ALP Programming Guide and Reference/Processor Reference

This chapter presents an overview of the instruction set and lists the complete instruction set in alphabetical order. For each instruction, the forms are given for each operand combination, including object code produced, operands required, execution time, and a description. For each instruction, there is an operational description and a summary of exceptions generated.

Intel Instruction Set Overview

This section contains an introduction to the Intel instruction set and presents the terminology necessary to understand the encoding and operation of each individual instruction.

Operand-Size and Address-Size Attributes

When executing an instruction, the processor can address memory using either 16 or 32-bit addresses. Consequently, each instruction that uses memory addresses has associated with it an address-size attribute of either 16 or 32 bits. The use of 16-bit addresses implies both the use of 16-bit displacements in instructions and the generation of 16-bit address offsets (segment relative addresses) as the result of the effective address calculations. 32-bit addresses imply the use of 32-bit displacements and the generation of 32-bit address offsets. Similarly, an instruction that accesses words (16 bits) or doublewords (32 bits) has an operand-size attribute of either 16 or 32 bits.

The attributes are determined by a combination of defaults, instruction prefixes, and (for programs executing in protected mode) size-specification bits in segment descriptors.

Default Segment Attribute

For programs running in protected mode, the D bit in executable-segment descriptors specifies the default attribute for both address size and operand size. These default attributes apply to the execution of all instructions in the segment. A clear D bit sets the default address size and operand size to 16 bits; a set D bit, to 32 bits.

Programs that execute in real mode or virtual-8086 mode have 16-bit addresses and operands by default.

Operand-Size and Address-Size Instruction Prefixes

The internal encoding of an instruction can include two byte-long prefixes: the address-size prefix, 67H, and the operand-size prefix, 66H. (A later section, "Instruction Format", shows the position of the prefixes in an instruction's encoding.) These prefixes override the default segment attributes for the instruction that follows. The following table shows the effect of each possible combination of defaults and overrides.

Y = Yes, this instruction prefix is present

N = No, this instruction prefix is not present

Address-Size Attribute for Stack

Instructions that use the stack implicitly (for example: POP EAX) also have a stack address-size attribute of either 16 or 32 bits. Instructions with a stack address-size attribute of 16 use the 16-bit SP stack pointer register; instructions with a stack address-size attribute of 32 bits use the 32-bit ESP register to form the address of the top of the stack.

The stack address-size attribute is controlled by the B bit of the data-segment descriptor in the SS register. A value of zero in the B bit selects a stack address-size attribute of 16; a value of one selects a stack address-size attribute of 32.

Instruction Format

All instruction encodings are subsets of the general instruction format shown in the following figure. Instructions consist of optional instruction prefixes (in any order), one or two primary opcode bytes, possibly an address specifier consisting of the ModR/M byte and the SIB (Scale Index Base) byte, a displacement, if required, and an immediate data field, if required.

Smaller encoding fields can be defined within the primary opcode or opcodes. These fields define the direction of the operation, the size of the displacements, the register encoding, or sign extension; encoding fields vary depending on the class of operation.

Most instructions that can refer to an operand in memory have an addressing form byte following the primary opcode byte(s). This byte, called the ModR/M byte, specifies the address form to be used. Certain encodings of the ModR/M byte indicate a second addressing byte, the SIB (Scale Index Base) byte, which follows the ModR/M byte and is required to fully specify the addressing form.

Addressing forms can include a displacement immediately following either the ModR/M or SIB byte. If a displacement is present, it can be 8-, 16- or 32-bits.

If the instruction specifies an immediate operand, the immediate operand always follows any displacement bytes. The immediate operand, if specified, is always the last field of the instruction.

Zero or one bytes are reserved for each group of prefixes. The prefixes are grouped as follows:

1. Instruction Prefixes: REP, REPE/REPZ, REPNE/REPNZ, LOCK
2. Segment Override Prefixes: CS, SS, DS, ES, FS, GS
3. Operand Size Override
4. Address Size Override

For each instruction, one prefix may be used from each group. The effect of redundant prefixes (more than one prefix from a group) is undefined and may vary from processor to processor. The prefixes may come in any order.

The following are the allowable instruction prefix codes:

F3H     REP prefix (used only with string instructions)
F3H     REPE/REPZ prefix (used only with string instructions)
F2H     REPNE/REPNZ prefix (used only with string instructions)
F0H     LOCK prefix

The following are the segment override prefixes:

2EH     CS segment override prefix 
36H     SS segment override prefix 
3EH     DS segment override prefix 
26H     ES segment override prefix 
64H     FS segment override prefix 
65H     GS segment override prefix 
66H     Operand-size override 
67H     Address-size override

ModR/M and SIB Bytes

The ModR/M and SIB bytes follow the opcode byte(s) in many of the processor instructions. They contain the following information:

• The indexing type or register number to be used in the instruction
• The register to be used, or more information to select the instruction
• The base, index, and scale information

The ModR/M byte contains three fields of information:

• The mod field, which occupies the two most significant bits of the byte, combines with the r/m field to form 32 possible values: eight registers and 24 indexing modes.
• The reg field, which occupies the next three bits following the mod field, specifies either a register number or three more bits of opcode information. The meaning of the reg field is determined by the first (opcode) byte of the instruction.
• The r/m field, which occupies the three least significant bits of the byte, can specify a register as the location of an operand, or can form part of the addressing-mode encoding in combination with the mod field as described above.

The based indexed forms of 32-bit addressing require the SIB byte. The presence of the SIB byte is indicated by certain encodings of the ModR/M byte. The SIB byte then includes the following fields:

• The ss field, which occupies the two most significant bits of the byte, specifies the scale factor.
• The index field, which occupies the next three bits following the ss field and specifies the register number of the index register.
• The base field, which occupies the three least significant bits of the byte, specifies the register number of the base register.

ModR/M and SIB Byte Formats

                 MODR/M BYTE
    7     6    5     4     3   2    1     0
  ┌──────────┬────────────────┬──────────────┐
  │  MOD     │   REG/OPCODE   │     R/M      │
  └──────────┴────────────────┴──────────────┘

           SIB (SCALE INDEX BASE) BYTE
    7     6    5     4     3   2    1     0
  ┌──────────┬────────────────┬──────────────┐
  │    SS    │     INDEX      │     BASE     │
  └──────────┴────────────────┴──────────────┘

16-Bit Addressing Forms with the ModR/M Byte

Notes:

1. disp8 denotes an 8-bit displacement following the ModR/M byte, to be sign-extended and added to the index.
2. disp16 denotes a 16-bit displacement following the ModR/M byte, to be added to the index. Default segment register is SS for the effective addresses containing a BP index, DS for other effective addresses.

32-Bit Addressing Forms with the ModR/M Byte

[EAX]         | 00  |  000  | 00  | 08  | 10  | 18  | 20  | 28  | 30  | 38
[ECX]         |     |  001  | 01  | 09  | 11  | 19  | 21  | 29  | 31  | 39
[EDX]         |     |  010  | 02  | 0A  | 12  | 1A  | 22  | 2A  | 32  | 3A
[EBX]         |     |  011  | 03  | 0B  | 13  | 1B  | 23  | 2B  | 33  | 3B
[--][--]      |     |  100  | 04  | 0C  | 14  | 1C  | 24  | 2C  | 34  | 3C
disp32        |     |  101  | 05  | 0D  | 15  | 1D  | 25  | 2D  | 35  | 3D
[ESI]         |     |  110  | 06  | 0E  | 16  | 1E  | 26  | 2E  | 36  | 3E
[EDI]         |     |  111  | 07  | 0F  | 17  | 1F  | 27  | 2F  | 37  | 3F

disp8[EAX]    | 01  |  000  | 40  | 48  | 50  | 58  | 60  | 68  | 70  | 78
disp8[ECX]    |     |  001  | 41  | 49  | 51  | 59  | 61  | 69  | 71  | 79
disp8[EDX]    |     |  010  | 42  | 4A  | 52  | 5A  | 62  | 6A  | 72  | 7A
disp8[EBX]    |     |  011  | 43  | 4B  | 53  | 5B  | 63  | 6B  | 73  | 7B
disp8[--][--] |     |  100  | 44  | 4C  | 54  | 5C  | 64  | 6C  | 74  | 7C
disp8[EBP]    |     |  101  | 45  | 4D  | 55  | 5D  | 65  | 6D  | 75  | 7D
disp8[ESI]    |     |  110  | 46  | 4E  | 56  | 5E  | 66  | 6E  | 76  | 7E
disp8[EDI]    |     |  111  | 47  | 4F  | 57  | 5F  | 67  | 6F  | 77  | 7F

disp32[EAX]   | 10  |  000  | 80  | 88  | 90  | 98  | A0  | A8  | B0  | B8
disp32[ECX]   |     |  001  | 81  | 89  | 91  | 99  | A1  | A9  | B1  | B9
disp32[EDX]   |     |  010  | 82  | 8A  | 92  | 9A  | A2  | AA  | B2  | BA
disp32[EBX]   |     |  011  | 83  | 8B  | 93  | 9B  | A3  | AB  | B3  | BB
disp32[--][--]|     |  100  | 84  | 8C  | 94  | 9C  | A4  | AC  | B4  | BC
disp32[EBP]   |     |  101  | 85  | 8D  | 95  | 9D  | A5  | AD  | B5  | BD
disp32[ESI]   |     |  110  | 86  | 8E  | 96  | 9E  | A6  | AE  | B6  | BE
disp32[EDI]   |     |  111  | 87  | 8F  | 97  | 9F  | A7  | AF  | B7  | BF

EAX/AX/AL     | 11  |  000  | C0  | C8  | D0  | D8  | E0  | E8  | F0  | F8
ECX/CX/CL     |     |  001  | C1  | C9  | D1  | D9  | E1  | E9  | F1  | F9
EDX/DX/DL     |     |  010  | C2  | CA  | D2  | DA  | E2  | EA  | F2  | FA
EBX/BX/BL     |     |  011  | C3  | CB  | D3  | DB  | E3  | EB  | F3  | FB
ESP/SP/AH     |     |  100  | C4  | CC  | D4  | DC  | E4  | EC  | F4  | FC
EBP/BP/CH     |     |  101  | C5  | CD  | D5  | DD  | E5  | ED  | F5  | FD
ESI/SI/DH     |     |  110  | C6  | CE  | D6  | DE  | E6  | EE  | F6  | FE
EDI/DI/BH     |     |  111  | C7  | CF  | D7  | DF  | E7  | EF  | F7  | FF

Notes:

1. [--][--] means a SIB follows the ModR/M byte.
2. disp8 denotes an 8-bit displacement following the SIB byte, to be sign-extended and added to the index.
3. disp32 denotes a 32-bit displacement following the SIB byte, to be added to the index.

32-Bit Addressing Forms with the SIB Byte

Notes: [*] means a disp32 with no base if MOD is 00, [EBP] otherwise. This provides the following addressing modes:

disp32[index]           (MOD=00)
disp8[EBP][index]       (MOD=01)
disp32[EBP][index]      (MOD=10)

How to Read the Instruction Set Pages

The following sections describe how to interpret the description pages for each instruction listed in the Intel Instruction Set section. Each instruction family is introduced by a descriptive heading such as the following:

CMC-Complement Carry Flag

Each instruction family may be accompanied by descriptive sections labeled as follows: Details Table, Operation, Flags Affected, Protected Mode Exceptions, Real Address Mode Exceptions, Virtual-8086 Mode Exceptions, and optionally, a Notes section. The following sections explain the notational conventions and abbreviations used in these paragraphs of the instruction descriptions.

Details Table

For each instruction family, a table is given to list the details of each individual instruction. The following is an example of this table:

The Encoding, Instruction, and Description columns are described in the following sections. The columns labeled 0, 1, 2, 3, 4, and 5 are collectively described in the Clocks section. A timing entry appearing in one of these columns is an indication that the associated processor implements that particular instruction variation. The column names are abbreviated, and are described as follows:

0 The 8088/8086/8087 Processor Family

1 The 80186/8087 Processor Family

2 The 80286/80287 Processor Family

3 The 80386/80387 Processor Family

4 The 80486 Processor Family

5 The Pentium Processor Family

Encoding Column

The "Encoding" column gives the complete object code produced for each form of the instruction. When possible, the codes are given as hexadecimal bytes, in the same order in which they appear in memory. Definitions of entries other than hexadecimal bytes are as follows:

• /digit: (digit is between 0 and 7) indicates that the ModR/M byte of the instruction uses only the r/m (register or memory) operand. The reg field contains the digit that provides an extension to the instruction's opcode.
• /r: indicates that the ModR/M byte of the instruction contains both a register operand and an r/m operand.
• cb, cw, cd, cp: a 1-byte (cb), 2-byte (cw), 4-byte (cd) or 6-byte (cp) value following the opcode that is used to specify a code offset and possibly a new value for the code segment register.
• ib, iw, id: a 1-byte (ib), 2-byte (iw), or 4-byte (id) immediate operand to the instruction that follows the opcode, ModR/M bytes or scale-indexing bytes. The opcode determines if the operand is a signed value. All words and doublewords are given with the low-order byte first.
• +rb, +rw, +rd: a register code, from 0 through 7, added to the hexadecimal byte given at the left of the plus sign to form a single opcode byte. The codes are:

• +i: used in floating-point instructions when one of the operands is ST(i) from the FPU register stack. The number i (which can range from 0 to 7) is added to the hexadecimal byte given at the left of the plus sign to form a single opcode byte.

Instruction Column

The "Instruction" column gives the syntax of the instruction statement as it would appear in an assembler program. The following is a list of the symbols used to represent operands in the instruction statements:

rel8

A relative address in the range from 128 bytes before the end of the instruction to 127 bytes after the end of the instruction.

rel16

A relative address in the range from 32768 bytes before the end of the instruction to 32767 bytes after the end of the instruction. Applies to instructions with an operand-size attribute of 16 bits, and must be within the same code segment as the instruction assembled.

rel32

A relative address in the range from 2147483648 bytes before the end of the instruction to 2147483647 bytes after the end of the instruction. Applies to instructions with an operand-size attribute of 32 bits, and must be within the same code segment as the instruction assembled.

ptr16

16

A far pointer, typically in a code segment different from that of the instruction. The notation 16:16 indicates that the value of the pointer has two parts. The value to the left of the colon is a 16-bit selector or value destined for the code segment register. The value to the right reflects the operand-size attribute of the instruction (16 bits) and corresponds to the offset within the destination segment.

ptr16

32

A far pointer, typically in a code segment different from that of the instruction. The notation 16:32 indicates that the value of the pointer has two parts. The value to the left of the colon is a 16-bit selector or value destined for the code segment register. The value to the right reflects the operand-size attribute of the instruction (32 bits) and corresponds to the offset within the destination segment.

r8

One of the byte registers AL, CL, DL, BL, AH, CH, DH, or BH.

r16

One of the word registers AX, CX, DX, BX, SP, BP, SI, or DI.

r32

One of the doubleword registers EAX, ECX, EDX, EBX, ESP, EBP, ESI, or EDI.

imm8

An immediate byte value. imm8 is a signed number between -128 and +127 inclusive. For instructions in which imm8 is combined with a word or doubleword operand, the immediate value is sign-extended to form a word or doubleword. The upper byte of the word is filled with the topmost bit of the immediate value.

imm16

An immediate word value used for instructions whose operand-size attribute is 16 bits. This is a number between -32768 and +32767 inclusive.

imm32

An immediate doubleword value used for instructions whose operand-size attribute is 32-bits. It allows the use of a number between +2147483647 and -2147483648 inclusive.

r/m8

A one-byte operand that is either the contents of a byte register (AL, BL, CL, DL, AH, BH, CH, DH), or a byte from memory.

r/m16

A word register or memory operand used for instructions whose operand-size attribute is 16 bits. The word registers are: AX, BX, CX, DX, SP, BP, SI, DI. The contents of memory are found at the address provided by the effective address computation.

r/m32

A doubleword register or memory operand used for instructions whose operand-size attribute is 32-bits. The doubleword registers are: EAX, EBX, ECX, EDX, ESP, EBP, ESI, EDI. The contents of memory are found at the address provided by the effective address computation.

r/m64

A quadword register or memory operand used for instructions whose operand- size attribute is 64-bits. The reg/opcode field represents the opcode. The contents of memory are found at the address provided by the effective address computation.

m

A 16 or 32-bit memory operand.

m8

A memory byte addressed by DS:[E]SI or ES:[E]DI (used only by string instructions).

m16

A memory word addressed by DS:[E]SI or ES:[E]DI (used only by string instructions).

m32

A memory doubleword addressed by DS:[E]SI or ES:[E]DI (used only by string instructions).

m16

16

A memory operand containing a far pointer composed of two numbers. The number to the left of the colon corresponds to the pointer's segment selector. The number to the right corresponds to its offset.

m16

32

A memory operand containing a far pointer composed of two numbers. The number to the left of the colon corresponds to the pointer's segment selector. The number to the right corresponds to its offset.

m16&16

A memory operand consisting of data item pairs whose sizes are indicated on the left and the right side of the ampersand. All memory addressing modes are allowed. Used by the BOUND instruction to provide an operand containing an upper and lower bounds for array indices.

m16&32

A memory operand consisting of data item pairs whose sizes are indicated on the left and the right side of the ampersand. All memory addressing modes are allowed. Used by the by LIDT and LGDT to provide a word with which to load the limit field, and a doubleword with which to load the base field of the corresponding Global and Interrupt Descriptor Table Registers.

m32&32

A memory operand consisting of data item pairs whose sizes are indicated on the left and the right side of the ampersand. All memory addressing modes are allowed. Used by the BOUND instruction to provide an operand containing an upper and lower bounds for array indices.

moffs8

The memory offset of a BYTE variable used in some variants of the MOV instruction. The actual address is given by a simple offset relative to the segment base. No ModR/M byte is used in the instruction. The address- size attribute of the instruction determines the size of the offset data.

moffs16

The memory offset of a WORD variable used in some variants of the MOV instruction. The actual address is given by a simple offset relative to the segment base. No ModR/M byte is used in the instruction. The address- size attribute of the instruction determines the size of the offset data.

moffs32

The memory offset of a DWORD variable used in some variants of the MOV instruction. The actual address is given by a simple offset relative to the segment base. No ModR/M byte is used in the instruction. The address- size attribute of the instruction determines the size of the offset data.

Sreg

A segment register. The segment register bit assignments are ES=0, CS=1, SS=2, DS=3, FS=4, and GS=5.

m32real

A single-precision floating-point operand in memory.

m64real

A double-precision floating-point operand in memory.

m80real

An extended-precision floating-point operand in memory.

m80bcd

A 80 byte binary-coded decimal operand in memory.

m16int

A word integer operand in memory. Used in some floating-point instructions.

m32int

A short integer operand in memory. Used in some floating-point instructions.

m64int

A long integer operand in memory. Used in some floating-point instructions.

m14byte

A 14-byte floating-point operand in memory.

m28byte

A 28-byte floating-point operand in memory.

m94byte

A 94-byte floating-point operand in memory.

m108byte

A 108-byte floating-point operand in memory.

ST or ST(0)

Top element of the FPU register stack.

ST(i)

ith element from the top of the FPU register stack. (i=0..7)

Clocks Columns

Each "Clocks" column gives the approximate number of clock cycles the instruction takes to execute on that particular processor. The clock count calculations makes the following assumptions:

• Data and instruction accesses hit in the cache.
• The target of a jump instruction is in the cache.
• No invalidate cycles contend with the instruction for use of the cache.
• Page translation hits in the TLB.
• Memory operands are aligned.
• Effective address calculations use a base register which is not the destination register of the preceding instruction.
• No exceptions are detected during execution.
• There are no write-buffer delays.

The following symbols are used in the clock count specifications:

• n, which represents a number of repetitions.
• m, which represents the number of components in the next instruction executed, where the entire displacement (if any) counts as one component, the entire immediate data (if any) counts as one component, and every other byte of the instruction and prefix(es) each counts as one component.
• pm:, a clock count that applies when the instruction executes in Protected Mode. pm: is not given when the clock counts are the same for Protected and Real Address Modes.

When an exception occurs during the execution of an instruction and the exception handler is in another task, the instruction execution time is increased by the number of clocks to effect a task switch. This parameter depends on several factors:

• The type of TSS used to represent the new task (32 bit TSS or 16 bit TSS).
• Whether the current task is in V86 mode.
• Whether the new task is in V86 mode.
• Whether accesses hit in the cache.
• Whether a task gate on an interrupt/trap gate is used.

The following table summarizes the task switch times for exceptions, assuming cache hits and the use of task gates.

Task Switch Times for Exceptions

Description Column

The "Description" column following the "Clocks" columns briefly explains the various forms of the instruction. The "Operation" and "Description" sections contain more details of the instruction's operation.

Description

The "Description" section contains further explanation of the instruction's operation.

Operation

The "Operation" section contains an algorithmic description of the instruction which uses a notation similar to the Algol or Pascal language. The algorithms are composed of the following elements:

• Comments are enclosed within the symbol pairs "(*" and "*)".
• Compound statements are enclosed between the keywords of the "if" statement (IF, THEN, ELSE, FI) or of the "do" statement (DO, OD), or of the "case" statement (CASE ... OF, ESAC).
• Execution continues until the END statement is encountered.
• A register name implies the contents of the register. A register name enclosed in brackets implies the contents of the location whose address is contained in that register. For example, ES:[DI] indicates the contents of the location whose ES segment relative address is in register DI. [SI] indicates the contents of the address contained in register SI relative to SI's default segment (DS) or overridden segment.
• Brackets are also used for memory operands, where they mean that the contents of the memory location is a segment-relative offset. For example, [SRC] indicates that the contents of the source operand is a segment- relative offset.
• A ← B; indicates that the value of B is assigned to A.
• The symbols =, <>, ò, and ó are relational operators used to compare two values, meaning equal, not equal, greater or equal, less or equal, respectively. A relational expression such as A = B is TRUE if the value of A is equal to B; otherwise it is FALSE.
• A * B indicates that the value of A is multiplied by the value of B.

The following identifiers are used in the algorithmic descriptions:

• OperandSize represents the operand-size attribute of the instruction, which is either 16 or 32 bits. AddressSize represents the address-size attribute, which is either 16 or 32 bits. For example,

IF instruction = CMPSW
THEN OperandSize ← 16;
ELSE 
  IF instruction = CMPSD 
  THEN OperandSize ← 32;
  FI;
FI;

indicates that the operand-size attribute depends on the form of the CMPS instruction used. Refer to the explanation of address-size and operand-size attributes at the beginning of this chapter for general guidelines on how these attributes are determined.

• StackAddrSize represents the stack address-size attribute associated with the instruction, which has a value of 16 or 32 bits, as explained earlier in the chapter.
• SRC represents the source operand. When there are two operands, SRC is the one on the right.
• DEST represents the destination operand. When there are two operands, DEST is the one on the left.
• LeftSRC, RightSRC distinguishes between two operands when both are source operands.
• eSP represents either the SP register or the ESP register depending on the setting of the B-bit for the current stack segment.

The following functions are used in the algorithmic descriptions:

• Truncate to 16 bits(value) reduces the size of the value to fit in 16 bits by discarding the uppermost bits as needed.
• Addr(operand) returns the effective address of the operand (the result of the effective address calculation prior to adding the segment base).
• ZeroExtend(value) returns a value zero-extended to the operand-size attribute of the instruction. For example, if OperandSize = 32, ZeroExtend of a byte value of -10 converts the byte from F6H to doubleword with hexadecimal value 000000F6H. If the value passed to ZeroExtend and the operand-size attribute are the same size, ZeroExtend returns the value unaltered.
• SignExtend(value) returns a value sign-extended to the operand-size attribute of the instruction. For example, if OperandSize = 32, SignExtend of a byte containing the value -10 converts the byte from F6H to a doubleword with hexadecimal value FFFFFFF6H. If the value passed to SignExtend and the operand-size attribute are the same size, SignExtend returns the value unaltered.
• Push(value) pushes a value onto the stack. The number of bytes pushed is determined by the operand-size attribute of the instruction. The action of Push is as follows:

IF StackAddrSize = 16 
THEN 
  IF OperandSize = 16 
  THEN
     SP ← SP -2;
     SS:[SP] ← value; (* 2 bytes assigned starting at byte address in SP *)
  ELSE (* OperandSize = 32 *)
     SP ← SP -4;
     SS:[SP] ← value; (* 4 bytes assigned starting at byte address in SP *)
  FI;
ELSE (* StackAddrSize = 32 *)
  IF OperandSize = 16 
  THEN
  ESP ← ESP -2;
     SS:[ESP] ← value; (* 2 bytes assigned starting at byte address in ESP*)
  ELSE (* OperandSize = 32 *)
     ESP ← ESP -4;
     SS:[ESP] ← value; (* 4 bytes assigned starting at byte address in ESP*)
  FI;
FI;

• Pop(value) removes the value from the top of the stack and returns it. The statement EAX ← Pop( ); assigns to EAX the 32-bit value that Pop took from the top of the stack. Pop will return either a word or a doubleword depending on the operand-size attribute. The action of Pop is as follows:

IF StackAddrSize = 16 
THEN 
  IF OperandSize = 16 
  THEN
     ret val ← SS:[SP]; (* 2-byte value *)
     SP ← SP + 2;
  ELSE (* OperandSize = 32 *)
     ret val ← SS:[SP]; (* 4-byte value *)
     SP ← SP + 4;
  FI;
ELSE (* StackAddrSize = 32 *)
  IF OperandSize = 16 
  THEN
     ret val ← SS:[ESP]; (* 2 byte value *)
     ESP ← ESP + 2;
  ELSE (* OperandSize = 32 *)
     ret val ← SS:[ESP]; (* 4 byte value *)
     ESP ← ESP + 4;
  FI;
FI;
RETURN(ret val); (*returns a word or doubleword*)

Pop ST is used on floating-point instruction pages to mean pop the FPU register stack.

• Bit[BitBase, BitOffset] returns the value of a bit within a bit string, which is a sequence of bits in memory or a register. Bits are numbered from low-order to high-order within registers and within memory bytes. In memory, the two bytes of a word are stored with the low-order byte at the lower address.

If the base operand is a register, the offset can be in the range 0..31. This offset addresses a bit within the indicated register. An example, 'BIT [EAX, 21]' is illustrated in the following figure.

Bit Offset for BIT[EAX,21]

  31            21                            0
┌──────────────┬──┬────────────────────────────┐
└──────────────┴──┴────────────────────────────┘
                 ↑                             ↑
                 │                             │
                 └────────BITOFFSET=21─────────┘

If BitBase is a memory address, BitOffset can range from -2 gigabits to 2 gigabits. The addressed bit is numbered (Offset MOD 8) within the byte at address (BitBase + (BitOffset DIV 8)), where DIV is signed division with rounding towards negative infinity, and MOD returns a positive number. This is illustrated in the following figure.

Memory Bit Indexing

 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
 ┌──┬──┬────────┬────────────────┬──────────────┐
 └──┴──┴────────┴────────────────┴──────────────┘
 │  BITBASE+1   │    BITBASE     │   BITBASE-1  │
     ↑                           │
     └──────OFFSET=+13───────────┘

 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
 ┌──────────────┬────────────────┬──────────────┐
 └──────────────┴────────────────┴──────────────┘
 │  BITBASE     │   BITBASE-1    │   BITBASE-2  │
                │                      ↑
                └─────OFFSET=-11───────┘

• I-O-Permission(I-O-Address, width) returns TRUE or FALSE depending on the I/O permission bitmap and other factors. This function is defined as follows:

IF TSS type is 16-bit THEN RETURN FALSE; FI;
Ptr← [TSS+66]; (* fetch bitmap pointer *)
BitStringAddr ← SHR (I-O-Address, 3) + Ptr;
MaskShift ← I-O-Address AND 7;
CASE width OF:
 BYTE: nBitMask ← 1;
 WORD: nBitMask ← 3;
 DWORD: nBitMask ← 15;
ESAC;
mask ← SHL (nBitMask, MaskShift);
CheckString ← [BitStringAddr] AND mask;
IF CheckString = 0 
THEN RETURN (TRUE);
ELSE RETURN (FALSE);
FI;

• Switch-Tasks is described in detail in the Intel documentation.

Flags Affected

Pages describing basic instructions have a "Flags Affected" section the contains a flags information table similar to the following:

The first row of the table lists the mnemonic identifiers for the various flags. The entries in the second row are filled in according to how the flag is affected by the instruction:

The following table lists the mnemonic identifier, full name, and purpose of the flags that are applicable to all processor families and that are most commonly used from within application-level programs. Not all flags are included in this table; see the Intel documentation for a more complete description of flag usage from within systems-level programs.

The flags information table is usually followed by a paragraph description of how the flags are affected:

• If a flag is always cleared or always set by the instruction, the value is given (0 or 1) after the flag name. Arithmetic and logical instructions usually assign values to the status flags in a uniform manner. Nonconventional assignments are described in the Operation section.
• The values of flags listed as "undefined" may be changed by the instruction in an indeterminate manner.

All flags not listed are unchanged by the instruction.

FPU Flags Affected

The floating-point instruction pages have a section called "FPU Flags Affected," which tells how each instruction can affect the four condition code bits of the FPU status word. These pages contain a condition code information table similar to the following:

The first row of the table lists the names of the floating-point condition code flags. The entries in the second row are filled in according to how the flag is affected by the instruction:

The four FPU condition code bits (C0, C1, C2, and C3) are similar to the flags in a CPU; the processor updates these bits to reflect the outcome of arithmetic operations. The effect of these instructions on the condition code bits is summarized in the following table:

NOTES: O/U# When both IE and SF bits of status word are set, this bit distinguishes between stack overflow (C1=1) and underflow (C1=0).

Reduction If FPREM and FPREM1 produces a remainder that is less than the modulus, reduction is complete. When reduction is incomplete the value at the top of the stack is a parial remainder, which can be used as input to further reduction. For FPTAN, FSIN, FCOS and FSINCOS, the reduction bit is set if the operand at the top of the stack is too large. In this case, the original operand remains at the top of the stack.

Roundup When the PE bit of the status word is set, this bit indicates whether the last rounding in the instruction was upward.

UNDEFINED Do not rely on any specific value in these bits.

The condition code bits are used primarily for conditional branching. The FSTSW AX instruction stores the FPU status word directly into the AX register, allowing these condition codes to be inspected efficiently. The SAHF instruction can copy C3 - C0 directly to the CPU's flag bits to simplify conditional branching. The following table shows the mapping of these bits to the CPU flag bits.

Numeric Exceptions

For floating-point instruction pages, this section lists the exception flags of the FPU status word that each instruction can set. Exceptions are listed in abbreviated form, and are defined as follows:

IS Invalid operand due to stack overflow/underflow

I Invalid operand due to other cause

D Denormalized operand

Z Divide by zero

O Numeric overflow

U Numeric underflow

P Inexact result (precision)

Protected Mode Exceptions

This section lists the exceptions that can occur when the instruction is executed in protected mode. The exception names are a pound sign (#) followed by two letters and an optional error code in parentheses. For example, #GP(0) denotes a general protection exception with an error code of 0. The following table associates each two-letter name with the corresponding interrupt number.

Refer to the Intel documentation for a description of the exceptions and the processor state upon entry to the exception. Application programmers should consult the documentation provided with their operating systems to determine the actions taken when exceptions occur.

Real Address Mode Exceptions

Because less error checking is performed by the processor in Real Address Mode, this mode has fewer exception conditions. Refer to the Intel documentation for further information on these exceptions.

Virtual-8086 Mode Exceptions

Virtual 8086 tasks provide the ability to simulate Virtual 8086 machines. Virtual 8086 Mode exceptions are similar to those for the 8086 processor, but there are some differences. Refer to the Intel documentation for complete information on Virtual Mode exceptions.

Intel Instruction Set

The following section describes the individual processor instructions in detail.

AAA - ASCII Adjust after Addition

Description

Run the AAA instruction only following an ADD instruction that leaves a byte result in the AL register. The lower nibbles of the operands of the ADD instruction should be in the range 0 through 9 (BCD digits). In this case, the AAA instruction adjusts the AL register to contain the correct decimal digit result. If the addition produced a decimal carry, the AH register is incremented, and the CF and AF flags are set. If this same addition also produced FH in the upper nibble of AL then AH is incremented again. If there was no decimal carry, the CF and AF flags are cleared and the AH register is unchanged. In either case, the AL register is left with its top nibble set to 0. To convert the AL register to an ASCII result, follow the AAA instruction with OR AL, 30H.

Operation

ALcarry ← AL > 0F9H; (* 1 if true *)
IF ((AL AND 0FH) > 9) OR (AF = 1)
THEN 
   AL ← (AL + 6) AND 0FH;
   AH ← AH + 1 + ALcarry;
   AF ← 1;
   CF ← 1;
ELSE 
   AF ← 0;
   CF ← 0;
   AL ← AL AND 0FH;
FI;

Flags Affected

The AF and CF flags are set if there is a decimal carry, cleared if there is no decimal carry; the OF, SF, ZF, and PF flags are undefined.

AAD - ASCII Adjust AX before Division

Description

The AAD instruction is used to prepare two unpacked BCD digits (the least-significant digit in the AL register, the most-significant digit in the AH register) for a division operation that will yield an unpacked result. This is accomplished by setting the AL register to AL+ (second byte of opcode * AH), and then clearing the AH register. The AX register is then equal to the binary equivalent of the original unpacked two-digit number.

Operation

regAL = AL;
regAH = AH;
AL ← (regAH * imm8 + regAL) AND OFFH;
AH ← 0;

Note: imm8 has the value of the instruction's second byte. The second byte under normally assembly of this instruction will be 0A, however, explicit modification of this byte will result in the operation described above and may alter results.

Flags Affected

The SF, ZF, and PF flags are set according to the result; the OF, AF, and CF flags are undefined.

AAM - ASCII Adjust AX after Multiply

Details Table

Description

Run the AAM instruction only after running a MUL instruction between two unpacked BCD digits that leaves the result in the AX register. Because the result is less than 100, it is contained entirely in the AL register. The AAM instruction unpacks the AL result by dividing AL by the second byte of the opcode, leaving the quotient (most-significant digit) in the AH register and the remainder (least-significant digit) in the AL register.

Operation

regAL ← AL;
AH ← regAL / imm8;
AL ← regAL MOD imm8;

Note: imm8 has the value of the instruction's second byte. The second byte under normally assembly of this instruction will be 0A., however, explicit modification of this byte will result in the operation described above and may alter results.

Flags Affected

The SF, ZF, and PF flags are set according to the result; the OF, AF, and CF flags are undefined.

AAS - ASCII Adjust AL after Subtraction

Details Table

Description

Run the AAS instruction only after a SUB instruction that leaves the byte result in the AL register. The lower nibbles of the operands of the SUB instruction must have been in the range of 0 through 9 (BCD digits). In this case, the AAS instruction adjusts the AL register so it contains the correct decimal digit result. If the subtraction produced a decimal carry, the AH register is decremented, and the CF and AF flags are set. If no decimal carry occurred, the CF and AF flags are cleared, and the AH register is unchanged. In either case, the AL register is left with its top nibble set to 0. To convert the AL result to an ASCII result, follow the AAS instruction with OR AL, 30H.

Operation

ALborrow ← AL < 6; (* 1 if true *)
IF (AL AND 0FH) > 9 OR AF = 1
THEN
   AL ← (AL - 6) AND 0FH;
   AH ← AH - 1 - ALborrow;
   AF ← 1;
   CF ← 1;
ELSE
   CF ← 0;
   AF ← 0;
   AL ← AL AND 0FH
FI;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|? |  |  |? |? |* |? |* 

The AF and CF flags are set if there is a decimal carry, cleared if there is no decimal carry; the OF, SF, ZF, and PF flags are undefined.

ADC - Add with Carry

Description

The ADC instruction performs an integer addition of the two operands DEST and SRC and the carry flag, CF. The result of the addition is assigned to the first operand (DEST), and the flags are set accordingly. The ADC instruction is usually run as part of a multi-byte or multi-word addition operation. When an immediate byte value is added to a word or doubleword operand, the immediate value is first sign-extended to the size of the word or doubleword operand.

Operation

DEST ← DEST + SRC + CF;

Flags Affected

The OF, SF, ZF, AF, CF, and PF flags are set according to the result.

Protected Mode Exceptions

\#GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

ADD - Add

Details Table

Description

The ADD instruction performs an integer addition of the two operands (DEST and SRC). The result of the addition is assigned to the first operand (DEST ), and the flags are set accordingly. When an immediate byte is added to a word or doubleword operand, the immediate value is sign-extended to the size of the word or doubleword operand.

Operation

DEST ← DEST + SRC;

Flags Affected

OF|DF|IF|SF|ZF|AF|PF|CF
--+--+--+--+--+--+--+--
* |  |  |* |* |* |* |*

The OF, SF, ZF, AF, CF, and PF flags are set according to the result.

Protected Mode Exceptions

1. GP(0) is the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

AND - Logical AND

Details Table

Description

Each bit of the result of the AND instruction is a 1 if both corresponding bits of the operands are 1; otherwise, it becomes a 0.

Operation

DEST ← DEST AND SRC;
CF ← 0;
OF ← 0;

Flags Affected

The CF and OF flags are cleared; the PF, SF, and ZF flags are set according to the result; the AF flag is undefined.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

ARPL - Adjust RPL Field of Selector

Description

The ARPL instruction has two operands. The first operand is a 16-bit memory variable or word register that contains the value of a selector. The second operand is a word register. If the RPL field ("requested privilege level" - bottom two bits) of the first operand is less than the RPL field of the second operand, the ZF flag is set and the RPL field of the first operand is increased to match the second operand. Otherwise, the ZF flag is cleared and no change is made to the first operand. The ARPL instruction appears in operating system software, not in application programs. It is used to guarantee that a selector parameter to a subroutine does not request more privilege than the caller is allowed. The second operand of the ARPL instruction is normally a register that contains the CS selector value of the caller.

Operation

IF RBL bits(0,1) of DEST < RPL bits(0,1) of SRC 
THEN 
   ZF ← 1;
   RPL bits(0,1) of DEST ← RPL bits (0,1) of SRC;
ELSE 
   ZF ← 0;
FI;

Flags Affected

OF|DF|IF|SF|ZF|AF|PF|CF
--+--+--+--+--+--+--+--
  |  |  |  |* |  |  |  

The ZF flag is set if the RPL field of the first operand is less than that of the second operand, otherwise ZF is cleared.

Protected Mode Exceptions

1. GP(0) if the result is a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 6; the ARPL instruction is not recognized in Real Address Mode.

Virtual 8086 Mode Exceptions

Interrupt 6; the ARPL instruction is not recognized in Virtual 8086 Mode.

BOUND - Check Array Index Against Bounds

Description

The BOUND instruction ensures that a signed array index is within the limits specified by a block of memory consisting of an upper and a lower bound. Each bound uses one word when the operand-size attribute is 16-bits and a doubleword when the operand-size attribute is 32-bits. The first operand (a register) must be greater than or equal to the first bound in memory (lower bound), and less than or equal to the second bound in memory (upper bound) plus the number of bytes occupied for the operand size. If the register is not within bounds, an Interrupt 5 occurs; the return EIP points to the BOUND instruction. The bounds limit data structure is usually placed just before the array itself, making the limits addressable via a constant offset from the beginning of the array.

Operation

IF (LeftSRC < [RightSRC] OR LeftSRC > [RightSRC + 
OperandSize/8])
  (* Under lower bound or over upper bound *)
THEN Interrupt 5;
FI;

Protected Mode Exceptions

Interrupt 5 if the bounds test fails, as described above; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3. The second operand must be a memory operand, not a register. If the BOUND instruction is run with a ModR/M byte representing a register as the second operand, #UD occurs.

Real Address Mode Exceptions

Interrupt 5 if the bounds test fails; Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH; Interrupt 6 if the second operand is a register.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

BSF - Bit Scan Forward

Description

The BSF instruction scans the bits in the second word or doubleword operand starting with bit 0. The ZF flag is set if all the bits are 0; otherwise, the ZF flag is cleared and the destination register is loaded with the bit index of the first set bit.

Operation

IF r/m = 0
THEN
   ZF ← 1;
   register ← UNDEFINED;
ELSE
   temp ← 0;
   ZF ← 0;
   WHILE BIT[r/m,temp] = 0
   DO
      temp ← temp + 1;
      register ← temp;
  OD;
FI;

Flags Affected

OF|DF|IF|SF|ZF|AF|PF|CF
--+--+--+--+--+--+--+--
? |  |  |? |* |? |? |? 

The ZF flag is set if all bits are 0; otherwise, the ZF flag is cleared. OF , SF, AF, PF, CF = undefined.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

BSR-Bit Scan Reverse

Description

The BSR instruction scans the bits in the second word or doubleword operand from the most significant bit to the least significant bit. The ZF flag is set if all the bits are 0; otherwise, the ZF flag is cleared and the destination register is loaded with the bit index of the first set bit found when scanning in the reverse direction.

Operation

IF r/m = 0 
THEN 
   ZF ← 1;
   register ← UNDEFINED;
ELSE 
   temp ← OperandSize =1;
   ZF ← 0;
   WHILE BIT[r/m,temp] = 0 
   DO 
      temp ← temp - 1;
      register ← temp;
  OD;
FI;

Flags Affected

The ZF flag is set if all bits are 0; otherwise, the ZF flag is cleared. OS , SF, AF, PF, CF = undefined.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

BSWAP - Byte Swap

Description

The BSWAP instruction reverses the byte order of a 32-bit register, converting a value in little/big endian form to big/little endian form. When BSWAP is used with 16-bit operand size, the result left in the destination register is undefined.

Operation

TEMP ← r32 
r32(7..0) ← TEMP(31..24)
r32(15..8) ← TEMP(23..16)
r32(23..16) ← TEMP(15..8)
r32(31..24) ← TEMP(7.0)

Notes

BSWAP is not supported on Intel386 processors. Include functionally-equivalent code for Intel386 CPUs.

BT - Bit Test

Details Table

Description

The BT instruction saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the CF flag.

Operation

CF ← BIT [LeftSRC, RightSRC];

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|  |  |  |  |  |  |  |* 

The CF flag contains the value of the selected bit.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The index of the selected bit can be given by the immediate constant in the instruction or by a value in a general register. Only an 8-bit immediate value is used in the instruction. This operand is taken modulo 32, so the range of immediate bit offsets is 0..31. This allows any bit within a register to be selected. For memory bit strings, this immediate field gives only the bit offset within a word or doubleword. Immediate bit offsets larger than 31 are supported by some assemblers by using the immediate bit offset field in combination with the displacement field of the memory operand. In this case, the low-order 3 to 5 bits (3 for 16 bit operands, 5 for 32-bit operands) of the immediate bit offset are stored in the immediate bit offset field, and the high-order bits are shifted and combined with the byte displacement in the addressing mode by the assembler. The processor will ignore the high-order bits if they are not zero. When accessing a bit in memory, the processor may access four bytes starting from the memory address given by:

Effective Address + (4* (BitOffset DIV 32))

for a 32-bit operand size, or two bytes starting from the memory address given by:

Effective Address + (2 * (BitOffset DIV 16))

for a 16-bit operand size. It may do so even when only a single byte needs to be accessed in order to reach the given bit. You must therefore avoid referencing areas of memory close to address space holes. In particular, avoid references to memory-mapped I/O registers. Instead, use the MOV instructions to load from or store to these addresses, and use the register form of these instructions to manipulate the data.

BTC - Bit Test and Complement

Details Table

Description

The BTC instruction saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the CF flag and then complements the bit.

Operation

CF ← BIT[LeftSRC, RightSRC];
BIT[LeftSRC, RightSRC] ← NOT BIT[LeftSrc, RightSRC];

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|  |  |  |  |  |  |  |* 

The CF flag contains the complement of the selected bit.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, and GS segments; # SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The index of the selected bit can be given by the immediate constant in the instruction or by a value in a general register. Only an 8-bit immediate value may be used in the instruction. This operand is taken modulo 32, so the range of immediate bit offsets is 0..31. This allows any bit within a register to be selected. For memory bit strings, this immediate field gives only the bit offset within a word or doubleword. Immediate bit offsets larger then 31 are supported by some assemblers by using the immediate bit offset field in combination with the displacement field of the memory operand. In this case, the low-order 3 to 5 bits (3 for 16-bit operands, 5 for 32-bit operands) of the immediate bit offset are stored in the immediate bit offset field, and the high-order bits are shifted and combined with the byte displacement in the addressing mode by the assembler. The processor will ignore the high order bits if they are not zero. When accessing a bit in memory, the processor may access four bytes starting from the memory address given by:

Effective Address + (4 * (BitOffset DIV 32))

for a 32-bit operand size, or two bytes starting from the memory address given by:

Effective Address + (2 * (BitOffset DIV 16))

for a 16-bit operand size. It may do so even when only a single byte needs to be accessed in order to reach the given bit. Therefore, referencing areas of memory close to address space holes should be avoided. In particular, avoid references to memory-mapped I/O registers. Instead, use the MOV instructions to load from or store to these addresses, and use the register form of these instructions to manipulate the data.

BTR-Bit Test and Reset

Details Table

Description

The BTR instruction saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the CF flag and then stores 0 in the bit.

Operation

CF ← BIT[LeftSRC, RightSRC];
BIT[LeftSRC, RightSRC] ← 0;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|  |  |  |  |  |  |  |* |

The CF flag contains the value of the selected bit.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The index of the selected bit can be given by the immediate constant in the instruction or by a value in a general register. Only an 8-bit immediate value is used in the instruction. This operand is taken modulo 32, so the range of immediate bit offsets is 0..31. This allows any bit within a register to be selected. For memory bit strings, this immediate field gives only the bit offset within a word or doubleword. Immediate bit offsets larger than 31 are supported by some assemblers by using the immediate bit offset field in combination with the displacement field of the memory operand. In this case, the low-order 3 to 5-bits (3 for 16-bit operands, 5 for 32-bit operands) of the immediate bit offset are stored in the immediate bit offset field, and the high-order bits are shifted and combined with the byte displacement in the addressing mode by the assembler. The processor will ignore the high-order bits if they are not zero. When accessing a bit in memory, the processor may access four bytes starting from the memory address given by:

Effective Address + 4 * (BitOffset DIV 32)

for a 32-bit operand size, or two bytes starting from the memory address given by:

Effective Address + 2 * (BitOffset DIV 16)

for a 16-bit operand size. It may do so even when only a single byte needs to be accessed in order to reach the given bit. You must therefore avoid referencing areas of memory close to address space holes. In particular, avoid references to memory-mapped I/O registers. Instead, use the MOV instructions to load from or store to these addresses, and use the register form of these instructions to manipulate the data.

BTS-Bit Test and Set

Details Table

Description

The BTS instruction saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the CF flag and then stores 1 in the bit.

Operation

CF ← BIT[LeftSRC, RightSRC];
BIT[LeftSRC, RightSRC] ← 1;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|  |  |  |  |  |  |  |* 

The CF flag contains the value of the selected bit.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The index of the selected bit can be given by the immediate constant in the instruction or by a value in a general register. Only an 8-bit immediate value is used in the instruction. This operand is taken modulo 32, so the range of immediate bit offsets is 0..31. This allows any bit within a register to be selected. For memory bit strings, this immediate field gives only the bit offset within a word or doubleword. Immediate bit offsets larger than 31 are supported by some assemblers by using the immediate bit offset field in combination with the displacement field of the memory operand. In this case, the low-order 3 to 5 bits (3 for 16-bit operands, 5 for 32-bit operands) of the immediate bit offset are stored in the immediate bit offset field, and the high-order bits are shifted and combined with the byte displacement in the addressing mode by the assembler. The processor will ignore the high-order bits if they are not zero. When accessing a bit in memory, the processor may access four bytes starting from the memory address given by:

   Effective Address + (4 * (BitOffset DIV 32))

for a 32-bit operand size, or two bytes starting from the memory address given by:

   Effective Address + (2 * (BitOffset DIV 16))

for a 16-bit operand size. It may do this even when only a single byte needs to be accessed in order to get at the given bit. You must therefore be careful to avoid referencing areas of memory close to address space holes. In particular, avoid references to memory-mapped I/O registers. Instead, use the MOV instructions to load from or store to these addresses, and use the register form of these instructions to manipulate the data.

CALL - Call Procedure

Details Table

Description

The CALL instruction causes the procedure named in the operand to be run. When the procedure is complete (a return instruction is run within the procedure), processing continues at the instruction that follows the CALL instruction. The action of the different forms of the instruction are described below. Near calls are those with destination of type r/m16, r/m32, rel16, rel32; changing or saving the segment register value is not necessary. The CALL rel16 and CALL rel32 forms add a signed offset to the address of the instruction following the CALL instruction to determine the destination. The rel16 form is used when the instruction's operand-size attribute is 16- bits; rel32 is used when the operand-size attribute is 32-bits. The result is stored in the 32-bit EIP register. With rel16, the upper 16-bits of the EIP register are cleared, resulting in an offset whose value does not exceed 16-bits. CALL r/m16 and CALL r/m32 specify a register or memory location from which the absolute segment offset is fetched. The offset fetched from r/m is 32-bits for an operand-size attribute of 32 (r/m32), or 16-bits for an operand-size of 16 (r/m16). The offset of the instruction following the CALL instruction is pushed onto the stack. It will be popped by a near RET instruction within the procedure. The CS register is not changed by this form of CALL. The far calls, CALL ptr:16 and CALL ptr16:32, use a four-byte or six-byte operand as a long pointer to the procedure called. The CALL m16:16 and m16: 32 forms fetch the long pointer from the memory location specified (indirection). In Real Address Mode or Virtual 8086 Mode, the long pointer provides 16-bits for the CS register and 16 or 32-bits for the EIP register (depending on the operand-size attribute). These forms of the instruction push both the CS and IP or EIP registers as a return address. In Protected Mode, both long pointer forms consult the AR byte in the descriptor indexed by the selector part of the long pointer. Depending on the value of the AR byte, the call will perform one of the following types of control transfers:

• A far call to the same protection level
• An inter-protection level far call
• A task switch

A CALL-indirect-thru-memory, which uses the stack pointer (ESP) as a base register, references memory before the CALL. The base used is the value of the ESP before the instruction runs. For more information on Protected Mode control transfers, refer to the Intel documentation.

Operation

IF rel/16 or rel32 type of call 
THEN (* near relative call *)
   IF OperandSize = 16 
   THEN 
      Push(IP);
      EIP ← (EIP + rel16) AND 0000FFFFH;
   ELSE (* OperandSize = 32 *)
      Push(EIP);
      EIP ← EIP + rel32;
   FI;
FI;
IF r/m16 or r/m32 type of call 
THEN (* near absolute call *)
IF OperandSize = 16 
   THEN 
      Push(IP);
      EIP ← [r/m16] AND 0000FFFFH;
   ELSE (*OperandSize = 32 *)
      Push(EIP);
      EIP ←[r/m32]
   FI;
FI 

IF (PE = 0 OR (PE = 1 AND VM = 1))
(* real mode or virtual 8086 mode *)
   AND instruction = far CALL 
     (* i.e., operand type is m16:16, m16:32, ptr16:16, ptr16:32*)
THEN 
    IF OperandSize = 16 
    THEN 
      Push(CS);
      Push(IP); (* address of next instruction; 16 bits *)
    ELSE 
      Push(CS); (* padded with 16 high-order bits *)
      Push(EIP); (* address of next instruction; 32 bits *)
FI;
IF operand type is m16:16 or m16:32
THEN (* indirect far call *)
   IF OperandSize = 16 
   THEN 
      CS:IP ← [m16:16];
   EIP ← EIP AND 0000FFFFH; (* clear upper 16 bits *)
   ELSE (* OperandSize = 32 *)
      CS:EIP ← [m16:32[;
   FI;
FI;
IF operand type is ptr:16 or ptr16:32
THEN (* direct far call *)
   IF OperandSize = 16 
   THEN 
      CS:IP ← ptr:16;
      EIP ← EIP AND 0000FFFFH; (* clear upper 16 bits *)
   ELSE (* OperandSize = 32 *)
      CS:EIP ← ptr16:32;
   FI;
 FI;
FI;

IF (PE = 1 AND VM = 0) (* Protected mode, not V86 mode *)
 AND instruction = far CALL  
THEN 
 If indirect, then check access of EA doubleword;
   #GP(0) if limit violation;
 New CS selector must not be null else #GP(0);
 Check that new CS selector index is within its 
   descriptor table limits; else #GP(new CS selector);
 Examine AR byte of selected descriptor for various legal values;
   depending on value:
   go to CONFORMING-CODE-SEGMENT;
   go to NONCONFORMING-CODE-SEGMENT;
   go to CALL-GATE;
   go to TASK-GATE;
   go to TASK-STATE-SEGMENT;
 ELSE #GP(code segment selector);
FI;

CONFORMING-CODE-SEGMENT:
 DPL must be ó CPL ELSE #GP(code segment selector);
 Segment must be present ELSE #NP(code segment selector);
 Stack must be big enough for return address ELSE #SS(0);
 Instruction pointer must be in code segment limit ELSE #GP(0);
 Load code segment descriptor into CS register;
 Load CS with new code segment selector;
 Load EIP with zero-extend(new offset);
 IF OperandSize=16 THEN EIP ← EIP AND 0000FFFFH; FI;

NONCONFORMING-CODE-SEGMENT:
 RPL must be ó CPL ELSE #GP(code segment selector)
 DPL must be = CPL ELSE #GP(code segment selector)
 Segment must be present ELSE #NP(code segment selector)
 Stack must be big enough for return address ELSE #SS(0)
 Instruction pointer must be in code segment limit ELSE #GP(0)
 Load code segment descriptor into CS register 
 Load CS with new code segment selector 
 Set RPL of CS to CPL 
 Load EIP with zero-extend(new offset);
 IF OperandSize=16 THEN EIP ← EIP AND 0000FFFFH; FI;

 CALL-GATE
 Call gate DPL must be ò CPL ELSE #GP(call gate elector)
 Call gate DPL must be ò RPL ELSE #GP(call gate elector)
 Call gate just be present ELSE #NP(call gate selector)
 Examine code segment selector in call gate descriptor:
   Selector must not be null ELSE #GP(0)
   Selector must be within its descriptor table 
     limits ELSE #GP(code segment selector)
   AR byte of selected descriptor must indicate code 
     segment ELSE #GP(code segment selector)
   DPL of selected descriptor must be ó CPL ELSE 
     #GP(code segment selector)
   IF non-conforming code segment AND DPL < CPL 
   THEN go to MORE-PRIVILEGE
   ELSE go to SAME-PRIVILEGE
   FI;

MORE-PRIVILEGE:
 Get new SS selector for new privilege level from TSS 
   Check selector and descriptor for new SS:
     Selector must not be null ELSE #TS(0)
     Selector index must be within its descriptor 
       table limits ELSE #TS(SS selector)
     Selector's RPL must equal DPL of code segment 
       ELSE #TS(SS selector)
     Stack segment DPL must equal DPL of code 
       segment ELSE #TS(SS selector)
     Descriptor must indicate writable data segment 
       ELSE #TS(SS selector)
     Segment present ELSE #SS(SS selector)
IF OperandSize=32
 THEN 
     New stack must have room for parameters plus 16 bytes 
       ELSE #SS(SS selector)
     EIP must be in code segment limit ELSE #GP(0)
     Load new SS:eSP value from TSS 
     Load new CS:EIP value from gate 
 ELSE 
   New stack must have room for parameters plus 8 bytes 
     ELSE #SS(SS selector)
   IP must be in code segment limit ELSE #GP(0)
   Load new SS:eSP value from TSS 
   Load new CS:IP value from gate 
 FI;
 Load CS descriptor 
 Load SS descriptor 
 Push long pointer of old stack onto new stack 
 Get word count from call gate, mask to 5 bits 
 Copy parameters from old stack onto new stack 
 Push return address onto new stack 
 Set CPL to stack segment DPL 
 Set RPL of CS to CPL 

SAME-PRIVILEGE:
 IF OperandSize=32
 THEN 
   Stack must have room for 6-byte return address (padded to 8 bytes)
     ELSE #SS(0)
   EIP must be within code segment limit ELSE #GP(0)
   Load CS:EIP from gate 
 ELSE 
   Stack must have room for 4-byte return address ELSE #SS(0)
   IP must be within code segment limit ELSE #GP(0)
   Load CS:IP from gate 
FI;
Push return address onto stack 
Load code segment descriptor into CS register 
Set RPL of CS to CPL 

TASK-GATE:
   Task gate DPL must be ó CPL ELSE #TS(gate selector)
   Task gate DPL must be ó RPL ELSE #TS(gate selector)
   Task Gate must be present ELSE #NP(gate selector)
   Examine selector to TSS, given in Task Gate descriptor:
     Must specify global in the local/global bit ELSE #TS(TSS selector)
     Index must be within GDT limits ELSE #TS(TSS selector)
     TSS descriptor AR byte must specify nonbusy TSS 
       ELSE #TS(Tss selector)
     Task State Segment must be present ELSE #NP(TSS selector)
 SWITCH-TASKS (with nesting) to TSS 
 IP must be in code segment limit ELSE #TS(0)

TASK-STATE-SEGMENT
 TSS DPL must be ó CPL ELSE #TS(TSS selector)
 TSS DPL must be ó RPL ELSE #TS(TSS selector)
 TSS descriptor AR byte must specify available TSS 
    ELSE #TS(TSS selector)
 Task State Segment must be present ELSE #NP(TSS selector)
 SWITCH-TASKS (with nesting) to TSS 
 IP must be in code segment limit ELSE #TS(0)

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|  |  |  |  |  |  |  |  |

All flags are affected if a task switch occurs; no flags are affected if a task switch does not occur.

Protected Mode Exceptions

For far calls: #GP, #NP, #SS, and #TS, as indicated in the "Operation" section. For near direct calls: #GP(0) if procedure location is beyond the code segment limits; #SS(0) if pushing the return address exceeds the bounds of the stack segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3. For a near indirect call: #GP(0) for an illegal memory operand effective address is the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #GP(0) if the indirect offset obtained is beyond the code segment limits; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

Any far call from a 32-bit code segment to a 16-bit code segment should be made from the first 64 Kbytes of the 32-bit code segment, because the operand-size attribute of the instruction is set to 16, allowing only a 16- bit return address offset to be saved.

CBW/CWDE-Convert Byte to Word/Convert Word to Doubleword

Description

The CBW instruction converts the signed byte in the AL register to a signed word in the AX register by extending the most significant bit of the AL register (the sign bit) into all of the bits of the AH register. The CWDE instruction converts the signed word in the AX register to a doubleword in the EAX register by extending the most significant bit of the AX register into the two most significant bytes of the EAX register. Note that the CWDE instruction is different from the CWD instruction. The CWD instruction uses the DX:AX register pair rather than the EAX register as a destination.

Operation

IF OperandSize = 16 (* instruction = CBW *)
THEN AX ← Sign Extend(AL);
ELSE (* OperandSize = 32, instruction = CWDE *)
  EAX ← Sign Extend(AX);
FI;

CDQ - Convert Double to Quad

See entry for CWD/CDQ-Convert Word to Double/Convert Double to Quad.

CLC - Clear Carry Flag

Description

The CLC instruction clears the CF flag. It does not affect other flags or registers.

Operation

CF ← 0;

Flags Affected

The CF flag is cleared.

CLD - Clear Direction Flag

Description

The CLD instruction clears the direction flag. No other flags or registers are affected. After a CLD instruction is run, string operations will increment the index registers (SI and/or DI) that they use.

Operation

DF ← 0;

Flags Affected

The DF flag is cleared.

CLI - Clear Interrupt Flag

Description

The CLI instruction clears the IF flag if the current privilege level is at least as privileged as IOPL. No other flags are affected. External interrupts are not recognized at the end of the CLI instruction from that point on until the IF flag is set.

Operation

IF PE = 0 
THEN 
  IF ←0;
ELSE 
  IF VM = 0 (* Running in protected Mode *)
  THEN
     IF IOPL = 3 
     THEN IF ← 0;
     ELSE IF CPL ó IOPL 
               THEN IF ← 0;
               ELSE #GP(0);
               FI;
     FI;
  ELSE (* Running in Virtual-8086 mode *)
     IF IOPL = 3 
     THEN IF ← 
     ELSE #GP(0);
     FI;
  FI;
FI;

Decision Table

The following decision table indicates which action in the lower portion of the table is taken given the conditions in the upper portion of the table.

Notes: - Don't care Blank Action Not Taken Y Action in Column 1 taken

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|  |  |0 |  |  |  |  |  |

IF cleared.

Protected Mode Exceptions

1. GP(0) if the current privilege level is greater (has less privilege) than the I/O privilege level in the flags register. The I/O privilege level specifies the least privileged level at which I/O can be performed.

Virtual 8086 Mode Exceptions

1. GP(0) as for protected mode.

CLTS - Clear Task-Switched Flag in CR0

Description

The CLTS instruction clears the task-switched (TS) flag in the CR0 register. This flag is set by the processor every time a task switch occurs. The TS flag is used to manage processor extensions as follows:

• Every processing of an ESC instruction is trapped if the TS flag is set.
• Processing of a WAIT instruction is trapped if the MP flag and the TS flag are both set.

Thus, if a task switch was made after an ESC instruction was begun, the floating-point unit's context may need to be saved before a new ESC instruction can be issued. The fault handler saves the context and clears the TS flag. The CLTS instruction appears in operating system software, not in application programs. It is a privileged instruction that can only be run at privilege level 0.

Operation

TS Flag in CR0 ← 0;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|  |  |  |  |  |  |  |  |

The TS flag is cleared (the TS flag is in the CR0 register, not the flags register).

Protected Mode Exceptions

1. GP(0) if the CLTS instruction is run with a current privilege level other than 0.

Real Address Mode Exceptions

None (valid in Real Address Mode to allow initialization for Protected Mode ).

Virtual 8086 Mode Exceptions

Same exceptions as in Protected Mode.

CMC - Complement Carry Flag

Description

The CMC instruction reverses the setting of the CF flag. No other flags are affected.

Operation

CF ← NOT CF;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|  |  |  |  |  |  |  |*

The CF flag contains the complement of its original value.

CMP - Compare Two Operands

Details Table

Description

The CMP instruction subtracts the second operand from the first but, unlike the SUB instruction, does not store the result; only the flags are changed. The CMP instruction is typically used in conjunction with conditional jumps and the SETcc instruction. (Refer to Appendix D for the list of signed and unsigned flag tests provided.) If an operand greater than one byte is compared to an immediate byte, the byte value is first sign-extended.

Operation

LeftSRC - SignExtend(RightSRC);

(* CMP does not store a result; its purpose is to set the flags *)

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF
|--+--+--+--+--+--+--+--
|* |  |  |* |* |* |* |* 

The OF, SF, ZF, AF, PF, and CF flags are set according to the result.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

,Real Address Mode Exceptions Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

CMPS/CMPSB/CMPSW/CMPSD - Compare String Operands

Description

The CMPS instruction compares the byte, word, or doubleword pointed to by the source-index register with the byte, word, or doubleword pointed to by the destination-index register. If the address-size attribute of this instruction of 16-bits, the SI and DI registers will be used for source- and destination-index registers; otherwise the ESI and EDI registers will be used. Load the correct index values into the SI and DI (or ESI and EDI) registers before running the CMPS instruction. The comparison is done by subtracting the operand indexed by the destination-index register from the operand indexed by the source-index register. Note that the direction of subtraction for the CMPS instruction is [SI] - [ DI] or [ESI] - [EDI]. The left operand (SI or ESI) is the source and the right operand (DI or EDI) is the destination. This is the reverse of the usual Intel convention in which the left operand is the destination and the right operand is the source. The result of the subtraction is not stored; only the flags reflect the change. The types of the operands determine whether bytes, words, or doublewords are compared. For the first operand (SI or ESI), the DS register is used, unless a segment override byte is present. The second operand (DI or EDI) must be addressable from the ES register; no segment override is possible. After the comparison is made, both the source-index register and destination-index register are automatically advanced. If the DF flag is 0 (a CLD instruction was run), the registers increment; if the DF flag is 1 (an STD instruction was run), the registers decrement. The registers increment or decrement by 1 if a byte is compared, by 2 if a word is compared, or by 4 if a doubleword is compared. The CMPSB, CMPSW and CMPSD instructions are synonyms for the byte, word, and doubleword CMPS instructions, respectively. The CMPS instruction can be preceded by the REPE or REPNE prefix for block comparison of CX or ECX bytes, words, or doublewords. Refer to the description of the REP instruction for more information on this operation.

Operation

IF (instruction = CMPSD) OR
   (instruction has operands of type DWORD)
THEN OperandSize ← 32;
ELSE OperandSize ← 16;
FI;
IF AddressSize = 16
THEN
  use SI for source-index and DI for destination-index
ELSE (* AddressSize = 32 *)
  use ESI for source-index and EDI for destination-index;
FI;
IF byte type of instruction
THEN
  set ZF based on
  [source-index] - [destination-index] ; (* byte comparison *)
  IF DF = 0 THEN IncDec ← 1 ELSE IncDec ← -1; FI;
ELSE
  IF OperandSize = 16
  THEN
     set ZF based on
     [source-index] - [destination-index] ; (* word comparison *)
     IF DF = 0 THEN IncDec ← 2 ELSE IncDec ← -2; FI;
  ELSE (* OperandSize = 32 *)
     set ZF based on
     [source-index] - [destination-index] ; (* dword comparison *)
     IF DF = 0 THEN IncDec ← 4 ELSE IncDec ← -4; FI;
  FI;
FI;
source-index = source-index + IncDec;
destination-index = destination-index + IncDec;

The OF, SF, ZF, AF, PF, and CF flags are set according to the result.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

CMPXCHG - Compare and Exchange

Description

The CMPXCHG instruction compares the accumulator (AL, AX, or EAX register) with DEST. If they are equal, SRC is loaded into DEST. Otherwise, DEST is loaded into the accumulator.

Operation

IF accumulator=DEST
         ZF ← 1 
         DEST ← SRC 
ELSE 
         ZF ← 0 
         accumulator ← DEST 

The CF, PF, AF, SF, and OF flags are affected as if a CMP instruction had been run with DEST and the accumulator as operands. The ZF flag is set if the destination operand and the accumulator are equal; otherwise it is cleared.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in real-address mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

This instruction can be used with a LOCK prefix. In order to simplify interface to the processor's bus, the destination operand receives a write cycle without regard to the result of the comparison. DEST is written back if the comparison fails, and SRC is written into the destination otherwise. (The processor never produces a locked read without also producing a locked write.) This instruction is not supported on Intel386 processors.

CMPXCHG8B - Compare and Exchange 8 Bytes

Description

The CMPXCHG8B instruction compares the 64-bit value in EDX:EAX with DEST. EDX contains the high-order 32 bits, and EAX contains the low-order 32 bits of 64-bit value. If they are equal, the 64-bit value in ECX:EBX is stored into DEST. ECX contains the high-order 32 bits and EBX contains the low- order 32 bits. Otherwise, DEST is loaded into EDX:EAX.

Operation

IF EDX:EAX=DEST
         ZF ← 1 
         DEST ← ECX:EBX
ELSE 
         ZF ← 0 
         EDX:EAX ← DEST 

The ZF flag is set if the destination operand and EDX:EAX are equal; otherwise it is cleared. The CF, PF, AF, SF, and OF flags are unaffected.

Protected Mode Exceptions

1. GP(0) if the result is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS (0) for an illegal address in the SS segment; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

The destination operand must be a memory operand, not a register. If the CMPXCHG8B instruction is run with a modr/m byte representing a register as the destination operand, #UD occurs.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in real-address mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3. #UD if modr/m byte represents a register as the destination.

Notes

This instruction can be used with a LOCK prefix. In order to simplify interface to the processor's bus, the destination operand receives a write cycle without regard to the result of the comparison. DEST is written back if the comparison fails, and SRC is written into the destination otherwise. (The processor never produces a locked read without also producing a locked write.) The "r/m64" syntax had previously been used only in the context of floating point operations. It indicates a 64-bit value, in memory at an address determined by the modr/m byte. This instruction is not supported on Intel486 processors.

CPUID - CPU Identification

Details Table

Description

The CPUID instruction provides information to software about the vendor, family, model, and stepping of microprocessor on which it is running. An input value loaded into the EAX register for this instruction indicates what information should be returned by the CPUID instruction. Following processing of the CPUID instruction with a zero in EAX, the EAX register contains the highest input value understood by the CPUID instruction. For the Pentium processor, the value in EAX will be a one. Also included in the output of this instruction with an input value of zero in EAX is a vendor identification string contained in the EBX, EDX, and ECX registers. EBX contains the first four characters, EDX contains the next four characters and ECX contains the last four characters. For Intel processors, the vendor identification string is "GenuineIntel" as follows:

EBX ← 756e6547h (* "Genu", with G in the low nibble of BL *)
EDX ← 49656e69h (* "ineI", with i in the low nibble of DL *)
ECX ← 6c65746eh (* "ntel", with n in the low nibble of CL *)

Following processing of the CPUID instruction with an input value of one loaded into the EAX register, EAX[3:0] contains the stepping id of the microprocessor, EAX[7:4] contains the model (the first model will be indicated by 0001B in these bits) and EAX[11:8] contains the family (5 for the Pentium processor family). EAX[31:12] are reserved, as well as EBX, and ECX. The Pentium processor sets the feature register, EDX, to 1BFH indicating which features the Pentium processor supports. A feature flag set to one indicates that the corresponding feature is supported. The feature set register is defined as follows:

EDX[0:0] FPU on chip
EDX[6:1] Refer to the Intel documentation
EDX[7:7] Machine Check Exception
EDX[8:8] CMPXCHG8B Instruction
EDX[31:9] Reserved

Software should determine the vendor identification in order to properly interpret the feature register flag bits. For more information on the feature set register, see the Intel documentation.

Operation

switch (EAX)
  case 0:
      EAX ← hv;(* hv=1 for the Pentium processor *)
                      (* hv is the highest input value that is understood by CPUID. *)
      EBX ← Vendor identification string;
      EDX ← Vendor identification string;
      ECX ← Vendor identification string;
      break;
  case 1:
      EAX[3:0] ← Stepping ID;
      EAX[7:4] ← Model;
      EAX[11:8] ← Family;
      EAX[31:12] ← Reserved;
      EBX ← reserved;      (* 0 *)
      ECX ← reserved;      (* 0 *)
      EBX ← feature flags;
      break;
  default:  (* EAX > hv *)
      EAX ← reserved, undefined;
      EBX ← reserved, undefined;
      ECX ← reserved, undefined;
      EDX ← reserved, undefined;
      break;
end-of-switch

CWD/CDQ - Convert Word to Double/Convert Double to Quad

Description

CWD and CDQ double the size of the source operand. The CWD instruction copies the sign (bit 15) of the word in the AX register into every bit position in the DX register. The CDQ instruction copies the sing (bit 31) of the doubleword in the EAX register into every bit position in the EDX register. The CWD instruction can be used to produce a doubleword dividend from a word before a word division, and the CDQ instruction can be used to produce a quadword dividend from a doubleword before doubleword division. The CWD and CDQ instructions are different mnemonics for the same opcode. Which one gets run is determined by whether it is in a 16- or 32-bit segment and the presence of any operand-size override prefixes.

Operation

IF OperandSize = 16 (* instruction = CWD *)
THEN DX ← SignExtend(AX);
ELSE (* OperandSize = 32, instruction = CDQ *)
  EDX ←SignExtend(EAX);
FI;

CWDE - Convert Word to Doubleword

See entry for CBW/CWDE-Convert Byte to Word/Convert Word to Doubleword.

DAA - Decimal Adjust AL after Addition

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+--------------------------------
|27        |DAA                 |X|X|X|X|X|X|Decimal adjust AL after addition

Description

Run the DAA instruction only after running an ADD instruction that leaves a two-BCD-digit byte result in the AL register. The ADD operands should consist of two packaged BCD digits. The DAA instruction adjusts the AL register to contain the correct two-digit packed decimal result.

Operation

IF (((AL AND 0FH) > 09H) or EFLAGS.AF = 1)
THEN 
  AL ← AL + 06H;
FI;
IF (((AL AND 0F0H) > 90H) or EFLAGS.CF = 1)
THEN 
  AL ← AL + 60H;
  CF ← 1;
FI;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|? |  |  |* |* |* |* |* |

The AF and CF flags are set if there is a decimal carry, cleared if there is no decimal carry; the SF, ZF and PF flags are set according to the result. The OF flag is undefined.

DAS - Decimal Adjust AL after Subtraction

Details Table

|Encoding |Instruction  |0|1|2|3|4|5|Description 
|---------+-------------+-+-+-+-+-+-+----------------------------------
|2F       |DAS          |X|X|X|X|X|X|Decimal adjust AL after subtraction

Description

Run the DAS instruction only after a subtraction instruction that leaves a two-BCD-digit byte result in the AL register. The operands should consist of two packed BCD digits. The DAS instruction adjusts the AL register to contain the correct packed two-digit decimal result.

Operation

tmpCF ← 0;
tmpAL ← AL;
IF (((tmpAL AND 0FH) > 9H) or AF = 1)
THEN 
  AF ← 1;
  AL ← AL - 6H;
  tmpCF ← (AL < 0) OR CF;
FI;
IF ((tmpAL > 99H) or CF = 1)
THEN 
  AL ← AL - 60H;
  tmpCF ← 1;
FI;
CF ← tmpCF;

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|? |  |  |* |* |* |* |* |

The AF and CF flags are set if there is a decimal borrow, cleared if there is no decimal borrow; the SF, ZF and PF flags are set according to the result. The OF flag is undefined.

DEC - Decrement by 1

Description

The DEC instruction subtracts 1 from the operand. The DEC instruction does not change the CF flag. To affect the CF flag, use the SUB instruction with an immediate operand of 1.

Operation

DEST ← DEST - 1;

Flags Affected

The OF, SF, ZF, AF, and PF flags are set according to the result.

Protected Mode Exceptions

1. GP(0) if the result is a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

DIV - Unsigned Divide

Description

The DIV instruction performs an unsigned division. The dividend is implicit ; only the divisor is given as an operand. The remainder is always less than the divisor. The type of the divisor determines which registers to use as follows:

Operation

temp ← dividend / divisor;
IF temp does not fit in quotient 
THEN Interrupt 0;
ELSE 
  quotient ← temp;
  remainder ← dividend MOD (r/m);
FI;

Note: Divisions are unsigned. The divisor is given by the r/m operand. The dividend, quotient, and remainder use implicit registers. Refer to the table under "Description".

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|? |  |  |? |? |? |? |? |

The OF, SF, ZF, AF, PF, and CF flags are undefined.

Protected Mode Exceptions

Interrupt 0 if the quotient is too large to fit in the designated register (AL, AX, or EAX), or if the divisor is 0; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 0 if the quotient is too big to fit in the designated register (AL, AX, or EAX), or if the divisor is 0; Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

ENTER - Make Stack Frame for Procedure Parameters

Description

The ENTER instruction creates the stack frame required by most block- structured high-level languages. The first operand specifies the number of bytes of dynamic storage allocated on the stack for the routine being entered. The second operand gives the lexical nesting level (0 to 31) of the routine within the high-level language source code. It determines the number of stack frame pointers copied into the new stack frame from the preceding frame. Both the operand-size attribute and the stack-size attribute are used to determine whether BP or EBP is used for the current frame pointer and SP or ESP is used for the stack pointer. If the operand-size attribute is 16-bits, the processor uses the BP register as the frame pointer and the SP register as the stack pointer, unless the stack-size attribute is 32-bits in which case it uses EBP for the frame pointer and ESP for the stack pointer. If the operand-size attribute is 32-bits, the processor uses the EBP register for the frame pointer and the ESP register for the stack pointer, unless the stack-size attribute is 16-bits in which case it uses BP for the frame pointer and SP for the stack pointer. If the second operand is 0, the ENTER instruction pushes the frame pointer (BP or EBP register) onto the stack; the ENTER instruction then subtracts the first operand from the stack pointer and sets the frame pointer to the current stack-pointer value. For example, a procedure with 12 bytes of local variables would have an ENTER 12,0 instruction at its entry point and a LEAVE instruction before every RET instruction. The 12 local bytes would be addressed as negative offsets from the frame pointer.

Operation

level ← level MOD 32 
2ndOperand <- 2ndOperand MOD 32 
IF operand_size = 16 THEN Push(bp) ELSE Push(ebp) FI;
IF stkSize = 16 THEN framePtr = sp ELSE framePtr = esp FI;
FOR i ← 1 TO (2ndOperand - 1)
DO 
  IF oprand_size = 16 
  THEN
      IF stkSize = 16 
      THEN
        bp = bp - 2 
        Push([bp]) (* word push *)
      ELSE (* stkSize = 32 *)
        ebp = ebp - 2 
        Push([ebp]) (* word push *)
      FI;
  ELSE (* operand_size = 32 *)
      IF stkSize = 16 
        bp = bp - 4 
        Push([bp]) (* doubleword push *)
      ELSE (* stkSize = 32 *)
        ebp = ebp - 4 
        Push([ebp]) (* doubleword push *)
      FI;
  FI;
OD;
IF stkSize = 16 
THEN Push(framePtr); (* word push *)
ELSE Pushd(framePtr); (* doubleword push *)
FI;
IF stkSize = 16 
THEN 
  bp = framePtr 
  sp = sp - 1stOperand 
ELSE 
  ebp = framePtr 
  esp = esp - 1stOperand 
FI;

Protected Mode Exceptions

1. SS(0) if the SP or ESP value would exceed the stack limit at any point during instruction processing; #PF(fault-code) for a page fault.

F2XM1 - Compute (2 to the power of X) minus 1

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+-------------------------
|D9 F0     |F2XM1               |X|X|X|X|X|X|Replace ST with (2ST - 1)

Description

F2XM1 replaces the contents of ST with (2ST-1). ST must lie in the range -1 < ST < 1.

Operation

ST ← (2ST-1);

Numeric Exceptions

P, U, D, I, IS.

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

If the operand is outside the acceptable range, the result of F2XM1 is undefined. Values other than 2 can be exponentiated using the formula xy = 2(y * log2x) The instructions FLDL2T and FLDL2E load the constants log210 and log2e, respectively. FYL2X can be used to calculate y * log2x for arbitrary positive x.

FABS - Absolute Value

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+----------------------------------
|D9 E1     |FABS                |X|X|X|X|X|X|Replace ST with its absolute value

Description

The absolute value instruction clears the sign bit of ST. This operation leaves a positive value unchanged, or replaces a negative value with a positive value of equal magnitude.

Operation

sign bit of ST ← 0 

Numeric Exceptions

IS

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

The invalid-operation exception is raised only on stack underflow. No exception is raised if the operand is a signalling NaN or is in an unsupported format.

FADD/FADDP/FIADD - Add

Description

The addition instructions add the source and destination operands and return the sum to the destination. The operand at the stack top can be doubled by coding: FADD ST, ST(0)

Operation

DEST ← DEST +SRC;
If instruction = FADDP THEN pop ST FI;

Numeric Exceptions

P, U, O, D, I, IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF ( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the source operand is in memory, it is automatically converted to the extended-real format.

FBLD - Load Binary Coded Decimal

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+------------------------------
|DF /4     |FBLD m80bcd         |X|X|X|X|X|X|Push m80bcd onto the FPU stack

Description

FBLD converts the BCD source operand into extended-real format, and pushes it onto the FPU stack. See Figure 6-10 for BCD data layout.

Operation

Decrement FPU stack-top pointer;
ST(0) ← SRC;

Numeric Exceptions

IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF ( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The source is loaded without rounding error. The sign of the source is preserved, including the case where the value is negative zero. The packed decimal digits are assumed to be in the range 0-9. The instruction does not check for invalid digits (A-FH), and the result of attempting to load an invalid encoding is undefined. ST(7) must be empty to avoid causing an invalid-operation exception.

FBSTP - Store Binary Coded Decimal and Pop

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+-----------------------------
|DF /6     |FBSTP m80bcd        |X|X|X|X|X|X|Store ST in m80bcd and pop ST

Description

FBSTP converts the value in ST into a packed decimal integer, stores the result at the destination in memory, and pops ST. Non-integral values are first rounded according to the RC field of the control word. See Figure 6- 10 for BCD data layout.

Operation

DEST ← ST(0);
pop ST;

Numeric Exceptions

P, I, IS.

Protected Mode Exceptions

1. GP(0) if the destination is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF (fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

FCHS - Change Sign

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+--------------------------
|D9 E0     |FCHS                |X|X|X|X|X|X|Replace ST with a value of
|          |                    | | | | | | |opposite sign

Description

The change sign instruction inverts the sign bit of ST. This operation replaces a positive value with a negative value of equal magnitude, or vice -versa.

Operation

sign bit of ST ← NOT (sign bit of ST)

Numeric Exceptions

IS

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CRO is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

The invalid-operation exception is raised only on stack underflow, even if the operand is signalling NaN or is an unsupported format.

FCLEX/FNCLEX - Clear Exceptions

Details Table

Description

FCLEX clears the exception flags, the exception status flag, and the busy flag of the FPU status word.

Operation

SW[0..7] ← 0;
SW[15]   ← 0;

Numeric Exceptions

None

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set.

Notes

FCLEX checks for unmasked floating-point error conditions before clearing the exception flags, FNCLEX does not.

FCOM/FCOMP/FCOMPP - Compare Real

Description

The compare real instructions compare the stack top to the source, which can be a register or a single- or double-real memory operand. If no operand is encoded, ST is compared to ST(1). Following the instruction, the condition codes reflect the relation between ST and the source operand.

Operation

Case (relation of operands) OF 
  Not comparable:     C3, C2, C0 ← 111;
  ST > SRC:           C3, C2, C0 ← 000;
  ST < SRC:           C3, C2, C0 ← 001;
  ST = SRC:           C3, C2, C0 ← 100;
If instruction = FCOMP THEN pop ST; Fl;
If instruction = FCOMPP THEN pop ST; pop ST; Fl;

FPU Flags Affected

FPU FLAGS |EFLAGS
----------+------
C0        |CF
----------+------
C1        |None
----------+------
C2        |PF
----------+------
C3        |ZF

C1 as described in FPU Flags Affected; C0, C2, C3 as specified above.

Numeric Exceptions

D, I, IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF ( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would like outside effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF (fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If either operand is NaN or is in an undefined format, or if a stack fault occurs, the invalid-operation exception is raised, and the condition bits are set to "unordered." The sign of zero is ignored, so that -0.0 =-+0.0.

FCOS - Cosine

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+--------------------------
|D9 FF     |FCOS                | | | |X|X|X|Replace ST with its cosine

Description

The cosine instruction replaces the contents of ST with cos(ST). ST, expressed in radians, must lie in the range 101 < 2 63.

Operation

IF operand is in range 
THEN 
    C2 ← 0;
    ST ← cos(ST);
ELSE 
    C2 ← 1;
FI;

FPU Flags Affected

|C0|C1|C2|C3|
|--+--+--+--|
|? |* |? |* |

C1, C2 as described in FPU Flags Affected; C0, C3 undefined.

Numeric Exceptions

P,D,I,IS.

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set.

Notes

If the operand is outside the acceptable range, the C2 flag is set, and ST remains unchanged. It is the programmer's responsibility to reduce the operand to an absolute value smaller than 263 by subtracting an appropriate integer multiple of 2ã. See the Intel documentation for discussion of the proper value to use for ã in performing such reductions.

FDECSTP - Decrement Stack-Top Pointer

Description

FDESCSTP subtracts one (without carry) from the three-bit TOP field of the FPU status word.

Operation

IF TOP=0
THEN TOP ← 7;
ELSE TOP ← TOP-1;
FI;

Numeric Exceptions

None.

Protected Mode Exceptions

.#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Notes

The effect of FDECSTP is to rotate the stack. It does not alter register tags or contents, nor does it transfer data.

FDISI/FNDISI - Disable Interrupts

Description

Operation

FPU Flags Affected

C0|C1|C2|C3
--+--+--+--
  |  |  |

Numeric Exceptions

Protected Mode Exceptions

Real Address Mode Exceptions

Notes

FDIV/FDIVP/FIDIV - Divide

Description

The division instructions divide the stack top by other operand and return the quotient to the destination.

Operation

FDIV DEST, SRC 
DEST ← DEST ö SRC 
If instruction = FDIVP THEN pop ST FI;

Numeric Exceptions

P, U, O, Z, D, I, IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the source operand is in memory, it is automatically converted to the extended-real format. The performance of the division instructions depends on the PC (Precision Control) field of the FPU control word. If PC specifies a precision of 53 bits, the division instructions will run in 33 clocks. If the specified precision is 24 bits, the division instructions will take only 19 clocks.

FDIVR/FDIVRP/FIDIVR - Reverse Divide

Details Table

Description

The division instructions divide the other operand by the stack top and return the quotient to the destination.

Operation

FDIVR DEST, SRC 
DEST ← SRC ö DEST 
IF instruction = FDIVRP THEN pop ST FI;

Numeric Exceptions

P, U, O, Z, D, I, IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the source operand is in memory, it is automatically converted to the extended-real format. The performance of the division instructions depends on the PC (Precision Control) field of the FPU control word. If PC specifies a precision of 53 bits, the reverse division instructions will run in 33 clocks. If the specified precision is 24 bits, the reverse division instructions will take only 19 clocks.

FENI/FNENI - Enable Interrupts

Description

Operation

FPU Flags Affected

|C0|C1|C2|C3
|--+--+--+--
|  |  |  |

Numeric Exceptions

Protected Mode Exceptions

Real Address Mode Exceptions

Notes

FFREE - Free Floating-Point Register

Description

FFREE tags the destination register as empty.

Operation

TAG(i) ← 11B;

Numeric Exceptions

None

Protected Mode Exceptions

.#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

.#NM if either EM or TS in CR0 is set.

Notes

FFREE does not affect the contents of the destination register. The floating-point stack pointer (TOP) is also unaffected.

FICOM/FICOMP - Compare Integer

Description

The compare integer instructions compare the stack top to the source. Following the instruction, the condition codes reflect the relation between ST and the source operand.

Operation

CASE (relation of operands) OF 
   Not comparable:  C3, C2, C0 ← 111;
   ST > SRC:        C3, C2, C0 ← 000;
   ST < SRC:        C3, C2, C0 ← 001;
   ST = SRC:        C3, C2, C0 ← 100;
If instruction = FICOMP THEN pop ST; FI;

FPU Flags Affected

FPU FLAGS  |EFLAGS
-----------+------
C0         |CF
-----------+------
C1         |(none)
-----------+------
C2         |PF
-----------+------
C3         |ZF

C1 as described in FPU Flags Affected; C0, C2, C3 as specified above.

Numeric Exceptions

D, I, IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The memory operand is converted to extended-real format before the comparison performed. If either operand is a NaN or is in an undefined format, of if a stack fault occurs, the invalid operation exception is raised, and the condition bits are set to "unordered".

FILD - Load Integer

Description

FILD converts the source signed integer operand into extended-real format, and pushes it onto the FPU stack.

Operation

Decrement FPU stack-top pointer;
ST(0) ← SRC;

Numeric Exceptions

IS.

Protected Mode Exceptions

.#GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

The source is loaded without rounding error. ST(7) must be empty to avoid causing an invalid-operation exception.

FINCSTP - Increment Stack-Top Pointer

Description

FINCSTP adds one (without carry) to the three-bit TOP field of the FPU status word.

Operation

IF TOP = 7 
THEN TOP ← 0;
ELSE TOP ← TOP + 1;
FI;

Numeric Exceptions

None

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM is either EM or TS in CR0 is set.

Notes

The effect of FINCSTP is to rotate the stack. It does not alter register tags or contents, nor does it transfer data. It is not equivalent to popping the stack, because it does not set the tag of the old stack-top to empty.

FINIT/FNINIT - Initialize Floating-Point Unit

Description

The initialization instructions set the FPU into a known state, unaffected by any previous activity. The FPU control word is set to 037FH (round to nearest, all exceptions masked, 64-bit precision). The status word is cleared (no exception flags set, stack register R0=stack-top). The stack registers are all tagged as empty. The error pointers (both instruction and data) are cleared.

Operation

CW ← 037FH;      (* Control word *)
SW ← 0;          (*Status word*)
TW ← FFFFH;      (* Tag word *)
FEA ← 0; FDS ← 0; (* Data pointer *)
FIP ← 0; FOP ← 0; FCS ← 0; (* Instruction pointer *)

FPU Flags Affected

C0|C1|C2|C3
--+--+--+--
0 |0 |0 |0

C0, C1, C2, C3 cleared.

Numeric Exceptions

None

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

FINIT checks for unmasked floating-point error conditions before performing the initialization; FNINIT does not. On the Pentium processor, unlike the Intel387 math coprocessor, FINIT and FNINIT clear the error pointers.

FIST/FISTP-Store Integer

Description

FIST converts the value in ST into a signed integer according to the RC field of the control word and transfers the result to the destination. ST remains unchanged. FIST accepts word and short integer destinations; FISTP accepts these and long integers as well.

Operation

DEST ← ST(0);
IF instruction = FISTP THEN pop ST FI;

Numeric Exceptions

P, I, IS.

Protected Mode Exceptions

1. GP(0) if the destination is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

Negative zero is stored with the same encoding (00..00) as positive zero. If the value is too large to represent as an integer, an I exception is raised. The masked response is to write the most negative integer to memory.

FLD-Load Real

Details Table

Description

FLD pushes the source operand onto the FPU stack. If the source is a register, the register number used is that before the stack-top pointer is decremented. In particular, coding FLD ST(0) duplicates the stack top.

Operation

Decrement FPU stack-top pointer; ST(0) ← SRC;

Numeric Exceptions

D, I, IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the source operand is single- or double-real format, it is automatically converted to the extended-real format. Loading an extended-real operand does not require conversion, so the I and D exceptions will not occur in this case. ST(7) must be empty to avoid causing an invalid-operation exception.

FLD1/FLDL2T/FLDL2E/FLDPI/FLDLG2/FLDLN2/FLDZ - Load Constant

Description

Each of the constant instructions pushes a commonly-used constant (in extended-real format) onto the FPU stack.

Operation

Decrement FPU stack-top pointer;
ST(0) ← CONSTANT;

Numeric Exceptions

IS

Protected Mode Exceptions

.#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

.#NM if either EM or TS in CR0 is set.

Notes

ST(7) must be empty to avoid an invalid exception. An internal 66-bit constant is used and rounded to external-real format (as specified by the RC bit of the control words). The precision exception is not raised.

FLDCW - Load Control Word

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+------------------------------
|D9 /5     |FLDCW m16           |X|X|X|X|X|X|Load FPU control word from m16

Description

FLDCW replaces the current value of the FPU control word with the value contained in the specified memory word.

Operation

CW ← SRC;

Numeric Exceptions

None, except for unmasking an existing exception.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

FLDCW is typically used to establish or change the FPU's mode of operation. If an exception bit in the status word is set, loading a new control word that unmasks that exception will result in a floating-point error condition. When changing modes, the recommended procedure is to clear any pending exceptions before loading the new control word.

FLDENV - Load FPU Environment

Details Table

Description

FLDENV reloads the FPU environment from the memory area defined by the source operand. This data should have been written by previous FSTENV or FNSTENV instruction. The FPU environment conists of the FPU control word, status word, tag word, and error pointers (both data and instruction). The environment layout in memory depends on both the operand size and the current operating mode of the processor. The USE attribute of the current code segment determines the operand size: The 14-byte operand applies to a USE16 segment, and the 28- byte operand applies to a USE32 segment. Refer to the Intel documentation for figures of the environment layouts for both operand sizes in both real mode and protected mode. (In virtual-8086 mode, the real mode layout is used.) FLDENV should be run in the same operating mode as the corresponding FSTENV or FNSTENV.

Operation

FPU environment ← SRC;

Numeric Exceptions

None, except for loading an unmasked exception.

Protected Mode Exceptions

#GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the environment image contains an unmasked exception, loading it will result in a floating-point error condition.

FMUL/FMULP/FIMUL - Multiply

Description

The multiplication instructions multiply the destination operand by the source operand and return the product to the destination.

Operation

DEST ← DEST * SRC;
IF instruction = FMULP THEN pop ST FI;

Numeric Exceptions

P, U, O, D, I.

Protected Mode Exceptions

#GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments;
#SS(0) for an illegal address in the SS segment;
#PF(fault-code) for a page fault;
#NM if either EM or TS in CR0 is set;
#AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the source operand is in memory, it is automatically converted to the extended-real format.

FNOP-No Operation

Details Table

Description

FNOP performs no operation. It affects nothing except instruction pointers.

Numeric Exceptions

None

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set. 

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set.

FPATAN-Partial Arctangent

Details Table

Description

The partial arctangent instruction computes the arctangent of ST(1) ö ST, and returns computed value, expressed in radians, to ST(1). It then pops ST. The result has the same sign as the operand from ST(1), and a magnitude less than ã.

Operation

ST(1) ← arctan(ST(1) ö ST); pop ST;

Numeric Exceptions

P, U, D, I, IS.

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set. 

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set. 

Notes

There is no restriction on the range of arguments that FPATAN can accept. The fact that FPATAN takes two arguments and computes the arctangent of their ratio simplifies the calculation of other trigonometric functions. For instance, arcsin(x) (which is the arctangent of x ö û(1-xý)) can be computed using the following sequence of operations: Push x onto the FPU stack; compute û(1-xý) and push the resulting value onto the stack; run FPATAN.

FPREM-Partial Remainder

Details Table

Description

The partial remainder instruction computes the remainder obtained on dividing ST by ST(1), and leaves the result in ST. The sign of the remainder is the same as the sign of the original dividend in ST. The magnitude of the remainder is less than that of the modulus.

Operation

EXPDIF ← exponent(ST) - exponent(ST(1));
IF EXPDIF < 64 
THEN 
   Q ← integer obtained by chopping ST ö ST(1) toward zero;
   ST ← ST - (ST(1) * Q);
   C2 ← 0;
   C0, C1, C3 ← three least-significant bits of Q; (* Q2, Q1, Q0 *)
ELSE 
   C2 ← 1;
   N ← a number between 32 and 63;
   QQ ← integer obtained by chopping (ST ö ST(1)) ö 2EXPDIF-N
       toward zero;
   ST ← ST - (ST(1) * QQ * 2EXPDIF-N;
FI;

Numeric Exceptions

U, D, I, IS.

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set. 

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set. 

Notes

FREM produces an exact result; the precision (inexact) exception does not occur and the rounding control has no effect. The FPREM instruction is not the remainder operation specified in IEEE Std 754. To get that remainder, the FPREM1 instruction should be used. FPREM is supported for compatibility with the 8087 and Intel287 math coprocessors. FPREM works by iterative subtraction, can reduce the exponent of ST by no more than 63 in one execution. If FPREM succeeds in producing a remainder that is less than the modulus, the function is complete and the C2 flag is cleared. Otherwise, C2 is set, and the result in ST is called the partial remainder. The exponent of the partial remainder is less than the exponent of the original dividend by at least 32. Software can run the instruction again (using the partial remainder in ST as the dividend) until C2 is cleared. A higher-priority interrupting routine that needs the FPU can force a context switch between the instructions in the remainder loop. An important use of FPREM is to reduce the arguments of periodic functions. When reduction is complete, FPREM provides the three least-significant bits of the quotient in flags C3, C1, and C0. This is important in argument reduction for the tangent function (using a modulus of ã/4), because it locates the original angle in the correct one of eight sectors of the unit circle.

FPREM1 - Partial Remainder

Details Table

Description

The partial remainder instruction computes the remainder obtained on dividing ST by ST(1), and leaves the result in ST. The magnitude of the remainder is less than that of the modulus.

Operation

EXPDIF ← exponent(ST) - exponent(ST(1));
IF EXPDIF < 64
THEN
  Q ← integer obtained by rounding ST ö ST(1) to the nearest integer;
      (*or the nearest even integer if the result is exactly halfway between 2 integers *)
  ST ← ST - (ST(1) * Q);
  C2 ← 0;
  Q ← ST - (ST(1) * Q);
  C0, C1, C3 ← three least-significant bits of Q; (* Q2, Q1, Q0 *)
  C2 ← 0;
  C0, C1, C3 ← three least-significant bits of Q; (* Q2, Q1, Q0 *)
ELSE
  C2 ← 1;
  N ← a number between 32 and 63;
  QQ ← integer obtained by chopping (ST ö ST(1)) ö 2EXPDIF-N;
      toward zero;
  ST ← ST - (ST(1) * QQ * 2EXPDIF-N
FI;

Numeric Exceptions

U, D, I, IS.

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set.

Notes

FPREM1 produces an exact result; the precision (inexact) exception does not occur and the rounding control has no effect. The FPREM1 instruction is not the remainder operation specified in IEEE Std 754. It differs from FPREM in the way it rounds the quotient of ST and ST(1), when the exponent difference of exp(ST) -exp(ST)1 is less than 64. FPREM1 works by iterative subtraction, can reduce the exponent of ST by no more than 63 in one execution. If FPREM1 succeeds in producing a remainder that is less than one half the modulus, the function is complete and the C2 flag is cleared. Otherwise, C2 is set, and the result in ST is called the partial remainder. The exponent of the partial remainder is less than the exponent of the original dividend by at least 32. Software can run the instruction again (using the partial remainder in ST as the dividend) until C2 is cleared. A higher-priority interrupting routine that needs the FPU can force a context switch between the instructions in the remainder loop. An important use of FPREM1 is to reduce the arguments of periodic functions. When reduction is complete, FPREM1 provides the three least-significant bits of the quotient in flags C3, C1, and C0. This is important in argument reduction for the tangent function (using a modulus of ã/4), because it locates the original angle in the correct one of eight sectors of the unit circle.

FPTAN-Partial Tangent

Description

The partial tangent instruction replaces the contents of ST with tan(ST), and then pushes 1.0 onto the FPU stack. ST, expressed in radians, must lie in the range |0| < 263.

Operation

IF operand is in range 
THEN 
  C2 ← 0;
  ST ← tan(ST);
  Decrement stack-top pointer;
  ST ← 1.0;
ELSE 
  C2 ← 1;
FI;

FPU Flags Affected

|C0|C1|C2|C3|
|--+--+--+--|
|? |* |* |? |

C1, C2 as described in FPU Flags Affected; C0, C3 undefined.

Numeric Exceptions

P, U, D, I, IS.

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

If the operand is outside the acceptable range, the C2 flag is set, and ST remains unchanged. It is the programmer's responsibility to reduce the operand to an absolute value smaller than 263 by subtracting an appropriate integer multiple of 2ã. Refer to the Intel documentation 6 for a discussion of the proper value to use for ã in performing such reductions. The fact that FPTAN pushes 1.0 onto the FPU stack after computing tan(ST) maintains compatibility with the 8087 and Intel287 math coprocessors, and simplifies the calculation of other trigonometric functions. For instance, the cotangent (which is the reciprocal of the tangent) can be computed by running FDIVR after FPTAN. ST(7) must be empty to avoid an invalid-operation exception.

FRNDINT-Round to Integer

Description

The round to integer instruction rounds the value in ST to an integer according to the RC field of the FPU control word.

Operation

ST ← rounded ST;

Numeric Exceptions

P, D, I, IS.

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

FRSTOR/FRSTRW/FRSTRD - Restore FRU State

Details Table

Description

FRSTOR reloads the FPU state (environment and register stack) from the memory area defined by the source operand. This data should have been written by a previous FSAVE or FNSAVE instruction.

The FPU environment consists of the FPU control word, status word, tag word, and error pointers (both data and instruction). The environment layout in memory depends on both the operand size and the current operating mode of the processor. The USE attribute of the current code segment determines the operand size: the 14-byte operand applies to a USE16 segment, and the 28- byte operand applies to a USE32 segment. Refer to the Intel documentation for the environment layouts for both operand sizes in both real mode and protected mode. (In virtual-8086 mode, the real mode layout is used.) The stack registers, beginning with ST and ending with ST(7), are in the 80 bytes that immediately follow the environment image. FRSTOR should be run in the same operating mode as the corresponding FSAVE or FNSAVE.

Operation

FPU state ← SRC;

Numeric Exceptions

None, except for loading an unmasked exception.

Protected Mode Exceptions

#GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF( fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the state image contains an unmasked exception, loading it will result in a floating-point error condition.

FSAVE/FNSAVE-Store FPU State

Description

The save instructions write the current FPU state (environment and register stack) to the specified destination, and then re-initialize the FPU. The environment consists of the FPU control word, status word, tag word, and error pointers (both data and instruction).

The state layout in memory depends on both operand size and the current operating mode of the processor. The USE attribute of the current code segment determines the operand size: the 94-byte operand applies to USE16 segment, and the 108-byte operand applies to a USE32 segment.

Refer to the Intel documentation for the environment layouts for both operand sizes in both real mode and protected mode. (In virtual-8086 mode, the real mode layout is used.) The stack registers, beginning with ST and ending with ST( 7), are stored in the 80 bytes that immediately follow the environment image.

Operation

DEST ← FPU state;
initialize FPU; (* Equivalent to FNINIT *)

FPU Flags Affected

|C0|C1|C2|C3|
|--+--+--+--|
|0 |0 |0 |0 |

C0, C1, C2, C3 cleared.

Numeric Exceptions

None

Protected Mode Exceptions

1. GP(0) if the destination is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

FSAVE and FNSAVE do not store the FPU state until all FPU activity is complete. Thus, the saved image reflects the state of the FPU after any previously decoded instruction has been run. If a program is to read from the memory image of the state following a save instruction, it must issue an FWAIT instruction to ensure that the storage is complete. The save instructions are typically used when an operating system needs to perform a context switch, or an exception handler needs to use the FPU, or an application program wants to pass a "clean" FPU to a subroutine.

FSCALE-Scale

Description

The scale instruction inteprets the value in (ST(1) as an integer, and adds this integer to the exponent of ST. Thus, FSCALE provides rapid multiplication or division by integral powers of 2.

Operation

ST ← ST * 2ST(1);

Numeric Exceptions

P, U, O, D, I, IS.

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

FSCALE can be used as an inverse to FXTRACT. Because FSCALE does not pop the exponent part, however, FSCALE must be followed by FSTP ST(1) in order to completely undo the effect of a preceding FXTRACT. There is no limit on the range of the scale factor in ST(1). If the value is not integral, FSCALE uses the nearest integer smaller in magnitude; i.e. , it chops the value toward 0. If the resulting integer is zero, the value in ST is not changed.

FSETPM-Set Protected Mode

Details Table

Description

Sets the operating mode of the 80287 to Protected Virtual-Address mode. When the 80287 is first initialized following hardware RESET, it operates in Real-Address mode, just as does the 80286 CPU. Once the 80287 NPX has been set into Protected mode, only a hardware RESET can return the NPX to operation in Real-Address mode. When the 80287 operates in Protected mode, the NPX exception pointers are represented differently than they are in Real-Address mode (see the FSAVE and FSTENV instructions). This distinction is evident primarily to writers of numeric exception handlers, however. For general application programmers, the operating mode of the 80287 need not be a concern.

Operation

FPU Flags Affected

Numeric Exceptions

Protected Mode Exceptions

Real Address Mode Exceptions

FSIN-Sine

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+------------------------
|D9 FE     |FSIN                | | | |X|X|X|Replace ST with its sine

Description

The sine instruction replaces the contents of ST with sin(ST). ST, expressed in radians, must lie in the range |01| < 263.

Operation

If operand is in range 
THEN 
  C2 ← 0;
ELSE 
  C2 ← 1;
FI:

FPU Flags Affected

|C0|C1|C2|C3|
|--+--+--+--|
|? |* |* |? |

C1, C2 as described in FPU Flags Affected; C0, C3 undefined.

Numeric Exceptions

P, U, D, I, IS.

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

If the operand is outside the acceptable range, the C2 flag is set, and ST remains unchanged. It is the programmer's responsibility to reduce the operand to an absolute value smaller than 263 by subtracting an appropriate integer multiple of 2ã. Refer to the Intel documentation for a discussion of the proper value to use the ã in performing such reductions.

FSINCOS-Sine and Cosine

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+----------------------------------
|D9 FB     |FSINCOS             | | | |X|X|X|Compute the sine and cosine of ST;
|          |                    | | | | | | |replace ST with the sine, then
|          |                    | | | | | | |push the cosine onto the FPU stack

Description

FSINCOS computes both sin(ST) and cos(ST), replaces ST with the sine and then pushes the cosine onto the FPU stack. ST, expressed in radians, must lie in the range |0| < 263.

Operation

IF operand is in range 
THEN 
  C2 ← 0;
  TEMP ← cos(ST);
  ST ← sin(ST);
  Decrement FPU stack-top pointer;
  ST ← TEMP;
ELSE 
  C2 ← 1;
FI:

FPU Flags Affected

|C0|C1|C2|C3|
|--+--+--+--|
|? |* |* |? |

C1, C2 as described in FPU Flags Affected; C0, C3 undefined.

Numeric Exceptions

P, U, D, I, IS.

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

If the operand is outside the acceptable range, the C2 flag is set, and ST remains unchanged. It is the programmer's responsibility to reduce the operand to an absolute value smaller than 263 by subtracting an appropriate integer multiple of 2ã. Refer to the Intel documentation for a discussion of the proper value to use for ã in performing such reductions. It is faster to run FSINCOS than to run both FSIN and FCOS.

FSQRT-Square Root

Description

The square root instruction replaces the value in ST with its square root.

Operation

ST ← square root of ST;

Numeric Exceptions

P, D, I, IS.

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

The square root of -0 is -0.

FST/FSTP-Store Real

Description

FST copies the current value in the ST register to the destination, which can be another register or a single- or double-real memory operand. FSTP copies and then pops ST; it accepts extended-real memory operands as well as the types accepted by FST. If the source is register, the register number used is that before the stack is popped.

Operation

DEST ← ST(0);
IF instruction = FSTP THEN pop ST FI;

Numeric Exceptions

Register or extended-real destinations: IS

Single- or double-real destinations: P, U, O, I, IS

Protected Mode Exceptions

1. GP(0) if the destination is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in SS segment; #PF(fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the destination is single- or double-real, the significand is rounded to the width of the destination according to the RC field of the control word, and the exponent is converted to the width and bias of the destination format. The over/underflow condition is checked for as well. If ST contains zero, ñì, or a NaN, then the significand is not rounded, but chopped (on the right) to fit the destination. Nor is the exponent converted; it too is chopped on the right. These operations preserve the value's identity as ì or NaN (exponent all ones). The invalid-operation exception is not raised when the destination is a nonempty stack element. A denormal operand in ST(0) causes an underflow. No denormal operand exception is raised.

FSTCW/FNSTCW-Store Control Word

Details Table

Description

FSTCW and FNSTCW write the current value of the FPU control word to the specified destination.

Operation

DEST ← CW;

Numeric Exceptions

None

Protected Mode Exceptions

#GP(0) if the destination is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code for a page fault; # AC for unaligned memory reference if the current privilege level is 3.

Notes

FSTCW checks for unmasked floating-point error conditions before storing the control word FNSTCW does not.

FSTENV/FNSTENV-Store FPU Environment

Details Table

Description

The store environment instructions write the current FPU environment to the specified destination, and then mask all floating-point exceptions. The FPU environment consists of the FPU control word, status word, tag word, and error pointer (both data and instruction).

The environment layout in memory depends on both the operand size and the current operating mode of the processor. The USE attribute of the current code segment determines the operand size: the 14-byte operand applies to a USE16 segment, and the 28-byte operand applies to a USE32 segment. Figures 6-6 through 6-8 show the environment layouts for both operand sizes in both real mode and protected mode. (In virtual-8086 mode, the real mode layout is used).

Operation

DEST ← FPU environment;
CW[0..5] ← 111111B;

Numeric Exceptions

None

Protected Mode Exceptions

#GP(0) if the destination is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

FSTENV and FNSTENV do not store the environment until FPU activity is complete. Thus, the save environment reflects the state of the FPU after any previously decoded instruction has been run.

The store environment instructions are often used by exception handlers because they provide access to the FPU error pointers. The environment is typically saved onto the memory stack. After saving the environment, FSTENV and FNSTENV sets all the exception masks in the FPU control word. This prevents floating-point errors from interrupting the exception handler.

FSTENV checks for unmasked floating-point error conditions before storing the FPU environment; FNSTENV does not.

FSTSW/FNSTSW-Store Status Word

Description

FSTSW and FNSTSW write the current value of the FPU status word to the specified destination, which can be either a two-byte location in memory or the AX register.

Operation

DEST ← SW;

Numeric Exceptions

None

Protected Mode Exceptions

1. GP(0) if the destination is in a nonwritable segment; #GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in SS segment; #PF(fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

FSTSW checks for unmasked floating-point error conditions before storing the status word; FNSTSW does not. FSTSW and FNSTSW are used primarily in conditional branching (after a comparison, FPREM, FPREM1, or FXAM instruction). They can also be used to invoke exception handlers (by polling the exception bits) in environments that do not use interrupts. When FNSTSW AX is run, the AX register is updated before the processor runs any further instructions. The status stored is that from the completion of the prior ESC instruction.

FSUB/FSUBP/FISUB-Subtract

Description

The subtraction instructions subtract the other operand from the stack top and return the difference to the destination.

Operation

DEST ← ST - Other Operand;
IF instruction = FSUBP THEN pop ST FI;

Numeric Exceptions

P, U, O, D, I, IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in SS segment; #PF(fault-code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the source operand is in memory, it is automatically converted to the extended-real format.

FSUBR/FSUBRP/FISUBR-Reverse Subtract

Description

The reverse subtraction instructions subtract the stack top from the other operand and return the difference to the destination.

Operation

DEST ← Other Operand - ST;
IF instruction = FSUBRP THEN pop ST FI;

Numeric Exceptions

P, U, O, D, I, IS.

Protected Mode Exceptions

1. GP(0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in SS segment; #PF(fault- code) for a page fault; #NM if either EM or TS in CR0 is set; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 13 if any part of the operand would lie outside the effective address space from 0 to 0FFFFH; Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Notes

If the source operand is in memory, it is automatically converted to the extended-real format.

FTST-Test

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+-------------------
|D9 E4     |FTST                |X|X|X|X|X|X|Compare ST with 0.0

Description

The test instruction compares the stack top to 0.0. Following the instruction, the condition codes reflect the result of the comparison.

Operation

CASE (relation of operands) OF 
     Not comparable:   C3, C2, C0 ← 111;
     ST > SRC:         C3, C2, C0 ← 000;
     ST < SRC:         C3, C2, C0 ← 001;
     ST = SRC:         C3, C2, C0 ← 100;

FPU Flags Affected

|FPU FLAGS   |EFLAGS
|------------+------
|C0          |CF
|------------+------
|C1          |(none)   
|------------+------
|C2          |PF
|------------+------
|C3          |ZF

C1 as described in FPU Flags Affected; C0, C2, C3 as specified above.

Numeric Exceptions

D, I, IS.

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

If ST contains a NaN or an object of undefined format, or if a stack fault occurs, the invalid-operation exception is raised, and the condition bits are set to "unordered." The sign of zero is ignored, so that -0.0=+0.0.

FUCOM/FUCOMP/FUCOMPP-Unordered Compared Real

Details Table

Description

The unordered compare real instructions compare the stack top to the source , which must be a register. If no operand is encoded, ST is compared to ST( 1). Following the instruction, the condition codes reflect the relation between ST and the source operand.

Operation

CASE (relation of operands) OF
     Not comparable:   C3, C2, C0 ← 111;
     ST > SRC:         C3, C2, C0 ← 000;
     ST < SRC:         C3, C2, C0 ← 001;
     ST = SRC:         C3, C2, C0 ← 100;
IF instruction = FUCOMP THEN pop ST; FI;
IF instruction = FUCOMPP THEN pop ST; pop ST; FI;

FPU Flags Affected

C1 as described in FPU Flags Affected; C0, C2, C3 as specified above.

Numeric Exceptions

D, I, IS.

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set.

Notes

If either operand is an SNaN or is in an undefined format, or if a stack fault occurs, the invalid-operation exception is raised, and the condition bits are set to "unordered".

If either operand is a QNaN, the condition bits are set to "unordered." Unlike the ordinary compare instructions (FCOM, etc.), the unordered compare instructions do not raise the invalid-operation exception on account of a QNaN operand.

The sign of zero is ignored, so that -0.0=+0.0.

FWAIT-Wait

Details Table

|Encoding |Instruction   |0|1|2|3|4|5|Description
|---------+--------------+-+-+-+-+-+-+--------------
|9B       |FWAIT         |X|X|X|X|X|X|Alias for WAIT

Description

FWAIT causes the processor to check for pending unmasked numeric exceptions before proceeding.

Numeric Exceptions

None

Protected Mode Exceptions

1. NM if both MP and TS in CR0 are set.

Real Address Mode Exceptions

Interrupt 7 if both MP and TS in CR0 are set.

Virtual 8086 Mode Exceptions

1. NM if both MP and TS in CR0 are set.

Notes

As its opcode shows, FWAIT is not actually an ESC instruction, but an alternate mnemonic for WAIT. Coding FWAIT after an ESC instruction ensures that any unmasked floating-point exceptions the instruction may cause are handled before the processor has a chance to modify the instruction's results. Refer to the Intel documentation for more information about when to use FWAIT.

FXAM-Examine

Description

The examine instruction reports the type of object contained in the ST register by setting the FPU Flags.

Operation

C1 ← sign bit of ST; (* 0 for positive, 1 for negative *)

CASE (type of object in ST) OF 
     Unsupported:  C3, C2, C0 ← 000;
     NaN:         C3, C2, C0 ← 001;
     Normal:      C3, C2, C0 ← 010;
     Infinity:    C3, C2, C0 ← 011;
     Zero:        C3, C2, C0 ← 100;
     Empty:       C3, C2, C0 ← 101;
     Denormal:    C3, C2, C0 ← 110;

FPU Flags Affected

C0, C1, C2, C3 as shown above.

Numeric Exceptions

None

Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

C1 bit represents the sign of ST(0) regardless of whether ST(0) is empty or full.

FXCH-Exchange Register Contents

Description

FXCH swaps the contents of the destination and stack-top registers. If the destination is not coded explicitly, ST(1) is used.

Operation

TEMP ← ST;
ST ← DEST;
DEST ← TEMP;

Numeric Exceptions

IS.

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set.

Notes

Many numeric instructions operate only on the stack top; FXCH provides a simple means for using these instructions on lower stack elements. For example, the following sequence takes the square root of the third register from the top (assuming that ST is nonempty):

FXCH ST (3)
FSQRT
FXCH ST (3)

FXCH can be paired with some floating point instructions (i.e., FADD, FSUB, FMUL, FLD, FCOM, FUCOM, FCHS, FTST, FABS, FDIV. This set also includes the FADDP, FSUBRP, etc., instructions). When paired, the FXCH gets run in parallel, and does not take any additional clocks.

FXTRACT-Extract Exponent and Significand

Description

FXTRACT splits the value in ST into its exponent and significand. The exponent replaces the original operand on the stack and the significand is pushed onto the stack. Following execution of FXTRACT, ST (the new stack top) contains the value of the original significand expressed as a real number: its sign is the same as the operand's, its exponent is 0 true (16, 383 or 3FFFH biased), and its significand is identical to the original operand's. ST(1) contains the value of the original operand's true (unbiased) exponent expressed as a real number. To illustrate the operation of FXTRACT, assume that ST contains a number whose true exponent is +4 (i.e., its exponent field contains 4003H). After running FXTRACT, ST(1) will contain the real number +4.0; its sign will be positive, its exponent field will contain 4001H (+2 true) and its significand field will contain 1ë00...00B. In other words, the value in ST( 1) will be 1.0 * 2ý = 4. If ST contains an operand whose true exponent is - 7 (i.e., its exponent field contains 3FF8H), then FXTRACT will return an "exponent" of -7.0; after the instruction runs, ST(1)'s sign and exponent fields will contain C001H (negative sign, true exponent of 2), and its significand will be 1ë1100...00B. In other words, the value in ST(1) will be -1.75 * 2ý=-7.0. In both cases, following FXTRACT, ST's sign and significand fields will be the same as the original operand's, and its exponent field will contain 3FFFH (0 true).

Operation

TEMP ← significand of ST;
ST ← exponent of ST;
Decrement FPU stack-top pointer;
ST ← TEMP;

Numeric Exceptions

Z, D, I, IS.

Protected Mode Exceptions

#NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions

Interrupt 7 if either EM or TS in CR0 is set.

Virtual 8086 Mode Exceptions

#NM if either EM or TS in CR0 is set.

Notes

FXTRACT (extract exponent and significand) performs a superset of the IEEE- recommended logb(x) function. If the original operand is zero, FXTRACT leaves -ì in ST(1) (the exponent) while ST is assigned the value zero with a sign equal to that of the original operand. The zero-divide exception is raised in this case, as well. ST(7) must be empty to avoid the invalid-operation exception. FXTRACT is useful for power and range scaling operations. Both FXTRACT and the base 2 exponential instruction F2XM1 are needed to perform a general power operation. Converting numbers in extended-real format to decimal representations (e.g., for printing or displaying) requires not only FBSTP but also FXTRACT to allow scaling that does not overflow the range of the extended format. FXTRACT can also be useful for debugging, because it allows the exponent and significand parts of a real number to be examined separately.

FYL2X-Compute y * log2x

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+----------------------------------
|D9 F1     |FYL2X               |X|X|X|X|X|X|Replace ST with ST(1) * log2ST and
|          |                    | | | | | | |pop ST

Description

FYL2X computes the base-2 logarithm of ST, multiplies the logarithm by ST(1 ), and returns the resulting value to ST(1). It then pops ST. The operand in ST must not be negative or zero.

Operation

ST(1) ← ST(1) * log2ST;
pop ST;

Numeric Exceptions

P, U, O, Z, D, I, IS. Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions Interrupt 7 if either EM or TS in CR0 is set. Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

If the operand in ST is negative, the invalid-operation exception is raised. The FYL2X instruction is designed with a built-in multiplication to optimize the calculation of logarithms with arbitrary positive base: logbx = (log2b) -1 * log2x The instructions FLDL2T and FLDL2E load the constants log210 and log2e, respectively.

FYL2XP1-Compute y * log2(x + 1)

Details Table

|Encoding  |Instruction         |0|1|2|3|4|5|Description
|----------+--------------------+-+-+-+-+-+-+-------------------------------
|D9 F9     |FYL2XP1             |X|X|X|X|X|X|Replace ST(1) with ST(1) * log2
|          |                    | | | | | | |(ST+1.0) and pop ST

Description

FYL2XP1 computes the base-2 logarithm of (ST+1.0), multiples the logarithm by ST(1), and returns the resulting value to ST(1). It then pops ST. The operand in ST must be in the range -(1-(û2 / 2)) ó ST ó û2 -1

Operation

ST(1) ← ST(1) * log2(ST+1.0);
pop ST;

Numeric Exceptions

P, U, D, I, IS. Protected Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Real Address Mode Exceptions Interrupt 7 if either EM or TS in CR0 is set. Virtual 8086 Mode Exceptions

1. NM if either EM or TS in CR0 is set.

Notes

If the operand in ST is outside the acceptable range, the result of FYL2XP1 is undefined. The FYL2XP1 instruction provides improved accuracy over FYL2X when computing the logarithms of numbers very close to 1. When î is small, more significant digits can be retained by providing î as an argument to FYL2XP1 than by providing 1+î as an argument to FYL2X.

HLT-Halt

Description

The HLT instruction stops instruction processing and places the processor in a HALT state. An enabled interrupt, NMI, or a reset will resume execution. If an interrupt (including NMI) is used to resume execution after a HLT instruction, the saved CS:IP (or CS:EIP) value points to the instruction following the HLT instruction.

Operation

Enter Halt state;

Protected Mode Exceptions

The HLT instruction is a privileged instruction; #GP(0) if the current privilege level is not 0.

Virtual 8086 Mode Exceptions

#GP(0); the HLT instruction is a privileged instruction.

IDIV-Signed Divide

Description

The IDIV instruction performs a signed division. The dividend, quotient, and remainder are implicitly allocated to fixed registers. Only the divisor is given as an explicit r/m operand. The type of the divisor determines which registers to use as follows:

If the resulting quotient is too large to fit in the destination, or if the divisor is 0, an Interrupt 0 is generated. Nonintegral quotients are truncated toward 0. The remainder has the same sign as the dividend and the absolute value of the remainder is always less than the absolute value of the divisor.

Operation

temp ← dividend / divisor;
IF temp does not fit in quotient 
THEN Interrupt 0;
ELSE 
 quotient ← temp;
 remainder ← dividend MOD (r/m);
FI;

Note: Divisions are signed. The dividend must be sign-extended. The divisor is given by the r/m operand. The dividend, quotient, and remainder use implicit registers. Refer to the table under "Description."

Flags Affected

|OF|DF|IF|SF|ZF|AF|PF|CF|
|--+--+--+--+--+--+--+--|
|? |  |  |? |? |? |? |? |

The OF, SF, ZF, AF, PF, and CF flags are undefined.

Protected Mode Exceptions

Interrupt 0 if the quotient is too large to fit in the designated register (AL or AX), or if the divisor is 0; #GP (0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in the SS segment; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

Real Address Mode Exceptions

Interrupt 0 if the quotient is too large to fit in the designated register (AL or AX), or if the divisor is 0; Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to 0FFFFH.

Virtual 8086 Mode Exceptions

Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault; #AC for unaligned memory reference if the current privilege level is 3.

IMUL-Signed Multiply

Description

The IMUL instruction performs signed multiplication. Some forms of the instruction use implicit register operands. The operand combinations for all forms of the instruction are shown in the "Description" column above. The IMUL instruction clears the OF and CF flags under the following conditions (otherwise the CF and OF flags are set):

Operation