| January 2003 Laboratory Notes: Computer Engineering II | ||
|---|---|---|
| Prev | Appendix B. x86 Instruction Reference | Next |
AAA ; 37 [8086]
AAS ; 3F [8086]
AAD ; D5 0A [8086]
AAD imm ; D5 ib [8086]
AAM ; D4 0A [8086]
AAM imm ; D4 ib [8086]
These instructions are used in conjunction with the add, subtract, multiply and divide instructions to perform binary-coded decimal arithmetic in unpacked (one BCD digit per byte - easy to translate to and from ASCII, hence the instruction names) form. There are also packed BCD instructions DAA and DAS: see Section B.4.21.
AAA (ASCII Adjust After Addition) should be used after a one-byte ADD instruction whose destination was the AL register: by means of examining the value in the low nibble of AL and also the auxiliary carry flag AF, it determines whether the addition has overflowed, and adjusts it (and sets the carry flag) if so. You can add long BCD strings together by doing ADD/AAA on the low digits, then doing ADC/AAA on each subsequent digit.
AAS (ASCII Adjust AL After Subtraction) works similarly to AAA, but is for use after SUB instructions rather than ADD.
AAM (ASCII Adjust AX After Multiply) is for use after you have multiplied two decimal digits together and left the result in AL: it divides AL by ten and stores the quotient in AH, leaving the remainder in AL. The divisor 10 can be changed by specifying an operand to the instruction: a particularly handy use of this is AAM 16, causing the two nibbles in AL to be separated into AH and AL.
AAD (ASCII Adjust AX Before Division) performs the inverse operation to AAM: it multiplies AH by ten, adds it to AL, and sets AH to zero. Again, the multiplier 10 can be changed.
ADC r/m8,reg8 ; 10 /r [8086]
ADC r/m16,reg16 ; o16 11 /r [8086]
ADC r/m32,reg32 ; o32 11 /r [386]
ADC reg8,r/m8 ; 12 /r [8086]
ADC reg16,r/m16 ; o16 13 /r [8086]
ADC reg32,r/m32 ; o32 13 /r [386]
ADC r/m8,imm8 ; 80 /2 ib [8086]
ADC r/m16,imm16 ; o16 81 /2 iw [8086]
ADC r/m32,imm32 ; o32 81 /2 id [386]
ADC r/m16,imm8 ; o16 83 /2 ib [8086]
ADC r/m32,imm8 ; o32 83 /2 ib [386]
ADC AL,imm8 ; 14 ib [8086]
ADC AX,imm16 ; o16 15 iw [8086]
ADC EAX,imm32 ; o32 15 id [386]
ADC performs integer addition: it adds its two operands together, plus the value of the carry flag, and leaves the result in its destination (first) operand. The destination operand can be a register or a memory location. The source operand can be a register, a memory locaion, or an immediate value.
The flags are set according to the result of the operation: in particular, the carry flag is affected and can be used by a subsequent ADC instruction.
In the forms with an 8-bit immediate second operand and a longer first operand, the second operand is considered to be signed, and is sign-extended to the length of the first operand. In these cases, the BYTE qualifier is necessary to force NASM to generate this form of the instruction.
To add two numbers without also adding the contents of the carry flag, use ADD (Section B.4.3).
ADD r/m8,reg8 ; 00 /r [8086]
ADD r/m16,reg16 ; o16 01 /r [8086]
ADD r/m32,reg32 ; o32 01 /r [386]
ADD reg8,r/m8 ; 02 /r [8086]
ADD reg16,r/m16 ; o16 03 /r [8086]
ADD reg32,r/m32 ; o32 03 /r [386]
ADD r/m8,imm8 ; 80 /0 ib [8086]
ADD r/m16,imm16 ; o16 81 /0 iw [8086]
ADD r/m32,imm32 ; o32 81 /0 id [386]
ADD r/m16,imm8 ; o16 83 /0 ib [8086]
ADD r/m32,imm8 ; o32 83 /0 ib [386]
ADD AL,imm8 ; 04 ib [8086]
ADD AX,imm16 ; o16 05 iw [8086]
ADD EAX,imm32 ; o32 05 id [386]
ADD performs integer addition: it adds its two operands together, and leaves the result in its destination (first) operand. The destination operand can be a register or a memory location. The source operand can be a register, a memory location, or an immediate value.
The flags are set according to the result of the operation: in particular, the carry flag is affected and can be used by a subsequent ADC instruction.
In the forms with an 8-bit immediate second operand and a longer first operand, the second operand is considered to be signed, and is sign-extended to the length of the first operand. In these cases, the BYTE qualifier is necessary to force NASM to generate this form of the instruction.
AND r/m8,reg8 ; 20 /r [8086]
AND r/m16,reg16 ; o16 21 /r [8086]
AND r/m32,reg32 ; o32 21 /r [386]
AND reg8,r/m8 ; 22 /r [8086]
AND reg16,r/m16 ; o16 23 /r [8086]
AND reg32,r/m32 ; o32 23 /r [386]
AND r/m8,imm8 ; 80 /4 ib [8086]
AND r/m16,imm16 ; o16 81 /4 iw [8086]
AND r/m32,imm32 ; o32 81 /4 id [386]
AND r/m16,imm8 ; o16 83 /4 ib [8086]
AND r/m32,imm8 ; o32 83 /4 ib [386]
AND AL,imm8 ; 24 ib [8086]
AND AX,imm16 ; o16 25 iw [8086]
AND EAX,imm32 ; o32 25 id [386]
AND performs a bitwise AND operation between its two operands (i.e. each bit of the result is 1 if and only if the corresponding bits of the two inputs were both 1), and stores the result in the destination (first) operand. The destination operand can be a register or a memory location. The source operand can be a register, a memory location, or an immediate value.
In the forms with an 8-bit immediate second operand and a longer first operand, the second operand is considered to be signed, and is sign-extended to the length of the first operand. In these cases, the BYTE qualifier is necessary to force NASM to generate this form of the instruction.
The MMX instruction PAND (see Section B.5.42) performs the same operation on the 64-bit MMX registers.
ARPL r/m16,reg16 ; 63 /r [286,PRIV]
ARPL expects its two word operands to be segment selectors. It adjusts the RPL (requested privilege level - stored in the bottom two bits of the selector) field of the destination (first) operand to ensure that it is no less (i.e. no more privileged than) the RPL field of the source operand. The zero flag is set if and only if a change had to be made.
BOUND reg16,mem ; o16 62 /r [186]
BOUND reg32,mem ; o32 62 /r [386]
BOUND expects its second operand to point to an area of memory containing two signed values of the same size as its first operand (i.e. two words for the 16-bit form; two doublewords for the 32-bit form). It performs two signed comparisons: if the value in the register passed as its first operand is less than the first of the in-memory values, or is greater than or equal to the second, it throws a BR exception. Otherwise, it does nothing.
BSF reg16,r/m16 ; o16 0F BC /r [386]
BSF reg32,r/m32 ; o32 0F BC /r [386]
BSR reg16,r/m16 ; o16 0F BD /r [386]
BSR reg32,r/m32 ; o32 0F BD /r [386]
BSF searches for the least significant set bit in its source (second) operand, and if it finds one, stores the index in its destination (first) operand. If no set bit is found, the contents of the destination operand are undefined. If the source operand is zero, the zero flag is set.
BSR performs the same function, but searches from the top instead, so it finds the most significant set bit.
Bit indices are from 0 (least significant) to 15 or 31 (most significant). The destination operand can only be a register. The source operand can be a register or a memory location.
BSWAP reg32 ; o32 0F C8+r [486]
BSWAP swaps the order of the four bytes of a 32-bit register: bits 0-7 exchange places with bits 24-31, and bits 8-15 swap with bits 16-23. There is no explicit 16-bit equivalent: to byte-swap AX, BX, CX or DX, XCHG can be used (Section B.4.151). When BSWAP is used with a 16-bit register, the result is undefined.
BT r/m16,reg16 ; o16 0F A3 /r [386]
BT r/m32,reg32 ; o32 0F A3 /r [386]
BT r/m16,imm8 ; o16 0F BA /4 ib [386]
BT r/m32,imm8 ; o32 0F BA /4 ib [386]
BTC r/m16,reg16 ; o16 0F BB /r [386]
BTC r/m32,reg32 ; o32 0F BB /r [386]
BTC r/m16,imm8 ; o16 0F BA /7 ib [386]
BTC r/m32,imm8 ; o32 0F BA /7 ib [386]
BTR r/m16,reg16 ; o16 0F B3 /r [386]
BTR r/m32,reg32 ; o32 0F B3 /r [386]
BTR r/m16,imm8 ; o16 0F BA /6 ib [386]
BTR r/m32,imm8 ; o32 0F BA /6 ib [386]
BTS r/m16,reg16 ; o16 0F AB /r [386]
BTS r/m32,reg32 ; o32 0F AB /r [386]
BTS r/m16,imm ; o16 0F BA /5 ib [386]
BTS r/m32,imm ; o32 0F BA /5 ib [386]
These instructions all test one bit of their first operand, whose index is given by the second operand, and store the value of that bit into the carry flag. Bit indices are from 0 (least significant) to 15 or 31 (most significant).
In addition to storing the original value of the bit into the carry flag, BTR also resets (clears) the bit in the operand itself. BTS sets the bit, and BTC complements the bit. BT does not modify its operands.
The destination can be a register or a memory location. The source can be a register or an immediate value.
If the destination operand is a register, the bit offset should be in the range 0-15 (for 16-bit operands) or 0-31 (for 32-bit operands). An immediate value outside these ranges will be taken modulo 16/32 by the processor.
If the destination operand is a memory location, then an immediate bit offset follows the same rules as for a register. If the bit offset is in a register, then it can be anything within the signed range of the register used (ie, for a 32-bit operand, it can be (-2^31) to (2^31 - 1).
CALL imm ; E8 rw/rd [8086]
CALL imm:imm16 ; o16 9A iw iw [8086]
CALL imm:imm32 ; o32 9A id iw [386]
CALL FAR mem16 ; o16 FF /3 [8086]
CALL FAR mem32 ; o32 FF /3 [386]
CALL r/m16 ; o16 FF /2 [8086]
CALL r/m32 ; o32 FF /2 [386]
CALL calls a subroutine, by means of pushing the current instruction pointer (IP) and optionally CS as well on the stack, and then jumping to a given address.
CS is pushed as well as IP if and only if the call is a far call, i.e. a destination segment address is specified in the instruction. The forms involving two colon-separated arguments are far calls; so are the CALL FAR mem forms.
The immediate near call takes one of two forms (CALL imm16/imm32, determined by the current segment size limit). For 16-bit operands, you would use CALL 0x1234, and for 32-bit operands you would use CALL 0x12345678. The value passed as an operand is a relative offset.
You can choose between the two immediate far call forms (CALL imm:imm) by the use of the WORD and DWORD keywords: CALL WORD 0x1234:0x5678) or CALL DWORD 0x1234:0x56789abc.
The CALL FAR mem forms execute a far call by loading the destination address out of memory. The address loaded consists of 16 or 32 bits of offset (depending on the operand size), and 16 bits of segment. The operand size may be overridden using CALL WORD FAR mem or CALL DWORD FAR mem.
The CALL r/m forms execute a near call (within the same segment), loading the destination address out of memory or out of a register. The keyword NEAR may be specified, for clarity, in these forms, but is not necessary. Again, operand size can be overridden using CALL WORD mem or CALL DWORD mem.
As a convenience, NASM does not require you to call a far procedure symbol by coding the cumbersome CALL SEG routine:routine, but instead allows the easier synonym CALL FAR routine.
The CALL r/m forms given above are near calls; NASM will accept the NEAR keyword (e.g. CALL NEAR [address]), even though it is not strictly necessary.
CBW ; o16 98 [8086]
CWDE ; o32 98 [386]
CWD ; o16 99 [8086]
CDQ ; o32 99 [386]
All these instructions sign-extend a short value into a longer one, by replicating the top bit of the original value to fill the extended one.
CBW extends AL into AX by repeating the top bit of AL in every bit of AH. CWDE extends AX into EAX. CWD extends AX into DX:AX by repeating the top bit of AX throughout DX, and CDQ extends EAX into EDX:EAX.
CLC ; F8 [8086]
CLD ; FC [8086]
CLI ; FA [8086]
CLTS ; 0F 06 [286,PRIV]
These instructions clear various flags. CLC clears the carry flag; CLD clears the direction flag; CLI clears the interrupt flag (thus disabling interrupts); and CLTS clears the task-switched (TS) flag in CR0.
To set the carry, direction, or interrupt flags, use the STC, STD and STI instructions (Section B.4.137). To invert the carry flag, use CMC (Section B.4.14).
CLFLUSH mem ; 0F AE /7 [WILLAMETTE,SSE2]
CLFLUSH invalidates the cache line that contains the linear address specified by the source operand from all levels of the processor cache hierarchy (data and instruction). If, at any level of the cache hierarchy, the line is inconsistent with memory (dirty) it is written to memory before invalidation. The source operand points to a byte-sized memory location.
Although CLFLUSHs flagged SSE2nd above, it may not be present on all processors which have SSE2 support, and it may be supported on other processors; the CPUID instruction (Section B.4.20) will return a bit which indicates support for the CLFLUSH instruction.
CMC ; F5 [8086]
CMC changes the value of the carry flag: if it was 0, it sets it to 1, and vice versa.
CMOVcc reg16,r/m16 ; o16 0F 40+cc /r [P6]
CMOVcc reg32,r/m32 ; o32 0F 40+cc /r [P6]
CMOV moves its source (second) operand into its destination (first) operand if the given condition code is satisfied; otherwise it does nothing.
For a list of condition codes, see Section B.2.2.
Although the CMOV instructions are flagged P6 and above, they may not be supported by all Pentium Pro processors; the CPUID instruction (Section B.4.20) will return a bit which indicates whether conditional moves are supported.
CMP r/m8,reg8 ; 38 /r [8086]
CMP r/m16,reg16 ; o16 39 /r [8086]
CMP r/m32,reg32 ; o32 39 /r [386]
CMP reg8,r/m8 ; 3A /r [8086]
CMP reg16,r/m16 ; o16 3B /r [8086]
CMP reg32,r/m32 ; o32 3B /r [386]
CMP r/m8,imm8 ; 80 /0 ib [8086]
CMP r/m16,imm16 ; o16 81 /0 iw [8086]
CMP r/m32,imm32 ; o32 81 /0 id [386]
CMP r/m16,imm8 ; o16 83 /0 ib [8086]
CMP r/m32,imm8 ; o32 83 /0 ib [386]
CMP AL,imm8 ; 3C ib [8086]
CMP AX,imm16 ; o16 3D iw [8086]
CMP EAX,imm32 ; o32 3D id [386]
CMP performs a `mental' subtraction of its second operand from its first operand, and affects the flags as if the subtraction had taken place, but does not store the result of the subtraction anywhere.
In the forms with an 8-bit immediate second operand and a longer first operand, the second operand is considered to be signed, and is sign-extended to the length of the first operand. In these cases, the BYTE qualifier is necessary to force NASM to generate this form of the instruction.
The destination operand can be a register or a memory location. The source can be a register, memory location, or an immediate value of the same size as the destination.
CMPSB ; A6 [8086]
CMPSW ; o16 A7 [8086]
CMPSD ; o32 A7 [386]
CMPSB compares the byte at [DS:SI] or [DS:ESI] with the byte at [ES:DI] or [ES:EDI], and sets the flags accordingly. It then increments or decrements (depending on the direction flag: increments if the flag is clear, decrements if it is set) SI and DI (or ESI and EDI).
The registers used are SI and DI if the address size is 16 bits, and ESI and EDI if it is 32 bits. If you need to use an address size not equal to the current BITS setting, you can use an explicit a16 or a32 prefix.
The segment register used to load from [SI] or [ESI] can be overridden by using a segment register name as a prefix (for example, ES CMPSB). The use of ES for the load from [DI] or [EDI] cannot be overridden.
CMPSW and CMPSD work in the same way, but they compare a word or a doubleword instead of a byte, and increment or decrement the addressing registers by 2 or 4 instead of 1.
The REPE and REPNE prefixes (equivalently, REPZ and REPNZ) may be used to repeat the instruction up to CX (or ECX - again, the address size chooses which) times until the first unequal or equal byte is found.
CMPXCHG r/m8,reg8 ; 0F B0 /r [PENT]
CMPXCHG r/m16,reg16 ; o16 0F B1 /r [PENT]
CMPXCHG r/m32,reg32 ; o32 0F B1 /r [PENT]
CMPXCHG compares its destination (first) operand to the value in AL, AX or EAX (depending on the operand size of the instruction). If they are equal, it copies its source (second) operand into the destination and sets the zero flag. Otherwise, it clears the zero flag and copies the destination register to AL, AX, or EAX.
The destination can be either a register or a memory location. The source is a register.
CMPXCHG is intended to be used for atomic operations in multitasking or multiprocessor environments. To safely update a value in shared memory, for example, you might load the value into EAX, load the updated value into EBX, and then execute the instruction LOCK CMPXCHG [value],EBX. If value has not changed since being loaded, it is updated with your desired new value, and the zero flag is set to let you know it has worked. (The LOCK prefix prevents another processor doing anything in the middle of this operation: it guarantees atomicity.) However, if another processor has modified the value in between your load and your attempted store, the store does not happen, and you are notified of the failure by a cleared zero flag, so you can go round and try again.
CMPXCHG8B mem ; 0F C7 /1 [PENT]
This is a larger and more unwieldy version of CMPXCHG: it compares the 64-bit (eight-byte) value stored at [mem] with the value in EDX:EAX. If they are equal, it sets the zero flag and stores ECX:EBX into the memory area. If they are unequal, it clears the zero flag and leaves the memory area untouched.
CMPXCHG8B can be used with the LOCK prefix, to allow atomic execution. This is useful in multi-processor and multi-tasking environments.
CPUID ; 0F A2 [PENT]
CPUID returns various information about the processor it is being executed on. It fills the four registers EAX, EBX, ECX and EDX with information, which varies depending on the input contents of EAX.
CPUID also acts as a barrier to serialise instruction execution: executing the CPUID instruction guarantees that all the effects (memory modification, flag modification, register modification) of previous instructions have been completed before the next instruction gets fetched.
The information returned is as follows:
If EAX is zero on input, EAX on output holds the maximum acceptable input value of EAX, and EBX:EDX:ECX contain the string "GenuineIntel" (or not, if you have a clone processor). That is to say, EBX contains "Genu" (in NASM's own sense of character constants, described in Section 5.4.2), EDX contains "ineI" and ECX contains "ntel".
If EAX is one on input, EAX on output contains version information about the processor, and EDX contains a set of feature flags, showing the presence and absence of various features. For example, bit 8 is set if the CMPXCHG8B instruction (Section B.4.19) is supported, bit 15 is set if the conditional move instructions (Section B.4.15 and Section B.4.32) are supported, and bit 23 is set if MMX instructions are supported.
If EAX is two on input, EAX, EBX, ECX and EDX all contain information about caches and TLBs (Translation Lookahead Buffers).
For more information on the data returned from CPUID, see the documentation from Intel and other processor manufacturers.
DAA ; 27 [8086]
DAS ; 2F [8086]
These instructions are used in conjunction with the add and subtract instructions to perform binary-coded decimal arithmetic in packed (one BCD digit per nibble) form. For the unpacked equivalents, see Section B.4.1.
DAA should be used after a one-byte ADD instruction whose destination was the AL register: by means of examining the value in the AL and also the auxiliary carry flag AF, it determines whether either digit of the addition has overflowed, and adjusts it (and sets the carry and auxiliary-carry flags) if so. You can add long BCD strings together by doing ADD/DAA on the low two digits, then doing ADC/DAA on each subsequent pair of digits.
DAS works similarly to DAA, but is for use after SUB instructions rather than ADD.
DEC reg16 ; o16 48+r [8086]
DEC reg32 ; o32 48+r [386]
DEC r/m8 ; FE /1 [8086]
DEC r/m16 ; o16 FF /1 [8086]
DEC r/m32 ; o32 FF /1 [386]
DEC subtracts 1 from its operand. It does not affect the carry flag: to affect the carry flag, use SUB something,1 (see Section B.4.140). See also INC (Section B.4.78).
This instruction can be used with a LOCK prefix to allow atomic execution.
See also INC (Section B.4.78).
DIV r/m8 ; F6 /6 [8086]
DIV r/m16 ; o16 F7 /6 [8086]
DIV r/m32 ; o32 F7 /6 [386]
DIV performs unsigned integer division. The explicit operand provided is the divisor; the dividend and destination operands are implicit, in the following way:
For DIV r/m8, AX is divided by the given operand; the quotient is stored in AL and the remainder in AH.
For DIV r/m16, DX:AX is divided by the given operand; the quotient is stored in AX and the remainder in DX.
For DIV r/m32, EDX:EAX is divided by the given operand; the quotient is stored in EAX and the remainder in EDX.
Signed integer division is performed by the IDIV instruction: see Section B.4.75.
EMMS ; 0F 77 [PENT,MMX]
EMMS sets the FPU tag word (marking which floating-point registers are available) to all ones, meaning all registers are available for the FPU to use. It should be used after executing MMX instructions and before executing any subsequent floating-point operations.
ENTER imm,imm ; C8 iw ib [186]
ENTER constructs a stack frame for a high-level language procedure call. The first operand (the iw in the opcode definition above refers to the first operand) gives the amount of stack space to allocate for local variables; the second (the ib above) gives the nesting level of the procedure (for languages like Pascal, with nested procedures).
The function of ENTER, with a nesting level of zero, is equivalent to
PUSH EBP ; or PUSH BP in 16 bits
MOV EBP, ESP ; or MOV BP, SP in 16 bits
SUB ESP, operand1 ; or SUB SP, operand1 in 16 bits
This creates a stack frame with the procedure parameters accessible upwards from EBP, and local variables accessible downwards from EBP.
With a nesting level of one, the stack frame created is 4 (or 2) bytes bigger, and the value of the final frame pointer EBP is accessible in memory at [EBP-4].
This allows ENTER, when called with a nesting level of two, to look at the stack frame described by the previous value of EBP, find the frame pointer at offset -4 from that, and push it along with its new frame pointer, so that when a level-two procedure is called from within a level-one procedure, [EBP-4] holds the frame pointer of the most recent level-one procedure call and [EBP-8] holds that of the most recent level-two call. And so on, for nesting levels up to 31.
Stack frames created by ENTER can be destroyed by the LEAVE instruction: see Section B.4.93.
F2XM1 ; D9 F0 [8086,FPU]
F2XM1 raises 2 to the power of ST0, subtracts one, and stores the result back into ST0. The initial contents of ST0 must be a number in the range -1.0 to +1.0.
FABS ; D9 E1 [8086,FPU]
FABS computes the absolute value of ST0, by clearing the sign bit, and stores the result back into ST0.
FADD mem32 ; D8 /0 [8086,FPU]
FADD mem64 ; DC /0 [8086,FPU]
FADD fpureg ; D8 C0+r [8086,FPU]
FADD ST0,fpureg ; D8 C0+r [8086,FPU]
FADD TO fpureg ; DC C0+r [8086,FPU]
FADD fpureg,ST0 ; DC C0+r [8086,FPU]
FADDP fpureg ; DE C0+r [8086,FPU]
FADDP fpureg,ST0 ; DE C0+r [8086,FPU]
FADD, given one operand, adds the operand to ST0 and stores the result back in ST0. If the operand has the TO modifier, the result is stored in the register given rather than in ST0.
FADDP performs the same function as FADD TO, but pops the register stack after storing the result.
The given two-operand forms are synonyms for the one-operand forms.
To add an integer value to ST0, use the FIADD instruction (Section B.4.39).
FBLD mem80 ; DF /4 [8086,FPU]
FBSTP mem80 ; DF /6 [8086,FPU]
FBLD loads an 80-bit (ten-byte) packed binary-coded decimal number from the given memory address, converts it to a real, and pushes it on the register stack. FBSTP stores the value of ST0, in packed BCD, at the given address and then pops the register stack.
FCHS ; D9 E0 [8086,FPU]
FCHS negates the number in ST0 by inverting the sign bit: negative numbers become positive, and vice versa.
FCLEX ; 9B DB E2 [8086,FPU]
FNCLEX ; DB E2 [8086,FPU]
FCLEX clears any floating-point exceptions which may be pending. FNCLEX does the same thing but doesn't wait for previous floating-point operations (including the handling of pending exceptions) to finish first.
FCMOVB fpureg ; DA C0+r [P6,FPU]
FCMOVB ST0,fpureg ; DA C0+r [P6,FPU]
FCMOVE fpureg ; DA C8+r [P6,FPU]
FCMOVE ST0,fpureg ; DA C8+r [P6,FPU]
FCMOVBE fpureg ; DA D0+r [P6,FPU]
FCMOVBE ST0,fpureg ; DA D0+r [P6,FPU]
FCMOVU fpureg ; DA D8+r [P6,FPU]
FCMOVU ST0,fpureg ; DA D8+r [P6,FPU]
FCMOVNB fpureg ; DB C0+r [P6,FPU]
FCMOVNB ST0,fpureg ; DB C0+r [P6,FPU]
FCMOVNE fpureg ; DB C8+r [P6,FPU]
FCMOVNE ST0,fpureg ; DB C8+r [P6,FPU]
FCMOVNBE fpureg ; DB D0+r [P6,FPU]
FCMOVNBE ST0,fpureg ; DB D0+r [P6,FPU]
FCMOVNU fpureg ; DB D8+r [P6,FPU]
FCMOVNU ST0,fpureg ; DB D8+r [P6,FPU]
The FCMOV instructions perform conditional move operations: each of them moves the contents of the given register into ST0 if its condition is satisfied, and does nothing if not.
The conditions are not the same as the standard condition codes used with conditional jump instructions. The conditions B, BE, NB, NBE, E and NE are exactly as normal, but none of the other standard ones are supported. Instead, the condition U and its counterpart NU are provided; the U condition is satisfied if the last two floating-point numbers compared were unordered, i.e. they were not equal but neither one could be said to be greater than the other, for example if they were NaNs. (The flag state which signals this is the setting of the parity flag: so the U condition is notionally equivalent to PE, and NU is equivalent to PO.)
The FCMOV conditions test the main processor's status flags, not the FPU status flags, so using FCMOV directly after FCOM will not work. Instead, you should either use FCOMI which writes directly to the main CPU flags word, or use FSTSW to extract the FPU flags.
Although the FCMOV instructions are flagged P6 above, they may not be supported by all Pentium Pro processors; the CPUID instruction (Section B.4.20) will return a bit which indicates whether conditional moves are supported.
FCOM mem32 ; D8 /2 [8086,FPU]
FCOM mem64 ; DC /2 [8086,FPU]
FCOM fpureg ; D8 D0+r [8086,FPU]
FCOM ST0,fpureg ; D8 D0+r [8086,FPU]
FCOMP mem32 ; D8 /3 [8086,FPU]
FCOMP mem64 ; DC /3 [8086,FPU]
FCOMP fpureg ; D8 D8+r [8086,FPU]
FCOMP ST0,fpureg ; D8 D8+r [8086,FPU]
FCOMPP ; DE D9 [8086,FPU]
FCOMI fpureg ; DB F0+r [P6,FPU]
FCOMI ST0,fpureg ; DB F0+r [P6,FPU]
FCOMIP fpureg ; DF F0+r [P6,FPU]
FCOMIP ST0,fpureg ; DF F0+r [P6,FPU]
FCOM compares ST0 with the given operand, and sets the FPU flags accordingly. ST0 is treated as the left-hand side of the comparison, so that the carry flag is set (for a "less-than" result) if ST0 is less than the given operand.
FCOMP does the same as FCOM, but pops the register stack afterwards. FCOMPP compares ST0 with ST1 and then pops the register stack twice.
FCOMI and FCOMIP work like the corresponding forms of FCOM and FCOMP, but write their results directly to the CPU flags register rather than the FPU status word, so they can be immediately followed by conditional jump or conditional move instructions.
The FCOM instructions differ from the FUCOM instructions (Section B.4.67) only in the way they handle quiet NaNs: FUCOM will handle them silently and set the condition code flags to an "unordered" result, whereas FCOM will generate an exception.
FCOS ; D9 FF [386,FPU]
FCOS computes the cosine of ST0 (in radians), and stores the result in ST0. The absolute value of ST0 must be less than 263.
See also FSINCOS (Section B.4.59).
FDECSTP ; D9 F6 [8086,FPU]
FDECSTP decrements the `top' field in the floating-point status word. This has the effect of rotating the FPU register stack by one, as if the contents of ST7 had been pushed on the stack. See also FINCSTP (Section B.4.44).
FDISI ; 9B DB E1 [8086,FPU]
FNDISI ; DB E1 [8086,FPU]
FENI ; 9B DB E0 [8086,FPU]
FNENI ; DB E0 [8086,FPU]
FDISI and FENI disable and enable floating-point interrupts. These instructions are only meaningful on original 8087 processors: the 287 and above treat them as no-operation instructions.
FNDISI and FNENI do the same thing as FDISI and FENI respectively, but without waiting for the floating-point processor to finish what it was doing first.
FDIV mem32 ; D8 /6 [8086,FPU]
FDIV mem64 ; DC /6 [8086,FPU]
FDIV fpureg ; D8 F0+r [8086,FPU]
FDIV ST0,fpureg ; D8 F0+r [8086,FPU]
FDIV TO fpureg ; DC F8+r [8086,FPU]
FDIV fpureg,ST0 ; DC F8+r [8086,FPU]
FDIVR mem32 ; D8 /0 [8086,FPU]
FDIVR mem64 ; DC /0 [8086,FPU]
FDIVR fpureg ; D8 F8+r [8086,FPU]
FDIVR ST0,fpureg ; D8 F8+r [8086,FPU]
FDIVR TO fpureg ; DC F0+r [8086,FPU]
FDIVR fpureg,ST0 ; DC F0+r [8086,FPU]
FDIVP fpureg ; DE F8+r [8086,FPU]
FDIVP fpureg,ST0 ; DE F8+r [8086,FPU]
FDIVRP fpureg ; DE F0+r [8086,FPU]
FDIVRP fpureg,ST0 ; DE F0+r [8086,FPU]
FDIV divides ST0 by the given operand and stores the result back in ST0, unless the TO qualifier is given, in which case it divides the given operand by ST0 and stores the result in the operand.
FDIVR does the same thing, but does the division the other way up: so if TO is not given, it divides the given operand by ST0 and stores the result in ST0, whereas if TO is given it divides ST0 by its operand and stores the result in the operand.
FDIVP operates like FDIV TO, but pops the register stack once it has finished.
FDIVRP operates like FDIVR TO, but pops the register stack once it has finished.
For FP/Integer divisions, see FIDIV (Section B.4.41).
FFREE fpureg ; DD C0+r [8086,FPU]
FFREEP fpureg ; DF C0+r [286,FPU,UNDOC]
FFREE marks the given register as being empty.
FFREEP marks the given register as being empty, and then pops the register stack.
FIADD mem16 ; DE /0 [8086,FPU]
FIADD mem32 ; DA /0 [8086,FPU]
FIADD adds the 16-bit or 32-bit integer stored in the given memory location to ST0, storing the result in ST0.
FICOM mem16 ; DE /2 [8086,FPU]
FICOM mem32 ; DA /2 [8086,FPU]
FICOMP mem16 ; DE /3 [8086,FPU]
FICOMP mem32 ; DA /3 [8086,FPU]
FICOM compares ST0 with the 16-bit or 32-bit integer stored in the given memory location, and sets the FPU flags accordingly. FICOMP does the same, but pops the register stack afterwards.
FIDIV mem16 ; DE /6 [8086,FPU]
FIDIV mem32 ; DA /6 [8086,FPU]
FIDIVR mem16 ; DE /7 [8086,FPU]
FIDIVR mem32 ; DA /7 [8086,FPU]
FIDIV divides ST0 by the 16-bit or 32-bit integer stored in the given memory location, and stores the result in ST0. FIDIVR does the division the other way up: it divides the integer by ST0, but still stores the result in ST0.
FILD mem16 ; DF /0 [8086,FPU]
FILD mem32 ; DB /0 [8086,FPU]
FILD mem64 ; DF /5 [8086,FPU]
FIST mem16 ; DF /2 [8086,FPU]
FIST mem32 ; DB /2 [8086,FPU]
FISTP mem16 ; DF /3 [8086,FPU]
FISTP mem32 ; DB /3 [8086,FPU]
FISTP mem64 ; DF /7 [8086,FPU]
FILD loads an integer out of a memory location, converts it to a real, and pushes it on the FPU register stack. FIST converts ST0 to an integer and stores that in memory; FISTP does the same as FIST, but pops the register stack afterwards.
FIMUL mem16 ; DE /1 [8086,FPU]
FIMUL mem32 ; DA /1 [8086,FPU]
FIMUL multiplies ST0 by the 16-bit or 32-bit integer stored in the given memory location, and stores the result in ST0.
FINCSTP ; D9 F7 [8086,FPU]
FINCSTP increments the `top' field in the floating-point status word. This has the effect of rotating the FPU register stack by one, as if the register stack had been popped; however, unlike the popping of the stack performed by many FPU instructions, it does not flag the new ST7 (previously ST0) as empty. See also FDECSTP (Section B.4.35).
FINIT ; 9B DB E3 [8086,FPU]
FNINIT ; DB E3 [8086,FPU]
FINIT initialises the FPU to its default state. It flags all registers as empty, without actually changing their values. FNINIT does the same, without first waiting for pending exceptions to clear.
FISUB mem16 ; DE /4 [8086,FPU]
FISUB mem32 ; DA /4 [8086,FPU]
FISUBR mem16 ; DE /5 [8086,FPU]
FISUBR mem32 ; DA /5 [8086,FPU]
FISUB subtracts the 16-bit or 32-bit integer stored in the given memory location from ST0, and stores the result in ST0. FISUBR does the subtraction the other way round, i.e. it subtracts ST0 from the given integer, but still stores the result in ST0.
FLD mem32 ; D9 /0 [8086,FPU]
FLD mem64 ; DD /0 [8086,FPU]
FLD mem80 ; DB /5 [8086,FPU]
FLD fpureg ; D9 C0+r [8086,FPU]
FLD loads a floating-point value out of the given register or memory location, and pushes it on the FPU register stack.
FLD1 ; D9 E8 [8086,FPU]
FLDL2E ; D9 EA [8086,FPU]
FLDL2T ; D9 E9 [8086,FPU]
FLDLG2 ; D9 EC [8086,FPU]
FLDLN2 ; D9 ED [8086,FPU]
FLDPI ; D9 EB [8086,FPU]
FLDZ ; D9 EE [8086,FPU]
These instructions push specific standard constants on the FPU register stack:
FLDCW mem16 ; D9 /5 [8086,FPU]
FLDCW loads a 16-bit value out of memory and stores it into the FPU control word (governing things like the rounding mode, the precision, and the exception masks). See also FSTCW (Section B.4.62). If instructions are enabled and you don't want to generate one, use FCLEX or FNCLEX (Section B.4.31) before loading the new control word.
FLDENV mem ; D9 /4 [8086,FPU]
FLDENV loads the FPU operating environment (control word, status word, tag word, instruction pointer, data pointer and last opcode) from memory. The memory area is 14 or 28 bytes long, depending on the CPU mode at the time. See also FSTENV (Section B.4.63).
FMUL mem32 ; D8 /1 [8086,FPU]
FMUL mem64 ; DC /1 [8086,FPU]
FMUL fpureg ; D8 C8+r [8086,FPU]
FMUL ST0,fpureg ; D8 C8+r [8086,FPU]
FMUL TO fpureg ; DC C8+r [8086,FPU]
FMUL fpureg,ST0 ; DC C8+r [8086,FPU]
FMULP fpureg ; DE C8+r [8086,FPU]
FMULP fpureg,ST0 ; DE C8+r [8086,FPU]
FMUL multiplies ST0 by the given operand, and stores the result in ST0, unless the TO qualifier is used in which case it stores the result in the operand. FMULP performs the same operation as FMUL TO, and then pops the register stack.
FPATAN ; D9 F3 [8086,FPU]
FPTAN ; D9 F2 [8086,FPU]
FPATAN computes the arctangent, in radians, of the result of dividing ST1 by ST0, stores the result in ST1, and pops the register stack. It works like the C atan2 function, in that changing the sign of both ST0 and ST1 changes the output value by pi (so it performs true rectangular-to-polar coordinate conversion, with ST1 being the Y coordinate and ST0 being the X coordinate, not merely an arctangent).
FPTAN computes the tangent of the value in ST0 (in radians), and stores the result back into ST0.
The absolute value of ST0 must be less than 263.
FPREM ; D9 F8 [8086,FPU]
FPREM1 ; D9 F5 [386,FPU]
These instructions both produce the remainder obtained by dividing ST0 by ST1. This is calculated, notionally, by dividing ST0 by ST1, rounding the result to an integer, multiplying by ST1 again, and computing the value which would need to be added back on to the result to get back to the original value in ST0.
The two instructions differ in the way the notional round-to-integer operation is performed. FPREM does it by rounding towards zero, so that the remainder it returns always has the same sign as the original value in ST0; FPREM1 does it by rounding to the nearest integer, so that the remainder always has at most half the magnitude of ST1.
Both instructions calculate partial remainders, meaning that they may not manage to provide the final result, but might leave intermediate results in ST0 instead. If this happens, they will set the C2 flag in the FPU status word; therefore, to calculate a remainder, you should repeatedly execute FPREM or FPREM1 until C2 becomes clear.
FRNDINT ; D9 FC [8086,FPU]
FRNDINT rounds the contents of ST0 to an integer, according to the current rounding mode set in the FPU control word, and stores the result back in ST0.
FSAVE mem ; 9B DD /6 [8086,FPU]
FNSAVE mem ; DD /6 [8086,FPU]
FRSTOR mem ; DD /4 [8086,FPU]
FSAVE saves the entire floating-point unit state, including all the information saved by FSTENV (Section B.4.63) plus the contents of all the registers, to a 94 or 108 byte area of memory (depending on the CPU mode). FRSTOR restores the floating-point state from the same area of memory.
FNSAVE does the same as FSAVE, without first waiting for pending floating-point exceptions to clear.
FSCALE ; D9 FD [8086,FPU]
FSCALE scales a number by a power of two: it rounds ST1 towards zero to obtain an integer, then multiplies ST0 by two to the power of that integer, and stores the result in ST0.
FSETPM ; DB E4 [286,FPU]
This instruction initializes protected mode on the 287 floating-point coprocessor. It is only meaningful on that processor: the 387 and above treat the instruction as a no-operation.
FSIN ; D9 FE [386,FPU]
FSINCOS ; D9 FB [386,FPU]
FSIN calculates the sine of ST0 (in radians) and stores the result in ST0. FSINCOS does the same, but then pushes the cosine of the same value on the register stack, so that the sine ends up in ST1 and the cosine in ST0. FSINCOS is faster than executing FSIN and FCOS (see Section B.4.34) in succession.
The absolute value of ST0 must be less than 263.
FSQRT ; D9 FA [8086,FPU]
FSQRT calculates the square root of ST0 and stores the result in ST0.
FST mem32 ; D9 /2 [8086,FPU]
FST mem64 ; DD /2 [8086,FPU]
FST fpureg ; DD D0+r [8086,FPU]
FSTP mem32 ; D9 /3 [8086,FPU]
FSTP mem64 ; DD /3 [8086,FPU]
FSTP mem80 ; DB /7 [8086,FPU]
FSTP fpureg ; DD D8+r [8086,FPU]
FST stores the value in ST0 into the given memory location or other FPU register. FSTP does the same, but then pops the register stack.
FSTCW mem16 ; 9B D9 /7 [8086,FPU]
FNSTCW mem16 ; D9 /7 [8086,FPU]
FSTCW stores the FPU control word (governing things like the rounding mode, the precision, and the exception masks) into a 2-byte memory area. See also FLDCW (Section B.4.49).
FNSTCW does the same thing as FSTCW, without first waiting for pending floating-point exceptions to clear.
FSTENV mem ; 9B D9 /6 [8086,FPU]
FNSTENV mem ; D9 /6 [8086,FPU]
FSTENV stores the FPU operating environment (control word, status word, tag word, instruction pointer, data pointer and last opcode) into memory. The memory area is 14 or 28 bytes long, depending on the CPU mode at the time. See also FLDENV (Section B.4.50).
FNSTENV does the same thing as FSTENV, without first waiting for pending floating-point exceptions to clear.
FSTSW mem16 ; 9B DD /7 [8086,FPU]
FSTSW AX ; 9B DF E0 [286,FPU]
FNSTSW mem16 ; DD /7 [8086,FPU]
FNSTSW AX ; DF E0 [286,FPU]
FSTSW stores the FPU status word into AX or into a 2-byte memory area.
FNSTSW does the same thing as FSTSW, without first waiting for pending floating-point exceptions to clear.
FSUB mem32 ; D8 /4 [8086,FPU]
FSUB mem64 ; DC /4 [8086,FPU]
FSUB fpureg ; D8 E0+r [8086,FPU]
FSUB ST0,fpureg ; D8 E0+r [8086,FPU]
FSUB TO fpureg ; DC E8+r [8086,FPU]
FSUB fpureg,ST0 ; DC E8+r [8086,FPU]
FSUBR mem32 ; D8 /5 [8086,FPU]
FSUBR mem64 ; DC /5 [8086,FPU]
FSUBR fpureg ; D8 E8+r [8086,FPU]
FSUBR ST0,fpureg ; D8 E8+r [8086,FPU]
FSUBR TO fpureg ; DC E0+r [8086,FPU]
FSUBR fpureg,ST0 ; DC E0+r [8086,FPU]
FSUBP fpureg ; DE E8+r [8086,FPU]
FSUBP fpureg,ST0 ; DE E8+r [8086,FPU]
FSUBRP fpureg ; DE E0+r [8086,FPU]
FSUBRP fpureg,ST0 ; DE E0+r [8086,FPU]
FSUB subtracts the given operand from ST0 and stores the result back in ST0, unless the TO qualifier is given, in which case it subtracts ST0 from the given operand and stores the result in the operand.
FSUBR does the same thing, but does the subtraction the other way up: so if TO is not given, it subtracts ST0 from the given operand and stores the result in ST0, whereas if TO is given it subtracts its operand from ST0 and stores the result in the operand.
FSUBP operates like FSUB TO, but pops the register stack once it has finished.
FSUBRP operates like FSUBR TO, but pops the register stack once it has finished.
FTST ; D9 E4 [8086,FPU]
FTST compares ST0 with zero and sets the FPU flags accordingly. ST0 is treated as the left-hand side of the comparison, so that a "less-than" result is generated if ST0 is negative.
FUCOM fpureg ; DD E0+r [386,FPU]
FUCOM ST0,fpureg ; DD E0+r [386,FPU]
FUCOMP fpureg ; DD E8+r [386,FPU]
FUCOMP ST0,fpureg ; DD E8+r [386,FPU]
FUCOMPP ; DA E9 [386,FPU]
FUCOMI fpureg ; DB E8+r [P6,FPU]
FUCOMI ST0,fpureg ; DB E8+r [P6,FPU]
FUCOMIP fpureg ; DF E8+r [P6,FPU]
FUCOMIP ST0,fpureg ; DF E8+r [P6,FPU]
FUCOM compares ST0 with the given operand, and sets the FPU flags accordingly. ST0 is treated as the left-hand side of the comparison, so that the carry flag is set (for a "less-than" result) if ST0 is less than the given operand.
FUCOMP does the same as FUCOM, but pops the register stack afterwards. FUCOMPP compares ST0 with ST1 and then pops the register stack twice.
FUCOMI and FUCOMIP work like the corresponding forms of FUCOM and FUCOMP, but write their results directly to the CPU flags register rather than the FPU status word, so they can be immediately followed by conditional jump or conditional move instructions.
The FUCOM instructions differ from the FCOM instructions (Section B.4.33) only in the way they handle quiet NaNs: FUCOM will handle them silently and set the condition code flags to an "unordered" result, whereas FCOM will generate an exception.
FXAM ; D9 E5 [8086,FPU]
FXAM sets the FPU flags C3, C2 and C0 depending on the type of value stored in ST0:
| Register contents | Flags |
|---|---|
| Unsupported format | 000 |
| NaN | 001 |
| Finite number | 010 |
| Infinity | 011 |
| Zero | 100 |
| Empty register | 101 |
| Denormal | 110 |
Additionally, the C1 flag is set to the sign of the number.
FXCH ; D9 C9 [8086,FPU]
FXCH fpureg ; D9 C8+r [8086,FPU]
FXCH fpureg,ST0 ; D9 C8+r [8086,FPU]
FXCH ST0,fpureg ; D9 C8+r [8086,FPU]
FXCH exchanges ST0 with a given FPU register. The no-operand form exchanges ST0 with ST1.
FXRSTOR memory ; 0F,AE,/1 [P6,SSE,FPU]
The FXRSTOR instruction reloads the FPU, MMX, and XMM states (environment and registers), from the 512-byte memory area defined by the source operand. This data should have been written by a previous FXSAVE.
FXSAVE memory ; 0F,AE,/0 [P6,SSE,FPU]
FXSAVEThe FXSAVE instruction writes the current FPU, MMX, and XMM states (environment and registers) to the specified 512-byte destination defined by the destination operand. It does this without checking for pending unmasked floating-point exceptions (similar to the operation of FNSAVE).
Unlike the FSAVE/FNSAVE instructions, the processor retains the contents of the FPU, MMX, and XMM state in the processor after the state has been saved. This instruction has been optimized to maximize floating-point save performance.
FXTRACT ; D9 F4 [8086,FPU]
FXTRACT separates the number in ST0 into its exponent and significand (mantissa), stores the exponent back into ST0, and then pushes the significand on the register stack (so that the significand ends up in ST0, and the exponent in ST1).
FYL2X ; D9 F1 [8086,FPU]
FYL2XP1 ; D9 F9 [8086,FPU]
FYL2X multiplies ST1 by the base-2 logarithm of ST0, stores the result in ST1, and pops the register stack (so that the result ends up in ST0). ST0 must be non-zero and positive.
FYL2XP1 works the same way, but replacing the base-2 log of ST0 with that of ST0 plus one. This time, ST0 must have magnitude no greater than 1 minus half the square root of two.
HLT ; F4 [8086,PRIV]
HLT puts the processor into a halted state, where it will perform no more operations until restarted by an interrupt or a reset.
On the 286 and later processors, this is a privileged instruction.
IDIV r/m8 ; F6 /7 [8086]
IDIV r/m16 ; o16 F7 /7 [8086]
IDIV r/m32 ; o32 F7 /7 [386]
IDIV performs signed integer division. The explicit operand provided is the divisor; the dividend and destination operands are implicit, in the following way:
For IDIV r/m8, AX is divided by the given operand; the quotient is stored in AL and the remainder in AH.
For IDIV r/m16, DX:AX is divided by the given operand; the quotient is stored in AX and the remainder in DX.
For IDIV r/m32, EDX:EAX is divided by the given operand; the quotient is stored in EAX and the remainder in EDX.
Unsigned integer division is performed by the DIV instruction: see Section B.4.23.
IMUL r/m8 ; F6 /5 [8086]
IMUL r/m16 ; o16 F7 /5 [8086]
IMUL r/m32 ; o32 F7 /5 [386]
IMUL reg16,r/m16 ; o16 0F AF /r [386]
IMUL reg32,r/m32 ; o32 0F AF /r [386]
IMUL reg16,imm8 ; o16 6B /r ib [186]
IMUL reg16,imm16 ; o16 69 /r iw [186]
IMUL reg32,imm8 ; o32 6B /r ib [386]
IMUL reg32,imm32 ; o32 69 /r id [386]
IMUL reg16,r/m16,imm8 ; o16 6B /r ib [186]
IMUL reg16,r/m16,imm16 ; o16 69 /r iw [186]
IMUL reg32,r/m32,imm8 ; o32 6B /r ib [386]
IMUL reg32,r/m32,imm32 ; o32 69 /r id [386]
IMUL performs signed integer multiplication. For the single-operand form, the other operand and destination are implicit, in the following way:
For IMUL r/m8, AL is multiplied by the given operand; the product is stored in AX.
For IMUL r/m16, AX is multiplied by the given operand; the product is stored in DX:AX.
For IMUL r/m32, EAX is multiplied by the given operand; the product is stored in EDX:EAX.
The two-operand form multiplies its two operands and stores the result in the destination (first) operand. The three-operand form multiplies its last two operands and stores the result in the first operand.
The two-operand form with an immediate second operand is in fact a shorthand for the three-operand form, as can be seen by examining the opcode descriptions: in the two-operand form, the code /r takes both its register and r/m parts from the same operand (the first one).
In the forms with an 8-bit immediate operand and another longer source operand, the immediate operand is considered to be signed, and is sign-extended to the length of the other source operand. In these cases, the BYTE qualifier is necessary to force NASM to generate this form of the instruction.
Unsigned integer multiplication is performed by the MUL instruction: see Section B.4.105.
IN AL,imm8 ; E4 ib [8086]
IN AX,imm8 ; o16 E5 ib [8086]
IN EAX,imm8 ; o32 E5 ib [386]
IN AL,DX ; EC [8086]
IN AX,DX ; o16 ED [8086]
IN EAX,DX ; o32 ED [386]
IN reads a byte, word or doubleword from the specified I/O port, and stores it in the given destination register. The port number may be specified as an immediate value if it is between 0 and 255, and otherwise must be stored in DX. See also OUT (Section B.4.109).
INC reg16 ; o16 40+r [8086]
INC reg32 ; o32 40+r [386]
INC r/m8 ; FE /0 [8086]
INC r/m16 ; o16 FF /0 [8086]
INC r/m32 ; o32 FF /0 [386]
INC adds 1 to its operand. It does not affect the carry flag: to affect the carry flag, use ADD something,1 (see Section B.4.3). INC affects all the other flags according to the result.
This instruction can be used with the LOCK prefix to allow atomic execution.
See also DEC (Section B.4.22).
INSB ; 6C [186]
INSW ; o16 6D [186]
INSD ; o32 6D [386]
INSB inputs a byte from the I/O port specified in DX and stores it at [ES:DI] or [ES:EDI]. It then increments or decrements (depending on the direction flag: increments if the flag is clear, decrements if it is set) DI or EDI.
The register used is DI if the address size is 16 bits, and EDI if it is 32 bits. If you need to use an address size not equal to the current BITS setting, you can use an explicit a16 or a32 prefix.
Segment override prefixes have no effect for this instruction: the use of ES for the load from [DI] or [EDI] cannot be overridden.
INSW and INSD work in the same way, but they input a word or a doubleword instead of a byte, and increment or decrement the addressing register by 2 or 4 instead of 1.
The REP prefix may be used to repeat the instruction CX (or ECX - again, the address size chooses which) times.
See also OUTSB, OUTSW and OUTSD (Section B.4.110).
INT imm8 ; CD ib [8086]
INT causes a software interrupt through a specified vector number from 0 to 255.
The code generated by the INT instruction is always two bytes long: although there are short forms for some INT instructions, NASM does not generate them when it sees the INT mnemonic. In order to generate single-byte breakpoint instructions, use the INT3 or INT1 instructions (see Section B.4.81) instead.
INT1 ; F1 [P6]
ICEBP ; F1 [P6]
INT01 ; F1 [P6]
INT3 ; CC [8086]
INT03 ; CC [8086]
INT1 and INT3 are short one-byte forms of the instructions INT 1 and INT 3 (see Section B.4.80). They perform a similar function to their longer counterparts, but take up less code space. They are used as breakpoints by debuggers.
INT1, and its alternative synonyms INT01 and ICEBP, is an instruction used by in-circuit emulators (ICEs). It is present, though not documented, on some processors down to the 286, but is only documented for the Pentium Pro. INT3 is the instruction normally used as a breakpoint by debuggers.
INT3 and its synonym INT03 are not precisely equivalent to INT 3: the short form, since it is designed to be used as a breakpoint, bypasses the normal IOPL checks in virtual-8086 mode, and also does not go through interrupt redirection.
INTO ; CE [8086]
INTO performs an INT 4 software interrupt (see Section B.4.80) if and only if the overflow flag is set.
INVD ; 0F 08 [486]
INVD invalidates and empties the processor's internal caches, and causes the processor to instruct external caches to do the same. It does not write the contents of the caches back to memory first: any modified data held in the caches will be lost. To write the data back first, use WBINVD (Section B.4.148).
INVLPG mem ; 0F 01 /7 [486]
INVLPG invalidates the translation lookahead buffer (TLB) entry associated with the supplied memory address.
IRET ; CF [8086]
IRETW ; o16 CF [8086]
IRETD ; o32 CF [386]
IRET returns from an interrupt (hardware or software) by means of popping IP (or EIP), CS, and the flags off the stack and then continuing execution from the new CS:IP.
IRETW pops IP, CS and the flags as 2 bytes each, taking 6 bytes off the stack in total. IRETD pops EIP as 4 bytes, pops a further 4 bytes of which the top two are discarded and the bottom two go into CS, and pops the flags as 4 bytes as well, taking 12 bytes off the stack.
IRET is a shorthand for either IRETW or IRETD, depending on the default BITS setting at the time.
JCXZ imm ; a16 E3 rb [8086]
JECXZ imm ; a32 E3 rb [386]
JCXZ performs a short jump (with maximum range 128 bytes) if and only if the contents of the CX register is 0. JECXZ does the same thing, but with ECX.
Jcc imm ; 70+cc rb [8086]
Jcc NEAR imm ; 0F 80+cc rw/rd [386]
The conditional jump instructions execute a near (same segment) jump if and only if their conditions are satisfied. For example, JNZ jumps only if the zero flag is not set.
The ordinary form of the instructions has only a 128-byte range; the NEAR form is a 386 extension to the instruction set, and can span the full size of a segment. NASM will not override your choice of jump instruction: if you want Jcc NEAR, you have to use the NEAR keyword.
The SHORT keyword is allowed on the first form of the instruction, for clarity, but is not necessary.
For details on the condition codes, see Section B.2.2.
JMP imm ; E9 rw/rd [8086]
JMP SHORT imm ; EB rb [8086]
JMP imm:imm16 ; o16 EA iw iw [8086]
JMP imm:imm32 ; o32 EA id iw [386]
JMP FAR mem ; o16 FF /5 [8086]
JMP FAR mem32 ; o32 FF /5 [386]
JMP r/m16 ; o16 FF /4 [8086]
JMP r/m32 ; o32 FF /4 [386]
JMP jumps to a given address. The address may be specified as an absolute segment and offset, or as a relative jump within the current segment.
JMP SHORT imm has a maximum range of 128 bytes, since the displacement is specified as only 8 bits, but takes up less code space. NASM does not choose when to generate JMP SHORT for you: you must explicitly code SHORT every time you want a short jump.
You can choose between the two immediate far jump forms (JMP imm:imm) by the use of the WORD and DWORD keywords: JMP WORD 0x1234:0x5678) or JMP DWORD 0x1234:0x56789abc.
The JMP FAR mem forms execute a far jump by loading the destination address out of memory. The address loaded consists of 16 or 32 bits of offset (depending on the operand size), and 16 bits of segment. The operand size may be overridden using JMP WORD FAR mem or JMP DWORD FAR mem.
The JMP r/m forms execute a near jump (within the same segment), loading the destination address out of memory or out of a register. The keyword NEAR may be specified, for clarity, in these forms, but is not necessary. Again, operand size can be overridden using JMP WORD mem or JMP DWORD mem.
As a convenience, NASM does not require you to jump to a far symbol by coding the cumbersome JMP SEG routine:routine, but instead allows the easier synonym JMP FAR routine.
The CALL r/m forms given above are near calls; NASM will accept the NEAR keyword (e.g. CALL NEAR [address]), even though it is not strictly necessary.
LAHF ; 9F [8086]
LAHF sets the AH register according to the contents of the low byte of the flags word.
The operation of LAHF is:
AH <-- SF:ZF:0:AF:0:PF:1:CF
See also SAHF (Section B.4.126).
LAR reg16,r/m16 ; o16 0F 02 /r [286,PRIV]
LAR reg32,r/m32 ; o32 0F 02 /r [286,PRIV]
LAR takes the segment selector specified by its source (second) operand, finds the corresponding segment descriptor in the GDT or LDT, and loads the access-rights byte of the descriptor into its destination (first) operand.
LDS reg16,mem ; o16 C5 /r [8086]
LDS reg32,mem ; o32 C5 /r [386]
LES reg16,mem ; o16 C4 /r [8086]
LES reg32,mem ; o32 C4 /r [386]
LFS reg16,mem ; o16 0F B4 /r [386]
LFS reg32,mem ; o32 0F B4 /r [386]
LGS reg16,mem ; o16 0F B5 /r [386]
LGS reg32,mem ; o32 0F B5 /r [386]
LSS reg16,mem ; o16 0F B2 /r [386]
LSS reg32,mem ; o32 0F B2 /r [386]
These instructions load an entire far pointer (16 or 32 bits of offset, plus 16 bits of segment) out of memory in one go. LDS, for example, loads 16 or 32 bits from the given memory address into the given register (depending on the size of the register), then loads the next 16 bits from memory into DS. LES, LFS, LGS and LSS work in the same way but use the other segment registers.
LEA reg16,mem ; o16 8D /r [8086]
LEA reg32,mem ; o32 8D /r [386]
LEA, despite its syntax, does not access memory. It calculates the effective address specified by its second operand as if it were going to load or store data from it, but instead it stores the calculated address into the register specified by its first operand. This can be used to perform quite complex calculations (e.g. LEA EAX,[EBX+ECX*4+100]) in one instruction.
LEA, despite being a purely arithmetic instruction which accesses no memory, still requires square brackets around its second operand, as if it were a memory reference.
The size of the calculation is the current address size, and the size that the result is stored as is the current operand size. If the address and operand size are not the same, then if the addressing mode was 32-bits, the low 16-bits are stored, and if the address was 16-bits, it is zero-extended to 32-bits before storing.
LEAVE ; C9 [186]
LEAVE destroys a stack frame of the form created by the ENTER instruction (see Section B.4.25). It is functionally equivalent to MOV ESP,EBP followed by POP EBP (or MOV SP,BP followed by POP BP in 16-bit mode).
LFENCE ; 0F AE /5 [WILLAMETTE,SSE2]