x86 Assembly Language. Reference Manual (1995) - page 2

 

  Главная      Manuals     x86 Assembly Language. Reference Manual (1995)

 

Search            copyright infringement  

 

 

 

 

 

 

 

 

 

 

 

Content      ..      1      2      3      ..

 

 

 

x86 Assembly Language. Reference Manual (1995) - page 2

 

 

Instruction-Set Mapping
2
This chapter describes the instruction set mappings for the SunOS x86
processor. For more details of the operation and a summary of the exceptions,
please refer to the i486 Microprocessor Programmer’s Reference Manual from Intel
Corporation.
This chapter is organized as follows:
Introduction
page 22
Segment Register Instructions
page 26
I/O Instructions
page 29
Flag Instructions
page 32
Arithmetic Logical Instructions
page 38
Multiply and Divide Instructions
page 56
Conversion Instructions
page 62
Decimal Arithmetic Instructions
page 64
Coprocessor Instructions
page 69
String Instructions
page 69
Procedure Call and Return Instructions
page 78
Jump Instructions
page 83
Interrupt Instructions
page 87
Protection Model Instructions
page 90
Bit Instructions
page 100
Exchange Instructions
page 103
21
2
Floating-Point Transcendental Instructions
page 104
Floating-Point Constant Instructions
page 105
Processor Control Floating-Point Instructions
page 105
Miscellaneous Floating-Point Instructions
page 106
Floating-Point Comparison Instructions
page 106
Load and Move Instructions
page 108
Pop Instructions
page 113
Push Instructions
page 114
Rotate Instructions
page 114
Byte Instructions
page 118
Exchange Instructions
page 120
Miscellaneous Instructions
page 121
Real Transfer Instructions
page 125
Integer Transfer Instructions
page 127
Packed Decimal Transfer Instructions
page 128
Addition Instructions
page 129
Subtraction Instructions
page 130
Multiplication Instructions
page 132
Division Instructions
page 133
Miscellaneous Arithmetic Operations
page 136
Comparison Instructions
page 138
Transcendental Instructions
page 141
Constant Instructions
page 143
Processor Control Instructions
page 145
Introduction
Although the Intel processor supports address-size attributes of either 16 or 32
bits, the x86 assembler only supports address-size attributes of 32 bits. The
operand-size is either 16 or 32 bits. An instruction that accesses 16-bit words or
32-bit longs has an operand-size attribute of either 16 or 32 bits.
22
x86 Assembly Language Reference Manual—November 1995
2
Notational Conventions
The notational conventions used in the instructions included in this chapter are
described below:
The mnemonics are expressed in a regular expression-type syntax.
When a group of letters is separated from other letters by a bar (|) within
square brackets or curly braces, then the group of letters between the bars or
between a bar and a closing bracket or brace is considered an atomic unit.
For example, fld[lst] means fldl, flds, or fldt; fst{ls} means fst,
fstl, or fsts; and fild{l|ll} means fild, fildl, or fildll.
Square brackets ([]) denote choices, but at least one is required.
Alternatives enclosed within curly braces ({}) denote that you can use one
or none of them
The vertical bar separates different suffixes for operators or operands. For
example, the following indicates that an
8-, 16-, or 32-bit immediate value is
permitted in an instruction:
imm[8|16|32]
The SunOS operators are built from the Intel operators by adding suffixes to
them. The 80387, 80486 deals with three data types: integer, packed decimal,
and real.
The SunOS assembler is not typed; the operator has to carry with it the type
of data item it is operating on. If the operation is on an integer, the following
suffixes apply: none for Intel’s short(16 bits), l for Intel’s long (32 bits),
and ll for Intel’s longlong(64 bits). If the operator applies to reals, then: s
is short (32 bits), l is long (64 bits), and t is temporary real(80 bits).
reg[8|16|32] defines a general-purpose register, where each number
indicates one of the following:
32: %eax, %ecx, %edx, %ebx, %esi, %edi, %ebp, %esp
16: %ax, %cx, %dx, %bx, %si, %di, %bp, %sp
8: %al, %ah, %cl, %ch, %dl, %dh, %bl, %bh
Instruction-Set Mapping
23
2
imm[8|16|32|48] — an immediate value. You define immediate values
using the regular expression syntax previously described (see also
Expressions and Immediate Values on page 210). If there is a choice between
operand sizes, the assembler will choose the smallest representation.
mem[8|16|32|48|64|80] — a memory operand; the 8, 16, 32, 48, 64, and
80 suffixes represent byte, word, long (or float), inter-segment, double, and
long double memory address quantities, respectively.
creg a control register; the control registers are: %cr0, %cr2, %cr3, or
%cr4.
r/m[8|16|32] is a general-purpose register or memory operand; the
operand type is determined from the suffix. They are: 8 = byte, 16 = word,
and 32 = long. The registers for each operand size are the same as
reg[8|16|32] above.
dreg is a debug register; the debug registers are: %db0, %db1, %db2, %db3,
%db6, %db7.
sreg is a segment register. The 16-bit segment registers are: %cs, %ds, %ss,
%es, %fs, and %gs.
treg is a test register. The test registers are: %tr6 and %tr7.
freg is floating-point registers %st (%st(0)), %st(1) - %st(7).
An instruction can act on zero or more operands. An operand can be any of
the following:
an immediate operand (in the instruction itself)
a register (32-bit genera, segment, or status/instruction register), (16-bit
word register), and (8-bit byte register).
a pointer to a memory location.
an I/O port
Instruction syntax is:
operand1 operand2
where operand1 and operand2 are operated on and the result stored in
operand2. The arrow shows the direction. The direction is opposite of
that described in the Intel Corporation i486 Microprocessor Programmer’s
Reference Manual.
24
x86 Assembly Language Reference Manual—November 1995
2
disp[8|32] — the number of bits used to define the distance of a relative
jump; because the assembler only supports a 32-bit address space, only 8-bit
sign extended and 32-bit addresses are supported.
immPtr — an immediate pointer; when the immediate form of a long call or
a long jump is used, the selector and offset are encoded as an immediate
pointer. An immediate pointer consists of $imm16, $imm32 where the first
immediate value represents the segment and the second represents the
offset.
cc — condition codes; the 30 condition codes are:
Table 2-1
Condition Codes
a
above
ae
above or equal
b
below
be
below or equal
c
carry
e
equal
g
greater
ge
greater than or equal to
l
less than
le
less than or equal to
na
not above
nae
not above or equal to
nb
not below
nbe
not below or equal to
nc
not carry
ne
not equal
ng
not greater than
nge
not greater than or equal to
nl
not less than
nle
not less than or equal to
Instruction-Set Mapping
25
2
Table 2-1
Condition Codes (Continued)
no
not overflow
np
not parity
ns
not sign
nz
not zero
o
overflow
p
parity
pe
parity even
po
parity odd
s
sign
z
zero
References
This document presumes that you are familiar with the manner in which the
Intel instruction sets function. For more information on specific instruction
descriptions, please refer to the Intel Corporation i486 Microprocessor
Programmer’s Reference Manual.
Segment Register Instructions
The following are the segment register instructions supported by the x86
processor.
Load Full Pointer (lds,les, lfs, lgs, and lss)
lds{wl} mem[32|48], reg[16|32]
les{wl} mem[32|48], reg[16|32]
lfs{wl} mem[32|48], reg[16|32]
lgs{wl} mem[32|48], reg[16|32]
lss{wl} mem[32|48], reg[16|32]
Operation
mem[32|48] reg[16|32]
26
x86 Assembly Language Reference Manual—November 1995
2
Description
Reads a full pointer from memory and stores it in the specified segment
register (DS, ES, FS, GS or SS) with a 16- or 32-bit offset value.
Example
Load a 16-bit pointer from memory location 0x44444444 into the DX register:
ldsw 0x44444444, %dx
Load a 32-bit pointer from memory location 0x33333333 into the EDX
register:
ldsl 0x33333333, %edx
Pop Stack into Word (pop)
pop{wl}
r/m[16|32]
pop{l}
[%ds|%ss|%es|%fs|%gs]
Operation
stack r/m[16|32]
stack segment register
Description
Replaces the previous contents of the register or memory operand with a
word or long from the top of the stack.
Replaces the previous contents of the segment register operand with a long.
For a word, SP + 2; for a long, SP + 4.
Instruction-Set Mapping
27
2
Example
Replace the contents of the memory location pointed to by the EDI register,
plus an offset of 4, with the word from the top of the stack:
popw 4(edi)
Replace the contents of the memory location pointed to by the EAX register
with the long from the top of the stack:
popl %eax
Push Word/Long onto Stack (push)
push{wl}r/m[16|32]
push{wl}imm[8|16|32]
push{l} [%cs|%ds|%ss|%es|%fs|%gs]
Operation
r/m[16|32] stack
segment register stack
Description
For a word, SP - 2; for a long, SP - 4. Replaces the new top of stack, pointed
to by SP, with the register, memory, immediate, or segment register operand.
28
x86 Assembly Language Reference Manual—November 1995
2
Example
Replaces the new top of stack with the 16-bit immediate value, -126:
pushw $-126
Replaces the new top of stack with the 32-bit immediate value, 23456789:
pushl $23456789
Replaces the new top of stack with the content of the AX register:
pushw %ax
Replaces the new top of stack with the content of the EBX register:
pushl %ebx
I/O Instructions
Input from Port (in, ins)
in{bwl} imm8
in{bwl}
(%dx)
ins{bwl}
Operation
imm[8|16|32] [AL|AX|EAX]
DX [AL|AX|EAX]
DX ES:(E)DI
Instruction-Set Mapping
29
2
Description
in transfers a byte, word, or long from the immediate port into the byte,
word, or long memory address pointed to by the AL, AX, or EAX register,
respectively.
The second form of the in instruction transfers a byte, word, or long from a
port (0 to 65535), specified in the DX register, into the byte, word, or long
memory address pointed to by the AL, AX, or EAX register, respectively.
When an 8-bit port is specified, the upper-eight bits of the port address will
be 0.
The ins instruction transfers a string from a port specified in the DX register
to the memory byte or word pointed to by the ES:destination index. Load
the desired port number into the DX register and the desired destination
address into the DI or EDI index register before executing the ins
instruction. After a transfer occurs, the destination-index register is
automatically incremented or decremented as determined by the value of
the direction flag (DF). The index register is incremented if DF = 0 (DF
cleared by a cld instruction); it is decremented if DF = 1 (DF set by a std
instruction). The increment or decrement count is 1 for a byte transfer, 2 for
a word, and 4 for a long. Use the rep prefix with the ins instruction for a
block transfer of CX bytes or words.
Example
Transfer an immediate 8-bit port address into the AL register:
inb $0xff
Transfer a 16-bit port address, specified in the DX register, into the AX
register:
inw (%dx)
Transfer a string from the port address, specified in the DX register, into the
ES:destination index register:
insl
30
x86 Assembly Language Reference Manual—November 1995
2
Output from Port (out, outs)
out{bwl} imm8
out{bwl} (%dx)
outs{bwl}
Operation
[AL|AX|EAX] imm[8|16|32]
[AL|AX|EAX] DX
ES:(E)DI DX
Description
Transfers a byte, word, or long from the memory address pointed to by the
content of the AL, AX, or EAX register to the immediate 8-, 16-, or 32-bit
port address.
The second form of the out instruction transfers a byte, word, or long from
the AL, AX, or EAX registers respectively to a port (0 to 65535), specified by
the DX register.
The outs instruction transfers a string from the memory byte or word
pointed to by the ES:source index to the port addressed in the DX register.
Load the desired port number into the DX register and the desired source
address into the SI or ESI index register before executing the outs
instruction. After a transfer occurs, the destination-index register is
automatically incremented or decremented as determined by the value of
the direction flag (DF). The index register is incremented if DF = 0 (DF
cleared by a cld instruction); it is decremented if DF = 1 (DF set by a std
instruction). The increment or decrement count is 1 for a byte transfer, 2 for
a word, and 4 for a long. Use the rep prefix with the outs instruction for a
block transfer of CX bytes or words.
Instruction-Set Mapping
31
2
Example
Transfer a word from the AX register into the 16-bit port address, 0xff:
outw $0xff
Transfer a long from the EAX register into the 32-bit port address specified
by the DX register:
outl (%dx)
Transfer a string from the memory byte or word pointed to by the ES:source
index to the port addressed in the DX register:
outsl
Flag Instructions
Load Flags into AH Register (lahf)
lahf
Operation
SF:ZF:xx:AF:xx:PF:xx:CF
AH
Description
Transfers the low byte of the flags word to the AH register. The bits (lsb to
msb) are: sign, zero, indeterminate, auxiliary carry, indeterminate, parity,
indeterminate, and carry.
Example
Transfer the flags word into the AH register:
lahf
32
x86 Assembly Language Reference Manual—November 1995
2
Store AH into Flags (sahf)
sahf
Operation
AH SF:ZF:xx:AF:xx:PF:xx:CF
Description
Loads flags (sign, zero, indeterminate, auxiliary carry, indeterminate, parity,
indeterminate, and carry) with values from the AH register.
Example
Load values from the AH register into the flags word:
sahf
Pop Stack into Flag (popf)
popf{wl}
Operation
stack flags register
Description
Pops the word or long from the top of the stack and stores the value in the
flags register. Stores a word in FLAGS; stores a long in EFLAGS.
Instruction-Set Mapping
33
2
Example
Pops the word from the top of the stack and stores it in the flags register:
popfw
Pops the long from the top of the stack and stores it in the eflags register:
popfl
Push Flag Register Onto Stack (pushf)
pushf{wl}
Operation
flags register stack
Description
For a word, SP - 2 and copies FLAGS to the new top of stack pointed to by
SP. For a long, SP - 4 and copies EFLAGS to the new top of stack pointed to
by SS:eSP.
Example
Pushes the flags register onto the top of the stack:
pushfw
Pushes the eflags register onto the top of the stack:
pushfl
34
x86 Assembly Language Reference Manual—November 1995
2
Complement Carry Flag (cmc)
cmc
Operation
not CF CF
Description
Reverses the setting of the carry flag; affects no other flags.
Example
Reverse the setting of the carry flag:
cmc
Clear Carry Flag (clc)
clc
Operation
0 CF
Description
Sets the carry flag to zero; affects no other flags.
Example
Clear the carry flag:
clc
Instruction-Set Mapping
35
2
Set Carry Flag (stc)
stc
Operation
1 CF
Description
Sets the carry flag to 1.
Example
Set the carry flag:
stc
Clear Interrupt Flag (cli)
cli
Operation
0 IF
Description
Clears the interrupt flag if the current privilege level is at least as privileged
as IOPL; affects no other flags. External interrupts disabled at the end of the
cli instruction or from that point on until the interrupt flag is set.
Example
Clear the interrupt flag:
cli
36
x86 Assembly Language Reference Manual—November 1995
2
Set Interrupt Flag (sti)
sti
Operation
1 IF
Description
Sets the interrupt flag to 1.
Example
Set the interrupt flag:
sti
Clear Direction Flag (cld)
cld
Operation
0 DF
Description
Clears the direction flag; affects no other flags or registers. Causes all
subsequent string operations to increment the index registers, (E)SI and/or
(E)DI, used during the operation.
Example
Clear the direction flag:
cld
Instruction-Set Mapping
37
2
Set Direction Flag (std)
std
Operation
1 DF
Description
Sets the direction flag to 1, causing all subsequent string operations to
decrement the index registers, (E)SI and/or (E)DI, used during the
operation.
Example
Set the direction flag:
std
Arithmetic Logical Instructions
Integer Addition (add)
add{bwl} reg[8|16|32], r/m[8|16|32]
add{bwl} r/m[8|16|32], reg[8|16|32]
add{bwl} imm[8|16|32], r/m[8|16|32]
Operation
reg[8|16|32] + r/m[8|16|32] r/m[8|16|32]
r/m[8|16|32] + reg[8|16|32] reg[8|16|32]
imm[8|16|32] + r/m[8|16|32] r/m[8|16|32]
38
x86 Assembly Language Reference Manual—November 1995
2
Description
Integer adds operand1 to operand2 and stores the result in operand2.
When an immediate byte is added to a word or long, the immediate value is
sign-extended to the size of the word or long operand.
If you wish to decimal adjust (daa) or ASCII adjust (aaa) the add result, use
the form of add that stores the result in AL.
Example
Integer adds the 8-bit constant, -126, to the content of the AL register:
addb $-126,%al
Integer adds the word contained in the effective address (addressed by the
EDI register plus an offset of 4) to the content of the DX register:
addw 4(%edi),%dx
Integer adds the content of the EDX register to the effective address
(addressed by the EDI register plus an offset of 4):
addl %edx, 4(%edi)
Integer Add With Carry (adc)
adc{bwl} reg[8|16|32], r/m[8|16|32]
adc{bwl} r/m[8|16|32], reg[8|16|32]
adc{bwl} imm[8|16|32], r/m[8|16|32]
Operation
(reg[8|16|32] + CF) + r/m[8|16|32] r/m[8|16|32]
(r/m[8|16|32] + CF) + reg[8|16|32] reg[8|16|32]
(imm[8|16|32] + CF) + r/m[8|16|32] r/m[8|16|32]
Instruction-Set Mapping
39
2
Description
Integer adds operand1 and the carry flag to operand2 and stores the result
in operand2. adc is typically executed as part of a multi-byte or multi-word
add operation. When an immediate byte is added to a word or long, the
immediate value is sign-extended to the size of the word or long operand.
Example
Integer add the 8-bit content of the effective memory address (ESI register
plus an offset of 1) and the carry flag to the content of the address in the CL
register:
adcb 1(%esi), %cl
Integer add the 16-bit content of the effective memory address (EDI register
plus an offset of 4) and the carry flag to the content of the address in the DX
register:
adcw 4(%edi), %dx
Integer add the 32-bit content of the address in the EDX register and the
carry flag to the effective memory address (EDI register plus an offset of 4):
adcl %edx, 4(%edi)
Integer Subtraction (sub)
sub{bwl} reg[8|16|32], r/m[8|16|32]
sub{bwl} r/m[8|16|32], reg[8|16|32]
sub{bwl} imm[8|16|32], r/m[8|16|32]
Operation
r/m[8|16|32] reg[8|16|32]
r/m[8|16|32]
reg[8|16|32] r/m[8|16|32]
reg[8|16|32]
r/m[8|16|32] imm[8|16|32] r/m[8|16|32]
40
x86 Assembly Language Reference Manual—November 1995
2
Description
Subtracts operand1 from operand2 and stores the result in operand2. When
an immediate byte value is subtracted from a word, the immediate value is
sign-extended to the size of the word operand before the subtract operation
is executed.
If you wish to decimal adjust (das) or ASCII adjust (aas) the sub result, use
the form of sub that stores the result in AL.
Example
Integer subtract the 8-bit constant, -126, from the content of the effective
address (addressed by the ESI register plus an offset of 1):
subb $-126, 1(%esi)
Integer subtract the 16-bit constant, 1234, from the content of the effective
address (addressed by the EDI register plus an offset of 4):
subw $1234, 4(%edi)
Integer subtract the 32-bit content of the EDX register from the effective
address (addressed by the EDI register plus an offset of 4):
subl %edx, 4(%edi)
Integer Subtraction With Borrow (sbb)
sbb{bwl} reg[8|16|32], r/m[8|16|32]
sbb{bwl} r/m[8|16|32], reg[8|16|32]
sbb{bwl} imm[8|16|32], r/m[8|16|32]
Operation
r/m[8|16|32] (reg[8|16|32] + CF)
r/m[8|16|32]
reg[8|16|32] (r/m[8|16|32] + CF)
reg[8|16|32]
r/m[8|16|32] (imm[8|16|32] + CF) r/m[8|16|32]
Instruction-Set Mapping
41
2
Description
Subtracts (operand1 and the carry flag) from operand2 and stores the result
in operand2. When an immediate byte value is subtracted from a word, the
immediate value is sign-extended to the size of the word operand before the
subtract operation is executed.
Example
Integer subtract the 8-bit content of the CL register plus the carry flag from
the effective address (addressed by the ESI register plus an offset of 1):
sbbb %cl, 1(%esi)
Integer subtract the 16-bit constant, -126, plus the carry flag from the AL
register:
sbbw $-126, %al
Integer subtract the 32-bit constant, 12345678, plus the carry flag from the
effective address (addressed by the EDI register plus an offset of 4):
sbbl $12345678, 4(%edi)
Compare Two Operands (cmp)
cmp{bwl} reg[8|16|32], r/m[8|16|32]
cmp{bwl} r/m[8|16|32], reg[8|16|32]
cmp{bwl} imm[8|16|32], r/m[8|16|32]
Operation
r/m[8|16|32] reg[8|16|32]
reg[8|16|32] r/m[8|16|32]
r/m[8|16|32] imm[8|16|32]
42
x86 Assembly Language Reference Manual—November 1995
2
Description
Subtracts operand1 from operand2, but does not store the result; only
changes the flags. cmp is typically executed in conjunction with conditional
jumps and the setcc instruction. If an operand greater than one byte is
compared to an immediate byte, the immediate byte value is first sign-
extended.
Example
Compare the 8-bit constant, 0xff, with the content of the AL register:
cmpb $0xff, %al
Compare the 16-bit content of the DX register with the effective address
(addressed by the EDI register plus an offset of 4):
cmpw %dx, 4(%edi)
Compare the 32-bit content of the effective address (addressed by the EDI
register plus an offset of 4) to the EDX register:
cmpl 4(%edi), %edx
Increment by 1 (inc)
inc{bwl} r/m[8|16|32]
Operation
r/m[8|16|32] + 1 r/m[8|16|32]
Description
Adds 1 to the operand and does not change the carry flag. Use the add
instruction with an immediate value of 1 to change the carry flag,.
Instruction-Set Mapping
43
2
Example
Add 1 to the contents of the byte at the effective address (addressed by the
ESI register plus an offset of 1):
incb 1(%esi)
Add 1 to the 16-bit contents of the AX register:
incw %ax
Add 1 to the 32-bit contents at the effective address (addressed by the EDI
register):
incl 4(%edi)
Decrease by 1 (dec)
dec{bwl}r/m[8|16|32]
Operation
r/m[8|16|32] 1 r/m[8|16|32]
Description
Subtracts 1 from the operand. Does not change the carry flag. To change the
carry flag, use the sub instruction with an immediate value of 1.
44
x86 Assembly Language Reference Manual—November 1995
2
Example
Subtract 1 from the 8-bit contents of the effective address (addressed by the
ESI register plus an offset of 1):
decb 1(%esi)
Subtract 1 from the 16-bit contents of the BX register:
decw %bx
Subtract 1 from the 32-bit contents of the effective address (addressed by the
EDI register plus an offset of 4):
decl 4(%edi)
Logical Comparison or Test (test)
test{bwl}reg[8|16|32], r/m[8|16|32]
test{bwl}r/m[8|16|32], reg[8|16|32]
test{bwl}imm[8|16|32], r/m[8|16|32]
Operation
reg[8|16|32] and r/m[8|16|32] r/m[8|16|32]
r/m[8|16|32] and reg[8|16|32] reg[8|16|32]
imm[8|16|32] and r/m[8|16|32] r/m[8|16|32]
Description
Performs a bit-wise logical AND of the two operands. The result of a bit-
wise logical AND is 1 if the value of that bit in both operands is 1;
otherwise, the result is 0. test discards the results and modifies the flags.
The OF and CF flags are cleared; SF, ZF and PF flags are set according to the
result.
Instruction-Set Mapping
45
2
Example
Perform a logical AND of the constant, 0xff, and the 8-bit contents of the
effective address (addressed by the ESI register plus an offset of 1):
testb $0xff, 1(%esi)
Perform a logical AND of the 16-bit contents of the DX register and the
contents of the effective address (addressed by the EDI register plus an
offset of 4):
testw %dx, 4(%edi)
Perform a logical AND of the constant, 0xffeeddcc, and the 32-bit contents
of the effective address (addressed by the EDI register plus an offset of 4):
testl $0xffeeddcc, 4(%edi)
Shift (sal, shl, sar, shr)
sal{bwl} imm8, r/m[8|16|32]
sal{bwl} %cl, r/m[8|16|32]
shl{bwl} imm8, r/m[8|16|32]
shl{bwl} %cl, r/m[8|16|32]
sar{bwl} imm8, r/m[8|16|32]
sar{bwl} %cl, r/m[8|16|32]
shr{bwl} imm8, r/m[8|16|32]
shr{bwl} %cl, r/m[8|16|32]
Operation
shift-left r/m[8|16|32] by imm8 r/m[8|16|32]
shift-left r/m[8|16|32] by %cl r/m[8|16|32]
shift-right r/m[8|16|32] by imm8 r/m[8|16|32]
shift-right r/m[8|16|32] by %cl r/m[8|16|32]
46
x86 Assembly Language Reference Manual—November 1995
2
Description
sal (or its synonym shl) left shifts (multiplies) a byte, word, or long value
for a count specified by an immediate value and stores the product in that
byte, word, or long respectively. The second variation left shifts by a count
value specified in the CL register. The high-order bit is shifted into the carry
flag; the low-order bit is set to 0.
sar right shifts (signed divides) a byte, word, or long value for a count
specified by an immediate value and stores the quotient in that byte, word,
or long respectively. The second variation right shifts by a count value
specified in the CL register. sar rounds toward negative infinity; the high-
order bit remains unchanged.
shr right shifts (unsigned divides) a byte, word, or long value for a count
specified by an immediate value and stores the quotient in that byte, word,
or long respectively. The second variation divides by a count value specified
in the CL register. shr sets the high-order bit to 0.
Example
Right shift, count specified by the constant (253), the 8-bit contents of the
effective address (addressed by the ESI register plus an offset of 1):
sarb $253, 1(%esi)
Right shift, count specified by the contents of the CL register, the 16-bit
contents of the effective address (addressed by the EDI register plus an
offset of 4):
shrw %cl, 4(%edi)
Left shift, count specified by the constant (253), the 32-bit contents of the
effective address (addressed by the EDI register plus an offset of 4):
shll $253, 4(%edi)
Instruction-Set Mapping
47
2
Double Precision Shift Left (shld)
shld{wl}imm8, reg[16|32], r/m[16|32]
shld{wl}%cl, reg[16|32], r/m[16|32]
Operation
by imm8 shift-left r/m[16|32] bits reg[16|32] r/m[16|32]
by reg[16|32] shift-left r/m[16|32] bits r/m[16|32] r/m[16|32]
Description
shld double-precision left shifts a 16- or 32-bit register value into a word or
long for the count specified by an immediate value, MODULO 32 (0 to 31).
The result is stored in that particular word or long.
The second variation of shld double-precision left shifts a 16- or 32-bit
register or memory value into a word or long for the count specified by
register CL MODULO 32 (0 to 31).The result is stored in that particular
word or long.
shld sets the SF, ZF, and PF flags according to the value of the result; CS is
set to the value of the last bit shifted out; OF and AF are undefined.
Example
Use the count specified by the constant, 253, to double-precision left shift a
16-bit register value from the DX register to the effective address (addressed
by the EDI register plus an offset of 4):
shldw $253, %dx, 4(%edi)
Use the count specified (%CL MOD 32) by the 32-bit EDX register to double-
precision left shift a 32-bit memory value at the effective address (addressed
by the EDI register plus an offset of 4):
shldl %cl,%edx, 4(%edi)
48
x86 Assembly Language Reference Manual—November 1995
2
Double Precision Shift Right (shrd)
shrd{wl}imm8, reg[16|32], r/m[16|32]
shrd{wl}%cl, reg[16|32], r/m[16|32]
Operation
by imm8 shift-right r/m[16|32] bits reg[16|32] r/m[16|32]
by reg[16|32] shift-right r/m[16|32] bits r/m[16|32] r/m[16|32]
Description
shrd double-precision right shifts a 16- or 32-bit register value into a word
or long for the count specified by an immediate value MODULO 32 (0 to
31). The result is stored in that particular word or long.
The second variation of shrd double-precision right shifts a 16- or 32-bit
register or memory value into a word or long for the count specified by
register CL MODULO 32 (0 to 31).The result is stored in that particular
word or long.
shrd sets the SF, ZF, and PF flags according to the value of the result; CS is
set to the value of the last bit shifted out; OF and AF are undefined.
Example
Use the count specified by the constant, 253, to double-precision right shift a
16-bit register value from the DX register to the effective address (addressed
by the EDI register plus an offset of 4):
shrdw $253, %dx, 4(%edi)
Use the count specified (%CL MOD 32) by the 32-bit EDX register to
double-precision right shift a 32-bit memory value at the effective address
(addressed by the EDI register plus an offset of 4)
shrdl %cl,%edx, 4(%edi)
Instruction-Set Mapping
49
2
One’s Complement Negation (not)
not{bwl} r/m[8|16|32]
Operation
not r/m[8|16|32] r/m[8|16|32]
Description
Inverts each bit value of the byte, word, or long; that is, every 1 becomes a 0
and every 0 becomes a 1.
Example
Invert each of the 8-bit values at the effective address (addressed by the ESI
register plus an offset of 1):
notb 1(%esi)
Invert each of the 16-bit values at the effective address (addressed by the
EDI register plus an offset of 4):
notw 4(%edi)
Invert each of the 32-bit values at the effective address (addressed by the
EDI register plus an offset of 4):
notl 4(%edi)
Two’s Complement Negation (neg)
neg{bwl} r/m[8|16|32]
Operation
two’s-complement r/m[8|16|32] r/m[8|16|32]
50
x86 Assembly Language Reference Manual—November 1995
2
Description
Replace the value of the byte, word, or long with its two’s complement; that
is, neg subtracts the byte, word, or long value from 0, and puts the result in
the byte, word, or long respectively.
neg sets the carry flag to 1, unless initial value of the byte, word, or long is
0. In this case neg clears the carry flag to 0.
Example
Replace the 8-bit contents of the effective address (addressed by the ESI
register plus an offset of 1) with its two’s complement:
negb 1(%esi)
Replace the 16-bit contents of the effective address (addressed by the EDI
register plus an offset of 4) with its two’s complement:
negw 4(%edi)
Replace the 32-bit contents of the effective address (addressed by the EDI
register plus an offset of 4) with its two’s complement:
negl 4(%edi)
Check Array Index Against Bounds (bound)
bound{wl}reg[16|32], r/m[16|32]
Operation
r/m[16|32] bound reg[16|32] CC is unchanged
Instruction-Set Mapping
51
2
Description
Ensures that a signed array index (16- or 32-bit register) value falls within
the upper and lower bounds of a block of memory. The upper and lower
bounds are specified by a 16- or 32-bit register or memory value. If the
signed array index value is not within the bounds, an Interrupt 5 occurs; the
return EIP points to the bound instruction.
Example
Check the 16-bit signed array index value in the AX register against the
doubleword with the upper and lower bounds specified by DX:
boundw %ax, %dx
Check the 32-bit signed array index value in the EAX register against the
doubleword with the upper and lower bounds specified by EDX:
boundl %eax, %edx
Logical And (and)
and{bwl} reg[8|16|32], r/m[8|16|32]
and{bwl} r/m[8|16|32], reg[8|16|32]
and{bwl} imm[8|16|32], r/m[8|16|32]
Operation
reg[8|16|32] land r/m[8|16|32] r/m[8|16|32]
r/m[8|16|32] land reg[8|16|32] reg[8|16|32]
imm[8|16|32] land r/m[8|16|32] r/m[8|16|32]
52
x86 Assembly Language Reference Manual—November 1995
2
Description
Performs a logical AND of each bit in the values specified by the two
operands and stores the result in the second operand.
Table 2-2
Logical AND
Values
Result
0 LAND 0
0
0 LAND 1
0
1 LAND 0
0
1 LAND 1
1
Example
Perform an 8-bit logical AND of the CL register and the contents of the
effective address (addressed by the ESI register plus an offset of 1):
andb %cl, 1(%esi)
Perform a 16-bit logical AND of the constant, 0xffee, and the contents of the
effective address (addressed by the AX register):
andw $0xffee, %ax
Perform a 32-bit logical AND of the contents of the effective address
(addressed by the EDI register plus an offset of 4) and the EDX register:
andl 4(%edi), %edx
Instruction-Set Mapping
53
2
Logical Inclusive OR (or)
or{bwl} reg[8|16|32], r/m[8|16|32]
or{bwl} r/m[8|16|32], reg[8|16|32]
or{bwl} imm[8|16|32], r/m[8|16|32]
Operation
reg[8|16|32] LOR r/m[8|16|32] r/m[8|16|32]
r/m[8|16|32] LOR reg[8|16|32] reg[8|16|32]
imm[8|16|32] LOR r/m[8|16|32] r/m[8|16|32]
Description
Performs a logical OR of each bit in the values specified by the two
operands and stores the result in the second operand.
Table 2-3
Inclusive OR
Values
Result
0 LOR 0
0
0 LOR 1
1
1 LOR 0
1
1 LOR 1
1
54
x86 Assembly Language Reference Manual—November 1995
2
Example
Perform an 8-bit logical OR of the constant, 0xff, and the AL register:
orb $0xff, %al
Perform a 16-bit logical OR of the constant, 0xff83, and the contents of the
effective address (addressed by the EDI register plus an offset of 4):
orw $0xff83, 4(%edi)
Perform a 32-bit logical OR of the EDX register and the contents of the
effective address (addressed by the EDI register plus an offset of 4):
orl %edx, 4(%edi)
Logical Exclusive OR (xor)
xor{bwl} reg[8|16|32], r/m[8|16|32]
xor{bwl} r/m[8|16|32], reg[8|16|32]
xor{bwl} imm[8|16|32], r/m[8|16|32]
Operation
reg[8|16|32] XOR r/m[8|16|32] r/m[8|16|32]
r/m[8|16|32] XOR reg[8|16|32] reg[8|16|32]
imm[8|16|32] XOR r/m[8|16|32] r/m[8|16|32]
Instruction-Set Mapping
55
2
Description
Performs an exclusive OR of each bit in the values specified by the two
operands and stores the result in the second operand.
Table 2-4
Exclusive XOR
Values
Result
0 XOR 0
0
0 XOR 1
1
1 XOR 0
1
1 XOR 1
0
Example
Perform a 8-bit exclusive OR of the constant, 0xff, and the AL register:
xorb $0xff, %al
Perform a 16-bit exclusive OR of the constant, 0xff83, and the contents of the
effective address (addressed by the EDI register plus an offset of 4):
xorw $0xff83, 4(%edi)
Perform a 32-bit exclusive OR of the EDX register and the contents of the
effective address (addressed by the EDI register plus an offset of 4):
xorl %edx, 4(%edi)
Multiply and Divide Instructions
When the type suffix is not included in a multiply or divide instruction, it
defaults to a long.
56
x86 Assembly Language Reference Manual—November 1995
2
Signed Multiply (imul)
imulb r/m8
imulw r/m16
imul{l} r/m32
imul{wl}r/m[16|32], reg[16|32]
imul{bwl}imm[16|32], r/m[16|32], reg[16|32]
Operation
r/m8 × AL AX
r/m16 × AX DX:AX
r/m32 × EAX EDX:EAX
r/m[16|32] × reg[16|32] reg|16|32]
imm[16|32] × r/m[16|32] reg|16|32]
Description
The single-operand form of imul executes a signed multiply of a byte,
word, or long by the contents of the AL, AX, or EAX register and stores the
product in the AX, DX:AX or EDX:EAX register respectively.
The two-operand form of imul executes a signed multiply of a register or
memory word or long by a register word or long and stores the product in
that register word or long.
The three-operand form of imul executes a signed multiply of a 16- or 32-
bit immediate by a register or memory word or long and stores the product
in a specified register word or long.
imul clears the overflow and carry flags under the following conditions:
Table 2-5
Clearing OF and CF flags — imul
Instruction Form
Condition for Clearing OF and CF
r/m8 × AL AX
AL = sign-extend of AL to 16 bits
r/m16 × AX DX:AX
AX= sign-extend of AX to 32 bits
r/m32 × EAX EDX:EAX
EDX:EAX= sign-extend of EAX to 32 bits
r/m[16|32] × reg[16|32] reg|16|32]
Product fits exactly within reg[16|32]
imm[16|32] × r/m[16|32] reg|16|32]
Product fits exactly within reg[16|32]
Instruction-Set Mapping
57
2
Example
Perform an 8-bit signed multiply of the AL register and the contents of the
effective address (addressed by the ESI register plus an offset of 1):
imulb 1(%esi)
Perform a 16-bit signed multiply of the constant, -126, and the contents of
the effective address (addressed by the EDI register plus an offset of 4).
Store the result in the DX register:
imulw $-126, 4(%edi), %dx
Perform a 32-bit signed multiply of the constant, 12345678, and the contents
of the effective address (addressed by the EDI register plus an offset of 4).
Store the result in the EDX register:
imull $12345678, 4(%edi), %edx
Unsigned Multiplication of AL, AX or EAX(mul)
mul{bwl} r/m[8|16|32]
Operation
r/m8 × AL AX
r/m16 × AX DX:AX
r/m32 × EAX EDX:EAX
58
x86 Assembly Language Reference Manual—November 1995
2
Description
mul executes a unsigned multiply of a byte, word, or long by the contents of
the AL, AX, or EAX register and stores the product in the AX, DX:AX or
EDX:EAX register respectively.
mul clears the overflow and carry flags under the following conditions:
Table 2-6
Clearing OF and CF flags — mul
Instruction Form
Condition for Clearing OF and CF
r/m8 × AL AX
clear to 0 if AH is 0; otherwise, set to 1
r/m16 × AX DX:AX
clear to 0 if DX is 0; otherwise, set to 1
r/m32 × EAX EDX:EAX
clear to 0 if EDX is 0; otherwise, set to 1
Example
Perform an 8-bit unsigned multiply of the AL register and the contents of
the effective address (addressed by the ESI register plus an offset of 1):
mulb 1(%esi)
Perform a 16-bit unsigned multiply of the AL register and the contents of
the effective address (addressed by the EDI register plus an offset of 4):
mulw 4(%edi)
Perform a 32-bit unsigned multiply of the AL register and the contents of
the effective address (addressed by the EDI register plus an offset of 1):
mull 1(%edi)
Instruction-Set Mapping
59
2
Unsigned Divide (div)
div{bwl} r/m[8|16|32]
Operation
AX ÷ r/m8 AL
DX:AX ÷ r/m16 AX
EDX:EAX ÷ r/m32 EAX
Description
div executes unsigned division. div divides a 16-, 32-, or 64-bit register
value (dividend) by a register or memory byte, word, or long (divisor). The
quotient is stored in the AL, AX, or EAX register respectively.
The remainder is stored in AH, Dx, or EDX. The size of the divisor (8-, 16- or
32-bit operand) determines the particular register used as the dividend.
The OF, SF, ZF, AR, PF and CF flags are undefined.
60
x86 Assembly Language Reference Manual—November 1995

 

 

 

 

 

 

 

Content      ..      1      2      3      ..