ALP Programming Guide and Reference/Processor Reference: Difference between revisions

This chapter presents an overview of the instruction set and lists the complete instruction set in alphabetical order. For each instruction, the forms are given for each operand combination, including object code produced, operands required, execution time, and a description. For each instruction, there is an operational description and a summary of exceptions generated.

Intel Instruction Set Overview

This section contains an introduction to the Intel instruction set and presents the terminology necessary to understand the encoding and operation of each individual instruction.

Operand-Size and Address-Size Attributes

When executing an instruction, the processor can address memory using either 16 or 32-bit addresses. Consequently, each instruction that uses memory addresses has associated with it an address-size attribute of either 16 or 32 bits. The use of 16-bit addresses implies both the use of 16-bit displacements in instructions and the generation of 16-bit address offsets (segment relative addresses) as the result of the effective address calculations. 32-bit addresses imply the use of 32-bit displacements and the generation of 32-bit address offsets. Similarly, an instruction that accesses words (16 bits) or doublewords (32 bits) has an operand-size attribute of either 16 or 32 bits.

The attributes are determined by a combination of defaults, instruction prefixes, and (for programs executing in protected mode) size-specification bits in segment descriptors.

Default Segment Attribute

For programs running in protected mode, the D bit in executable-segment descriptors specifies the default attribute for both address size and operand size. These default attributes apply to the execution of all instructions in the segment. A clear D bit sets the default address size and operand size to 16 bits; a set D bit, to 32 bits.

Programs that execute in real mode or virtual-8086 mode have 16-bit addresses and operands by default.

Operand-Size and Address-Size Instruction Prefixes

The internal encoding of an instruction can include two byte-long prefixes: the address-size prefix, 67H, and the operand-size prefix, 66H. (A later section, "Instruction Format", shows the position of the prefixes in an instruction's encoding.) These prefixes override the default segment attributes for the instruction that follows. The following table shows the effect of each possible combination of defaults and overrides.

Y = Yes, this instruction prefix is present

N = No, this instruction prefix is not present

Address-Size Attribute for Stack

Instructions that use the stack implicitly (for example: POP EAX) also have a stack address-size attribute of either 16 or 32 bits. Instructions with a stack address-size attribute of 16 use the 16-bit SP stack pointer register; instructions with a stack address-size attribute of 32 bits use the 32-bit ESP register to form the address of the top of the stack.

The stack address-size attribute is controlled by the B bit of the data-segment descriptor in the SS register. A value of zero in the B bit selects a stack address-size attribute of 16; a value of one selects a stack address-size attribute of 32.

Instruction Format

All instruction encodings are subsets of the general instruction format shown in the following figure. Instructions consist of optional instruction prefixes (in any order), one or two primary opcode bytes, possibly an address specifier consisting of the ModR/M byte and the SIB (Scale Index Base) byte, a displacement, if required, and an immediate data field, if required.

Smaller encoding fields can be defined within the primary opcode or opcodes. These fields define the direction of the operation, the size of the displacements, the register encoding, or sign extension; encoding fields vary depending on the class of operation.

Most instructions that can refer to an operand in memory have an addressing form byte following the primary opcode byte(s). This byte, called the ModR/M byte, specifies the address form to be used. Certain encodings of the ModR/M byte indicate a second addressing byte, the SIB (Scale Index Base) byte, which follows the ModR/M byte and is required to fully specify the addressing form.

Addressing forms can include a displacement immediately following either the ModR/M or SIB byte. If a displacement is present, it can be 8-, 16- or 32-bits.

If the instruction specifies an immediate operand, the immediate operand always follows any displacement bytes. The immediate operand, if specified, is always the last field of the instruction.

Zero or one bytes are reserved for each group of prefixes. The prefixes are grouped as follows:

1. Instruction Prefixes: REP, REPE/REPZ, REPNE/REPNZ, LOCK
2. Segment Override Prefixes: CS, SS, DS, ES, FS, GS
3. Operand Size Override
4. Address Size Override

For each instruction, one prefix may be used from each group. The effect of redundant prefixes (more than one prefix from a group) is undefined and may vary from processor to processor. The prefixes may come in any order.

The following are the allowable instruction prefix codes:

F3H     REP prefix (used only with string instructions)
F3H     REPE/REPZ prefix (used only with string instructions)
F2H     REPNE/REPNZ prefix (used only with string instructions)
F0H     LOCK prefix

The following are the segment override prefixes:

2EH     CS segment override prefix 
36H     SS segment override prefix 
3EH     DS segment override prefix 
26H     ES segment override prefix 
64H     FS segment override prefix 
65H     GS segment override prefix 
66H     Operand-size override 
67H     Address-size override

ModR/M and SIB Bytes

The ModR/M and SIB bytes follow the opcode byte(s) in many of the processor instructions. They contain the following information:

• The indexing type or register number to be used in the instruction
• The register to be used, or more information to select the instruction
• The base, index, and scale information

The ModR/M byte contains three fields of information:

• The mod field, which occupies the two most significant bits of the byte, combines with the r/m field to form 32 possible values: eight registers and 24 indexing modes.
• The reg field, which occupies the next three bits following the mod field, specifies either a register number or three more bits of opcode information. The meaning of the reg field is determined by the first (opcode) byte of the instruction.
• The r/m field, which occupies the three least significant bits of the byte, can specify a register as the location of an operand, or can form part of the addressing-mode encoding in combination with the mod field as described above.

The based indexed forms of 32-bit addressing require the SIB byte. The presence of the SIB byte is indicated by certain encodings of the ModR/M byte. The SIB byte then includes the following fields:

• The ss field, which occupies the two most significant bits of the byte, specifies the scale factor.
• The index field, which occupies the next three bits following the ss field and specifies the register number of the index register.
• The base field, which occupies the three least significant bits of the byte, specifies the register number of the base register.

ModR/M and SIB Byte Formats

                 MODR/M BYTE
    7     6    5     4     3   2    1     0
  ┌──────────┬────────────────┬──────────────┐
  │  MOD     │   REG/OPCODE   │     R/M      │
  └──────────┴────────────────┴──────────────┘

           SIB (SCALE INDEX BASE) BYTE
    7     6    5     4     3   2    1     0
  ┌──────────┬────────────────┬──────────────┐
  │    SS    │     INDEX      │     BASE     │
  └──────────┴────────────────┴──────────────┘

16-Bit Addressing Forms with the ModR/M Byte

Notes:

1. disp8 denotes an 8-bit displacement following the ModR/M byte, to be sign-extended and added to the index.
2. disp16 denotes a 16-bit displacement following the ModR/M byte, to be added to the index. Default segment register is SS for the effective addresses containing a BP index, DS for other effective addresses.

32-Bit Addressing Forms with the ModR/M Byte

[EAX]         | 00  |  000  | 00  | 08  | 10  | 18  | 20  | 28  | 30  | 38
[ECX]         |     |  001  | 01  | 09  | 11  | 19  | 21  | 29  | 31  | 39
[EDX]         |     |  010  | 02  | 0A  | 12  | 1A  | 22  | 2A  | 32  | 3A
[EBX]         |     |  011  | 03  | 0B  | 13  | 1B  | 23  | 2B  | 33  | 3B
[--][--]      |     |  100  | 04  | 0C  | 14  | 1C  | 24  | 2C  | 34  | 3C
disp32        |     |  101  | 05  | 0D  | 15  | 1D  | 25  | 2D  | 35  | 3D
[ESI]         |     |  110  | 06  | 0E  | 16  | 1E  | 26  | 2E  | 36  | 3E
[EDI]         |     |  111  | 07  | 0F  | 17  | 1F  | 27  | 2F  | 37  | 3F

disp8[EAX]    | 01  |  000  | 40  | 48  | 50  | 58  | 60  | 68  | 70  | 78
disp8[ECX]    |     |  001  | 41  | 49  | 51  | 59  | 61  | 69  | 71  | 79
disp8[EDX]    |     |  010  | 42  | 4A  | 52  | 5A  | 62  | 6A  | 72  | 7A
disp8[EBX]    |     |  011  | 43  | 4B  | 53  | 5B  | 63  | 6B  | 73  | 7B
disp8[--][--] |     |  100  | 44  | 4C  | 54  | 5C  | 64  | 6C  | 74  | 7C
disp8[EBP]    |     |  101  | 45  | 4D  | 55  | 5D  | 65  | 6D  | 75  | 7D
disp8[ESI]    |     |  110  | 46  | 4E  | 56  | 5E  | 66  | 6E  | 76  | 7E
disp8[EDI]    |     |  111  | 47  | 4F  | 57  | 5F  | 67  | 6F  | 77  | 7F

disp32[EAX]   | 10  |  000  | 80  | 88  | 90  | 98  | A0  | A8  | B0  | B8
disp32[ECX]   |     |  001  | 81  | 89  | 91  | 99  | A1  | A9  | B1  | B9
disp32[EDX]   |     |  010  | 82  | 8A  | 92  | 9A  | A2  | AA  | B2  | BA
disp32[EBX]   |     |  011  | 83  | 8B  | 93  | 9B  | A3  | AB  | B3  | BB
disp32[--][--]|     |  100  | 84  | 8C  | 94  | 9C  | A4  | AC  | B4  | BC
disp32[EBP]   |     |  101  | 85  | 8D  | 95  | 9D  | A5  | AD  | B5  | BD
disp32[ESI]   |     |  110  | 86  | 8E  | 96  | 9E  | A6  | AE  | B6  | BE
disp32[EDI]   |     |  111  | 87  | 8F  | 97  | 9F  | A7  | AF  | B7  | BF

EAX/AX/AL     | 11  |  000  | C0  | C8  | D0  | D8  | E0  | E8  | F0  | F8
ECX/CX/CL     |     |  001  | C1  | C9  | D1  | D9  | E1  | E9  | F1  | F9
EDX/DX/DL     |     |  010  | C2  | CA  | D2  | DA  | E2  | EA  | F2  | FA
EBX/BX/BL     |     |  011  | C3  | CB  | D3  | DB  | E3  | EB  | F3  | FB
ESP/SP/AH     |     |  100  | C4  | CC  | D4  | DC  | E4  | EC  | F4  | FC
EBP/BP/CH     |     |  101  | C5  | CD  | D5  | DD  | E5  | ED  | F5  | FD
ESI/SI/DH     |     |  110  | C6  | CE  | D6  | DE  | E6  | EE  | F6  | FE
EDI/DI/BH     |     |  111  | C7  | CF  | D7  | DF  | E7  | EF  | F7  | FF

Notes:

1. [--][--] means a SIB follows the ModR/M byte.
2. disp8 denotes an 8-bit displacement following the SIB byte, to be sign-extended and added to the index.
3. disp32 denotes a 32-bit displacement following the SIB byte, to be added to the index.

32-Bit Addressing Forms with the SIB Byte

Notes: [*] means a disp32 with no base if MOD is 00, [EBP] otherwise. This provides the following addressing modes:

disp32[index]           (MOD=00)
disp8[EBP][index]       (MOD=01)
disp32[EBP][index]      (MOD=10)

How to Read the Instruction Set Pages

The following sections describe how to interpret the description pages for each instruction listed in the Intel Instruction Set section. Each instruction family is introduced by a descriptive heading such as the following:

CMC-Complement Carry Flag

Each instruction family may be accompanied by descriptive sections labeled as follows: Details Table, Operation, Flags Affected, Protected Mode Exceptions, Real Address Mode Exceptions, Virtual-8086 Mode Exceptions, and optionally, a Notes section. The following sections explain the notational conventions and abbreviations used in these paragraphs of the instruction descriptions.

Details Table

For each instruction family, a table is given to list the details of each individual instruction. The following is an example of this table:

The Encoding, Instruction, and Description columns are described in the following sections. The columns labeled 0, 1, 2, 3, 4, and 5 are collectively described in the Clocks section. A timing entry appearing in one of these columns is an indication that the associated processor implements that particular instruction variation. The column names are abbreviated, and are described as follows:

0 The 8088/8086/8087 Processor Family

1 The 80186/8087 Processor Family

2 The 80286/80287 Processor Family

3 The 80386/80387 Processor Family

4 The 80486 Processor Family

5 The Pentium Processor Family

Encoding Column

The "Encoding" column gives the complete object code produced for each form of the instruction. When possible, the codes are given as hexadecimal bytes, in the same order in which they appear in memory. Definitions of entries other than hexadecimal bytes are as follows:

• /digit: (digit is between 0 and 7) indicates that the ModR/M byte of the instruction uses only the r/m (register or memory) operand. The reg field contains the digit that provides an extension to the instruction's opcode.
• /r: indicates that the ModR/M byte of the instruction contains both a register operand and an r/m operand.
• cb, cw, cd, cp: a 1-byte (cb), 2-byte (cw), 4-byte (cd) or 6-byte (cp) value following the opcode that is used to specify a code offset and possibly a new value for the code segment register.
• ib, iw, id: a 1-byte (ib), 2-byte (iw), or 4-byte (id) immediate operand to the instruction that follows the opcode, ModR/M bytes or scale-indexing bytes. The opcode determines if the operand is a signed value. All words and doublewords are given with the low-order byte first.
• +rb, +rw, +rd: a register code, from 0 through 7, added to the hexadecimal byte given at the left of the plus sign to form a single opcode byte. The codes are:

• +i: used in floating-point instructions when one of the operands is ST(i) from the FPU register stack. The number i (which can range from 0 to 7) is added to the hexadecimal byte given at the left of the plus sign to form a single opcode byte.

Instruction Column

The "Instruction" column gives the syntax of the instruction statement as it would appear in an assembler program. The following is a list of the symbols used to represent operands in the instruction statements:

rel8

A relative address in the range from 128 bytes before the end of the instruction to 127 bytes after the end of the instruction.

rel16

A relative address in the range from 32768 bytes before the end of the instruction to 32767 bytes after the end of the instruction. Applies to instructions with an operand-size attribute of 16 bits, and must be within the same code segment as the instruction assembled.

rel32

A relative address in the range from 2147483648 bytes before the end of the instruction to 2147483647 bytes after the end of the instruction. Applies to instructions with an operand-size attribute of 32 bits, and must be within the same code segment as the instruction assembled.

ptr16

16

A far pointer, typically in a code segment different from that of the instruction. The notation 16:16 indicates that the value of the pointer has two parts. The value to the left of the colon is a 16-bit selector or value destined for the code segment register. The value to the right reflects the operand-size attribute of the instruction (16 bits) and corresponds to the offset within the destination segment.

ptr16

32

A far pointer, typically in a code segment different from that of the instruction. The notation 16:32 indicates that the value of the pointer has two parts. The value to the left of the colon is a 16-bit selector or value destined for the code segment register. The value to the right reflects the operand-size attribute of the instruction (32 bits) and corresponds to the offset within the destination segment.

r8

One of the byte registers AL, CL, DL, BL, AH, CH, DH, or BH.

r16

One of the word registers AX, CX, DX, BX, SP, BP, SI, or DI.

r32

One of the doubleword registers EAX, ECX, EDX, EBX, ESP, EBP, ESI, or EDI.

imm8

An immediate byte value. imm8 is a signed number between -128 and +127 inclusive. For instructions in which imm8 is combined with a word or doubleword operand, the immediate value is sign-extended to form a word or doubleword. The upper byte of the word is filled with the topmost bit of the immediate value.

imm16

An immediate word value used for instructions whose operand-size attribute is 16 bits. This is a number between -32768 and +32767 inclusive.

imm32

An immediate doubleword value used for instructions whose operand-size attribute is 32-bits. It allows the use of a number between +2147483647 and -2147483648 inclusive.

r/m8

A one-byte operand that is either the contents of a byte register (AL, BL, CL, DL, AH, BH, CH, DH), or a byte from memory.

r/m16

A word register or memory operand used for instructions whose operand-size attribute is 16 bits. The word registers are: AX, BX, CX, DX, SP, BP, SI, DI. The contents of memory are found at the address provided by the effective address computation.

r/m32

A doubleword register or memory operand used for instructions whose operand-size attribute is 32-bits. The doubleword registers are: EAX, EBX, ECX, EDX, ESP, EBP, ESI, EDI. The contents of memory are found at the address provided by the effective address computation.

r/m64

A quadword register or memory operand used for instructions whose operand- size attribute is 64-bits. The reg/opcode field represents the opcode. The contents of memory are found at the address provided by the effective address computation.

m

A 16 or 32-bit memory operand.

m8

A memory byte addressed by DS:[E]SI or ES:[E]DI (used only by string instructions).

m16

A memory word addressed by DS:[E]SI or ES:[E]DI (used only by string instructions).

m32

A memory doubleword addressed by DS:[E]SI or ES:[E]DI (used only by string instructions).

m16

16

A memory operand containing a far pointer composed of two numbers. The number to the left of the colon corresponds to the pointer's segment selector. The number to the right corresponds to its offset.

m16

32

A memory operand containing a far pointer composed of two numbers. The number to the left of the colon corresponds to the pointer's segment selector. The number to the right corresponds to its offset.

m16&16

A memory operand consisting of data item pairs whose sizes are indicated on the left and the right side of the ampersand. All memory addressing modes are allowed. Used by the BOUND instruction to provide an operand containing an upper and lower bounds for array indices.

m16&32

A memory operand consisting of data item pairs whose sizes are indicated on the left and the right side of the ampersand. All memory addressing modes are allowed. Used by the by LIDT and LGDT to provide a word with which to load the limit field, and a doubleword with which to load the base field of the corresponding Global and Interrupt Descriptor Table Registers.

m32&32

A memory operand consisting of data item pairs whose sizes are indicated on the left and the right side of the ampersand. All memory addressing modes are allowed. Used by the BOUND instruction to provide an operand containing an upper and lower bounds for array indices.

moffs8

The memory offset of a BYTE variable used in some variants of the MOV instruction. The actual address is given by a simple offset relative to the segment base. No ModR/M byte is used in the instruction. The address- size attribute of the instruction determines the size of the offset data.

moffs16

The memory offset of a WORD variable used in some variants of the MOV instruction. The actual address is given by a simple offset relative to the segment base. No ModR/M byte is used in the instruction. The address- size attribute of the instruction determines the size of the offset data.

moffs32

The memory offset of a DWORD variable used in some variants of the MOV instruction. The actual address is given by a simple offset relative to the segment base. No ModR/M byte is used in the instruction. The address- size attribute of the instruction determines the size of the offset data.

Sreg

A segment register. The segment register bit assignments are ES=0, CS=1, SS=2, DS=3, FS=4, and GS=5.

m32real

A single-precision floating-point operand in memory.

m64real

A double-precision floating-point operand in memory.

m80real

An extended-precision floating-point operand in memory.

m80bcd

A 80 byte binary-coded decimal operand in memory.

m16int

A word integer operand in memory. Used in some floating-point instructions.

m32int

A short integer operand in memory. Used in some floating-point instructions.

m64int

A long integer operand in memory. Used in some floating-point instructions.

m14byte

A 14-byte floating-point operand in memory.

m28byte

A 28-byte floating-point operand in memory.

m94byte

A 94-byte floating-point operand in memory.

m108byte

A 108-byte floating-point operand in memory.

ST or ST(0)

Top element of the FPU register stack.

ST(i)

ith element from the top of the FPU register stack. (i=0..7)

Clocks Columns

Each "Clocks" column gives the approximate number of clock cycles the instruction takes to execute on that particular processor. The clock count calculations makes the following assumptions:

• Data and instruction accesses hit in the cache.
• The target of a jump instruction is in the cache.
• No invalidate cycles contend with the instruction for use of the cache.
• Page translation hits in the TLB.
• Memory operands are aligned.
• Effective address calculations use a base register which is not the destination register of the preceding instruction.
• No exceptions are detected during execution.
• There are no write-buffer delays.

The following symbols are used in the clock count specifications:

• n, which represents a number of repetitions.
• m, which represents the number of components in the next instruction executed, where the entire displacement (if any) counts as one component, the entire immediate data (if any) counts as one component, and every other byte of the instruction and prefix(es) each counts as one component.
• pm:, a clock count that applies when the instruction executes in Protected Mode. pm: is not given when the clock counts are the same for Protected and Real Address Modes.

When an exception occurs during the execution of an instruction and the exception handler is in another task, the instruction execution time is increased by the number of clocks to effect a task switch. This parameter depends on several factors:

• The type of TSS used to represent the new task (32 bit TSS or 16 bit TSS).
• Whether the current task is in V86 mode.
• Whether the new task is in V86 mode.
• Whether accesses hit in the cache.
• Whether a task gate on an interrupt/trap gate is used.

The following table summarizes the task switch times for exceptions, assuming cache hits and the use of task gates.

Task Switch Times for Exceptions

Description Column

The "Description" column following the "Clocks" columns briefly explains the various forms of the instruction. The "Operation" and "Description" sections contain more details of the instruction's operation.

Description

The "Description" section contains further explanation of the instruction's operation.

Operation

The "Operation" section contains an algorithmic description of the instruction which uses a notation similar to the Algol or Pascal language. The algorithms are composed of the following elements:

• Comments are enclosed within the symbol pairs "(*" and "*)".
• Compound statements are enclosed between the keywords of the "if" statement (IF, THEN, ELSE, FI) or of the "do" statement (DO, OD), or of the "case" statement (CASE ... OF, ESAC).
• Execution continues until the END statement is encountered.
• A register name implies the contents of the register. A register name enclosed in brackets implies the contents of the location whose address is contained in that register. For example, ES:[DI] indicates the contents of the location whose ES segment relative address is in register DI. [SI] indicates the contents of the address contained in register SI relative to SI's default segment (DS) or overridden segment.
• Brackets are also used for memory operands, where they mean that the contents of the memory location is a segment-relative offset. For example, [SRC] indicates that the contents of the source operand is a segment- relative offset.
• A ← B; indicates that the value of B is assigned to A.
• The symbols =, <>, ò, and ó are relational operators used to compare two values, meaning equal, not equal, greater or equal, less or equal, respectively. A relational expression such as A = B is TRUE if the value of A is equal to B; otherwise it is FALSE.
• A * B indicates that the value of A is multiplied by the value of B.

The following identifiers are used in the algorithmic descriptions:

• OperandSize represents the operand-size attribute of the instruction, which is either 16 or 32 bits. AddressSize represents the address-size attribute, which is either 16 or 32 bits. For example,

IF instruction = CMPSW
THEN OperandSize ← 16;
ELSE 
  IF instruction = CMPSD 
  THEN OperandSize ← 32;
  FI;
FI;

indicates that the operand-size attribute depends on the form of the CMPS instruction used. Refer to the explanation of address-size and operand-size attributes at the beginning of this chapter for general guidelines on how these attributes are determined.

• StackAddrSize represents the stack address-size attribute associated with the instruction, which has a value of 16 or 32 bits, as explained earlier in the chapter.
• SRC represents the source operand. When there are two operands, SRC is the one on the right.
• DEST represents the destination operand. When there are two operands, DEST is the one on the left.
• LeftSRC, RightSRC distinguishes between two operands when both are source operands.
• eSP represents either the SP register or the ESP register depending on the setting of the B-bit for the current stack segment.

The following functions are used in the algorithmic descriptions:

• Truncate to 16 bits(value) reduces the size of the value to fit in 16 bits by discarding the uppermost bits as needed.
• Addr(operand) returns the effective address of the operand (the result of the effective address calculation prior to adding the segment base).
• ZeroExtend(value) returns a value zero-extended to the operand-size attribute of the instruction. For example, if OperandSize = 32, ZeroExtend of a byte value of -10 converts the byte from F6H to doubleword with hexadecimal value 000000F6H. If the value passed to ZeroExtend and the operand-size attribute are the same size, ZeroExtend returns the value unaltered.
• SignExtend(value) returns a value sign-extended to the operand-size attribute of the instruction. For example, if OperandSize = 32, SignExtend of a byte containing the value -10 converts the byte from F6H to a doubleword with hexadecimal value FFFFFFF6H. If the value passed to SignExtend and the operand-size attribute are the same size, SignExtend returns the value unaltered.
• Push(value) pushes a value onto the stack. The number of bytes pushed is determined by the operand-size attribute of the instruction. The action of Push is as follows:

IF StackAddrSize = 16 
THEN 
  IF OperandSize = 16 
  THEN
     SP ← SP -2;
     SS:[SP] ← value; (* 2 bytes assigned starting at byte address in SP *)
  ELSE (* OperandSize = 32 *)
     SP ← SP -4;
     SS:[SP] ← value; (* 4 bytes assigned starting at byte address in SP *)
  FI;
ELSE (* StackAddrSize = 32 *)
  IF OperandSize = 16 
  THEN
  ESP ← ESP -2;
     SS:[ESP] ← value; (* 2 bytes assigned starting at byte address in ESP*)
  ELSE (* OperandSize = 32 *)
     ESP ← ESP -4;
     SS:[ESP] ← value; (* 4 bytes assigned starting at byte address in ESP*)
  FI;
FI;

• Pop(value) removes the value from the top of the stack and returns it. The statement EAX ← Pop( ); assigns to EAX the 32-bit value that Pop took from the top of the stack. Pop will return either a word or a doubleword depending on the operand-size attribute. The action of Pop is as follows:

IF StackAddrSize = 16 
THEN 
  IF OperandSize = 16 
  THEN
     ret val ← SS:[SP]; (* 2-byte value *)
     SP ← SP + 2;
  ELSE (* OperandSize = 32 *)
     ret val ← SS:[SP]; (* 4-byte value *)
     SP ← SP + 4;
  FI;
ELSE (* StackAddrSize = 32 *)
  IF OperandSize = 16 
  THEN
     ret val ← SS:[ESP]; (* 2 byte value *)
     ESP ← ESP + 2;
  ELSE (* OperandSize = 32 *)
     ret val ← SS:[ESP]; (* 4 byte value *)
     ESP ← ESP + 4;
  FI;
FI;
RETURN(ret val); (*returns a word or doubleword*)

Pop ST is used on floating-point instruction pages to mean pop the FPU register stack.

• Bit[BitBase, BitOffset] returns the value of a bit within a bit string, which is a sequence of bits in memory or a register. Bits are numbered from low-order to high-order within registers and within memory bytes. In memory, the two bytes of a word are stored with the low-order byte at the lower address.

If the base operand is a register, the offset can be in the range 0..31. This offset addresses a bit within the indicated register. An example, 'BIT [EAX, 21]' is illustrated in the following figure.

Bit Offset for BIT[EAX,21]

  31            21                            0
┌──────────────┬──┬────────────────────────────┐
└──────────────┴──┴────────────────────────────┘
                 ↑                             ↑
                 │                             │
                 └────────BITOFFSET=21─────────┘

If BitBase is a memory address, BitOffset can range from -2 gigabits to 2 gigabits. The addressed bit is numbered (Offset MOD 8) within the byte at address (BitBase + (BitOffset DIV 8)), where DIV is signed division with rounding towards negative infinity, and MOD returns a positive number. This is illustrated in the following figure.

Memory Bit Indexing

 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
 ┌──┬──┬────────┬────────────────┬──────────────┐
 └──┴──┴────────┴────────────────┴──────────────┘
 │  BITBASE+1   │    BITBASE     │   BITBASE-1  │
     ↑                           │
     └──────OFFSET=+13───────────┘

 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
 ┌──────────────┬────────────────┬──────────────┐
 └──────────────┴────────────────┴──────────────┘
 │  BITBASE     │   BITBASE-1    │   BITBASE-2  │
                │                      ↑
                └─────OFFSET=-11───────┘

• I-O-Permission(I-O-Address, width) returns TRUE or FALSE depending on the I/O permission bitmap and other factors. This function is defined as follows:

IF TSS type is 16-bit THEN RETURN FALSE; FI;
Ptr← [TSS+66]; (* fetch bitmap pointer *)
BitStringAddr ← SHR (I-O-Address, 3) + Ptr;
MaskShift ← I-O-Address AND 7;
CASE width OF:
 BYTE: nBitMask ← 1;
 WORD: nBitMask ← 3;
 DWORD: nBitMask ← 15;
ESAC;
mask ← SHL (nBitMask, MaskShift);
CheckString ← [BitStringAddr] AND mask;
IF CheckString = 0 
THEN RETURN (TRUE);
ELSE RETURN (FALSE);
FI;

• Switch-Tasks is described in detail in the Intel documentation.

Flags Affected

Pages describing basic instructions have a "Flags Affected" section the contains a flags information table similar to the following:

The first row of the table lists the mnemonic identifiers for the various flags. The entries in the second row are filled in according to how the flag is affected by the instruction:

The following table lists the mnemonic identifier, full name, and purpose of the flags that are applicable to all processor families and that are most commonly used from within application-level programs. Not all flags are included in this table; see the Intel documentation for a more complete description of flag usage from within systems-level programs.

The flags information table is usually followed by a paragraph description of how the flags are affected:

• If a flag is always cleared or always set by the instruction, the value is given (0 or 1) after the flag name. Arithmetic and logical instructions usually assign values to the status flags in a uniform manner. Nonconventional assignments are described in the Operation section.
• The values of flags listed as "undefined" may be changed by the instruction in an indeterminate manner.

All flags not listed are unchanged by the instruction.

FPU Flags Affected

The floating-point instruction pages have a section called "FPU Flags Affected," which tells how each instruction can affect the four condition code bits of the FPU status word. These pages contain a condition code information table similar to the following:

The first row of the table lists the names of the floating-point condition code flags. The entries in the second row are filled in according to how the flag is affected by the instruction:

The four FPU condition code bits (C0, C1, C2, and C3) are similar to the flags in a CPU; the processor updates these bits to reflect the outcome of arithmetic operations. The effect of these instructions on the condition code bits is summarized in the following table:

NOTES: O/U# When both IE and SF bits of status word are set, this bit distinguishes between stack overflow (C1=1) and underflow (C1=0).

Reduction If FPREM and FPREM1 produces a remainder that is less than the modulus, reduction is complete. When reduction is incomplete the value at the top of the stack is a parial remainder, which can be used as input to further reduction. For FPTAN, FSIN, FCOS and FSINCOS, the reduction bit is set if the operand at the top of the stack is too large. In this case, the original operand remains at the top of the stack.

Roundup When the PE bit of the status word is set, this bit indicates whether the last rounding in the instruction was upward.

UNDEFINED Do not rely on any specific value in these bits.

The condition code bits are used primarily for conditional branching. The FSTSW AX instruction stores the FPU status word directly into the AX register, allowing these condition codes to be inspected efficiently. The SAHF instruction can copy C3 - C0 directly to the CPU's flag bits to simplify conditional branching. The following table shows the mapping of these bits to the CPU flag bits.

Numeric Exceptions

For floating-point instruction pages, this section lists the exception flags of the FPU status word that each instruction can set. Exceptions are listed in abbreviated form, and are defined as follows:

IS Invalid operand due to stack overflow/underflow

I Invalid operand due to other cause

D Denormalized operand

Z Divide by zero

O Numeric overflow

U Numeric underflow

P Inexact result (precision)

Protected Mode Exceptions

This section lists the exceptions that can occur when the instruction is executed in protected mode. The exception names are a pound sign (#) followed by two letters and an optional error code in parentheses. For example, #GP(0) denotes a general protection exception with an error code of 0. The following table associates each two-letter name with the corresponding interrupt number.

Refer to the Intel documentation for a description of the exceptions and the processor state upon entry to the exception. Application programmers should consult the documentation provided with their operating systems to determine the actions taken when exceptions occur.

Real Address Mode Exceptions

Because less error checking is performed by the processor in Real Address Mode, this mode has fewer exception conditions. Refer to the Intel documentation for further information on these exceptions.

Virtual-8086 Mode Exceptions

Virtual 8086 tasks provide the ability to simulate Virtual 8086 machines. Virtual 8086 Mode exceptions are similar to those for the 8086 processor, but there are some differences. Refer to the Intel documentation for complete information on Virtual Mode exceptions.

Intel Instruction Set

The following section describes the individual processor instructions in detail.

AAA - ASCII Adjust after Addition

Description

Run the AAA instruction only following an ADD instruction that leaves a byte result in the AL register. The lower nibbles of the operands of the ADD instruction should be in the range 0 through 9 (BCD digits). In this case, the AAA instruction adjusts the AL register to contain the correct decimal digit result. If the addition produced a decimal carry, the AH register is incremented, and the CF and AF flags are set. If this same addition also produced FH in the upper nibble of AL then AH is incremented again. If there was no decimal carry, the CF and AF flags are cleared and the AH register is unchanged. In either case, the AL register is left with its top nibble set to 0. To convert the AL register to an ASCII result, follow the AAA instruction with OR AL, 30H.

Operation

ALcarry ← AL > 0F9H; (* 1 if true *)
IF ((AL AND 0FH) > 9) OR (AF = 1)
THEN 
   AL ← (AL + 6) AND 0FH;
   AH ← AH + 1 + ALcarry;
   AF ← 1;
   CF ← 1;
ELSE 
   AF ← 0;
   CF ← 0;
   AL ← AL AND 0FH;
FI;

Flags Affected

The AF and CF flags are set if there is a decimal carry, cleared if there is no decimal carry; the OF, SF, ZF, and PF flags are undefined.

AAD - ASCII Adjust AX before Division

Description

The AAD instruction is used to prepare two unpacked BCD digits (the least-significant digit in the AL register, the most-significant digit in the AH register) for a division operation that will yield an unpacked result. This is accomplished by setting the AL register to AL+ (second byte of opcode * AH), and then clearing the AH register. The AX register is then equal to the binary equivalent of the original unpacked two-digit number.

Operation

regAL = AL;
regAH = AH;
AL ← (regAH * imm8 + regAL) AND OFFH;
AH ← 0;

Note: imm8 has the value of the instruction's second byte. The second byte under normally assembly of this instruction will be 0A, however, explicit modification of this byte will result in the operation described above and may alter results.

Flags Affected

The SF, ZF, and PF flags are set according to the result; the OF, AF, and CF flags are undefined.

AAM - ASCII Adjust AX after Multiply

Details Table

Description

Run the AAM instruction only after running a MUL instruction between two unpacked BCD digits that leaves the result in the AX register. Because the result is less than 100, it is contained entirely in the AL register. The AAM instruction unpacks the AL result by dividing AL by the second byte of the opcode, leaving the quotient (most-significant digit) in the AH register and the remainder (least-significant digit) in the AL register.

Operation

regAL ← AL;
AH ← regAL / imm8;
AL ← regAL MOD imm8;

Note: imm8 has the value of the instruction's second byte. The second byte under normally assembly of this instruction will be 0A., however, explicit modification of this byte will result in the operation described above and may alter results.

Flags Affected

The SF, ZF, and PF flags are set according to the result; the OF, AF, and CF flags are undefined.

AAS - ASCII Adjust AL after Subtraction

Details Table

Description

Run the AAS instruction only after a SUB instruction that leaves the byte result in the AL register. The lower nibbles of the operands of the SUB instruction must have been in the range of 0 through 9 (BCD digits). In this case, the AAS instruction adjusts the AL register so it contains the correct decimal digit result. If the subtraction produced a decimal carry, the AH register is decremented, and the CF and AF flags are set. If no decimal carry occurred, the CF and AF flags are cleared, and the AH register is unchanged. In either case, the AL register is left with its top nibble set to 0. To convert the AL result to an ASCII result, follow the AAS instruction with OR AL, 30H.

Operation

ALborrow ← AL < 6; (* 1 if true *)
IF (AL AND 0FH) > 9 OR AF = 1
THEN
   AL ← (AL - 6) AND 0FH;
   AH ← AH - 1 - ALborrow;
   AF ← 1;
   CF ← 1;
ELSE
   CF ← 0;
   AF ← 0;
   AL ← AL AND 0FH
FI;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|? |  |  |? |? |* |? |* 

The AF and CF flags are set if there is a decimal carry, cleared if there is no decimal carry; the OF, SF, ZF, and PF flags are undefined.

ADC - Add with Carry

Description

The ADC instruction performs an integer addition of the two operands DEST and SRC and the carry flag, CF. The result of the addition is assigned to the first operand (DEST), and the flags are set accordingly. The ADC instruction is usually run as part of a multi-byte or multi-word addition operation. When an immediate byte value is added to a word or doubleword operand, the immediate value is first sign-extended to the size of the word or doubleword operand.

Operation

DEST ← DEST + SRC + CF;

Flags Affected

The OF, SF, ZF, AF, CF, and PF flags are set according to the result.

Protected Mode Exceptions

\#GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

ADD - Add

Details Table

Description

The ADD instruction performs an integer addition of the two operands (DEST and SRC). The result of the addition is assigned to the first operand (DEST ), and the flags are set accordingly. When an immediate byte is added to a word or doubleword operand, the immediate value is sign-extended to the size of the word or doubleword operand.

Operation

DEST ← DEST + SRC;

Flags Affected

OF|DF|IF|SF|ZF|AF|PF|CF
--+--+--+--+--+--+--+--
* |  |  |* |* |* |* |*

The OF, SF, ZF, AF, CF, and PF flags are set according to the result.

Protected Mode Exceptions

1. GP(0) is the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

AND - Logical AND

Details Table

Description

Each bit of the result of the AND instruction is a 1 if both corresponding bits of the operands are 1; otherwise, it becomes a 0.

Operation

DEST ← DEST AND SRC;
CF ← 0;
OF ← 0;

Flags Affected

The CF and OF flags are cleared; the PF, SF, and ZF flags are set according to the result; the AF flag is undefined.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

ARPL - Adjust RPL Field of Selector

Description

The ARPL instruction has two operands. The first operand is a 16-bit memory variable or word register that contains the value of a selector. The second operand is a word register. If the RPL field ("requested privilege level" - bottom two bits) of the first operand is less than the RPL field of the second operand, the ZF flag is set and the RPL field of the first operand is increased to match the second operand. Otherwise, the ZF flag is cleared and no change is made to the first operand. The ARPL instruction appears in operating system software, not in application programs. It is used to guarantee that a selector parameter to a subroutine does not request more privilege than the caller is allowed. The second operand of the ARPL instruction is normally a register that contains the CS selector value of the caller.

Operation

IF RBL bits(0,1) of DEST < RPL bits(0,1) of SRC 
THEN 
   ZF ← 1;
   RPL bits(0,1) of DEST ← RPL bits (0,1) of SRC;
ELSE 
   ZF ← 0;
FI;

Flags Affected

OF|DF|IF|SF|ZF|AF|PF|CF
--+--+--+--+--+--+--+--
  |  |  |  |* |  |  |  

The ZF flag is set if the RPL field of the first operand is less than that of the second operand, otherwise ZF is cleared.

Protected Mode Exceptions

1. GP(0) if the result is a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 6; the ARPL instruction is not recognized in Real Address Mode.

Virtual 8086 Mode Exceptions

Interrupt 6; the ARPL instruction is not recognized in Virtual 8086 Mode.

BOUND - Check Array Index Against Bounds

Description

The BOUND instruction ensures that a signed array index is within the limits specified by a block of memory consisting of an upper and a lower bound. Each bound uses one word when the operand-size attribute is 16-bits and a doubleword when the operand-size attribute is 32-bits. The first operand (a register) must be greater than or equal to the first bound in memory (lower bound), and less than or equal to the second bound in memory (upper bound) plus the number of bytes occupied for the operand size. If the register is not within bounds, an Interrupt 5 occurs; the return EIP points to the BOUND instruction. The bounds limit data structure is usually placed just before the array itself, making the limits addressable via a constant offset from the beginning of the array.

Operation

IF (LeftSRC < [RightSRC] OR LeftSRC > [RightSRC + 
OperandSize/8])
  (* Under lower bound or over upper bound *)
THEN Interrupt 5;
FI;

Protected Mode Exceptions

Interrupt 5 if the bounds test fails, as described above; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3. The second operand must be a memory operand, not a register. If the BOUND instruction is run with a ModR/M byte representing a register as the second operand, #UD occurs.

Real Address Mode Exceptions

Interrupt 5 if the bounds test fails; Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH; Interrupt 6 if the second operand is a register.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

BSF - Bit Scan Forward

Description

The BSF instruction scans the bits in the second word or doubleword operand starting with bit 0. The ZF flag is set if all the bits are 0; otherwise, the ZF flag is cleared and the destination register is loaded with the bit index of the first set bit.

Operation

IF r/m = 0
THEN
   ZF ← 1;
   register ← UNDEFINED;
ELSE
   temp ← 0;
   ZF ← 0;
   WHILE BIT[r/m,temp] = 0
   DO
      temp ← temp + 1;
      register ← temp;
  OD;
FI;

Flags Affected

OF|DF|IF|SF|ZF|AF|PF|CF
--+--+--+--+--+--+--+--
? |  |  |? |* |? |? |? 

The ZF flag is set if all bits are 0; otherwise, the ZF flag is cleared. OF , SF, AF, PF, CF = undefined.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

BSR-Bit Scan Reverse

Description

The BSR instruction scans the bits in the second word or doubleword operand from the most significant bit to the least significant bit. The ZF flag is set if all the bits are 0; otherwise, the ZF flag is cleared and the destination register is loaded with the bit index of the first set bit found when scanning in the reverse direction.

Operation

IF r/m = 0 
THEN 
   ZF ← 1;
   register ← UNDEFINED;
ELSE 
   temp ← OperandSize =1;
   ZF ← 0;
   WHILE BIT[r/m,temp] = 0 
   DO 
      temp ← temp - 1;
      register ← temp;
  OD;
FI;

Flags Affected

The ZF flag is set if all bits are 0; otherwise, the ZF flag is cleared. OS , SF, AF, PF, CF = undefined.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

BSWAP - Byte Swap

Description

The BSWAP instruction reverses the byte order of a 32-bit register, converting a value in little/big endian form to big/little endian form. When BSWAP is used with 16-bit operand size, the result left in the destination register is undefined.

Operation

TEMP ← r32 
r32(7..0) ← TEMP(31..24)
r32(15..8) ← TEMP(23..16)
r32(23..16) ← TEMP(15..8)
r32(31..24) ← TEMP(7.0)

Notes

BSWAP is not supported on Intel386 processors. Include functionally-equivalent code for Intel386 CPUs.

BT - Bit Test

Details Table

Description

The BT instruction saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the CF flag.

Operation

CF ← BIT [LeftSRC, RightSRC];

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|  |  |  |  |  |  |  |* 

The CF flag contains the value of the selected bit.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The index of the selected bit can be given by the immediate constant in the instruction or by a value in a general register. Only an 8-bit immediate value is used in the instruction. This operand is taken modulo 32, so the range of immediate bit offsets is 0..31. This allows any bit within a register to be selected. For memory bit strings, this immediate field gives only the bit offset within a word or doubleword. Immediate bit offsets larger than 31 are supported by some assemblers by using the immediate bit offset field in combination with the displacement field of the memory operand. In this case, the low-order 3 to 5 bits (3 for 16 bit operands, 5 for 32-bit operands) of the immediate bit offset are stored in the immediate bit offset field, and the high-order bits are shifted and combined with the byte displacement in the addressing mode by the assembler. The processor will ignore the high-order bits if they are not zero. When accessing a bit in memory, the processor may access four bytes starting from the memory address given by:

Effective Address + (4* (BitOffset DIV 32))

for a 32-bit operand size, or two bytes starting from the memory address given by:

Effective Address + (2 * (BitOffset DIV 16))

for a 16-bit operand size. It may do so even when only a single byte needs to be accessed in order to reach the given bit. You must therefore avoid referencing areas of memory close to address space holes. In particular, avoid references to memory-mapped I/O registers. Instead, use the MOV instructions to load from or store to these addresses, and use the register form of these instructions to manipulate the data.

BTC - Bit Test and Complement

Details Table

Description

The BTC instruction saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the CF flag and then complements the bit.

Operation

CF ← BIT[LeftSRC, RightSRC];
BIT[LeftSRC, RightSRC] ← NOT BIT[LeftSrc, RightSRC];

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|  |  |  |  |  |  |  |* 

The CF flag contains the complement of the selected bit.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, and GS segments; # SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The index of the selected bit can be given by the immediate constant in the instruction or by a value in a general register. Only an 8-bit immediate value may be used in the instruction. This operand is taken modulo 32, so the range of immediate bit offsets is 0..31. This allows any bit within a register to be selected. For memory bit strings, this immediate field gives only the bit offset within a word or doubleword. Immediate bit offsets larger then 31 are supported by some assemblers by using the immediate bit offset field in combination with the displacement field of the memory operand. In this case, the low-order 3 to 5 bits (3 for 16-bit operands, 5 for 32-bit operands) of the immediate bit offset are stored in the immediate bit offset field, and the high-order bits are shifted and combined with the byte displacement in the addressing mode by the assembler. The processor will ignore the high order bits if they are not zero. When accessing a bit in memory, the processor may access four bytes starting from the memory address given by:

Effective Address + (4 * (BitOffset DIV 32))

for a 32-bit operand size, or two bytes starting from the memory address given by:

Effective Address + (2 * (BitOffset DIV 16))

for a 16-bit operand size. It may do so even when only a single byte needs to be accessed in order to reach the given bit. Therefore, referencing areas of memory close to address space holes should be avoided. In particular, avoid references to memory-mapped I/O registers. Instead, use the MOV instructions to load from or store to these addresses, and use the register form of these instructions to manipulate the data.

BTR-Bit Test and Reset

Details Table

Description

The BTR instruction saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the CF flag and then stores 0 in the bit.

Operation

CF ← BIT[LeftSRC, RightSRC];
BIT[LeftSRC, RightSRC] ← 0;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|  |  |  |  |  |  |  |* |

The CF flag contains the value of the selected bit.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The index of the selected bit can be given by the immediate constant in the instruction or by a value in a general register. Only an 8-bit immediate value is used in the instruction. This operand is taken modulo 32, so the range of immediate bit offsets is 0..31. This allows any bit within a register to be selected. For memory bit strings, this immediate field gives only the bit offset within a word or doubleword. Immediate bit offsets larger than 31 are supported by some assemblers by using the immediate bit offset field in combination with the displacement field of the memory operand. In this case, the low-order 3 to 5-bits (3 for 16-bit operands, 5 for 32-bit operands) of the immediate bit offset are stored in the immediate bit offset field, and the high-order bits are shifted and combined with the byte displacement in the addressing mode by the assembler. The processor will ignore the high-order bits if they are not zero. When accessing a bit in memory, the processor may access four bytes starting from the memory address given by:

Effective Address + 4 * (BitOffset DIV 32)

for a 32-bit operand size, or two bytes starting from the memory address given by:

Effective Address + 2 * (BitOffset DIV 16)

for a 16-bit operand size. It may do so even when only a single byte needs to be accessed in order to reach the given bit. You must therefore avoid referencing areas of memory close to address space holes. In particular, avoid references to memory-mapped I/O registers. Instead, use the MOV instructions to load from or store to these addresses, and use the register form of these instructions to manipulate the data.

BTS-Bit Test and Set

Details Table

Description

The BTS instruction saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the CF flag and then stores 1 in the bit.

Operation

CF ← BIT[LeftSRC, RightSRC];
BIT[LeftSRC, RightSRC] ← 1;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|  |  |  |  |  |  |  |* 

The CF flag contains the value of the selected bit.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The index of the selected bit can be given by the immediate constant in the instruction or by a value in a general register. Only an 8-bit immediate value is used in the instruction. This operand is taken modulo 32, so the range of immediate bit offsets is 0..31. This allows any bit within a register to be selected. For memory bit strings, this immediate field gives only the bit offset within a word or doubleword. Immediate bit offsets larger than 31 are supported by some assemblers by using the immediate bit offset field in combination with the displacement field of the memory operand. In this case, the low-order 3 to 5 bits (3 for 16-bit operands, 5 for 32-bit operands) of the immediate bit offset are stored in the immediate bit offset field, and the high-order bits are shifted and combined with the byte displacement in the addressing mode by the assembler. The processor will ignore the high-order bits if they are not zero. When accessing a bit in memory, the processor may access four bytes starting from the memory address given by:

   Effective Address + (4 * (BitOffset DIV 32))

for a 32-bit operand size, or two bytes starting from the memory address given by:

   Effective Address + (2 * (BitOffset DIV 16))

for a 16-bit operand size. It may do this even when only a single byte needs to be accessed in order to get at the given bit. You must therefore be careful to avoid referencing areas of memory close to address space holes. In particular, avoid references to memory-mapped I/O registers. Instead, use the MOV instructions to load from or store to these addresses, and use the register form of these instructions to manipulate the data.

CALL - Call Procedure

Details Table

Description

The CALL instruction causes the procedure named in the operand to be run. When the procedure is complete (a return instruction is run within the procedure), processing continues at the instruction that follows the CALL instruction. The action of the different forms of the instruction are described below. Near calls are those with destination of type r/m16, r/m32, rel16, rel32; changing or saving the segment register value is not necessary. The CALL rel16 and CALL rel32 forms add a signed offset to the address of the instruction following the CALL instruction to determine the destination. The rel16 form is used when the instruction's operand-size attribute is 16- bits; rel32 is used when the operand-size attribute is 32-bits. The result is stored in the 32-bit EIP register. With rel16, the upper 16-bits of the EIP register are cleared, resulting in an offset whose value does not exceed 16-bits. CALL r/m16 and CALL r/m32 specify a register or memory location from which the absolute segment offset is fetched. The offset fetched from r/m is 32-bits for an operand-size attribute of 32 (r/m32), or 16-bits for an operand-size of 16 (r/m16). The offset of the instruction following the CALL instruction is pushed onto the stack. It will be popped by a near RET instruction within the procedure. The CS register is not changed by this form of CALL. The far calls, CALL ptr:16 and CALL ptr16:32, use a four-byte or six-byte operand as a long pointer to the procedure called. The CALL m16:16 and m16: 32 forms fetch the long pointer from the memory location specified (indirection). In Real Address Mode or Virtual 8086 Mode, the long pointer provides 16-bits for the CS register and 16 or 32-bits for the EIP register (depending on the operand-size attribute). These forms of the instruction push both the CS and IP or EIP registers as a return address. In Protected Mode, both long pointer forms consult the AR byte in the descriptor indexed by the selector part of the long pointer. Depending on the value of the AR byte, the call will perform one of the following types of control transfers:

• A far call to the same protection level
• An inter-protection level far call
• A task switch

A CALL-indirect-thru-memory, which uses the stack pointer (ESP) as a base register, references memory before the CALL. The base used is the value of the ESP before the instruction runs. For more information on Protected Mode control transfers, refer to the Intel documentation.

Operation

IF rel/16 or rel32 type of call 
THEN (* near relative call *)
   IF OperandSize = 16 
   THEN 
      Push(IP);
      EIP ← (EIP + rel16) AND 0000FFFFH;
   ELSE (* OperandSize = 32 *)
      Push(EIP);
      EIP ← EIP + rel32;
   FI;
FI;
IF r/m16 or r/m32 type of call 
THEN (* near absolute call *)
IF OperandSize = 16 
   THEN 
      Push(IP);
      EIP ← [r/m16] AND 0000FFFFH;
   ELSE (*OperandSize = 32 *)
      Push(EIP);
      EIP ←[r/m32]
   FI;
FI 

IF (PE = 0 OR (PE = 1 AND VM = 1))
(* real mode or virtual 8086 mode *)
   AND instruction = far CALL 
     (* i.e., operand type is m16:16, m16:32, ptr16:16, ptr16:32*)
THEN 
    IF OperandSize = 16 
    THEN 
      Push(CS);
      Push(IP); (* address of next instruction; 16 bits *)
    ELSE 
      Push(CS); (* padded with 16 high-order bits *)
      Push(EIP); (* address of next instruction; 32 bits *)
FI;
IF operand type is m16:16 or m16:32
THEN (* indirect far call *)
   IF OperandSize = 16 
   THEN 
      CS:IP ← [m16:16];
   EIP ← EIP AND 0000FFFFH; (* clear upper 16 bits *)
   ELSE (* OperandSize = 32 *)
      CS:EIP ← [m16:32[;
   FI;
FI;
IF operand type is ptr:16 or ptr16:32
THEN (* direct far call *)
   IF OperandSize = 16 
   THEN 
      CS:IP ← ptr:16;
      EIP ← EIP AND 0000FFFFH; (* clear upper 16 bits *)
   ELSE (* OperandSize = 32 *)
      CS:EIP ← ptr16:32;
   FI;
 FI;
FI;

IF (PE = 1 AND VM = 0) (* Protected mode, not V86 mode *)
 AND instruction = far CALL  
THEN 
 If indirect, then check access of EA doubleword;
   #GP(0) if limit violation;
 New CS selector must not be null else #GP(0);
 Check that new CS selector index is within its 
   descriptor table limits; else #GP(new CS selector);
 Examine AR byte of selected descriptor for various legal values;
   depending on value:
   go to CONFORMING-CODE-SEGMENT;
   go to NONCONFORMING-CODE-SEGMENT;
   go to CALL-GATE;
   go to TASK-GATE;
   go to TASK-STATE-SEGMENT;
 ELSE #GP(code segment selector);
FI;

CONFORMING-CODE-SEGMENT:
 DPL must be ó CPL ELSE #GP(code segment selector);
 Segment must be present ELSE #NP(code segment selector);
 Stack must be big enough for return address ELSE #SS(0);
 Instruction pointer must be in code segment limit ELSE #GP(0);
 Load code segment descriptor into CS register;
 Load CS with new code segment selector;
 Load EIP with zero-extend(new offset);
 IF OperandSize=16 THEN EIP ← EIP AND 0000FFFFH; FI;

NONCONFORMING-CODE-SEGMENT:
 RPL must be ó CPL ELSE #GP(code segment selector)
 DPL must be = CPL ELSE #GP(code segment selector)
 Segment must be present ELSE #NP(code segment selector)
 Stack must be big enough for return address ELSE #SS(0)
 Instruction pointer must be in code segment limit ELSE #GP(0)
 Load code segment descriptor into CS register 
 Load CS with new code segment selector 
 Set RPL of CS to CPL 
 Load EIP with zero-extend(new offset);
 IF OperandSize=16 THEN EIP ← EIP AND 0000FFFFH; FI;

 CALL-GATE
 Call gate DPL must be ò CPL ELSE #GP(call gate elector)
 Call gate DPL must be ò RPL ELSE #GP(call gate elector)
 Call gate just be present ELSE #NP(call gate selector)
 Examine code segment selector in call gate descriptor:
   Selector must not be null ELSE #GP(0)
   Selector must be within its descriptor table 
     limits ELSE #GP(code segment selector)
   AR byte of selected descriptor must indicate code 
     segment ELSE #GP(code segment selector)
   DPL of selected descriptor must be ó CPL ELSE 
     #GP(code segment selector)
   IF non-conforming code segment AND DPL < CPL 
   THEN go to MORE-PRIVILEGE
   ELSE go to SAME-PRIVILEGE
   FI;

MORE-PRIVILEGE:
 Get new SS selector for new privilege level from TSS 
   Check selector and descriptor for new SS:
     Selector must not be null ELSE #TS(0)
     Selector index must be within its descriptor 
       table limits ELSE #TS(SS selector)
     Selector's RPL must equal DPL of code segment 
       ELSE #TS(SS selector)
     Stack segment DPL must equal DPL of code 
       segment ELSE #TS(SS selector)
     Descriptor must indicate writable data segment 
       ELSE #TS(SS selector)
     Segment present ELSE #SS(SS selector)
IF OperandSize=32
 THEN 
     New stack must have room for parameters plus 16 bytes 
       ELSE #SS(SS selector)
     EIP must be in code segment limit ELSE #GP(0)
     Load new SS:eSP value from TSS 
     Load new CS:EIP value from gate 
 ELSE 
   New stack must have room for parameters plus 8 bytes 
     ELSE #SS(SS selector)
   IP must be in code segment limit ELSE #GP(0)
   Load new SS:eSP value from TSS 
   Load new CS:IP value from gate 
 FI;
 Load CS descriptor 
 Load SS descriptor 
 Push long pointer of old stack onto new stack 
 Get word count from call gate, mask to 5 bits 
 Copy parameters from old stack onto new stack 
 Push return address onto new stack 
 Set CPL to stack segment DPL 
 Set RPL of CS to CPL 

SAME-PRIVILEGE:
 IF OperandSize=32
 THEN 
   Stack must have room for 6-byte return address (padded to 8 bytes)
     ELSE #SS(0)
   EIP must be within code segment limit ELSE #GP(0)
   Load CS:EIP from gate 
 ELSE 
   Stack must have room for 4-byte return address ELSE #SS(0)
   IP must be within code segment limit ELSE #GP(0)
   Load CS:IP from gate 
FI;
Push return address onto stack 
Load code segment descriptor into CS register 
Set RPL of CS to CPL 

TASK-GATE:
   Task gate DPL must be ó CPL ELSE #TS(gate selector)
   Task gate DPL must be ó RPL ELSE #TS(gate selector)
   Task Gate must be present ELSE #NP(gate selector)
   Examine selector to TSS, given in Task Gate descriptor:
     Must specify global in the local/global bit ELSE #TS(TSS selector)
     Index must be within GDT limits ELSE #TS(TSS selector)
     TSS descriptor AR byte must specify nonbusy TSS 
       ELSE #TS(Tss selector)
     Task State Segment must be present ELSE #NP(TSS selector)
 SWITCH-TASKS (with nesting) to TSS 
 IP must be in code segment limit ELSE #TS(0)

TASK-STATE-SEGMENT
 TSS DPL must be ó CPL ELSE #TS(TSS selector)
 TSS DPL must be ó RPL ELSE #TS(TSS selector)
 TSS descriptor AR byte must specify available TSS 
    ELSE #TS(TSS selector)
 Task State Segment must be present ELSE #NP(TSS selector)
 SWITCH-TASKS (with nesting) to TSS 
 IP must be in code segment limit ELSE #TS(0)

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|  |  |  |  |  |  |  |  |

All flags are affected if a task switch occurs; no flags are affected if a task switch does not occur.

Protected Mode Exceptions

For far calls: #GP, #NP, #SS, and #TS, as indicated in the "Operation" section. For near direct calls: #GP(0) if procedure location is beyond the code segment limits; #SS(0) if pushing the return address exceeds the bounds of the stack segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3. For a near indirect call: #GP(0) for an illegal memory operand effective address is the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #GP(0) if the indirect offset obtained is beyond the code segment limits; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

Any far call from a 32-bit code segment to a 16-bit code segment should be made from the first 64 Kbytes of the 32-bit code segment, because the operand-size attribute of the instruction is set to 16, allowing only a 16- bit return address offset to be saved.

CBW/CWDE-Convert Byte to Word/Convert Word to Doubleword

Description

The CBW instruction converts the signed byte in the AL register to a signed word in the AX register by extending the most significant bit of the AL register (the sign bit) into all of the bits of the AH register. The CWDE instruction converts the signed word in the AX register to a doubleword in the EAX register by extending the most significant bit of the AX register into the two most significant bytes of the EAX register. Note that the CWDE instruction is different from the CWD instruction. The CWD instruction uses the DX:AX register pair rather than the EAX register as a destination.

Operation

IF OperandSize = 16 (* instruction = CBW *)
THEN AX ← Sign Extend(AL);
ELSE (* OperandSize = 32, instruction = CWDE *)
  EAX ← Sign Extend(AX);
FI;

CDQ - Convert Double to Quad

See entry for CWD/CDQ-Convert Word to Double/Convert Double to Quad.

CLC - Clear Carry Flag

Description

The CLC instruction clears the CF flag. It does not affect other flags or registers.

Operation

CF ← 0;

Flags Affected

The CF flag is cleared.

CLD - Clear Direction Flag

Description

The CLD instruction clears the direction flag. No other flags or registers are affected. After a CLD instruction is run, string operations will increment the index registers (SI and/or DI) that they use.

Operation

DF ← 0;

Flags Affected

The DF flag is cleared.

CLI - Clear Interrupt Flag

Description

The CLI instruction clears the IF flag if the current privilege level is at least as privileged as IOPL. No other flags are affected. External interrupts are not recognized at the end of the CLI instruction from that point on until the IF flag is set.

Operation

IF PE = 0 
THEN 
  IF ←0;
ELSE 
  IF VM = 0 (* Running in protected Mode *)
  THEN
     IF IOPL = 3 
     THEN IF ← 0;
     ELSE IF CPL ó IOPL 
               THEN IF ← 0;
               ELSE #GP(0);
               FI;
     FI;
  ELSE (* Running in Virtual-8086 mode *)
     IF IOPL = 3 
     THEN IF ← 
     ELSE #GP(0);
     FI;
  FI;
FI;

Decision Table

The following decision table indicates which action in the lower portion of the table is taken given the conditions in the upper portion of the table.

Notes: - Don't care Blank Action Not Taken Y Action in Column 1 taken

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|  |  |0 |  |  |  |  |  |

IF cleared.

Protected Mode Exceptions

1. GP(0) if the current privilege level is greater (has less privilege) than the I/O privilege level in the flags register. The I/O privilege level specifies the least privileged level at which I/O can be performed.

Virtual 8086 Mode Exceptions

1. GP(0) as for protected mode.

CLTS - Clear Task-Switched Flag in CR0

Description

The CLTS instruction clears the task-switched (TS) flag in the CR0 register. This flag is set by the processor every time a task switch occurs. The TS flag is used to manage processor extensions as follows:

• Every processing of an ESC instruction is trapped if the TS flag is set.
• Processing of a WAIT instruction is trapped if the MP flag and the TS flag are both set.

Thus, if a task switch was made after an ESC instruction was begun, the floating-point unit's context may need to be saved before a new ESC instruction can be issued. The fault handler saves the context and clears the TS flag. The CLTS instruction appears in operating system software, not in application programs. It is a privileged instruction that can only be run at privilege level 0.

Operation

TS Flag in CR0 ← 0;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|  |  |  |  |  |  |  |  |

The TS flag is cleared (the TS flag is in the CR0 register, not the flags register).

Protected Mode Exceptions

1. GP(0) if the CLTS instruction is run with a current privilege level other than 0.

Real Address Mode Exceptions

None (valid in Real Address Mode to allow initialization for Protected Mode ).

Virtual 8086 Mode Exceptions

Same exceptions as in Protected Mode.

CMC - Complement Carry Flag

Description

The CMC instruction reverses the setting of the CF flag. No other flags are affected.

Operation

CF ← NOT CF;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|  |  |  |  |  |  |  |*

The CF flag contains the complement of its original value.

CMP - Compare Two Operands

Details Table

Description

The CMP instruction subtracts the second operand from the first but, unlike the SUB instruction, does not store the result; only the flags are changed. The CMP instruction is typically used in conjunction with conditional jumps and the SETcc instruction. (Refer to Appendix D for the list of signed and unsigned flag tests provided.) If an operand greater than one byte is compared to an immediate byte, the byte value is first sign-extended.

Operation

LeftSRC - SignExtend(RightSRC);

(* CMP does not store a result; its purpose is to set the flags *)

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|* |  |  |* |* |* |* |* 

The OF, SF, ZF, AF, PF, and CF flags are set according to the result.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

,Real Address Mode Exceptions Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

CMPS/CMPSB/CMPSW/CMPSD - Compare String Operands

Description

The CMPS instruction compares the byte, word, or doubleword pointed to by the source-index register with the byte, word, or doubleword pointed to by the destination-index register. If the address-size attribute of this instruction of 16-bits, the SI and DI registers will be used for source- and destination-index registers; otherwise the ESI and EDI registers will be used. Load the correct index values into the SI and DI (or ESI and EDI) registers before running the CMPS instruction. The comparison is done by subtracting the operand indexed by the destination-index register from the operand indexed by the source-index register. Note that the direction of subtraction for the CMPS instruction is [SI] - [ DI] or [ESI] - [EDI]. The left operand (SI or ESI) is the source and the right operand (DI or EDI) is the destination. This is the reverse of the usual Intel convention in which the left operand is the destination and the right operand is the source. The result of the subtraction is not stored; only the flags reflect the change. The types of the operands determine whether bytes, words, or doublewords are compared. For the first operand (SI or ESI), the DS register is used, unless a segment override byte is present. The second operand (DI or EDI) must be addressable from the ES register; no segment override is possible. After the comparison is made, both the source-index register and destination-index register are automatically advanced. If the DF flag is 0 (a CLD instruction was run), the registers increment; if the DF flag is 1 (an STD instruction was run), the registers decrement. The registers increment or decrement by 1 if a byte is compared, by 2 if a word is compared, or by 4 if a doubleword is compared. The CMPSB, CMPSW and CMPSD instructions are synonyms for the byte, word, and doubleword CMPS instructions, respectively. The CMPS instruction can be preceded by the REPE or REPNE prefix for block comparison of CX or ECX bytes, words, or doublewords. Refer to the description of the REP instruction for more information on this operation.

Operation

IF (instruction = CMPSD) OR
   (instruction has operands of type DWORD)
THEN OperandSize ← 32;
ELSE OperandSize ← 16;
FI;
IF AddressSize = 16
THEN
  use SI for source-index and DI for destination-index
ELSE (* AddressSize = 32 *)
  use ESI for source-index and EDI for destination-index;
FI;
IF byte type of instruction
THEN
  set ZF based on
  [source-index] - [destination-index] ; (* byte comparison *)
  IF DF = 0 THEN IncDec ← 1 ELSE IncDec ← -1; FI;
ELSE
  IF OperandSize = 16
  THEN
     set ZF based on
     [source-index] - [destination-index] ; (* word comparison *)
     IF DF = 0 THEN IncDec ← 2 ELSE IncDec ← -2; FI;
  ELSE (* OperandSize = 32 *)
     set ZF based on
     [source-index] - [destination-index] ; (* dword comparison *)
     IF DF = 0 THEN IncDec ← 4 ELSE IncDec ← -4; FI;
  FI;
FI;
source-index = source-index + IncDec;
destination-index = destination-index + IncDec;

The OF, SF, ZF, AF, PF, and CF flags are set according to the result.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

CMPXCHG - Compare and Exchange

Description

The CMPXCHG instruction compares the accumulator (AL, AX, or EAX register) with DEST. If they are equal, SRC is loaded into DEST. Otherwise, DEST is loaded into the accumulator.

Operation

IF accumulator=DEST
         ZF ← 1 
         DEST ← SRC 
ELSE 
         ZF ← 0 
         accumulator ← DEST 

The CF, PF, AF, SF, and OF flags are affected as if a CMP instruction had been run with DEST and the accumulator as operands. The ZF flag is set if the destination operand and the accumulator are equal; otherwise it is cleared.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in real-address mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

This instruction can be used with a LOCK prefix. In order to simplify interface to the processor's bus, the destination operand receives a write cycle without regard to the result of the comparison. DEST is written back if the comparison fails, and SRC is written into the destination otherwise. (The processor never produces a locked read without also producing a locked write.) This instruction is not supported on Intel386 processors.

CMPXCHG8B - Compare and Exchange 8 Bytes

Description

The CMPXCHG8B instruction compares the 64-bit value in EDX:EAX with DEST. EDX contains the high-order 32 bits, and EAX contains the low-order 32 bits of 64-bit value. If they are equal, the 64-bit value in ECX:EBX is stored into DEST. ECX contains the high-order 32 bits and EBX contains the low- order 32 bits. Otherwise, DEST is loaded into EDX:EAX.

Operation

IF EDX:EAX=DEST
         ZF ← 1 
         DEST ← ECX:EBX
ELSE 
         ZF ← 0 
         EDX:EAX ← DEST 

The ZF flag is set if the destination operand and EDX:EAX are equal; otherwise it is cleared. The CF, PF, AF, SF, and OF flags are unaffected.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

The destination operand must be a memory operand, not a register. If the CMPXCHG8B instruction is run with a modr/m byte representing a register as the destination operand, #UD occurs.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in real-address mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3. #UD if modr/m byte represents a register as the destination.

Notes

This instruction can be used with a LOCK prefix. In order to simplify interface to the processor's bus, the destination operand receives a write cycle without regard to the result of the comparison. DEST is written back if the comparison fails, and SRC is written into the destination otherwise. (The processor never produces a locked read without also producing a locked write.) The "r/m64" syntax had previously been used only in the context of floating point operations. It indicates a 64-bit value, in memory at an address determined by the modr/m byte. This instruction is not supported on Intel486 processors.

CPUID - CPU Identification

Details Table

Description

The CPUID instruction provides information to software about the vendor, family, model, and stepping of microprocessor on which it is running. An input value loaded into the EAX register for this instruction indicates what information should be returned by the CPUID instruction. Following processing of the CPUID instruction with a zero in EAX, the EAX register contains the highest input value understood by the CPUID instruction. For the Pentium processor, the value in EAX will be a one. Also included in the output of this instruction with an input value of zero in EAX is a vendor identification string contained in the EBX, EDX, and ECX registers. EBX contains the first four characters, EDX contains the next four characters and ECX contains the last four characters. For Intel processors, the vendor identification string is "GenuineIntel" as follows:

EBX ← 756e6547h (* "Genu", with G in the low nibble of BL *)
EDX ← 49656e69h (* "ineI", with i in the low nibble of DL *)
ECX ← 6c65746eh (* "ntel", with n in the low nibble of CL *)

Following processing of the CPUID instruction with an input value of one loaded into the EAX register, EAX[3:0] contains the stepping id of the microprocessor, EAX[7:4] contains the model (the first model will be indicated by 0001B in these bits) and EAX[11:8] contains the family (5 for the Pentium processor family). EAX[31:12] are reserved, as well as EBX, and ECX. The Pentium processor sets the feature register, EDX, to 1BFH indicating which features the Pentium processor supports. A feature flag set to one indicates that the corresponding feature is supported. The feature set register is defined as follows:

EDX[0:0] FPU on chip
EDX[6:1] Refer to the Intel documentation
EDX[7:7] Machine Check Exception
EDX[8:8] CMPXCHG8B Instruction
EDX[31:9] Reserved

Software should determine the vendor identification in order to properly interpret the feature register flag bits. For more information on the feature set register, see the Intel documentation.

Operation

switch (EAX)
  case 0:
      EAX ← hv;(* hv=1 for the Pentium processor *)
                      (* hv is the highest input value that is understood by CPUID. *)
      EBX ← Vendor identification string;
      EDX ← Vendor identification string;
      ECX ← Vendor identification string;
      break;
  case 1:
      EAX[3:0] ← Stepping ID;
      EAX[7:4] ← Model;
      EAX[11:8] ← Family;
      EAX[31:12] ← Reserved;
      EBX ← reserved;      (* 0 *)
      ECX ← reserved;      (* 0 *)
      EBX ← feature flags;
      break;
  default:  (* EAX > hv *)
      EAX ← reserved, undefined;
      EBX ← reserved, undefined;
      ECX ← reserved, undefined;
      EDX ← reserved, undefined;
      break;
end-of-switch

CWD/CDQ - Convert Word to Double/Convert Double to Quad

Description

CWD and CDQ double the size of the source operand. The CWD instruction copies the sign (bit 15) of the word in the AX register into every bit position in the DX register. The CDQ instruction copies the sing (bit 31) of the doubleword in the EAX register into every bit position in the EDX register. The CWD instruction can be used to produce a doubleword dividend from a word before a word division, and the CDQ instruction can be used to produce a quadword dividend from a doubleword before doubleword division. The CWD and CDQ instructions are different mnemonics for the same opcode. Which one gets run is determined by whether it is in a 16- or 32-bit segment and the presence of any operand-size override prefixes.

Operation

IF OperandSize = 16 (* instruction = CWD *)
THEN DX ← SignExtend(AX);
ELSE (* OperandSize = 32, instruction = CDQ *)
  EDX ←SignExtend(EAX);
FI;

CWDE - Convert Word to Doubleword

See entry for CBW/CWDE-Convert Byte to Word/Convert Word to Doubleword.

DAA - Decimal Adjust AL after Addition

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+--------------------------------
|27        |DAA                 |X|X|X|X|X|X|Decimal adjust AL after addition

Description

Run the DAA instruction only after running an ADD instruction that leaves a two-BCD-digit byte result in the AL register. The ADD operands should consist of two packaged BCD digits. The DAA instruction adjusts the AL register to contain the correct two-digit packed decimal result.

Operation

IF (((AL AND 0FH) > 09H) or EFLAGS.AF = 1)
THEN 
  AL ← AL + 06H;
FI;
IF (((AL AND 0F0H) > 90H) or EFLAGS.CF = 1)
THEN 
  AL ← AL + 60H;
  CF ← 1;
FI;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|? |  |  |* |* |* |* |* |

The AF and CF flags are set if there is a decimal carry, cleared if there is no decimal carry; the SF, ZF and PF flags are set according to the result. The OF flag is undefined.

DAS - Decimal Adjust AL after Subtraction

Details Table

|Encoding |Instruction  |0|1|2|3|4|5|Description 
|---------+-------------+-+-+-+-+-+-+----------------------------------
|2F       |DAS          |X|X|X|X|X|X|Decimal adjust AL after subtraction

Description

Run the DAS instruction only after a subtraction instruction that leaves a two-BCD-digit byte result in the AL register. The operands should consist of two packed BCD digits. The DAS instruction adjusts the AL register to contain the correct packed two-digit decimal result.

Operation

tmpCF ← 0;
tmpAL ← AL;
IF (((tmpAL AND 0FH) > 9H) or AF = 1)
THEN 
  AF ← 1;
  AL ← AL - 6H;
  tmpCF ← (AL < 0) OR CF;
FI;
IF ((tmpAL > 99H) or CF = 1)
THEN 
  AL ← AL - 60H;
  tmpCF ← 1;
FI;
CF ← tmpCF;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|? |  |  |* |* |* |* |* |

The AF and CF flags are set if there is a decimal borrow, cleared if there is no decimal borrow; the SF, ZF and PF flags are set according to the result. The OF flag is undefined.

DEC - Decrement by 1

Description

The DEC instruction subtracts 1 from the operand. The DEC instruction does not change the CF flag. To affect the CF flag, use the SUB instruction with an immediate operand of 1.

Operation

DEST ← DEST - 1;

Flags Affected

The OF, SF, ZF, AF, and PF flags are set according to the result.

Protected Mode Exceptions

1. GP(0) if the result is a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

DIV - Unsigned Divide

Description

The DIV instruction performs an unsigned division. The dividend is implicit ; only the divisor is given as an operand. The remainder is always less than the divisor. The type of the divisor determines which registers to use as follows:

Operation

temp ← dividend / divisor;
IF temp does not fit in quotient 
THEN Interrupt 0;
ELSE 
  quotient ← temp;
  remainder ← dividend MOD (r/m);
FI;

Note: Divisions are unsigned. The divisor is given by the r/m operand. The dividend, quotient, and remainder use implicit registers. Refer to the table under "Description".

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|? |  |  |? |? |? |? |? |

The OF, SF, ZF, AF, PF, and CF flags are undefined.

Protected Mode Exceptions

Interrupt 0 if the quotient is too large to fit in the designated register (AL, AX, or EAX), or if the divisor is 0; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 0 if the quotient is too big to fit in the designated register (AL, AX, or EAX), or if the divisor is 0; Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

ENTER - Make Stack Frame for Procedure Parameters

Description

The ENTER instruction creates the stack frame required by most block- structured high-level languages. The first operand specifies the number of bytes of dynamic storage allocated on the stack for the routine being entered. The second operand gives the lexical nesting level (0 to 31) of the routine within the high-level language source code. It determines the number of stack frame pointers copied into the new stack frame from the preceding frame. Both the operand-size attribute and the stack-size attribute are used to determine whether BP or EBP is used for the current frame pointer and SP or ESP is used for the stack pointer. If the operand-size attribute is 16-bits, the processor uses the BP register as the frame pointer and the SP register as the stack pointer, unless the stack-size attribute is 32-bits in which case it uses EBP for the frame pointer and ESP for the stack pointer. If the operand-size attribute is 32-bits, the processor uses the EBP register for the frame pointer and the ESP register for the stack pointer, unless the stack-size attribute is 16-bits in which case it uses BP for the frame pointer and SP for the stack pointer. If the second operand is 0, the ENTER instruction pushes the frame pointer (BP or EBP register) onto the stack; the ENTER instruction then subtracts the first operand from the stack pointer and sets the frame pointer to the current stack-pointer value. For example, a procedure with 12 bytes of local variables would have an ENTER 12,0 instruction at its entry point and a LEAVE instruction before every RET instruction. The 12 local bytes would be addressed as negative offsets from the frame pointer.

Operation

level ← level MOD 32 
2ndOperand <- 2ndOperand MOD 32 
IF operand_size = 16 THEN Push(bp) ELSE Push(ebp) FI;
IF stkSize = 16 THEN framePtr = sp ELSE framePtr = esp FI;
FOR i ← 1 TO (2ndOperand - 1)
DO 
  IF oprand_size = 16 
  THEN
      IF stkSize = 16 
      THEN
        bp = bp - 2 
        Push([bp]) (* word push *)
      ELSE (* stkSize = 32 *)
        ebp = ebp - 2 
        Push([ebp]) (* word push *)
      FI;
  ELSE (* operand_size = 32 *)
      IF stkSize = 16 
        bp = bp - 4 
        Push([bp]) (* doubleword push *)
      ELSE (* stkSize = 32 *)
        ebp = ebp - 4 
        Push([ebp]) (* doubleword push *)
      FI;
  FI;
OD;
IF stkSize = 16 
THEN Push(framePtr); (* word push *)
ELSE Pushd(framePtr); (* doubleword push *)
FI;
IF stkSize = 16 
THEN 
  bp = framePtr 
  sp = sp - 1stOperand 
ELSE 
  ebp = framePtr 
  esp = esp - 1stOperand 
FI;

Protected Mode Exceptions

1. SS(0) if the SP or ESP value would exceed the stack limit at any point during instruction processing; #PF(fault-code) for a page fault.

F2XM1 - Compute (2 to the power of X) minus 1

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+-------------------------
|D9 F0     |F2XM1               |X|X|X|X|X|X|Replace ST with (2ST - 1)

Description

F2XM1 replaces the contents of ST with (2ST-1). ST must lie in the range -1 < ST < 1.

Operation

ST ← (2ST-1);

Numeric Exceptions

P, U, D, I, IS.

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

If the operand is outside the acceptable range, the result of F2XM1 is undefined. Values other than 2 can be exponentiated using the formula xy = 2(y * log2x) The instructions FLDL2T and FLDL2E load the constants log210 and log2e, respectively. FYL2X can be used to calculate y * log2x for arbitrary positive x.

FABS - Absolute Value

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+----------------------------------
|D9 E1     |FABS                |X|X|X|X|X|X|Replace ST with its absolute value

Description

The absolute value instruction clears the sign bit of ST. This operation leaves a positive value unchanged, or replaces a negative value with a positive value of equal magnitude.

Operation

sign bit of ST ← 0 

Numeric Exceptions

IS

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

The invalid-operation exception is raised only on stack underflow. No exception is raised if the operand is a signalling NaN or is in an unsupported format.

FADD/FADDP/FIADD - Add

Description

The addition instructions add the source and destination operands and return the sum to the destination. The operand at the stack top can be doubled by coding: FADD ST, ST(0)

Operation

DEST ← DEST +SRC;
If instruction = FADDP THEN pop ST FI;

Numeric Exceptions

P, U, O, D, I, IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF ( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the source operand is in memory, it is automatically converted to the extended-real format.

FBLD - Load Binary Coded Decimal

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+------------------------------
|DF /4     |FBLD m80bcd         |X|X|X|X|X|X|Push m80bcd onto the FPU stack

Description

FBLD converts the BCD source operand into extended-real format, and pushes it onto the FPU stack. See Figure 6-10 for BCD data layout.

Operation

Decrement FPU stack-top pointer;
ST(0) ← SRC;

Numeric Exceptions

IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF ( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The source is loaded without rounding error. The sign of the source is preserved, including the case where the value is negative zero. The packed decimal digits are assumed to be in the range 0-9. The instruction does not check for invalid digits (A-FH), and the result of attempting to load an invalid encoding is undefined. ST(7) must be empty to avoid causing an invalid-operation exception.

FBSTP - Store Binary Coded Decimal and Pop

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+-----------------------------
|DF /6     |FBSTP m80bcd        |X|X|X|X|X|X|Store ST in m80bcd and pop ST

Description

FBSTP converts the value in ST into a packed decimal integer, stores the result at the destination in memory, and pops ST. Non-integral values are first rounded according to the RC field of the control word. See Figure 6- 10 for BCD data layout.

Operation

DEST ← ST(0);
pop ST;

Numeric Exceptions

P, I, IS.

Protected Mode Exceptions

1. GP(0) if the destination is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF (fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

FCHS - Change Sign

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+--------------------------
|D9 E0     |FCHS                |X|X|X|X|X|X|Replace ST with a value of
|          |                    | | | | | | |opposite sign

Description

The change sign instruction inverts the sign bit of ST. This operation replaces a positive value with a negative value of equal magnitude, or vice -versa.

Operation

sign bit of ST ← NOT (sign bit of ST)

Numeric Exceptions

IS

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CRO is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

The invalid-operation exception is raised only on stack underflow, even if the operand is signalling NaN or is an unsupported format.

FCLEX/FNCLEX - Clear Exceptions

Details Table

Description

FCLEX clears the exception flags, the exception status flag, and the busy flag of the FPU status word.

Operation

SW[0..7] ← 0;
SW[15]   ← 0;

Numeric Exceptions

None

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set.

Notes

FCLEX checks for unmasked floating-point error conditions before clearing the exception flags, FNCLEX does not.

FCOM/FCOMP/FCOMPP - Compare Real

Description

The compare real instructions compare the stack top to the source, which can be a register or a single- or double-real memory operand. If no operand is encoded, ST is compared to ST(1). Following the instruction, the condition codes reflect the relation between ST and the source operand.

Operation

Case (relation of operands) OF 
  Not comparable:     C3, C2, C0 ← 111;
  ST > SRC:           C3, C2, C0 ← 000;
  ST < SRC:           C3, C2, C0 ← 001;
  ST = SRC:           C3, C2, C0 ← 100;
If instruction = FCOMP THEN pop ST; Fl;
If instruction = FCOMPP THEN pop ST; pop ST; Fl;

FPU Flags Affected

FPU FLAGS |EFLAGS
----------+------
C0        |CF
----------+------
C1        |None
----------+------
C2        |PF
----------+------
C3        |ZF

C1 as described in FPU Flags Affected; C0, C2, C3 as specified above.

Numeric Exceptions

D, I, IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF ( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would like outside effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If either operand is NaN or is in an undefined format, or if a stack fault occurs, the invalid-operation exception is raised, and the condition bits are set to "unordered." The sign of zero is ignored, so that -0.0 =-+0.0.

FCOS - Cosine

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+--------------------------
|D9 FF     |FCOS                | | | |X|X|X|Replace ST with its cosine

Description

The cosine instruction replaces the contents of ST with cos(ST). ST, expressed in radians, must lie in the range 101 < 2 63.

Operation

IF operand is in range 
THEN 
    C2 ← 0;
    ST ← cos(ST);
ELSE 
    C2 ← 1;
FI;

FPU Flags Affected

|C0|C1|C2|C3|
|--+--+--+--|
|? |* |? |* |

C1, C2 as described in FPU Flags Affected; C0, C3 undefined.

Numeric Exceptions

P,D,I,IS.

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set.

Notes

If the operand is outside the acceptable range, the C2 flag is set, and ST remains unchanged. It is the programmer's responsibility to reduce the operand to an absolute value smaller than 263 by subtracting an appropriate integer multiple of 2ã. See the Intel documentation for discussion of the proper value to use for ã in performing such reductions.

FDECSTP - Decrement Stack-Top Pointer

IF TOP=0
THEN TOP ← 7;
ELSE TOP ← TOP-1;
FI;

C0|C1|C2|C3
--+--+--+--

FDIV DEST, SRC 
DEST ← DEST ö SRC 
If instruction = FDIVP THEN pop ST FI;

FDIVR DEST, SRC 
DEST ← SRC ö DEST 
IF instruction = FDIVRP THEN pop ST FI;

TAG(i) ← 11B;

CASE (relation of operands) OF 
   Not comparable:  C3, C2, C0 ← 111;
   ST > SRC:        C3, C2, C0 ← 000;
   ST < SRC:        C3, C2, C0 ← 001;
   ST = SRC:        C3, C2, C0 ← 100;
If instruction = FICOMP THEN pop ST; FI;

FPU FLAGS  |EFLAGS
-----------+------
C0         |CF
-----------+------
C1         |(none)
-----------+------
C2         |PF
-----------+------
C3         |ZF

Decrement FPU stack-top pointer;
ST(0) ← SRC;

IF TOP = 7 
THEN TOP ← 0;
ELSE TOP ← TOP + 1;
FI;

CW ← 037FH;      (* Control word *)
SW ← 0;          (*Status word*)
TW ← FFFFH;      (* Tag word *)
FEA ← 0; FDS ← 0; (* Data pointer *)
FIP ← 0; FOP ← 0; FCS ← 0; (* Instruction pointer *)

C0|C1|C2|C3
--+--+--+--
0 |0 |0 |0

DEST ← ST(0);
IF instruction = FISTP THEN pop ST FI;

Decrement FPU stack-top pointer;
ST(0) ← CONSTANT;

CW ← SRC;

FPU environment ← SRC;

DEST ← DEST * SRC;
IF instruction = FMULP THEN pop ST FI;

#GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments;
#SS(0) for an illegal address in the SS segment;
#PF(fault-code) for a page fault;
#NM if either EM or TS in CR0 is set;
#AC for unaligned memory reference if the current privilege level is 3.

#NM if either EM or TS in CR0 is set. 

#NM if either EM or TS in CR0 is set.

#NM if either EM or TS in CR0 is set. 

#NM if either EM or TS in CR0 is set. 

EXPDIF ← exponent(ST) - exponent(ST(1));
IF EXPDIF < 64 
THEN 
   Q ← integer obtained by chopping ST ö ST(1) toward zero;
   ST ← ST - (ST(1) * Q);
   C2 ← 0;
   C0, C1, C3 ← three least-significant bits of Q; (* Q2, Q1, Q0 *)
ELSE 
   C2 ← 1;
   N ← a number between 32 and 63;
   QQ ← integer obtained by chopping (ST ö ST(1)) ö 2EXPDIF-N
       toward zero;
   ST ← ST - (ST(1) * QQ * 2EXPDIF-N;
FI;

#NM if either EM or TS in CR0 is set. 

#NM if either EM or TS in CR0 is set. 

EXPDIF ← exponent(ST) - exponent(ST(1));
IF EXPDIF < 64
THEN
  Q ← integer obtained by rounding ST ö ST(1) to the nearest integer;
      (*or the nearest even integer if the result is exactly halfway between 2 integers *)
  ST ← ST - (ST(1) * Q);
  C2 ← 0;
  Q ← ST - (ST(1) * Q);
  C0, C1, C3 ← three least-significant bits of Q; (* Q2, Q1, Q0 *)
  C2 ← 0;
  C0, C1, C3 ← three least-significant bits of Q; (* Q2, Q1, Q0 *)
ELSE
  C2 ← 1;
  N ← a number between 32 and 63;
  QQ ← integer obtained by chopping (ST ö ST(1)) ö 2EXPDIF-N;
      toward zero;
  ST ← ST - (ST(1) * QQ * 2EXPDIF-N
FI;

#NM if either EM or TS in CR0 is set.

#NM if either EM or TS in CR0 is set.

IF operand is in range 
THEN 
  C2 ← 0;
  ST ← tan(ST);
  Decrement stack-top pointer;
  ST ← 1.0;
ELSE 
  C2 ← 1;
FI;

FPU state ← SRC;

DEST ← FPU state;
initialize FPU; (* Equivalent to FNINIT *)

ST ← ST * 2ST(1);

If operand is in range 
THEN 
  C2 ← 0;
ELSE 
  C2 ← 1;
FI:

IF operand is in range 
THEN 
  C2 ← 0;
  TEMP ← cos(ST);
  ST ← sin(ST);
  Decrement FPU stack-top pointer;
  ST ← TEMP;
ELSE 
  C2 ← 1;
FI:

ST ← square root of ST;

DEST ← ST(0);
IF instruction = FSTP THEN pop ST FI;

DEST ← CW;

DEST ← FPU environment;
CW[0..5] ← 111111B;

DEST ← SW;

DEST ← ST - Other Operand;
IF instruction = FSUBP THEN pop ST FI;

DEST ← Other Operand - ST;
IF instruction = FSUBRP THEN pop ST FI;

CASE (relation of operands) OF 
     Not comparable:   C3, C2, C0 ← 111;
     ST > SRC:         C3, C2, C0 ← 000;
     ST < SRC:         C3, C2, C0 ← 001;
     ST = SRC:         C3, C2, C0 ← 100;

CASE (relation of operands) OF
     Not comparable:   C3, C2, C0 ← 111;
     ST > SRC:         C3, C2, C0 ← 000;
     ST < SRC:         C3, C2, C0 ← 001;
     ST = SRC:         C3, C2, C0 ← 100;
IF instruction = FUCOMP THEN pop ST; FI;
IF instruction = FUCOMPP THEN pop ST; pop ST; FI;

C1 ← sign bit of ST; (* 0 for positive, 1 for negative *)

CASE (type of object in ST) OF 
     Unsupported:  C3, C2, C0 ← 000;
     NaN:         C3, C2, C0 ← 001;
     Normal:      C3, C2, C0 ← 010;
     Infinity:    C3, C2, C0 ← 011;
     Zero:        C3, C2, C0 ← 100;
     Empty:       C3, C2, C0 ← 101;
     Denormal:    C3, C2, C0 ← 110;

TEMP ← ST;
ST ← DEST;
DEST ← TEMP;

FXCH ST (3)
FSQRT
FXCH ST (3)

TEMP ← significand of ST;
ST ← exponent of ST;
Decrement FPU stack-top pointer;
ST ← TEMP;

ST(1) ← ST(1) * log2ST;
pop ST;

ST(1) ← ST(1) * log2(ST+1.0);
pop ST;

temp ← dividend / divisor;
IF temp does not fit in quotient 
THEN Interrupt 0;
ELSE 
 quotient ← temp;
 remainder ← dividend MOD (r/m);
FI;