x86 Assembly Language. Reference Manual (1995) - page 3

 

  Главная      Manuals     x86 Assembly Language. Reference Manual (1995)

 

Search            copyright infringement  

 

 

 

 

 

 

 

 

 

 

 

Content      ..     1      2      3      4      ..

 

 

 

x86 Assembly Language. Reference Manual (1995) - page 3

 

 

2
Example
Perform an 8-bit unsigned divide of the AX register by the contents of the
effective address (addressed by the ESI register plus an offset of 1) and store
the quotient in the AL register, and the remainder in AH:
divb 1(%esi)
Perform a 16-bit unsigned divide of the DX:AX register by the contents of
the effective address (addressed by the EDI register plus an offset of 4) and
store the quotient in the AX register, and the remainder in DX:
divw 4(%edi)
Perform a 32-bit unsigned divide of the EDX:EAX register by the contents of
the effective address (addressed by the EDI register plus an offset of 4) and
store the quotient in the EAX register, and the remainder in EDX:
divl 4(%edi)
Signed Divide (idiv)
idiv{bwl}r/m[8|16|32]
Operation
AX ÷ r/m8 AL
DX:AX ÷ r/m16 AX
EDX:EAX ÷ r/m32 EAX
Instruction-Set Mapping
61
2
Description
idiv executes signed division. idiv divides a 16-, 32-, or 64-bit register
value (dividend) by a register or memory byte, word, or long (divisor). The
size of the divisor (8-, 16- or 32-bit operand) determines the particular
register used as the dividend, quotient, and remainder.
Table 2-7
idiv Register Assignment
Divisor Operand Size
Dividend
Quotient
Remainder
byte
AX
AL
AH
word
DX:AX
AX
DX
long
EDX:EAX
EAX
EDX
If the resulting quotient is too large to fit in the destination, or if the divisor
is 0, an Interrupt 0 is generated. Non-integral quotients are truncated
toward 0. The remainder has the same sign as the dividend; the absolute
value of the remainder is always less than the absolute value of the divisor.
Example
Perform a 16-bit signed divide of the DX:AX register by the contents of the
effective address (addressed by the EDI register plus an offset of 4) and store
the quotient in the AX register
divw 4(%edi)
Conversion Instructions
Convert Byte to Word (cbtw)
cbtw
Operation
sign-extend AL AX
62
x86 Assembly Language Reference Manual—November 1995
2
Description
cbtw converts the signed byte in AL to a signed word in AX by extending
the most-significant bit (sign bit) of AL into all bits of AH.
Example
cbtw
Convert Word to Long (cwtl)
cwtl
Operation
sign-extend AX EAX
Description
cwtl converts the signed word in AX to a signed long in EAX by extending
the most-significant bit (sign bit) of AX into two most-significant bytes of
EAX.
Example
cwtl
Convert Signed Word to Signed Double Word (cwtd)
cwtd
Operation
sign-extend AX DX:AX
Description
cwtd converts the signed word in AX to a signed double word in DX:AX by
extending the most-significant bit (sign bit) of AX into all bits of DX.
Instruction-Set Mapping
63
2
Example
cwtd
Convert Signed Long to Signed Double Long (cltd)
cltd
Operation
sign-extend EAX EDX:EAX
Description
cltd converts the signed long in EAX to a signed double long in EDX:EAX
by extending the most-significant bit (sign bit) of EAX into all bits of EDX.
Example
cltd
Decimal Arithmetic Instructions
Decimal Adjust AL after Addition (daa)
daa
Operation
decimal-adjust AL AL
Description
Use daa only after executing the form of an add instruction that stores a
two-BCD-digit byte result in the AL register. daa then adjusts AL to a two-
digit packed decimal result.
64
x86 Assembly Language Reference Manual—November 1995
2
Example
Decimal adjust the two-BCD-digit in the AL register:
daa
Decimal Adjust AL after Subtraction (das)
das
Operation
decimal-adjust AL AL
Description
Use das only after executing the form of a sub instruction that stores a two-
BCD-digit byte result in the AL register. das then adjusts AL to a two-digit
packed decimal result.
Example
Decimal adjust the two-BCD-digit in the AL register:
das
ASCII Adjust after Addition (aaa)
aaa
Operation
ASCII-adjust AL AL
Instruction-Set Mapping
65
2
Description
You use aaa only after executing the form of an add instruction that stores
a two-BCD-digit byte result in the AL register. aaa then adjusts AL to
contain the correct decimal result. The top nibble of AL is set to 0. To
convert AL to an ASCII result, follow the aaa instruction with:
or %al, 0x30
Table 2-8 shows how aaa handles a carry.
Table 2-8
Handling a Carry
Carry
Action
decimal carry
AH + 1; CF and AF set to 1
no decimal carry
AH unchanged; CF and AF cleared to 0
Example
Adjust the AL register to contain the correct decimal result after an add
instruction that stores a two-BCD-digit byte.
aaa
ASCII Adjust after Subtraction (aas)
aas
Operation
ASCII-adjust AL AL
66
x86 Assembly Language Reference Manual—November 1995
2
Description
Use aas only after executing the form of an add instruction that stores a
two-BCD-digit byte result in the AL register. aas then adjusts AL to contain
the correct decimal result. The top nibble of AL is set to 0. To convert AL to
an ASCII result, follow the aas instruction with:
or %al, 0x30
Table 2-9 shows how aas handles a carry.
Table 2-9
How aas Handles a Carry
Carry
Action
decimal carry
AH - 1; CF and AF set to 1
no decimal carry
AH unchanged; CF and AF cleared to 0
Example
Adjust the AL register to contain the correct decimal result after a sub
instruction that stores a two-BCD-digit byte
aas
ASCII Adjust AX after Multiply (aam)
aam
Operation
AL ÷ 10 AH
mod 10 AL AL
Description
You use aam only after executing a mul instruction between two BCD digits
(unpacked). mul stores the result in the AX register. The result is less than
100 so it can be contained in the AL register (the low byte of the AX
Instruction-Set Mapping
67
2
register). aam unpacks the AL result by dividing AL by 10, stores the
quotient (most-significant digit) in AH, and stores the remainder (least-
significant digit) in AL.
Example
Adjust the AL register to contain the correct decimal result after a mul
instruction between two BCD digits:
aam
ASCII Adjust AX before Division (aad)
aad
Operation
AL + (AH × 10) AL
0 AH
Description
aad prepares two unpacked BCD digits for a division operation that yields
an unpacked result. The least-significant digit is in AL; the most-significant
in AH.
aad prepares the AL and AH registers:
AL + (AH × 10) AL
0 AH
AX is then equal to the binary equivalent of the original unpacked two-digit
BCD number.
68
x86 Assembly Language Reference Manual—November 1995
2
Example
Adjust the AL and AH registers for a division operation by setting the AX
register equal to the original unpacked two-digit number:
aad
Coprocessor Instructions
Wait (wait, fwait)
wait
fwait
Description
wait — processor suspends instruction execution until the BUSY # pin is
inactive (high).
fwait — processor checks for pending unmasked numeric exceptions
before proceeding.
Example
Suspend instruction execution until not BUSY and check for exceptions:
wait
String Instructions
All Intel string op mnemonics default to long.
Instruction-Set Mapping
69
2
Move Data from String to String (movs)
movs{bwl}
movs{bwl} m[8|16|32], reg[16|32]
Operation
move {bwl} [(E)SI] ES: (E)DI]
move {bwl} DS: [(E)SI] ES: [(E)DI]
Description
Copies the byte, word, or long in [(E)SI] to the byte, word, or long in
ES:[(E)DI}. Before executing the move instruction, load the index values into
the SI source- and DI destination-index registers.
The destination operand must be addressable from the ES register; it cannot
span segments. A source operand, however, can span segments; the default
is DS.
After the data is moved, both the source- and destination-index registers are
automatically incremented or decremented as determined by the value of
the direction flag (DF). The index registers are incremented if DF = 0 (DF
cleared by a cld instruction); they are decremented if DF = 1 (DF set by a
std instruction). The increment/decrement count is 1 for a byte move, 2 for
a word, and 4 for a long.
For a block move of CX bytes or words, precede a movs instruction with a
rep prefix.
Example
Copy the 8-bit byte from the DS:[(E)SI] to the ES:[(E)DI] register.
movsb
70
x86 Assembly Language Reference Manual—November 1995
2
Compare String Operands (cmps)
cmps{bwl}
Operation
compare DS:[(E)SI] with ES:[(E)DI]
Description
Compares the byte, word, or long in DS:[(E)SI] with the byte, word, or long
in ES:[(E)DI}. Before executing the cmps instruction, load the index values
into the SI source- and DI destination-index registers.
cmps subtracts the operand indexed by the destination-index from the
operand indexed by the source-index register.
After the data is compared, both the source- and destination-index registers
are automatically incremented or decremented as determined by the value
of the direction flag (DF). The index registers are incremented if DF = 0 (DF
cleared by a cld instruction); they are decremented if DF = 1 (DF set by a
std instruction). The increment/decrement count is 1 for a byte move, 2 for
a word, and 4 for a long.
For a block compare of CX or ECX bytes, words or longs, precede a cmps
instruction with a repz or repnz prefix.
Instruction-Set Mapping
71
2
Example
Compare the 8-bit byte in the DS:[(E)SI] register to the ES:[(E)DI] register.
cmpsb
Compare the 16-bit word in the DS:[(E)SI] register to the ES:[(E)DI] register.
cmpsw
Compare the 32-bit word in the DS:[(E)SI] register to the ES:[(E)DI] register.
cmpsl
Store String Data (stos)
stos{bwl}
Operation
store [AL|AX|EAX] ES:[(E)DI]
Description
Transfers the contents of the AL, AX, or EAX register to the memory byte or
word addressed in the destination register relative to the ES segment. Before
executing the move instruction, load the index values into the DI
destination-index register.
The destination operand must be addressable from the ES register; it cannot
span segments.
After the data is transferred, the destination-index register is automatically
incremented or decremented as determined by the value of the direction flag
(DF). The index registers are incremented if DF = 0 (DF cleared by a cld
72
x86 Assembly Language Reference Manual—November 1995
2
instruction); they are decremented if DF = 1 (DF set by a std instruction).
The increment/decrement count is 1 for a byte move, 2 for a word, and 4 for
a long.
For a block transfer of CX bytes, words or longs, precede a stos instruction
with a rep prefix.
Example
Transfer the contents of the AL register to the memory byte addressed in the
destination register, relative to the ES segment.
stosb
Transfer the contents of the AX register to the memory word addressed in
the destination register, relative to the ES segment
stosw
Transfer the contents of the EAX register to the memory double-word
addressed in the destination register, relative to the ES segment
stosl
The Load String Operand (lods)
lods{bwl}
Operation
load ES:[(E)DI] [AL|AX|EAX]
Instruction-Set Mapping
73
2
Description
Loads the memory byte or word addressed in the destination register into
the AL, AX, or EAX register. Before executing the lods instruction, load the
index values into the SI source-index register.
After the data is loaded, the source-index register is automatically
incremented or decremented as determined by the value of the direction flag
(DF). The index register is incremented if DF = 0 (DF cleared by a cld
instruction); it is decremented if DF = 1 (DF set by a std instruction). The
increment/decrement count is 1 for a byte move, 2 for a word, and 4 for a
long.
For a block transfer of CX bytes, words or longs, precede a lods instruction
with a rep prefix; however, lods is used more typically within a loop
construct where further processing of the data moved into AL, AX, or EAX
is usually required.
Example
Load the memory byte addressed in the destination register, relative to the
ES segment register, into the AL register.
lodsb
Load the memory word addressed in the destination register, relative to the
ES segment register, into the AX register.
lodsw
Load the memory double-word addressed in the destination register,
relative to the ES segment register, into the EAX register.
lodsl
74
x86 Assembly Language Reference Manual—November 1995
2
Compare String Data (scas)
scas{bwl}
Operation
compare ES:[(E)DI] with [AL|AX|EAX]
Description
Compares the memory byte or word addressed in the destination register
relative to the ES segment with the contents of the AL, AX, or EAX register.
The result is discarded; only the flags are set.
Before executing the scas instruction, load the index values into the DI
destination-index register. The destination operand must be addressable
from the ES register; it cannot span segments.
After the data is transferred, the destination-index register is automatically
incremented or decremented as determined by the value of the direction flag
(DF). The index registers are incremented if DF = 0 (DF cleared by a cld
instruction); they are decremented if DF = 1 (DF set by a std instruction).
The increment/decrement count is 1 for a byte move, 2 for a word, and 4 for
a long.
For a block search of CX or ECX bytes, words or longs, precede a scas
instruction with a repz or repnz prefix.
Instruction-Set Mapping
75
2
Example
Compare the memory byte addressed in the destination register, relative to
the ES segment, with the contents of the AL register.
scasb
Compare the memory word addressed in the destination register, relative to
the ES segment, with the contents of the AX register
scasw
Compare the memory byte double-word addressed in the destination
register, relative to the ES segment, with the contents of the EAX register
scasl
Look-Up Translation Table (xlat)
xlat
Operation
set AL to DS:[(E)BX + unsigned AL]
Description
Changes the AL register from the table index to the table entry. AL should
be the unsigned index into a table addressed by DS:BX (16-bit address) or
DS:EBX (32-bit address).
Example
Change the AL register from the table index to the table entry.
xlat
76
x86 Assembly Language Reference Manual—November 1995
2
Repeat String Operation (rep, repnz, repz)
rep
repnz
repz
Operation
repeat string-operation until tested-condition
Description
Use the rep (repeat while equal), repnz (repeat while nonzero) or repz
(repeat while zero) prefixes in conjunction with string operations. Each
prefix causes the associated string instruction to repeat until the count
register (CX) or the zero flag (ZF) matches a tested condition.
Example
Repeat while equal: Copy the 8-bit byte from the DS:[(E)SI] to the ES:[(E)DI]
register.
rep movsb
Repeat while not zero: Compare the memory byte double-word addressed
in the destination register EDL, relative to the ES segment, with the contents
of the EAX register.
repnz scasl
Repeat while zero:Transfer the contents of the EAX register to the memory
double-word addressed in the destination register EDL, relative to the ES
segment.
repz stosl
Instruction-Set Mapping
77
2
Procedure Call and Return Instructions
Far Call — Procedure Call (lcall)
lcall
immptr
lcall
*mem48
Operation
far call ptr16:{16|32}
far call m16:{16|32}
Description
The lcall instruction calls intersegment (far) procedures using a full
pointer. lcall causes the procedure named in the operand to be executed.
When the called procedure completes, execution flow resumes at the
instruction following the lcall instruction (see the return instruction).
lcall ptr16:{16|32} uses a four-byte or six-byte operand as a long pointer
to the called procedure.
lcall m16:{16|32} fetches the long pointer from the specified memory
location.
In Real Address Mode or Virtual 8086 Mode, the long pointer provides 16
bits for the CS register and 16 or 32 bits for the EIP register. Both forms of
the lcall instruction push the CS and IP or EIP registers as a return address.
Example
Use a four-byte operand as a long pointer to the called procedure.
lcall $0xfebc, $0x12345678
Fetch a long pointer from the memory location addressed by the edx
register, offset by 3.
lcall *3(%edx)
78
x86 Assembly Language Reference Manual—November 1995
2
Near Call — Procedure Call (call)
call
disp32
call
*r/m32
Operation
near call rel{16|32}
near call r/m{16|32}
Description
The call instruction calls near procedures using a full pointer. call causes
the procedure named in the operand to be executed. When the called
procedure completes, execution flow resumes at the instruction following
the call instruction (see the return instruction).
call rel{16|32} adds a signed offset to address of the instruction following
the call instruction to determine the destination; that is, the displacement
is relative to the next instruction. The displacement value is stored in the
EIP register. For rel16, the upper 16 bits of EIP are cleared to zero resulting
in an offset value that does not exceed 16 bits.
call r/m{16|32} specifies a register or memory location from which the
absolute segment offset is fetched. The offset of the instruction following the
call instruction is pushed onto the stack. After the procedure completes,
the offset is popped by a near ret instruction within the procedure.
Both forms of the call instruction have no affect on the CS register.
Example
Program counter minus 0x11111111.
call .-0x11111111
Add a signed offset value to the address of the next instruction.
call *4(%edi)
Instruction-Set Mapping
79
2
Return from Procedure (ret)
ret
ret
imm16
Operation
return to caller
Description
The ret instruction transfers control to the return address located on the
stack. This address is usually placed on the stack by a call instruction.
Issue the ret instruction within the called procedure to resume execution
flow at the instruction following the call.
The optional numeric (16- or 32-bit) parameter to ret specifies the number
of stack bytes or words to be released after the return address is popped
from the stack. Typically, these bytes or words are used as input parameters
to the called procedure.
For an intersegment (near) return, the address on the stack is a segment
offset that is popped onto the instruction pointer. The CS register remains
unchanged.
Example
Transfer control to the return address located on the stack.
ret
Transfer control to the return address located on the stack. Release the next
16-bytes of parameters.
ret $-32767
80
x86 Assembly Language Reference Manual—November 1995
2
Long Return (lret)
lret
lret
imm16
Operation
return to caller
Description
The lret instruction transfers control to a return address located on the
stack. This address is usually placed on the stack by an lcall instruction.
Issue the lret instruction within the called procedure to resume execution
flow at the instruction following the call.
The optional numeric (16- or 32-bit) parameter to lret specifies the number
of stack bytes or words to be released after the return address is popped
from the stack. Typically, these bytes or words are used as input parameters
to the called procedure.
For an intersegment (far) return, the address on the stack is a long pointer.
The offset is popped first, followed by the selector.
In Real Mode, CS and IP are loaded directly. In Protected mode, an
intersegment return causes the processor to check the descriptor addressed
by the return selector. The AR byte of the descriptor must indicate a code
segment of equal or lesser privilege (or greater or equal numeric value) than
the current privilege level. Returns to a lesser privilege level cause the stack
to be reloaded from the value saved beyond the parameter block.
Instruction-Set Mapping
81
2
Example
Transfer control to the return address located on the stack.
lret
Transfer control to the return address located on the stack. Release the next
16-bytes of parameters.
lret $-32767
Enter/Make Stack Frame for Procedure Parameters (enter)
enter
imm16, imm8
Operation
make stack frame for procedure parameters
Description
Create the stack frame required by most block-structured high-level
languages. The imm16 operand specifies the number of bytes of dynamic
storage allocated on the stack for the routine being entered. The imm8
operand specifies the lexical nesting level (0 to 31) of the routine within the
high-level language source code. The nesting level determines the number
of stack frame pointers copied into the new stack frame from the preceding
frame.
Example
Create a stack frame with 0xfecd bytes of dynamic storage on the stack and
a nesting level of 0xff.
enter $0xfecd, $0xff
82
x86 Assembly Language Reference Manual—November 1995
2
High Level Procedure Exit (leave)
leave
Operation
set (E)SP to (E)BP, then pop (E)BP
Description
The leave instruction reverses the actions of an enter instruction. leave
copies the frame pointer to the stack point and releases the stack space
formerly used by a procedure for its local variables. leave pops the old
frame pointer into (E)BP, thus restoring the caller’s frame. A subsequent
ret nn instruction removes any arguments pushed onto the stack of the
exiting procedure.
Example
Copy the frame pointer to the stack pointer and release the stack space.
leave
Jump Instructions
Jump if ECX is Zero (jcxz)
jcxz
disp8
Operation
jump to disp8 if (E)CX is 0
Instruction-Set Mapping
83
2
Description
The jcxz instruction tests the contents of the CX or ECX register for 0. jcxz
differs from other conditional jumps that it tests the flags, rather than (E)CX.
jcxz is useful at the beginning of a loop that terminates with a conditional
loop instruction; such as:
loopne .-126
In this case, jcxz tests CX or ECX for 0 prior to entering the loop, thus
executing 0 times:
Example
jcxz .-126
loopne .-126
Loop Control with CX Counter (loop, loopnz, loopz)
loop
disp8
loopnz disp8
loopne disp8
loopz
disp8
loope
disp8
Operation
decrement count; jump to disp8 if count not equal 0
decrement count; jump to disp8 if count not equal 0 and ZF = 0
decrement count; jump to disp8 if count not equal 0 and ZF = 1
84
x86 Assembly Language Reference Manual—November 1995
2
Description
loop decrements the count register; the flags register remains unchanged.
Conditions are checked for by the particular form of loop you used. If the
conditions match, a short jump is made to the address specified by the disp8
operand. The range of the disp8 operand, relative to the current instruction,
is +127 decimal bytes to -128 decimal bytes.
loop instructions provide iteration control and combine loop index
management with conditional branching. Prior to using the loop
instruction, load the count register with an unsigned iteration count. Then,
add the loop instruction at the end of a series of instructions to be iterated.
The disp8 operand points to the beginning of the iterative loop.
Example
Decrement the count register and when the count is not equal to zero, jump
short to the disp8 location.
loopne .-126
Jump (jmp, ljmp)
jmp disp{8|16|32}
jmp *r/m{16|32}
ljmpimmPtr
ljmp*mem48
jcc disp{8|32}
Operation
jump short or near; displacement relative to next instruction
jump far (intersegment; 4- or 6-byte immediate address
jump if condition is met; displacement relative to next instruction
Instruction-Set Mapping
85
2
Description
The jmp instruction transfers execution control to a different point in the
instruction stream; records no return information.
Jumps with destinations of disp[8|16|32] or r/m[16|32] are near jumps and
do not require changes to the segment register value.
jmp rel{16|32} adds a signed offset to the address of the instruction
following the jmp instruction to determine the destination; that is, the
displacement is relative to the next instruction. The displacement value is
stored in the EIP register. For rel16, the upper 16 bits of EIP are cleared to
zero resulting in an offset value not to exceed 16 bits.
ljmp ImmPtr or *mem48 use a four- or six-byte operand as a long pointer to
the destination. In Real Address Mode or Virtual 8086 mode, the long
pointer provides 16 bits for the CS register and 16 or 32 bits for the EIP
register. In Protected mode, both long pointer forms consult the AR (Access
Rights) byte of the descriptor indexed by the selector part of the long
pointer. The jmp performs one of the following control transfers depending
on the value of the AR byte:
A jump to a code segment at the same privilege level
A task switch
Example
Jump to the relative effective address (addressed by the EDI register plus an
offset of 4):
jmp *4(%edi)
Long jump, use 0xfebc for the CS register and 0x12345678 for the EIP
register:
ljmp $0xfebc, $0x12345678
Jump if not equal:
jne .+10
86
x86 Assembly Language Reference Manual—November 1995
2
Interrupt Instructions
Call to Interrupt Procedure (int, into)
int 3
int imm8
into
Operation
interrupt 3 — trap to debugger
interrupt numbered by immediate byte
interrupt 4 — if overflow flag is 1
Description
The int instruction generates a software call to an interrupt handler. The
imm8 (0 to 255) operand specifies an index number into the IDT (Interrupt
Descriptor Table) of the interrupt routine to be called. In Protect Mode, the
IDT consists of an array of 8-byte descriptors; the descriptor for the
interrupt invoked must indicate an interrupt, trap, or task gate. In Real
Instruction-Set Mapping
87
2
Address Mode, the IDT is an array of four byte-long pointers. In Protected
and Real Address Modes, the base linear address of the IDT is defined by
the contents of the IDTR.
The into form of the int instruction implies interrupt 4. The interrupt
occurs only if the overflow flag is set.
The first 32 interrupts are reserved for system use. Some of these interrupts
are used for internally generated exceptions.
The int imm8 form of the interrupt instruction behaves like a far call except
that the flags register is pushed onto the stack before the return address.
Interrupt procedures return via the iret instruction, which pops the flags
and return address from the stack.
In Real Address Mode, the int imm8 pushes the flags, CS, and the return IP
onto the stack, in that order, then jumps to the long pointer indexed by the
interrupt number.
Example
Trap to debugger:
int $3
Trap to interrupt 0xff:
int $0xff
Trap to interrupt 4:
into
88
x86 Assembly Language Reference Manual—November 1995
2
Interrupt Return (iret)
iret
Operation
return routine
Description
In Real Address Mode, iret pops CS, the flags register, and the instruction
pointer from the stack and resumes the routine that was interrupted. In
Protected Mode, the setting of the nested task flag (NT) determines the
action of iret. The IOPL flag register bits are changed when CPL equals 0
and the new flag image is popped from the stack.
iret returns from an interrupt procedure without a task switch if NT
equals 0. Returned code must be equally or less privileged than the
interrupt routine as indicated CS selector RPL bits popped from the stack. If
the returned code is less privileged, iret pops SS and the stack pointer from
the stack.
iret reverses the operation of an INT or CALL that caused the task switch
if NT equals 1.The task executing iret is updated and saved in its task
segment. The code that follows iret is executed if the task is re-entered.
Example
Resume the interrupted routine:
iret
Instruction-Set Mapping
89
2
Protection Model Instructions
Store Local Descriptor Table Register (sldt)
sldtr/m16
Operation
LDTR r/m[16]
Description
The Local Descriptor Table Register (LDTR) is stored by sldt as indicated
by the effective address operand. LDTR is stored into the two-byte register
or the memory location.
sldt is not used in application programs. It is used only in operating
systems.
Example
Store the LDTR in the effective address (addressed by the EBX register plus
and offset of 5):
sldt 5(%ebx)
Store Task Register (str)
str r/m16
Operation
STR r/m(16
Description
The contents of the task register is stored by sldt as indicated by the
effective address operand. STR is stored into the two-byte register or the
memory location.
90
x86 Assembly Language Reference Manual—November 1995
2
Example
Store str in the effective address (addressed by the EBX register plus an
offset of 5):
str 5(%ebx)
Load Local Descriptor Table Register (lldt)
lldt
r/m16
Operation
SELECTOR LDTR
Description
LDTR is loaded by LLDT. The operand (word) contains a selector to a local
GDT (Global Descriptor Table). The descriptor registers are not affected.The
task state segment LDT field does not change.
The LDTR is marked invalid if the selector operand is 0. A #GP fault is
caused by all descriptor references (except LSL VERR, VERW, or LAR
instructions).
LLDT is not used in application programs. It is used in operating systems.
Example
Load the LLDT register from the effective address (addressed by the EBX
register plus and offset of 5):
lldt 5(%ebx)
Instruction-Set Mapping
91
2
Load Task Register (ltr)
ltr r/m16
Operation
r/m16 Task Register
Description
The task register is loaded by LTR from the source register or memory
location specified by the operand. The loaded task state segment is tagged
busy. A task switch does not occur.
Example
Load the TASK register from the effective address (addressed by the EBX
register plus and offset of 5):
ltr 5(%ebx)
Verify a Segment for Reading or Writing (verr, verw)
verr
r/m16
verw
r/m16
Operation
1 ZF (if segment can be read or written)
Description
VERR and VERW contains the value of a selector in the two-byte register or
memory operand. VERR and VERW determine if the indicated segment can
be reached in the current privilege level and whether it is readable (VERR)
or writable (VERW). If the segment can be accessed, the zero flag (ZF) is set
to 1, otherwise the zero flag is set to 0. For the zero flag to be set these
conditions must be met:
The selector denotes a descriptor; the selector is “defined”.
92
x86 Assembly Language Reference Manual—November 1995
2
The selector is a code or data segment; not a task statement, LDT or a gate.
For VERR, the segment must be readable, for VERW, writable.
The descriptor privilege level (DPL) can be any value for VERR. otherwise
the DPL must have the same or less privilege as the current level and the
DPL of the selector.
Validation is performed as if the segment were loaded into DS, ES, FS, or GS
and the indicated write or read performed. The validation results are
indicated by the zero flag. The value of the selector cannot result in an
exception.
Example
Determine if the segment indicated by the effective address (addressed by
the EBX register plus an offset of 5) can be reached in the current privilege
level and whether it is readable (VERR):
verr 5(%ebx)
Store Global/Interrupt Descriptor Table Register (sgdt, sidt)
sgdt
mem48
sidt
mem48
Operation
DTR mem48
Description
The contents of the descriptor table register is copied by sgdt/sidt to the
six bytes of memory specified by the operand. The first word at the effective
address is assigned the LIMIT field of the register. If the operand-size
attribute is 32-bits:
The base field of the register is assigned to the next three bytes.
The fourth byte is written as zero.
Instruction-Set Mapping
93
2
The last byte is undefined.
If the operand-size attribute is 16-bits, the 32-bit BASEfield of the register is
assigned to the next four bytes.
sgdt/sldt are not used in application programs, they are used in
operating systems.
Example
Copy the contents of the Global Descriptor Table Register to the specified
memory location:
sgdt 0x55555555
Copy the contents of the Interrupt Descriptor Table Register to the effective
address (addressed by the EBX register plus an offset of 5):
sidt 5 (%ebx)
Load Global/Interrupt Descriptor Table (lgdt, lidt)
lgdt
mem48
lidt
mem48
Operation
MEM48 GDTR
MEM48 IDTR
Description
The GDTR and IDTR are loaded with a linear base address and limit value
from a six-byte operand in memory by the lgdt/lidt instructions. For a
16-bit operand:
Load the register with a 16-bit limit and a 24-bit base.
94
x86 Assembly Language Reference Manual—November 1995
2
The six-byte data operand high-order eight bits are not used.
For a 32-bit operand:
Load the register with a 16-bit limit and a 32-bit base.
The six-byte data operand high-order eight bits are used as the high-order
base address bits.
All 48-bits of the six-byte data operand are always stored into by the
sgdt/sidt instructions. For a 16-bit and a 32-bit operand, the upper eight-
bits are written with the high-order eight address bits. lgdt or lidt,
when used with a 16-bit operand to load the register stored by sgdt or
sidt, stores the upper eight-bits as zeros.
lgdt and lidt are not used in application programs; they are used in
operation system. lgdt and lidt are the only instructions that load a linear
address directly in 80386 Protected Mode.
Example
Load the Global/Interrupt Descriptor Table Register from memory address
0x55555555:
lgdt 0x55555555
lidt 0x55555555
Store Machine Status Word (smsw)
smsw
r/m16
Operation
MSW r/m16
Description
The machine status word is stored by smsw in the two-byte register of
memory location pointed to by the effective address operand.
80386 machines should use MOV ..., CR0.
Instruction-Set Mapping
95
2
Example
Store the machine status word in the effective address (addressed by the
EBX register plus an offset of 5):
smsw 5(%ebx)
Load Machine Status Word (lmsw)
lmsw
r/m16
Operation
r/m16 MSW
Description
The machine status word (part of CR0) is loaded by lmsw from the source
operand. lmsw can be used to switch to Protected Mode if followed by an
intersegment jump to clear the instruction queue. lmsw cannot switch back
to Real Address Mode.
lmsw is not used in application programs. It is used in operating systems.
Example
Load the machine status word from the contents of the effective address
(addressed by the EBX register plus an offset of 5):
lmsw 5(%ebx)
Load Access Rights (lar)
lar r/m32, reg32
Operation
r/m16 (masked by FF00) r16
r/m32 (masked by 00FxFF00) r32
96
x86 Assembly Language Reference Manual—November 1995
2
Description
If the selector is visible at the CPL (modified by the RPL) and is a valid
descriptor type, lar stores a form of the second doubleword of the
descriptor for the source selector. The designated register is loaded with the
double-word (high-order) of the descriptor masked by 00FxFF00, and the
zero flag is set to 1. The x in 00Fx ... indicates that these four bits loaded by
lar are undefined. The zero flag is cleared if the selector is invisible or of
the wrong type.
The 32-bit value is stored in the 32-bit destination register if the 32-bit
operand size is specified. If the 16-bit operand size is specified, the lower 16-
bits of this value are stored in the 16-bit destination register.
For lar, all data segment descriptors and code are valid.
Example
Load access rights from the contents of the effective address (addressed by
the EBX register plus an offset of 5) into the EDX register:
lar 5(%ebx)
%edx
Load Segment Limit (lsl)
lsl r/m32, reg32
Operation
Selector rm16 (byte) r16
Selector rm32 (byte) r32
Selector rm16 (page) r16
Selector rm32 (page) r32
Instruction-Set Mapping
97
2
Description
lsl loads a register with a segment limit (unscrambled). The descriptor
type must be accepted by lsl, and the source selector must be visible at the
CPL weakened by RPL. ZF is then set to 1. Otherwise, ZF is set to 0 and the
destination register is unchanged.
The segment limit is loaded as a byte value. A page value limit in the
descriptor is translated by lsl to a byte limit before lsl loads it in the
destination register (the 20-bit limit from the descriptor is shifted left 12 and
OR’d with 00000FFFH).
lsl stores the 32-bit granular limit in the 16-bit destination register.
For lsl, code and data segment descriptors are valid.
Example
Load a segment limit from the contents of the effective address (addressed
by the EBX register plus an offset of 5) into the EDX register.
lsl 5(%ebx), %edx
Clear Task-Switched (clts)
clts
Operation
0 TS Flag in CR0
Description
The task-switched flag in register CR0 is cleared by clta. The TS Flag is set
by the 80386 for each task switch. The TS Flag is used as follows:
If the TS Flag is set, each execution of the ESC instruction is trapped.
98
x86 Assembly Language Reference Manual—November 1995
2
If the TS Flag and the MP Flag are both set, execution of a Wait instruction
is trapped.
If a task switch is made after an ESC instruction is started, save the
processor extension context before a new ESC instruction can be run. The
fault handler resets the TS Flag and saves the context.
clts is not used in application program, it is used in operating systems.
clts can only be executed at privilege level 0.
Example
Clear the TS flag:
clts
Adjust RPL Field of Selector (arpl)
arplr16, r/m16
Operation
If RPL 1 < RPL 2, 1 ZF
Description
arpl has two operands. The first operand is a 16-bit word register or
memory variable that contains the value of a selector. The second operand is
a word register. If the RPL field of the second operand is greater than the
RPL field of the first operand, ZF is set to 1 and the RPL field of the first
operand is increased to match the RPL field of the second operand.
Otherwise, no change is made to the first operand and the ZF is set to 0.
arpl is not used in application programs, it is used in operating systems.
arpl guarantees that a selector to a subroutine does not request a privilege
greater than allowed. Normally, the second operand of arpl is a register
that contains the CS selector value of the caller.
Instruction-Set Mapping
99
2
Example
arpl %sp, 5(%ebx)
Bit Instructions
Bit Scan Forward (bsf)
bsf{wl} r/m[16|32], reg[16|32]
Operation
(r/m = 0) 0 ZF
(r/m 0) 0 ZF
Description
bsf scans the bits, starting at bit 0, in the doubleword operand or the second
word. If the bits are all zero, ZF is cleared. Otherwise, ZF is set and the bit
index of the first set bit, found while scanning in the forward direction, is
loaded into the destination register.
Example
bsf 4(%edi), %edx
Bit Scan Reverse (bsr)
bsr{wl} r/m[16|32], reg[16|32]
Operation
(r/m = 0) 0 ZF
(r/m 0) 0 ZF
100
x86 Assembly Language Reference Manual—November 1995

 

 

 

 

 

 

 

 

Content      ..     1      2      3      4      ..