intel 486 software developers instruction set

Intel ArchitectureSoftware Developers

ManualVolume 2:

Instruction Set Reference

NOTE: The Intel Architecture Software Developers Manual consists ofthree volumes: Basic Architecture, Order Number 243190; Instruction Set

Reference, Order Number 243191; and the System Programming Guide,Order Number 243192.

Please refer to all three volumes when evaluating your design needs.

1997

ch01.bk : title.fm4 Page 1 Friday, January 17, 1997 12:59 PM

3/26/97 1:23 PM IADISC2.DOC

Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel orotherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditionsof Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relatingto sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability,or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical,life saving, or life sustaining applications.

Intel may make changes to specifications and product descriptions at any time, without notice.

Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined."Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arisingfrom future changes to them.

Intels Intel Architecture processors (e.g., Pentium processor, Pentium processor with MMX technology, and Pentium Proprocessor) may contain design defects or errors known as errata which may cause the product to deviate from publishedspecifications. Such errata are not covered by Intels warranty. Current characterized errata are available on request.

Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your productorder.

Copies of documents which have an ordering number and are referenced in this document, or other Intel literature, may beobtained from:

Intel Corporation P.O. Box 7641 Mt. Prospect IL 60056-7641

or call 1-800-879-4683or visit Intels website at http:\\www.intel.com

Copyright Intel Corporation 1996, 1997.

* Third-party brands and names are the property of their respective owners.

vTABLE OF CONTENTSPAGE

CHAPTER 1ABOUT THIS MANUAL1.1. OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE

DEVELOPERS MANUAL, VOLUME 2: INSTRUCTION SET REFERENCE . . . . . .1-11.2. OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE

DEVELOPERS MANUAL, VOLUME 1: BASIC ARCHITECTURE . . . . . . . . . . . . . .1-21.3. OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE

DEVELOPERS MANUAL, VOLUME 3: SYSTEM PROGRAMMING GUIDE . . . . . .1-31.4. NOTATIONAL CONVENTIONS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-51.4.1. Bit and Byte Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-51.4.2. Reserved Bits and Software Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-51.4.3. Instruction Operands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-61.4.4. Hexadecimal and Binary Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-61.4.5. Segmented Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-71.4.6. Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-71.5. RELATED LITERATURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8

CHAPTER 2INSTRUCTION FORMAT2.1. GENERAL INSTRUCTION FORMAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-12.2. INSTRUCTION PREFIXES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-12.3. OPCODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-22.4. MODR/M AND SIB BYTES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-22.5. DISPLACEMENT AND IMMEDIATE BYTES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32.6. ADDRESSING-MODE ENCODING OF MODR/M AND SIB BYTES . . . . . . . . . . . . .2-3

CHAPTER 3INSTRUCTION SET REFERENCE3.1. INTERPRETING THE INSTRUCTION REFERENCE PAGES . . . . . . . . . . . . . . . . .3-13.1.1. Instruction Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13.1.1.1. Opcode Column . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13.1.1.2. Instruction Column . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-23.1.1.3. Description Column . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-43.1.1.4. Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-43.1.2. Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-53.1.3. Flags Affected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-83.1.4. FPU Flags Affected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-83.1.5. Protected Mode Exceptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-83.1.6. Real-Address Mode Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-93.1.7. Virtual-8086 Mode Exceptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-93.1.8. Floating-Point Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-103.2. INSTRUCTION REFERENCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10

AAAASCII Adjust After Addition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11AADASCII Adjust AX Before Division. . . . . . . . . . . . . . . . . . . . . . . . . . .3-12AAMASCII Adjust AX After Multiply . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13AASASCII Adjust AL After Subtraction. . . . . . . . . . . . . . . . . . . . . . . . . .3-14ADCAdd with Carry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-15ADDAdd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17

ch01.bk : ch01.toc Page v Friday, January 17, 1997 12:59 PM

TABLE OF CONTENTS

vi

PAGE

ANDLogical AND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-19ARPLAdjust RPL Field of Segment Selector . . . . . . . . . . . . . . . . . . . . .3-21BOUNDCheck Array Index Against Bounds. . . . . . . . . . . . . . . . . . . . . .3-23BSFBit Scan Forward. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-25BSRBit Scan Reverse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-27BSWAPByte Swap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-29BTBit Test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-30BTCBit Test and Complement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-32BTRBit Test and Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-34BTSBit Test and Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-36CALLCall Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-38CBW/CWDEConvert Byte to Word/Convert Word to Doubleword . . . . .3-49CDQConvert Double to Quad. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-50CLCClear Carry Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-51CLDClear Direction Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-52CLIClear Interrupt Flag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-53CLTSClear Task-Switched Flag in CR0 . . . . . . . . . . . . . . . . . . . . . . . . .3-55CMCComplement Carry Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-56CMOVccConditional Move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-57CMPCompare Two Operands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-61CMPS/CMPSB/CMPSW/CMPSDCompare String Operands . . . . . . . .3-63CMPXCHGCompare and Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . .3-66CMPXCHG8BCompare and Exchange 8 Bytes. . . . . . . . . . . . . . . . . . .3-68CPUIDCPU Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-70CWD/CDQConvert Word to Doubleword/Convert Doubleword to Quadword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-77CWDEConvert Word to Doubleword . . . . . . . . . . . . . . . . . . . . . . . . . . .3-78DAADecimal Adjust AL after Addition . . . . . . . . . . . . . . . . . . . . . . . . . .3-79DASDecimal Adjust AL after Subtraction . . . . . . . . . . . . . . . . . . . . . . . .3-81DECDecrement by 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-82DIVUnsigned Divide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-84EMMSEmpty MMX State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-87ENTERMake Stack Frame for Procedure Parameters. . . . . . . . . . . . . .3-88F2XM1Compute 2x1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-91FABSAbsolute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-93FADD/FADDP/FIADDAdd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-95FBLDLoad Binary Coded Decimal . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-98FBSTPStore BCD Integer and Pop . . . . . . . . . . . . . . . . . . . . . . . . . . .3-100FCHSChange Sign. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-103FCLEX/FNCLEXClear Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-105FCMOVccFloating-Point Conditional Move . . . . . . . . . . . . . . . . . . . . .3-107FCOM/FCOMP/FCOMPPCompare Real . . . . . . . . . . . . . . . . . . . . . . .3-109FCOMI/FCOMIP/ FUCOMI/FUCOMIPCompare Real and Set EFLAGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-112FCOSCosine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-115FDECSTPDecrement Stack-Top Pointer . . . . . . . . . . . . . . . . . . . . . . .3-117FDIV/FDIVP/FIDIVDivide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-118

ch01.bk : ch01.toc Page vi Friday, January 17, 1997 12:59 PM

vii

TABLE OF CONTENTS

PAGE

FDIVR/FDIVRP/FIDIVRReverse Divide . . . . . . . . . . . . . . . . . . . . . . . 3-122FFREEFree Floating-Point Register. . . . . . . . . . . . . . . . . . . . . . . . . . 3-126FICOM/FICOMPCompare Integer . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-127FILDLoad Integer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129FINCSTPIncrement Stack-Top Pointer . . . . . . . . . . . . . . . . . . . . . . . 3-131FINIT/FNINITInitialize Floating-Point Unit. . . . . . . . . . . . . . . . . . . . . . 3-132FIST/FISTPStore Integer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134FLDLoad Real . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-137FLD1/FLDL2T/FLDL2E/FLDPI/FLDLG2/FLDLN2/FLDZLoad Constant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139FLDCWLoad Control Word. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141FLDENVLoad FPU Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143FMUL/FMULP/FIMULMultiply. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145FNOPNo Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148FPATANPartial Arctangent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149FPATANPartial Arctangent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151FPREM1Partial Remainder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154FPTANPartial Tangent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-157FRNDINTRound to Integer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159FRSTORRestore FPU State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160FSAVE/FNSAVEStore FPU State . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-162FSCALEScale. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-165FSINSine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167FSINCOSSine and Cosine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-169FSQRTSquare Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-171FST/FSTPStore Real . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173FSTCW/FNSTCWStore Control Word . . . . . . . . . . . . . . . . . . . . . . . . 3-176FSTENV/FNSTENVStore FPU Environment . . . . . . . . . . . . . . . . . . . 3-178FSTSW/FNSTSWStore Status Word . . . . . . . . . . . . . . . . . . . . . . . . . 3-180FSUB/FSUBP/FISUBSubtract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182FSUBR/FSUBRP/FISUBRReverse Subtract . . . . . . . . . . . . . . . . . . . 3-185FTSTTEST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-188FUCOM/FUCOMP/FUCOMPPUnordered Compare Real . . . . . . . . . 3-190FWAITWait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193FXAMExamine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-194FXCHExchange Register Contents . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196FXTRACTExtract Exponent and Significand . . . . . . . . . . . . . . . . . . . 3-198FYL2XCompute y * log2x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-200FYL2XP1Compute y * log2(x +1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202HLTHalt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204IDIVSigned Divide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205IMULSigned Multiply. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208INInput from Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211INCIncrement by 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213INS/INSB/INSW/INSDInput from Port to String . . . . . . . . . . . . . . . . . 3-215INT n/INTO/INT 3Call to Interrupt Procedure . . . . . . . . . . . . . . . . . . . 3-218INVDInvalidate Internal Caches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230

ch01.bk : ch01.toc Page vii Friday, January 17, 1997 12:59 PM

TABLE OF CONTENTS

viii

PAGE

INVLPGInvalidate TLB Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-232IRET/IRETDInterrupt Return . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-233JccJump if Condition Is Met . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-241JMPJump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-245LAHFLoad Status Flags into AH Register . . . . . . . . . . . . . . . . . . . . . .3-252LARLoad Access Rights Byte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-253LDS/LES/LFS/LGS/LSSLoad Far Pointer . . . . . . . . . . . . . . . . . . . . . .3-256LEALoad Effective Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-259LEAVEHigh Level Procedure Exit . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-261LESLoad Full Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-263LFSLoad Full Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-264LGDT/LIDTLoad Global/Interrupt Descriptor Table Register . . . . . . . .3-265LGSLoad Full Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-267LLDTLoad Local Descriptor Table Register . . . . . . . . . . . . . . . . . . . . .3-268LIDTLoad Interrupt Descriptor Table Register . . . . . . . . . . . . . . . . . . .3-270LMSWLoad Machine Status Word . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-271LOCKAssert LOCK# Signal Prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-273LODS/LODSB/LODSW/LODSDLoad String . . . . . . . . . . . . . . . . . . . .3-275LOOP/LOOPccLoop According to ECX Counter . . . . . . . . . . . . . . . . .3-278LSLLoad Segment Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-280LSSLoad Full Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-283LTRLoad Task Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-284MOVMove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-286MOVMove to/from Control Registers . . . . . . . . . . . . . . . . . . . . . . . . . .3-291MOVMove to/from Debug Registers . . . . . . . . . . . . . . . . . . . . . . . . . .3-293MOVDMove 32 Bits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-295MOVQMove 64 Bits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-297MOVS/MOVSB/MOVSW/MOVSDMove Data from String to String . . .3-299MOVSXMove with Sign-Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-302MOVZXMove with Zero-Extend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-304MULUnsigned Multiply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-306NEGTwo's Complement Negation . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-308NOPNo Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-310NOTOne's Complement Negation . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-311ORLogical Inclusive OR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-313OUTOutput to Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-315OUTS/OUTSB/OUTSW/OUTSDOutput String to Port . . . . . . . . . . . . .3-317PACKSSWB/PACKSSDWPack with Signed Saturation . . . . . . . . . . .3-320PACKUSWBPack with Unsigned Saturation . . . . . . . . . . . . . . . . . . . .3-323PADDB/PADDW/PADDDPacked Add . . . . . . . . . . . . . . . . . . . . . . . . .3-325PADDSB/PADDSWPacked Add with Saturation . . . . . . . . . . . . . . . . .3-328PADDUSB/PADDUSWPacked Add Unsigned with Saturation . . . . . .3-331PANDLogical AND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-334PANDNLogical AND NOT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-336PCMPEQB/PCMPEQW/PCMPEQDPacked Compare for Equal . . . . .3-338PCMPGTB/PCMPGTW/PCMPGTDPacked Compare for Greater Than . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-341

ch01.bk : ch01.toc Page viii Friday, January 17, 1997 12:59 PM

ix

TABLE OF CONTENTS

PAGE

PMADDWDPacked Multiply and Add . . . . . . . . . . . . . . . . . . . . . . . . . 3-344PMULHWPacked Multiply High . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-346PMULLWPacked Multiply Low . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-348POPPop a Value from the Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-350POPA/POPADPop All General-Purpose Registers . . . . . . . . . . . . . . 3-354POPF/POPFDPop Stack into EFLAGS Register . . . . . . . . . . . . . . . . 3-356PORBitwise Logical OR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-359PSLLW/PSLLD/PSLLQPacked Shift Left Logical . . . . . . . . . . . . . . . . 3-361PSRAW/PSRADPacked Shift Right Arithmetic. . . . . . . . . . . . . . . . . . 3-364PSRLW/PSRLD/PSRLQPacked Shift Right Logical. . . . . . . . . . . . . . 3-367PSUBB/PSUBW/PSUBDPacked Subtract . . . . . . . . . . . . . . . . . . . . . 3-370PSUBSB/PSUBSWPacked Subtract with Saturation . . . . . . . . . . . . . 3-373PSUBUSB/PSUBUSWPacked Subtract Unsigned with Saturation . . 3-376PUNPCKHBW/PUNPCKHWD/PUNPCKHDQUnpack High Packed Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-379PUNPCKLBW/PUNPCKLWD/PUNPCKLDQUnpack Low Packed Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-382PUSHPush Word or Doubleword Onto the Stack. . . . . . . . . . . . . . . . 3-385PUSHA/PUSHADPush All General-Purpose Registers . . . . . . . . . . . 3-388PUSHF/PUSHFDPush EFLAGS Register onto the Stack . . . . . . . . . 3-390PXORLogical Exclusive OR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-392RCL/RCR/ROL/ROR-Rotate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-394RDMSRRead from Model Specific Register. . . . . . . . . . . . . . . . . . . . 3-399RDPMCRead Performance-Monitoring Counters. . . . . . . . . . . . . . . . 3-401RDTSCRead Time-Stamp Counter . . . . . . . . . . . . . . . . . . . . . . . . . . 3-403REP/REPE/REPZ/REPNE /REPNZRepeat String Operation Prefix . 3-404RETReturn from Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-407ROL/RORRotate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-413RSMResume from System Management Mode . . . . . . . . . . . . . . . . . 3-414SAHFStore AH into Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-415SAL/SAR/SHL/SHRShift. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-416SBBInteger Subtraction with Borrow . . . . . . . . . . . . . . . . . . . . . . . . . 3-420SCAS/SCASB/SCASW/SCASDScan String. . . . . . . . . . . . . . . . . . . . 3-422SETccSet Byte on Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-425SGDT/SIDTStore Global/Interrupt Descriptor Table Register . . . . . . 3-427SHL/SHRShift Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-429SHLDDouble Precision Shift Left . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-430SHRDDouble Precision Shift Right. . . . . . . . . . . . . . . . . . . . . . . . . . . 3-432SIDTStore Interrupt Descriptor Table Register. . . . . . . . . . . . . . . . . . 3-434SLDTStore Local Descriptor Table Register. . . . . . . . . . . . . . . . . . . . 3-435SMSWStore Machine Status Word . . . . . . . . . . . . . . . . . . . . . . . . . . 3-437STCSet Carry Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-439STDSet Direction Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-440STISet Interrupt Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-441STOS/STOSB/STOSW/STOSDStore String . . . . . . . . . . . . . . . . . . . 3-443STRStore Task Register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-446SUBSubtract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-448

ch01.bk : ch01.toc Page ix Friday, January 17, 1997 12:59 PM

TABLE OF CONTENTS

x

PAGE

TESTLogical Compare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-450UD2Undefined Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-452VERR, VERWVerify a Segment for Reading or Writing . . . . . . . . . . . .3-453WAIT/FWAITWait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-455WBINVDWrite Back and Invalidate Cache. . . . . . . . . . . . . . . . . . . . . .3-456WRMSRWrite to Model Specific Register . . . . . . . . . . . . . . . . . . . . . .3-458XADDExchange and Add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-460XCHGExchange Register/Memory with Register. . . . . . . . . . . . . . . . .3-462XLAT/XLATBTable Look-up Translation . . . . . . . . . . . . . . . . . . . . . . .3-464XORLogical Exclusive OR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-466

APPENDIX AOPCODE MAPA.1. KEY TO ABBREVIATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1A.1.1. Codes for Addressing Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1A.1.2. Codes for Operand Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2A.1.3. Register Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3A.2. ONE-BYTE OPCODE INTEGER INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . A-3A.3. TWO-BYTE OPCODE INTEGER INSTRUCTIONS. . . . . . . . . . . . . . . . . . . . . . . . . A-3A.4. OPCODE EXTENSIONS FOR ONE- AND TWO-BYTE OPCODES . . . . . . . . . . . . A-8A.5. ESCAPE OPCODE INSTRUCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9A.5.1. Escape Opcodes with D8 as First Byte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10A.5.2. Escape Opcodes with D9 as First Byte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-12A.5.3. Escape Opcodes with DA as First Byte. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-14A.5.4. Escape Opcodes with DB as First Byte. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-16A.5.5. Escape Opcodes with DC as First Byte. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-18A.5.6. Escape Opcodes with DD as First Byte. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-20A.5.7. Escape Opcodes with DE as First Byte. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-22A.5.8. Escape Opcodes with DF As First Byte. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-24

APPENDIX BINSTRUCTION FORMATS AND ENCODINGSB.1. MACHINE INSTRUCTION FORMAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1B.1.1. Reg Field (reg). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2B.1.2. Encoding of Operand Size Bit (w) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3B.1.3. Sign Extend (s) Bit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3B.1.4. Segment Register Field (sreg). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4B.1.5. Special-Purpose Register (eee) Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4B.1.6. Condition Test Field (tttn) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-5B.1.7. Direction (d) Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-5B.2. INTEGER INSTRUCTION FORMATS AND ENCODINGS . . . . . . . . . . . . . . . . . . . B-6B.3. MMX INSTRUCTION FORMATS AND ENCODINGS . . . . . . . . . . . . . . . . . . . . B-19B.3.1. Granularity Field (gg). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-19B.3.2. MMX and General-Purpose Register Fields (mmxreg

and reg) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-19B.3.3. MMX Instruction Formats and Encodings Table . . . . . . . . . . . . . . . . . . . . . . B-20B.4. FLOATING-POINT INSTRUCTION FORMATS AND ENCODINGS . . . . . . . . . . . B-24

ch01.bk : ch01.toc Page x Friday, January 17, 1997 12:59 PM

xi

TABLE OF FIGURESPAGE

Figure 1-1. Bit and Byte Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5Figure 2-1. Intel Architecture Instruction Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1Figure 3-1. Bit Offset for BIT[EAX,21] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7Figure 3-2. Memory Bit Indexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8Figure 3-3. Version and Feature Information in Registers EAX and EDX. . . . . . . . . . . . .3-71Figure 3-4. Operation of MOVD Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-295Figure 3-5. Operation of the MOVQ Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-297Figure 3-6. Operation of the PACKSSDW Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . .3-320Figure 3-7. Operation of the PACKUSWB Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . .3-323Figure 3-8. Operation of the PADDW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-325Figure 3-9. Operation of the PADDSW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-328Figure 3-10. Operation of the PADDUSB Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-331Figure 3-11. Operation of the PAND Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-334Figure 3-12. Operation of the PANDN Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-336Figure 3-13. Operation of the PCMPEQW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . .3-338Figure 3-14. Operation of the PCMPGTW Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . .3-341Figure 3-15. Operation of the PMADDWD Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . .3-344Figure 3-16. Operation of the PMULHW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-346Figure 3-17. Operation of the PMULLW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-348Figure 3-18. Operation of the POR Instruction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-359Figure 3-19. Operation of the PSLLW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-361Figure 3-20. Operation of the PSRAW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-364Figure 3-21. Operation of the PSRLW Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-367Figure 3-22. Operation of the PSUBW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-370Figure 3-23. Operation of the PSUBSW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-373Figure 3-24. Operation of the PSUBUSB Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-376Figure 3-25. High-Order Unpacking and Interleaving of Bytes

With the PUNPCKHBW Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-379Figure 3-26. Low-Order Unpacking and Interleaving of Bytes

With the PUNPCKLBW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-382Figure 3-27. Operation of the PXOR Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-392Figure A-1. ModR/M Byte nnn Field (Bits 5, 4, and 3). . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8Figure B-1. General Machine Instruction Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1Figure B-2. Key to Codes for MMX Data Type Cross-Reference . . . . . . . . . . . . . . . . B-20

ch01.bk : ch01.lof Page xi Friday, January 17, 1997 12:59 PM

xii

TABLE OF TABLESPAGE

Table 2-1. 16-Bit Addressing Forms with the ModR/M Byte . . . . . . . . . . . . . . . . . . . . . . .2-4Table 2-2. 32-Bit Addressing Forms with the ModR/M Byte . . . . . . . . . . . . . . . . . . . . . . .2-5Table 2-3. 32-Bit Addressing Forms with the SIB Byte . . . . . . . . . . . . . . . . . . . . . . . . . . .2-6Table 3-1. Register Encodings Associated with the +rb, +rw, and +rd Nomenclature. . . .3-2Table 3-2. Exception Mnemonics, Names, and Vector Numbers . . . . . . . . . . . . . . . . . . .3-9Table 3-3. Floating-Point Exception Mnemonics and Names . . . . . . . . . . . . . . . . . . . . .3-10Table 3-4. Information Returned by CPUID Instruction . . . . . . . . . . . . . . . . . . . . . . . . . .3-70Table 3-5. Processor Type Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-72Table 3-6. Feature Flags Returned in EDX Register . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-72Table 3-7. Encoding of Cache and TLB Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-74Table A-1. One-Byte Opcode Map1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4Table A-2. Two Byte Opcode Map (First byte is 0FH)1 . . . . . . . . . . . . . . . . . . . . . . . . . . A-6Table A-3. Opcode Extensions for One- and Two-Byte Opcodes by Group Number1 . . A-8Table A-4. D8 Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-10Table A-5. D8 Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-11Table A-6. D9 Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-12Table A-7. D9 Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-13Table A-8. DA Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-14Table A-9. DA Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-15Table A-10. DB Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-16Table A-11. DB Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-17Table A-12. DC Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-18Table A-13. DC Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-19Table A-14. DD Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-20Table A-15. DD Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-21Table A-16. DE Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-22Table A-17. DE Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-23Table A-18. DF Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-24Table A-19. DF Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-25Table B-1. Special Fields Within Instruction Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . B-2Table B-2. Encoding of reg Field When w Field is Not Present in Instruction . . . . . . . . . B-2Table B-3. Encoding of reg Field When w Field is Present in Instruction. . . . . . . . . . . . . B-3Table B-4. Encoding of Operand Size (w) Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3Table B-5. Encoding of Sign-Extend (s) Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3Table B-6. Encoding of the Segment Register (sreg) Field . . . . . . . . . . . . . . . . . . . . . . . B-4Table B-7. Encoding of Special-Purpose Register (eee) Field. . . . . . . . . . . . . . . . . . . . . B-4Table B-8. Encoding of Conditional Test (tttn) Field. . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-5Table B-9. Encoding of Operation Direction (d) Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6Table B-10. Integer Instruction Formats and Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . B-6Table B-11. Encoding of Granularity of Data Field (gg) . . . . . . . . . . . . . . . . . . . . . . . . . . B-19Table B-12. Encoding of the MMX Register Field (mmxreg) . . . . . . . . . . . . . . . . . . . . B-19Table B-13. Encoding of the General-Purpose Register Field (reg) When

Used in MMX Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-20Table B-14. MMX Instruction Formats and Encodings . . . . . . . . . . . . . . . . . . . . . . . . . B-20Table B-15. General Floating-Point Instruction Formats . . . . . . . . . . . . . . . . . . . . . . . . . B-24Table B-16. Floating-Point Instruction Formats and Encodings . . . . . . . . . . . . . . . . . . . . B-25

ch01.bk : ch01.lot Page xii Friday, January 17, 1997 12:59 PM

1About This Manual

ch01.bk : ch01div.doc Page 1 Friday, January 17, 1997 12:59 PM

1-1

CHAPTER 1ABOUT THIS MANUAL

The Intel Architecture Software Developers Manual, Volume 2: Instruction Set Reference(Order Number 243191) is part of a three-volume set that describes the architecture andprogramming environment of all Intel Architecture processors. The other two volumes in thisset are:

The Intel Architecture Software Developers Manual, Volume 1: Basic Architecture (OrderNumber 243190).

The Intel Architecture Software Developers Manual, Volume 3: System Programing Guide(Order Number 243192).

The Intel Architecture Software Developers Manual, Volume 1, describes the basic architectureand programming environment of an Intel Architecture processor; the Intel Architecture Soft-ware Developers Manual, Volume 2, describes the instructions set of the processor and theopcode structure. These two volumes are aimed at application programmers who are writingprograms to run under existing operating systems or executives. The Intel Architecture SoftwareDevelopers Manual, Volume 3, describes the operating-system support environment of an IntelArchitecture processor, including memory management, protection, task management, interruptand exception handling, and system management mode. It also provides Intel Architectureprocessor compatibility information. This volume is aimed at operating-system and BIOSdesigners and programmers.

1.1. OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE DEVELOPERS MANUAL, VOLUME 2: INSTRUCTION SET REFERENCE

The contents of this manual are as follows:

Chapter 1 About This Manual. Gives an overview of all three volumes of the Intel Archi-tecture Software Developers Manual. It also describes the notational conventions in thesemanuals and lists related Intel manuals and documentation of interest to programmers and hard-ware designers.

Chapter 2 Instruction Format. Describes the machine-level instruction format used for allIntel Architecture instructions and gives the allowable encodings of prefixes, the operand-iden-tifier byte (ModR/M byte), the addressing-mode specifier byte (SIB byte), and the displacementand immediate bytes.Chapter 3 Instruction Set Reference. Describes each of the Intel Architecture instructionsin detail, including an algorithmic description of operations, the effect on flags, the effect ofoperand- and address-size attributes, and the exceptions that may be generated. The instructionsare arranged in alphabetical order. The MMX instructions are included in this chapter.

ch01.bk : ch01.doc Page 1 Friday, January 17, 1997 12:59 PM

1-2

ABOUT THIS MANUAL

Appendix A Opcode Map. Gives an opcode map for the Intel Architecture instruction set.Appendix B Instruction Formats and Encodings. Gives the binary encoding of each formof each Intel Architecture instruction.

1.2. OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE DEVELOPERS MANUAL, VOLUME 1: BASIC ARCHITECTURE

The contents of the Intel Architecture Software Developers Manual, Volume 1, are as follows:Chapter 1 About This Manual. Gives an overview of all three volumes of the Intel Archi-tecture Software Developers Manual. It also describes the notational conventions in thesemanuals and lists related Intel manuals and documentation of interest to programmers and hard-ware designers.

Chapter 2 Introduction to the Intel Architecture. Introduces the Intel Architecture and thefamilies of Intel processors that are based on this architecture. It also gives an overview of thecommon features found in these processors and brief history of the Intel Architecture.Chapter 3 Basic Execution Environment. Introduces the models of memory organizationand describes the register set used by applications.

Chapter 4 Procedure Calls, Interrupts, and Exceptions. Describes the procedure stackand the mechanisms provided for making procedure calls and for servicing interrupts andexceptions.

Chapter 5 Data Types and Addressing Modes. Describes the data types and addressingmodes recognized by the processor.

Chapter 6 Instruction Set Summary. Gives an overview of all the Intel Architectureinstructions except those executed by the processors floating-point unit. The instructions arepresented in functionally related groups.

Chapter 7 Floating-Point Unit. Describes the Intel Architecture floating-point unit,including the floating-point registers and data types; gives an overview of the floating-pointinstruction set; and describes the processor's floating-point exception conditions.

Chapter 8 Programming with Intel MMX Technology. Describes the Intel MMX tech-nology, including MMX registers and data types, and gives an overview of the MMX instructionset.

Chapter 9 Input/Output. Describes the processors I/O architecture, including I/O portaddressing, the I/O instructions, and the I/O protection mechanism. Chapter 10 Processor Identification and Feature Determination. Describes how to deter-mine the CPU type and the features that are available in the processor.

Appendix A EFLAGS Cross-Reference. Summaries how the Intel Architecture instructionsaffect the flags in the EFLAGS register.


1-3

ABOUT THIS MANUAL

Appendix B EFLAGS Condition Codes. Summarizes how the conditional jump, move, andbyte set on condition code instructions use the condition code flags (OF, CF, ZF, SF, and PF) inthe EFLAGS register.

Appendix C Floating-Point Exceptions Summary. Summarizes the exceptions that can beraised by floating-point instructions.Appendix D Guidelines for Writing FPU Exception Handlers. Describes how to designand write MS-DOS* compatible exception handling facilities for FPU exceptions, includingboth software and hardware requirements and assembly-language code examples. This appendixalso describes general techniques for writing robust FPU exception handlers.

1.3. OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE DEVELOPERS MANUAL, VOLUME 3: SYSTEM PROGRAMMING GUIDE

The contents of the Intel Architecture Software Developers Manual, Volume 3, are as follows:Chapter 1 About This Manual. Gives an overview of all three volumes of the Intel Archi-tecture Software Developers Manual. It also describes the notational conventions in thesemanuals and lists related Intel manuals and documentation of interest to programmers and hard-ware designers.

Chapter 2 System Architecture Overview. Describes the modes of operation of an IntelArchitecture processor and the mechanisms provided in the Intel Architecture to support oper-ating systems and executives, including the system-oriented registers and data structures and thesystem-oriented instructions. The steps necessary for switching between real-address andprotected modes are also identified.

Chapter 3 Protected-Mode Memory Management. Describes the data structures, registers,and instructions that support segmentation and paging and explains how they can be used toimplement a flat (unsegmented) memory model or a segmented memory model.Chapter 4 Protection. Describes the support for page and segment protection provided inthe Intel Architecture. This chapter also explains the implementation of privilege rules, stackswitching, pointer validation, user and supervisor modes.

Chapter 5 Interrupt and Exception Handling. Describes the basic interrupt mechanismsdefined in the Intel Architecture, shows how interrupts and exceptions relate to protection, anddescribes how the architecture handles each exception type. Reference information for eachIntel Architecture exception is given at the end of this chapter.Chapter 6 Task Management. Describes the mechanisms the Intel Architecture provides tosupport multitasking and inter-task protection.

Chapter 7 Multiple Processor Management. Describes the instructions and flags thatsupport multiple processors with shared memory, memory ordering, and the advanced program-mable interrupt controller (APIC).


1-4

ABOUT THIS MANUAL

Chapter 8 Processor Management and Initialization. Defines the state of an Intel Archi-tecture processor and its floating-point unit after reset initialization. This chapter also explainshow to set up an Intel Architecture processor for real-address mode operation and protectedmode operation, and how to switch between modes.

Chapter 9 Memory Cache Control. Describes the general concept of caching and thecaching mechanisms supported by the Intel Architecture. This chapter also describes thememory type range registers (MTRRs) and how they can be used to map memory types of phys-ical memory. MTRRs were introduced into the Intel Architecture with the Pentium Proprocessor.

Chapter 10 MMX Technology System Programming Model. Describes those aspectsof the Intel MMX technology that must be handled and considered at the system programminglevel, including task switching, exception handling, and compatibility with existing system envi-ronments.

Chapter 11 System Management Mode (SMM). Describes the Intel Architectures systemmanagement mode (SMM), which can be used to implement power management functions.Chapter 12 Machine Check Architecture. Describes the machine check architecture,which was introduced into the Intel Architecture with the Pentium processor.Chapter 13 Code Optimization. Discusses general optimization techniques for program-ming an Intel Architecture processor.

Chapter 14 Debugging and Performance Monitoring. Describes the debugging registersand other debug mechanism provided in the Intel Architecture. This chapter also describes thetime-stamp counter and the performance monitoring counters.

Chapter 15 8086 Emulation. Describes the real-address and virtual-8086 modes of the IntelArchitecture.

Chapter 16 Mixing 16-Bit and 32-Bit Code. Describes how to mix 16-bit and 32-bit codemodules within the same program or task.

Chapter 17 Intel Architecture Compatibility. Describes the programming differencesbetween the Intel 286, Intel386, Intel486, Pentium, and Pentium Pro processors. The differ-ences among the 32-bit Intel Architecture processors (the Intel386, Intel486, Pentium, andPentium Pro processors) are described throughout the three volumes of the Intel ArchitectureSoftware Developers Manual, as relevant to particular features of the architecture. This chapterprovides a collection of all the relevant compatibility information for all Intel Architectureprocessors and also describes the basic differences with respect to the 16-bit Intel Architectureprocessors (the Intel 8086 and Intel 286 processors).Appendix A Performance-Monitoring Counters. Lists the events that can be counted withthe performance-monitoring counters and the codes used to select these events.

Appendix B Model Specific Registers (MSRs). Lists the MSRs available in the Pentium Proprocessor and their functions.


1-5

ABOUT THIS MANUAL

1.4. NOTATIONAL CONVENTIONSThis manual uses special notation for data-structure formats, for symbolic representation ofinstructions, and for hexadecimal numbers. A review of this notation makes the manual easierto read.

1.4.1. Bit and Byte OrderIn illustrations of data structures in memory, smaller addresses appear toward the bottom of thefigure; addresses increase toward the top. Bit positions are numbered from right to left. Thenumerical value of a set bit is equal to two raised to the power of the bit position. Intel Architec-ture processors is a little endian machines; this means the bytes of a word are numberedstarting from the least significant byte. Figure 1-1 illustrates these conventions.

1.4.2. Reserved Bits and Software CompatibilityIn many register and memory layout descriptions, certain bits are marked as reserved. When bitsare marked as reserved, it is essential for compatibility with future processors that software treatthese bits as having a future, though unknown, effect. The behavior of reserved bits should beregarded as not only undefined, but unpredictable. Software should follow these guidelines indealing with reserved bits:

Do not depend on the states of any reserved bits when testing the values of registers whichcontain such bits. Mask out the reserved bits before testing.

Do not depend on the states of any reserved bits when storing to memory or to a register.

Do not depend on the ability to retain information written into any reserved bits.

When loading a register, always load the reserved bits with the values indicated in thedocumentation, if any, or reload them with values previously read from the same register.

Figure 1-1. Bit and Byte Order

Byte 3

HighestData Structure

Byte 1Byte 2 Byte 0

31 24 23 16 15 8 7 0Address

Lowest

Bit offset2824201612840 Address

Byte Offset


1-6

ABOUT THIS MANUAL

NOTEAvoid any software dependence upon the state of reserved bits in Intel Archi-tecture registers. Depending upon the values of reserved register bits willmake software dependent upon the unspecified manner in which theprocessor handles these bits. Depending upon reserved values risks incompat-ibility with future processors.

1.4.3. Instruction OperandsWhen instructions are represented symbolically, a subset of the Intel Architecture assemblylanguage is used. In this subset, an instruction has the following format:label: mnemonic argument1, argument2, argument3

where:

A label is an identifier which is followed by a colon.

A mnemonic is a reserved name for a class of instruction opcodes which have the samefunction.

The operands argument1, argument2, and argument3 are optional. There may be from zeroto three operands, depending on the opcode. When present, they take the form of eitherliterals or identifiers for data items. Operand identifiers are either reserved names ofregisters or are assumed to be assigned to data items declared in another part of theprogram (which may not be shown in the example).

When two operands are present in an arithmetic or logical instruction, the right operand is thesource and the left operand is the destination. For example:LOADREG: MOV EAX, SUBTOTAL

In this example LOADREG is a label, MOV is the mnemonic identifier of an opcode, EAX isthe destination operand, and SUBTOTAL is the source operand. Some assembly languages putthe source and destination in reverse order.

1.4.4. Hexadecimal and Binary NumbersBase 16 (hexadecimal) numbers are represented by a string of hexadecimal digits followed bythe character H (for example, F82EH). A hexadecimal digit is a character from the following set:0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.Base 2 (binary) numbers are represented by a string of 1s and 0s, sometimes followed by thecharacter B (for example, 1010B). The B designation is only used in situations where confu-sion as to the type of number might arise.


1-7

ABOUT THIS MANUAL

1.4.5. Segmented AddressingThe processor uses byte addressing. This means memory is organized and accessed as asequence of bytes. Whether one or more bytes are being accessed, a byte address is used to locatethe byte or bytes memory. The range of memory that can be addressed is called an addressspace.

The processor also supports segmented addressing. This is a form of addressing where aprogram may have many independent address spaces, called segments. For example, a programcan keep its code (instructions) and stack in separate segments. Code addresses would alwaysrefer to the code space, and stack addresses would always refer to the stack space. The followingnotation is used to specify a byte address within a segment:Segment-register:Byte-addressFor example, the following segment address identifies the byte at address FF79H in the segmentpointed by the DS register:DS:FF79H

The following segment address identifies an instruction address in the code segment. The CSregister points to the code segment and the EIP register contains the address of the instruction.CS:EIP

1.4.6. ExceptionsAn exception is an event that typically occurs when an instruction causes an error. For example,an attempt to divide by zero generates an exception. However, some exceptions, such as break-points, occur under other conditions. Some types of exceptions may provide error codes. Anerror code reports additional information about the error. An example of the notation used toshow an exception and error code is shown below.#PF(fault code)

This example refers to a page-fault exception under conditions where an error code naming atype of fault is reported. Under some conditions, exceptions which produce error codes may notbe able to report an accurate code. In this case, the error code is zero, as shown below for ageneral-protection exception.#GP(0)

See Chapter 5, Interrupt and Exception Handling, in the Intel Architecture Software DevelopersManual, Volume 3, for a list of exception mnemonics and their descriptions.


1-8

ABOUT THIS MANUAL

1.5. RELATED LITERATUREThe following books contain additional material related to Intel processors: Intel Pentium Pro Processor Specification Update, Order Number 242689. Intel Pentium Processor Specification Update, Order Number 242480. AP-485, Intel Processor Identification and the CPUID Instruction, Order Number 241618. AP-578, Software and Hardware Considerations for FPU Exception Handlers for Intel

Architecture Processors, Order Number 242415-001. Pentium Pro Processor Family Developers Manual, Volume 1: Specifications, Order

Number 242690-001. Pentium Processor Family Developers Manual, Order Number 241428.

Intel486 Microprocessor Data Book, Order Number 240440.

Intel486 SX CPU/Intel487 SX Math Coprocessor Data Book, Order Number 240950. Intel486 DX2 Microprocessor Data Book, Order Number 241245. Intel486 Microprocessor Product Brief Book, Order Number 240459. Intel386 Processor Hardware Reference Manual, Order Number 231732. Intel386 Processor System Software Writer's Guide, Order Number 231499. Intel386 High-Performance 32-Bit CHMOS Microprocessor with Integrated Memory

Management, Order Number 231630. 376 Embedded Processor Programmer's Reference Manual, Order Number 240314. 80387 DX User's Manual Programmer's Reference, Order Number 231917. 376 High-Performance 32-Bit Embedded Processor, Order Number 240182. Intel386 SX Microprocessor, Order Number 240187.

Microprocessor and Peripheral Handbook (Vol. 1), Order Number 230843. AP-528, Optimizations for Intel's 32-Bit Processors, Order Number 242816-001.


2Instruction Format


2-1

CHAPTER 2INSTRUCTION FORMAT

This chapter describes the instruction format for all Intel Architecture processors.

2.1. GENERAL INSTRUCTION FORMATAll Intel Architecture instruction encodings are subsets of the general instruction format shownin Figure 2-1. Instructions consist of optional instruction prefixes (in any order), one or twoprimary opcode bytes, an addressing-form specifier (if required) consisting of the ModR/M byteand sometimes the SIB (Scale-Index-Base) byte, a displacement (if required), and an immediatedata field (if required).

2.2. INSTRUCTION PREFIXESThe instruction prefixes are divided into four groups, each with a set of allowable prefix codes: Lock and repeat prefixes.

F0HLOCK prefix. F2HREPNE/REPNZ prefix (used only with string instructions). F3HREP prefix (used only with string instructions). F3HREPE/REPZ prefix (used only with string instructions).

Segment override. 2EHCS segment override prefix. 36HSS segment override prefix.

Figure 2-1. Intel Architecture Instruction Format

InstructionPrefixes Opcode ModR/M SIB Displacement Immediate

Mod R/MReg/Opcode

027 6 5 3

Scale Base

027 6 5 3

Index

Immediatedata of

1, 2, or 4bytes or none

Addressdisplacementof 1, 2, or 4

bytes or none

1 byte(if required)

1 byte(if required)

1 or 2 byteopcode

Up to fourprefixes of

1-byte each(optional)


2-2

INSTRUCTION FORMAT

3EHDS segment override prefix. 26HES segment override prefix. 64HFS segment override prefix. 65HGS segment override prefix.

Operand-size override, 66H Address-size override, 67HFor each instruction, one prefix may be used from each of these groups and be placed in anyorder. The effect of redundant prefixes (more than one prefix from a group) is undefined and mayvary from processor to processor.

2.3. OPCODEThe primary opcode is either 1 or 2 bytes. An additional 3-bit opcode field is sometimes encodedin the ModR/M byte. Smaller encoding fields can be defined within the primary opcode. Thesefields define the direction of the operation, the size of displacements, the register encoding,condition codes, or sign extension. The encoding of fields in the opcode varies, depending onthe class of operation.

2.4. MODR/M AND SIB BYTESMost instructions that refer to an operand in memory have an addressing-form specifier byte(called the ModR/M byte) following the primary opcode. The ModR/M byte contains threefields of information:

The mod field combines with the r/m field to form 32 possible values: eight registers and24 addressing modes.

The reg/opcode field specifies either a register number or three more bits of opcode infor-mation. The purpose of the reg/opcode field is specified in the primary opcode.

The r/m field can specify a register as an operand or can be combined with the mod field toencode an addressing mode.

Certain encodings of the ModR/M byte require a second addressing byte, the SIB byte, to fullyspecify the addressing form. The base-plus-index and scale-plus-index forms of 32-bitaddressing require the SIB byte. The SIB byte includes the following fields:

The scale field specifies the scale factor. The index field specifies the register number of the index register. The base field specifies the register number of the base register.See Section 2.6., Addressing-Mode Encoding of ModR/M and SIB Bytes, for the encodingsof the ModR/M and SIB bytes.


2-3

INSTRUCTION FORMAT

2.5. DISPLACEMENT AND IMMEDIATE BYTESSome addressing forms include a displacement immediately following either the ModR/M orSIB byte. If a displacement is required, it can be 1, 2, or 4 bytes.If the instruction specifies an immediate operand, the operand always follows any displacementbytes. An immediate operand can be 1, 2 or 4 bytes.

2.6. ADDRESSING-MODE ENCODING OF MODR/M AND SIB BYTES

The values and the corresponding addressing forms of the ModR/M and SIB bytes are shown inTables 2-1 through 2-3. The 16-bit addressing forms specified by the ModR/M byte are in Table2-1, and the 32-bit addressing forms specified by the ModR/M byte are in Table 2-2. Table 2-3shows the 32-bit addressing forms specified by the SIB byte.In Tables 2-1 and 2-2, the first column (labeled Effective Address) lists 32 different effectiveaddresses that can be assigned to one operand of an instruction by using the Mod and R/M fieldsof the ModR/M byte. The first 24 give the different ways of specifying a memory location; thelast 8 (specified by the Mod field encoding 11B) give the ways of specifying the general purposeand MMX registers. Each of the register encodings list four possible registers. For example, thefirst register-encoding (selected by the R/M field encoding of 000B) indicates the general-purpose registers EAX, AX or AL, or the MMX register MM0. Which of these four registers isused is determined by the opcode byte and the operand-size attribute, which select either theEAX register (32 bits) or AX register (16 bits). The second and third columns in Tables 2-1 and 2-2 gives the binary encodings of the Mod andR/M fields in the ModR/M byte, respectively, required to obtain the associated effective addresslisted in the first column. All 32 possible combinations of the Mod and R/M fields are listed.Across the top of Tables 2-1 and 2-2, the 8 possible values of the 3-bit Reg/Opcode field arelisted, in decimal (fifth row from top) and in binary (sixth row from top). The sixth row is labeledREG= which represents the use of these 3 bits to give the location of a second operand, whichmust be a general-purpose register or an MMX register. If the instruction does not require asecond operand to be specified, then the 3 bits of the Reg/Opcode field may be used as an exten-sion of the opcode, which is represented by the fifth row, labeled /digit (Opcode). The fourrows above give the byte, word and doubleword general-purpose registers and the MMX regis-ters that correspond to the register numbers, with the same assignments as for the R/M fieldwhen Mod field encoding is 11B. As with the R/M field register options, which of the fourpossible registers is used is determined by the opcode byte along with the operand-size attribute.The body of Tables 2-1 and 2-2 (under the label Value of ModR/M Byte (in Hexadecimal))contains a 32 by 8 array giving all of the 256 values of the ModR/M byte, in hexadecimal. Bits3, 4 and 5 are specified by the column of the table in which a byte resides, and the row specifiesbits 0, 1 and 2, and also bits 6 and 7.


2-4

INSTRUCTION FORMAT

NOTES:1. The default segment register is SS for the effective addresses containing a BP index, DS for other effec-

tive addresses.2. The disp16 nomenclature denotes a 16-bit displacement following the ModR/M byte, to be added to the

index. 3. The disp8 nomenclature denotes an 8-bit displacement following the ModR/M byte, to be sign-extended

and added to the index.

Table 2-1. 16-Bit Addressing Forms with the ModR/M Byter8(/r)r16(/r)r32(/r)mm(/r)/digit (Opcode)REG =

ALAXEAXMM00000

CLCXECXMM11001

DLDXEDXMM22010

BLBXEBXMM33011

AHSPESPMM44100

CHBP1EBPMM55101

DHSIESIMM66110

BHDIEDIMM77111

EffectiveAddress Mod R/M Value of ModR/M Byte (in Hexadecimal)

[BX+SI][BX+DI][BP+SI][BP+DI][SI][DI]disp162[BX]

00 000001010011100101110111

0001020304050607

08090A0B0C0D0E0F

1011121314151617

18191A1B1C1D1E1F

2021222324252627

28292A2B2C2D2E2F

3031323334353637

38393A3B3C3D3E3F

[BX+SI]+disp83[BX+DI]+disp8[BP+SI]+disp8[BP+DI]+disp8[SI]+disp8[DI]+disp8[BP]+disp8[BX]+disp8

01 000001010011100101110111

4041424344454647

48494A4B4C4D4E4F

5051525354555657

58595A5B5C5D5E5F

6061626364656667

68696A6B6C6D6E6F

7071727374757677

78797A7B7C7D7E7F

[BX+SI]+disp16[BX+DI]+disp16[BP+SI]+disp16[BP+DI]+disp16[SI]+disp16[DI]+disp16[BP]+disp16[BX]+disp16

10 000001010011100101110111

8081828384858687

88898A8B8C8D8E8F

9091929394959697

98999A9B9C9D9E9F

A0A1A2A3A4A5A6A7

A8A9AAABACADAEAF

B0B1B2B3B4B5B6B7

B8B9BABBBCBDBEBF

EAX/AX/AL/MM0ECX/CX/CL/MM1EDX/DX/DL/MM2EBX/BX/BL/MM3ESP/SP/AHMM4EBP/BP/CH/MM5ESI/SI/DH/MM6EDI/DI/BH/MM7

11 000001010011100101110111

C0C1C2C3C4C5C6C7

C8C9CACBCCCDCECF

D0D1D2D3D4D5D6D7

D8D9DADBDCDDDEDF

E0EQE2E3E4E5E6E7

E8E9EAEBECEDEEEF

F0F1F2F3F4F5F6F7

F8F9FAFBFCFDFEFF


2-5

INSTRUCTION FORMAT

NOTES:1. The [--][--] nomenclature means a SIB follows the ModR/M byte.2. The disp32 nomenclature denotes a 32-bit displacement following the SIB byte, to be added to the index.3. The disp8 nomenclature denotes an 8-bit displacement following the SIB byte, to be sign-extended and

added to the index.

Table 2-2. 32-Bit Addressing Forms with the ModR/M Byter8(/r)r16(/r)r32(/r)mm(/r)/digit (Opcode)REG =

ALAXEAXMM00000

CLCXECXMM11001

DLDXEDXMM22010

BLBXEBXMM33011

AHSPESPMM44100

CHBPEBPMM55101

DHSIESIMM66110

BHDIEDIMM77111

EffectiveAddress Mod R/M Value of ModR/M Byte (in Hexadecimal)

[EAX][ECX][EDX][EBX][--][--]1disp322[ESI][EDI]

00 000001010011100101110111

0001020304050607

08090A0B0C0D0E0F

1011121314151617

18191A1B1C1D1E1F

2021222324252627

28292A2B2C2D2E2F

3031323334353637

38393A3B3C3D3E3F

disp8[EAX]3disp8[ECX]disp8[EDX]disp8[EBX];disp8[--][--]disp8[EBP]disp8[ESI]disp8[EDI]

01 000001010011100101110111

4041424344454647

48494A4B4C4D4E4F

5051525354555657

58595A5B5C5D5E5F

6061626364656667

68696A6B6C6D6E6F

7071727374757677

78797A7B7C7D7E7F

disp32[EAX]disp32[ECX]disp32[EDX]disp32[EBX]disp32[--][--]disp32[EBP]disp32[ESI]disp32[EDI]

10 000001010011100101110111

8081828384858687

88898A8B8C8D8E8F

9091929394959697

98999A9B9C9D9E9F

A0A1A2A3A4A5A6A7

A8A9AAABACADAEAF

B0B1B2B3B4B5B6B7

B8B9BABBBCBDBEBF

EAX/AX/AL/MM0ECX/CX/CL/MM1EDX/DX/DL/MM2EBX/BX/BL/MM3ESP/SP/AH/MM4EBP/BP/CH/MM5ESI/SI/DH/MM6EDI/DI/BH/MM7

11 000001010011100101110111

C0C1C2C3C4C5C6C7

C8C9CACBCCCDCECF

D0D1D2D3D4D5D6D7

D8D9DADBDCDDDEDF

E0E1E2E3E4E5E6E7

E8E9EAEBECEDEEEF

F0F1F2F3F4F5F6F7

F8F9FAFBFCFDFEFF


2-6

INSTRUCTION FORMAT

Table 2-3 is organized similarly to Tables 2-1 and 2-2, except that its body gives the 256 possiblevalues of the SIB byte, in hexadecimal. Which of the 8 general-purpose registers will be used asbase is indicated across the top of the table, along with the corresponding values of the base field(bits 0, 1 and 2) in decimal and binary. The rows indicate which register is used as the index(determined by bits 3, 4 and 5) along with the scaling factor (determined by bits 6 and 7).

NOTE:1. The [*] nomenclature means a disp32 with no base if MOD is 00, [EBP] otherwise. This provides the

following addressing modes:

disp32[index] (MOD=00).disp8[EBP][index] (MOD=01).disp32[EBP][index] (MOD=10).

Table 2-3. 32-Bit Addressing Forms with the SIB Byter32Base =Base =

EAX0000

ECX1001

EDX2010

EBX3011

ESP4100

[*]5101

ESI6110

EDI7111

Scaled Index SS Index Value of SIB Byte (in Hexadecimal)[EAX][ECX][EDX][EBX]none[EBP][ESI][EDI]

00 000001010011100101110111

0008101820283038

0109111921293139

020A121A222A323A

030B131B232B333B

040C141C242C343C

050D151D252D353D

060E161E262E363E

070F171F272F373F

[EAX*2][ECX*2][EDX*2][EBX*2]none[EBP*2][ESI*2][EDI*2]

01 000001010011100101110111

4048505860687078

4149515961697179

424A525A626A727A

434B535B636B737B

444C545C646C747C

454D555D656D757D

464E565E666E767E

474F575F676F777F


10 000001010011100101110111

80889098A0A8B0B8

81899189A1A9B1B9

828A929AA2AAB2BA

838B939BA3ABB3BB

848C949CA4ACB4BC

858D959DA5ADB5BD

868E969EA6AEB6BE

878F979FA7AFB7BF


11 000001010011100101110111

C0C8D0D8E0E8F0F8

C1C9D1D9E1E9F1F9

C2CAD2DAE2EAF2FA

C3CBD3DBE3EBF3FB

C4CCD4DCE4ECF4FC

C5CDD5DDE5EDF5FD

C6CED6DEE6EEF6FE

C7CFD7DFE7EFF7FF


3Instruction Set Reference


3-1

CHAPTER 3INSTRUCTION SET REFERENCE

This chapter describes the complete Intel Architecture instruction set, including the integer,floating-point, MMX technology, and system instructions. The instruction descriptions arearranged in alphabetical order. For each instruction, the forms are given for each operand combi-nation, including the opcode, operands required, and a description. Also given for each instruc-tion are a description of the instruction and its operands, an operational description, a descriptionof the effect of the instructions on flags in the EFLAGS register, and a summary of the excep-tions that can be generated.

3.1. INTERPRETING THE INSTRUCTION REFERENCE PAGESThis section describes the information contained in the various sections of the instruction refer-ence pages that make up the majority of this chapter. It also explains the notational conventionsand abbreviations used in these sections.

3.1.1. Instruction FormatThe following is an example of the format used for each Intel Architecture instruction descrip-tion in this chapter:

CMCComplement Carry Flag

3.1.1.1. OPCODE COLUMNThe Opcode column gives the complete object code produced for each form of the instruction.When possible, the codes are given as hexadecimal bytes, in the same order in which they appearin memory. Definitions of entries other than hexadecimal bytes are as follows:

/digitA digit between 0 and 7 indicates that the ModR/M byte of the instruction usesonly the r/m (register or memory) operand. The reg field contains the digit that provides anextension to the instruction's opcode.

/rIndicates that the ModR/M byte of the instruction contains both a register operand andan r/m operand.

Opcode Instruction DescriptionF5 CMC Complement carry flag


3-2

INSTRUCTION SET REFERENCE

cb, cw, cd, cpA 1-byte (cb), 2-byte (cw), 4-byte (cd), or 6-byte (cp) value following theopcode that is used to specify a code offset and possibly a new value for the code segmentregister.

ib, iw, idA 1-byte (ib), 2-byte (iw), or 4-byte (id) immediate operand to the instructionthat follows the opcode, ModR/M bytes or scale-indexing bytes. The opcode determines ifthe operand is a signed value. All words and doublewords are given with the low-order bytefirst.

+rb, +rw, +rdA register code, from 0 through 7, added to the hexadecimal byte given atthe left of the plus sign to form a single opcode byte. The register codes are given in Table3-1.

+iA number used in floating-point instructions when one of the operands is ST(i) fromthe FPU register stack. The number i (which can range from 0 to 7) is added to thehexadecimal byte given at the left of the plus sign to form a single opcode byte.

3.1.1.2. INSTRUCTION COLUMNThe Instruction column gives the syntax of the instruction statement as it would appear in anASM386 program. The following is a list of the symbols used to represent operands in theinstruction statements:

rel8A relative address in the range from 128 bytes before the end of the instruction to127 bytes after the end of the instruction.

rel16 and rel32A relative address within the same code segment as the instructionassembled. The rel16 symbol applies to instructions with an operand-size attribute of 16bits; the rel32 symbol applies to instructions with an operand-size attribute of 32 bits.

ptr16:16 and ptr16:32A far pointer, typically in a code segment different from that ofthe instruction. The notation 16:16 indicates that the value of the pointer has two parts. Thevalue to the left of the colon is a 16-bit selector or value destined for the code segmentregister. The value to the right corresponds to the offset within the destination segment.

Table 3-1. Register Encodings Associated with the +rb, +rw, and +rd Nomenclaturerb rw rd

AL = 0 AX = 0 EAX = 0

CL = 1 CX = 1 ECX = 1DL = 2 DX = 2 EDX = 2

BL = 3 BX = 3 EBX = 3

rb rw rd

AH = 4 SP = 4 ESP = 4CH = 5 BP = 5 EBP = 5

DH = 6 SI = 6 ESI = 6BH = 7 DI = 7 EDI = 7


3-3


The ptr16:16 symbol is used when the instruction's operand-size attribute is 16 bits; theptr16:32 symbol is used when the operand-size attribute is 32 bits.

r8One of the byte general-purpose registers AL, CL, DL, BL, AH, CH, DH, or BH. r16One of the word general-purpose registers AX, CX, DX, BX, SP, BP, SI, or DI. r32One of the doubleword general-purpose registers EAX, ECX, EDX, EBX, ESP, EBP,

ESI, or EDI.

imm8An immediate byte value. The imm8 symbol is a signed number between 128and +127 inclusive. For instructions in which imm8 is combined with a word ordoubleword operand, the immediate value is sign-extended to form a word or doubleword.The upper byte of the word is filled with the topmost bit of the immediate value.

imm16An immediate word value used for instructions whose operand-size attribute is16 bits. This is a number between 32,768 and +32,767 inclusive.

imm32An immediate doubleword value used for instructions whose operand-size attribute is 32 bits. It allows the use of a number between +2,147,483,647 and2,147,483,648 inclusive.

r/m8A byte operand that is either the contents of a byte general-purpose register (AL,BL, CL, DL, AH, BH, CH, and DH), or a byte from memory.

r/m16A word general-purpose register or memory operand used for instructions whoseoperand-size attribute is 16 bits. The word general-purpose registers are: AX, BX, CX,DX, SP, BP, SI, and DI. The contents of memory are found at the address provided by theeffective address computation.

r/m32A doubleword general-purpose register or memory operand used for instructionswhose operand-size attribute is 32 bits. The doubleword general-purpose registers are:EAX, EBX, ECX, EDX, ESP, EBP, ESI, and EDI. The contents of memory are found at theaddress provided by the effective address computation.

mA 16- or 32-bit operand in memory. m8A byte operand in memory, usually expressed as a variable or array name, but

pointed to by the DS:(E)SI or ES:(E)DI registers. This nomenclature is used only with thestring instructions and the XLAT instruction.

m16A word operand in memory, usually expressed as a variable or array name, butpointed to by the DS:(E)SI or ES:(E)DI registers. This nomenclature is used only with thestring instructions.

m32A doubleword operand in memory, usually expressed as a variable or array name,but pointed to by the DS:(E)SI or ES:(E)DI registers. This nomenclature is used only withthe string instructions.

m64A memory quadword operand in memory. This nomenclature is used only with theCMPXCHG8B instruction.


3-4


m16:16, m16:32A memory operand containing a far pointer composed of two numbers.The number to the left of the colon corresponds to the pointer's segment selector. Thenumber to the right corresponds to its offset.

m16&32, m16&16, m32&32A memory operand consisting of data item pairs whosesizes are indicated on the left and the right side of the ampersand. All memory addressingmodes are allowed. The m16&16 and m32&32 operands are used by the BOUNDinstruction to provide an operand containing an upper and lower bounds for array indices.The m16&32 operand is used by LIDT and LGDT to provide a word with which to loadthe limit field, and a doubleword with which to load the base field of the correspondingGDTR and IDTR registers.

moffs8, moffs16, moffs32A simple memory variable (memory offset) of type byte,word, or doubleword used by some variants of the MOV instruction. The actual address isgiven by a simple offset relative to the segment base. No ModR/M byte is used in theinstruction. The number shown with moffs indicates its size, which is determined by theaddress-size attribute of the instruction.

SregA segment register. The segment register bit assignments are ES=0, CS=1, SS=2,DS=3, FS=4, and GS=5.

m32real, m64real, m80realA single-, double-, and extended-real (respectively)floating-point operand in memory.

m16int, m32int, m64intA word-, short-, and long-integer (respectively) floating-pointoperand in memory.

ST or ST(0)The top element of the FPU register stack. ST(i)The ith element from the top of the FPU register stack. (i = 0 through 7) mmAn MMX register. The 64-bit MMX registers are: MM0 through MM7. mm/m32The low order 32 bits of an MMX register or a 32-bit memory operand. The

64-bit MMX registers are: MM0 through MM7. The contents of memory are found at theaddress provided by the effective address computation.

mm/m64An MMX register or a 64-bit memory operand. The 64-bit MMX registers are:MM0 through MM7. The contents of memory are found at the address provided by theeffective address computation.

3.1.1.3. DESCRIPTION COLUMNThe Description column following the Instruction column briefly explains the various formsof the instruction. The following Description and Operation sections contain more detailsof the instruction's operation.

3.1.1.4. DESCRIPTIONThe Description section describes the purpose of the instructions and the required operands.It also discusses the effect of the instruction on flags.


3-5


3.1.2. OperationThe Operation section contains an algorithmic description (written in pseudo-code) of theinstruction. The pseudo-code uses a notation similar to the Algol or Pascal language. The algo-rithms are composed of the following elements:

Comments are enclosed within the symbol pairs (* and *). Compound statements are enclosed in keywords, such as IF, THEN, ELSE, and FI for an if

statement, DO and OD for a do statement, or CASE ... OF and ESAC for a case statement.

A register name implies the contents of the register. A register name enclosed in bracketsimplies the contents of the location whose address is contained in that register. Forexample, ES:[DI] indicates the contents of the location whose ES segment relative addressis in register DI. [SI] indicates the contents of the address contained in register SI relativeto SIs default segment (DS) or overridden segment.

Parentheses around the E in a general-purpose register name, such as (E)SI, indicatesthat an offset is read from the SI register if the current address-size attribute is 16 or is readfrom the ESI register if the address-size attribute is 32.

Brackets are also used for memory operands, where they mean that the contents of thememory location is a segment-relative offset. For example, [SRC] indicates that thecontents of the source operand is a segment-relative offset.

A B; indicates that the value of B is assigned to A.

The symbols =, , , and are relational operators used to compare two values, meaningequal, not equal, greater or equal, less or equal, respectively. A relational expression suchas A = B is TRUE if the value of A is equal to B; otherwise it is FALSE.

The expression > COUNT indicates that the destination operandshould be shifted left or right, respectively, by the number of bits indicated by the countoperand.

The following identifiers are used in the algorithmic descriptions: OperandSize and AddressSizeThe OperandSize identifier represents the operand-size

attribute of the instruction, which is either 16 or 32 bits. The AddressSize identifierrepresents the address-size attribute, which is either 16 or 32 bits. For example, thefollowing pseudo-code indicates that the operand-size attribute depends on the form of theCMPS instruction used.IF instruction = CMPSW

THEN OperandSize 16;ELSE

IF instruction = CMPSDTHEN OperandSize 32;

FI;FI;


3-6


See Operand-Size and Address-Size Attributes in Chapter 3 of the Intel ArchitectureSoftware Developers Manual, Volume 1, for general guidelines on how these attributesare determined.

StackAddrSizeRepresents the stack address-size attribute associated with theinstruction, which has a value of 16 or 32 bits (see Address-Size Attribute for Stack inChapter 4 of the Intel Architecture Software Developers Manual, Volume 1).

SRCRepresents the source operand. DESTRepresents the destination operand.The following functions are used in the algorithmic descriptions:

ZeroExtend(value)Returns a value zero-extended to the operand-size attribute of theinstruction. For example, if the operand-size attribute is 32, zero extending a byte value of10 converts the byte from F6H to a doubleword value of 000000F6H. If the value passedto the ZeroExtend function and the operand-size attribute are the same size, ZeroExtendreturns the value unaltered.

SignExtend(value)Returns a value sign-extended to the operand-size attribute of theinstruction. For example, if the operand-size attribute is 32, sign extending a bytecontaining the value 10 converts the byte from F6H to a doubleword value ofFFFFFFF6H. If the value passed to the SignExtend function and the operand-size attributeare the same size, SignExtend returns the value unaltered.

SaturateSignedWordToSignedByteConverts a signed 16-bit value to a signed 8-bitvalue. If the signed 16-bit value is less than 128, it is represented by the saturated value 128 (80H); if it is greater than 127, it is represented by the saturated value 127 (7FH).

SaturateSignedDwordToSignedWordConverts a signed 32-bit value to a signed 16-bitvalue. If the signed 32-bit value is less than 32768, it is represented by the saturated value32768 (8000H); if it is greater than 32767, it is represented by the saturated value 32767(7FFFH).

SaturateSignedWordToUnsignedByteConverts a signed 16-bit value to an unsigned8-bit value. If the signed 16-bit value is less than zero, it is represented by the saturatedvalue zero (00H); if it is greater than 255, it is represented by the saturated value 255(FFH).

SaturateToSignedByteRepresents the result of an operation as a signed 8-bit value. Ifthe result is less than 128, it is represented by the saturated value 128 (80H); if it isgreater than 127, it is represented by the saturated value 127 (7FH).

SaturateToSignedWordRepresents the result of an operation as a signed 16-bit value. Ifthe result is less than 32768, it is represented by the saturated value 32768 (8000H); if itis greater than 32767, it is represented by the saturated value 32767 (7FFFH).

SaturateToUnsignedByteRepresents the result of an operation as a signed 8-bit value.If the result is less than zero it is represented by the saturated value zero (00H); if it isgreater than 255, it is represented by the saturated value 255 (FFH).


3-7


SaturateToUnsignedWordRepresents the result of an operation as a signed 16-bitvalue. If the result is less than zero it is represented by the saturated value zero (00H); if itis greater than 65535, it is represented by the saturated value 65535 (FFFFH).

LowOrderWord(DEST * SRC)Multiplies a word operand by a word operand andstores the least significant word of the doubleword result in the destination operand.

HighOrderWord(DEST * SRC)Multiplies a word operand by a word operand andstores the most significant word of the doubleword result in the destination operand.

Push(value)Pushes a value onto the stack. The number of bytes pushed is determined bythe operand-size attribute of the instruction. See the Operation section in PUSHPushWord or Doubleword Onto the Stack in this chapter for more information on the pushoperation.

Pop() removes the value from the top of the stack and returns it. The statement EAX Pop(); assigns to EAX the 32-bit value from the top of the stack. Pop will return either aword or a doubleword depending on the operand-size attribute. See the Operation sectionin Chapter 3, POPPop a Value from the Stack for more information on the popoperation.

PopRegisterStackMarks the FPU ST(0) register as empty and increments the FPUregister stack pointer (TOP) by 1.

Switch-TasksPerforms a standard task switch. Bit(BitBase, BitOffset)Returns the value of a bit within a bit string, which is a sequence

of bits in memory or a register. Bits are numbered from low-order to high-order withinregisters and within memory bytes. If the base operand is a register, the offset can be in therange 0..31. This offset addresses a bit within the indicated register. An example, thefunction Bit[EAX, 21] is illustrated in Figure 3-1.

If BitBase is a memory address, BitOffset can range from 2 GBits to 2 GBits. Theaddressed bit is numbered (Offset MOD 8) within the byte at address (BitBase + (BitOffsetDIV 8)), where DIV is signed division with rounding towards negative infinity, and MODreturns a positive number. This operation is illustrated in Figure 3-2.

Figure 3-1. Bit Offset for BIT[EAX,21]

02131

BitOffset = 21


3-8


3.1.3. Flags AffectedThe Flags Affected section lists the flags in the EFLAGS register that are affected by theinstruction. When a flag is cleared, it is equal to 0; when it is set, it is equal to 1. The arithmeticand logical instructions usually assign values to the status flags in a uniform manner (seeAppendix A, EFLAGS Cross-Reference, in the Intel Architecture Software Developers Manual,Volume 1). Non-conventional assignments are described in the Operation section. The valuesof flags listed as undefined may be changed by the instruction in an indeterminate manner. Flagsthat are not listed are unchanged by the instruction.

3.1.4. FPU Flags AffectedThe floating-point instructions have an FPU Flags Affected section that describes how eachinstruction can affect the four condition code flags of the FPU status word.

3.1.5. Protected Mode ExceptionsThe Protected Mode Exceptions section lists the exceptions that can occur when the instruc-tion is executed in protected mode and the reasons for the exceptions. Each exception is given amnemonic that consists of a pound sign (#) followed by two letters and an optional error codein parentheses. For example, #GP(0) denotes a general protection exception with an error codeof 0. Table 3-2 associates each two-letter mnemonic with the corresponding interrupt vectornumber and exception name. See Chapter 5, Interrupt and Exception Handling, in the IntelArchitecture Software Developers Manual, Volume 3, for a detailed description of the excep-tions.

Application programmers should consult the documentation provided with their operatingsystems to determine the actions taken when exceptions occur.

Figure 3-2. Memory Bit Indexing

BitBase + 1

0777 5 0 0

BitBase 2

0777 50 0

BitBase BitBase 1

BitOffset = +13

BitOffset =

BitBase 1BitBase


intel 486 software developers instruction set

Documents