Previous Chapter | Contents | Index
This appendix provides a complete list of the machine instructions which NASM will assemble, and a short description of the function of each one.
It is not intended to be exhaustive documentation on the fine details of the
instructions' function, such as which exceptions they can trigger: for such
documentation, you should go to Intel's Web site,
.
Instead, this appendix is intended primarily to provide documentation on the
way the instructions may be used within NASM. For example, looking up
will tell you that NASM allows
or
to be specified as
an optional second argument to the
instruction,
to enforce which of the two possible counter registers should be used if the
default is not the one desired.
The instructions are not quite listed in alphabetical order, since groups of instructions with similar functions are lumped together in the same entry. Most of them don't move very far from their alphabetic position because of this.
The instruction descriptions in this appendix specify their operands using the following notation:
reg8
denotes an 8-bit general purpose
register, reg16
denotes a 16-bit general purpose
register, and reg32
a 32-bit one.
fpureg
denotes one of the eight FPU stack registers,
mmxreg
denotes one of the eight 64-bit MMX
registers, and segreg
denotes a segment register. In
addition, some registers (such as AL
,
DX
or ECX
) may be
specified explicitly.
imm
denotes a generic
immediate operand. imm8
,
imm16
and imm32
are used
when the operand is intended to be a specific size. For some of these
instructions, NASM needs an explicit specifier: for example, ADD
ESP,16
could be interpreted as either ADD
r/m32,imm32
or ADD r/m32,imm8
. NASM
chooses the former by default, and so you must specify ADD
ESP,BYTE 16
for the latter.
mem
denotes a generic memory
reference; mem8
, mem16
,
mem32
, mem64
and
mem80
are used when the operand needs to be a
specific size. Again, a specifier is needed in some cases: DEC
[address]
is ambiguous and will be rejected by NASM. You must
specify DEC BYTE [address]
, DEC WORD
[address]
or DEC DWORD [address]
instead.
MOV
instruction allows a memory address to be
specified without allowing the normal range of register combinations
and effective address processing. This is denoted by
memoffs8
, memoffs16
and
memoffs32
.
r/m8
is a shorthand for reg8/mem8
; similarly
r/m16
and r/m32
.
r/m64
is MMX-related, and is a shorthand for
mmxreg/mem64
. This appendix also provides the opcodes which NASM will generate for each form of each instruction. The opcodes are listed in the following way:
3F
, indicates a fixed byte
containing that number.
+r
, such as
C8+r
, indicates that one of the operands to the
instruction is a register, and the `register value' of that register should be
added to the hex number to produce the generated byte. For example, EDX has
register value 2, so the code C8+r
, when the
register operand is EDX, generates the hex byte CA
.
Register values for specific registers are given in section
A.2.1.
+cc
, such as
40+cc
, indicates that the instruction name has a
condition code suffix, and the numeric representation of the condition code
should be added to the hex number to produce the generated byte. For example,
the code 40+cc
, when the instruction contains the
NE
condition, generates the hex byte
45
. Condition codes and their numeric
representations are given in section
A.2.2.
/2
,
indicates that one of the operands to the instruction is a memory address or
register (denoted mem
or
r/m
, with an optional size). This is to be encoded
as an effective address, with a ModR/M byte, an optional SIB byte, and an
optional displacement, and the spare (register) field of the ModR/M byte
should be the digit given (which will be from 0 to 7, so it fits in three
bits). The encoding of effective addresses is given in section
A.2.3.
/r
combines the above two: it indicates
that one of the operands is a memory address or r/m
,
and another is a register, and that an effective address should be generated
with the spare (register) field in the ModR/M byte being equal to the
`register value' of the register operand. The encoding of effective addresses
is given in section
A.2.3; register values are given in section
A.2.1.
ib
, iw
and
id
indicate that one of the operands to the
instruction is an immediate value, and that this is to be encoded as a byte,
little-endian word or little-endian doubleword respectively.
rb
, rw
and
rd
indicate that one of the operands to the
instruction is an immediate value, and that the difference between
this value and the address of the end of the instruction is to be encoded as a
byte, word or doubleword respectively. Where the form
rw/rd
appears, it indicates that either
rw
or rd
should be used
according to whether assembly is being performed in BITS
16
or BITS 32
state respectively.
ow
and od
indicate that one of the operands to the instruction is a reference to the
contents of a memory address specified as an immediate value: this encoding is
used in some forms of the MOV
instruction in place
of the standard effective-address mechanism. The displacement is encoded as a
word or doubleword. Again, ow/od
denotes that
ow
or od
should be chosen
according to the BITS
setting.
o16
and o32
indicate that the given form of the instruction should be assembled with
operand size 16 or 32 bits. In other words, o16
indicates a 66
prefix in BITS
32
state, but generates no code in BITS
16
state; and o32
indicates a
66
prefix in BITS 16
state
but generates nothing in BITS 32
.
a16
and a32
,
similarly to o16
and o32
,
indicate the address size of the given form of the instruction. Where this
does not match the BITS
setting, a
67
prefix is required. Where an instruction requires a register value, it is already implicit in the encoding of the rest of the instruction what type of register is intended: an 8-bit general-purpose register, a segment register, a debug register, an MMX register, or whatever. Therefore there is no problem with registers of different types sharing an encoding value.
The encodings for the various classes of register are:
AL
is 0,
CL
is 1, DL
is 2,
BL
is 3, AH
is 4,
CH
is 5, DH
is 6, and
BH
is 7.
AX
is 0,
CX
is 1, DX
is 2,
BX
is 3, SP
is 4,
BP
is 5, SI
is 6, and
DI
is 7.
EAX
is 0,
ECX
is 1, EDX
is 2,
EBX
is 3, ESP
is 4,
EBP
is 5, ESI
is 6, and
EDI
is 7.
ES
is 0,
CS
is 1, SS
is 2,
DS
is 3, FS
is 4, and
GS
is 5.
ST0
is 0,
ST1
is 1, ST2
is 2,
ST3
is 3, ST4
is 4,
ST5
is 5, ST6
is 6, and
ST7
is 7.
MM0
is 0,
MM1
is 1, MM2
is 2,
MM3
is 3, MM4
is 4,
MM5
is 5, MM6
is 6, and
MM7
is 7.
CR0
is 0,
CR2
is 2, CR3
is 3, and
CR4
is 4.
DR0
is 0,
DR1
is 1, DR2
is 2,
DR3
is 3, DR6
is 6, and
DR7
is 7.
TR3
is 3,
TR4
is 4, TR5
is 5,
TR6
is 6, and TR7
is 7.
(Note that wherever a register name contains a number, that number is also the register value for that register.)
The available condition codes are given here, along with their numeric representations as part of opcodes. Many of these condition codes have synonyms, so several will be listed at a time.
In the following descriptions, the word `either', when applied to two possible trigger conditions, is used to mean `either or both'. If `either but not both' is meant, the phrase `exactly one of' is used.
O
is 0 (trigger if the overflow flag is set);
NO
is 1.
B
, C
and
NAE
are 2 (trigger if the carry flag is set);
AE
, NB
and
NC
are 3.
E
and Z
are 4 (trigger
if the zero flag is set); NE
and
NZ
are 5.
BE
and NA
are 6
(trigger if either of the carry or zero flags is set);
A
and NBE
are 7.
S
is 8 (trigger if the sign flag is set);
NS
is 9.
P
and PE
are 10
(trigger if the parity flag is set); NP
and
PO
are 11.
L
and NGE
are 12
(trigger if exactly one of the sign and overflow flags is set);
GE
and NL
are 13.
LE
and NG
are 14
(trigger if either the zero flag is set, or exactly one of the sign and
overflow flags is set); G
and
NLE
are 15. Note that in all cases, the sense of a condition code may be reversed by changing the low bit of the numeric representation.
An effective address is encoded in up to three parts: a ModR/M byte, an optional SIB byte, and an optional byte, word or doubleword displacement field.
The ModR/M byte consists of three fields: the
field, ranging from 0 to 3, in the upper two bits of the byte, the
field, ranging from 0 to 7, in the lower three
bits, and the spare (register) field in the middle (bit 3 to bit 5). The spare
field is not relevant to the effective address being encoded, and either
contains an extension to the instruction opcode or the register value of another
operand.
The ModR/M system can be used to encode a direct register reference rather
than a memory access. This is always done by setting the
field to 3 and the
field to the register value of the register in question (it must be a
general-purpose register, and the size of the register must already be implicit
in the encoding of the rest of the instruction). In this case, the SIB byte and
displacement field are both absent.
In 16-bit addressing mode (either
with no
prefix, or
with a
prefix), the SIB byte is never used. The general
rules for
and
(there
is an exception, given below) are:
mod
field gives the length of the
displacement field: 0 means no displacement, 1 means one byte, and 2 means two
bytes.
r/m
field encodes the combination of
registers to be added to the displacement to give the accessed address: 0
means BX+SI
, 1 means
BX+DI
, 2 means BP+SI
, 3
means BP+DI
, 4 means SI
only, 5 means DI
only, 6 means
BP
only, and 7 means BX
only. However, there is a special case:
mod
is 0 and r/m
is
6, the effective address encoded is not [BP]
as the
above rules would suggest, but instead [disp16]
: the
displacement field is present and is two bytes long, and no registers are
added to the displacement. Therefore the effective address
cannot be
encoded as efficiently as
; so if you code
in a program, NASM adds a notional 8-bit zero
displacement, and sets
to 1,
to 6, and the one-byte displacement field to 0.
In 32-bit addressing mode (either
with a
prefix, or
with
no
prefix) the general rules (again, there are
exceptions) for
and
are:
mod
field gives the length of the
displacement field: 0 means no displacement, 1 means one byte, and 2 means
four bytes.
ESP
, the r/m
field gives
its register value, and the SIB byte is absent. If the
r/m
field is 4 (which would encode
ESP
), the SIB byte is present and gives the
combination and scaling of registers to be added to the displacement. If the SIB byte is present, it describes the combination of registers (an
optional base register, and an optional index register scaled by multiplication
by 1, 2, 4 or 8) to be added to the displacement. The SIB byte is divided into
the
field, in the top two bits, the
field in the next three, and the
field in the bottom three. The general rules are:
base
field encodes the register value of the
base register.
index
field encodes the register value of
the index register, unless it is 4, in which case no index register is used
(so ESP
cannot be used as an index register).
scale
field encodes the multiplier by which
the index register is scaled before adding it to the base and displacement: 0
encodes a multiplier of 1, 1 encodes 2, 2 encodes 4 and 3 encodes 8. The exceptions to the 32-bit encoding rules are:
mod
is 0 and r/m
is
5, the effective address encoded is not [EBP]
as the
above rules would suggest, but instead [disp32]
: the
displacement field is present and is four bytes long, and no registers are
added to the displacement.
mod
is 0, r/m
is 4
(meaning the SIB byte is present) and base
is 4, the
effective address encoded is not [EBP+index]
as the
above rules would suggest, but instead
[disp32+index]
: the displacement field is present
and is four bytes long, and there is no base register (but the index register
is still processed in the normal way). Given along with each instruction in this appendix is a set of flags, denoting the type of the instruction. The types are as follows:
8086
, 186
,
286
, 386
,
486
, PENT
and
P6
denote the lowest processor type that supports
the instruction. Most instructions run on all processors above the given type;
those that do not are documented. The Pentium II contains no additional
instructions beyond the P6 (Pentium Pro); from the point of view of its
instruction set, it can be thought of as a P6 with MMX capability.
CYRIX
indicates that the instruction is specific
to Cyrix processors, for example the extra MMX instructions in the Cyrix
extended MMX instruction set.
FPU
indicates that the instruction is a
floating-point one, and will only run on machines with a coprocessor
(automatically including 486DX, Pentium and above).
MMX
indicates that the instruction is an MMX
one, and will run on MMX-capable Pentium processors and the Pentium II.
PRIV
indicates that the instruction is a
protected-mode management instruction. Many of these may only be used in
protected mode, or only at privilege level zero.
UNDOC
indicates that the instruction is an
undocumented one, and not part of the official Intel Architecture; it may or
may not be supported on any given machine. AAA
,
AAS
, AAM
,
AAD
: ASCII AdjustmentsAAA ; 37 [8086]
AAS ; 3F [8086]
AAD ; D5 0A [8086] AAD imm ; D5 ib [8086]
AAM ; D4 0A [8086] AAM imm ; D4 ib [8086]
These instructions are used in conjunction with the add, subtract, multiply
and divide instructions to perform binary-coded decimal arithmetic in
unpacked (one BCD digit per byte - easy to translate to and from ASCII,
hence the instruction names) form. There are also packed BCD instructions
and
: see section
A.23.
should be used after a one-byte
instruction whose destination was the
register: by means of examining the value in the
low nibble of
and also the auxiliary carry flag
, it determines whether the addition has overflowed,
and adjusts it (and sets the carry flag) if so. You can add long BCD strings
together by doing
/
on
the low digits, then doing
/
on each subsequent
digit.
works similarly to
, but is for use after
instructions rather than
.
is for use after you have multiplied two
decimal digits together and left the result in
: it
divides
by ten and stores the quotient in
, leaving the remainder in
. The divisor 10 can be changed by specifying an
operand to the instruction: a particularly handy use of this is
, causing the two nibbles in
to be
separated into
and
.
performs the inverse operation to
: it multiplies
by
ten, adds it to
, and sets
to zero. Again, the multiplier 10 can be changed.
ADC
: Add with
CarryADC r/m8,reg8 ; 10 /r [8086] ADC r/m16,reg16 ; o16 11 /r [8086] ADC r/m32,reg32 ; o32 11 /r [386]
ADC reg8,r/m8 ; 12 /r [8086] ADC reg16,r/m16 ; o16 13 /r [8086] ADC reg32,r/m32 ; o32 13 /r [386]
ADC r/m8,imm8 ; 80 /2 ib [8086] ADC r/m16,imm16 ; o16 81 /2 iw [8086] ADC r/m32,imm32 ; o32 81 /2 id [386]
ADC r/m16,imm8 ; o16 83 /2 ib [8086] ADC r/m32,imm8 ; o32 83 /2 ib [386]
ADC AL,imm8 ; 14 ib [8086] ADC AX,imm16 ; o16 15 iw [8086] ADC EAX,imm32 ; o32 15 id [386]
performs integer addition: it adds its two
operands together, plus the value of the carry flag, and leaves the result in
its destination (first) operand. The flags are set according to the result of
the operation: in particular, the carry flag is affected and can be used by a
subsequent
instruction.
In the forms with an 8-bit immediate second operand and a longer first
operand, the second operand is considered to be signed, and is sign-extended to
the length of the first operand. In these cases, the
qualifier is necessary to force NASM to generate
this form of the instruction.
To add two numbers without also adding the contents of the carry flag, use
(section
A.6).
ADD
: Add IntegersADD r/m8,reg8 ; 00 /r [8086] ADD r/m16,reg16 ; o16 01 /r [8086] ADD r/m32,reg32 ; o32 01 /r [386]
ADD reg8,r/m8 ; 02 /r [8086] ADD reg16,r/m16 ; o16 03 /r [8086] ADD reg32,r/m32 ; o32 03 /r [386]
ADD r/m8,imm8 ; 80 /0 ib [8086] ADD r/m16,imm16 ; o16 81 /0 iw [8086] ADD r/m32,imm32 ; o32 81 /0 id [386]
ADD r/m16,imm8 ; o16 83 /0 ib [8086] ADD r/m32,imm8 ; o32 83 /0 ib [386]
ADD AL,imm8 ; 04 ib [8086] ADD AX,imm16 ; o16 05 iw [8086] ADD EAX,imm32 ; o32 05 id [386]
performs integer addition: it adds its two
operands together, and leaves the result in its destination (first) operand. The
flags are set according to the result of the operation: in particular, the carry
flag is affected and can be used by a subsequent
instruction (section
A.5).
In the forms with an 8-bit immediate second operand and a longer first
operand, the second operand is considered to be signed, and is sign-extended to
the length of the first operand. In these cases, the
qualifier is necessary to force NASM to generate
this form of the instruction.
AND
: Bitwise ANDAND r/m8,reg8 ; 20 /r [8086] AND r/m16,reg16 ; o16 21 /r [8086] AND r/m32,reg32 ; o32 21 /r [386]
AND reg8,r/m8 ; 22 /r [8086] AND reg16,r/m16 ; o16 23 /r [8086] AND reg32,r/m32 ; o32 23 /r [386]
AND r/m8,imm8 ; 80 /4 ib [8086] AND r/m16,imm16 ; o16 81 /4 iw [8086] AND r/m32,imm32 ; o32 81 /4 id [386]
AND r/m16,imm8 ; o16 83 /4 ib [8086] AND r/m32,imm8 ; o32 83 /4 ib [386]
AND AL,imm8 ; 24 ib [8086] AND AX,imm16 ; o16 25 iw [8086] AND EAX,imm32 ; o32 25 id [386]
performs a bitwise AND operation between its
two operands (i.e. each bit of the result is 1 if and only if the corresponding
bits of the two inputs were both 1), and stores the result in the destination
(first) operand.
In the forms with an 8-bit immediate second operand and a longer first
operand, the second operand is considered to be signed, and is sign-extended to
the length of the first operand. In these cases, the
qualifier is necessary to force NASM to generate
this form of the instruction.
The MMX instruction
(see section
A.116) performs the same operation on the 64-bit MMX registers.
ARPL
: Adjust RPL Field of
SelectorARPL r/m16,reg16 ; 63 /r [286,PRIV]
expects its two word operands to be segment
selectors. It adjusts the RPL (requested privilege level - stored in the bottom
two bits of the selector) field of the destination (first) operand to ensure
that it is no less (i.e. no more privileged than) the RPL field of the source
operand. The zero flag is set if and only if a change had to be made.
BOUND
: Check Array Index
against BoundsBOUND reg16,mem ; o16 62 /r [186] BOUND reg32,mem ; o32 62 /r [386]
expects its second operand to point to an
area of memory containing two signed values of the same size as its first
operand (i.e. two words for the 16-bit form; two doublewords for the 32-bit
form). It performs two signed comparisons: if the value in the register passed
as its first operand is less than the first of the in-memory values, or is
greater than or equal to the second, it throws a BR exception. Otherwise, it
does nothing.
BSF
,
BSR
: Bit ScanBSF reg16,r/m16 ; o16 0F BC /r [386] BSF reg32,r/m32 ; o32 0F BC /r [386]
BSR reg16,r/m16 ; o16 0F BD /r [386] BSR reg32,r/m32 ; o32 0F BD /r [386]
searches for a set bit in its source (second)
operand, starting from the bottom, and if it finds one, stores the index in its
destination (first) operand. If no set bit is found, the contents of the
destination operand are undefined.
performs the same function, but searches from
the top instead, so it finds the most significant set bit.
Bit indices are from 0 (least significant) to 15 or 31 (most significant).
BSWAP
: Byte
SwapBSWAP reg32 ; o32 0F C8+r [486]
swaps the order of the four bytes of a 32-bit
register: bits 0-7 exchange places with bits 24-31, and bits 8-15 swap with bits
16-23. There is no explicit 16-bit equivalent: to byte-swap
,
,
or
,
can be used.
BT
,
BTC
, BTR
,
BTS
: Bit TestBT r/m16,reg16 ; o16 0F A3 /r [386] BT r/m32,reg32 ; o32 0F A3 /r [386] BT r/m16,imm8 ; o16 0F BA /4 ib [386] BT r/m32,imm8 ; o32 0F BA /4 ib [386]
BTC r/m16,reg16 ; o16 0F BB /r [386] BTC r/m32,reg32 ; o32 0F BB /r [386] BTC r/m16,imm8 ; o16 0F BA /7 ib [386] BTC r/m32,imm8 ; o32 0F BA /7 ib [386]
BTR r/m16,reg16 ; o16 0F B3 /r [386] BTR r/m32,reg32 ; o32 0F B3 /r [386] BTR r/m16,imm8 ; o16 0F BA /6 ib [386] BTR r/m32,imm8 ; o32 0F BA /6 ib [386]
BTS r/m16,reg16 ; o16 0F AB /r [386] BTS r/m32,reg32 ; o32 0F AB /r [386] BTS r/m16,imm ; o16 0F BA /5 ib [386] BTS r/m32,imm ; o32 0F BA /5 ib [386]
These instructions all test one bit of their first operand, whose index is given by the second operand, and store the value of that bit into the carry flag. Bit indices are from 0 (least significant) to 15 or 31 (most significant).
In addition to storing the original value of the bit into the carry flag,
also resets (clears) the bit in the operand
itself.
sets the bit, and
complements the bit.
does not modify its operands.
The bit offset should be no greater than the size of the operand.
CALL
: Call
SubroutineCALL imm ; E8 rw/rd [8086] CALL imm:imm16 ; o16 9A iw iw [8086] CALL imm:imm32 ; o32 9A id iw [386] CALL FAR mem16 ; o16 FF /3 [8086] CALL FAR mem32 ; o32 FF /3 [386] CALL r/m16 ; o16 FF /2 [8086] CALL r/m32 ; o32 FF /2 [386]
calls a subroutine, by means of pushing the
current instruction pointer (
) and optionally
as well on the stack, and then jumping to a given
address.
is pushed as well as
if and only if the call is a far call, i.e. a
destination segment address is specified in the instruction. The forms involving
two colon-separated arguments are far calls; so are the
forms.
You can choose between the two immediate far call forms (
) by the use of the
and
keywords:
) or
.
The
forms execute a far call by
loading the destination address out of memory. The address loaded consists of 16
or 32 bits of offset (depending on the operand size), and 16 bits of segment.
The operand size may be overridden using
or
.
The
forms execute a near call (within the
same segment), loading the destination address out of memory or out of a
register. The keyword
may be specified, for
clarity, in these forms, but is not necessary. Again, operand size can be
overridden using
or
.
As a convenience, NASM does not require you to call a far procedure symbol by
coding the cumbersome
, but
instead allows the easier synonym
.
The
forms given above are near calls; NASM
will accept the
keyword (e.g.
), even though it is not strictly necessary.
CBW
,
CWD
, CDQ
,
CWDE
: Sign ExtensionsCBW ; o16 98 [8086] CWD ; o16 99 [8086] CDQ ; o32 99 [386] CWDE ; o32 98 [386]
All these instructions sign-extend a short value into a longer one, by replicating the top bit of the original value to fill the extended one.
extends
into
by repeating the top bit of
in every bit of
.
extends
into
by repeating the top bit of
throughout
.
extends
into
, and
extends
into
.
CLC
,
CLD
, CLI
,
CLTS
: Clear FlagsCLC ; F8 [8086] CLD ; FC [8086] CLI ; FA [8086] CLTS ; 0F 06 [286,PRIV]
These instructions clear various flags.
clears
the carry flag;
clears the direction flag;
clears the interrupt flag (thus disabling
interrupts); and
clears the task-switched
(
) flag in
.
To set the carry, direction, or interrupt flags, use the
,
and
instructions (section
A.156). To invert the carry flag, use
(section
A.16).
CMC
: Complement Carry
FlagCMC ; F5 [8086]
changes the value of the carry flag: if it was
0, it sets it to 1, and vice versa.
CMOVcc
: Conditional
MoveCMOVcc reg16,r/m16 ; o16 0F 40+cc /r [P6] CMOVcc reg32,r/m32 ; o32 0F 40+cc /r [P6]
moves its source (second) operand into its
destination (first) operand if the given condition code is satisfied; otherwise
it does nothing.
For a list of condition codes, see section A.2.2.
Although the
instructions are flagged
above, they may not be supported by all Pentium Pro
processors; the
instruction (section
A.22) will return a bit which indicates whether conditional moves are
supported.
CMP
: Compare
IntegersCMP r/m8,reg8 ; 38 /r [8086] CMP r/m16,reg16 ; o16 39 /r [8086] CMP r/m32,reg32 ; o32 39 /r [386]
CMP reg8,r/m8 ; 3A /r [8086] CMP reg16,r/m16 ; o16 3B /r [8086] CMP reg32,r/m32 ; o32 3B /r [386]
CMP r/m8,imm8 ; 80 /0 ib [8086] CMP r/m16,imm16 ; o16 81 /0 iw [8086] CMP r/m32,imm32 ; o32 81 /0 id [386]
CMP r/m16,imm8 ; o16 83 /0 ib [8086] CMP r/m32,imm8 ; o32 83 /0 ib [386]
CMP AL,imm8 ; 3C ib [8086] CMP AX,imm16 ; o16 3D iw [8086] CMP EAX,imm32 ; o32 3D id [386]
performs a `mental' subtraction of its second
operand from its first operand, and affects the flags as if the subtraction had
taken place, but does not store the result of the subtraction anywhere.
In the forms with an 8-bit immediate second operand and a longer first
operand, the second operand is considered to be signed, and is sign-extended to
the length of the first operand. In these cases, the
qualifier is necessary to force NASM to generate
this form of the instruction.
CMPSB
,
CMPSW
, CMPSD
: Compare
StringsCMPSB ; A6 [8086] CMPSW ; o16 A7 [8086] CMPSD ; o32 A7 [386]
compares the byte at
or
with the
byte at
or
,
and sets the flags accordingly. It then increments or decrements (depending on
the direction flag: increments if the flag is clear, decrements if it is set)
and
(or
and
).
The registers used are
and
if the address size is 16 bits, and
and
if it is 32
bits. If you need to use an address size not equal to the current
setting, you can use an explicit
or
prefix.
The segment register used to load from
or
can be overridden by using a segment register
name as a prefix (for example,
). The use of
for the load from
or
cannot be overridden.
and
work in
the same way, but they compare a word or a doubleword instead of a byte, and
increment or decrement the addressing registers by 2 or 4 instead of 1.
The
and
prefixes (equivalently,
and
) may be used to repeat the instruction up to
(or
- again, the
address size chooses which) times until the first unequal or equal byte is
found.
CMPXCHG
,
CMPXCHG486
: Compare and ExchangeCMPXCHG r/m8,reg8 ; 0F B0 /r [PENT] CMPXCHG r/m16,reg16 ; o16 0F B1 /r [PENT] CMPXCHG r/m32,reg32 ; o32 0F B1 /r [PENT]
CMPXCHG486 r/m8,reg8 ; 0F A6 /r [486,UNDOC] CMPXCHG486 r/m16,reg16 ; o16 0F A7 /r [486,UNDOC] CMPXCHG486 r/m32,reg32 ; o32 0F A7 /r [486,UNDOC]
These two instructions perform exactly the same operation; however,
apparently some (not all) 486 processors support it under a non-standard opcode,
so NASM provides the undocumented
form to
generate the non-standard opcode.
compares its destination (first) operand to
the value in
,
or
(depending on the size of the instruction). If
they are equal, it copies its source (second) operand into the destination and
sets the zero flag. Otherwise, it clears the zero flag and leaves the
destination alone.
is intended to be used for atomic
operations in multitasking or multiprocessor environments. To safely update a
value in shared memory, for example, you might load the value into
, load the updated value into
, and then execute the instruction
. If
has not
changed since being loaded, it is updated with your desired new value, and the
zero flag is set to let you know it has worked. (The
prefix prevents another processor doing anything
in the middle of this operation: it guarantees atomicity.) However, if another
processor has modified the value in between your load and your attempted store,
the store does not happen, and you are notified of the failure by a cleared zero
flag, so you can go round and try again.
CMPXCHG8B
: Compare and
Exchange Eight BytesCMPXCHG8B mem ; 0F C7 /1 [PENT]
This is a larger and more unwieldy version of
: it compares the 64-bit (eight-byte) value
stored at
with the value in
. If they are equal, it sets the zero flag and
stores
into the memory area. If they are
unequal, it clears the zero flag and leaves the memory area untouched.
CPUID
: Get CPU
Identification CodeCPUID ; 0F A2 [PENT]
returns various information about the
processor it is being executed on. It fills the four registers
,
,
and
with
information, which varies depending on the input contents of
.
also acts as a barrier to serialise
instruction execution: executing the
instruction
guarantees that all the effects (memory modification, flag modification,
register modification) of previous instructions have been completed before the
next instruction gets fetched.
The information returned is as follows:
EAX
is zero on input,
EAX
on output holds the maximum acceptable input
value of EAX
, and
EBX:EDX:ECX
contain the string
"GenuineIntel"
(or not, if you have a clone
processor). That is to say, EBX
contains
"Genu"
(in NASM's own sense of character constants,
described in section
3.4.2), EDX
contains
"ineI"
and ECX
contains
"ntel"
.
EAX
is one on input,
EAX
on output contains version information about the
processor, and EDX
contains a set of feature flags,
showing the presence and absence of various features. For example, bit 8 is
set if the CMPXCHG8B
instruction (section
A.21) is supported, bit 15 is set if the conditional move instructions (section
A.17 and section
A.34) are supported, and bit 23 is set if MMX instructions are supported.
EAX
is two on input,
EAX
, EBX
,
ECX
and EDX
all contain
information about caches and TLBs (Translation Lookahead Buffers). For more information on the data returned from
, see the documentation on Intel's web site.
DAA
,
DAS
: Decimal AdjustmentsDAA ; 27 [8086] DAS ; 2F [8086]
These instructions are used in conjunction with the add and subtract instructions to perform binary-coded decimal arithmetic in packed (one BCD digit per nibble) form. For the unpacked equivalents, see section A.4.
should be used after a one-byte
instruction whose destination was the
register: by means of examining the value in the
and also the auxiliary carry flag
, it determines whether either digit of the addition
has overflowed, and adjusts it (and sets the carry and auxiliary-carry flags) if
so. You can add long BCD strings together by doing
/
on the low two
digits, then doing
/
on each subsequent pair of digits.
works similarly to
, but is for use after
instructions rather than
.
DEC
: Decrement
IntegerDEC reg16 ; o16 48+r [8086] DEC reg32 ; o32 48+r [386] DEC r/m8 ; FE /1 [8086] DEC r/m16 ; o16 FF /1 [8086] DEC r/m32 ; o32 FF /1 [386]
subtracts 1 from its operand. It does
not affect the carry flag: to affect the carry flag, use
(see section
A.159). See also
(section
A.79).
DIV
: Unsigned Integer
DivideDIV r/m8 ; F6 /6 [8086] DIV r/m16 ; o16 F7 /6 [8086] DIV r/m32 ; o32 F7 /6 [386]
performs unsigned integer division. The
explicit operand provided is the divisor; the dividend and destination operands
are implicit, in the following way:
DIV r/m8
, AX
is
divided by the given operand; the quotient is stored in
AL
and the remainder in
AH
.
DIV r/m16
, DX:AX
is divided by the given operand; the quotient is stored in
AX
and the remainder in
DX
.
DIV r/m32
, EDX:EAX
is divided by the given operand; the quotient is stored in
EAX
and the remainder in
EDX
. Signed integer division is performed by the
instruction: see section
A.76.
EMMS
: Empty MMX
StateEMMS ; 0F 77 [PENT,MMX]
sets the FPU tag word (marking which
floating-point registers are available) to all ones, meaning all registers are
available for the FPU to use. It should be used after executing MMX instructions
and before executing any subsequent floating-point operations.
ENTER
: Create Stack
FrameENTER imm,imm ; C8 iw ib [186]
constructs a stack frame for a high-level
language procedure call. The first operand (the
in
the opcode definition above refers to the first operand) gives the amount of
stack space to allocate for local variables; the second (the
above) gives the nesting level of the procedure
(for languages like Pascal, with nested procedures).
The function of
, with a nesting level of
zero, is equivalent to
PUSH EBP ; or PUSH BP in 16 bits MOV EBP,ESP ; or MOV BP,SP in 16 bits SUB ESP,operand1 ; or SUB SP,operand1 in 16 bits
This creates a stack frame with the procedure parameters accessible upwards
from
, and local variables accessible downwards
from
.
With a nesting level of one, the stack frame created is 4 (or 2) bytes
bigger, and the value of the final frame pointer
is accessible in memory at
.
This allows
, when called with a nesting level
of two, to look at the stack frame described by the previous value of
, find the frame pointer at offset -4 from that,
and push it along with its new frame pointer, so that when a level-two procedure
is called from within a level-one procedure,
holds the frame pointer of the most recent level-one procedure call and
holds that of the most recent level-two call.
And so on, for nesting levels up to 31.
Stack frames created by
can be destroyed by
the
instruction: see section
A.94.
F2XM1
: Calculate
2**X-1F2XM1 ; D9 F0 [8086,FPU]
raises 2 to the power of
, subtracts one, and stores the result back into
. The initial contents of
must be a number in the range -1 to +1.
FABS
: Floating-Point
Absolute ValueFABS ; D9 E1 [8086,FPU]
computes the absolute value of
, storing the result back in
.
FADD
,
FADDP
: Floating-Point AdditionFADD mem32 ; D8 /0 [8086,FPU] FADD mem64 ; DC /0 [8086,FPU]
FADD fpureg ; D8 C0+r [8086,FPU] FADD ST0,fpureg ; D8 C0+r [8086,FPU]
FADD TO fpureg ; DC C0+r [8086,FPU] FADD fpureg,ST0 ; DC C0+r [8086,FPU]
FADDP fpureg ; DE C0+r [8086,FPU] FADDP fpureg,ST0 ; DE C0+r [8086,FPU]
, given one operand, adds the operand to
and stores the result back in
. If the operand has the
modifier, the result is stored in the register
given rather than in
.
performs the same function as
, but pops the register stack after storing the
result.
The given two-operand forms are synonyms for the one-operand forms.
FBLD
,
FBSTP
: BCD Floating-Point Load and StoreFBLD mem80 ; DF /4 [8086,FPU] FBSTP mem80 ; DF /6 [8086,FPU]
loads an 80-bit (ten-byte) packed binary-coded
decimal number from the given memory address, converts it to a real, and pushes
it on the register stack.
stores the value of
, in packed BCD, at the given address and then pops
the register stack.
FCHS
: Floating-Point
Change SignFCHS ; D9 E0 [8086,FPU]
negates the number in
: negative numbers become positive, and vice versa.
FCLEX
, {FNCLEX}: Clear
Floating-Point ExceptionsFCLEX ; 9B DB E2 [8086,FPU] FNCLEX ; DB E2 [8086,FPU]
clears any floating-point exceptions which
may be pending.
does the same thing but doesn't
wait for previous floating-point operations (including the handling of
pending exceptions) to finish first.
FCMOVcc
: Floating-Point
Conditional MoveFCMOVB fpureg ; DA C0+r [P6,FPU] FCMOVB ST0,fpureg ; DA C0+r [P6,FPU]
FCMOVBE fpureg ; DA D0+r [P6,FPU] FCMOVBE ST0,fpureg ; DA D0+r [P6,FPU]
FCMOVE fpureg ; DA C8+r [P6,FPU] FCMOVE ST0,fpureg ; DA C8+r [P6,FPU]
FCMOVNB fpureg ; DB C0+r [P6,FPU] FCMOVNB ST0,fpureg ; DB C0+r [P6,FPU]
FCMOVNBE fpureg ; DB D0+r [P6,FPU] FCMOVNBE ST0,fpureg ; DB D0+r [P6,FPU]
FCMOVNE fpureg ; DB C8+r [P6,FPU] FCMOVNE ST0,fpureg ; DB C8+r [P6,FPU]
FCMOVNU fpureg ; DB D8+r [P6,FPU] FCMOVNU ST0,fpureg ; DB D8+r [P6,FPU]
FCMOVU fpureg ; DA D8+r [P6,FPU] FCMOVU ST0,fpureg ; DA D8+r [P6,FPU]
The
instructions perform conditional move
operations: each of them moves the contents of the given register into
if its condition is satisfied, and does nothing if
not.
The conditions are not the same as the standard condition codes used with
conditional jump instructions. The conditions
,
,
,
,
and
are exactly as normal, but none of the other
standard ones are supported. Instead, the condition
and its counterpart
are provided; the
condition is satisfied if the last two
floating-point numbers compared were unordered, i.e. they were not
equal but neither one could be said to be greater than the other, for example if
they were NaNs. (The flag state which signals this is the setting of the parity
flag: so the
condition is notionally equivalent to
, and
is equivalent to
.)
The
conditions test the main processor's
status flags, not the FPU status flags, so using
directly after
will not work. Instead, you should
either use
which writes directly to the main CPU
flags word, or use
to extract the FPU flags.
Although the
instructions are flagged
above, they may not be supported by all Pentium Pro
processors; the
instruction (section
A.22) will return a bit which indicates whether conditional moves are
supported.
FCOM
,
FCOMP
, FCOMPP
,
FCOMI
, FCOMIP
:
Floating-Point CompareFCOM mem32 ; D8 /2 [8086,FPU] FCOM mem64 ; DC /2 [8086,FPU] FCOM fpureg ; D8 D0+r [8086,FPU] FCOM ST0,fpureg ; D8 D0+r [8086,FPU]
FCOMP mem32 ; D8 /3 [8086,FPU] FCOMP mem64 ; DC /3 [8086,FPU] FCOMP fpureg ; D8 D8+r [8086,FPU] FCOMP ST0,fpureg ; D8 D8+r [8086,FPU]
FCOMPP ; DE D9 [8086,FPU]
FCOMI fpureg ; DB F0+r [P6,FPU] FCOMI ST0,fpureg ; DB F0+r [P6,FPU]
FCOMIP fpureg ; DF F0+r [P6,FPU] FCOMIP ST0,fpureg ; DF F0+r [P6,FPU]
compares
with
the given operand, and sets the FPU flags accordingly.
is treated as the left-hand side of the
comparison, so that the carry flag is set (for a `less-than' result) if
is less than the given operand.
does the same as
, but pops the register stack afterwards.
compares
with
and then pops the register stack twice.
and
work
like the corresponding forms of
and
, but write their results directly to the CPU
flags register rather than the FPU status word, so they can be immediately
followed by conditional jump or conditional move instructions.
The
instructions differ from the
instructions (section
A.69) only in the way they handle quiet NaNs:
will handle them silently and set the condition
code flags to an `unordered' result, whereas
will
generate an exception.
FCOS
: CosineFCOS ; D9 FF [386,FPU]
computes the cosine of
(in radians), and stores the result in
. See also
(section
A.61).
FDECSTP
: Decrement
Floating-Point Stack PointerFDECSTP ; D9 F6 [8086,FPU]
decrements the `top' field in the
floating-point status word. This has the effect of rotating the FPU register
stack by one, as if the contents of
had been
pushed on the stack. See also
(section
A.46).
FxDISI
,
FxENI
: Disable and Enable Floating-Point
InterruptsFDISI ; 9B DB E1 [8086,FPU] FNDISI ; DB E1 [8086,FPU]
FENI ; 9B DB E0 [8086,FPU] FNENI ; DB E0 [8086,FPU]
and
disable
and enable floating-point interrupts. These instructions are only meaningful on
original 8087 processors: the 287 and above treat them as no-operation
instructions.
and
do the
same thing as
and
respectively, but without waiting for the floating-point processor to finish
what it was doing first.
FDIV
,
FDIVP
, FDIVR
,
FDIVRP
: Floating-Point DivisionFDIV mem32 ; D8 /6 [8086,FPU] FDIV mem64 ; DC /6 [8086,FPU]
FDIV fpureg ; D8 F0+r [8086,FPU] FDIV ST0,fpureg ; D8 F0+r [8086,FPU]
FDIV TO fpureg ; DC F8+r [8086,FPU] FDIV fpureg,ST0 ; DC F8+r [8086,FPU]
FDIVR mem32 ; D8 /0 [8086,FPU] FDIVR mem64 ; DC /0 [8086,FPU]
FDIVR fpureg ; D8 F8+r [8086,FPU] FDIVR ST0,fpureg ; D8 F8+r [8086,FPU]
FDIVR TO fpureg ; DC F0+r [8086,FPU] FDIVR fpureg,ST0 ; DC F0+r [8086,FPU]
FDIVP fpureg ; DE F8+r [8086,FPU] FDIVP fpureg,ST0 ; DE F8+r [8086,FPU]
FDIVRP fpureg ; DE F0+r [8086,FPU] FDIVRP fpureg,ST0 ; DE F0+r [8086,FPU]
divides
by the
given operand and stores the result back in
,
unless the
qualifier is given, in which case it
divides the given operand by
and stores the result
in the operand.
does the same thing, but does the division
the other way up: so if
is not given, it divides
the given operand by
and stores the result in
, whereas if
is given
it divides
by its operand and stores the result in
the operand.
operates like
, but pops the register stack once it has finished.
operates like
, but pops the register stack once it has finished.
FFREE
: Flag
Floating-Point Register as UnusedFFREE fpureg ; DD C0+r [8086,FPU]
marks the given register as being empty.
FIADD
:
Floating-Point/Integer AdditionFIADD mem16 ; DE /0 [8086,FPU] FIADD mem32 ; DA /0 [8086,FPU]
adds the 16-bit or 32-bit integer stored in
the given memory location to
, storing the result
in
.
FICOM
,
FICOMP
: Floating-Point/Integer CompareFICOM mem16 ; DE /2 [8086,FPU] FICOM mem32 ; DA /2 [8086,FPU]
FICOMP mem16 ; DE /3 [8086,FPU] FICOMP mem32 ; DA /3 [8086,FPU]
compares
with
the 16-bit or 32-bit integer stored in the given memory location, and sets the
FPU flags accordingly.
does the same, but pops
the register stack afterwards.
FIDIV
,
FIDIVR
: Floating-Point/Integer DivisionFIDIV mem16 ; DE /6 [8086,FPU] FIDIV mem32 ; DA /6 [8086,FPU]
FIDIVR mem16 ; DE /0 [8086,FPU] FIDIVR mem32 ; DA /0 [8086,FPU]
divides
by the
16-bit or 32-bit integer stored in the given memory location, and stores the
result in
.
does
the division the other way up: it divides the integer by
, but still stores the result in
.
FILD
,
FIST
, FISTP
:
Floating-Point/Integer ConversionFILD mem16 ; DF /0 [8086,FPU] FILD mem32 ; DB /0 [8086,FPU] FILD mem64 ; DF /5 [8086,FPU]
FIST mem16 ; DF /2 [8086,FPU] FIST mem32 ; DB /2 [8086,FPU]
FISTP mem16 ; DF /3 [8086,FPU] FISTP mem32 ; DB /3 [8086,FPU] FISTP mem64 ; DF /0 [8086,FPU]
loads an integer out of a memory location,
converts it to a real, and pushes it on the FPU register stack.
converts
to an
integer and stores that in memory;
does the same
as
, but pops the register stack afterwards.
FIMUL
:
Floating-Point/Integer MultiplicationFIMUL mem16 ; DE /1 [8086,FPU] FIMUL mem32 ; DA /1 [8086,FPU]
multiplies
by
the 16-bit or 32-bit integer stored in the given memory location, and stores the
result in
.
FINCSTP
: Increment
Floating-Point Stack PointerFINCSTP ; D9 F7 [8086,FPU]
increments the `top' field in the
floating-point status word. This has the effect of rotating the FPU register
stack by one, as if the register stack had been popped; however, unlike the
popping of the stack performed by many FPU instructions, it does not flag the
new
(previously
) as
empty. See also
(section
A.37).
FINIT
,
FNINIT
: Initialise Floating-Point UnitFINIT ; 9B DB E3 [8086,FPU] FNINIT ; DB E3 [8086,FPU]
initialises the FPU to its default state. It
flags all registers as empty, though it does not actually change their values.
does the same, without first waiting for
pending exceptions to clear.
FISUB
:
Floating-Point/Integer SubtractionFISUB mem16 ; DE /4 [8086,FPU] FISUB mem32 ; DA /4 [8086,FPU]
FISUBR mem16 ; DE /5 [8086,FPU] FISUBR mem32 ; DA /5 [8086,FPU]
subtracts the 16-bit or 32-bit integer stored
in the given memory location from
, and stores the
result in
.
does
the subtraction the other way round, i.e. it subtracts
from the given integer, but still stores the
result in
.
FLD
: Floating-Point
LoadFLD mem32 ; D9 /0 [8086,FPU] FLD mem64 ; DD /0 [8086,FPU] FLD mem80 ; DB /5 [8086,FPU] FLD fpureg ; D9 C0+r [8086,FPU]
loads a floating-point value out of the given
register or memory location, and pushes it on the FPU register stack.
FLDxx
: Floating-Point
Load ConstantsFLD1 ; D9 E8 [8086,FPU] FLDL2E ; D9 EA [8086,FPU] FLDL2T ; D9 E9 [8086,FPU] FLDLG2 ; D9 EC [8086,FPU] FLDLN2 ; D9 ED [8086,FPU] FLDPI ; D9 EB [8086,FPU] FLDZ ; D9 EE [8086,FPU]
These instructions push specific standard constants on the FPU register
stack.
pushes the value 1;
pushes the base-2 logarithm of e;
pushes the base-2 log of 10;
pushes the base-10 log of 2;
pushes the base-e log of 2;
pushes pi; and
pushes zero.
FLDCW
: Load
Floating-Point Control WordFLDCW mem16 ; D9 /5 [8086,FPU]
loads a 16-bit value out of memory and stores
it into the FPU control word (governing things like the rounding mode, the
precision, and the exception masks). See also
(section
A.64).
FLDENV
: Load
Floating-Point EnvironmentFLDENV mem ; D9 /4 [8086,FPU]
loads the FPU operating environment (control
word, status word, tag word, instruction pointer, data pointer and last opcode)
from memory. The memory area is 14 or 28 bytes long, depending on the CPU mode
at the time. See also
(section
A.65).
FMUL
,
FMULP
: Floating-Point MultiplyFMUL mem32 ; D8 /1 [8086,FPU] FMUL mem64 ; DC /1 [8086,FPU]
FMUL fpureg ; D8 C8+r [8086,FPU] FMUL ST0,fpureg ; D8 C8+r [8086,FPU]
FMUL TO fpureg ; DC C8+r [8086,FPU] FMUL fpureg,ST0 ; DC C8+r [8086,FPU]
FMULP fpureg ; DE C8+r [8086,FPU] FMULP fpureg,ST0 ; DE C8+r [8086,FPU]
multiplies
by
the given operand, and stores the result in
,
unless the
qualifier is used in which case it
stores the result in the operand.
performs the
same operation as
, and then pops the register
stack.
FNOP
: Floating-Point No
OperationFNOP ; D9 D0 [8086,FPU]
does nothing.
FPATAN
,
FPTAN
: Arctangent and TangentFPATAN ; D9 F3 [8086,FPU] FPTAN ; D9 F2 [8086,FPU]
computes the arctangent, in radians, of the
result of dividing
by
, stores the result in
, and pops the register stack. It works like the C
function, in that changing the sign of both
and
changes the
output value by pi (so it performs true rectangular-to-polar coordinate
conversion, with
being the Y coordinate and
being the X coordinate, not merely an arctangent).
computes the tangent of the value in
(in radians), and stores the result back into
.
FPREM
,
FPREM1
: Floating-Point Partial RemainderFPREM ; D9 F8 [8086,FPU] FPREM1 ; D9 F5 [386,FPU]
These instructions both produce the remainder obtained by dividing
by
. This is
calculated, notionally, by dividing
by
, rounding the result to an integer, multiplying by
again, and computing the value which would need to
be added back on to the result to get back to the original value in
.
The two instructions differ in the way the notional round-to-integer
operation is performed.
does it by rounding
towards zero, so that the remainder it returns always has the same sign as the
original value in
;
does it by rounding to the nearest integer, so
that the remainder always has at most half the magnitude of
.
Both instructions calculate partial remainders, meaning that they
may not manage to provide the final result, but might leave intermediate results
in
instead. If this happens, they will set the C2
flag in the FPU status word; therefore, to calculate a remainder, you should
repeatedly execute
or
until C2 becomes clear.
FRNDINT
: Floating-Point
Round to IntegerFRNDINT ; D9 FC [8086,FPU]
rounds the contents of
to an integer, according to the current rounding
mode set in the FPU control word, and stores the result back in
.
FSAVE
,
FRSTOR
: Save/Restore Floating-Point StateFSAVE mem ; 9B DD /6 [8086,FPU] FNSAVE mem ; DD /6 [8086,FPU]
FRSTOR mem ; DD /4 [8086,FPU]
saves the entire floating-point unit state,
including all the information saved by
(section
A.65) plus the contents of all the registers, to a 94 or 108 byte area of
memory (depending on the CPU mode).
restores
the floating-point state from the same area of memory.
does the same as
, without first waiting for pending
floating-point exceptions to clear.
FSCALE
: Scale
Floating-Point Value by Power of TwoFSCALE ; D9 FD [8086,FPU]
scales a number by a power of two: it rounds
towards zero to obtain an integer, then multiplies
by two to the power of that integer, and stores
the result in
.
FSETPM
: Set Protected
ModeFSETPM ; DB E4 [286,FPU]
This instruction initalises protected mode on the 287 floating-point coprocessor. It is only meaningful on that processor: the 387 and above treat the instruction as a no-operation.
FSIN
,
FSINCOS
: Sine and CosineFSIN ; D9 FE [386,FPU] FSINCOS ; D9 FB [386,FPU]
calculates the sine of
(in radians) and stores the result in
.
does the same,
but then pushes the cosine of the same value on the register stack, so that the
sine ends up in
and the cosine in
.
is faster than
executing
and
(see
section
A.36) in succession.
FSQRT
: Floating-Point
Square RootFSQRT ; D9 FA [8086,FPU]
calculates the square root of
and stores the result in
.
FST
,
FSTP
: Floating-Point StoreFST mem32 ; D9 /2 [8086,FPU] FST mem64 ; DD /2 [8086,FPU] FST fpureg ; DD D0+r [8086,FPU]
FSTP mem32 ; D9 /3 [8086,FPU] FSTP mem64 ; DD /3 [8086,FPU] FSTP mem80 ; DB /0 [8086,FPU] FSTP fpureg ; DD D8+r [8086,FPU]
stores the value in
into the given memory location or other FPU
register.
does the same, but then pops the
register stack.
FSTCW
: Store
Floating-Point Control WordFSTCW mem16 ; 9B D9 /0 [8086,FPU] FNSTCW mem16 ; D9 /0 [8086,FPU]
stores the FPU control word (governing things
like the rounding mode, the precision, and the exception masks) into a 2-byte
memory area. See also
(section
A.51).
does the same thing as
, without first waiting for pending
floating-point exceptions to clear.
FSTENV
: Store
Floating-Point EnvironmentFSTENV mem ; 9B D9 /6 [8086,FPU] FNSTENV mem ; D9 /6 [8086,FPU]
stores the FPU operating environment
(control word, status word, tag word, instruction pointer, data pointer and last
opcode) into memory. The memory area is 14 or 28 bytes long, depending on the
CPU mode at the time. See also
(section
A.52).
does the same thing as
, without first waiting for pending
floating-point exceptions to clear.
FSTSW
: Store
Floating-Point Status WordFSTSW mem16 ; 9B DD /0 [8086,FPU] FSTSW AX ; 9B DF E0 [286,FPU]
FNSTSW mem16 ; DD /0 [8086,FPU] FNSTSW AX ; DF E0 [286,FPU]
stores the FPU status word into
or into a 2-byte memory area.
does the same thing as
, without first waiting for pending
floating-point exceptions to clear.
FSUB
,
FSUBP
, FSUBR
,
FSUBRP
: Floating-Point SubtractFSUB mem32 ; D8 /4 [8086,FPU] FSUB mem64 ; DC /4 [8086,FPU]
FSUB fpureg ; D8 E0+r [8086,FPU] FSUB ST0,fpureg ; D8 E0+r [8086,FPU]
FSUB TO fpureg ; DC E8+r [8086,FPU] FSUB fpureg,ST0 ; DC E8+r [8086,FPU]
FSUBR mem32 ; D8 /5 [8086,FPU] FSUBR mem64 ; DC /5 [8086,FPU]
FSUBR fpureg ; D8 E8+r [8086,FPU] FSUBR ST0,fpureg ; D8 E8+r [8086,FPU]
FSUBR TO fpureg ; DC E0+r [8086,FPU] FSUBR fpureg,ST0 ; DC E0+r [8086,FPU]
FSUBP fpureg ; DE E8+r [8086,FPU] FSUBP fpureg,ST0 ; DE E8+r [8086,FPU]
FSUBRP fpureg ; DE E0+r [8086,FPU] FSUBRP fpureg,ST0 ; DE E0+r [8086,FPU]
subtracts the given operand from
and stores the result back in
, unless the
qualifier
is given, in which case it subtracts
from the
given operand and stores the result in the operand.
does the same thing, but does the subtraction
the other way up: so if
is not given, it subtracts
from the given operand and stores the result in
, whereas if
is given
it subtracts its operand from
and stores the
result in the operand.
operates like
, but pops the register stack once it has finished.
operates like
, but pops the register stack once it has finished.
FTST
: Test
ST0
Against ZeroFTST ; D9 E4 [8086,FPU]
compares
with
zero and sets the FPU flags accordingly.
is
treated as the left-hand side of the comparison, so that a `less-than' result is
generated if
is negative.
FUCOMxx
: Floating-Point
Unordered CompareFUCOM fpureg ; DD E0+r [386,FPU] FUCOM ST0,fpureg ; DD E0+r [386,FPU]
FUCOMP fpureg ; DD E8+r [386,FPU] FUCOMP ST0,fpureg ; DD E8+r [386,FPU]
FUCOMPP ; DA E9 [386,FPU]
FUCOMI fpureg ; DB E8+r [P6,FPU] FUCOMI ST0,fpureg ; DB E8+r [P6,FPU]
FUCOMIP fpureg ; DF E8+r [P6,FPU] FUCOMIP ST0,fpureg ; DF E8+r [P6,FPU]
compares
with
the given operand, and sets the FPU flags accordingly.
is treated as the left-hand side of the
comparison, so that the carry flag is set (for a `less-than' result) if
is less than the given operand.
does the same as
, but pops the register stack afterwards.
compares
with
and then pops the register stack twice.
and
work
like the corresponding forms of
and
, but write their results directly to the CPU
flags register rather than the FPU status word, so they can be immediately
followed by conditional jump or conditional move instructions.
The
instructions differ from the
instructions (section
A.35) only in the way they handle quiet NaNs:
will handle them silently and set the condition
code flags to an `unordered' result, whereas
will
generate an exception.
FXAM
: Examine Class of
Value in ST0
FXAM ; D9 E5 [8086,FPU]
sets the FPU flags C3, C2 and C0 depending on
the type of value stored in
: 000 (respectively)
for an unsupported format, 001 for a NaN, 010 for a normal finite number, 011
for an infinity, 100 for a zero, 101 for an empty register, and 110 for a
denormal. It also sets the C1 flag to the sign of the number.
FXCH
: Floating-Point
ExchangeFXCH ; D9 C9 [8086,FPU] FXCH fpureg ; D9 C8+r [8086,FPU] FXCH fpureg,ST0 ; D9 C8+r [8086,FPU] FXCH ST0,fpureg ; D9 C8+r [8086,FPU]
exchanges
with a
given FPU register. The no-operand form exchanges
with
.
FXTRACT
: Extract
Exponent and SignificandFXTRACT ; D9 F4 [8086,FPU]
separates the number in
into its exponent and significand (mantissa),
stores the exponent back into
, and then pushes the
significand on the register stack (so that the significand ends up in
, and the exponent in
).
FYL2X
,
FYL2XP1
: Compute Y times Log2(X) or Log2(X+1)FYL2X ; D9 F1 [8086,FPU] FYL2XP1 ; D9 F9 [8086,FPU]
multiplies
by
the base-2 logarithm of
, stores the result in
, and pops the register stack (so that the result
ends up in
).
must be
non-zero and positive.
works the same way, but replacing the
base-2 log of
with that of
plus one. This time,
must have magnitude no greater than 1 minus half the square root of two.
HLT
: Halt
ProcessorHLT ; F4 [8086]
puts the processor into a halted state, where
it will perform no more operations until restarted by an interrupt or a reset.
IBTS
: Insert Bit
StringIBTS r/m16,reg16 ; o16 0F A7 /r [386,UNDOC] IBTS r/m32,reg32 ; o32 0F A7 /r [386,UNDOC]
No clear documentation seems to be available for this instruction: the best
I've been able to find reads `Takes a string of bits from the second operand and
puts them in the first operand'. It is present only in early 386 processors, and
conflicts with the opcodes for
. NASM
supports it only for completeness. Its counterpart is
(see section
A.167).
IDIV
: Signed Integer
DivideIDIV r/m8 ; F6 /7 [8086] IDIV r/m16 ; o16 F7 /7 [8086] IDIV r/m32 ; o32 F7 /7 [386]
performs signed integer division. The explicit
operand provided is the divisor; the dividend and destination operands are
implicit, in the following way:
IDIV r/m8
, AX
is
divided by the given operand; the quotient is stored in
AL
and the remainder in
AH
.
IDIV r/m16
, DX:AX
is divided by the given operand; the quotient is stored in
AX
and the remainder in
DX
.
IDIV r/m32
,
EDX:EAX
is divided by the given operand; the
quotient is stored in EAX
and the remainder in
EDX
. Unsigned integer division is performed by the
instruction: see section
A.25.
IMUL
: Signed Integer
MultiplyIMUL r/m8 ; F6 /5 [8086] IMUL r/m16 ; o16 F7 /5 [8086] IMUL r/m32 ; o32 F7 /5 [386]
IMUL reg16,r/m16 ; o16 0F AF /r [386] IMUL reg32,r/m32 ; o32 0F AF /r [386]
IMUL reg16,imm8 ; o16 6B /r ib [286] IMUL reg16,imm16 ; o16 69 /r iw [286] IMUL reg32,imm8 ; o32 6B /r ib [386] IMUL reg32,imm32 ; o32 69 /r id [386]
IMUL reg16,r/m16,imm8 ; o16 6B /r ib [286] IMUL reg16,r/m16,imm16 ; o16 69 /r iw [286] IMUL reg32,r/m32,imm8 ; o32 6B /r ib [386] IMUL reg32,r/m32,imm32 ; o32 69 /r id [386]
performs signed integer multiplication. For
the single-operand form, the other operand and destination are implicit, in the
following way:
IMUL r/m8
, AL
is
multiplied by the given operand; the product is stored in
AX
.
IMUL r/m16
, AX
is
multiplied by the given operand; the product is stored in
DX:AX
.
IMUL r/m32
, EAX
is
multiplied by the given operand; the product is stored in
EDX:EAX
. The two-operand form multiplies its two operands and stores the result in the destination (first) operand. The three-operand form multiplies its last two operands and stores the result in the first operand.
The two-operand form is in fact a shorthand for the three-operand form, as
can be seen by examining the opcode descriptions: in the two-operand form, the
code
takes both its register and
parts from the same operand (the first one).
In the forms with an 8-bit immediate operand and another longer source
operand, the immediate operand is considered to be signed, and is sign-extended
to the length of the other source operand. In these cases, the
qualifier is necessary to force NASM to generate
this form of the instruction.
Unsigned integer multiplication is performed by the
instruction: see section
A.107.
IN
: Input from I/O
PortIN AL,imm8 ; E4 ib [8086] IN AX,imm8 ; o16 E5 ib [8086] IN EAX,imm8 ; o32 E5 ib [386] IN AL,DX ; EC [8086] IN AX,DX ; o16 ED [8086] IN EAX,DX ; o32 ED [386]
reads a byte, word or doubleword from the
specified I/O port, and stores it in the given destination register. The port
number may be specified as an immediate value if it is between 0 and 255, and
otherwise must be stored in
. See also
(section
A.111).
INC
: Increment
IntegerINC reg16 ; o16 40+r [8086] INC reg32 ; o32 40+r [386] INC r/m8 ; FE /0 [8086] INC r/m16 ; o16 FF /0 [8086] INC r/m32 ; o32 FF /0 [386]
adds 1 to its operand. It does not
affect the carry flag: to affect the carry flag, use
(see section
A.6). See also
(section
A.24).
INSB
,
INSW
, INSD
: Input String
from I/O PortINSB ; 6C [186] INSW ; o16 6D [186] INSD ; o32 6D [386]
inputs a byte from the I/O port specified in
and stores it at
or
. It then increments or decrements
(depending on the direction flag: increments if the flag is clear, decrements if
it is set)
or
.
The register used is
if the address size is 16
bits, and
if it is 32 bits. If you need to use an
address size not equal to the current
setting,
you can use an explicit
or
prefix.
Segment override prefixes have no effect for this instruction: the use of
for the load from
or
cannot be overridden.
and
work in the
same way, but they input a word or a doubleword instead of a byte, and increment
or decrement the addressing register by 2 or 4 instead of 1.
The
prefix may be used to repeat the
instruction
(or
-
again, the address size chooses which) times.
See also
,
and
(section
A.112).
INT
: Software
InterruptINT imm8 ; CD ib [8086]
causes a software interrupt through a specified
vector number from 0 to 255.
The code generated by the
instruction is always
two bytes long: although there are short forms for some
instructions, NASM does not generate them when it
sees the
mnemonic. In order to generate
single-byte breakpoint instructions, use the
or
instructions (see section
A.82) instead.
INT3
,
INT1
, ICEBP
,
INT01
: BreakpointsINT1 ; F1 [P6] ICEBP ; F1 [P6] INT01 ; F1 [P6]
INT3 ; CC [8086]
and
are short
one-byte forms of the instructions
and
(see section
A.81). They perform a similar function to their longer counterparts, but
take up less code space. They are used as breakpoints by debuggers.
, and its alternative synonyms
and
, is an
instruction used by in-circuit emulators (ICEs). It is present, though not
documented, on some processors down to the 286, but is only documented for the
Pentium Pro.
is the instruction normally used as
a breakpoint by debuggers.
is not precisely equivalent to
: the short form, since it is designed to be used as a
breakpoint, bypasses the normal IOPL checks in virtual-8086 mode, and also does
not go through interrupt redirection.
INTO
: Interrupt if
OverflowINTO ; CE [8086]
performs an
software interrupt (see section
A.81) if and only if the overflow flag is set.
INVD
: Invalidate
Internal CachesINVD ; 0F 08 [486]
invalidates and empties the processor's
internal caches, and causes the processor to instruct external caches to do the
same. It does not write the contents of the caches back to memory first: any
modified data held in the caches will be lost. To write the data back first, use
(section
A.164).
INVLPG
: Invalidate TLB
EntryINVLPG mem ; 0F 01 /0 [486]
invalidates the translation lookahead buffer
(TLB) entry associated with the supplied memory address.
IRET
,
IRETW
, IRETD
: Return from
InterruptIRET ; CF [8086] IRETW ; o16 CF [8086] IRETD ; o32 CF [386]
returns from an interrupt (hardware or
software) by means of popping
(or
),
and the flags off
the stack and then continuing execution from the new
.
pops
,
and the flags as 2 bytes each, taking 6 bytes off
the stack in total.
pops
as 4 bytes, pops a further 4 bytes of which the
top two are discarded and the bottom two go into
,
and pops the flags as 4 bytes as well, taking 12 bytes off the stack.
is a shorthand for either
or
, depending on
the default
setting at the time.
JCXZ
,
JECXZ
: Jump if CX/ECX ZeroJCXZ imm ; o16 E3 rb [8086] JECXZ imm ; o32 E3 rb [386]
performs a short jump (with maximum range 128
bytes) if and only if the contents of the
register
is 0.
does the same thing, but with
.
JMP
: JumpJMP imm ; E9 rw/rd [8086] JMP SHORT imm ; EB rb [8086] JMP imm:imm16 ; o16 EA iw iw [8086] JMP imm:imm32 ; o32 EA id iw [386] JMP FAR mem ; o16 FF /5 [8086] JMP FAR mem ; o32 FF /5 [386] JMP r/m16 ; o16 FF /4 [8086] JMP r/m32 ; o32 FF /4 [386]
jumps to a given address. The address may be
specified as an absolute segment and offset, or as a relative jump within the
current segment.
has a maximum range of 128 bytes,
since the displacement is specified as only 8 bits, but takes up less code
space. NASM does not choose when to generate
for you: you must explicitly code
every time you
want a short jump.
You can choose between the two immediate far jump forms (
) by the use of the
and
keywords:
) or
.
The
forms execute a far jump by loading
the destination address out of memory. The address loaded consists of 16 or 32
bits of offset (depending on the operand size), and 16 bits of segment. The
operand size may be overridden using
or
.
The
forms execute a near jump (within the
same segment), loading the destination address out of memory or out of a
register. The keyword
may be specified, for
clarity, in these forms, but is not necessary. Again, operand size can be
overridden using
or
.
As a convenience, NASM does not require you to jump to a far symbol by coding
the cumbersome
, but instead
allows the easier synonym
.
The
forms given above are near calls; NASM
will accept the
keyword (e.g.
), even though it is not strictly necessary.
Jcc
: Conditional
BranchJcc imm ; 70+cc rb [8086] Jcc NEAR imm ; 0F 80+cc rw/rd [386]
The conditional jump instructions execute a near (same segment) jump if and
only if their conditions are satisfied. For example,
jumps only if the zero flag is not set.
The ordinary form of the instructions has only a 128-byte range; the
form is a 386 extension to the instruction set,
and can span the full size of a segment. NASM will not override your choice of
jump instruction: if you want
, you have to
use the
keyword.
The
keyword is allowed on the first form of
the instruction, for clarity, but is not necessary.
LAHF
: Load AH from
FlagsLAHF ; 9F [8086]
sets the
register
according to the contents of the low byte of the flags word. See also
(section
A.145).
LAR
: Load Access
RightsLAR reg16,r/m16 ; o16 0F 02 /r [286,PRIV] LAR reg32,r/m32 ; o32 0F 02 /r [286,PRIV]
takes the segment selector specified by its
source (second) operand, finds the corresponding segment descriptor in the GDT
or LDT, and loads the access-rights byte of the descriptor into its destination
(first) operand.
LDS
,
LES
, LFS
,
LGS
, LSS
: Load Far
PointerLDS reg16,mem ; o16 C5 /r [8086] LDS reg32,mem ; o32 C5 /r [8086]
LES reg16,mem ; o16 C4 /r [8086] LES reg32,mem ; o32 C4 /r [8086]
LFS reg16,mem ; o16 0F B4 /r [386] LFS reg32,mem ; o32 0F B4 /r [386]
LGS reg16,mem ; o16 0F B5 /r [386] LGS reg32,mem ; o32 0F B5 /r [386]
LSS reg16,mem ; o16 0F B2 /r [386] LSS reg32,mem ; o32 0F B2 /r [386]
These instructions load an entire far pointer (16 or 32 bits of offset, plus
16 bits of segment) out of memory in one go.
, for
example, loads 16 or 32 bits from the given memory address into the given
register (depending on the size of the register), then loads the next
16 bits from memory into
.
,
,
and
work in the same
way but use the other segment registers.
LEA
: Load Effective
AddressLEA reg16,mem ; o16 8D /r [8086] LEA reg32,mem ; o32 8D /r [8086]
, despite its syntax, does not access memory. It
calculates the effective address specified by its second operand as if it were
going to load or store data from it, but instead it stores the calculated
address into the register specified by its first operand. This can be used to
perform quite complex calculations (e.g.
) in one instruction.
, despite being a purely arithmetic instruction
which accesses no memory, still requires square brackets around its second
operand, as if it were a memory reference.
LEAVE
: Destroy Stack
FrameLEAVE ; C9 [186]
destroys a stack frame of the form created by
the
instruction (see section
A.27). It is functionally equivalent to
followed by
(or
followed by
in 16-bit mode).
LGDT
,
LIDT
, LLDT
: Load Descriptor
TablesLGDT mem ; 0F 01 /2 [286,PRIV] LIDT mem ; 0F 01 /3 [286,PRIV] LLDT r/m16 ; 0F 00 /2 [286,PRIV]
and
both take a
6-byte memory area as an operand: they load a 32-bit linear address and a 16-bit
size limit from that area (in the opposite order) into the GDTR (global
descriptor table register) or IDTR (interrupt descriptor table register). These
are the only instructions which directly use linear addresses, rather
than segment/offset pairs.
takes a segment selector as an operand. The
processor looks up that selector in the GDT and stores the limit and base
address given there into the LDTR (local descriptor table register).
See also
,
and
(section
A.151).
LMSW
: Load/Store Machine
Status WordLMSW r/m16 ; 0F 01 /6 [286,PRIV]
loads the bottom four bits of the source
operand into the bottom four bits of the
control
register (or the Machine Status Word, on 286 processors). See also
(section
A.155).
LOADALL
,
LOADALL286
: Load Processor StateLOADALL ; 0F 07 [386,UNDOC] LOADALL286 ; 0F 05 [286,UNDOC]
This instruction, in its two different-opcode forms, is apparently supported on most 286 processors, some 386 and possibly some 486. The opcode differs between the 286 and the 386.
The function of the instruction is to load all information relating to the
state of the processor out of a block of memory: on the 286, this block is
located implicitly at absolute address
, and on
the 386 and 486 it is at
.
LODSB
,
LODSW
, LODSD
: Load from
StringLODSB ; AC [8086] LODSW ; o16 AD [8086] LODSD ; o32 AD [386]
loads a byte from
or
into
. It then increments or decrements (depending on the
direction flag: increments if the flag is clear, decrements if it is set)
or
.
The register used is
if the address size is 16
bits, and
if it is 32 bits. If you need to use an
address size not equal to the current
setting,
you can use an explicit
or
prefix.
The segment register used to load from
or
can be overridden by using a segment register
name as a prefix (for example,
).
and
work in
the same way, but they load a word or a doubleword instead of a byte, and
increment or decrement the addressing registers by 2 or 4 instead of 1.
LOOP
,
LOOPE
, LOOPZ
,
LOOPNE
, LOOPNZ
: Loop with
CounterLOOP imm ; E2 rb [8086] LOOP imm,CX ; a16 E2 rb [8086] LOOP imm,ECX ; a32 E2 rb [386]
LOOPE imm ; E1 rb [8086] LOOPE imm,CX ; a16 E1 rb [8086] LOOPE imm,ECX ; a32 E1 rb [386] LOOPZ imm ; E1 rb [8086] LOOPZ imm,CX ; a16 E1 rb [8086] LOOPZ imm,ECX ; a32 E1 rb [386]
LOOPNE imm ; E0 rb [8086] LOOPNE imm,CX ; a16 E0 rb [8086] LOOPNE imm,ECX ; a32 E0 rb [386] LOOPNZ imm ; E0 rb [8086] LOOPNZ imm,CX ; a16 E0 rb [8086] LOOPNZ imm,ECX ; a32 E0 rb [386]
decrements its counter register (either
or
- if one is not
specified explicitly, the
setting dictates which
is used) by one, and if the counter does not become zero as a result of this
operation, it jumps to the given label. The jump has a range of 128 bytes.
(or its synonym
) adds the additional condition that it only
jumps if the counter is nonzero and the zero flag is set. Similarly,
(and
) jumps
only if the counter is nonzero and the zero flag is clear.
LSL
: Load Segment
LimitLSL reg16,r/m16 ; o16 0F 03 /r [286,PRIV] LSL reg32,r/m32 ; o32 0F 03 /r [286,PRIV]
is given a segment selector in its source
(second) operand; it computes the segment limit value by loading the segment
limit field from the associated segment descriptor in the GDT or LDT. (This
involves shifting left by 12 bits if the segment limit is page-granular, and not
if it is byte-granular; so you end up with a byte limit in either case.) The
segment limit obtained is then loaded into the destination (first) operand.
LTR
: Load Task
RegisterLTR r/m16 ; 0F 00 /3 [286,PRIV]
looks up the segment base and limit in the GDT
or LDT descriptor specified by the segment selector given as its operand, and
loads them into the Task Register.
MOV
: Move
DataMOV r/m8,reg8 ; 88 /r [8086] MOV r/m16,reg16 ; o16 89 /r [8086] MOV r/m32,reg32 ; o32 89 /r [386] MOV reg8,r/m8 ; 8A /r [8086] MOV reg16,r/m16 ; o16 8B /r [8086] MOV reg32,r/m32 ; o32 8B /r [386]
MOV reg8,imm8 ; B0+r ib [8086] MOV reg16,imm16 ; o16 B8+r iw [8086] MOV reg32,imm32 ; o32 B8+r id [386] MOV r/m8,imm8 ; C6 /0 ib [8086] MOV r/m16,imm16 ; o16 C7 /0 iw [8086] MOV r/m32,imm32 ; o32 C7 /0 id [386]
MOV AL,memoffs8 ; A0 ow/od [8086] MOV AX,memoffs16 ; o16 A1 ow/od [8086] MOV EAX,memoffs32 ; o32 A1 ow/od [386] MOV memoffs8,AL ; A2 ow/od [8086] MOV memoffs16,AX ; o16 A3 ow/od [8086] MOV memoffs32,EAX ; o32 A3 ow/od [386]
MOV r/m16,segreg ; o16 8C /r [8086] MOV r/m32,segreg ; o32 8C /r [386] MOV segreg,r/m16 ; o16 8E /r [8086] MOV segreg,r/m32 ; o32 8E /r [386]
MOV reg32,CR0/2/3/4 ; 0F 20 /r [386] MOV reg32,DR0/1/2/3/6/7 ; 0F 21 /r [386] MOV reg32,TR3/4/5/6/7 ; 0F 24 /r [386] MOV CR0/2/3/4,reg32 ; 0F 22 /r [386] MOV DR0/1/2/3/6/7,reg32 ; 0F 23 /r [386] MOV TR3/4/5/6/7,reg32 ; 0F 26 /r [386]
copies the contents of its source (second)
operand into its destination (first) operand.
In all forms of the
instruction, the two
operands are the same size, except for moving between a segment register and an
operand. These instructions are treated exactly
like the corresponding 16-bit equivalent (so that, for example,
functions identically to
but saves a prefix when in 32-bit mode), except that when a
segment register is moved into a 32-bit destination, the top two bytes of the
result are undefined.
may not use
as a
destination.
is only a supported register on the Pentium and
above.
MOVD
: Move Doubleword
to/from MMX RegisterMOVD mmxreg,r/m32 ; 0F 6E /r [PENT,MMX] MOVD r/m32,mmxreg ; 0F 7E /r [PENT,MMX]
copies 32 bits from its source (second)
operand into its destination (first) operand. When the destination is a 64-bit
MMX register, the top 32 bits are set to zero.
MOVQ
: Move Quadword
to/from MMX RegisterMOVQ mmxreg,r/m64 ; 0F 6F /r [PENT,MMX] MOVQ r/m64,mmxreg ; 0F 7F /r [PENT,MMX]
copies 64 bits from its source (second)
operand into its destination (first) operand.
MOVSB
,
MOVSW
, MOVSD
: Move
StringMOVSB ; A4 [8086] MOVSW ; o16 A5 [8086] MOVSD ; o32 A5 [386]
copies the byte at
or
to
or
. It then
increments or decrements (depending on the direction flag: increments if the
flag is clear, decrements if it is set)
and
(or
and
).
The registers used are
and
if the address size is 16 bits, and
and
if it is 32
bits. If you need to use an address size not equal to the current
setting, you can use an explicit
or
prefix.
The segment register used to load from
or
can be overridden by using a segment register
name as a prefix (for example,
). The use of
for the store to
or
cannot be overridden.
and
work in
the same way, but they copy a word or a doubleword instead of a byte, and
increment or decrement the addressing registers by 2 or 4 instead of 1.
The
prefix may be used to repeat the
instruction
(or
-
again, the address size chooses which) times.
MOVSX
,
MOVZX
: Move Data with Sign or Zero ExtendMOVSX reg16,r/m8 ; o16 0F BE /r [386] MOVSX reg32,r/m8 ; o32 0F BE /r [386] MOVSX reg32,r/m16 ; o32 0F BF /r [386]
MOVZX reg16,r/m8 ; o16 0F B6 /r [386] MOVZX reg32,r/m8 ; o32 0F B6 /r [386] MOVZX reg32,r/m16 ; o32 0F B7 /r [386]
sign-extends its source (second) operand to
the length of its destination (first) operand, and copies the result into the
destination operand.
does the same, but
zero-extends rather than sign-extending.
MUL
: Unsigned Integer
MultiplyMUL r/m8 ; F6 /4 [8086] MUL r/m16 ; o16 F7 /4 [8086] MUL r/m32 ; o32 F7 /4 [386]
performs unsigned integer multiplication. The
other operand to the multiplication, and the destination operand, are implicit,
in the following way:
MUL r/m8
, AL
is
multiplied by the given operand; the product is stored in
AX
.
MUL r/m16
, AX
is
multiplied by the given operand; the product is stored in
DX:AX
.
MUL r/m32
, EAX
is
multiplied by the given operand; the product is stored in
EDX:EAX
. Signed integer multiplication is performed by the
instruction: see section
A.77.
NEG
,
NOT
: Two's and One's ComplementNEG r/m8 ; F6 /3 [8086] NEG r/m16 ; o16 F7 /3 [8086] NEG r/m32 ; o32 F7 /3 [386]
NOT r/m8 ; F6 /2 [8086] NOT r/m16 ; o16 F7 /2 [8086] NOT r/m32 ; o32 F7 /2 [386]
replaces the contents of its operand by the
two's complement negation (invert all the bits and then add one) of the original
value.
, similarly, performs one's complement
(inverts all the bits).
NOP
: No
OperationNOP ; 90 [8086]
performs no operation. Its opcode is the same
as that generated by
or
(depending on the processor mode; see section
A.168).
OR
: Bitwise
OROR r/m8,reg8 ; 08 /r [8086] OR r/m16,reg16 ; o16 09 /r [8086] OR r/m32,reg32 ; o32 09 /r [386]
OR reg8,r/m8 ; 0A /r [8086] OR reg16,r/m16 ; o16 0B /r [8086] OR reg32,r/m32 ; o32 0B /r [386]
OR r/m8,imm8 ; 80 /1 ib [8086] OR r/m16,imm16 ; o16 81 /1 iw [8086] OR r/m32,imm32 ; o32 81 /1 id [386]
OR r/m16,imm8 ; o16 83 /1 ib [8086] OR r/m32,imm8 ; o32 83 /1 ib [386]
OR AL,imm8 ; 0C ib [8086] OR AX,imm16 ; o16 0D iw [8086] OR EAX,imm32 ; o32 0D id [386]
performs a bitwise OR operation between its two
operands (i.e. each bit of the result is 1 if and only if at least one of the
corresponding bits of the two inputs was 1), and stores the result in the
destination (first) operand.
In the forms with an 8-bit immediate second operand and a longer first
operand, the second operand is considered to be signed, and is sign-extended to
the length of the first operand. In these cases, the
qualifier is necessary to force NASM to generate
this form of the instruction.
The MMX instruction
(see section
A.129) performs the same operation on the 64-bit MMX registers.
OUT
: Output Data to
I/O PortOUT imm8,AL ; E6 ib [8086] OUT imm8,AX ; o16 E7 ib [8086] OUT imm8,EAX ; o32 E7 ib [386] OUT DX,AL ; EE [8086] OUT DX,AX ; o16 EF [8086] OUT DX,EAX ; o32 EF [386]
writes the contents of the given source register
to the specified I/O port. The port number may be specified as an immediate
value if it is between 0 and 255, and otherwise must be stored in
. See also
(section
A.78).
OUTSB
,
OUTSW
, OUTSD
: Output String
to I/O PortOUTSB ; 6E [186]
OUTSW ; o16 6F [186]
OUTSD ; o32 6F [386]
loads a byte from
or
and
writes it to the I/O port specified in
. It then
increments or decrements (depending on the direction flag: increments if the
flag is clear, decrements if it is set)
or
.
The register used is
if the address size is 16
bits, and
if it is 32 bits. If you need to use an
address size not equal to the current
setting,
you can use an explicit
or
prefix.
The segment register used to load from
or
can be overridden by using a segment register
name as a prefix (for example,
).
and
work in
the same way, but they output a word or a doubleword instead of a byte, and
increment or decrement the addressing registers by 2 or 4 instead of 1.
The
prefix may be used to repeat the
instruction
(or
-
again, the address size chooses which) times.
PACKSSDW
,
PACKSSWB
, PACKUSWB
: Pack
DataPACKSSDW mmxreg,r/m64 ; 0F 6B /r [PENT,MMX] PACKSSWB mmxreg,r/m64 ; 0F 63 /r [PENT,MMX] PACKUSWB mmxreg,r/m64 ; 0F 67 /r [PENT,MMX]
All these instructions start by forming a notional 128-bit word by placing
the source (second) operand on the left of the destination (first) operand.
then splits this 128-bit word into four
doublewords, converts each to a word, and loads them side by side into the
destination register;
and
both split the 128-bit word into eight words,
converts each to a byte, and loads those side by side into the
destination register.
and
perform signed saturation when reducing the length of numbers: if the number is
too large to fit into the reduced space, they replace it by the largest signed
number (
or
) that
will fit, and if it is too small then they replace it by the smallest
signed number (
or
)
that will fit.
performs unsigned saturation:
it treats its input as unsigned, and replaces it by the largest unsigned number
that will fit.
PADDxx
: MMX Packed
AdditionPADDB mmxreg,r/m64 ; 0F FC /r [PENT,MMX] PADDW mmxreg,r/m64 ; 0F FD /r [PENT,MMX] PADDD mmxreg,r/m64 ; 0F FE /r [PENT,MMX]
PADDSB mmxreg,r/m64 ; 0F EC /r [PENT,MMX] PADDSW mmxreg,r/m64 ; 0F ED /r [PENT,MMX]
PADDUSB mmxreg,r/m64 ; 0F DC /r [PENT,MMX] PADDUSW mmxreg,r/m64 ; 0F DD /r [PENT,MMX]
all perform packed addition between their
two 64-bit operands, storing the result in the destination (first) operand. The
forms treat the 64-bit operands as vectors of
eight bytes, and add each byte individually;
treat the operands as vectors of four words; and
treats its operands as vectors of two doublewords.
and
perform
signed saturation on the sum of each pair of bytes or words: if the result of an
addition is too large or too small to fit into a signed byte or word result, it
is clipped (saturated) to the largest or smallest value which will fit.
and
similarly perform unsigned saturation, clipping to
or
if the result
is larger than that.
PADDSIW
: MMX Packed
Addition to Implicit DestinationPADDSIW mmxreg,r/m64 ; 0F 51 /r [CYRIX,MMX]
, specific to the Cyrix extensions to the
MMX instruction set, performs the same function as
, except that the result is not placed in the
register specified by the first operand, but instead in the register whose
number differs from the first operand only in the last bit. So
would put the result in
, but
would put the result in
.
PAND
,
PANDN
: MMX Bitwise AND and AND-NOTPAND mmxreg,r/m64 ; 0F DB /r [PENT,MMX] PANDN mmxreg,r/m64 ; 0F DF /r [PENT,MMX]
performs a bitwise AND operation between its
two operands (i.e. each bit of the result is 1 if and only if the corresponding
bits of the two inputs were both 1), and stores the result in the destination
(first) operand.
performs the same operation, but performs a
one's complement operation on the destination (first) operand first.
PAVEB
: MMX Packed
AveragePAVEB mmxreg,r/m64 ; 0F 50 /r [CYRIX,MMX]
, specific to the Cyrix MMX extensions, treats
its two operands as vectors of eight unsigned bytes, and calculates the average
of the corresponding bytes in the operands. The resulting vector of eight
averages is stored in the first operand.
PCMPxx
: MMX Packed
ComparisonPCMPEQB mmxreg,r/m64 ; 0F 74 /r [PENT,MMX] PCMPEQW mmxreg,r/m64 ; 0F 75 /r [PENT,MMX] PCMPEQD mmxreg,r/m64 ; 0F 76 /r [PENT,MMX]
PCMPGTB mmxreg,r/m64 ; 0F 64 /r [PENT,MMX] PCMPGTW mmxreg,r/m64 ; 0F 65 /r [PENT,MMX] PCMPGTD mmxreg,r/m64 ; 0F 66 /r [PENT,MMX]
The
instructions all treat their operands as
vectors of bytes, words, or doublewords; corresponding elements of the source
and destination are compared, and the corresponding element of the destination
(first) operand is set to all zeros or all ones depending on the result of the
comparison.
treats the operands as vectors of eight
bytes,
treats them as vectors of four words,
and
as two doublewords.
sets the corresponding element of the
destination operand to all ones if the two elements compared are equal;
sets the destination element to all ones if
the element of the first (destination) operand is greater (treated as a signed
integer) than that of the second (source) operand.
PDISTIB
: MMX Packed
Distance and Accumulate with Implied RegisterPDISTIB mmxreg,mem64 ; 0F 54 /r [CYRIX,MMX]
, specific to the Cyrix MMX extensions,
treats its two input operands as vectors of eight unsigned bytes. For each byte
position, it finds the absolute difference between the bytes in that position in
the two input operands, and adds that value to the byte in the same position in
the implied output register. The addition is saturated to an unsigned byte in
the same way as
.
The implied output register is found in the same way as
(section
A.115).
Note that
cannot take a register as its
second source operand.
PMACHRIW
: MMX Packed
Multiply and Accumulate with RoundingPMACHRIW mmxreg,mem64 ; 0F 5E /r [CYRIX,MMX]
acts almost identically to
(section
A.123), but instead of storing its result in the implied
destination register, it adds its result, as four packed words, to the
implied destination register. No saturation is done: the addition can wrap
around.
Note that
cannot take a register as its
second source operand.
PMADDWD
: MMX Packed
Multiply and AddPMADDWD mmxreg,r/m64 ; 0F F5 /r [PENT,MMX]
treats its two inputs as vectors of four
signed words. It multiplies corresponding elements of the two operands, giving
four signed doubleword results. The top two of these are added and placed in the
top 32 bits of the destination (first) operand; the bottom two are added and
placed in the bottom 32 bits.
PMAGW
: MMX Packed
MagnitudePMAGW mmxreg,r/m64 ; 0F 52 /r [CYRIX,MMX]
, specific to the Cyrix MMX extensions, treats
both its operands as vectors of four signed words. It compares the absolute
values of the words in corresponding positions, and sets each word of the
destination (first) operand to whichever of the two words in that position had
the larger absolute value.
PMULHRW
,
PMULHRIW
: MMX Packed Multiply High with
RoundingPMULHRW mmxreg,r/m64 ; 0F 59 /r [CYRIX,MMX] PMULHRIW mmxreg,r/m64 ; 0F 5D /r [CYRIX,MMX]
These instructions, specific to the Cyrix MMX extensions, treat their
operands as vectors of four signed words. Words in corresponding positions are
multiplied, to give a 32-bit value in which bits 30 and 31 are guaranteed equal.
Bits 30 to 15 of this value (bit mask
) are
taken and stored in the corresponding position of the destination operand, after
first rounding the low bit (equivalent to adding
before extracting bits 30 to 15).
For
, the destination operand is the first
operand; for
the destination operand is
implied by the first operand in the manner of
(section
A.115).
PMULHW
,
PMULLW
: MMX Packed MultiplyPMULHW mmxreg,r/m64 ; 0F E5 /r [PENT,MMX] PMULLW mmxreg,r/m64 ; 0F D5 /r [PENT,MMX]
treats its two inputs as vectors of four
signed words. It multiplies corresponding elements of the two operands, giving
four signed doubleword results.
then stores the top 16 bits of each
doubleword in the destination (first) operand;
stores the bottom 16 bits of each doubleword in the destination operand.
PMVccZB
: MMX Packed
Conditional MovePMVZB mmxreg,mem64 ; 0F 58 /r [CYRIX,MMX] PMVNZB mmxreg,mem64 ; 0F 5A /r [CYRIX,MMX] PMVLZB mmxreg,mem64 ; 0F 5B /r [CYRIX,MMX] PMVGEZB mmxreg,mem64 ; 0F 5C /r [CYRIX,MMX]
These instructions, specific to the Cyrix MMX extensions, perform parallel
conditional moves. The two input operands are treated as vectors of eight bytes.
Each byte of the destination (first) operand is either written from the
corresponding byte of the source (second) operand, or left alone, depending on
the value of the byte in the implied operand (specified in the same way
as
, in section
A.115).
performs each move if the corresponding byte
in the implied operand is zero.
moves if the
byte is non-zero.
moves if the byte is less
than zero, and
moves if the byte is greater
than or equal to zero.
Note that these instructions cannot take a register as their second source operand.
POP
: Pop Data from
StackPOP reg16 ; o16 58+r [8086] POP reg32 ; o32 58+r [386]
POP r/m16 ; o16 8F /0 [8086] POP r/m32 ; o32 8F /0 [386]
POP CS ; 0F [8086,UNDOC] POP DS ; 1F [8086] POP ES ; 07 [8086] POP SS ; 17 [8086] POP FS ; 0F A1 [386] POP GS ; 0F A9 [386]
loads a value from the stack (from
or
) and
then increments the stack pointer.
The address-size attribute of the instruction determines whether
or
is used as the
stack pointer: to deliberately override the default given by the
setting, you can use an
or
prefix.
The operand-size attribute of the instruction determines whether the stack
pointer is incremented by 2 or 4: this means that segment register pops in
mode will pop 4 bytes off the stack and
discard the upper two of them. If you need to override that, you can use an
or
prefix.
The above opcode listings give two forms for general-purpose register pop
instructions: for example,
has the two forms
and
. NASM will
always generate the shorter form when given
.
NDISASM will disassemble both.
is not a documented instruction, and is not
supported on any processor above the 8086 (since they use
as an opcode prefix for instruction set
extensions). However, at least some 8086 processors do support it, and so NASM
generates it for completeness.
POPAx
: Pop All
General-Purpose RegistersPOPA ; 61 [186] POPAW ; o16 61 [186] POPAD ; o32 61 [386]
pops a word from the stack into each of,
successively,
,
,
, nothing (it discards a word from the stack which
was a placeholder for
),
,
,
and
. It is intended to
reverse the operation of
(see section
A.135), but it ignores the value for
that was
pushed on the stack by
.
pops twice as much data, and places the
results in
,
,
, nothing (placeholder for
),
,
,
and
. It reverses the operation of
.
is an alias mnemonic for either
or
, depending on
the current
setting.
Note that the registers are popped in reverse order of their numeric values in opcodes (see section A.2.1).
POPFx
: Pop Flags
RegisterPOPF ; 9D [186] POPFW ; o16 9D [186] POPFD ; o32 9D [386]
pops a word from the stack and stores it in
the bottom 16 bits of the flags register (or the whole flags register, on
processors below a 386).
pops a doubleword and
stores it in the entire flags register.
is an alias mnemonic for either
or
, depending on
the current
setting.
See also
(section
A.136).
POR
: MMX Bitwise
ORPOR mmxreg,r/m64 ; 0F EB /r [PENT,MMX]
performs a bitwise OR operation between its two
operands (i.e. each bit of the result is 1 if and only if at least one of the
corresponding bits of the two inputs was 1), and stores the result in the
destination (first) operand.
PSLLx
,
PSRLx
, PSRAx
: MMX Bit
ShiftsPSLLW mmxreg,r/m64 ; 0F F1 /r [PENT,MMX] PSLLW mmxreg,imm8 ; 0F 71 /6 ib [PENT,MMX]
PSLLD mmxreg,r/m64 ; 0F F2 /r [PENT,MMX] PSLLD mmxreg,imm8 ; 0F 72 /6 ib [PENT,MMX]
PSLLQ mmxreg,r/m64 ; 0F F3 /r [PENT,MMX] PSLLQ mmxreg,imm8 ; 0F 73 /6 ib [PENT,MMX]
PSRAW mmxreg,r/m64 ; 0F E1 /r [PENT,MMX] PSRAW mmxreg,imm8 ; 0F 71 /4 ib [PENT,MMX]
PSRAD mmxreg,r/m64 ; 0F E2 /r [PENT,MMX] PSRAD mmxreg,imm8 ; 0F 72 /4 ib [PENT,MMX]
PSRLW mmxreg,r/m64 ; 0F D1 /r [PENT,MMX] PSRLW mmxreg,imm8 ; 0F 71 /2 ib [PENT,MMX]
PSRLD mmxreg,r/m64 ; 0F D2 /r [PENT,MMX] PSRLD mmxreg,imm8 ; 0F 72 /2 ib [PENT,MMX]
PSRLQ mmxreg,r/m64 ; 0F D3 /r [PENT,MMX] PSRLQ mmxreg,imm8 ; 0F 73 /2 ib [PENT,MMX]
perform simple bit shifts on the 64-bit MMX
registers: the destination (first) operand is shifted left or right by the
number of bits given in the source (second) operand, and the vacated bits are
filled in with zeros (for a logical shift) or copies of the original sign bit
(for an arithmetic right shift).
and
perform
packed bit shifts: the destination operand is treated as a vector of four words
or two doublewords, and each element is shifted individually, so bits shifted
out of one element do not interfere with empty bits coming into the next.
and
perform
logical shifts: the vacated bits at one end of the shifted number are filled
with zeros.
performs an arithmetic right shift:
the vacated bits at the top of the shifted number are filled with copies of the
original top (sign) bit.
PSUBxx
: MMX Packed
SubtractionPSUBB mmxreg,r/m64 ; 0F F8 /r [PENT,MMX] PSUBW mmxreg,r/m64 ; 0F F9 /r [PENT,MMX] PSUBD mmxreg,r/m64 ; 0F FA /r [PENT,MMX]
PSUBSB mmxreg,r/m64 ; 0F E8 /r [PENT,MMX] PSUBSW mmxreg,r/m64 ; 0F E9 /r [PENT,MMX]
PSUBUSB mmxreg,r/m64 ; 0F D8 /r [PENT,MMX] PSUBUSW mmxreg,r/m64 ; 0F D9 /r [PENT,MMX]
all perform packed subtraction between their
two 64-bit operands, storing the result in the destination (first) operand. The
forms treat the 64-bit operands as vectors of
eight bytes, and subtract each byte individually;
treat the operands as vectors of four words;
and
treats its operands as vectors of two
doublewords.
In all cases, the elements of the operand on the right are subtracted from the corresponding elements of the operand on the left, not the other way round.
and
perform
signed saturation on the sum of each pair of bytes or words: if the result of a
subtraction is too large or too small to fit into a signed byte or word result,
it is clipped (saturated) to the largest or smallest value which will
fit.
and
similarly perform unsigned saturation, clipping to
or
if the result
is larger than that.
PSUBSIW
: MMX Packed
Subtract with Saturation to Implied DestinationPSUBSIW mmxreg,r/m64 ; 0F 55 /r [CYRIX,MMX]
, specific to the Cyrix extensions to the
MMX instruction set, performs the same function as
, except that the result is not placed in the
register specified by the first operand, but instead in the implied destination
register, specified as for
(section
A.115).
PUNPCKxxx
: Unpack
DataPUNPCKHBW mmxreg,r/m64 ; 0F 68 /r [PENT,MMX] PUNPCKHWD mmxreg,r/m64 ; 0F 69 /r [PENT,MMX] PUNPCKHDQ mmxreg,r/m64 ; 0F 6A /r [PENT,MMX]
PUNPCKLBW mmxreg,r/m64 ; 0F 60 /r [PENT,MMX] PUNPCKLWD mmxreg,r/m64 ; 0F 61 /r [PENT,MMX] PUNPCKLDQ mmxreg,r/m64 ; 0F 62 /r [PENT,MMX]
all treat their operands as vectors, and
produce a new vector generated by interleaving elements from the two inputs. The
instructions start by throwing away the
bottom half of each input operand, and the
instructions throw away the top half.
The remaining elements, totalling 64 bits, are then interleaved into the destination, alternating elements from the second (source) operand and the first (destination) operand: so the leftmost element in the result always comes from the second operand, and the rightmost from the destination.
works a byte at a time,
a word at a time, and
a doubleword at a time.
So, for example, if the first operand held
and the second held
, then:
PUNPCKHBW
would return
0x7B7A6B6A5B5A4B4A
.
PUNPCKHWD
would return
0x7B6B7A6A5B4B5A4A
.
PUNPCKHDQ
would return
0x7B6B5B4B7A6A5A4A
.
PUNPCKLBW
would return
0x3B3A2B2A1B1A0B0A
.
PUNPCKLWD
would return
0x3B2B3A2A1B0B1A0A
.
PUNPCKLDQ
would return
0x3B2B1B0B3A2A1A0A
. PUSH
: Push Data on
StackPUSH reg16 ; o16 50+r [8086] PUSH reg32 ; o32 50+r [386]
PUSH r/m16 ; o16 FF /6 [8086] PUSH r/m32 ; o32 FF /6 [386]
PUSH CS ; 0E [8086] PUSH DS ; 1E [8086] PUSH ES ; 06 [8086] PUSH SS ; 16 [8086] PUSH FS ; 0F A0 [386] PUSH GS ; 0F A8 [386]
PUSH imm8 ; 6A ib [286] PUSH imm16 ; o16 68 iw [286] PUSH imm32 ; o32 68 id [386]
decrements the stack pointer
(
or
) by 2 or 4, and
then stores the given value at
or
.
The address-size attribute of the instruction determines whether
or
is used as the
stack pointer: to deliberately override the default given by the
setting, you can use an
or
prefix.
The operand-size attribute of the instruction determines whether the stack
pointer is decremented by 2 or 4: this means that segment register pushes in
mode will push 4 bytes on the stack, of which
the upper two are undefined. If you need to override that, you can use an
or
prefix.
The above opcode listings give two forms for general-purpose register push
instructions: for example,
has the two forms
and
. NASM will
always generate the shorter form when given
.
NDISASM will disassemble both.
Unlike the undocumented and barely supported
,
is a perfectly valid and
sensible instruction, supported on all processors.
The instruction
may be used to distinguish
an 8086 from later processors: on an 8086, the value of
stored is the value it has after the push
instruction, whereas on later processors it is the value before the
push instruction.
PUSHAx
: Push All
General-Purpose RegistersPUSHA ; 60 [186] PUSHAD ; o32 60 [386] PUSHAW ; o16 60 [186]
pushes, in succession,
,
,
,
,
,
,
and
on the stack,
decrementing the stack pointer by a total of 16.
pushes, in succession,
,
,
,
,
,
,
and
on the stack,
decrementing the stack pointer by a total of 32.
In both cases, the value of
or
pushed is its original value, as it had
before the instruction was executed.
is an alias mnemonic for either
or
, depending
on the current
setting.
Note that the registers are pushed in order of their numeric values in opcodes (see section A.2.1).
See also
(section
A.127).
PUSHFx
: Push Flags
RegisterPUSHF ; 9C [186] PUSHFD ; o32 9C [386] PUSHFW ; o16 9C [186]
pops a word from the stack and stores it in
the bottom 16 bits of the flags register (or the whole flags register, on
processors below a 386).
pops a doubleword and
stores it in the entire flags register.
is an alias mnemonic for either
or
, depending
on the current
setting.
See also
(section
A.128).
PXOR
: MMX Bitwise
XORPXOR mmxreg,r/m64 ; 0F EF /r [PENT,MMX]
performs a bitwise XOR operation between its
two operands (i.e. each bit of the result is 1 if and only if exactly one of the
corresponding bits of the two inputs was 1), and stores the result in the
destination (first) operand.
RCL
,
RCR
: Bitwise Rotate through Carry BitRCL r/m8,1 ; D0 /2 [8086] RCL r/m8,CL ; D2 /2 [8086] RCL r/m8,imm8 ; C0 /2 ib [286] RCL r/m16,1 ; o16 D1 /2 [8086] RCL r/m16,CL ; o16 D3 /2 [8086] RCL r/m16,imm8 ; o16 C1 /2 ib [286] RCL r/m32,1 ; o32 D1 /2 [386] RCL r/m32,CL ; o32 D3 /2 [386] RCL r/m32,imm8 ; o32 C1 /2 ib [386]
RCR r/m8,1 ; D0 /3 [8086] RCR r/m8,CL ; D2 /3 [8086] RCR r/m8,imm8 ; C0 /3 ib [286] RCR r/m16,1 ; o16 D1 /3 [8086] RCR r/m16,CL ; o16 D3 /3 [8086] RCR r/m16,imm8 ; o16 C1 /3 ib [286] RCR r/m32,1 ; o32 D1 /3 [386] RCR r/m32,CL ; o32 D3 /3 [386] RCR r/m32,imm8 ; o32 C1 /3 ib [386]
and
perform a
9-bit, 17-bit or 33-bit bitwise rotation operation, involving the given
source/destination (first) operand and the carry bit. Thus, for example, in the
operation
, a 9-bit rotation is performed in
which
is shifted left by 1, the top bit of
moves into the carry flag, and the original value
of the carry flag is placed in the low bit of
.
The number of bits to rotate by is given by the second operand. Only the bottom five bits of the rotation count are considered by processors above the 8086.
You can force the longer (286 and upwards, beginning with a
byte) form of
by using a
prefix:
. Similarly with
.
RDMSR
: Read
Model-Specific RegistersRDMSR ; 0F 32 [PENT]
reads the processor Model-Specific Register
(MSR) whose index is stored in
, and stores the
result in
. See also
(section
A.165).
RDPMC
: Read
Performance-Monitoring CountersRDPMC ; 0F 33 [P6]
reads the processor performance-monitoring
counter whose index is stored in
, and stores the
result in
.
RDTSC
: Read Time-Stamp
CounterRDTSC ; 0F 31 [PENT]
reads the processor's time-stamp counter into
.
RET
,
RETF
, RETN
: Return from
Procedure CallRET ; C3 [8086] RET imm16 ; C2 iw [8086]
RETF ; CB [8086] RETF imm16 ; CA iw [8086]
RETN ; C3 [8086] RETN imm16 ; C2 iw [8086]
, and its exact synonym
, pop
or
from the stack and transfer control to the new
address. Optionally, if a numeric second operand is provided, they increment the
stack pointer by a further
bytes after popping
the return address.
executes a far return: after popping
/
, it then pops
, and then increments the stack pointer by
the optional argument if present.
ROL
,
ROR
: Bitwise RotateROL r/m8,1 ; D0 /0 [8086] ROL r/m8,CL ; D2 /0 [8086] ROL r/m8,imm8 ; C0 /0 ib [286] ROL r/m16,1 ; o16 D1 /0 [8086] ROL r/m16,CL ; o16 D3 /0 [8086] ROL r/m16,imm8 ; o16 C1 /0 ib [286] ROL r/m32,1 ; o32 D1 /0 [386] ROL r/m32,CL ; o32 D3 /0 [386] ROL r/m32,imm8 ; o32 C1 /0 ib [386]
ROR r/m8,1 ; D0 /1 [8086] ROR r/m8,CL ; D2 /1 [8086] ROR r/m8,imm8 ; C0 /1 ib [286] ROR r/m16,1 ; o16 D1 /1 [8086] ROR r/m16,CL ; o16 D3 /1 [8086] ROR r/m16,imm8 ; o16 C1 /1 ib [286] ROR r/m32,1 ; o32 D1 /1 [386] ROR r/m32,CL ; o32 D3 /1 [386] ROR r/m32,imm8 ; o32 C1 /1 ib [386]
and
perform a
bitwise rotation operation on the given source/destination (first) operand.
Thus, for example, in the operation
, an 8-bit
rotation is performed in which
is shifted left by 1
and the original top bit of
moves round into the
low bit.
The number of bits to rotate by is given by the second operand. Only the bottom 3, 4 or 5 bits (depending on the source operand size) of the rotation count are considered by processors above the 8086.
You can force the longer (286 and upwards, beginning with a
byte) form of
by using a
prefix:
. Similarly with
.
RSM
: Resume from
System-Management ModeRSM ; 0F AA [PENT]
returns the processor to its normal operating
mode when it was in System-Management Mode.
SAHF
: Store AH to
FlagsSAHF ; 9E [8086]
sets the low byte of the flags word according
to the contents of the
register. See also
(section
A.90).
SAL
,
SAR
: Bitwise Arithmetic ShiftsSAL r/m8,1 ; D0 /4 [8086] SAL r/m8,CL ; D2 /4 [8086] SAL r/m8,imm8 ; C0 /4 ib [286] SAL r/m16,1 ; o16 D1 /4 [8086] SAL r/m16,CL ; o16 D3 /4 [8086] SAL r/m16,imm8 ; o16 C1 /4 ib [286] SAL r/m32,1 ; o32 D1 /4 [386] SAL r/m32,CL ; o32 D3 /4 [386] SAL r/m32,imm8 ; o32 C1 /4 ib [386]
SAR r/m8,1 ; D0 /0 [8086] SAR r/m8,CL ; D2 /0 [8086] SAR r/m8,imm8 ; C0 /0 ib [286] SAR r/m16,1 ; o16 D1 /0 [8086] SAR r/m16,CL ; o16 D3 /0 [8086] SAR r/m16,imm8 ; o16 C1 /0 ib [286] SAR r/m32,1 ; o32 D1 /0 [386] SAR r/m32,CL ; o32 D3 /0 [386] SAR r/m32,imm8 ; o32 C1 /0 ib [386]
and
perform an
arithmetic shift operation on the given source/destination (first) operand. The
vacated bits are filled with zero for
, and with
copies of the original high bit of the source operand for
.
is a synonym for
(see section
A.152). NASM will assemble either one to the same code, but NDISASM will
always disassemble that code as
.
The number of bits to shift by is given by the second operand. Only the bottom 3, 4 or 5 bits (depending on the source operand size) of the shift count are considered by processors above the 8086.
You can force the longer (286 and upwards, beginning with a
byte) form of
by using a
prefix:
. Similarly with
.
SALC
: Set AL from
Carry FlagSALC ; D6 [8086,UNDOC]
is an early undocumented instruction similar
in concept to
(section
A.150). Its function is to set
to zero if the
carry flag is clear, or to
if it is set.
SBB
: Subtract with
BorrowSBB r/m8,reg8 ; 18 /r [8086] SBB r/m16,reg16 ; o16 19 /r [8086] SBB r/m32,reg32 ; o32 19 /r [386]
SBB reg8,r/m8 ; 1A /r [8086] SBB reg16,r/m16 ; o16 1B /r [8086] SBB reg32,r/m32 ; o32 1B /r [386]
SBB r/m8,imm8 ; 80 /3 ib [8086] SBB r/m16,imm16 ; o16 81 /3 iw [8086] SBB r/m32,imm32 ; o32 81 /3 id [386]
SBB r/m16,imm8 ; o16 83 /3 ib [8086] SBB r/m32,imm8 ; o32 83 /3 ib [8086]
SBB AL,imm8 ; 1C ib [8086] SBB AX,imm16 ; o16 1D iw [8086] SBB EAX,imm32 ; o32 1D id [386]
performs integer subtraction: it subtracts its
second operand, plus the value of the carry flag, from its first, and leaves the
result in its destination (first) operand. The flags are set according to the
result of the operation: in particular, the carry flag is affected and can be
used by a subsequent
instruction.
In the forms with an 8-bit immediate second operand and a longer first
operand, the second operand is considered to be signed, and is sign-extended to
the length of the first operand. In these cases, the
qualifier is necessary to force NASM to generate
this form of the instruction.
To subtract one number from another without also subtracting the contents of
the carry flag, use
(section
A.159).
SCASB
,
SCASW
, SCASD
: Scan
StringSCASB ; AE [8086] SCASW ; o16 AF [8086] SCASD ; o32 AF [386]
compares the byte in
with the byte at
or
, and sets the flags accordingly. It then
increments or decrements (depending on the direction flag: increments if the
flag is clear, decrements if it is set)
(or
).
The register used is
if the address size is 16
bits, and
if it is 32 bits. If you need to use an
address size not equal to the current
setting,
you can use an explicit
or
prefix.
Segment override prefixes have no effect for this instruction: the use of
for the load from
or
cannot be overridden.
and
work in
the same way, but they compare a word to
or a
doubleword to
instead of a byte to
, and increment or decrement the addressing
registers by 2 or 4 instead of 1.
The
and
prefixes (equivalently,
and
) may be used to repeat the instruction up to
(or
- again, the
address size chooses which) times until the first unequal or equal byte is
found.
SETcc
: Set Register
from ConditionSETcc r/m8 ; 0F 90+cc /2 [386]
sets the given 8-bit operand to zero if its
condition is not satisfied, and to 1 if it is.
SGDT
,
SIDT
, SLDT
: Store Descriptor
Table PointersSGDT mem ; 0F 01 /0 [286,PRIV] SIDT mem ; 0F 01 /1 [286,PRIV] SLDT r/m16 ; 0F 00 /0 [286,PRIV]
and
both take a
6-byte memory area as an operand: they store the contents of the GDTR (global
descriptor table register) or IDTR (interrupt descriptor table register) into
that area as a 32-bit linear address and a 16-bit size limit from that area (in
that order). These are the only instructions which directly use linear
addresses, rather than segment/offset pairs.
stores the segment selector corresponding to
the LDT (local descriptor table) into the given operand.
See also
,
and
(section
A.95).
SHL
,
SHR
: Bitwise Logical ShiftsSHL r/m8,1 ; D0 /4 [8086] SHL r/m8,CL ; D2 /4 [8086] SHL r/m8,imm8 ; C0 /4 ib [286] SHL r/m16,1 ; o16 D1 /4 [8086] SHL r/m16,CL ; o16 D3 /4 [8086] SHL r/m16,imm8 ; o16 C1 /4 ib [286] SHL r/m32,1 ; o32 D1 /4 [386] SHL r/m32,CL ; o32 D3 /4 [386] SHL r/m32,imm8 ; o32 C1 /4 ib [386]
SHR r/m8,1 ; D0 /5 [8086] SHR r/m8,CL ; D2 /5 [8086] SHR r/m8,imm8 ; C0 /5 ib [286] SHR r/m16,1 ; o16 D1 /5 [8086] SHR r/m16,CL ; o16 D3 /5 [8086] SHR r/m16,imm8 ; o16 C1 /5 ib [286] SHR r/m32,1 ; o32 D1 /5 [386] SHR r/m32,CL ; o32 D3 /5 [386] SHR r/m32,imm8 ; o32 C1 /5 ib [386]
and
perform a
logical shift operation on the given source/destination (first) operand. The
vacated bits are filled with zero.
A synonym for
is
(see section
A.146). NASM will assemble either one to the same code, but NDISASM will
always disassemble that code as
.
The number of bits to shift by is given by the second operand. Only the bottom 3, 4 or 5 bits (depending on the source operand size) of the shift count are considered by processors above the 8086.
You can force the longer (286 and upwards, beginning with a
byte) form of
by using a
prefix:
. Similarly with
.
SHLD
,
SHRD
: Bitwise Double-Precision ShiftsSHLD r/m16,reg16,imm8 ; o16 0F A4 /r ib [386] SHLD r/m16,reg32,imm8 ; o32 0F A4 /r ib [386] SHLD r/m16,reg16,CL ; o16 0F A5 /r [386] SHLD r/m16,reg32,CL ; o32 0F A5 /r [386]
SHRD r/m16,reg16,imm8 ; o16 0F AC /r ib [386] SHRD r/m32,reg32,imm8 ; o32 0F AC /r ib [386] SHRD r/m16,reg16,CL ; o16 0F AD /r [386] SHRD r/m32,reg32,CL ; o32 0F AD /r [386]
performs a double-precision left shift. It
notionally places its second operand to the right of its first, then shifts the
entire bit string thus generated to the left by a number of bits specified in
the third operand. It then updates only the first operand according to
the result of this. The second operand is not modified.
performs the corresponding right shift: it
notionally places the second operand to the left of the first, shifts
the whole bit string right, and updates only the first operand.
For example, if
holds
and
holds
, then the instruction
would update
to hold
. Under the same conditions,
would update
to hold
.
The number of bits to shift by is given by the third operand. Only the bottom 5 bits of the shift count are considered.
SMI
: System Management
InterruptSMI ; F1 [386,UNDOC]
This is an opcode apparently supported by some AMD processors (which is why
it can generate the same opcode as
), and places
the machine into system-management mode, a special debugging mode.
SMSW
: Store Machine
Status WordSMSW r/m16 ; 0F 01 /4 [286,PRIV]
stores the bottom half of the
control register (or the Machine Status Word, on
286 processors) into the destination operand. See also
(section
A.96).
STC
,
STD
, STI
: Set FlagsSTC ; F9 [8086] STD ; FD [8086] STI ; FB [8086]
These instructions set various flags.
sets the
carry flag;
sets the direction flag; and
sets the interrupt flag (thus enabling
interrupts).
To clear the carry, direction, or interrupt flags, use the
,
and
instructions (section
A.15). To invert the carry flag, use
(section
A.16).
STOSB
,
STOSW
, STOSD
: Store Byte to
StringSTOSB ; AA [8086] STOSW ; o16 AB [8086] STOSD ; o32 AB [386]
stores the byte in
at
or
, and sets the flags accordingly. It then
increments or decrements (depending on the direction flag: increments if the
flag is clear, decrements if it is set)
(or
).
The register used is
if the address size is 16
bits, and
if it is 32 bits. If you need to use an
address size not equal to the current
setting,
you can use an explicit
or
prefix.
Segment override prefixes have no effect for this instruction: the use of
for the store to
or
cannot be overridden.
and
work in
the same way, but they store the word in
or the
doubleword in
instead of the byte in
, and increment or decrement the addressing
registers by 2 or 4 instead of 1.
The
prefix may be used to repeat the
instruction
(or
-
again, the address size chooses which) times.
STR
: Store Task
RegisterSTR r/m16 ; 0F 00 /1 [286,PRIV]
stores the segment selector corresponding to
the contents of the Task Register into its operand.
SUB
: Subtract
IntegersSUB r/m8,reg8 ; 28 /r [8086] SUB r/m16,reg16 ; o16 29 /r [8086] SUB r/m32,reg32 ; o32 29 /r [386]
SUB reg8,r/m8 ; 2A /r [8086] SUB reg16,r/m16 ; o16 2B /r [8086] SUB reg32,r/m32 ; o32 2B /r [386]
SUB r/m8,imm8 ; 80 /5 ib [8086] SUB r/m16,imm16 ; o16 81 /5 iw [8086] SUB r/m32,imm32 ; o32 81 /5 id [386]
SUB r/m16,imm8 ; o16 83 /5 ib [8086] SUB r/m32,imm8 ; o32 83 /5 ib [386]
SUB AL,imm8 ; 2C ib [8086] SUB AX,imm16 ; o16 2D iw [8086] SUB EAX,imm32 ; o32 2D id [386]
performs integer subtraction: it subtracts its
second operand from its first, and leaves the result in its destination (first)
operand. The flags are set according to the result of the operation: in
particular, the carry flag is affected and can be used by a subsequent
instruction (section
A.148).
In the forms with an 8-bit immediate second operand and a longer first
operand, the second operand is considered to be signed, and is sign-extended to
the length of the first operand. In these cases, the
qualifier is necessary to force NASM to generate
this form of the instruction.
TEST
: Test Bits
(notional bitwise AND)TEST r/m8,reg8 ; 84 /r [8086] TEST r/m16,reg16 ; o16 85 /r [8086] TEST r/m32,reg32 ; o32 85 /r [386]
TEST r/m8,imm8 ; F6 /7 ib [8086] TEST r/m16,imm16 ; o16 F7 /7 iw [8086] TEST r/m32,imm32 ; o32 F7 /7 id [386]
TEST AL,imm8 ; A8 ib [8086] TEST AX,imm16 ; o16 A9 iw [8086] TEST EAX,imm32 ; o32 A9 id [386]
performs a `mental' bitwise AND of its two
operands, and affects the flags as if the operation had taken place, but does
not store the result of the operation anywhere.
UMOV
: User Move
DataUMOV r/m8,reg8 ; 0F 10 /r [386,UNDOC] UMOV r/m16,reg16 ; o16 0F 11 /r [386,UNDOC] UMOV r/m32,reg32 ; o32 0F 11 /r [386,UNDOC]
UMOV reg8,r/m8 ; 0F 12 /r [386,UNDOC] UMOV reg16,r/m16 ; o16 0F 13 /r [386,UNDOC] UMOV reg32,r/m32 ; o32 0F 13 /r [386,UNDOC]
This undocumented instruction is used by in-circuit emulators to access user
memory (as opposed to host memory). It is used just like an ordinary
memory/register or register/register
instruction,
but accesses user space.
VERR
,
VERW
: Verify Segment Readability/WritabilityVERR r/m16 ; 0F 00 /4 [286,PRIV]
VERW r/m16 ; 0F 00 /5 [286,PRIV]
sets the zero flag if the segment specified by
the selector in its operand can be read from at the current privilege level.
sets the zero flag if the segment can be written.
WAIT
: Wait for
Floating-Point ProcessorWAIT ; 9B [8086]
, on 8086 systems with a separate 8087 FPU,
waits for the FPU to have finished any operation it is engaged in before
continuing main processor operations, so that (for example) an FPU store to main
memory can be guaranteed to have completed before the CPU tries to read the
result back out.
On higher processors,
is unnecessary for this
purpose, and it has the alternative purpose of ensuring that any pending
unmasked FPU exceptions have happened before execution continues.
WBINVD
: Write Back and
Invalidate CacheWBINVD ; 0F 09 [486]
invalidates and empties the processor's
internal caches, and causes the processor to instruct external caches to do the
same. It writes the contents of the caches back to memory first, so no data is
lost. To flush the caches quickly without bothering to write the data back
first, use
(section
A.84).
WRMSR
: Write
Model-Specific RegistersWRMSR ; 0F 30 [PENT]
writes the value in
to the processor Model-Specific Register (MSR)
whose index is stored in
. See also
(section
A.139).
XADD
: Exchange and
AddXADD r/m8,reg8 ; 0F C0 /r [486] XADD r/m16,reg16 ; o16 0F C1 /r [486] XADD r/m32,reg32 ; o32 0F C1 /r [486]
exchanges the values in its two operands, and
then adds them together and writes the result into the destination (first)
operand. This instruction can be used with a
prefix for multi-processor synchronisation purposes.
XBTS
: Extract Bit
StringXBTS reg16,r/m16 ; o16 0F A6 /r [386,UNDOC] XBTS reg32,r/m32 ; o32 0F A6 /r [386,UNDOC]
No clear documentation seems to be available for this instruction: the best
I've been able to find reads `Takes a string of bits from the first operand and
puts them in the second operand'. It is present only in early 386 processors,
and conflicts with the opcodes for
. NASM
supports it only for completeness. Its counterpart is
(see section
A.75).
XCHG
:
ExchangeXCHG reg8,r/m8 ; 86 /r [8086] XCHG reg16,r/m8 ; o16 87 /r [8086] XCHG reg32,r/m32 ; o32 87 /r [386]
XCHG r/m8,reg8 ; 86 /r [8086] XCHG r/m16,reg16 ; o16 87 /r [8086] XCHG r/m32,reg32 ; o32 87 /r [386]
XCHG AX,reg16 ; o16 90+r [8086] XCHG EAX,reg32 ; o32 90+r [386] XCHG reg16,AX ; o16 90+r [8086] XCHG reg32,EAX ; o32 90+r [386]
exchanges the values in its two operands. It
can be used with a
prefix for purposes of
multi-processor synchronisation.
or
(depending on the
setting)
generates the opcode
, and so is a synonym for
(section
A.109).
XLATB
: Translate Byte
in Lookup TableXLATB ; D7 [8086]
adds the value in
, treated as an unsigned byte, to
or
, and loads the
byte from the resulting address (in the segment specified by
) back into
.
The base register used is
if the address size is
16 bits, and
if it is 32 bits. If you need to use
an address size not equal to the current
setting,
you can use an explicit
or
prefix.
The segment register used to load from
or
can be overridden by using a segment register
name as a prefix (for example,
).
XOR
: Bitwise Exclusive
ORXOR r/m8,reg8 ; 30 /r [8086] XOR r/m16,reg16 ; o16 31 /r [8086] XOR r/m32,reg32 ; o32 31 /r [386]
XOR reg8,r/m8 ; 32 /r [8086] XOR reg16,r/m16 ; o16 33 /r [8086] XOR reg32,r/m32 ; o32 33 /r [386]
XOR r/m8,imm8 ; 80 /6 ib [8086] XOR r/m16,imm16 ; o16 81 /6 iw [8086] XOR r/m32,imm32 ; o32 81 /6 id [386]
XOR r/m16,imm8 ; o16 83 /6 ib [8086] XOR r/m32,imm8 ; o32 83 /6 ib [386]
XOR AL,imm8 ; 34 ib [8086] XOR AX,imm16 ; o16 35 iw [8086] XOR EAX,imm32 ; o32 35 id [386]
performs a bitwise XOR operation between its
two operands (i.e. each bit of the result is 1 if and only if exactly one of the
corresponding bits of the two inputs was 1), and stores the result in the
destination (first) operand.
In the forms with an 8-bit immediate second operand and a longer first
operand, the second operand is considered to be signed, and is sign-extended to
the length of the first operand. In these cases, the
qualifier is necessary to force NASM to generate
this form of the instruction.
The MMX instruction
(see section
A.137) performs the same operation on the 64-bit MMX registers.