INTEL 80386 PROGRAMMER'S REFERENCE MANUAL 1986
Online Utenti astalalista main site mappa sito pagina gratis e-mail gratis blog
Dμ ad un amico
di questo sito
Aggiorna pagina
Home
Cerca nel sito
aggiungi un link a
questa pagina
Aggiungi ai preferiti
Pagina iniziale
Guestbook
Stampa pagina
contatta AOL - ICQ
Compra da
Astalalista
inserisci annuncio
Aggiungi Link

powered by astalalista

questa ricerca sul tuo sito - incontri - altre ricerche - guadagna
Random Link!
Hosted By
HostedScripts.com

INTEL 80386 PROGRAMMER'S REFERENCE MANUAL 1986

 go to English version

translate


INTEL 80386 PROGRAMMER'S REFERENCE MANUAL 1986

Intel Corporation makes no warranty for the use of its products and
assumes no responsibility for any errors which may appear in this document
nor does it make a commitment to update the information contained herein.

Intel retains the right to make changes to these specifications at any
time, without notice.

Contact your local sales office to obtain the latest specifications before
placing your order.

The following are trademarks of Intel Corporation and may only be used to
identify Intel Products:

Above, BITBUS, COMMputer, CREDIT, Data Pipeline, FASTPATH, Genius, i, Œ,
ICE, iCEL, iCS, iDBP, iDIS, IύICE, iLBX, im, iMDDX, iMMX, Inboard,
Insite, Intel, intel, intelBOS, Intel Certified, Intelevision,
inteligent Identifier, inteligent Programming, Intellec, Intellink,
iOSP, iPDS, iPSC, iRMK, iRMX, iSBC, iSBX, iSDM, iSXM, KEPROM, Library
Manager, MAPNET, MCS, Megachassis, MICROMAINFRAME, MULTIBUS, MULTICHANNEL,
MULTIMODULE, MultiSERVER, ONCE, OpenNET, OTP, PC BUBBLE, Plug-A-Bubble,
PROMPT, Promware, QUEST, QueX, Quick-Pulse Programming, Ripplemode, RMX/80,
RUPI, Seamless, SLD, SugarCube, SupportNET, UPI, and VLSiCEL, and the
combination of ICE, iCS, iRMX, iSBC, iSBX, iSXM, MCS, or UPI and a numerical
suffix, 4-SITE.

MDS is an ordering code only and is not used as a product name or
trademark. MDS(R) is a registered trademark of Mohawk Data Sciences
Corporation.

Additional copies of this manual or other Intel literature may be obtained
from:

Intel Corporation
Literature Distribution
Mail Stop SC6-59
3065 Bowers Avenue
Santa Clara, CA 95051

(c)INTEL CORPORATION 1987    CG-5/26/87


Customer Support

ΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔ

Customer Support is Intel's complete support service that provides Intel
customers with hardware support, software support, customer training, and
consulting services. For more information contact your local sales offices.

After a customer purchases any system hardware or software product,
service and support become major factors in determining whether that
product will continue to meet a customer's expectations. Such support
requires an international support organization and a breadth of programs
to meet a variety of customer needs. As you might expect, Intel's customer
support is quite extensive. It includes factory repair services and
worldwide field service offices providing hardware repair services,
software support services, customer training classes, and consulting
services.

Hardware Support Services

Intel is committed to providing an international service support package
through a wide variety of service offerings available from Intel Hardware
Support.

Software Support Services

Intel's software support consists of two levels of contracts. Standard
support includes TIPS (Technical Information Phone Service), updates and
subscription service (product-specific troubleshooting guides and COMMENTS
Magazine). Basic support includes updates and the subscription service.
Contracts are sold in environments which represent product groupings
(i.e., iRMX environment).

Consulting Services

Intel provides field systems engineering services for any phase of your
development or support effort. You can use our systems engineers in a
variety of ways ranging from assistance in using a new product, developing
an application, personalizing training, and customizing or tailoring an
Intel product to providing technical and management consulting. Systems
Engineers are well versed in technical areas such as microcommunications,
real-time applications, embedded microcontrollers, and network services.
You know your application needs; we know our products. Working together we
can help you get a successful product to market in the least possible time.

Customer Training

Intel offers a wide range of instructional programs covering various
aspects of system design and implementation. In just three to ten days a
limited number of individuals learn more in a single workshop than in
weeks of self-study. For optimum convenience, workshops are scheduled
regularly at Training Centers woridwide or we can take our workshops to
you for on-site instruction. Covering a wide variety of topics, Intel's
major course categories include: architecture and assembly language,
programming and operating systems, bitbus and LAN applications.

Training Center Locations

To obtain a complete catalog of our workshops, call the nearest Training
Center in your area.

Boston                    (617) 692-1000
Chicago                   (312) 310-5700
San Francisco             (415) 940-7800
Washington D.C.           (301) 474-2878
Isreal                    (972) 349-491-099
Tokyo                     03-437-6611
Osaka (Call Tokyo)        03-437-6611
Toronto, Canada           (416) 675-2105
London                    (0793) 696-000
Munich                    (089) 5389-1
Paris                     (01) 687-22-21
Stockholm                 (468) 734-01-00
Milan                     39-2-82-44-071
Benelux (Rotterdam)       (10) 21-23-77
Copenhagen                (1) 198-033
Hong Kong                 5-215311-7


Table of Contents

Chapter 1  Introduction to the 80386

1.1  Organization of This Manual
      1.1.1  Part I ΔΔ Applications Programming
      1.1.2  Part II ΔΔ Systems Programming
      1.1.3  Part III ΔΔ Compatibility
      1.1.4  Part IV ΔΔ Instruction Set
      1.1.5  Appendices

1.2  Related Literature
1.3  Notational Conventions
      1.3.1  Data-Structure Formats
      1.3.2  Undefined Bits and Software Compatibility
      1.3.3  Instruction Operands
      1.3.4  Hexadecimal Numbers
      1.3.5  Sub- and Super-Scripts

                     PART I    APPLICATIONS PROGRAMMING                   

Chapter 2  Basic Programming Model

2.1  Memory Organization and Segmentation
      2.1.1  The"Flat" Model
      2.1.2  The Segmented Model

2.2  Data Types
2.3  Registers
      2.3.1  General Registers
      2.3.2  Segment Registers
      2.3.3  Stack Implementation
      2.3.4  Flags Register
              2.3.4.1  Status Flags
              2.3.4.2  Control Flag
              2.3.4.3  Instruction Pointer

2.4  Instruction Format
2.5  Operand Selection
      2.5.1  Immediate Operands
      2.5.2  Register Operands
      2.5.3  Memory Operands
              2.5.3.1  Segment Selection
              2.5.3.2  Effective-Address Computation

2.6  Interrupts and Exceptions

Chapter 3  Applications Instruction Set

3.1  Data Movement Instructions
      3.1.1  General-Purpose Data Movement Instructions
      3.1.2  Stack Manipulation Instructions
      3.1.3  Type Conversion Instructions

3.2  Binary Arithmetic Instructions
      3.2.1  Addition and Subtraction Instructions
      3.2.2  Comparison and Sign Change Instruction
      3.2.3  Multiplication Instructions
      3.2.4  Division Instructions

3.3  Decimal Arithmetic Instructions
      3.3.1  Packed BCD Adjustment Instructions
      3.3.2  Unpacked BCD Adjustment Instructions

3.4  Logical Instructions
      3.4.1  Boolean Operation Instructions
      3.4.2  Bit Test and Modify Instructions
      3.4.3  Bit Scan Instructions
      3.4.4  Shift and Rotate Instructions
              3.4.4.1  Shift Instructions
              3.4.4.2  Double-Shift Instructions
              3.4.4.3  Rotate Instructions
              3.4.4.4  Fast"bit-blt" Using Double Shift
                         Instructions
              3.4.4.5  Fast Bit-String Insert and Extract

      3.4.5  Byte-Set-On-Condition Instructions
      3.4.6  Test Instruction

3.5  Control Transfer Instructions
      3.5.1  Unconditional Transfer Instructions
              3.5.1.1  Jump Instruction
              3.5.1.2  Call Instruction
              3.5.1.3  Return and Return-From-Interrupt Instruction

      3.5.2  Conditional Transfer Instructions
              3.5.2.1  Conditional Jump Instructions
              3.5.2.2  Loop Instructions
              3.5.2.3  Executing a Loop or Repeat Zero Times

      3.5.3  Software-Generated Interrupts

3.6  String and Character Translation Instructions
      3.6.1  Repeat Prefixes
      3.6.2  Indexing and Direction Flag Control
      3.6.3  String Instructions

3.7  Instructions for Block-Structured Languages
3.8  Flag Control Instructions
      3.8.1  Carry and Direction Flag Control Instructions
      3.8.2  Flag Transfer Instructions

3.9  Coprocessor Interface Instructions
3.10 Segment Register Instructions
      3.10.1  Segment-Register Transfer Instructions
      3.10.2  Far Control Transfer Instructions
      3.10.3  Data Pointer Instructions

3.11  Miscellaneous Instructions
       3.11.1  Address Calculation Instruction
       3.11.2  No-Operation Instruction
       3.11.3  Translate Instruction

                       PART II    SYSTEMS PROGRAMMING                     

Chapter 4  Systems Architecture

4.1  Systems Registers
      4.1.1  Systems Flags
      4.1.2  Memory-Management Registers
      4.1.3  Control Registers
      4.1.4  Debug Register
      4.1.5  Test Registers

4.2  Systems Instructions

Chapter 5  Memory Management

5.1  Segment Translation
      5.1.1  Descriptors
      5.1.2  Descriptor Tables
      5.1.3  Selectors
      5.1.4  Segment Registers

5.2  Page Translation
      5.2.1  Page Frame
      5.2.2  Linear Address
      5.2.3  Page Tables
      5.2.4  Page-Table Entries
              5.2.4.1  Page Frame Address
              5.2.4.2  Present Bit
              5.2.4.3  Accessed and Dirty Bits
              5.2.4.4  Read/Write and User/Supervisor Bits

      5.2.5  Page Translation Cache

5.3  Combining Segment and Page Translation
      5.3.1  "Flat" Architecture
      5.3.2  Segments Spanning Several Pages
      5.3.3  Pages Spanning Several Segments
      5.3.4  Non-Aligned Page and Segment Boundaries
      5.3.5  Aligned Page and Segment Boundaries
      5.3.6  Page-Table per Segment

Chapter 6  Protection

6.1  Why Protection?
6.2  Overview of 80386 Protection Mechanisms
6.3  Segment-Level Protection
      6.3.1  Descriptors Store Protection Parameters
              6.3.1.1  Type Checking
              6.3.1.2  Limit Checking
              6.3.1.3  Privilege Levels

      6.3.2  Restricting Access to Data
              6.3.2.1  Accessing Data in Code Segments

      6.3.3  Restricting Control Transfers
      6.3.4  Gate Descriptors Guard Procedure Entry Points
              6.3.4.1  Stack Switching
              6.3.4.2  Returning from a Procedure

      6.3.5  Some Instructions are Reserved for Operating System
              6.3.5.1  Privileged Instructions
              6.3.5.2  Sensitive Instructions

      6.3.6  Instructions for Pointer Validation
              6.3.6.1  Descriptor Validation
              6.3.6.2  Pointer Integrity and RPL

6.4  Page-Level Protection
      6.4.1  Page-Table Entries Hold Protection Parameters
              6.4.1.1  Restricting Addressable Domain
              6.4.1.2  Type Checking

      6.4.2  Combining Protection of Both Levels of Page Tables
      6.4.3  Overrides to Page Protection

6.5  Combining Page and Segment Protection

Chapter 7  Multitasking

7.1  Task State Segment
7.2  TSS Descriptor
7.3  Task Register
7.4  Task Gate Descriptor
7.5  Task Switching
7.6  Task Linking
      7.6.1  Busy Bit Prevents Loops
      7.6.2  Modifying Task Linkages

7.7  Task Address Space
      7.7.1  Task Linear-to-Physical Space Mapping
      7.7.2  Task Logical Address Space

Chapter 8    Input/Output

8.1  I/O Addressing
      8.1.1  I/O Address Space
      8.1.2  Memory-Mapped I/O

8.2  I/O Instructions
      8.2.1  Register I/O Instructions
      8.2.2  Block I/O Instructions

8.3  Protection and I/O
      8.3.1  I/O Privilege Level
      8.3.2  I/O Permission Bit Map

Chapter 9  Exceptions and Interrupts

9.1  Identifying Interrupts
9.2  Enabling and Disabling Interrupts
      9.2.1  NMI Masks Further NMls
      9.2.2  IF Masks INTR
      9.2.3  RF Masks Debug Faults
      9.2.4  MOV or POP to SS Masks Some Interrupts and Exceptions

9.3  Priority Among Simultaneous Interrupts and Exceptions
9.4  Interrupt Descriptor Table
9.5  IDT Descriptors
9.6  Interrupt Tasks and Interrupt Procedures
      9.6.1  Interrupt Procedures
              9.6.1.1  Stack of Interrupt Procedure
              9.6.1.2  Returning from an Interrupt Procedure
              9.6.1.3  Flags Usage by Interrupt Procedure
              9.6.1.4  Protection in Interrupt Procedures

      9.6.2  Interrupt Tasks

9.7  Error Code
9.8  Exception Conditions
      9.8.1  Interrupt 0 ΔΔ Divide Error
      9.8.2  Interrupt 1 ΔΔ Debug Exceptions
      9.8.3  Interrupt 3 ΔΔ Breakpoint
      9.8.4  Interrupt 4 ΔΔ Overflow
      9.8.5  Interrupt 5 ΔΔ Bounds Check
      9.8.6  Interrupt 6 ΔΔ Invalid Opcode
      9.8.7  Interrupt 7 ΔΔ Coprocessor Not Available
      9.8.8  Interrupt 8 ΔΔ Double Fault
      9.8.9  Interrupt 9 ΔΔ Coprocessor Segment Overrun
      9.8.10 Interrupt 10 ΔΔ Invalid TSS
      9.8.11 Interrupt 11 ΔΔ Segment Not Present
      9.8.12 Interrupt 12 ΔΔ Stack Exception
      9.8.13 Interrupt 13 ΔΔ General Protection Exception
      9.8.14 Interrupt 14 ΔΔ Page Fault
              9.8.14.1  Page Fault during Task Switch
              9.8.14.2  Page Fault with Inconsistent Stack Pointer

      9.8.15 Interrupt 16 ΔΔ Coprocessor Error

9.9  Exception Summary

9.10  Error Code Summary

Chapter 10  Initialization

10.1  Processor State after Reset
10.2  Software Initialization for Real-Address Mode
       10.2.1  Stack
       10.2.2  Interrupt Table
       10.2.3  First Instructions

10.3  Switching to Protected Mode
10.4  Software Initialization for Protected Mode
       10.4.1  Interrupt Descriptor Table
       10.4.2  Stack
       10.4.3  Global Descriptor Table
       10.4.4  Page Tables
       10.4.5  First Task

10.5  Initialization Example
10.6  TLB Testing
       10.6.1  Structure of the TLB
       10.6.2  Test Registers
       10.6.3  Test Operations

Chapter 11  Coprocessing and Multiprocessing

11.1  Coprocessing
       11.1.1  Coprocessor Identification
       11.1.2  ESC and WAIT Instructions
       11.1.3  EM and MP Flags
       11.1.4  The Task-Switched Flag
       11.1.5  Coprocessor Exceptions
                11.1.5.1  Interrupt 7 ΔΔ Coprocessor Not Available
                11.1.5.2  Interrupt 9 ΔΔ Coprocessor Segment Overrun
                11.1.5.3  Interrupt 16 ΔΔ Coprocessor Error

11.2  General Multiprocessing
       11.2.1  LOCK and the LOCK# Signal
       11.2.2  Automatic Locking
       11.2.3  Cache Considerations

Chapter 12  Debugging

12.1  Debugging Features of the Architecture
12.2  Debug Registers
       12.2.1  Debug Address Registers (DRO-DR3)
       12.2.2  Debug Control Register (DR7)
       12.2.3  Debug Status Register (DR6)
       12.2.4  Breakpoint Field Recognition

12.3  Debug Exceptions
       12.3.1  Interrupt 1 ΔΔ Debug Exceptions
                12.3.1.1  Instruction Address Breakpoint
                12.3.1.2  Data Address Breakpoint
                12.3.1.3  General Detect Fault
                12.3.1.4  Single-Step Trap
                12.3.1.5  Task Switch Breakpoint

       12.3.2  Interrupt 3 ΔΔ Breakpoint Exception

                          PART III    COMPATIBILITY                       

Chapter 13  Executing 80286 Protected-Mode Code

13.1  80286 Code Executes as a Subset of the 80386
13.2  Two Ways to Execute 80286 Tasks
13.3  Differences from 80286
       13.3.1  Wraparound of 80286 24-Bit Physical Address Space
       13.3.2  Reserved Word of Descriptor
       13.3.3  New Descriptor Type Codes
       13.3.4  Restricted Semantics of LOCK
       13.3.5  Additional Exceptions

Chapter 14  80386 Real-Address Mode

14.1  Physical Address Formation
14.2  Registers and Instructions
14.3  Interrupt and Exception Handling
14.4  Entering and Leaving Real-Address Mode
       14.4.1  Switching to Protected Mode

14.5  Switching Back to Real-Address Mode
14.6  Real-Address Mode Exceptions
14.7  Differences from 8086
14.8  Differences from 80286 Real-Address Mode
       14.8.1  Bus Lock
       14.8.2  Location of First Instruction
       14.8.3  Initial Values of General Registers
       14.8.4  MSW Initialization

Chapter 15  Virtual 8088 Mode

15.1  Executing 8086 Code
       15.1.1  Registers and Instructions
       15.1.2  Linear Address Formation

15.2  Structure of a V86 Task
       15.2.1  Using Paging for V86 Tasks
       15.2.2  Protection within a V86 Task

15.3  Entering and Leaving V86 Mode
       15.3.1  Transitions Through Task Switches
       15.3.2  Transitions Through Trap Gates and Interrupt Gates

15.4  Additional Sensitive Instructions
       15.4.1  Emulating 8086 Operating System Calls
       15.4.2  Virtualizing the Interrupt-Enable Flag

15.5  Virtual I/O
       15.5.1  I/O-Mapped I/O
       15.5.2  Memory-Mapped I/O
       15.5.3  Special I/O Buffers

15.6  Differences from 8086
15.7  Differences from 80286 Real-Address Mode

Chapter 16  Mixing 16-Bit and 32-Bit Code

16.1  How the 80386 Implements 16-Bit and 32-Bit Features
16.2  Mixing 32-Bit and 16-Bit Operations
16.3  Sharing Data Segments among Mixed Code Segments
16.4  Transferring Control among Mixed Code Segments
       16.4.1  Size of Code-Segment Pointer
       16.4.2  Stack Management for Control Transfers
                16.4.2.1  Controlling the Operand-Size for a CALL
                16.4.2.2  Changing Size of Call

       16.4.3  Interrupt Control Transfers
       16.4.4  Parameter Translation
       16.4.5  The Interface Procedure

                         PART IV    INSTRUCTION SET                       

Chapter 17  80386 Instruction Set

17.1  Operand-Size and Address-Size Attributes
       17.1.1  Default Segment Attribute
       17.1.2  Operand-Size and Address-Size Instruction Prefixes
       17.1.3  Address-Size Attribute for Stack

17.2  Instruction Format
       17.2.1  ModR/M and SIB Bytes
       17.2.2  How to Read the Instruction Set Pages
                17.2.2.1  Opcode
                17.2.2.2  Instruction
                17.2.2.3  Clocks
                17.2.2.4  Description
                17.2.2.5  Operation
                17.2.2.6  Description
                17.2.2.7  Flags Affected
                17.2.2.8  Protected Mode Exceptions
                17.2.2.9  Real Address Mode Exceptions
                17.2.2.10 Virtual-8086 Mode Exceptions

Instruction Sets

AAA
AAD
AAM
AAS
ADC
ADD
AND
ARPL
BOUND
BSF
BSR
BT
BTC
BTR
BTS
CALL
CBW/CWDE
CLC
CLD
CLI
CLTS
CMC
CMP
CMPS/CMPSB/CMPSW/CMPSD
CWD/CDQ
DAA
DAS
DEC
DIV
ENTER
HLT
IDIV
IMUL
IN
INC
INS/INSB/INSW/INSD
INT/INTO
IRET/IRETD
Jcc
JMP
LAHF
LAR
LEA
LEAVE
LGDT/LIDT
LGS/LSS/LDS/LES/LFS
LLDT
LMSW
LOCK
LODS/LODSB/LODSW/LODSD
LOOP/LOOPcond
LSL
LTR
MOV
MOV
MOVS/MOVSB/MOVSW/MOVSD
MOVSX
MOVZX
MUL
NEG
NOP
NOT
OR
OUT
OUTS/OUTSB/OUTSW/OUTSD
POP
POPA/POPAD
POPF/POPFD
PUSH
PUSHA/PUSHAD
PUSHF/PUSHFD
RCL/RCR/ROL/ROR
REP/REPE/REPZ/REPNE/REPNZ
RET
SAHF
SAL/SAR/SHL/SHR
SBB
SCAS/SCASB/SCASW/SCASD
SETcc
SGDT/SIDT
SHLD
SHRD
SLDT
SMSW
STC
STD
STI
STOS/STOSB/STOSW/STOSD
STR
SUB
TEST
VERR,VERW
WAIT
XCHG
XLAT/XLATB
XOR

Appendix A  Opcode Map

Appendix B  Complete Flag Cross-Reference

Appendix C  Status Flag Summary

Appendix D  Condition Codes


Figures

1-1     Example Data Structure

2-1     Two-Component Pointer
2-2     Fundamental Data Types
2-3     Bytes, Words, and Doublewords in Memory
2-4     80386 Data Types
2-5     80386 Applications Register Set
2-6     Use of Memory Segmentation
2-7     80386 Stack
2-8     EFLAGS Register
2-9     Instruction Pointer Register
2-10    Effective Address Computation

3-1     PUSH
3-2     PUSHA
3-3     POP
3-4     POPA
3-5     Sign Extension
3-6     SAL and SHL
3-7     SHR
3-8     SAR
3-9     Using SAR to Simulate IDIV
3-10    Shift Left Double
3-11    Shift Right Double
3-12    ROL
3-13    ROR
3-14    RCL
3-15    RCR
3-16    Formal Definition of the ENTER Instruction
3-17    Variable Access in Nested Procedures
3-18    Stack Frame for MAIN at Level 1
3-19    Stack Frame for Prooedure A
3-20    Stack Frame for Procedure B at Level 3 Called from A
3-21    Stack Frame for Procedure C at Level 3 Called from B
3-22    LAHF and SAHF
3-23    Flag Format for PUSHF and POPF

4-1     Systems Flags of EFLAGS Register
4-2     Control Registers

5-1     Address Translation Overview
5-2     Segment Translation
5-3     General Segment-Descriptor Format
5-4     Format of Not-Present Descriptor
5-5     Descriptor Tables
5-6     Format of a Selector
5-7     Segment Registers
5-8     Format of a Linear Address
5-9     Page Translation
5-10    Format of a Page Table Entry
5-11    Invalid Page Table Entry
5-12    80386 Addressing Mechanism
5-13    Descriptor per Page Table

6-1     Protection Fields of Segment Descriptors
6-2     Levels of Privilege
6-3     Privilege Check for Data Access
6-4     Privilege Check for Control Transfer without Gate
6-5     Format of 80386 Call Gate
6-6     Indirect Transfer via Call Gate
6-7     Privilege Check via Call Gate
6-8     Initial Stack Pointers of TSS
6-9     Stack Contents after an Interievel Call
6-10    Protection Fields of Page Table Entries

7-1     80386 32-Bit Task State Segment
7-2     TSS Descriptor for 32-Bit TSS
7-3     Task Register
7-4     Task Gate Descriptor
7-5     Task Gate Indirectly Identifies Task
7-6     Partially-Overlapping Linear Spaces

8-1     Memory-Mapped I/O
8-2     I/O Address Bit Map

9-1     IDT Register and Table
9-2     Pseudo-Descriptor Format for LIDT and SIDT
9-3     80386 IDT Gate Descriptors
9-4     Interrupt Vectoring for Procedures
9-5     Stack Layout after Exception of Interrupt
9-6     Interrupt Vectoring for Tasks
9-7     Error Code Format
9-8     Page-Fault Error Code Format
9-9     CR2 Format

10-1    Contents of EDX after RESET
10-2    Initial Contents of CRO
10-3    TLB Structure
10-4    Test Registers

12-1    Debug Registers

14-1    Real-Address Mode Address Formation

15-1    V86 Mode Address Formation
15-2    Entering and Leaving an 8086 Program
15-3    PL 0 Stack after Interrupt in V86 Task

16-1    Stack after Far 16-Bit and 32-Bit Calls

17-1    80386 Instruction Format
17-2    ModR/M and SIB Byte Formats
17-3    Bit Offset for BIT[EAX, 21]
17-4    Memory Bit Indexing


Tables

2-1      Default Segment Register Selection Rules
2-2      80386 Reserved Exceptions and Interrupts

3-1      Bit Test and Modify Instructions
3-2      Interpretation of Conditional Transfers

6-1      System and Gate Descriptor Types
6-2      Useful Combinations of E, G, and B Bits
6-3      Interievel Return Checks
6-4      Valid Descriptor Types for LSL
6-5      Combining Directory and Page Protection

7-1      Checks Made during a Task Switch
7-2      Effect of Task Switch on BUSY, NT, and Back-Link

9-1      Interrupt and Exception ID Assignments
9-2      Priority Among Simultaneous Interrupts and Exceptions
9-3      Double-Fault Detection Classes
9-4      Double-Fault Definition
9-5      Conditions That Invalidate the TSS
9-6      Exception Summary
9-7      Error-Code Summary

10-1     Meaning of D, U, and W Bit Pairs

12-1     Breakpeint Field Recognition Examples
12-2     Debug Exception Conditions

14-1     80386 Real-Address Mode Exceptions
14-2     New 80386 Exceptions

17-1     Effective Size Attributes
17-2     16-Bit Addressing Forms with the ModR/M Byte
17-3     32-Bit Addressing Forms with the ModR/M Byte
17-4     32-Bit Addressing Forms with the SIB Byte
17-5     Task Switch Times for Exceptions
17-6     80386 Exceptions


Chapter 1  Introduction to the 80386

ΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔ

The 80386 is an advanced 32-bit microprocessor optimized for multitasking
operating systems and designed for applications needing very high
performance. The 32-bit registers and data paths support 32-bit addresses
and data types. The processor can address up to four gigabytes of physical
memory and 64 terabytes (2^(46) bytes) of virtual memory. The on-chip
memory-management facilities include address translation registers,
advanced multitasking hardware, a protection mechanism, and paged virtual
memory. Special debugging registers provide data and code breakpoints even
in ROM-based software.


1.1  Organization of This Manual

This book presents the architecture of the 80386 in five parts:

   Part I      ΔΔ Applications Programming
   Part II     ΔΔ Systems Programming
   Part III    ΔΔ Compatibility
   Part IV     ΔΔ Instruction Set
   Appendices

These divisions are determined in part by the architecture itself and in
part by the different ways the book will be used. As the following table
indicates, the latter two parts are intended as reference material for
programmers actually engaged in the process of developing software for the
80386. The first three parts are explanatory, showing the purpose of
architectural features, developing terminology and concepts, and describing
instructions as they relate to specific purposes or to specific
architectural features.

Explanation                Part I   ΔΔ Applications Programming
                           Part II  ΔΔ Systems Programming
                           Part III ΔΔ Compatibility

Reference                  Part IV  ΔΔ Instruction Set
                           Appendices

The first three parts follow the execution modes and protection features of
the 80386 CPU. The distinction between applications features and systems
features is determined by the protection mechanism of the 80386. One purpose
of protection is to prevent applications from interfering with the operating
system; therefore, the processor makes certain registers and instructions
inaccessible to applications programs. The features discussed in Part I are
those that are accessible to applications; the features in Part II are
available only to systems software that has been given special privileges or
in unprotected systems.

The processing mode of the 80386 also determines the features that are
accessible. The 80386 has three processing modes:

   1.  Protected Mode.
   2.  Real-Address Mode.
   3.  Virtual 8086 Mode.

Protected mode is the natural 32-bit environment of the 80386 processor. In
this mode all instructions and features are available.

Real-address mode (often called just "real mode") is the mode of the
processor immediately after RESET. In real mode the 80386 appears to
programmers as a fast 8086 with some new instructions. Most applications of
the 80386 will use real mode for initialization only.

Virtual 8086 mode (also called V86 mode) is a dynamic mode in the sense
that the processor can switch repeatedly and rapidly between V86 mode and
protected mode. The CPU enters V86 mode from protected mode to execute an
8086 program, then leaves V86 mode and enters protected mode to continue
executing a native 80386 program.

The features that are available to applications programs in protected mode
and to all programs in V86 mode are the same. These features form the
content of Part I. The additional features that are available to systems
software in protected mode form Part II. Part III explains real-address
mode and V86 mode, as well as how to execute a mix of 32-bit and 16-bit
programs.

Available in All Modes             Part I ΔΔ Applications Programming

Available in Protected             Part II ΔΔ Systems Programming
Mode Only

Compatibility Modes                Part III ΔΔ Compatibility


1.1.1  Part I ΔΔ Applications Programming

This part presents those aspects of the architecture that are customarily
used by applications programmers.

Chapter 2 ΔΔ Basic Programming Model: Introduces the models of memory
organization. Defines the data types. Presents the register set used by
applications. Introduces the stack. Explains string operations. Defines the
parts of an instruction. Explains addressing calculations. Introduces
interrupts and exceptions as they may apply to applications programming.

Chapter 3 ΔΔ Application Instruction Set: Surveys the instructions commonly
used for applications programming. Considers instructions in functionally
related groups; for example, string instructions are considered in one
section, while control-transfer instructions are considered in another.
Explains the concepts behind the instructions. Details of individual
instructions are deferred until Part IV, the instruction-set reference.


1.1.2  Part II ΔΔ Systems Programming

This part presents those aspects of the architecture that are customarily
used by programmers who write operating systems, device drivers, debuggers,
and other software that supports applications programs in the protected mode
of the 80386.

Chapter 4 ΔΔ Systems Architecture: Surveys the features of the 80386 that 
are used by systems programmers. Introduces the remaining registers and data
structures of the 80386 that were not discussed in Part I. Introduces the
systems-oriented instructions in the context of the registers and data
structures they support. Points to the chapter where each register, data
structure, and instruction is considered in more detail.

Chapter 5 ΔΔ Memory Management: Presents details of the data structures,
registers, and instructions that support virtual memory and the concepts of
segmentation and paging. Explains how systems designers can choose a model
of memory organization ranging from completely linear ("flat") to fully
paged and segmented.

Chapter 6 ΔΔ Protection: Expands on the memory management features of the
80386 to include protection as it applies to both segments and pages.
Explains the implementation of privilege rules, stack switching, pointer
validation, user and supervisor modes. Protection aspects of multitasking
are deferred until the following chapter.

Chapter 7 ΔΔ Multitasking: Explains how the hardware of the 80386 supports
multitasking with context-switching operations and intertask protection.

Chapter 8 ΔΔ Input/Output: Reveals the I/O features of the 80386, including
I/O instructions, protection as it relates to I/O, and the I/O permission
map.

Chapter 9 ΔΔ Exceptions and Interrupts: Explains the basic interrupt
mechanisms of the 80386. Shows how interrupts and exceptions relate to
protection. Discusses all possible exceptions, listing causes and including
information needed to handle and recover from the exception.

Chapter 10 ΔΔ Initialization: Defines the condition of the processor after
RESET or power-up. Explains how to set up registers, flags, and data
structures for either real-address mode or protected mode. Contains an
example of an initialization program.

Chapter 11 ΔΔ Coprocessing and Multiprocessing: Explains the instructions
and flags that support a numerics coprocessor and multiple CPUs with shared
memory.

Chapter 12 ΔΔ Debugging: Tells how to use the debugging registers of the
80386.


1.1.3  Part III ΔΔ Compatibility

Other parts of the book treat the processor primarily as a 32-bit machine,
omitting for simplicity its facilities for 16-bit operations. Indeed, the
80386 is a 32-bit machine, but its design fully supports 16-bit operands and
addressing, too. This part completes the picture of the 80386 by explaining
the features of the architecture that support 16-bit programs and 16-bit
operations in 32-bit programs. All three processor modes are used to
execute 16-bit programs: protected mode can directly execute 16-bit 80286
protected mode programs, real mode executes 8086 programs and real-mode
80286 programs, and virtual 8086 mode executes 8086 programs in a
multitasking environment with other 80386 protected-mode programs. In
addition, 32-bit and 16-bit modules and individual 32-bit and 16-bit
operations can be mixed in protected mode.

Chapter 13 ΔΔ Executing 80286 Protected-Mode Code: In its protected mode,
the 80386 can execute complete 80286 protected-mode systems, because 80286
capabilities are a subset of 80386 capabilities.

Chapter 14 ΔΔ 80386 Real-Address Mode: Explains the real mode of the 80386
CPU. In this mode the 80386 appears as a fast real-mode 80286 or fast 8086
enhanced with additional instructions.

Chapter 15 ΔΔ Virtual 8086 Mode: The 80386 can switch rapidly between its
protected mode and V86 mode, giving it the ability to multiprogram 8086
programs along with "native mode" 32-bit programs.

Chapter 16 ΔΔ Mixing 16-Bit and 32-Bit Code: Even within a program or task,
the 80386 can mix 16-bit and 32-bit modules. Furthermore, any given module
can utilize both 16-bit and 32-bit operands and addresses.


1.1.4  Part IV ΔΔ Instruction Set

Parts I, II, and III present overviews of the instructions as they relate
to specific aspects of the architecture, but this part presents the
instructions in alphabetical order, providing the detail needed by
assembly-language programmers and programmers of debuggers, compilers,
operating systems, etc. Instruction descriptions include algorithmic
description of operation, effect of flag settings, effect on flag settings,
effect of operand- or address-size attributes, effect of processor modes,
and possible exceptions.


1.1.5  Appendices

The appendices present tables of encodings and other details in a format
designed for quick reference by assembly-language and systems programmers.


1.2  Related Literature

The following books contain additional material concerning the 80386
microprocessor:

  ώ  Introduction to the 80386, order number 231252

  ώ  80386 Hardware Reference Manual, order number 231732

  ώ  80386 System Software Writer's Guide, order number 231499

  ώ  80386 High Performance 32-bit Microprocessor with Integrated Memory
     Management (Data Sheet), order number 231630


1.3  Notational Conventions

This manual uses special notations for data-structure formats, for symbolic
representation of instructions, for hexadecimal numbers, and for super- and
sub-scripts. Subscript characters are surrounded by {curly brackets}, for
example 10{2} = 10 base 2. Superscript characters are preceeded by a caret
and enclosed within (parentheses), for example 10^(3) = 10 to the third
power. A review of these notations will make it easier to read the
manual.

1.3.1  Data-Structure Formats

In illustrations of data structures in memory, smaller addresses appear at
the lower-right part of the figure; addresses increase toward the left and
upwards. Bit positions are numbered from right to left. Figure 1-1
illustrates this convention.


1.3.2  Undefined Bits and Software Compatibility

In many register and memory layout descriptions, certain bits are marked as
undefined. When bits are marked as undefined (as illustrated in Figure
1-1), it is essential for compatibility with future processors that
software treat these bits as undefined. Software should follow these
guidelines in dealing with undefined bits:

  ώ  Do not depend on the states of any undefined bits when testing the
     values of registers that contain such bits. Mask out the undefined bits
     before testing.

  ώ  Do not depend on the states of any undefined bits when storing them in
     memory or in another register.

  ώ  Do not depend on the ability to retain information written into any
     undefined bits.

  ώ  When loading a register, always load the undefined bits as zeros or
     reload them with values previously stored from the same register.

ΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔ
NOTE
  Depending upon the values of undefined register bits will make software
  dependent upon the unspecified manner in which the 80386 handles these
  bits. Depending upon undefined values risks making software incompatible
  with future processors that define usages for these bits. AVOID ANY
  SOFTWARE DEPENDENCE UPON THE STATE OF UNDEFINED 80386 REGISTER BITS.
ΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔ


Figure 1-1.  Example Data Structure

 GREATEST                 DATA STRUCTURE
 ADDRESS
  31              23              15              7             0 ΔΔBIT
 ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»   OFFSET
 Ί                                                               Ί28
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                                               Ί24
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                                               Ί20
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                                               Ί16
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                                               Ί12
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                                               Ί8
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                           UNDEFINED                           Ί4
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ  SMALLEST
 Ί    BYTE 3          BYTE 2          BYTE 1          BYTE 0     Ί0 ADDRESS
 ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ
                                                    BYTE OFFSETΔΔΔΩ


1.3.3  Instruction Operands

When instructions are represented symbolically, a subset of the 80386
Assembly Language is used. In this subset, an instruction has the following
format:

label: prefix mnemonic argument1, argument2, argument3

where:

  ώ  A label is an identifier that is followed by a colon.

  ώ  A prefix is an optional reserved name for one of the instruction
     prefixes.

  ώ  A mnemonic is a reserved name for a class of instruction opcodes that
     have the same function.

  ώ  The operands argument1, argument2, and argument3 are optional. There
     may be from zero to three operands, depending on the opcode.  When
     present, they take the form of either literals or identifiers for data
     items.  Operand identifiers are either reserved names of registers or
     are assumed to be assigned to data items declared in another part of
     the program (which may not be shown in the example). When two operands
     are present in an instruction that modifies data, the right operand is
     the source and the left operand is the destination.

For example:

LOADREG: MOV EAX, SUBTOTAL

In this example LOADREG is a label, MOV is the mnemonic identifier of an
opcode, EAX is the destination operand, and SUBTOTAL is the source operand.

1.3.4  Hexadecimal Numbers

Base 16 numbers are represented by a string of hexadecimal digits followed
by the character H.  A hexadecimal digit is a character from the set (0, 1,
2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F).  In some cases, especially in
examples of program syntax, a leading zero is added if the number would
otherwise begin with one of the digits A-F.  For example, 0FH is equivalent
to the decimal number 15.

1.3.5  Sub- and Super-Scripts

This manual uses special notation to represent sub- and super-script
characters. Sub-script characters are surrounded by {curly brackets}, for
example 10{2} = 10 base 2. Super-script characters are preceeded by a
caret and enclosed within (parentheses), for example 10^(3) = 10 to the
third power.


                     PART I    APPLICATIONS PROGRAMMING                    


Chapter 2  Basic Programming Model

ΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔ

This chapter describes the 80386 application programming environment as
seen by assembly language programmers when the processor is executing in
protected mode. The chapter introduces programmers to those features of the
80386 architecture that directly affect the design and implementation of
80386 applications programs. Other chapters discuss 80386 features that
relate to systems programming or to compatibility with other processors of
the 8086 family.

The basic programming model consists of these aspects:

  ώ  Memory organization and segmentation
  ώ  Data types
  ώ  Registers
  ώ  Instruction format
  ώ  Operand selection
  ώ  Interrupts and exceptions

Note that input/output is not included as part of the basic programming
model. Systems designers may choose to make I/O instructions available to
applications or may choose to reserve these functions for the operating
system. For this reason, the I/O features of the 80386 are discussed in Part
II.

This chapter contains a section for each aspect of the architecture that is
normally visible to applications.


2.1  Memory Organization and Segmentation

The physical memory of an 80386 system is organized as a sequence of 8-bit
bytes. Each byte is assigned a unique address that ranges from zero to a
maximum of 2^(32) -1 (4 gigabytes).

80386 programs, however, are independent of the physical address space.
This means that programs can be written without knowledge of how much
physical memory is available and without knowledge of exactly where in
physical memory the instructions and data are located.

The model of memory organization seen by applications programmers is
determined by systems-software designers. The architecture of the 80386
gives designers the freedom to choose a model for each task. The model of
memory organization can range between the following extremes:

  ώ  A "flat" address space consisting of a single array of up to 4
     gigabytes.

  ώ  A segmented address space consisting of a collection of up to 16,383
     linear address spaces of up to 4 gigabytes each.

Both models can provide memory protection. Different tasks may employ
different models of memory organization. The criteria that designers use to
determine a memory organization model and the means that systems programmers
use to implement that model are covered in Part IIΔΔSystems Programming.


2.1.1  The "Flat" Model

In a "flat" model of memory organization, the applications programmer sees
a single array of up to 2^(32) bytes (4 gigabytes). While the physical
memory can contain up to 4 gigabytes, it is usually much smaller; the
processor maps the 4 gigabyte flat space onto the physical address space by
the address translation mechanisms described in Chapter 5. Applications
programmers do not need to know the details of the mapping.

A pointer into this flat address space is a 32-bit ordinal number that may
range from 0 to 2^(32) -1. Relocation of separately-compiled modules in this
space must be performed by systems software (e.g., linkers, locators,
binders, loaders).


2.1.2  The Segmented Model

In a segmented model of memory organization, the address space as viewed by
an applications program (called the logical address space) is a much larger
space of up to 2^(46) bytes (64 terabytes). The processor maps the 64
terabyte logical address space onto the physical address space (up to 4
gigabytes) by the address translation mechanisms described in Chapter 5.
Applications programmers do not need to know the details of this mapping.

Applications programmers view the logical address space of the 80386 as a
collection of up to 16,383 one-dimensional subspaces, each with a specified
length. Each of these linear subspaces is called a segment. A segment is a
unit of contiguous address space. Segment sizes may range from one byte up
to a maximum of 2^(32) bytes (4 gigabytes).

A complete pointer in this address space consists of two parts (see Figure
2-1):

  1.  A segment selector, which is a 16-bit field that identifies a
      segment.

  2.  An offset, which is a 32-bit ordinal that addresses to the byte level
      within a segment.

During execution of a program, the processor associates with a segment
selector the physical address of the beginning of the segment. Separately
compiled modules can be relocated at run time by changing the base address
of their segments. The size of a segment is variable; therefore, a segment
can be exactly the size of the module it contains.


2.2  Data Types

Bytes, words, and doublewords are the fundamental data types (refer to
Figure 2-2). A byte is eight contiguous bits starting at any logical
address. The bits are numbered 0 through 7; bit zero is the least
significant bit.

A word is two contiguous bytes starting at any byte address. A word thus
contains 16 bits. The bits of a word are numbered from 0 through 15; bit 0
is the least significant bit. The byte containing bit 0 of the word is
called the low byte; the byte containing bit 15 is called the high byte.

Each byte within a word has its own address, and the smaller of the
addresses is the address of the word. The byte at this lower address
contains the eight least significant bits of the word, while the byte at the
higher address contains the eight most significant bits.

A doubleword is two contiguous words starting at any byte address. A
doubleword thus contains 32 bits. The bits of a doubleword are numbered from
0 through 31; bit 0 is the least significant bit. The word containing bit 0
of the doubleword is called the low word; the word containing bit 31 is
called the high word.

Each byte within a doubleword has its own address, and the smallest of the
addresses is the address of the doubleword. The byte at this lowest address
contains the eight least significant bits of the doubleword, while the byte
at the highest address contains the eight most significant bits. Figure 2-3
illustrates the arrangement of bytes within words anddoublewords.

Note that words need not be aligned at even-numbered addresses and
doublewords need not be aligned at addresses evenly divisible by four. This
allows maximum flexibility in data structures (e.g., records containing
mixed byte, word, and doubleword items) and efficiency in memory
utilization. When used in a configuration with a 32-bit bus, actual
transfers of data between processor and memory take place in units of
doublewords beginning at addresses evenly divisible by four; however, the
processor converts requests for misaligned words or doublewords into the
appropriate sequences of requests acceptable to the memory interface. Such
misaligned data transfers reduce performance by requiring extra memory
cycles. For maximum performance, data structures (including stacks) should
be designed in such a way that, whenever possible, word operands are aligned
at even addresses and doubleword operands are aligned at addresses evenly
divisible by four. Due to instruction prefetching and queuing within the
CPU, there is no requirement for instructions to be aligned on word or
doubleword boundaries. (However, a slight increase in speed results if the
target addresses of control transfers are evenly divisible by four.)

Although bytes, words, and doublewords are the fundamental types of
operands, the processor also supports additional interpretations of these
operands. Depending on the instruction referring to the operand, the
following additional data types are recognized:

Integer:
A signed binary numeric value contained in a 32-bit doubleword,16-bit word,
or 8-bit byte. All operations assume a 2's complement representation. The
sign bit is located in bit 7 in a byte, bit 15 in a word, and bit 31 in a
doubleword. The sign bit has the value zero for positive integers and one
for negative. Since the high-order bit is used for a sign, the range of an
8-bit integer is -128 through +127; 16-bit integers may range from -32,768
through +32,767; 32-bit integers may range from -2^(31) through +2^(31) -1.
The value zero has a positive sign.

Ordinal:
An unsigned binary numeric value contained in a 32-bit doubleword,
16-bit word, or 8-bit byte. All bits are considered in determining
magnitude of the number. The value range of an 8-bit ordinal number
is 0-255; 16 bits can represent values from 0 through 65,535; 32 bits
can represent values from 0 through 2^(32) -1.

Near Pointer:
A 32-bit logical address. A near pointer is an offset within a segment.
Near pointers are used in either a flat or a segmented model of memory
organization.

Far Pointer:
A 48-bit logical address of two components: a 16-bit segment selector
component and a 32-bit offset component. Far pointers are used by
applications programmers only when systems designers choose a
segmented memory organization.

String:
A contiguous sequence of bytes, words, or doublewords. A string may
contain from zero bytes to 2^(32) -1 bytes (4 gigabytes).

Bit field:
A contiguous sequence of bits. A bit field may begin at any bit position
of any byte and may contain up to 32 bits.

Bit string:
A contiguous sequence of bits. A bit string may begin at any bit position
of any byte and may contain up to 2^(32) -1 bits.

BCD:
A byte (unpacked) representation of a decimal digit in the range0 through
9. Unpacked decimal numbers are stored as unsigned byte quantities. One
digit is stored in each byte. The magnitude of the number is determined from
the low-order half-byte; hexadecimal values 0-9 are valid and are
interpreted as decimal numbers. The high-order half-byte must be zero for
multiplication and division; it may contain any value for addition and
subtraction.

Packed BCD:
A byte (packed) representation of two decimal digits, each in the range
0 through 9. One digit is stored in each half-byte. The digit in the
high-order half-byte is the most significant. Values 0-9 are valid in each
half-byte. The range of a packed decimal byte is 0-99.

Figure 2-4 graphically summarizes the data types supported by the 80386.


Figure 2-1.  Two-Component Pointer

                                                  
                                   Ί               Ί
                                   ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉΔΏ
       32            0             Ί               Ί ³
      ΙΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝ»   ΙΝΝΝ»    ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ ³
      Ί    OFFSET     ΗΔΔΔΆ + ΗΔΔΔΊ    OPERAND    Ί ³
      ΘΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΌ   ΘΝΝΝΌ    ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ ΓΔ SELECTED SEGMENT
                                  Ί               Ί ³
           16    0          ³      Ί               Ί ³
          ΙΝΝΝΝΝΝΝ»         ³      Ί               Ί ³
          ΊSEGMENTΗΔΔΔΔΔΔΔΔΔωΔΔΔΔΔΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉΔΩ
          ΘΝΝΝΝΝΝΝΌ                Ί               Ί
                                   Ί               Ί
                                   Ί               Ί
                                                  


Figure 2-2.  Fundamental Data Types

  7              0
 ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
 Ί     BYTE      Ί  BYTE
 ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ

  15              7              0
 ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΡΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
 Ί   HIGH BYTE   ³   LOW BYTE    Ί  WORD
 ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ
    address n+1      address n

  31              23              15              7             0
 ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
 Ί           HIGH WORD           ³            LOW WORD          Ί DOUBLEWORD
 ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ
    address n+3     address n+2     address n+1      address n


Figure 2-3.  Bytes, Words, and Doublewords in Memory

                  MEMORY
       BYTE       VALUES
All values in hexadecimal
     ADDRESS   ΙΝΝΝΝΝΝΝΝΝΝ»
              EΊ          Ί
               ΜΝΝΝΝΝΝΝΝΝΝΉΔΔΏ
              DΊ    7A    Ί  ΓΔ DOUBLE WORD AT ADDRESS A
               ΜΝΝΝΝΝΝΝΝΝΝΉΔΏ³  CONTAINS 7AFE0636
              CΊ    FE    Ί ³³
               ΜΝΝΝΝΝΝΝΝΝΝΉ ΓΔ WORD AT ADDRESS B
              BΊ    06    Ί ³³ CONTAINS FE06
               ΜΝΝΝΝΝΝΝΝΝΝΉΔΩ³
              AΊ    36    Ί  ³
               ΜΝΝΝΝΝΝΝΝΝΝΉΝΝ΅
              9Ί    1F    Ί  ΓΔ WORD AT ADDRESS 9
               ΜΝΝΝΝΝΝΝΝΝΝΉΔΔΩ  CONTAINS IF
              8Ί          Ί
               ΜΝΝΝΝΝΝΝΝΝΝΉΔΔΏ
              7Ί    23    Ί  ³
               ΜΝΝΝΝΝΝΝΝΝΝΉ  ΓΔ WORD AT ADDRESS 6
              6Ί    OB    Ί  ³  CONTAINS 23OB
               ΜΝΝΝΝΝΝΝΝΝΝΉΔΔΩ
              5Ί          Ί
               ΜΝΝΝΝΝΝΝΝΝΝΉ
              4Ί          Ί
               ΜΝΝΝΝΝΝΝΝΝΝΉΔΔΏ
              3Ί    74    Ί  ³
               ΜΝΝΝΝΝΝΝΝΝΝΉΔΏΓΔ WORD AT ADDRESS 2
              2Ί    CB    Ί ³³  CONTAINS 74CB
               ΜΝΝΝΝΝΝΝΝΝΝΉΔΔΩ
              1Ί    31    Ί ΓΔΔ WORD AT ADDRESS 1
               ΜΝΝΝΝΝΝΝΝΝΝΉΔΩ   CONTAINS CB31
              0Ί          Ί
               ΘΝΝΝΝΝΝΝΝΝΝΌ


Figure 2-4.  80386 Data Types

                                                           +1       0
          7       0              7       0            15 14    8 7      0
     BYTE ΙΡΡΡΡΡΡΡ»         BYTE ΙΡΡΡΡΡΡΡ»         WORD ΙΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡ»
  INTEGER Ί³  ³   Ί      ORDINAL Ί   ³   Ί      INTEGER Ί³  ³   ³   ³   Ί
          ΘΟΝΝΝΝΝΝΌ              ΘΝΝΝΝΝΝΝΌ              ΘΟΝΝΝΝΝΝΟΝΝΝΝΝΝΝΌ
  SIGN BITΩΐΔΔΔΔΔΔΩ              ΐΔΔΔΔΔΔΔΩ      SIGN BITΩΐMSB           ³
           MAGNITUDE             MAGNITUDE              ΐΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ
                                                            MAGNITUDE


            +1       0                       +3     +2      +1       0
         15              0               31            16 15             0
    WORD ΙΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡ»    DOUBLEWORD ΙΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡ»
 ORDINAL Ί³  ³   ³   ³   Ί       INTEGER Ί³  ³   ³   ³   ³   ³   ³   ³   Ί
         ΘΟΝΝΝΝΝΝΟΝΝΝΝΝΝΝΌ               ΘΟΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΌ
         ³               ³       SIGN BITΩΐMSB                           ³
         ΐΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ               ΐΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ
             MAGNITUDE                              MAGNITUDE


                           +3      +2      +1       0
                        31                              0
             DOUBLEWORD ΙΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡ»
                ORDINAL Ί   ³   ³   ³   ³   ³   ³   ³   Ί
                        ΘΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΌ
                        ΐΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ
                                    MAGNITUDE

                           +N              +1       0
                        7       0       7      0 7      0
           BINARY CODED ΙΡΡΡΡΡΡΡ»       ΙΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡ»
          DECIMAL (BCD) Ί   ³   Ί    Ί   ³   ³   ³   Ί
                        ΘΝΝΝΝΝΝΝΌ       ΘΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΌ
                           BCD             BCD     BCD
                         DIGIT N         DIGIT 1  DIGIT 0

                           +N              +1       0
                        7       0       7      0 7      0
                 PACKED ΙΡΡΡΡΡΡΡ»       ΙΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡ»
                    BCD Ί   ³   Ί    Ί   ³   ³   ³   Ί
                        ΘΝΝΝΝΝΝΝΌ       ΘΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΌ
                        ΐΔΔΔΩ                       ΐΔΔΔΩ
                        MOST                        LEAST
                        SIGNIFICANT           SIGNIFICANT
                        DIGIT                       DIGIT

                           +N              +1       0
                        7       0       7      0 7      0
                   BYTE ΙΡΡΡΡΡΡΡ»       ΙΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡ»
                 STRING Ί   ³   Ί    Ί   ³   ³   ³   Ί
                        ΘΝΝΝΝΝΝΝΌ       ΘΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΌ

                                              -2 GIGABYTES
                +2 GIGABYTES                           210
     BIT ΙΡΡΡΡΝΝΝΝΝΝΝΝΝΝΝΝΡΡΝΝΝΝΝΝΝ  ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΡΡΡΡ»
  STRING Ί³³³³            ³³                         ³³³³Ί
         ΘΟΟΟΟΝΝΝΝΝΝΝΝΝΝΝΝΟΟΝΝΝΝΝΝΝΝ  ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΟΟΟΟΌ
                         BIT 0

               +3      +2      +1       0
            31                              0
NEAR 32-BIT ΙΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡ»
    POINTER Ί   ³   ³   ³   ³   ³   ³   ³   Ί
            ΘΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΌ
            ΐΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ
                             OFFSET

              +5      +4      +3      +2      +1       0
           48                                              0
FAR 48-BIT ΙΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡ»
   POINTER Ί   ³   ³   ³   ³   ³   ³   ³   ³   ³   ³   ³   Ί
           ΘΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΌ
           ΐΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΑΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ
                SELECTOR                 OFFSET

                  +5      +4      +3      +2      +1       0
    32-BIT ΙΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡΡ»
 BIT FIELD Ί   ³   ³   ³   ³   ³   ³   ³   ³   ³   ³   ³   Ί
           ΘΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΌ
                   ³ΔΔΔΔΔΔΔΔΔ BIT FIELD ΔΔΔΔΔΔΔΔΔ³
                             1 TO 32 BITS


2.3  Registers

The 80386 contains a total of sixteen registers that are of interest to the
applications programmer. As Figure 2-5 shows, these registers may be
grouped into these basic categories:

  1.  General registers. These eight 32-bit general-purpose registers are
      used primarily to contain operands for arithmetic and logical
      operations.

  2.  Segment registers. These special-purpose registers permit systems
      software designers to choose either a flat or segmented model of
      memory organization. These six registers determine, at any given time,
      which segments of memory are currently addressable.

  3.  Status and instruction registers. These special-purpose registers are
      used to record and alter certain aspects of the 80386 processor state.


2.3.1  General Registers

The general registers of the 80386 are the 32-bit registers EAX, EBX, ECX,
EDX, EBP, ESP, ESI, and EDI. These registers are used interchangeably to
contain the operands of logical and arithmetic operations. They may also be
used interchangeably for operands of address computations (except that ESP
cannot be used as an index operand).

As Figure 2-5 shows, the low-order word of each of these eight registers
has a separate name and can be treated as a unit. This feature is useful for
handling 16-bit data items and for compatibility with the 8086 and 80286
processors. The word registers are named AX, BX, CX, DX, BP, SP, SI, and DI.

Figure 2-5 also illustrates that each byte of the 16-bit registers AX, BX,
CX, and DX has a separate name and can be treated as a unit. This feature is
useful for handling characters and other 8-bit data items. The byte
registers are named AH, BH, CH, and DH (high bytes); and AL, BL, CL, and DL
(low bytes).

All of the general-purpose registers are available for addressing
calculations and for the results of most arithmetic and logical
calculations; however, a few functions are dedicated to certain registers.
By implicitly choosing registers for these functions, the 80386 architecture
can encode instructions more compactly. The instructions that use specific
registers include: double-precision multiply and divide, I/O, string
instructions, translate, loop, variable shift and rotate, and stack
operations.


2.3.2  Segment Registers

The segment registers of the 80386 give systems software designers the
flexibility to choose among various models of memory organization.
Implementation of memory models is the subject of Part II ΔΔ Systems
Programming. Designers may choose a model in which applications programs do
not need to modify segment registers, in which case applications programmers
may skip this section.

Complete programs generally consist of many different modules, each
consisting of instructions and data. However, at any given time during
program execution, only a small subset of a program's modules are actually
in use. The 80386 architecture takes advantage of this by providing
mechanisms to support direct access to the instructions and data of the
current module's environment, with access to additional segments on demand.

At any given instant, six segments of memory may be immediately accessible
to an executing 80386 program. The segment registers CS, DS, SS, ES, FS, and
GS are used to identify these six current segments. Each of these registers
specifies a particular kind of segment, as characterized by the associated
mnemonics ("code," "data," or "stack") shown in Figure 2-6. Each register
uniquely determines one particular segment, from among the segments that
make up the program, that is to be immediately accessible at highest speed.

The segment containing the currently executing sequence of instructions is
known as the current code segment; it is specified by means of the CS
register. The 80386 fetches all instructions from this code segment, using
as an offset the contents of the instruction pointer. CS is changed
implicitly as the result of intersegment control-transfer instructions (for
example, CALL and JMP), interrupts, and exceptions.

Subroutine calls, parameters, and procedure activation records usually
require that a region of memory be allocated for a stack. All stack
operations use the SS register to locate the stack. Unlike CS, the SS
register can be loaded explicitly, thereby permitting programmers to define
stacks dynamically.

The DS, ES, FS, and GS registers allow the specification of four data
segments, each addressable by the currently executing program. Accessibility
to four separate data areas helps programs efficiently access different
types of data structures; for example, one data segment register can point
to the data structures of the current module, another to the exported data
of a higher-level module, another to a dynamically created data structure,
and another to data shared with another task. An operand within a data
segment is addressed by specifying its offset either directly in an
instruction or indirectly via general registers.

Depending on the structure of data (e.g., the way data is parceled into one
or more segments), a program may require access to more than four data
segments. To access additional segments, the DS, ES, FS, and GS registers
can be changed under program control during the course of a program's
execution. This simply requires that the program execute an instruction to
load the appropriate segment register prior to executing instructions that
access the data.

The processor associates a base address with each segment selected by a
segment register. To address an element within a segment, a 32-bit offset is
added to the segment's base address. Once a segment is selected (by loading
the segment selector into a segment register), a data manipulation
instruction only needs to specify the offset. Simple rules define which
segment register is used to form an address when only an offset is
specified.


Figure 2-5.  80386 Applications Register Set

                              GENERAL REGISTERS

  31                23                15                7               0
 ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΞΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΟΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
 Ί                                  EAX       AH       AX      AL        Ί
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΞΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΚΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                  EDX       DH       DX      DL        Ί
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΞΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΚΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                  ECX       CH       CX      CL        Ί
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΞΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΚΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                  EBX       BH       BX      BL        Ί
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΞΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΚΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                  EBP                BP                Ί
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΞΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                  ESI                SI                Ί
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΞΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                  EDI                DI                Ί
 ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΞΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
 Ί                                  ESP                SP                Ί
 ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΞΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ


                      15                7               0
                     ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
                     Ί         CS (CODE SEGMENT)         Ί
                     ΗΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΕΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΆ
                     Ί         SS (STACK SEGMENT)        Ί
    SEGMENT          ΗΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΕΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΆ
    REGISTERS        Ί         DS (DATA SEGMENT)         Ί
                     ΗΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΕΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΆ
                     Ί         ES (DATA SEGMENT)         Ί
                     ΗΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΕΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΆ
                     Ί         FS (DATA SEGMENT)         Ί
                     ΗΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΕΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΆ
                     Ί         GS (DATA SEGMENT)         Ί
                     ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ


                       STATUS AND INSTRUCTION REGISTERS

     31               23                15                7              0
   ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
   Ί                                EFLAGS                                 Ί
   ΗΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΆ
   Ί                        EIP (INSTRUCTION POINTER)                      Ί
   ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ


Figure 2-6.  Use of Memory Segmentation

     ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»                                ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
     Ί     MODULE     Ί                                Ί     MODULE     Ί
     Ί       A        ΊΔΔΏ                        ΪΔΔΊ       A        Ί
     Ί      CODE      Ί   ³                        ³   Ί      DATA      Ί
     ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ   ³  ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»  ³   ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ
                          ΐΔΔΆ    CS (CODE)     Ί  ³
                             ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ  ³
     ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»   ΪΔΔΆ    SS (STACK)    Ί  ³   ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
     Ί                Ί   ³  ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ  ³   Ί      DATA      Ί
     Ί     STACK      ΊΔΔΩ  Ί    DS (DATA)     ΗΔΔΩΪΔΊ   STRUCTURE    Ί
     Ί                Ί      ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ   ³  Ί       1        Ί
     ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ      Ί    ES (DATA)     ΗΔΔΔΩ  ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ
                             ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ
                          ΪΔΔΆ    FS (DATA)     Ί
     ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»   ³  ΜΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΉ      ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
     Ί      DATA      Ί   ³  Ί    GS (DATA)     ΗΔΔΏ   Ί      DATA      Ί
     Ί   STRUCTURE    ΊΔΔΩ  ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ  ΐΔΔΊ   STRUCTURE    Ί
     Ί       2        Ί                                Ί       3        Ί
     ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ                                ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ


2.3.3  Stack Implementation

Stack operations are facilitated by three registers:

  1.  The stack segment (SS) register. Stacks are implemented in memory. A
      system may have a number of stacks that is limited only by the maximum
      number of segments. A stack may be up to 4 gigabytes long, the maximum
      length of a segment. One stack is directly addressable at a timeΔΔthe
      one located by SS. This is the current stack, often referred to simply
      as "the" stack. SS is used automatically by the processor for all
      stack operations.

  2.  The stack pointer (ESP) register. ESP points to the top of the
      push-down stack (TOS). It is referenced implicitly by PUSH and POP
      operations, subroutine calls and returns, and interrupt operations.
      When an item is pushed onto the stack (see Figure 2-7), the processor
      decrements ESP, then writes the item at the new TOS. When an item is
      popped off the stack, the processor copies it from TOS, then
      increments ESP. In other words, the stack grows down in memory toward
      lesser addresses.

  3.  The stack-frame base pointer (EBP) register. The EBP is the best
      choice of register for accessing data structures, variables and
      dynamically allocated work space within the stack. EBP is often used
      to access elements on the stack relative to a fixed point on the stack
      rather than relative to the current TOS. It typically identifies the
      base address of the current stack frame established for the current
      procedure. When EBP is used as the base register in an offset
      calculation, the offset is calculated automatically in the current
      stack segment (i.e., the segment currently selected by SS). Because
      SS does not have to be explicitly specified, instruction encoding in
      such cases is more efficient. EBP can also be used to index into
      segments addressable via other segment registers.


Figure 2-7.  80386 Stack

     31                         0
     ΙΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝ» ΔΔΔΔΔΔΔBOTTOM OF STACK
     Ί                           Ί       (INITIAL ESP VALUE)
     ΗΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΉ
     Ί                           Ί
     ΜΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΉ        
     Ί                           Ί        ³POP
     ΜΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΉ        ³
     Ί                           Ί        ³
     ΜΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΉ        ³      TOP OF     ΙΝΝΝΝΝΝΝΝΝΝΝΝΝ»
     Ί                           Ί ΔΔΔΔΔΔΕΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΆ     ESP     Ί
     ΜΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΨΝΝΝΝΝΝΉ        ³      STACK      ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΌ
     Ί                           Ί        ³
     Ί                           Ί        ³
     Ί                           Ί        ³PUSH
     Ί                           Ί        


2.3.4  Flags Register

The flags register is a 32-bit register named EFLAGS. Figure 2-8 defines
the bits within this register. The flags control certain operations and
indicate the status of the 80386.

The low-order 16 bits of EFLAGS is named FLAGS and can be treated as a
unit. This feature is useful when executing 8086 and 80286 code, because
this part of EFLAGS is identical to the FLAGS register of the 8086 and the
80286.

The flags may be considered in three groups: the status flags, the control
flags, and the systems flags. Discussion of the systems flags is delayed
until Part II.


Figure 2-8.  EFLAGS Register  

                                              16-BIT FLAGS REGISTER
                                                         A
                                     ΪΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΑΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΏ
  31                  23                  15               7            0
 ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΡΝΡΝΡΝΡΝΡΝΨΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝ»
 Ί                                   ³V³R³ ³N³ IO³O³D³I³T³S³Z³ ³A³ ³P³ ³CΊ
 Ί 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ³ ³ ³0³ ³   ³ ³ ³ ³ ³ ³ ³0³ ³0³ ³1³ Ί
 Ί                                   ³M³F³ ³T³ PL³F³F³F³F³F³F³ ³F³ ³F³ ³FΊ
 ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΟΡΟΡΟΝΟΡΟΝΨΝΟΡΟΡΟΡΟΡΟΡΟΡΟΝΟΡΟΝΟΡΟΝΟΡΌ
                                      ³ ³   ³  ³  ³ ³ ³ ³ ³ ³   ³   ³   ³
       VIRTUAL 8086 MODEΔΔΔXΔΔΔΔΔΔΔΔΔΔΩ ³   ³  ³  ³ ³ ³ ³ ³ ³   ³   ³   ³
             RESUME FLAGΔΔΔXΔΔΔΔΔΔΔΔΔΔΔΔΩ   ³  ³  ³ ³ ³ ³ ³ ³   ³   ³   ³
        NESTED TASK FLAGΔΔΔXΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ  ³  ³ ³ ³ ³ ³ ³   ³   ³   ³
     I/O PRIVILEGE LEVELΔΔΔXΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ  ³ ³ ³ ³ ³ ³   ³   ³   ³
                OVERFLOWΔΔΔSΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ ³ ³ ³ ³ ³   ³   ³   ³
          DIRECTION FLAGΔΔΔCΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ ³ ³ ³ ³   ³   ³   ³
        INTERRUPT ENABLEΔΔΔXΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ ³ ³ ³   ³   ³   ³
               TRAP FLAGΔΔΔSΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ ³ ³   ³   ³   ³
               SIGN FLAGΔΔΔSΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ ³   ³   ³   ³
               ZERO FLAGΔΔΔSΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ   ³   ³   ³
         AUXILIARY CARRYΔΔΔSΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ   ³   ³
             PARITY FLAGΔΔΔSΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ   ³
              CARRY FLAGΔΔΔSΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ

          S = STATUS FLAG, C = CONTROL FLAG, X = SYSTEM FLAG

          NOTE: 0 OR 1 INDICATES INTEL RESERVED. DO NOT DEFINE


2.3.4.1  Status Flags

The status flags of the EFLAGS register allow the results of one
instruction to influence later instructions. The arithmetic instructions use
OF, SF, ZF, AF, PF, and CF. The SCAS (Scan String), CMPS (Compare String),
and LOOP instructions use ZF to signal that their operations are complete.
There are instructions to set, clear, and complement CF before execution of
an arithmetic instruction. Refer to Appendix C for definition of each
status flag.


2.3.4.2  Control Flag

The control flag DF of the EFLAGS register controls string instructions.

DF (Direction Flag, bit 10)

  Setting DF causes string instructions to auto-decrement; that is, to
  process strings from high addresses to low addresses. Clearing DF causes
  string instructions to auto-increment, or to process strings from low
  addresses to high addresses.


2.3.4.3  Instruction Pointer

The instruction pointer register (EIP) contains the offset address,
relative to the start of the current code segment, of the next sequential
instruction to be executed. The instruction pointer is not directly visible
to the programmer; it is controlled implicitly by control-transfer
instructions, interrupts, and exceptions.

As Figure 2-9 shows, the low-order 16 bits of EIP is named IP and can be
used by the processor as a unit. This feature is useful when executing
instructions designed for the 8086 and 80286 processors.


Figure 2-9.  Instruction Pointer Register

                                                 16-BIT IP REGISTER
                                       ΪΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΑΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΏ
    31                23                15                7               0
   ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
   Ί                       EIP (INSTRUCTION POINTER)                       Ί
   ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ


2.4  Instruction Format

The information encoded in an 80386 instruction includes a specification of
the operation to be performed, the type of the operands to be manipulated,
and the location of these operands. If an operand is located in memory, the
instruction must also select, explicitly or implicitly, which of the
currently addressable segments contains the operand.

80386 instructions are composed of various elements and have various
formats. The exact format of instructions is shown in Appendix B; the
elements of instructions are described below. Of these instruction elements,
only one, the opcode, is always present. The other elements may or may not
be present, depending on the particular operation involved and on the
location and type of the operands. The elements of an instruction, in order
of occurrence are as follows:

  ώ  Prefixes ΔΔ one or more bytes preceding an instruction that modify the
     operation of the instruction. The following types of prefixes can be
     used by applications programs:

     1.  Segment override ΔΔ explicitly specifies which segment register an
         instruction should use, thereby overriding the default
         segment-register selection used by the 80386 for that instruction.

     2.  Address size ΔΔ switches between 32-bit and 16-bit address 
         generation.

     3.  Operand size ΔΔ switches between 32-bit and 16-bit operands.

     4.  Repeat ΔΔ used with a string instruction to cause the instruction
         to act on each element of the string.

  ώ  Opcode ΔΔ specifies the operation performed by the instruction. Some
     operations have several different opcodes, each specifying a different
     variant of the operation.

  ώ  Register specifier ΔΔ an instruction may specify one or two register
     operands. Register specifiers may occur either in the same byte as the
     opcode or in the same byte as the addressing-mode specifier.

  ώ  Addressing-mode specifier ΔΔ when present, specifies whether an operand
     is a register or memory location; if in memory, specifies whether a
     displacement, a base register, an index register, and scaling are to be
     used.

  ώ  SIB (scale, index, base) byte ΔΔ when the addressing-mode specifier
     indicates that an index register will be used to compute the address of
     an operand, an SIB byte is included in the instruction to encode the
     base register, the index register, and a scaling factor.

  ώ  Displacement ΔΔ when the addressing-mode specifier indicates that a
     displacement will be used to compute the address of an operand, the
     displacement is encoded in the instruction. A displacement is a signed
     integer of 32, 16, or eight bits. The eight-bit form is used in the
     common case when the displacement is sufficiently small. The processor
     extends an eight-bit displacement to 16 or 32 bits, taking into
     account the sign.

  ώ  Immediate operand ΔΔ when present, directly provides the value of an
     operand of the instruction. Immediate operands may be 8, 16, or 32 bits
     wide. In cases where an eight-bit immediate operand is combined in some
     way with a 16- or 32-bit operand, the processor automatically extends
     the size of the eight-bit operand, taking into account the sign.


2.5  Operand Selection

An instruction can act on zero or more operands, which are the data
manipulated by the instruction. An example of a zero-operand instruction is
NOP (no operation). An operand can be in any of these locations:

  ώ  In the instruction itself (an immediate operand)

  ώ  In a register (EAX, EBX, ECX, EDX, ESI, EDI, ESP, or EBP in the case
     of 32-bit operands; AX, BX, CX, DX, SI, DI, SP, or BP in the case of
     16-bit operands; AH, AL, BH, BL, CH, CL, DH, or DL in the case of 8-bit
     operands; the segment registers; or the EFLAGS register for flag
     operations)

  ώ  In memory

  ώ  At an I/O port

Immediate operands and operands in registers can be accessed more rapidly
than operands in memory since memory operands must be fetched from memory.
Register operands are available in the CPU. Immediate operands are also
available in the CPU, because they are prefetched as part of the
instruction.

Of the instructions that have operands, some specify operands implicitly;
others specify operands explicitly; still others use a combination of
implicit and explicit specification; for example:

Implicit operand: AAM

  By definition, AAM (ASCII adjust for multiplication) operates on the
  contents of the AX register.

Explicit operand: XCHG EAX, EBX

  The operands to be exchanged are encoded in the instruction after the
  opcode.

Implicit and explicit operands: PUSH COUNTER

  The memory variable COUNTER (the explicit operand) is copied to the top of
  the stack (the implicit operand).

Note that most instructions have implicit operands. All arithmetic
instructions, for example, update the EFLAGS register.

An 80386 instruction can explicitly reference one or two operands.
Two-operand instructions, such as MOV, ADD, XOR, etc., generally overwrite
one of the two participating operands with the result. A distinction can
thus be made between the source operand (the one unaffected by the
operation) and the destination operand (the one overwritten by the result).

For most instructions, one of the two explicitly specified operandsΔΔeither
the source or the destinationΔΔcan be either in a register or in memory.
The other operand must be in a register or be an immediate source operand.
Thus, the explicit two-operand instructions of the 80386 permit operations
of the following kinds:

  ώ  Register-to-register
  ώ  Register-to-memory
  ώ  Memory-to-register
  ώ  Immediate-to-register
  ώ  Immediate-to-memory

Certain string instructions and stack manipulation instructions, however,
transfer data from memory to memory. Both operands of some string
instructions are in memory and are implicitly specified. Push and pop stack
operations allow transfer between memory operands and the memory-based
stack.


2.5.1  Immediate Operands

Certain instructions use data from the instruction itself as one (and
sometimes two) of the operands. Such an operand is called an immediate
operand. The operand may be 32-, 16-, or 8-bits long. For example:

SHR PATTERN, 2

One byte of the instruction holds the value 2, the number of bits by which
to shift the variable PATTERN.

TEST PATTERN, 0FFFF00FFH

A doubleword of the instruction holds the mask that is used to test the
variable PATTERN.


2.5.2  Register Operands

Operands may be located in one of the 32-bit general registers (EAX, EBX,
ECX, EDX, ESI, EDI, ESP, or EBP), in one of the 16-bit general registers
(AX, BX, CX, DX, SI, DI, SP, or BP), or in one of the 8-bit general
registers (AH, BH, CH, DH, AL, BL, CL,or DL).

The 80386 has instructions for referencing the segment registers (CS, DS,
ES, SS, FS, GS). These instructions are used by applications programs only
if systems designers have chosen a segmented memory model.

The 80386 also has instructions for referring to the flag register. The
flags may be stored on the stack and restored from the stack. Certain
instructions change the commonly modified flags directly in the EFLAGS
register. Other flags that are seldom modified can be modified indirectly
via the flags image in the stack.


2.5.3  Memory Operands

Data-manipulation instructions that address operands in memory must specify
(either directly or indirectly) the segment that contains the operand and
the offset of the operand within the segment. However, for speed and compact
instruction encoding, segment selectors are stored in the high speed segment
registers. Therefore, data-manipulation instructions need to specify only
the desired segment register and an offset in order to address a memory
operand.

An 80386 data-manipulation instruction that accesses memory uses one of the
following methods for specifying the offset of a memory operand within its
segment:

  1.  Most data-manipulation instructions that access memory contain a byte
      that explicitly specifies the addressing method for the operand. A
      byte, known as the modR/M byte, follows the opcode and specifies
      whether the operand is in a register or in memory. If the operand is
      in memory, the address is computed from a segment register and any of
      the following values: a base register, an index register, a scaling
      factor, a displacement. When an index register is used, the modR/M
      byte is also followed by another byte that identifies the index
      register and scaling factor. This addressing method is the
      mostflexible.

  2.  A few data-manipulation instructions implicitly use specialized
      addressing methods:

      ώ   For a few short forms of MOV that implicitly use the EAX register,
          the offset of the operand is coded as a doubleword in the
          instruction. No base register, index register, or scaling factor
          are used.

      ώ   String operations implicitly address memory via DS:ESI, (MOVS,
          CMPS, OUTS, LODS, SCAS) or via ES:EDI (MOVS, CMPS, INS, STOS).

      ώ   Stack operations implicitly address operands via SS:ESP
          registers; e.g., PUSH, POP, PUSHA, PUSHAD, POPA, POPAD, PUSHF,
          PUSHFD, POPF, POPFD, CALL, RET, IRET, IRETD, exceptions, and
          interrupts.


2.5.3.1  Segment Selection

Data-manipulation instructions need not explicitly specify which segment
register is used. For all of these instructions, specification of a segment
register is optional. For all memory accesses, if a segment is not
explicitly specified by the instruction, the processor automatically chooses
a segment register according to the rules of Table 2-1. (If systems
designers have chosen a flat model of memory organization, the segment
registers and the rules that the processor uses in choosing them are not
apparent to applications programs.)

There is a close connection between the kind of memory reference and the
segment in which that operand resides. As a rule, a memory reference implies
the current data segment (i.e., the implicit segment selector is in DS).
However, ESP and EBP are used to access items on the stack; therefore, when
the ESP or EBP register is used as a base register, the current stack
segment is implied (i.e., SS contains the selector).

Special instruction prefix elements may be used to override the default
segment selection. Segment-override prefixes allow an explicit segment
selection. The 80386 has a segment-override prefix for each of the segment
registers. Only in the following special cases is there an implied segment
selection that a segment prefix cannot override:

  ώ  The use of ES for destination strings in string instructions.
  ώ  The use of SS in stack instructions.
  ώ  The use of CS for instruction fetches.


Table 2-1. Default Segment Register Selection Rules

Memory Reference Needed  Segment     Implicit Segment Selection Rule
                         Register
                         Used

Instructions             Code (CS)   Automatic with instruction prefetch
Stack                    Stack (SS)  All stack pushes and pops. Any
                                     memory reference that uses ESP or
                                     EBP as a base register.
Local Data               Data (DS)   All data references except when
                                     relative to stack or string 
                                     destination.
Destination Strings      Extra (ES)  Destination of string instructions.


2.5.3.2  Effective-Address Computation

The modR/M byte provides the most flexible of the addressing methods, and
instructions that require a modR/M byte as the second byte of the
instruction are the most common in the 80386 instruction set. For memory
operands defined by modR/M, the offset within the desired segment is
calculated by taking the sum of up to three components:

  ώ  A displacement element in the instruction.

  ώ  A base register.

  ώ  An index register. The index register may be automatically multiplied
     by a scaling factor of 2, 4, or 8.

The offset that results from adding these components is called an effective
address. Each of these components of an effective address may have either a
positive or negative value. If the sum of all the components exceeds 2^(32),
the effective address is truncated to 32 bits.Figure 2-10 illustrates the
full set of possibilities for modR/M addressing.

The displacement component, because it is encoded in the instruction, is
useful for fixed aspects of addressing; for example:

  ώ  Location of simple scalar operands.
  ώ  Beginning of a statically allocated array.
  ώ  Offset of an item within a record.

The base and index components have similar functions. Both utilize the same
set of general registers. Both can be used for aspects of addressing that
are determined dynamically; for example:

  ώ  Location of procedure parameters and local variables in stack.

  ώ  The beginning of one record among several occurrences of the same
     record type or in an array of records.

  ώ  The beginning of one dimension of multiple dimension array.

  ώ  The beginning of a dynamically allocated array.

The uses of general registers as base or index components differ in the
following respects:

  ώ  ESP cannot be used as an index register.

  ώ  When ESP or EBP is used as the base register, the default segment is
     the one selected by SS. In all other cases the default segment is DS.

The scaling factor permits efficient indexing into an array in the common
cases when array elements are 2, 4, or 8 bytes wide. The shifting of the
index register is done by the processor at the time the address is evaluated
with no performance loss. This eliminates the need for a separate shift or
multiply instruction.

The base, index, and displacement components may be used in any
combination; any of these components may be null. A scale factor can be used
only when an index is also used. Each possible combination is useful for
data structures commonly used by programmers in high-level languages and
assembly languages. Following are possible uses for some of the various
combinations of address components.

DISPLACEMENT

   The displacement alone indicates the offset of the operand. This
   combination is used to directly address a statically allocated scalar
   operand. An 8-bit, 16-bit, or 32-bit displacement can be used.

BASE

   The offset of the operand is specified indirectly in one of the general
   registers, as for "based" variables.

BASE + DISPLACEMENT

   A register and a displacement can be used together for two distinct
   purposes:

   1.  Index into static array when element size is not 2, 4, or 8 bytes.
       The displacement component encodes the offset of the beginning of
       the array. The register holds the results of a calculation to
       determine the offset of a specific element within the array.

   2.  Access item of a record. The displacement component locates an
       item within record. The base register selects one of several
       occurrences of record, thereby providing a compact encoding for
       this common function.

   An important special case of this combination, is to access parameters
   in the procedure activation record in the stack.  In this case, EBP is
   the best choice for the base register, because when EBP is used as a
   base register, the processor automatically uses the stack segment
   register (SS) to locate the operand, thereby providing a compact
   encoding for this common function.

(INDEX * SCALE) + DISPLACEMENT

   This combination provides efficient indexing into a static array when
   the element size is 2, 4, or 8 bytes. The displacement addresses the
   beginning of the array, the index register holds the subscript of the
   desired array element, and the processor automatically converts the
   subscript into an index by applying the scaling factor.

BASE + INDEX + DISPLACEMENT

   Two registers used together support either a two-dimensional array (the
   displacement determining the beginning of the array) or one of several
   instances of an array of records (the displacement indicating an item
   in the record).

BASE + (INDEX * SCALE) + DISPLACEMENT

   This combination provides efficient indexing of a two-dimensional array
   when the elements of the array are 2, 4, or 8 bytes wide.


Figure 2-10.  Effective Address Computation

      SEGMENT +    BASE   +    (INDEX * SCALE)  +     DISPLACEMENT

                 Ϊ     Ώ
                 ³ --- ³     Ϊ     Ώ     Ϊ   Ώ
      Ϊ    Ώ     ³ EAX ³     ³ EAX ³     ³ 1 ³
      ³ CS ³     ³ ECX ³     ³ ECX ³     ³   ³     Ϊ                     Ώ
      ³ SS ³     ³ EDX ³     ³ EDX ³     ³ 2 ³     ³     NO DISPLACEMENT ³
     Δ΄ DS ΓΔ + Δ΄ EBX ΓΔ + Δ΄ EBX ΓΔ * Δ΄   ΓΔ + Δ΄  8-BIT DISPLACEMENT ΓΔ
      ³ ES ³     ³ ESP ³     ³ --- ³     ³ 4 ³     ³ 32-BIT DISPLACEMENT ³
      ³ FS ³     ³ EBP ³     ³ EBP ³     ³   ³     ΐ                     Ω
      ³ GS ³     ³ ESI ³     ³ ESI ³     ³ 6 ³
      ΐ    Ω     ³ EDI ³     ³ EDI ³     ΐ   Ω
                 ΐ     Ω     ΐ     Ω


2.6  Interrupts and Exceptions

The 80386 has two mechanisms for interrupting program execution:

  1.  Exceptions are synchronous events that are the responses of the CPU
      to certain conditions detected during the execution of an instruction.

  2.  Interrupts are asynchronous events typically triggered by external
      devices needing attention.

Interrupts and exceptions are alike in that both cause the processor to
temporarily suspend its present program execution in order to execute a
program of higher priority. The major distinction between these two kinds of
interrupts is their origin. An exception is always reproducible by
re-executing with the program and data that caused the exception, whereas an
interrupt is generally independent of the currently executing program.

Application programmers are not normally concerned with servicing
interrupts. More information on interrupts for systems programmers may be
found in Chapter 9. Certain exceptions, however, are of interest to
applications programmers, and many operating systems give applications
programs the opportunity to service these exceptions. However, the operating
system itself defines the interface between the applications programs and
the exception mechanism of the 80386.

Table 2-2 highlights the exceptions that may be of interest to applications
programmers.

  ώ  A divide error exception results when the instruction DIV or IDIV is
     executed with a zero denominator or when the quotient is too large for
     the destination operand. (Refer to Chapter 3 for a discussion of DIV
     and IDIV.)

  ώ  The debug exception may be reflected back to an applications program
     if it results from the trap flag (TF).

  ώ  A breakpoint exception results when the instruction INT 3 is executed.
     This instruction is used by some debuggers to stop program execution at
     specific points.

  ώ  An overflow exception results when the INTO instruction is executed
     and the OF (overflow) flag is set (after an arithmetic operation that
     set the OF flag). (Refer to Chapter 3 for a discussion of INTO).

  ώ  A bounds check exception results when the BOUND instruction is
     executed and the array index it checks falls outside the bounds of the
     array. (Refer to Chapter 3 for a discussion of the BOUND instruction.)

  ώ  Invalid opcodes may be used by some applications to extend the
     instruction set. In such a case, the invalid opcode exception presents
     an opportunity to emulate the opcode.

  ώ  The "coprocessor not available" exception occurs if the program
     contains instructions for a coprocessor, but no coprocessor is present
     in the system.

  ώ  A coprocessor error is generated when a coprocessor detects an illegal
     operation.

The instruction INT generates an interrupt whenever it is executed; the
processor treats this interrupt as an exception. The effects of this
interrupt (and the effects of all other exceptions) are determined by
exception handler routines provided by the application program or as part of
the systems software (provided by systems programmers). The INT instruction
itself is discussed in Chapter 3. Refer to Chapter 9 for a more complete
description of exceptions.


Table 2-2. 80386 Reserved Exceptions and Interrupts

Vector Number      Description

0                  Divide Error
1                  Debug Exceptions
2                  NMI Interrupt
3                  Breakpoint
4                  INTO Detected Overflow
5                  BOUND Range Exceeded
6                  Invalid Opcode
7                  Coprocessor Not Available
8                  Double Exception
9                  Coprocessor Segment Overrun
10                 Invalid Task State Segment
11                 Segment Not Present
12                 Stack Fault
13                 General Protection
14                 Page Fault
15                 (reserved)
16                 Coprocessor Error
17-32              (reserved)


Chapter 3  Applications Instruction Set

ΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔ

This chapter presents an overview of the instructions which programmers can
use to write application software for the 80386 executing in protected
virtual-address mode. The instructions are grouped by categories of related
functions.

The instructions not discussed in this chapter are those that are normally
used only by operating-system programmers. Part II describes the operation
of these instructions.

The descriptions in this chapter assume that the 80386 is operating in
protected mode with 32-bit addressing in effect; however, all instructions
discussed are also available when 16-bit addressing is in effect in
protected mode, real mode, or virtual 8086 mode. For any differences of
operation that exist in the various modes, refer to Chapter 13,
Chapter 14, or Chapter 15.

The instruction dictionary in Chapter 17 contains more detailed
descriptions of all instructions, including encoding, operation, timing,
effect on flags, and exceptions.


3.1  Data Movement Instructions

These instructions provide convenient methods for moving bytes, words, or
doublewords of data between memory and the registers of the base
architecture. They fall into the following classes:

  1.  General-purpose data movement instructions.
  2.  Stack manipulation instructions.
  3.  Type-conversion instructions.


3.1.1  General-Purpose Data Movement Instructions

MOV (Move) transfers a byte, word, or doubleword from the source operand to
the destination operand. The MOV instruction is useful for transferring data
along any of these paths
There are also variants of MOV that operate on segment registers.  These
are covered in a later section of this chapter.:

  ώ  To a register from memory
  ώ  To memory from a register
  ώ  Between general registers
  ώ  Immediate data to a register
  ώ  Immediate data to a memory

The MOV instruction cannot move from memory to memory or from segment
register to segment register are not allowed. Memory-to-memory moves can be
performed, however, by the string move instruction MOVS.

XCHG (Exchange) swaps the contents of two operands. This instruction takes
the place of three MOV instructions. It does not require a temporary
location to save the contents of one operand while load the other is being
loaded. XCHG is especially useful for implementing semaphores or similar
data structures for process synchronization.

The XCHG instruction can swap two byte operands, two word operands, or two
doubleword operands. The operands for the XCHG instruction may be two
register operands, or a register operand with a memory operand. When used
with a memory operand, XCHG automatically activates the LOCK signal. (Refer
to Chapter 11 for more information on the bus lock.)


3.1.2  Stack Manipulation Instructions

PUSH (Push) decrements the stack pointer (ESP), then transfers the source
operand to the top of stack indicated by ESP (see Figure 3-1). PUSH is
often used to place parameters on the stack before calling a procedure; it
is also the basic means of storing temporary variables on the stack. The
PUSH instruction operates on memory operands, immediate operands, and
register operands (including segment registers).

PUSHA (Push All Registers) saves the contents of the eight general
registers on the stack (see Figure 3-2). This instruction simplifies
procedure calls by reducing the number of instructions required to retain
the contents of the general registers for use in a procedure. The processor
pushes the general registers on the stack in the following order: EAX, ECX,
EDX, EBX, the initial value of ESP before EAX was pushed, EBP, ESI, and
EDI. PUSHA is complemented by the POPA instruction.

POP (Pop) transfers the word or doubleword at the current top of stack
(indicated by ESP) to the destination operand, and then increments ESP to
point to the new top of stack. See Figure 3-3. POP moves information from
the stack to a general register, or to memory
There are also a variant of POP that operates on segment registers. This
is covered in a later section of this chapter..

POPA (Pop All Registers) restores the registers saved on the stack by
PUSHA, except that it ignores the saved value of ESP. See Figure 3-4.


Figure 3-1.  PUSH

       D  O        BEFORE PUSH                  AFTER PUSH
       I  F      31          0             31          0 
       R        Ί               Ί           Ί               Ί
       E  E     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
       C  X     Ί±±±±±±±±±±±±±±±Ί           Ί±±±±±±±±±±±±±±±Ί
       T  P     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
       I  A     Ί±±±±±±±±±±±±±±±Ί           Ί±±±±±±±±±±±±±±±Ί
       O  N     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
       N  S     Ί               Ί           Ί    OPERAND    Ί
          I     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP
        ³ O     Ί               Ί           Ί               Ί
        ³ N     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
        ³       Ί               Ί           Ί               Ί
               ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί               Ί           Ί               Ί
                                                         


Figure 3-2.  PUSHA

                   BEFORE PUSHA                AFTER PUSHA
                 31          0             31          0 
         D  O   Ί               Ί           Ί               Ί
         I  F   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
         R      Ί±±±±±±±±±±±±±±±Ί           Ί±±±±±±±±±±±±±±±Ί
         E  E   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
         C  X   Ί±±±±±±±±±±±±±±±Ί           Ί±±±±±±±±±±±±±±±Ί
         T  P   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
         I  A   Ί               Ί           Ί      EAX      Ί
         O  N   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
         N  S   Ί               Ί           Ί      ECX      Ί
            I   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
          ³ O   Ί               Ί           Ί      EDX      Ί
          ³ N   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
          ³     Ί               Ί           Ί      EBX      Ί
               ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί               Ί           Ί    OLD ESP    Ί
                ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί               Ί           Ί      EBP      Ί
                ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί               Ί           Ί      ESI      Ί
                ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί               Ί           Ί      EDI      Ί
                ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP
                Ί               Ί           Ί               Ί
                ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί               Ί           Ί               Ί
                                                         


3.1.3  Type Conversion Instructions

The type conversion instructions convert bytes into words, words into
doublewords, and doublewords into 64-bit items (quad-words). These
instructions are especially useful for converting signed integers, because
they automatically fill the extra bits of the larger item with the value of
the sign bit of the smaller item. This kind of conversion, illustrated by
Figure 3-5, is called sign extension.

There are two classes of type conversion instructions:

  1.  The forms CWD, CDQ, CBW, and CWDE which operate only on data in the
      EAX register.

  2.  The forms MOVSX and MOVZX, which permit one operand to be in any
      general register while permitting the other operand to be in memory or
      in a register.

CWD (Convert Word to Doubleword) and CDQ (Convert Doubleword to Quad-Word)
double the size of the source operand. CWD extends the sign of the
word in register AX throughout register DX. CDQ extends the sign of the
doubleword in EAX throughout EDX. CWD can be used to produce a doubleword
dividend from a word before a word division, and CDQ can be used to produce
a quad-word dividend from a doubleword before doubleword division.

CBW (Convert Byte to Word) extends the sign of the byte in register AL
throughout AX.

CWDE (Convert Word to Doubleword Extended) extends the sign of the word in
register AX throughout EAX.

MOVSX (Move with Sign Extension) sign-extends an 8-bit value to a 16-bit
value and a 8- or 16-bit value to 32-bit value.

MOVZX (Move with Zero Extension) extends an 8-bit value to a 16-bit value
and an 8- or 16-bit value to 32-bit value by inserting high-order zeros.


Figure 3-3.  POP

       D  O         BEFORE POP                  AFTER POP
       I  F      31          0             31          0 
       R        Ί               Ί           Ί               Ί
       E  E     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
       C  X     Ί±±±±±±±±±±±±±±±Ί           Ί±±±±±±±±±±±±±±±Ί
       T  P     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
       I  A     Ί±±±±±±±±±±±±±±±Ί           Ί±±±±±±±±±±±±±±±Ί
       O  N     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP
       N  S     Ί    OPERAND    Ί           Ί               Ί
          I     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
        ³ O     Ί               Ί           Ί               Ί
        ³ N     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
        ³       Ί               Ί           Ί               Ί
               ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί               Ί           Ί               Ί
                                                         


Figure 3-4.  POPA

                   BEFORE POPA                  AFTER POPA
                 31          0             31          0 
         D  O   Ί               Ί           Ί               Ί
         I  F   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
         R      Ί±±±±±±±±±±±±±±±Ί           Ί±±±±±±±±±±±±±±±Ί
         E  E   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
         C  X   Ί±±±±±±±±±±±±±±±Ί           Ί±±±±±±±±±±±±±±±Ί
         T  P   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP
         I  A   Ί      EAX      Ί           Ί               Ί
         O  N   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
         N  S   Ί      ECX      Ί           Ί               Ί
            I   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
          ³ O   Ί      EDX      Ί           Ί               Ί
          ³ N   ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
          ³     Ί      EBX      Ί           Ί               Ί
               ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί      ESP      Ί           Ί               Ί
                ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί      EPB      Ί           Ί               Ί
                ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί      ESI      Ί           Ί               Ί
                ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί      EDI      Ί           Ί               Ί
                ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί               Ί           Ί               Ί
                ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ           ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                Ί               Ί           Ί               Ί
                                                         


Figure 3-5.  Sign Extension

                                    15                7               0
                                    ΙΝΛΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
     BEFORE SIGN EXTENSIONΔΔΔΔΔΔΔΔΔΊSΊ N N N N N N N N N N N N N N N Ί
                                    ΘΝΚΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ
     AFTER SIGN EXTENSIONΔΔΔΔΔΔΏ
                               ³
    31               23             15              7              0
    ΙΝΛΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
    ΊSΊS S S S S S S S S S S S S S S S N N N N N N N N N N N N N N NΊ
    ΘΝΚΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ


3.2  Binary Arithmetic Instructions

The arithmetic instructions of the 80386 processor simplify the
manipulation of numeric data that is encoded in binary. Operations include
the standard add, subtract, multiply, and divide as well as increment,
decrement, compare, and change sign. Both signed and unsigned binary
integers are supported. The binary arithmetic instructions may also be used
as one step in the process of performing arithmetic on decimal integers.

Many of the arithmetic instructions operate on both signed and unsigned
integers. These instructions update the flags ZF, CF, SF, and OF in such a
manner that subsequent instructions can interpret the results of the
arithmetic as either signed or unsigned. CF contains information relevant to
unsigned integers; SF and OF contain information relevant to signed
integers. ZF is relevant to both signed and unsigned integers; ZF is set
when all bits of the result are zero.

If the integer is unsigned, CF may be tested after one of these arithmetic
operations to determine whether the operation required a carry or borrow of
a one-bit in the high-order position of the destination operand. CF is set
if a one-bit was carried out of the high-order position (addition
instructions ADD, ADC, AAA, and DAA) or if a one-bit was carried (i.e.
borrowed) into the high-order bit (subtraction instructions SUB, SBB, AAS,
DAS, CMP, and NEG).

If the integer is signed, both SF and OF should be tested. SF always has
the same value as the sign bit of the result. The most significant bit (MSB)
of a signed integer is the bit next to the signΔΔbit 6 of a byte, bit 14 of
a word, or bit 30 of a doubleword. OF is set in either of these cases:

  ώ  A one-bit was carried out of the MSB into the sign bit but no one bit
     was carried out of the sign bit (addition instructions ADD, ADC, INC,
     AAA, and DAA). In other words, the result was greater than the greatest
     positive number that could be contained in the destination operand.

  ώ  A one-bit was carried from the sign bit into the MSB but no one bit
     was carried into the sign bit (subtraction instructions SUB, SBB, DEC,
     AAS, DAS, CMP, and NEG). In other words, the result was smaller that
     the smallest negative number that could be contained in the destination
     operand.

These status flags are tested by executing one of the two families of
conditional instructions: Jcc (jump on condition cc) or SETcc (byte set on
condition).


3.2.1  Addition and Subtraction Instructions

ADD (Add Integers) replaces the destination operand with the sum of the
source and destination operands. Sets CF if overflow.

ADC (Add Integers with Carry) sums the operands, adds one if CF is set, and
replaces the destination operand with the result. If CF is cleared, ADC
performs the same operation as the ADD instruction. An ADD followed by
multiple ADC instructions can be used to add numbers longer than 32 bits.

INC (Increment) adds one to the destination operand. INC does not affect
CF. Use ADD with an immediate value of 1 if an increment that updates carry
(CF) is needed.

SUB (Subtract Integers) subtracts the source operand from the destination
operand and replaces the destination operand with the result. If a borrow is
required, the CF is set. The operands may be signed or unsigned bytes,
words, or doublewords.

SBB (Subtract Integers with Borrow) subtracts the source operand from the
destination operand, subtracts 1 if CF is set, and returns the result to the
destination operand. If CF is cleared, SBB performs the same operation as
SUB. SUB followed by multiple SBB instructions may be used to subtract
numbers longer than 32 bits. If CF is cleared, SBB performs the same
operation as SUB.

DEC (Decrement) subtracts 1 from the destination operand. DEC does not
update CF. Use SUB with an immediate value of 1 to perform a decrement that
affects carry.


3.2.2  Comparison and Sign Change Instruction

CMP (Compare) subtracts the source operand from the destination operand. It
updates OF, SF, ZF, AF, PF, and CF but does not alter the source and
destination operands. A subsequent Jcc or SETcc instruction can test the
appropriate flags.

NEG (Negate) subtracts a signed integer operand from zero. The effect of
NEG is to reverse the sign of the operand from positive to negative or from
negative to positive.


3.2.3  Multiplication Instructions

The 80386 has separate multiply instructions for unsigned and signed
operands. MUL operates on unsigned numbers, while IMUL operates on signed
integers as well as unsigned.

MUL (Unsigned Integer Multiply) performs an unsigned multiplication of the
source operand and the accumulator. If the source is a byte, the processor
multiplies it by the contents of AL and returns the double-length result to
AH and AL. If the source operand is a word, the processor multiplies it by
the contents of AX and returns the double-length result to DX and AX. If the
source operand is a doubleword, the processor multiplies it by the contents
of EAX and returns the 64-bit result in EDX and EAX. MUL sets CF and OF
when the upper half of the result is nonzero; otherwise, they are cleared.

IMUL (Signed Integer Multiply) performs a signed multiplication operation.
IMUL has three variations:

  1.  A one-operand form. The operand may be a byte, word, or doubleword
      located in memory or in a general register. This instruction uses EAX
      and EDX as implicit operands in the same way as the MUL instruction.

  2.  A two-operand form. One of the source operands may be in any general
      register while the other may be either in memory or in a general
      register. The product replaces the general-register operand.

  3.  A three-operand form; two are source and one is the destination
      operand. One of the source operands is an immediate value stored in
      the instruction; the second may be in memory or in any general
      register. The product may be stored in any general register. The
      immediate operand is treated as signed. If the immediate operand is a
      byte, the processor automatically sign-extends it to the size of the
      second operand before performing the multiplication.

The three forms are similar in most respects:

  ώ  The length of the product is calculated to twice the length of the
     operands.

  ώ  The CF and OF flags are set when significant bits are carried into the
     high-order half of the result. CF and OF are cleared when the
     high-order half of the result is the sign-extension of the low-order
     half.

However, forms 2 and 3 differ in that the product is truncated to the
length of the operands before it is stored in the destination register.
Because of this truncation, OF should be tested to ensure that no
significant bits are lost. (For ways to test OF, refer to the INTO and PUSHF
instructions.)

Forms 2 and 3 of IMUL may also be used with unsigned operands because,
whether the operands are signed or unsigned, the low-order half of the
product is the same.


3.2.4  Division Instructions

The 80386 has separate division instructions for unsigned and signed
operands. DIV operates on unsigned numbers, while IDIV operates on signed
integers as well as unsigned. In either case, an exception (interrupt zero)
occurs if the divisor is zero or if the quotient is too large for AL, AX, or
EAX.

DIV (Unsigned Integer Divide) performs an unsigned division of the
accumulator by the source operand. The dividend (the accumulator) is twice
the size of the divisor (the source operand); the quotient and remainder
have the same size as the divisor, as the following table shows.

Size of Source Operand
      (divisor)             Dividend       Quotient      Remainder

Byte                        AX             AL            AH
Word                        DX:AX          AX            DX
Doubleword                  EDX:EAX        EAX           EDX

Non-integral quotients are truncated to integers toward 0. The remainder is
always less than the divisor. For unsigned byte division, the largest
quotient is 255. For unsigned word division, the largest quotient is 65,535.
For unsigned doubleword division the largest quotient is 2^(32) -1.

IDIV (Signed Integer Divide) performs a signed division of the accumulator
by the source operand. IDIV uses the same registers as the DIV instruction.

For signed byte division, the maximum positive quotient is +127, and the
minimum negative quotient is -128. For signed word division, the maximum
positive quotient is +32,767, and the minimum negative quotient is -32,768.
For signed doubleword division the maximum positive quotient is 2^(31) -1,
the minimum negative quotient is -2^(31). Non-integral results are truncated
towards 0. The remainder always has the same sign as the dividend and is
less than the divisor in magnitude.


3.3  Decimal Arithmetic Instructions

Decimal arithmetic is performed by combining the binary arithmetic
instructions (already discussed in the prior section) with the decimal
arithmetic instructions. The decimal arithmetic instructions are used in one
of the following ways:

  ώ  To adjust the results of a previous binary arithmetic operation to
     produce a valid packed or unpacked decimal result.

  ώ  To adjust the inputs to a subsequent binary arithmetic operation so
     that the operation will produce a valid packed or unpacked decimal
     result.

These instructions operate only on the AL or AH registers. Most utilize the
AF flag.


3.3.1  Packed BCD Adjustment Instructions

DAA (Decimal Adjust after Addition) adjusts the result of adding two valid
packed decimal operands in AL. DAA must always follow the addition of two
pairs of packed decimal numbers (one digit in each half-byte) to obtain a
pair of valid packed decimal digits as results. The carry flag is set if
carry was needed.

DAS (Decimal Adjust after Subtraction) adjusts the result of subtracting
two valid packed decimal operands in AL. DAS must always follow the
subtraction of one pair of packed decimal numbers (one digit in each half-
byte) from another to obtain a pair of valid packed decimal digits as
results. The carry flag is set if a borrow was needed.


3.3.2  Unpacked BCD Adjustment Instructions

AAA (ASCII Adjust after Addition) changes the contents of register AL to a
valid unpacked decimal number, and zeros the top 4 bits. AAA must always
follow the addition of two unpacked decimal operands in AL. The carry flag
is set and AH is incremented if a carry is necessary.

AAS (ASCII Adjust after Subtraction) changes the contents of register AL to
a valid unpacked decimal number, and zeros the top 4 bits. AAS must always
follow the subtraction of one unpacked decimal operand from another in AL.
The carry flag is set and AH decremented if a borrow is necessary.

AAM (ASCII Adjust after Multiplication) corrects the result of a
multiplication of two valid unpacked decimal numbers. AAM must always follow
the multiplication of two decimal numbers to produce a valid decimal result.
The high order digit is left in AH, the low order digit in AL.

AAD (ASCII Adjust before Division) modifies the numerator in AH and AL to
prepare for the division of two valid unpacked decimal operands so that the
quotient produced by the division will be a valid unpacked decimal number.
AH should contain the high-order digit and AL the low-order digit. This
instruction adjusts the value and places the result in AL. AH will contain
zero.


3.4  Logical Instructions

The group of logical instructions includes:

  ώ  The Boolean operation instructions
  ώ  Bit test and modify instructions
  ώ  Bit scan instructions
  ώ  Rotate and shift instructions
  ώ  Byte set on condition


3.4.1  Boolean Operation Instructions

The logical operations are AND, OR, XOR, and NOT.

NOT (Not) inverts the bits in the specified operand to form a one's
complement of the operand. The NOT instruction is a unary operation that
uses a single operand in a register or memory. NOT has no effect on the
flags.

The AND, OR, and XOR instructions perform the standard logical operations
"and", "(inclusive) or", and "exclusive or". These instructions can use the
following combinations of operands:

  ώ  Two register operands

  ώ  A general register operand with a memory operand

  ώ  An immediate operand with either a general register operand or a
     memory operand.

AND, OR, and XOR clear OF and CF, leave AF undefined, and update SF, ZF,
and PF.


3.4.2  Bit Test and Modify Instructions

This group of instructions operates on a single bit which can be in memory
or in a general register. The location of the bit is specified as an offset
from the low-order end of the operand. The value of the offset either may be
given by an immediate byte in the instruction or may be contained in a
general register.

These instructions first assign the value of the selected bit to CF, the
carry flag. Then a new value is assigned to the selected bit, as determined
by the operation. OF, SF, ZF, AF, PF are left in an undefined state. Table
3-1 defines these instructions.


Table 3-1. Bit Test and Modify Instructions

Instruction                      Effect on CF            Effect on
                                                         Selected Bit

Bit (Bit Test)                   CF  BIT                (none)
BTS (Bit Test and Set)           CF  BIT                BIT  1
BTR (Bit Test and Reset)         CF  BIT                BIT  0
BTC (Bit Test and Complement)    CF  BIT                BIT  NOT(BIT)


3.4.3  Bit Scan Instructions

These instructions scan a word or doubleword for a one-bit and store the
index of the first set bit into a register.  The bit string being scanned
may be either in a register or in memory. The ZF flag is set if the entire
word is zero (no set bits are found); ZF is cleared if a one-bit is found.
If no set bit is found, the value of the destination register is undefined.

BSF (Bit Scan Forward) scans from low-order to high-order (starting from
bit index zero).

BSR (Bit Scan Reverse) scans from high-order to low-order (starting from
bit index 15 of a word or index 31 of a doubleword).


3.4.4  Shift and Rotate Instructions

The shift and rotate instructions reposition the bits within the specified
operand.

These instructions fall into the following classes:

  ώ  Shift instructions
  ώ  Double shift instructions
  ώ  Rotate instructions


3.4.4.1  Shift Instructions

The bits in bytes, words, and doublewords may be shifted arithmetically or
logically. Depending on the value of a specified count, bits can be shifted
up to 31 places.

A shift instruction can specify the count in one of three ways. One form of
shift instruction implicitly specifies the count as a single shift. The
second form specifies the count as an immediate value. The third form
specifies the count as the value contained in CL. This last form allows the
shift count to be a variable that the program supplies during execution.
Only the low order 5 bits of CL are used.

CF always contains the value of the last bit shifted out of the destination
operand. In a single-bit shift, OF is set if the value of the high-order
(sign) bit was changed by the operation. Otherwise, OF is cleared. Following
a multibit shift, however, the content of OF is always undefined.

The shift instructions provide a convenient way to accomplish division or
multiplication by binary power. Note however that division of signed numbers
by shifting right is not the same kind of division performed by the IDIV
instruction.

SAL (Shift Arithmetic Left) shifts the destination byte, word, or
doubleword operand left by one or by the number of bits specified in the
count operand (an immediate value or the value contained in CL). The
processor shifts zeros in from the right (low-order) side of the operand as
bits exit from the left (high-order) side. See Figure 3-6.

SHL (Shift Logical Left) is a synonym for SAL (refer to SAL).

SHR (Shift Logical Right) shifts the destination byte, word, or doubleword
operand right by one or by the number of bits specified in the count operand
(an immediate value or the value contained in CL). The processor shifts
zeros in from the left side of the operand as bits exit from the right side.
See Figure 3-7.

SAR (Shift Arithmetic Right) shifts the destination byte, word, or
doubleword operand to the right by one or by the number of bits specified in
the count operand (an immediate value or the value contained in CL). The
processor preserves the sign of the operand by shifting in zeros on the left
(high-order) side if the value is positive or by shifting by ones if the
value is negative. See Figure 3-8.

Even though this instruction can be used to divide integers by a power of
two, the type of division is not the same as that produced by the IDIV
instruction. The quotient of IDIV is rounded toward zero, whereas the
"quotient" of SAR is rounded toward negative infinity. This difference is
apparent only for negative numbers. For example, when IDIV is used to divide
-9 by 4, the result is -2 with a remainder of -1. If SAR is used to shift
-9 right by two bits, the result is -3. The "remainder" of this kind of
division is +3; however, the SAR instruction stores only the high-order bit
of the remainder (in CF).

The code sequence in Figure 3-9 produces the same result as IDIV for any M
= 2^(N), where 0 < N < 32. This sequence takes about 12 to 18 clocks,
depending on whether the jump is taken; if ECX contains M, the corresponding
IDIV ECX instruction will take about 43 clocks.


Figure 3-6.  SAL and SHL

                     OF   CF                OPERAND

       BEFORE SHL    X    X     10001000100010001000100010001111
       OR SAL

       AFTER SHL     1    1 ΔΔ 00010001000100010001000100011110 ΔΔ 0
       OR SAL BY 1

       AFTER SHL     X    0 ΔΔ 00100010001000100011110000000000 ΔΔ 0
       OR SAL BY 10

SHL (WHICH HAS THE SYNONYM SAL) SHIFTS THE BITS IN THE REGISTER OR MEMORY
OPERAND TO THE LEFT BY THE SPECIFIED NUMBER OF BIT POSITIONS. CF RECEIVES
THE LAST BIT SHIFTED OUT OF THE LEFT OF THE OPERAND. SHL SHIFTS IN ZEROS
TO FILL THE VACATED BIT LOCATIONS. THESE INSTRUCTIONS OPERATE ON BYTE,
WORD, AND DOUBLEWORD OPERANDS.


Figure 3-7.  SHR

                                      OPERAND                  CF

       BEFORE SHR         10001000100010001000100010001111     X

       AFTER SHR    0ΔΔΔΔ01000100010001000100010001000111ΔΔΔΔ1
       BY 1

       AFTER SHR    0ΔΔΔΔ00000000001000100010001000100010ΔΔΔΔO
       BY 10

SHR SHIFTS THE BITS OF THE REGISTER OR MEMORY OPERAND TO THE RIGHT BY THE
SPECIFIED NUMBER OF BIT POSITIONS. CF RECEIVES THE LAST BIT SHIFTED OUT OF
THE RIGHT OF THE OPERAND. SHR SHIFTS IN ZEROS TO FILL THE VACATED BIT
LOCATIONS.


Figure 3-8.  SAR

                                  POSITIVE OPERAND             CF

       BEFORE SAR         01000100010001000100010001000111     X

       AFTER SAR    0ΔΔΔΔ00100010001000100010001000100011ΔΔΔΔ1
       BY 1

                                  NEGATIVE OPERAND             CF

       BEFORE SAR         11000100010001000100010001000111     X

       AFTER SAR    0ΔΔΔΔ11100010001000100010001000100011ΔΔΔΔ1
       BY 1

SAR PRESERVES THE SIGN OF THE REGISTER OR MEMORY OPERAND AS IT SHIFTS THE
OPERAND TO THE RIGHT BY THE SPECIFIED NUMBER OF BIT POSITIONS. CF RECIEVES
THE LAST BIT SHIFTED OUT OF THE RIGHT OF THE OPERAND.


Figure 3-9.  Using SAR to Simulate IDIV

    ; assuming N is in ECX, and the dividend is in EAX
    ;                                               CLOCKS
    CMP     EAX, 0      ; to set sign flag          2
    JGE     NoAdjust    ; jump if sign is zero      3 or 9
    ADD     EAX, ECX    ;                           2
    DEC     EAX         ; EAX := EAX + (N-1)        2
NoAdjust:
    SAR     EAX, CL     ;                           3
    ;                       TOTAL CLOCKS           12 or 18]


3.4.4.2  Double-Shift Instructions

These instructions provide the basic operations needed to implement
operations on long unaligned bit strings. The double shifts operate either
on word or doubleword operands, as follows:

  1.  Taking two word operands as input and producing a one-word output.

  2.  Taking two doubleword operands as input and producing a doubleword
      output.

Of the two input operands, one may either be in a general register or in
memory, while the other may only be in a general register. The results
replace the memory or register operand. The number of bits to be shifted is
specified either in the CL register or in an immediate byte of the
instruction.

Bits are shifted from the register operand into the memory or register
operand. CF is set to the value of the last bit shifted out of the
destination operand. SF, ZF, and PF are set according to the value of the
result. OF and AF are left undefined.

SHLD (Shift Left Double) shifts bits of the R/M field to the left, while
shifting high-order bits from the Reg field into the R/M field on the right
(see Figure 3-10). The result is stored back into the R/M operand. The Reg
field is not modified.

SHRD (Shift Right Double) shifts bits of the R/M field to the right, while
shifting low-order bits from the Reg field into the R/M field on the left
(see Figure 3-11). The result is stored back into the R/M operand. The Reg
field is not modified.


3.4.4.3  Rotate Instructions

Rotate instructions allow bits in bytes, words, and doublewords to be
rotated. Bits rotated out of an operand are not lost as in a shift, but are
"circled" back into the other "end" of the operand.

Rotates affect only the carry and overflow flags. CF may act as an
extension of the operand in two of the rotate instructions, allowing a bit
to be isolated and then tested by a conditional jump instruction (JC or
JNC). CF always contains the value of the last bit rotated out, even if the
instruction does not use this bit as an extension of the rotated operand.

In single-bit rotates, OF is set if the operation changes the high-order
(sign) bit of the destination operand. If the sign bit retains its original
value, OF is cleared. On multibit rotates, the value of OF is always
undefined.

ROL (Rotate Left) rotates the byte, word, or doubleword destination operand
left by one or by the number of bits specified in the count operand (an
immediate value or the value contained in CL). For each rotation specified,
the high-order bit that exits from the left of the operand returns at the
right to become the new low-order bit of the operand. See Figure 3-12.

ROR (Rotate Right) rotates the byte, word, or doubleword destination
operand right by one or by the number of bits specified in the count operand
(an immediate value or the value contained in CL). For each rotation
specified, the low-order bit that exits from the right of the operand
returns at the left to become the new high-order bit of the operand.
See Figure 3-13.

RCL (Rotate Through Carry Left) rotates bits in the byte, word, or
doubleword destination operand left by one or by the number of bits
specified in the count operand (an immediate value or the value contained in
CL).

This instruction differs from ROL in that it treats CF as a high-order
one-bit extension of the destination operand. Each high-order bit that exits
from the left side of the operand moves to CF before it returns to the
operand as the low-order bit on the next rotation cycle. See Figure 3-14.

RCR (Rotate Through Carry Right) rotates bits in the byte, word, or
doubleword destination operand right by one or by the number of bits
specified in the count operand (an immediate value or the value contained in
CL).

This instruction differs from ROR in that it treats CF as a low-order
one-bit extension of the destination operand. Each low-order bit that exits
from the right side of the operand moves to CF before it returns to the
operand as the high-order bit on the next rotation cycle. See Figure 3-15.


Figure 3-10.  Shift Left Double

                  31                   DESTINATION                 0
    ΙΝΝΝΝ»       ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
    Ί CF ΊΔΔΔΔΔΔΆ                 MEMORY OF REGISTER               ΊΔΔΔΏ
    ΘΝΝΝΝΌ       ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ    ³
             ΪΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ
             ³    31                     SOURCE                    0
             ³   ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
             ΐΔΔΔΆ                      REGISTER                    Ί
                 ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ


Figure 3-11.  Shift Right Double

        31                     SOURCE                    0
       ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
       Ί                      REGISTER                    ΗΔΔΔΏ
       ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ   ³
   ΪΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ
   ³    31                   DESTINATION                 0
   ³   ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»        ΙΝΝΝΝ»
   ΐΔΔΊ                 MEMORY OF REGISTER               ΗΔΔΔΔΔΔΔΊ CF Ί
       ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ        ΘΝΝΝΝΌ


Figure 3-12.  ROL

                  31                   DESTINATION                 0
    ΙΝΝΝΝ»       ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
    Ί CF ΊΔΔΔΒΔΔΆ                 MEMORY OF REGISTER               ΊΔΔΏ
    ΘΝΝΝΝΌ    ³  ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ   ³
              ΐΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ


Figure 3-13.  ROR

     ΪΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΏ
     ³    31                   DESTINATION                 0    ³
     ³   ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»   ³    ΙΝΝΝΝ»
     ΐΔΔΊ                 MEMORY OF REGISTER               ΗΔΔΔΑΔΔΔΊ CF Ί
         ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ        ΘΝΝΝΝΌ


Figure 3-14.  RCL

                  31                   DESTINATION                 0
    ΙΝΝΝΝ»       ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
  ΪΔΆ CF ΊΔΔΔΔΔΔΆ                 MEMORY OF REGISTER               ΊΔΔΏ
  ³ ΘΝΝΝΝΌ       ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ   ³
  ΐΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΩ


Figure 3-15.  RCR

   ΪΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΏ
   ³    31                   DESTINATION                 0                ³
   ³   ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»        ΙΝΝΝΝ» ³
   ΐΔΔΊ                 MEMORY OF REGISTER               ΗΔΔΔΔΔΔΔΊ CF ΗΔΩ
       ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ        ΘΝΝΝΝΌ


3.4.4.4  Fast "BIT BLT" Using Double Shift Instructions

One purpose of the double shifts is to implement a bit string move, with
arbitrary misalignment of the bit strings.  This is called a "bit blt" (BIT
BLock Transfer.)  A simple example is to move a bit string from an arbitrary
offset into a doubleword-aligned byte string.  A left-to-right string is
moved 32 bits at a time if a double shift is used inside the move loop.

     MOV   ESI,ScrAddr
     MOV   EDI,DestAddr
     MOV   EBX,WordCnt
     MOV   CL,RelOffset      ; relative offset Dest-Src
     MOV   EDX,[ESI]         ; load first word of source
     ADD   ESI,4             ; bump source address
BltLoop:
     LODS                    ; new low order part
     SHLD  EDX,EAX,CL        ; EDX overwritten with aligned stuff
     XCHG  EDX,EAS           ; Swap high/low order parts
     STOS                    ; Write out next aligned chunk
     DEC   EBX
     JA    BltLoop

This loop is simple yet allows the data to be moved in 32-bit pieces for
the highest possible performance. Without a double shift, the best that can
be achieved is 16 bits per loop iteration by using a 32-bit shift and
replacing the XCHG with a ROR by 16 to swap high and low order parts of
registers. A more general loop than shown above would require some extra
masking on the first doubleword moved (before the main loop), and on the
last doubleword moved (after the main loop), but would have the same basic
32-bits per loop iteration as the code above.


3.4.4.5  Fast Bit-String Insert and Extract

The double shift instructions also enable:

  ώ  Fast insertion of a bit string from a register into an arbitrary bit
     location in a larger bit string in memory without disturbing the bits
     on either side of the inserted bits.

  ώ  Fast extraction of a bits string into a register from an arbitrary bit
     location in a larger bit string in memory without disturbing the bits
     on either side of the extracted bits.

The following coded examples illustrate bit insertion and extraction under
variousconditions:

  1.  Bit String Insert into Memory (when bit string is 1-25 bits long,
      i.e., spans four bytes or less):

      ; Insert a right-justified bit string from register into
      ; memory bit string.
      ;
      ; Assumptions:
      ; 1) The base of the string array is dword aligned, and
      ; 2) the length of the bit string is an immediate value
      ;    but the bit offset is held in a register.
      ;
      ; Register ESI holds the right-justified bit string
      ; to be inserted.
      ; Register EDI holds the bit offset of the start of the
      ; substring.
      ; Registers EAX and ECX are also used by this
      ; "insert" operation.
      ;
      MOV   ECX,EDI      ; preserve original offset for later use
      SHR   EDI,3        ; signed divide offset by 8 (byte address)
      AND   CL,7H        ; isolate low three bits of offset in CL
      MOV   EAX,[EDI]strg_base      ; move string dword into EAX
      ROR   EAX,CL       ; right justify old bit field
      SHRD  EAX,ESI,length          ; bring in new bits
      ROL   EAX,length   ; right justify new bit field
      ROL   EAX,CL       ; bring to final position
      MOV   [EDI]strg_base,EAX      ; replace dword in memory

  2.  Bit String Insert into Memory (when bit string is 1-31 bits long, i.e.
      spans five bytes or less):

      ; Insert a right-justified bit string from register into
      ; memory bit string.
      ;
      ; Assumptions:
      ; 1) The base of the string array is dword aligned, and
      ; 2) the length of the bit string is an immediate value
      ;    but the bit offset is held in a register.
      ;
      ; Register ESI holds the right-justified bit string
      ; to be inserted.
      ; Register EDI holds the bit offset of the start of the
      ; substring.
      ; Registers EAX, EBX, ECX, and EDI are also used by
      ; this "insert" operation.
      ;
      MOV   ECX,EDI     ; temp storage for offset
      SHR   EDI,5       ; signed divide offset by 32 (dword address)
      SHL   EDI,2       ; multiply by 4 (in byte address format)
      AND   CL,1FH      ; isolate low five bits of offset in CL
      MOV   EAX,[EDI]strg_base      ; move low string dword into EAX
      MOV   EDX,[EDI]strg_base+4    ; other string dword into EDX
      MOV   EBX,EAX     ; temp storage for part of string     Ώ rotate
      SHRD  EAX,EDX,CL  ; double shift by offset within dword Γ EDX:EAX
      SHRD  EAX,EBX,CL  ; double shift by offset within dword Ω right
      SHRD  EAX,ESI,length          ; bring in new bits
      ROL   EAX,length  ; right justify new bit field
      MOV   EBX,EAX     ; temp storage for part of string         Ώ rotate
      SHLD  EAX,EDX,CL  ; double shift back by offset within word Γ EDX:EAX
      SHLD  EDX,EBX,CL  ; double shift back by offset within word Ω left
      MOV   [EDI]strg_base,EAX      ; replace dword in memory
      MOV   [EDI]strg_base+4,EDX    ; replace dword in memory

  3.  Bit String Insert into Memory (when bit string is exactly 32 bits
      long, i.e., spans five or four types of memory):

      ; Insert right-justified bit string from register into
      ; memory bit string.
      ;
      ; Assumptions:
      ; 1) The base of the string array is dword aligned, and
      ; 2) the length of the bit string is 32
      ;    but the bit offset is held in a register.
      ;
      ; Register ESI holds the 32-bit string to be inserted.
      ; Register EDI holds the bit offset of the start of the
      ; substring.
      ; Registers EAX, EBX, ECX, and EDI are also used by
      ; this "insert" operation.
      ;
      MOV   EDX,EDI     ; preserve original offset for later use
      SHR   EDI,5       ; signed divide offset by 32 (dword address)
      SHL   EDI,2       ; multiply by 4 (in byte address format)
      AND   CL,1FH      ; isolate low five bits of offset in CL
      MOV   EAX,[EDI]strg_base      ; move low string dword into EAX
      MOV   EDX,[EDI]strg_base+4    ; other string dword into EDX
      MOV   EBX,EAX     ; temp storage for part of string     Ώ rotate
      SHRD  EAX,EDX     ; double shift by offset within dword Γ EDX:EAX
      SHRD  EDX,EBX     ; double shift by offset within dword Ω right
      MOV   EAX,ESI     ; move 32-bit bit field into position
      MOV   EBX,EAX     ; temp storage for part of string         Ώ rotate
      SHLD  EAX,EDX     ; double shift back by offset within word Γ EDX:EAX
      SHLD  EDX,EBX     ; double shift back by offset within word Ω left
      MOV   [EDI]strg_base,EAX      ; replace dword in memory
      MOV   [EDI]strg_base,+4,EDX   ; replace dword in memory

  4.  Bit String Extract from Memory (when bit string is 1-25 bits long,
      i.e., spans four bytes or less):

      ; Extract a right-justified bit string from memory bit
      ; string into register
      ;
      ; Assumptions:
      ; 1) The base of the string array is dword aligned, and
      ; 2) the length of the bit string is an immediate value
      ;    but the bit offset is held in a register.
      ;
      ; Register EAX holds the right-justified, zero-padded
      ; bit string that was extracted.
      ; Register EDI holds the bit offset of the start of the
      ; substring.
      ; Registers EDI, and ECX are also used by this "extract."
      ;
      MOV  ECX,EDI      ; temp storage for offset
      SHR  EDI,3        ; signed divide offset by 8 (byte address)
      AND  CL,7H        ; isolate low three bits of offset
      MOV  EAX,[EDI]strg_base       ; move string dword into EAX
      SHR  EAX,CL       ; shift by offset within dword
      AND  EAX,mask     ; extracted bit field in EAX

  5.  Bit String Extract from Memory (when bit string is 1-32 bits long, 
      i.e., spans five bytes or less):

      ; Extract a right-justified bit string from memory bit
      ; string into register.
      ;
      ; Assumptions:
      ; 1) The base of the string array is dword aligned, and
      ; 2) the length of the bit string is an immediate
      ;    value but the bit offset is held in a register.
      ;
      ; Register EAX holds the right-justified, zero-padded
      ; bit string that was extracted.
      ; Register EDI holds the bit offset of the start of the
      ; substring.
      ; Registers EAX, EBX, and ECX are also used by this "extract."
      MOV   ECX,EDI     ; temp storage for offset
      SHR   EDI,5       ; signed divide offset by 32 (dword address)
      SHL   EDI,2       ; multiply by 4 (in byte address format)
      AND   CL,1FH      ; isolate low five bits of offset in CL
      MOV   EAX,[EDI]strg_base      ; move low string dword into EAX
      MOV   EDX,[EDI]strg_base+4    ; other string dword into EDX
      SHRD  EAX,EDX,CL  ; double shift right by offset within dword
      AND   EAX,mask    ; extracted bit field in EAX


3.4.5  Byte-Set-On-Condition Instructions

This group of instructions sets a byte to zero or one depending on any of
the 16 conditions defined by the status flags. The byte may be in memory or
may be a one-byte general register. These instructions are especially useful
for implementing Boolean expressions in high-level languages such as Pascal.

SETcc (Set Byte on Condition cc) set a byte to one if condition cc is true;
sets the byte to zero otherwise. Refer to Appendix D for a definition of
the possible conditions.


3.4.6  Test Instruction

TEST (Test) performs the logical "and" of the two operands, clears OF and
CF, leaves AF undefined, and updates SF, ZF, and PF. The flags can be tested
by conditional control transfer instructions or by the byte-set-on-condition
instructions. The operands may be doublewords, words, or bytes.

The difference between TEST and AND is that TEST does not alter the
destination operand. TEST differs from BT in that TEST is useful for testing
the value of multiple bits in one operations, whereas BT tests a single bit.


3.5  Control Transfer Instructions

The 80386 provides both conditional and unconditional control transfer
instructions to direct the flow of execution. Conditional control transfers
depend on the results of operations that affect the flag register.
Unconditional control transfers are always executed.


3.5.1  Unconditional Transfer Instructions

JMP, CALL, RET, INT and IRET instructions transfer control from one code
segment location to another. These locations can be within the same code
segment (near control transfers) or in different code segments (far control
transfers). The variants of these instructions that transfer control to
other segments are discussed in a later section of this chapter. If the
model of memory organization used in a particular 80386 application does
not make segments visible to applications programmers, intersegment control
transfers will not be used.


3.5.1.1  Jump Instruction

JMP (Jump) unconditionally transfers control to the target location. JMP is
a one-way transfer of execution; it does not save a return address on the
stack.

The JMP instruction always performs the same basic function of transferring
control from the current location to a new location. Its implementation
varies depending on whether the address is specified directly within the
instruction or indirectly through a register or memory.

A direct JMP instruction includes the destination address as part of the
instruction. An indirect JMP instruction obtains the destination address
indirectly through a register or a pointer variable.

Direct near JMP. A direct JMP uses a relative displacement value contained
in the instruction. The displacement is signed and the size of the
displacement may be a byte, word, or doubleword. The processor forms an
effective address by adding this relative displacement to the address
contained in EIP. When the additions have been performed, EIP refers to the
next instruction to be executed.

Indirect near JMP. Indirect JMP instructions specify an absolute address in
one of several ways:

  1.  The program can JMP to a location specified by a general register
      (any of EAX, EDX, ECX, EBX, EBP, ESI, or EDI). The processor moves
      this 32-bit value into EIP and resumes execution.

  2.  The processor can obtain the destination address from a memory
      operand specified in the instruction.

  3.  A register can modify the address of the memory pointer to select a
      destination address.


3.5.1.2  Call Instruction

CALL (Call Procedure) activates an out-of-line procedure, saving on the
stack the address of the instruction following the CALL for later use by a
RET (Return) instruction. CALL places the current value of EIP on the stack.
The RET instruction in the called procedure uses this address to transfer
control back to the calling program.

CALL instructions, like JMP instructions have relative, direct, and
indirect versions.

Indirect CALL instructions specify an absolute address in one of these
ways:

  1.  The program can CALL a location specified by a general register (any
      of EAX, EDX, ECX, EBX, EBP, ESI, or EDI). The processor moves this
      32-bit value into EIP.

  2.  The processor can obtain the destination address from a memory
      operand specified in the instruction.


3.5.1.3  Return and Return-From-Interrupt Instruction

RET (Return From Procedure) terminates the execution of a procedure and
transfers control through a back-link on the stack to the program that
originally invoked the procedure. RET restores the value of EIP that was
saved on the stack by the previous CALL instruction.

RET instructions may optionally specify an immediate operand. By adding
this constant to the new top-of-stack pointer, RET effectively removes any
arguments that the calling program pushed on the stack before the execution
of the CALL instruction.

IRET (Return From Interrupt) returns control to an interrupted procedure.
IRET differs from RET in that it also pops the flags from the stack into the
flags register. The flags are stored on the stack by the interrupt
mechanism.


3.5.2  Conditional Transfer Instructions

The conditional transfer instructions are jumps that may or may not
transfer control, depending on the state of the CPU flags when the
instruction executes.


3.5.2.1  Conditional Jump Instructions

Table 3-2 shows the conditional transfer mnemonics and their
interpretations. The conditional jumps that are listed as pairs are actually
the same instruction. The assembler provides the alternate mnemonics for
greater clarity within a program listing.

Conditional jump instructions contain a displacement which is added to the
EIP register if the condition is true. The displacement may be a byte, a
word, or a doubleword. The displacement is signed; therefore, it can be used
to jump forward or backward.


Table 3-2. Interpretation of Conditional Transfers

Unsigned Conditional Transfers

Mnemonic         Condition Tested          "Jump If..."

JA/JNBE           (CF or ZF) = 0           above/not below nor equal
JAE/JNB           CF = 0                   above or equal/not below
JB/JNAE           CF = 1                   below/not above nor equal
JBE/JNA           (CF or ZF) = 1           below or equal/not above
JC                CF = 1                   carry
JE/JZ             ZF = 1                   equal/zero
JNC               CF = 0                   not carry
JNE/JNZ           ZF = 0                   not equal/not zero
JNP/JPO           PF = 0                   not parity/parity odd
JP/JPE            PF = 1                   parity/parity even

Signed Conditional Transfers

Mnemonic         Condition Tested          "Jump If..."
JG/JNLE          ((SF xor OF) or ZF) = 0   greater/not less nor equal
JGE/JNL          (SF xor OF) = 0           greater or equal/not less
JL/JNGE          (SF xor OF) = 1           less/not greater nor equal
JLE/JNG          ((SF xor OF) or ZF) = 1   less or equal/not greater
JNO              OF = 0                    not overflow
JNS              SF = 0                    not sign (positive, including 0)
JO               OF = 1                    overflow
JS               SF = 1                    sign (negative)


3.5.2.2  Loop Instructions

The loop instructions are conditional jumps that use a value placed in ECX
to specify the number of repetitions of a software loop. All loop
instructions automatically decrement ECX and terminate the loop when ECX=0.
Four of the five loop instructions specify a condition involving ZF that
terminates the loop before ECX reaches zero.

LOOP (Loop While ECX Not Zero) is a conditional transfer that automatically
decrements the ECX register before testing ECX for the branch condition. If
ECX is non-zero, the program branches to the target label specified in the
instruction. The LOOP instruction causes the repetition of a code section
until the operation of the LOOP instruction decrements ECX to a value of
zero. If LOOP finds ECX=0, control transfers to the instruction immediately
following the LOOP instruction. If the value of ECX is initially zero, then
the LOOP executes 2^(32) times.

LOOPE (Loop While Equal) and LOOPZ (Loop While Zero) are synonyms for the
same instruction. These instructions automatically decrement the ECX
register before testing ECX and ZF for the branch conditions. If ECX is
non-zero and ZF=1, the program branches to the target label specified in the
instruction. If LOOPE or LOOPZ finds that ECX=0 or ZF=0, control transfers
to the instruction immediately following the LOOPE or LOOPZ instruction.

LOOPNE (Loop While Not Equal) and LOOPNZ (Loop While Not Zero) are synonyms
for the same instruction. These instructions automatically decrement the ECX
register before testing ECX and ZF for the branch conditions. If ECX is
non-zero and ZF=0, the program branches to the target label specified in the
instruction. If LOOPNE or LOOPNZ finds that ECX=0 or ZF=1, control transfers
to the instruction immediately following the LOOPNE or LOOPNZ instruction.


3.5.2.3  Executing a Loop or Repeat Zero Times

JCXZ (Jump if ECX Zero) branches to the label specified in the instruction
if it finds a value of zero in ECX. JCXZ is useful in combination with the
LOOP instruction and with the string scan and compare instructions, all of
which decrement ECX. Sometimes, it is desirable to design a loop that
executes zero times if the count variable in ECX is initialized to zero.
Because the LOOP instructions (and repeat prefixes) decrement ECX before
they test it, a loop will execute 2^(32) times if the program enters the
loop with a zero value in ECX. A programmer may conveniently overcome this
problem with JCXZ, which enables the program to branch around the code
within the loop if ECX is zero when JCXZ executes. When used with repeated
string scan and compare instructions, JCXZ can determine whether the
repetitions terminated due to zero in ECX or due to satisfaction of the
scan or compare conditions.


3.5.3  Software-Generated Interrupts

The INT n, INTO, and BOUND instructions allow the programmer to specify a
transfer to an interrupt service routine from within a program.

INT n (Software Interrupt) activates the interrupt service routine that
corresponds to the number coded within the instruction. The INT instruction
may specify any interrupt type. Programmers may use this flexibility to
implement multiple types of internal interrupts or to test the operation of
interrupt service routines. (Interrupts 0-31 are reserved by Intel.) The
interrupt service routine terminates with an IRET instruction that returns
control to the instruction that follows INT.

INTO (Interrupt on Overflow) invokes interrupt 4 if OF is set. Interrupt 4
is reserved for this purpose. OF is set by several arithmetic, logical, and
string instructions.

BOUND (Detect Value Out of Range) verifies that the signed value contained
in the specified register lies within specified limits. An interrupt (INT 5)
occurs if the value contained in the register is less than the lower bound
or greater than the upper bound.

The BOUND instruction includes two operands. The first operand specifies
the register being tested. The second operand contains the effective
relative address of the two signed BOUND limit values. The BOUND instruction
assumes that the upper limit and lower limit are in adjacent memory
locations. These limit values cannot be register operands; if they are, an
invalid opcode exception occurs.

BOUND is useful for checking array bounds before using a new index value to
access an element within the array. BOUND provides a simple way to check the
value of an index register before the program overwrites information in a
location beyond the limit of the array.

The block of memory that specifies the lower and upper limits of an array
might typically reside just before the array itself. This makes the array
bounds accessible at a constant offset from the beginning of the array.
Because the address of the array will already be present in a register, this
practice avoids extra calculations to obtain the effective address of the
array bounds.

The upper and lower limit values may each be a word or a doubleword.


3.6  String and Character Translation Instructions

The instructions in this category operate on strings rather than on logical
or numeric values. Refer also to the section on I/O for information about
the string I/O instructions (also known as block I/O).

The power of 80386 string operations derives from the following features of
the architecture:

1.  A set of primitive string operations

   MOVS   ΔΔ Move String
   CMPS   ΔΔ Compare string
   SCAS   ΔΔ Scan string
   LODS   ΔΔ Load string
   STOS   ΔΔ Store string

2.  Indirect, indexed addressing, with automatic incrementing or
    decrementing of the indexes.

   Indexes:

      ESI    ΔΔ Source index register
      EDI    ΔΔ Destination index register

   Control flag:

      DF     ΔΔ Direction flag

   Control flag instructions:

      CLD    ΔΔ Clear direction flag instruction
      STD    ΔΔ Set direction flag instruction

3.  Repeat prefixes

   REP          ΔΔ Repeat while ECX not xero
   REPE/REPZ    ΔΔ Repeat while equal or zero
   REPNE/REPNZ  ΔΔ Repeat while not equal or not zero

The primitive string operations operate on one element of a string. A
string element may be a byte, a word, or a doubleword. The string elements
are addressed by the registers ESI and EDI. After every primitive operation
ESI and/or EDI are automatically updated to point to the next element of the
string. If the direction flag is zero, the index registers are incremented;
if one, they are decremented. The amount of the increment or decrement is
1, 2, or 4 depending on the size of the string element.


3.6.1  Repeat Prefixes

The repeat prefixes REP (Repeat While ECX Not Zero), REPE/REPZ (Repeat
While Equal/Zero), and REPNE/REPNZ (Repeat While Not Equal/Not Zero) specify
repeated operation of a string primitive. This form of iteration allows the
CPU to process strings much faster than would be possible with a regular
software loop.

When a primitive string operation has a repeat prefix, the operation is
executed repeatedly, each time using a different element of the string. The
repetition terminates when one of the conditions specified by the prefix is
satisfied.

At each repetition of the primitive instruction, the string operation may
be suspended temporarily in order to handle an exception or external
interrupt. After the interruption, the string operation can be restarted
again where it left off. This method of handling strings allows operations
on strings of arbitrary length, without affecting interrupt response.

All three prefixes causes the hardware to automatically repeat the
associated string primitive until ECX=0. The differences among the repeat
prefixes have to do with the second termination condition. REPE/REPZ and
REPNE/REPNZ are used exclusively with the SCAS (Scan String) and CMPS
(Compare String) primitives. When these prefixes are used, repetition of the
next instruction depends on the zero flag (ZF) as well as the ECX register.
ZF does not require initialization before execution of a repeated string
instruction, because both SCAS and CMPS set ZF according to the results of
the comparisons they make. The differences are summarized in the
accompanying table.

Prefix                      Termination         Termination
                            Condition 1         Condition 2

REP                           ECX = 0             (none)
REPE/REPZ                     ECX = 0             ZF = 0
REPNE/REPNZ                   ECX = 0             ZF = 1


3.6.2  Indexing and Direction Flag Control

The addresses of the operands of string primitives are determined by the
ESI and EDI registers. ESI points to source operands. By default, ESI refers
to a location in the segment indicated by the DS segment register. A
segment-override prefix may be used, however, to cause ESI to refer to CS,
SS, ES, FS, or GS. EDI points to destination operands in the segment
indicated by ES; no segment override is possible. The use of two different
segment registers in one instruction allows movement of strings between
different segments.

This use of ESI and DSI has led to the descriptive names source index and
destination index for the ESI and EDI registers, respectively. In all
cases other than string instructions, however, the ESI and EDI registers may
be used as general-purpose registers.

When ESI and EDI are used in string primitives, they are automatically
incremented or decremented after to operation. The direction flag determines
whether they are incremented or decremented. The instruction CLD puts zero
in DF, causing the index registers to be incremented; the instruction STD
puts one in DF, causing the index registers to be decremented. Programmers
should always put a known value in DF before using string instructions in a
procedure.


3.6.3  String Instructions

MOVS (Move String) moves the string element pointed to by ESI to the
location pointed to by EDI. MOVSB operates on byte elements, MOVSW operates
on word elements, and MOVSD operates on doublewords. The destination segment
register cannot be overridden by a segment override prefix, but the source
segment register can be overridden.

The MOVS instruction, when accompanied by the REP prefix, operates as a
memory-to-memory block transfer. To set up for this operation, the program
must initialize ECX and the register pairs ESI and EDI. ECX specifies the
number of bytes, words, or doublewords in the block.

If DF=0, the program must point ESI to the first element of the source
string and point EDI to the destination address for the first element. If
DF=1, the program must point these two registers to the last element of the
source string and to the destination address for the last element,
respectively.

CMPS (Compare Strings) subtracts the destination string element (at ES:EDI)
from the source string element (at ESI) and updates the flags AF, SF, PF, CF
and OF. If the string elements are equal, ZF=1; otherwise, ZF=0. If DF=0,
the processor increments the memory pointers (ESI and EDI) for the two
strings. CMPSB compares bytes, CMPSW compares words, and CMPSD compares
doublewords. The segment register used for the source address can be changed
with a segment override prefix while the destination segment register
cannot be overridden.

SCAS (Scan String) subtracts the destination string element at ES:EDI from
EAX, AX, or AL and updates the flags AF, SF, ZF, PF, CF and OF. If the
values are equal, ZF=1; otherwise, ZF=0. If DF=0, the processor increments
the memory pointer (EDI) for the string. SCASB scans bytes; SCASW scans
words; SCASD scans doublewords. The destination segment register (ES) cannot
be overridden.

When either the REPE or REPNE prefix modifies either the SCAS or CMPS
primitives, the processor compares the value of the current string element
with the value in EAX for doubleword elements, in AX for word elements, or
in AL for byte elements. Termination of the repeated operation depends on
the resulting state of ZF as well as on the value in ECX.

LODS (Load String) places the source string element at ESI into EAX for
doubleword strings, into AX for word strings, or into AL for byte strings.
LODS increments or decrements ESI according to DF.

STOS (Store String) places the source string element from EAX, AX, or AL
into the string at ES:DSI. STOS increments or decrements EDI according to
DF.


3.7  Instructions for Block-Structured Languages

The instructions in this section provide machine-language support for
functions normally found in high-level languages. These instructions include
ENTER and LEAVE, which simplify the programming of procedures.

ENTER (Enter Procedure) creates a stack frame that may be used to implement
the scope rules of block-structured high-level languages. A LEAVE
instruction at the end of a procedure complements an ENTER at the beginning
of the procedure to simplify stack management and to control access to
variables for nested procedures.

The ENTER instruction includes two parameters. The first parameter
specifies the number of bytes of dynamic storage to be allocated on the
stack for the routine being entered. The second parameter corresponds to the
lexical nesting level (0-31) of the routine. (Note that the lexical level
has no relationship to either the protection privilege levels or to the I/O
privilege level.)

The specified lexical level determines how many sets of stack frame
pointers the CPU copies into the new stack frame from the preceding frame.
This list of stack frame pointers is sometimes called the display. The first
word of the display is a pointer to the last stack frame. This pointer
enables a LEAVE instruction to reverse the action of the previous ENTER
instruction by effectively discarding the last stack frame.

   Example: ENTER 2048,3

   Allocates 2048 bytes of dynamic storage on the stack and sets up pointers
   to two previous stack frames in the stack frame that ENTER creates for
   this procedure.

After ENTER creates the new display for a procedure, it allocates the
dynamic storage space for that procedure by decrementing ESP by the number
of bytes specified in the first parameter. This new value of ESP serves as a
starting point for all PUSH and POP operations within that procedure.

To enable a procedure to address its display, ENTER leaves EBP pointing to
the beginning of the new stack frame. Data manipulation instructions that
specify EBP as a base register implicitly address locations within the stack
segment instead of the data segment.

The ENTER instruction can be used in two ways: nested and non-nested. If
the lexical level is 0, the non-nested form is used. Since the second
operand is 0, ENTER pushes EBP, copies ESP to EBP and then subtracts the
first operand from ESP. The nested form of ENTER occurs when the second
parameter (lexical level) is not 0.

Figure 3-16 gives the formal definition of ENTER.

The main procedure (with other procedures nested within) operates at the
highest lexical level, level 1. The first procedure it calls operates at the
next deeper lexical level, level 2. A level 2 procedure can access the
variables of the main program which are at fixed locations specified by the
compiler. In the case of level 1, ENTER allocates only the requested
dynamic storage on the stack because there is no previous display to copy.

A program operating at a higher lexical level calling a program at a lower
lexical level requires that the called procedure should have access to the
variables of the calling program. ENTER provides this access through a
display that provides addressability to the calling program's stack frame.

A procedure calling another procedure at the same lexical level implies
that they are parallel procedures and that the called procedure should not
have access to the variables of the calling procedure. In this case, ENTER
copies only that portion of the display from the calling procedure which
refers to previously nested procedures operating at higher lexical levels.
The new stack frame does not include the pointer for addressing the calling
procedure's stack frame.

ENTER treats a reentrant procedure as a procedure calling another procedure
at the same lexical level. In this case, each succeeding iteration of the
reentrant procedure can address only its own variables and the variables of
the calling procedures at higher lexical levels. A reentrant procedure can
always address its own variables; it does not require pointers to the stack
frames of previous iterations.

By copying only the stack frame pointers of procedures at higher lexical
levels, ENTER makes sure that procedures access only those variables of
higher lexical levels, not those at parallel lexical levels (see Figure
3-17). Figures 3-18 through 3-21 demonstrate the actions of the ENTER
instruction if the modules shown in Figure 3-17 were to call one another in
alphabetic order.

Block-structured high-level languages can use the lexical levels defined by
ENTER to control access to the variables of previously nested procedures.
Referring to Figure 3-17 for example, if PROCEDURE A calls PROCEDURE B
which, in turn, calls PROCEDURE C, then PROCEDURE C will have access to the
variables of MAIN and PROCEDURE A, but not PROCEDURE B because they operate
at the same lexical level. Following is the complete definition of access to
variables for Figure 3-17.

  1.  MAIN PROGRAM has variables at fixed locations.

  2.  PROCEDURE A can access only the fixed variables of MAIN.

  3.  PROCEDURE B can access only the variables of PROCEDURE A and MAIN.
      PROCEDURE B cannot access the variables of PROCEDURE C or PROCEDURE D.

  4.  PROCEDURE C can access only the variables of PROCEDURE A and MAIN.
      PROCEDURE C cannot access the variables of PROCEDURE B or PROCEDURE D.

  5.  PROCEDURE D can access the variables of PROCEDURE C, PROCEDURE A, and
      MAIN. PROCEDURE D cannot access the variables of PROCEDURE B.

ENTER at the beginning of the MAIN PROGRAM creates dynamic storage space
for MAIN but copies no pointers. The first and only word in the display
points to itself because there is no previous value for LEAVE to return to
EBP. See Figure 3-18.

After MAIN calls PROCEDURE A, ENTER creates a new display for PROCEDURE A
with the first word pointing to the previous value of EBP (BPM for LEAVE to
return to the MAIN stack frame) and the second word pointing to the current
value of EBP. Procedure A can access variables in MAIN since MAIN is at
level 1. Therefore the base for the dynamic storage for MAIN is at [EBP-2].
All dynamic variables for MAIN are at a fixed offset from this value. See
Figure 3-19.

After PROCEDURE A calls PROCEDURE B, ENTER creates a new display for
PROCEDURE B with the first word pointing to the previous value of EBP, the
second word pointing to the value of EBP for MAIN, and the third word
pointing to the value of EBP for A and the last word pointing to the current
EBP. B can access variables in A and MAIN by fetching from the display the
base addresses of the respective dynamic storage areas. See Figure 3-20.

After PROCEDURE B calls PROCEDURE C, ENTER creates a new display for
PROCEDURE C with the first word pointing to the previous value of EBP, the
second word pointing to the value of EBP for MAIN, and the third word
pointing to the EBP value for A and the third word pointing to the current
value of EBP. Because PROCEDURE B and PROCEDURE C have the same lexical
level, PROCEDURE C is not allowed access to variables in B and therefore
does not receive a pointer to the beginning of PROCEDURE B's stack frame.
See Figure 3-21.

LEAVE (Leave Procedure) reverses the action of the previous ENTER
instruction. The LEAVE instruction does not include any operands. LEAVE
copies EBP to ESP to release all stack space allocated to the procedure by
the most recent ENTER instruction. Then LEAVE pops the old value of EBP from
the stack. A subsequent RET instruction can then remove any arguments that
were pushed on the stack by the calling program for use by the called
procedure.


Figure 3-16.  Formal Definition of the ENTER Instruction

The formal definition of the ENTER instruction for all cases is given by the
following listing. LEVEL denotes the value of the second operand.

Push EBP
Set a temporary value FRAME_PTR := ESP
If LEVEL > 0 then
      Repeat (LEVEL-1) times:
          EBP :=EBP - 4
          Push the doubleword pointed to by EBP
      End repeat
      Push FRAME_PTR
End if
EBP := FRAME_PTR
ESP := ESP - first operand.


Figure 3-17.  Variable Access in Nested Procedures

      ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
      Ί                MAIN PROCEDURE (LEXICAL LEVEL 1)                Ί
      Ί   ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»   Ί
      Ί   Ί              PROCEDURE A (LEXICAL LEVEL 2)             Ί   Ί
      Ί   Ί  ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»  Ί   Ί
      Ί   Ί  Ί           PROCEDURE B (LEXICAL LEVEL 3)          Ί  Ί   Ί
      Ί   Ί  ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ  Ί   Ί
      Ί   Ί                                                        Ί   Ί
      Ί   Ί  ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»  Ί   Ί
      Ί   Ί  Ί           PROCEDURE C (LEXICAL LEVEL 3)          Ί  Ί   Ί
      Ί   Ί  Ί  ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»  Ί  Ί   Ί
      Ί   Ί  Ί  Ί        PROCEDURE D (LEXICAL LEVEL 4)       Ί  Ί  Ί   Ί
      Ί   Ί  Ί  ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ  Ί  Ί   Ί
      Ί   Ί  Ί                                                  Ί  Ί   Ί
      Ί   Ί  ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ  Ί   Ί
      Ί   Ί                                                        Ί   Ί
      Ί   ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ   Ί
      Ί                                                                Ί
      ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ


Figure 3-18.  Stack Frame for MAIN at Level 1

                                      31          0 
                D  O                 Ί               Ί
                I  F              ΪΔ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                R                 ³  Ί    OLD ESP    Ί
                E  E     DISPLAY Δ΄  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔEBP FOR
                C  X              ³  Ί      EBPM
EBPM = EBP VALUE FOR MAIN    Ί    MAIN
                T  P              ΖΝ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                I  A              ³  Ί               Ί
                O  N              ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                N  S     DYNAMIC Δ΄  Ί               Ί
                   I     STORAGE  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                 ³ O              ³  Ί               Ί
                 ³ N              ΐΔ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP
                 ³                   Ί               Ί
                                                   


Figure 3-19.  Stack Frame for Procedure A

                                      31          0 
                D  O                 Ί               Ί
                I  F                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                R                    Ί    OLD ESP    Ί
                E  E                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                C  X                 Ί      EBPM
EBPM = EBP VALUE FOR MAIN    Ί
                T  P                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                I  A                 Ί               Ί
                O  N                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                N  S                 Ί               Ί
                   I                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                 ³ O                 Ί               Ί
                 ³ N              ΪΔ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                 ³                ³  Ί      EBPM     Ί
                                 ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔEBP FOR A
                         DISPLAY Δ΄  Ί      EBPM     Ί
                                  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί      EBPA
EBPA = EBP VALUE FOR PROCEDURE A    Ί
                                  ΖΝ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί               Ί
                                  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                         DYNAMIC Δ΄  Ί               Ί
                         STORAGE  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί               Ί
                                  ΐΔ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP
                                     Ί               Ί
                                                    


Figure 3-20.  Stack Frame for Procedure B at Level 3 Called from A

                                      31          0 
                D  O                 Ί               Ί
                I  F                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                R                    Ί    OLD ESP    Ί
                E  E                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                C  X                 Ί      EBPM
EBPM = EBP VALUE FOR MAIN    Ί
                T  P                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                I  A                 Ί               Ί
                O  N                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                N  S                 Ί               Ί
                   I                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                 ³ O                 Ί               Ί
                 ³ N                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                 ³                   Ί      EBPM     Ί
                                    ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                     Ί      EBPM     Ί
                                     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                     Ί      EBPA     Ί
                                     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                     Ί               Ί
                                     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                     Ί               Ί
                                     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                     Ί               Ί
                                  ΪΔ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί      EBPA     Ί
                                  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔEBP
                                  ³  Ί      EBPM     Ί
                         DISPLAY Δ΄  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί      EBPA     Ί
                                  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί      EBPB
EBPB = EBP VALUE FOR PROCEDURE B    Ί
                                  ΖΝ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί               Ί
                                  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                         DYNAMIC Δ΄  Ί               Ί
                         STORAGE  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί               Ί
                                  ΐΔ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP
                                     Ί               Ί
                                                    


Figure 3-21.  Stack Frame for Procedure C at Level 3 Called from B

                                      31          0 
                D  O                 Ί               Ί
                I  F                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                R                    Ί    OLD ESP    Ί
                E  E                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                C  X                 Ί      EBPM
EBPM = EBP VALUE FOR MAIN    Ί
                T  P                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                I  A                 Ί               Ί
                O  N                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                N  S                 Ί               Ί
                   I                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                 ³ O                 Ί               Ί
                 ³ N                 ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                 ³                   Ί      EBPM     Ί
                                    ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                     Ί      EBPM     Ί
                                     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                     Ί      EBPA
EBPA = EBP VALUE FOR PROCEDURE A    Ί
                                     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                     Ί               Ί
                                     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                     Ί               Ί
                                     ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                     Ί               Ί
                                  ΪΔ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί      EBPA     Ί
                                  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔEBP
                                  ³  Ί      EBPM     Ί
                         DISPLAY Δ΄  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί      EBPA     Ί
                                  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί      EBPB
EBPB = EBP VALUE FOR PROCEDURE B    Ί
                                  ΖΝ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί               Ί
                                  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                         DYNAMIC Δ΄  Ί               Ί
                         STORAGE  ³  ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉ
                                  ³  Ί               Ί
                                  ΐΔ ΜΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΉΔΔESP
                                     Ί               Ί
                                                    


3.8  Flag Control Instructions

The flag control instructions provide a method for directly changing the
state of bits in the flag register.


3.8.1  Carry and Direction Flag Control Instructions

The carry flag instructions are useful in conjunction with
rotate-with-carry instructions RCL and RCR. They can initialize the carry
flag, CF, to a known state before execution of a rotate that moves the carry
bit into one end of the rotated operand.

The direction flag control instructions are specifically included to set or
clear the direction flag, DF, which controls the left-to-right or
right-to-left direction of string processing. If DF=0, the processor
automatically increments the string index registers, ESI and EDI, after each
execution of a string primitive. If DF=1, the processor decrements these
index registers. Programmers should use one of these instructions before any
procedure that uses string instructions to insure that DF is set properly.

Flag Control Instruction                  Effect

STC (Set Carry Flag)                      CF  1
CLC (Clear Carry Flag)                    CF  0
CMC (Complement Carry Flag)               CF  NOT (CF)
CLD (Clear Direction Flag)                DF  0
STD (Set Direction Flag)                  DF  1


3.8.2  Flag Transfer Instructions

Though specific instructions exist to alter CF and DF, there is no direct
method of altering the other applications-oriented flags. The flag transfer
instructions allow a program to alter the other flag bits with the bit
manipulation instructions after transferring these flags to the stack or the
AH register.

The instructions LAHF and SAHF deal with five of the status flags, which
are used primarily by the arithmetic and logical instructions.

LAHF (Load AH from Flags) copies SF, ZF, AF, PF, and CF to AH bits 7, 6, 4,
2, and 0, respectively (see Figure 3-22). The contents of the remaining bits
(5, 3, and 1) are undefined. The flags remain unaffected.

SAHF (Store AH into Flags) transfers bits 7, 6, 4, 2, and 0 from AH into
SF, ZF, AF, PF, and CF, respectively (see Figure 3-22).

The PUSHF and POPF instructions are not only useful for storing the flags
in memory where they can be examined and modified but are also useful for
preserving the state of the flags register while executing a procedure.

PUSHF (Push Flags) decrements ESP by two and then transfers the low-order
word of the flags register to the word at the top of stack pointed to by ESP
(see Figure 3-23). The variant PUSHFD decrements ESP by four, then
transfers both words of the extended flags register to the top of the stack
pointed to by ESP (the VM and RF flags are not moved, however).

POPF (Pop Flags) transfers specific bits from the word at the top of stack
into the low-order byte of the flag register (see Figure 3-23), then
increments ESP by two. The variant POPFD transfers specific bits from the
doubleword at the top of the stack into the extended flags register (the RF
and VM flags are not changed, however), then increments ESP by four.


Figure 3-22.  LAHF and SAHF

                     7    6    5    4    3    2    1    0
                   ΙΝΝΝΝΛΝΝΝΝΛΝΝΝΝΛΝΝΝΝΛΝΝΝΝΛΝΝΝΝΛΝΝΝΝΛΝΝΝΝ»
                   Ί SF Ί ZF Ί UU Ί AF Ί UU Ί PF Ί UU Ί CF Ί
                   ΘΝΝΝΝΚΝΝΝΝΚΝΝΝΝΚΝΝΝΝΚΝΝΝΝΚΝΝΝΝΚΝΝΝΝΚΝΝΝΝΌ

     LAHF LOADS FIVE FLAGS FROM THE FLAG REGISTER INTO REGISTER AH. SAHF
     STORES THESE SAME FIVE FLAGS FROM AH INTO THE FLAG REGISTER. THE BIT
     POSITION OF EACH FLAG IS THE SAME IN AH AS IT IS IN THE FLAG REGISTER.
     THE REMAINING BITS (MARKED UU) ARE RESERVED; DO NOT DEFINE.


3.9  Coprocessor Interface Instructions

A numerics coprocessor (e.g., the 80387 or 80287) provides an extension to
the instruction set of the base architecture. The coprocessor extends the
instruction set of the base architecture to support high-precision integer
and floating-point calculations. This extended instruction set includes
arithmetic, comparison, transcendental, and data transfer instructions. The
coprocessor also contains a set of useful constants to enhance the speed of
numeric calculations.

A program contains instructions for the coprocessor in line with the
instructions for the CPU. The system executes these instructions in the same
order as they appear in the instruction stream. The coprocessor operates
concurrently with the CPU to provide maximum throughput for numeric
calculations.

The 80386 also has features to support emulation of the numerics
coprocessor when the coprocessor is absent. The software emulation of the
coprocessor is transparent to application software but requires more time
for execution. Refer to Chapter 11 for more information on coprocessor
emulation.

ESC (Escape) is a 5-bit sequence that begins the opcodes that identify
floating point numeric instructions. The ESC pattern tells the 80386 to send
the opcode and addresses of operands to the numerics coprocessor. The
numerics coprocessor uses the escape instructions to perform
high-performance, high-precision floating point arithmetic that conforms to
the IEEE floating point standard 754.

WAIT (Wait) is an 80386 instruction that suspends program execution until
the 80386 CPU detects that the BUSY pin is inactive. This condition
indicates that the coprocessor has completed its processing task and that
the CPU may obtain the results.


Figure 3-23.  Flag Format for PUSHF and POPF

                                PUSHFD/POPFD
     ΪΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΑΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΏ
                                                  PUSHF/POPF
                                     ΪΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΑΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΏ
      31              23               15                7           0
     ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΡΝΡΝΡΝΡΝΡΝΝΝΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝΡΝ»
     Ί                           ³V³R³ ³N³ID  ³O³D³I³T³S³Z³ ³A³ ³P³ ³CΊ
     Ί0 0 0 0 0 0 0 0 0 0 0 0 0 0³ ³ ³0³ ³    ³ ³ ³ ³ ³ ³ ³0³ ³0³ ³1³ Ί
     Ί                           ³M³F³ ³T³  PL³F³F³F³F³F³F³ ³F³ ³F³ ³FΊ
     ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΨΝΝΝΝΝΝΝΝΝΝΝΟΝΟΝΟΝΟΝΟΝΝΝΝΟΝΟΝΟΝΟΝΟΝΟΝΟΝΟΝΟΝΟΝΟΝΟΝΌ

     BITS MARKED 0 AND 1 ARE RESERVED BY INTEL. DO NOT DEFINE.

   SYSTEMS FLAGS (INCLUDING THE IOPL FIELD, AND THE VM, RF, AND IF FLAGS)
   ARE PUSHED AND ARE VISIBLE TO APPLICATIONS PROGRAMS. HOWEVER, WHEN AN
   APPLICATIONS PROGRAM POPS THE FLAGS, THESE ITEMS ARE NOT CHANGED,
   REGARDLESS OF THE VALUES POPPED INTO THEM.


3.10  Segment Register Instructions

This category actually includes several distinct types of instructions.
These various types are grouped together here because, if systems designers
choose an unsegmented model of memory organization, none of these
instructions is used by applications programmers. The instructions that deal
with segment registers are:

1.  Segment-register transfer instructions.

   MOV SegReg, ...
   MOV ..., SegReg
   PUSH SegReg
   POP SegReg

2.  Control transfers to another executable segment.

   JMP far    ; direct and indirect
   CALL far
   RET far

3.  Data pointer instructions.

   LDS
   LES
   LFS
   LGS
   LSS

Note that the following interrupt-related instructions are different; all
are capable of transferring control to another segment, but the use of
segmentation is not apparent to the applications programmer.

INT n
INTO
BOUND
IRET


3.10.1  Segment-Register Transfer Instructions

The MOV, POP, and PUSH instructions also serve to load and store segment
registers. These variants operate similarly to their general-register
counterparts except that one operand can be a segment register. MOV cannot
move segment register to a segment register. Neither POP nor MOV can place a
value in the code-segment register CS; only the far control-transfer
instructions can change CS.


3.10.2  Far Control Transfer Instructions

The far control-transfer instructions transfer control to a location in
another segment by changing the content of the CS register.

Direct far JMP. Direct JMP instructions that specify a target location
outside the current code segment contain a far pointer. This pointer
consists of a selector for the new code segment and an offset within the new
segment.

Indirect far JMP. Indirect JMP instructions that specify a target location
outside the current code segment use a 48-bit variable to specify the far
pointer.

Far CALL. An intersegment CALL places both the value of EIP and CS on the
stack.

Far RET. An intersegment RET restores the values of both CS and EIP which
were saved on the stack by the previous intersegment CALL instruction.


3.10.3  Data Pointer Instructions

The data pointer instructions load a pointer (consisting of a segment
selector and an offset) to a segment register and a general register.

LDS (Load Pointer Using DS) transfers a pointer variable from the source
operand to DS and the destination register. The source operand must be a
memory operand, and the destination operand must be a general register. DS
receives the segment-selector of the pointer. The destination register
receives the offset part of the pointer, which points to a specific location
within the segment.

Example: LDS ESI, STRING_X

Loads DS with the selector identifying the segment pointed to by a
STRING_X, and loads the offset of STRING_X into ESI.  Specifying ESI as the
destination operand is a convenient way to prepare for a string operation on
a source string that is not in the current data segment.

LES (Load Pointer Using ES) operates identically to LDS except that ES
receives the segment selector rather than DS.

Example: LES EDI, DESTINATION_X

Loads ES with the selector identifying the segment pointed to by
DESTINATION_X, and loads the offset of DESTINATION_X into EDI. This
instruction provides a convenient way to select a destination for a string
operation if the desired location is not in the current extra segment.

LFS (Load Pointer Using FS) operates identically to LDS except that FS
receives the segment selector rather than DS.

LGS (Load Pointer Using GS) operates identically to LDS except that GS
receives the segment selector rather than DS.

LSS (Load Pointer Using SS) operates identically to LDS except that SS
receives the segment selector rather than DS.  This instruction is
especially important, because it allows the two registers that identify the
stack (SS:ESP) to be changed in one uninterruptible operation.  Unlike the
other instructions which load SS, interrupts are not inhibited at the end
of the LSS instruction.  The other instructions (e.g., POP SS) inhibit
interrupts to permit the following instruction to load ESP, thereby forming
an indivisible load of SS:ESP.  Since both SS and ESP can be loaded by LSS,
there is no need to inhibit interrupts.


3.11  Miscellaneous Instructions

The following instructions do not fit in any of the previous categories,
but are nonetheless useful.


3.11.1  Address Calculation Instruction

LEA (Load Effective Address) transfers the offset of the source operand
(rather than its value) to the destination operand.  The source operand must
be a memory operand, and the destination operand must be a general register.
This instruction is especially useful for initializing registers before the
execution of the string primitives (ESI, EDI) or the XLAT instruction (EBX).
The LEA can perform any indexing or scaling that may be needed.

Example: LEA EBX, EBCDIC_TABLE

Causes the processor to place the address of the starting location of the
table labeled EBCDIC_TABLE into EBX.


3.11.2  No-Operation Instruction

NOP (No Operation) occupies a byte of storage but affects nothing but the
instruction pointer, EIP.


3.11.3  Translate Instruction

XLAT (Translate) replaced a byte in the AL register with a byte from a
user-coded translation table. When XLAT is executed, AL should have the
unsigned index to the table addressed by EBX. XLAT changes the contents of
AL from table index to table entry. EBX is unchanged. The XLAT instruction
is useful for translating from one coding system to another such as from
ASCII to EBCDIC.  The translate table may be up to 256 bytes long.  The
value placed in the AL register serves as an index to the location of the
corresponding translation value.

continue

Creato da: Astalalista - Ultima modifica: 26/Gen/2004 alle 02:57
Labelled with ICRA This page is powered by Copyright Button(TM).
Click here to read how this page is protected by copyright laws.
Please send any
comments to Webmaster


KingsClick Sponsor - Click Here
KingsClick-Your Website Deserves to be King