

CMC Complement Carry Flag

G D I S Z A P C

Toggles the current value of the Carry flag.Instruction form at:

CMC

CMP Compare

O D I S Z A P C* * * * * *

Compares the destination to the source by performing an implied subtraction of the sourcefrom the destination.Instruction formats:

CMP reg, reg CMP reg, immCMP mem, r&g CMP mem, immCMP reg, mem CMP accum, imm

Page 8: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

IS.2 INSTRUCTION SFI DEtAik (NoN 627

CMPS,CMPSB,CMPSW,CMPSD

Compare Strings

O D I 7. A

Compares strings in memory addressed by DS:(E)SI and ES:(E)DI. Carries out an implied sub-traction of the destination from the source. CMPSB compares bytes, CMPSW compareswords, and CMPSD compares doublewords (on xS6 processors). (Ii)S! and (E)D1 are increasedor decreased according to tlic operand size and the status of the Direction flag. If the Directionllag is set, (H).Si and (H)DI are decreased; otherwise (B)SI and (B)D1 arc increased.Instruction formats (formats using explicit operands have intentionally been omitted):

CMPSBCMPSD

CMPSW

CMPXCHG Compare and Exchanga

O D I 1* C

Compares the destination to the accumulator (AL. AX, or EAX). If they arc equal,the source is copied to the destination. Otherwise, the destination is copied to theaccumulator.Instruction formats:

CMPXCHG reg,reg CMPXCHG mem, reg

CWD Convert Word to Doubleword

O D I S Z A P C

Extends the sign hit in AX into the DX register.Instruction formal:

CWD

DAA Decimal Adjust After Addition

O D I S Z A P C

Adjusts the binary sum in AL after two packed BCD values have been added. Converts the sumto two BCD digits in AL.Instruction format:

DAA

Page 9: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

DAS Decimal Adjust After Subtraction

G D I S Z A

Converts the binary result of a subtraction operation to two packed BCD digits in AL.Instruction format:

DAS

DEC DecrementO D I S

czZ A P C

* | * * |

Subtracts t from an operand. Does not affect the Carry flag.Instruction formats:

DEC reg- DEC meni

DIV Unsigned Integer Divide

O D A P

h 7 ? ? ? ?

Performs either 8-, 16-, or 32-bit unsigned integer division. If die divisor is 8 bits, the dividend is AX,the quotient is AL, and the remainder is AH. If the divisor is 16 bits, the dividend isDXiAX, thequotient is AX, and the remainder is DX. If the divisor is 32 bits, the dividend is EDX:EAX, thequotient is EAX, and the remainder is EDX.

Instruction formats:

DIV reg DIV mem

ENTER Make Stack Frame (80286)

O D

Creates a stack frame fur a procedure that receives stack parameters and uses local stack v;iviabks.The first operand indicates the number of bytes to reserve for local stack variables. The secondoperand indicates the procedure nesting level (must be set to 0 for C, Basic, and FORTRAN).Instruction format:

ENTER iwnl6,iitm8

Page 10: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

B.2 INSTRUCTION SET DEiails(NoN FloATi 629

HLT Halt

O D I S Z A P C

Stops the CPU until a hardware interrupt occurs. (Note: The Interrupt Hag must be set with theSTT instruction before hardware interrupts can occur.)Instruction formal;

IDIV Signed Integer Divide

O D I S

| ? | 7

7, A P C

? ? ? I 7 1

.Performs a signed inU-ger division cpcration on EDX:EAX, DX:AX, or AX. If the divisor isS bits, the dividend is AX, the quotient is AL, and the remainder is AH, If the divisor is 1 6 bits,the dividend is DX: AX, the quotient is AX, and the remainder is DX. If the divisor is 32 bits, thedividend is EDX:EAX, the quotient is EAX, and the remainder is EDX. Usually the IDIV oper-ation is prefaced by either CBW or CWD to sign-extend the dividend.Instruction formats:

IDIV reg IDIV mem

IMUL Signed Integer Multiply

O D I

Performs a signed integer multiplication on AL, AX, or EAX. If the multiplier is 8 bits, the mul-tiplicand is AL and the product is AX. If the multiplier is 16 bits, the multiplicand is AX and theproduct is DX:AX. If the multiplier is 32 bits, the multiplicand is EAX and the product isEDX:EAX. The Carry and Overflow flags are set if a 16-bit product extends into AH, or a 32-bitproduct extends into DX, or a 64-bit product extends into EDX.Instruction formats:Single operand:

Two operands:

IMUL r 16, r/ml 6IMUL r32,r/m32IMUL r!6, imml6

Three operands:

IMUL rl6,r/m!6, irnmSIMUL r32,r/m32,imm8

IMUL r!6, imm8IMUL r32, iwnSIMUL r32,

IMUL r!6, r/nilS, imrnl 5IMUL

Page 11: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

6 JO

IN Input From Port

Inputs a byte or word from a port into AL or AX. The source operand is a port address,expressed as either an 8-bit constant or a 16-bit address in DX. On x8f> processors, adoublewordcan be input from a port into KAX,

Instruction formats:

IH accuin, imm IN accum.DX

INC IncrementC> D I Z A I'

Adds 1 to a register or memory operand.Instruction formats:

INS,INSB,INSW,INSD

Input from Port to String (80286)

O D I S Z

r~ rA P C

_ .1 JInputs a string pointed to by ES:(E)DI from a port. The port number is specified in DX. Fur eachvulue received, (E)DI is adjusted in the same way as LODSB and similar string primitiveinstructions. The RIIP prefix may be used with this instruction.Instruction formats:

IMS dest.DXREP INSW ' des t , DX

REP INSB dest,DXREP TNSD desC,DX

INT Interrupto D I S 7, A

0

P C

~\s a software interrupt, which in turn calls an operating system subroutine. Clears the

f nicrnipt Hag and pushes the flags, CS. iiuJ IP on the stack before bniwhmg to the interrupt routine.Instruction formats;

INT imm 1KT 3

Page 12: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

15,2 StI Dl.lAi!s (N(>!\1

INTO Interrupt on Overflow

G D I S Z A P C

* *

Generates internal CPU Interrupt 4 if the Overflow flag is set. No action is taken by MS-DOS ifINT 4 is called, but a user-written routine may be substituted instead.

Instruction format:

INTO

[RET Interrupt Return

O D 1 S Z A

1 * * * * * *| * * * * * *

Returns from an interrupt handling routine. Pops the stackInstruction formal:

IR3T

J condition Conditional Jump

O D I S Z A P C

Jumps to a label if a specified flag condition is true. When using a processor earlier thanthe x8(>, the label must be in the range of -128 to +127 bytes from the current location.On x86 processors, the label's, offset can be a positive or negative 32-bit value. SeeTable B-2 for a list of mnemonics.

Instruction format:

Jcondi tion label

Table B-2 Conditional Jump Mnemonics.

Mnemonic

JA

LNA

IAE

JNAF,

JB

Comment

Jump if above

Jump if not above

Jump if above or equal

Jump if not above or equal

Jump if below

Mnemonic

JF,

JNE

YL

JNZ

JS

Comment

Jump if equal

Jump if not equal

Jump if /cro

Jump ii "not zero

Jump if sign

Page 13: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

B-2 (Continued)

Mnemonic

JNB

JBE

JNBE

JG

JNG

JGE

INGE

JL

JNL

JLE

Comment

Jump if not below

Jump if below or equal

Jump if not below or equal

Jump if greater

Jump if not greater

Jump if greater or equal

Jump if not greater or equal

Jump if less

Jump if not less

Jump if less or equal

Mnemonic

JNS

JC

JNC

JO

JNO

JP

JPE

JNP

JPO

JNLE

Comment

Jump if not sign

Jump if carry

Jump if no carry

Jump if overflow

Jump if no overflow

Jump if parity

Jump if parity equal

Jump if no parity

Jump if parity odd

Jump if not less than or equal

JCXZ,JECXZ

Jump If CX Is Zero

O D I S Z A

Jump to a short label if Hie CX register is equal to zero. The short label must be in the range— 128 to +127 bylcsfrom Ihe next instruction. On x 86 processors, JECXZ jumps if ECX equalszero.Instruction formats:

JECXZ shortlabel

JMP Jump Unconditionally to Label

G D I S A

Jump to a code label, A short jump is within—128 to +127 bytes from the current location. Anear jump is within the same code segment, and a far jump is outside the current segment.Instruction formats:

JMP regl 6JMP meml6JMP

Page 14: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

B.2 SET DiiAils (Not-i 655

LAHF Load AH from Flags

0 D I S

dZ A P C

^ "1The following flags arc copied to AM: Sign, Zero, Auxiliary Carry, Parity, and Carry.

Instruction format;

LAHP

LDS,LES,LFS,LGS,LSS

Load Far Pointer

O D I A

Loads tlic contents of a doubleword memory operand into a segment register and the specifieddestination rviistcr. When usinc nrticcssois prior to the x^n, LDS loud1; into DS, !,ES loads intoRS.On the ..y,(\S .s into I-'S, LGS kwds inioGS, ;u i j LSS loads mLo Ss.instruction format (same forLUS, LES, LI-S, LGS, LSS):

LDS 'eg, mejn

LEA Load Effective Address

G D I S Z A I' C

Calculates and loads the ]6-bit or 32-bit effective address of a memory operand. Similar toMOV.. OFFSET, except that only LEA can obtain an address that is calculated at runtime.

Instruction format:

LEA r eg, mem

LEAVE High-Level Procedure Exit

O D I A

Terminates llic slack frame of a procedure. This reverses the action of tlie ENTER instruction atthe beginning of a procedure by restoring (Ii)SP and (E)BP to their original values.Instruction format:

LEAVE

Page 15: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

LOCK Lock the System Bus

O D 1 S Z A P C

Prevents other processors from executing during die next instruction. This instruction is usedwhen another processor might modify a memory operand that is currently being accessed by the CPU.Instruction formui:

LOCK instruction

LODS,LODSB,LODSW,LODSD

Load Accumulator from String

O D 1 S 7, A 1'

Loads a memory byte or word addressed by DS:(E)SI into the accumulator (AL, AX, orEAX). If LODS is used. Ihe memory operand must he specified. LODSB loads a byte intoAL. LOUSW loads a word into AX, and LODSD on the xKG loads a double word into EAX.(F.)SI is increased or decreased according to the operand wi/e and the status of the directionU:IJT. I f the Direction Rag (Dl;) = 1, (H).S1 is decreased; if Dr - 0,(E)SI is increa^d.InsliiK'licn forma1,:;:

LODSB

LODSW

LOOP LoopO D I S Z A I' C

Decrements ECX and jumps to a short label if ECX is not equal to zero. The destination mustbe -128 to +127 bytes from the current location.Instruction formats:

LOOP shortlabel LOOPW shortlsbel

LOOPD Loop (x86)O D I S Z A P C

Decrements ECX and jumps to a short label if ECX is not equal to zero. The destination mustbe -128 (o 4 127 byles from the current location.Instruction format:

LOO&D shor-tJabel

Page 16: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

B.2 INSTRUCTION SET DuAiis (No.\5

LOOPE,LOOPZ

Loop If Equal (Zero)

G D I S z A P c

Decrements (li)CX and jumps to a short label if (E)CX > 0 and the Zero flag is set.

Instruction formats:

LOOPK shortlai>e.Z

LOOPNE,LOOPNZ

Loop If Not Equal (Zero)

O I s L A p c

Decrements (I:)CX and jumps to a short label if (H)CX > 0 and Ihe Zero flag is clear.

Instruction format1;:

LOOPW Loop with 16-bit Counter

0 D 1 S /. A I1 C

Decrements CX and jumps to a short label of CX is not equal to zero. The destination mustbe -128 to +127 bytes from the current location.Instruction formal:

LOOPW short-label

MOV MoveO D I S Z A P C

Copies a byte or word from a source operand to a destination openmd.Instruction formats;

MOV rag,regMOV mem,regMOV reg, memMOV reg!6,segregMOV ssgreg,regl6

MOV reg, imuMOV mem,immMOV memlS, segregMOV segreg,meml6

Page 17: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

MOVS,MOVSB,MOVSW,MOVSD

Move String

G D I S Z A P C

Copies a byte or word from memory addressed by DS;(E)S1 to memory addressed byES:(E)DI. MOVS requires both operands to be specified. MOVSB copies a byte, MOVSWcopies a word, and on the x86, MOVSD copies a doublcword. (E)SI and (E)DI arc increasedor decreased according to the operand size and the status of the direction ftag. If the Directionflag (DF) = 1, (E)SI and (E)DI are decreased; if Dp = 0, (E)SI and (E)DI are increased.Instruction formats:

MOVSBMOVSW

I-iOVSD

MOVS dest, sourceMOVS ES:deSt,

MOVSX Move with Sign-Extend

O D I S Z A P C

Copies a byte or word from a source operand to a destination register and sign-extends inlo theupper bits of the destination. This instruction is used to copy an 8-bil or 16-bit operand into alarger destination.Instruction formats:

MOVSX reg32,regieMOVSX reg!6,reg8

MOVSX reg.32,reg8MOVSX reg32,meml6MOVSX regie,m8

MOVZX Move with Zero-Extend

G D I S Z A P c

Copies a byte or word from a source operand to a destination register and zero-extends into theupper bits of the destination. This instruction is used lo copy an 8-bit or 16-bit operand into alarger destination.Instruction formats:

MOVSX reg32,reglGMOVSX regl6,reg8

MOVZX reg32,reg8MOVSX re$32,meml6MOVSX regie,m8

Page 18: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

B,2 INSTRUCTION SFI Dimils (NoN 657

MUL Unsigned Integer Multiply

G D I S

[Z II7, A P C

? '? ? *

Multiplies AL, AX, or EAX by a source operand. If the source is 8 bits, it is multiplied by ALand ihe product is stored in AX. If the source is 1 6 bits, il is multiplied by AX and the product isstored in DX:AX. If the source is 32 biis, it is mulliplied by EAX and the product is stored inEDX:liAX.Instruction foimnts:

MUL reg MUL, mem

NEG Negate0 D 1 S

L_niira/, A P Cv[ ~TI;TI

Calculates the twos complement of the destination operand and stores the result in the destination.Instruction formats:

NEG reg NEG mem

NOP No Operation

G D I S Z A P C

This instruction does nothing, but it may be used inside a timing loop or 10 align a subsequentinstruction on a word boundary.

Instruction format:

NOP

NOT Not

O D I S 7, A \> C

Performs a logical NOT operation on an operand by reversing each of its bits.Instruction formats:

NOT reg NOT mem

Page 19: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

OR Inclusive ORG D I S Z A P C

IJL * LLLlLlLPerforms a boolean (bitwise) OR operation between each matching Viil in the destination operandand each bit in the source operand.Instruction formats:

OR reg, regOR mem, regOR reg, mem

OR reg, immOR mem , iimtOK accum, inan

OUT Output to PortO D 1 S Z A P C

innWhen using processors prior to the x86. this instruction outputs a hylc or word from the accu-mulator lo a port. The port address may he a constant if in the range 0-FFh, or DX may containa port address between 0 and FFFFh, On an x86 processor, a doublcword can he output to a port.Instruction formats:

OUT DX,accum

OUTS,OUTSB,OUTSW,OUTSD

Output String to Port (80286)

O D 1 S Z A P C

Outputs a string pointed to by ES:(E)DI to a port. The port number is specified in DX. For euclivalue output, (H)D1 is adjusted in the same way as LODSB and similar string primitive instruc-tions. The REP prefix may be Ubcd with this instruction.Instruction formats:

OUTS dest,DXREP OUTSW dest.DX

REP OUTSB dest,DXREP OUTSD des t ,DX

POP Pop from Stack

o D i s z A

Copies ;i word or ilouhleword at the current stack pointer location into the destination operandand adds 2 (or 4) to (E)SP.Instruction formats;

POP regl6 fr32POP mem!6/mem32

Page 20: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

B.2 ioN SET Demils (NoN 659

POPA,POPAD

Pop AltG D I S Z A P C

Pops 16 bytes from the top of the stack inlo the eight general-purpose registers, in the followingorder: DI, SI, BP, SP, BX, DX, CX, AX. The value for SP is discarded, so SP is not reassigned.POPA pops into 16-bit registers, and POPAD on an x86 pops into 32-bit registers.

Instruction formats:

POPA POPAD

POPF,POPFD

Pop Flags from Stack

G D I S Z A P C

POPF pups the top of the stack into the 16-bit FLAGS register. POPFD on an x86 pops the topof the stack into the 32-bit EFLAGS register.

Instruction formats:

POPF POPFD

PUSH Push on Stack

G D I S Z A P C

If a 16-bit operand is pushed, 2 is subtracted from ESP. If a 32-bit operand is pushed, 4 is sub-tracted from ESP. Next, the operand is copied into the stack at the location pointed to by ESP.

Instruction formats:

PUSH regiefreg32PUSH meml 6/mem32

PUSH segregPUSH iirwl6/imm32

PUSHA,PUSHAD

Push All (80286)

O D I S Z A P C

Pushes the following 16-bit registers on the stack, in order: AX, CX, DX, BX, SP, BP, SI, andDI. The PUSHAD instruction for the x86 processor pushes EAX, ECX, EDX, EBX, ESP,EBP, ESI, and EDI.Instruction formats:

PUSHA PUSH.AD

Page 21: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

PUSHF,PUSHFD

Push Flags

O D I S Z A P C

rUSHF pushes the 16-bit FLAGS register uulo tlie stack. PUSHFD pushes the 32-bitEFLAGS onto the suck (x86).Instruction formats'.

PUSHF PUSHFD

PUSHW,PUSHD

Push on StackG D I S /, A P C

PUSHW pushes a 16-bit word on the slack, and on the x86, PUSHD pushes a 32-liit double-word on the stack.Instruction formats:

RCL Rotate Carry Left

O D

EHI S Z

nzA P c

ZEDRotates the destination operand left, using the source operand to determine the number of rota-tions. The Carry flag is copied inlo the lowest bit, and the highest hit is copied inlo the Carryflag. The inunS operand must be a 1 when using tlic 8086/8088 processor.

Instruction formats:

RCL reg, iiwnS RCL mem, immSRCL reg,CL RCL mem,CL

RCR Rotate Carry Right

O D I

Rotates I In? destination operand rii'.hi, using the source operand to determine the number of rota-tions. The Carry flag is copied inlo ihe highest bit, and the lowest bit is topk-.il into the Carryflag. The immS operand must be a 1 when using the 8086/80K8 processor.Instruction formats:

RCR reg, I/nmSRCR reg,CL

RCR mem, i/nmffRCR rriem,CL

Page 22: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

R.2 INSTRUCTION Sf.i Dtmils (NoN 641

REP Repeat String

O D I S Z A, P C

cnRepeats a string primitive instruction, using (E)CX as a counter. (E)CX is dccrcmentetl eachtime the instruction is repeated, until (E)CX = 0.Format (shown witli MOVS);

REP MOVS dest, source

REPcond/f/on Repeat String Conditionally

Repeats a string primitive instruction until (E)CX = 0 and while a flag condition istrue. RHPZ (REPE) repeats while the Zero flag is sel. and REPNZ (RHPNE) repealswhile the Zero flag is clear. Only SCAS and CMPS should he used with REP condi-tion, because they are the only string primitives that modify the Zero flag.Formats used with SCAS:

REPZ' SCAS dest

REPZ SCASB

REPE SCASW

REPNE SCAS dest

REPNE SCASBREPNZ SCASW

RET,RETN,RETF

Return from Procedure

O D I Z A P

L

Pops a return address from the stack. RETN (return near) pops only the lop of the stack into(H)ll ' . In reul-ad dress mode, RHTF (rciurn iarl pops the M L j t k lirsl into (E)1C atid then into C.S.RET may be cither near or far, depending on the attribute specified or implied by the PROCdirective. An optional 8-bit immediate operand tells the CPU to add a value to (Fi)SP after pop-ping the return address.Instruction formats:

RETRETNRETF

RET imfiiSRETN iwnSRHTF immfl

Page 23: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

ROL Rotate Lett

O D I S Z A 1'

Rotates the destination operand left, using the source operand to determine the number of rota-tions. The highest bit is copied into the Carry tlag and moved into ilie lowest bit position. TheimmS operand must be a 1 when using tile 80K6/S088 processor.Instruction formats:

ROL reg,ROL reg,CL

ROL ir.em, imm8ROL mem,CL

ROR Rotate Right

o n i s z A

Rotates the destination operand right, using the source operand to determine the number of rota-tions. The lowest bit is copied into both the Carry flag and the highest bit position. The tmmSoperand must be a 1 when using: the 808d/SOK8 processor,Ins t ruct ion formats: i

SAHF Store AH into Flags

O D I S / A P C

Copies AH into bits 0 through 7 of the Flags register.Instruction format:

SAHF

SAL Shift Arithmetic Left

O D i s ;* *

£ A P C

, 7 , "T]

Shifts each bit in the destination operand to the left, using the source operand to determine ihenumber of shifts. The highest bit is copied into the Carry flag, and the lowest bit is filled with a?.ero. The imm8 operand must be a 1 when using the 8086/K08H processor.Instruction formats:

SAL reg, imm8 SAL nte;n, imm8SAL recr,CL SAL mem,CL

Page 24: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

B.2 iNSIRUCTfON SET DETAlIs (NON 645

SAR Shift Arithmetic Right

G D I S Z, A P C

* 1 * * * * 1

Shifts each bit in the destination operand to the right, using the source operand to determine thenumber of shifts. The lowest bit is copied into the Carry flag, and the highest bit retains its previ-ous value. This shift is often used with signed operands because it preserves the number's sign.The immS operand must be a I when using the 8086/8088 processor.Instruction formats:

SAR reg, irnmS SAR mem, iirwSEAR reg,CL SAR mem.CL

O D I S Z A I1 C

Subtracts the source operand from the destination operand and then subtracts the Carry flag fromthe destination.Instruction formats:

SBB reg, regSBB mem, reg-SBB reg,mem

SBB reg, 1mmSBB mem, imm

SCAS,SCASB,SCASW,SCASD

Scan String

O D I A.

Scans a string in memory pointed to by ES:(E)DI for a value that matches the accumulator.SCAS requires the operands to be specified. SCASB scans for an 8-bit value matching AL,SCASW scans for a 16-bit value matching AX, and SCASD strans for a 32-bii value matchingEAX. (E)DI is increased or decreased according to the operand size and the status of the direc-tion flag. If DF = 1, (E)DI is decreased; if DF = 0, (E)DI is increased.Instruction formats:

SCASW

Page 25: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

644 AppiNtiix B • Tlit. xfl6 liNSTuuciioN Sr-i

BET condition Set Conditionally

O D I S Z A P C

If the given flag condition is true, the byte specified by ihe destination operand isassigned the value 1. If the flag condition is false, the destination is assigned a valueof 0, The possible values for condition were listed in Table B-2.Instruction formats:

SHL Shift Lett

O D ) S Z A

* 1 * * ?

I' C

.1. Tj

Shif t s each bit in the dcsiiuation operand to the left, using the source operand to determinethe number of shifts. The highest bit is copied into the Carry (lag, and [he lowest bit is tilledwith n zero (identical to SAL). The immK operand must be a 1 when using the SOS6/80KSprocessor.

Instruction formats:

SHL rag, imn>8

SHL reg,CLSHL mem, imu8

SHL jnein,CL

SHLD Double-Precision Shift Left (x86)

G D I S Z A P C

Shifts liie bits of the second operand inio the first operand. The third cipentnil indicates the num-ber of bits to be shifted. The positions opened by the shift are filled by the niosl significant hitsof the second operand. The second operand must always be a register, and the third operand maybe either an immediate value or the CL register.

Instruction formats:

SHLD regie, r&gl 6, imm8SHLD reg32, ireg-32, imrnSSHLD reglo, regie,Cl,

SHLD reg32,reg32,CL

SHLD mcml6, regl6,SHLD mem32, reg32,SHLD mentis, regl 6, CSHLD mew32,

Page 26: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

(3.2 INSTRUCTION SI.T n™ik (NoN I 61?

SHR Shift Right

G D I S Z A P C

* *' ? * _*J

Shifts each bit in the destination operand to die right, using the source operand to determine thenumber of shifts. The highest bit is filled will) a zero, and the lowest bit is copied into the Carryflag. The imm8 operand must be a 1 when using the 80S6/S088 processor.Tnstniction formats:

SHR regr, iivmS SHR mem, iitmSSHR r^g-,CL SHR mem.CL

SHRD Double-Precision Shift Right (xB6)

O D I S Z A P C

[Z * ? * *J

Shifts l hi.1 bits of the second operand into the first operand. The third operand indicates the num-ber of bit-, to be shifted. The positions i>pcn;dby tin1 si l i f t ;-.re Tilled by the least siunHk-tint bits ofth,: s^c-on.I operand, '['he s^wn. opernsul ::ras; :i ways be anj.isUT, :mJ t i i^ l l s in l c.:-.-:und ma> beeither an immediate value or the ( !L register.Instruction formats:

SHRD regie, reg!6, imrnS 2HRD Kieml6, ray!6, inunSSliRD reg32 , reg32, immS SHRD mem32, recf32, ijnmSSHRD regie, regl6, CL SHKD meml 6, regie, CLSHRD reg32,reg32,CL SHRD mem32, reg32, CL

STC Set Carry Flag

G D I S Z A P C

1 |

Sets the Carry flag.

Instruction formal:

STC

STD Set Direction Flag

G D I S 7 , A P C

Sets Ihe Direction Dag, causing (E)SI and/or (E)D1 to be decremented by string primitiveinstructions. Thus, siring processing will be from high addresses to low addresses.Instruction format:

STD

Page 27: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

646 AppENtiix B • The x&6 SGI

STI Set Interrupt Flag

O D I S Z A P C

Sets the Interrupt flag, which enables maskable interrupts. Interrupts are automatically disabled whenan interrupt occurs, so an interrupt handler procedure immediately reenaWes uicrn, using STI.Instruction format:

STI

STOS,STOSB,STOSW,STOSD

Store String Data

O D I S Z A P CznStores the accumulator in the memory location addressed by ES:(E)DL If STOS is used, a des-

. dilation operand must he specified. STOSR copies AL to memory, STOSW copies AX tomemory, mul STOSD for UK- xK6 processor copier, EA.X to memory. (E)DI is increased ordecreased acL-ording lo the operand si/,s and. the suuus of the direction flag. If DP = 1, (EjDI isdecreased; if DF = 0, (E)Dl is increased.Instruction formats:

STOSBSTOSDSTOS memSTOS ES:mem

STOSW

SUB SubtractG D I S Z A P C

* * * * *

Subtracts the source operand from the destination operand.Instruction formats:

SUB reg, reg SUB reg, immSUB mem, reg SUB mem, iramSUB reg, mem SUB acciire, imm

TEST TestO D I

r — ~T — ~i — ~~| 0 | |

SP_*

Zr — '*

A P C

nTiHTests individual bits in the deslinavion operand against those in the source operand. Performs alogical AND operation that affects the flags but not the destination operand.Instruction formats:

TEST reg, reg TEST reg, immTEST mem, reg TEST mem, immTEST reg, mem TEST accLjm,imm

Page 28: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

B.2 INSTRUCTION SEI DEiails (NoN 647

WAIT Wait for Coprocessor

0 D I S Z'

A P C

Suspends CPU execution until the coprocessor finishes the current instruction.Instruction format:

WAIT

.

XADD Exchange and Add (Intel486)

O D I S Z A P C

Adds the source operand lo the destination operand. At the same time, the original destinationvalue is moved to the source operand.Instruction formats:

XADD reg, reg XADD mem, reg

XCHG ExchangeO D I S Z A ? C

Exchanges the contents of the source and destination operands.Instruction formats:

XCH reg, reg XCH mem, regXCH regr, mem

-

XLAT,XLATB

Translate ByteO D I S Z

| |

A P C

|

Uses the value in AL lo index into a table pointed lo by DS:BX, The byte pointed to by the indexis moved to AL. An operand may be specified in order to provide a segment override. XLATB maybe substituted for XLAT.Instruction formats:

XLAT XLAT segreg : memXLAT mem XLATB

Page 29: The x86 INSTRUCTION SETorion.towson.edu/~karne/teaching/c290sl/x86iset.pdfBSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP

64S Appnvdix B • HIE \il& INSTRULIION Srj

XOR Exclusive ORO D I S Z A P C

LJL * ? * 0 |

Kach bil in the source operand is exclusive ORed with its corresponding bit in the destination.The destination bit is a 1 only when [he original source and destination hits are different.Instruction formats:

XOR reg, rcgXOR mem, regXOR reg, me;n

XOR reg, irmXOR mem, immXOR accmn, imm

B.3 Floating-point InstructionsTable B-3 contains a list of all x86 floating-point instructions, with brief descriptions and oper-and formats. Instructions are usually grouped by function rather than strict alphabetical order.For example, the Ft ADD instruction immediately follows FADD and FADDP because it per-forms the same operation with integer conversion.

For complete mforniaiion about flouting-pjint instructions, consult the Intel Architecture: Manu-als. The word stack in this table refers to the FPU register slack. (Table B-l lists many of thesymbols used when describing the formats and operands of floating-point instructions.)

B-? Floating-Point Instructions.

'= Instruction'1

K2XM1

FABS

FADD

FADDP

P1ADP

FBLD

^1^$^ • "'•' .;:- ; '̂;;;i j ;V;:'-^ • ':". ;'- ', Description ' i

Compute 2* - 1. No operands.

Absolute value. Clears sign bit of ST(0). No operands.

Add floating-point Adds destination and source operands, stores sum in destination operand.Formats:

FADD Add ST(0) to ST(1) , and pop stackFADD ni32fp Add m32fp to ST(0 )FADD rn64fp Add m64fp to ST(0)FADD ST(0) ,ST{i) AddST( i ) t o S T ( O )FADD ST{ i ) ,ST(0 ) A d d S T ( O ) t o S T ( i )

Add flouting -point and pop. Performs the same operation as FADD, then pops [lie stack. Format:

FADDP S T ( i ) , S T ( 0 ) Add ST ( 0 ) Co ST(i)

Convert integer to floalin^-poinl and add. AJdi dc'stiiijtliim and M.IUIVU (ipeiaiuls, sinres sumdeslinaiion operand. Formats:

FIADD m32int Add m32int to S T ( 0 )FIADD xilGint Add m!6int to ST(0)

in

Load binary-coded decimal. Converts BCD source operand inlo double extended-precisionfloating-point format and pushes it on the stack. Format:

FBLD mSObcd Push mSObcd onto register stack