The X86 INSTRUCTION SET

Home , Carry flag, Direction flag, FLAGS register, HLT (x86 instruction), Intel 80286, Interrupt flag

The x86 INSTRUCTION SET

B.1 Introduction B.1.1 Flags< B.1.2 Instruction Descriptions and Formats B.2 Instruction Set Details (Non Floating-Point) B.3 Floating-point Instructions

B.1 Introduction This appendix is a quick guide to the most commonly used x86 instructions. It does riot cover system-mode instructions or instructions typically used only in operating system kernel code or protected-mode device drivers. B.1.1 Flags (EFIags) Each instruction description contains a series of boxes that describe how the instruction will affect the CPU status flags. Each flag is identified by a single letter:

0 Overflow S Sign P Parity D Direction Z Zero C Carry 1 Interrupt A Auxiliary Carry Inside the. boxes, the following notation shows how each instruction will affect the flags:

1 Sets the flag. 0 Clears the flag. ? May change the flag to an undetermined value. (blank) The flag is not changed. * Changes the flag according to specific rules associated with the flag.

620 B.I 621

For example, the following diagram of the CPU flags is taken from one of the instruction descriptions: GDI S Z A P C

From the diagram, we see that the Overflow, Sign, Zero, and Parity flags will be changed to unknown values. The Auxiliary Carry and Carry flags will he modified according to rules associated with the flags. The Direction and Interrupt flags will not be changed. B.1.2* Instruction Descriptions and Formats -^-^-^^-- -— When a reference to source and destination operands is made, we use the natural order of operands in all x86 instructions, in which the first operand is the destination and the second is the source. In the MOV instruction, for example, the destination will be assigned a copy of the data in the source operand: MOV destination, source There may be several formats available for a single instruction. Table B-l contains a list of symbols used in instruction formats. In the descriptions of individual instructions, we use the natation "?;86" to indicate that an instruction or one of its variants is only available on processors in the 32-bit x86 family (Tnlel386 onw;ird). Similarly, the notation "(80286)" indicates that at least an Intel 80286 processor must be used. Register notations such as (E)CX, (E)SI, (E)DI, (E)SP, (E)BP, and (E)IP differentiate between x86 processors that use the 32-bit registers and all earlier processors that used 16-bit registers. B'l Symbols Used in Instruction Formats.

L f * U lly Symbol1/; .' \ ^ \ ^Description^i 1 ^( *

reg An 8-, 16-, or 32-bit general register from ihe following list: AH, AL, BH, BL, CH, CL, DH, DL, AX, BX, CX, DX, SI, DI, BP, SP, EAX, EBX, ECX, EDX, ESI, EDI, EBP, and ESP.

regS, reg!6, reg32 A general register, identified by its number of bits.

A 16-bit segment register (CS, DS, ES, SS, FS, GS).

accum AL, AX, or EAX.

mem A memory operand, using any of the standard memory-addressing modes.

mem8, mem} 6, mem32 A memory operand, identified by its number of bits.

short label A location in the code segment within —128 to + 127 bytes of the current location.

near label A location in the current code segment, identified by a label. farlabel A location in an external code segment, identified by a label. Symbol • Dascription

.imm - An immediate operand

imrn8, immlfj, imtn32 An immediate operand identified by its number of bits.

instruction An 80x86 assembly language instruction.

B.2 Instruction Set Details (Non Floating-Point) AAA ASCII Adjust After Addition O D I S Z A P C ? ? | Ll^ '•' *J Adjusts the result in AL after two ASCII digits have been added together. If AL > 9, the high digit of the result is placed in AH, and the Carry and Auxiliary Carry flags are set. Instruction format:

AAA

AAD ASCII Adjust Before Division GDI S Z A P C LL - I* V * ? Converts unpacked BCD digits in AH and AL to a single binary value in prL-puratiun for die DIV instruction. Instruction format:

AAD

AAM ASCll Adjust After Multiply O D I S Z A P C

l'Wf«l~u-

Adjusts the result in AX after two unpacked BCD digits have been multiplied together. Instruction format:

AAM li.2 ioN SET oN FloAtiM,'Poiw) 62J

AAS ASCII Adjust After Subtraction O D I S Z A P C ? ? ? * ? * I

Adjusts the result in AX nfter a subtraction operation. If AL > 9, AAS decrements AH and sets .jhe^Cairy and Auxiliary Carry flags. .. Instruction format:

AAS

ADC Add Carry GDIS Z A P C EH • * * * * Adds both the source operand and tt c Carry flag m the destination operand. Operands must he the saniL" si/.e. Instruction formats: ADC" reg, reg ADC r.:;g, inirn ADC mem, reg- ADC mem, inun ADC reg, mem ADC accum, iiwn

ADD Add 0 D I S Z A P C *

A source operand is added to a destination operand, and the sum is stored in the destination. Operands must be the same SIM. Instruction formats: ADD reg, recr ADD reg, imm ADD mem, reg ADD mem, imm ADD reg, mem ADD accum, imm

AND Logical AND O 15 I S Z A P C1 Lii_L • * ? * j 0 1

Each bit in the destination operand is ANDed with Ihe corresponding bit in the source operand. Instruction formats: AND reg, reg AND reg, imm AND mem, reg AND mem, imm AND reg,mejn AND accum, imm Verilies that a signed index value is within die bounds of an array. On the 80286 processor, die destination operand can be any 16-bit register containing the index to be checked. The source operand must be a 32-bit memory operand in which the high and low words contain the upper and lower bounds of the index value. On the x86 processor, the destination can be a 32-bit register and the source can be a 64-bit memory operand. Instruction formats: BOUND reglG,mem32 BOUND r32,niem64

BSF, Bit Scan (x86) BSR O D r S Z A P C 1 7 ? ? ? ? ?

Scans an operand to find die first set bit. If Hie bit is found, the Zero flag is cleared, and die destination operand is assigned the bit number (index) of the first set bit encountered. If no set bit is found, ZF = 1 . BSF scans from bit 0 to the highest bit. and BSR starts at the highest bit and scans toward bit 0. Instruction formats (apply to both BSF and BSR): BSF regl6/r/ml6 BSF reg32,r/m32

BSWAP Byte Swap (x86)

Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP reg32

BT, Bit Tests (x86) BTC, O D I S z A P C ? 7 ? * BTR, CE ? BTS Copies a specified bit (n) into the Carry flag. The destinalion operand contains Ihe value in which die bit is located, and the source operand indicates die bit's position within the destination. BT copies bit n to the Carry flag. BTC copies bit n to the Carry flag and complements bit n in the destination operand. BTR copies bit n to the Carry flag and clears bit n in the destinalion. BTS copies bit n to the Carry flag and sets bit n in die destination. Instruction formats: BT r/ml6,imm8 BT r/ml6,rl6 BT r/m32,imm8 BT r/m32,r32 B.2 INSTRUCTION SET DEmils (NoN 625

CALL Call a Procedure GDI S 2 A P C

Pushes the location of the next instruction on the stack and transfers to the destination location. If the procedure is near (in the same segment), only the offset of the next instruction is pushed; otherwise, hoth the segment and the offset arc pushed. Instruction formats: C7Vr,L, nea r 1 abol CALL meml 5 CALL fzrl abel CALL merr.3 2 CALL reg

CBW Convert Byte to Word l)

Extends the sign hit in AL throughout the AH register. Instruction format:

CBW

CDQ Convert Doubleword to Quadword (x86) O D 1 S 2. A P C L_ _J_

Extends the .sign bil in FLAX throughout the EDX register. Instruction format:

CDQ

CLC Clear Carry Flag O D I S 7, A \> C

Clears the Carry flag lo /.cru. Instruction format: CLC CLD Clear Direction Flag O D J S 2 A P C 0

Clears the Direction fiag to zero. String primitive instructions will automatically increment (0)51 and (E)DI. Instruction format: CLD

CLI Clear Interrupt Flag GDI S Z A P C 0

Clears the Interrupt flag to zero. This disables maskable hardware interrupts until an STI instruction is executed. Instruction format: CLI

CMC Complement Carry Flag GDI S Z A P C

Toggles the current value of the Carry flag. Instruction form at: CMC

CMP Compare O D I S Z A P C * *****

Compares the destination to the source by performing an implied subtraction of the source from the destination. Instruction formats: CMP reg, reg CMP reg, imm CMP mem, r&g CMP mem, imm CMP reg, mem CMP accum, imm IS.2 INSTRUCTION SFI DEtAik (NoN 627

CMPS, Compare Strings CMPSB, O D I 7. A CMPSW,

CMPSD Compares strings in memory addressed by DS:(E)SI and ES:(E)DI. Carries out an implied subtraction of the destination from the source. CMPSB compares bytes, CMPSW compares words, and CMPSD compares doublewords (on xS6 processors). (Ii)S! and (E)D1 are increased or decreased according to tlic operand size and the status of the Direction flag. If the Direction llag is set, (H).Si and (H)DI are decreased; otherwise (B)SI and (B)D1 arc increased. Instruction formats (formats using explicit operands have intentionally been omitted):

CMPSB CMPSW CMPSD

CMPXCHG Compare and Exchanga O D I 1* C

Compares the destination to the accumulator (AL. AX, or EAX). If they arc equal, the source is copied to the destination. Otherwise, the destination is copied to the accumulator. Instruction formats: CMPXCHG reg,reg CMPXCHG mem, reg

CWD Convert Word to Doubleword O D I S Z A P C

Extends the sign hit in AX into the DX register. Instruction formal:

CWD

DAA Decimal Adjust After Addition O D I S Z A P C

Adjusts the binary sum in AL after two packed BCD values have been added. Converts the sum to two BCD digits in AL. Instruction format: DAA DAS Decimal Adjust After Subtraction GDIS Z A

Converts the binary result of a subtraction operation to two packed BCD digits in AL. Instruction format: DAS

DEC Decrement O D I S Z A P C cz * | * * | Subtracts t from an operand. Does not affect the Carry flag. Instruction formats: DEC reg- DEC meni

DIV Unsigned Integer Divide O D A P h 7 ? ? ? ? Performs either 8-, 16-, or 32-bit unsigned integer division. If die divisor is 8 bits, the dividend is AX, the quotient is AL, and the remainder is AH. If the divisor is 16 bits, the dividend isDXiAX, the quotient is AX, and the remainder is DX. If the divisor is 32 bits, the dividend is EDX:EAX, the quotient is EAX, and the remainder is EDX. Instruction formats: DIV reg DIV mem

ENTER Make Stack Frame (80286) O D

Creates a stack frame fur a procedure that receives stack parameters and uses local stack v;iviabks. The first operand indicates the number of bytes to reserve for local stack variables. The second operand indicates the procedure nesting level (must be set to 0 for C, Basic, and FORTRAN). Instruction format: ENTER iwnl6,iitm8 B.2 INSTRUCTION SET DEiails(NoN FloATi 629

HLT Halt O D I S Z A P C

Stops the CPU until a hardware interrupt occurs. (Note: The Interrupt Hag must be set with the STT instruction before hardware interrupts can occur.) Instruction formal;

IDIV Signed Integer Divide O D I S 7, A P C | ? | 7 ? ? ? I 7 1

Performs a signed inU-ger divisio. n cpcration on EDX:EAX, DX:AX, or AX. If the divisor is S bits, the dividend is AX, the quotient is AL, and the remainder is AH, If the divisor is 1 6 bits, the dividend is DX: AX, the quotient is AX, and the remainder is DX. If the divisor is 32 bits, the dividend is EDX:EAX, the quotient is EAX, and the remainder is EDX. Usually the IDIV operation is prefaced by either CBW or CWD to sign-extend the dividend. Instruction formats: IDIV reg IDIV mem

IMUL Signed Integer Multiply O D I

Performs a signed integer multiplication on AL, AX, or EAX. If the multiplier is 8 bits, the multiplicand is AL and the product is AX. If the multiplier is 16 bits, the multiplicand is AX and the product is DX:AX. If the multiplier is 32 bits, the multiplicand is EAX and the product is EDX:EAX. The Carry and Overflow flags are set if a 16-bit product extends into AH, or a 32-bit product extends into DX, or a 64-bit product extends into EDX. Instruction formats: Single operand:

Two operands: IMUL r 16, r/ml 6 IMUL r!6, imm8 IMUL r32,r/m32 IMUL r32, iwnS IMUL r!6, imml6 IMUL r32, Three operands: IMUL rl6,r/m!6, irnmS IMUL r!6, r/nilS, imrnl 5 IMUL r32,r/m32,imm8 IMUL 6 JO

IN Input From Port

Inputs a byte or word from a port into AL or AX. The source operand is a port address, expressed as either an 8-bit constant or a 16-bit address in DX. On x8f> processors, adoubleword can be input from a port into KAX, Instruction formats: IH accuin, imm IN accum.DX

INC Increment C> D I Z A I'

Adds 1 to a register or memory operand. Instruction formats:

INS, Input from Port to String (80286) INSB, O D I S Z A P C INSW, r~ r_ .1 J INSD Inputs a string pointed to by ES:(E)DI from a port. The port number is specified in DX. Fur each vulue received, (E)DI is adjusted in the same way as LODSB and similar string primitive instructions. The RIIP prefix may be used with this instruction. Instruction formats: IMS dest.DX REP INSB dest,DX REP INSW ' des t , DX REP TNSD desC,DX

INT Interrupt o D I S 7, A P C 0 ~\s a software interrupt, which in turn calls an operating system subroutine. Clears the

f nicrnipt Hag and pushes the flags, CS. iiuJ IP on the stack before bniwhmg to the interrupt routine. Instruction formats; INT imm 1KT 3 15,2 StI Dl.lAi!s (N(>!\1

INTO Interrupt on Overflow GDI S Z A P C * *

Generates internal CPU Interrupt 4 if the Overflow flag is set. No action is taken by MS-DOS if INT 4 is called, but a user-written routine may be substituted instead. Instruction format: INTO

[RET Interrupt Return O D 1 S Z A 1| ***********

Returns from an interrupt handling routine. Pops the stack Instruction formal:

IR3T

J condition Conditional Jump O D I S Z A P C

Jumps to a label if a specified flag condition is true. When using a processor earlier than the x8(>, the label must be in the range of -128 to +127 bytes from the current location. On x86 processors, the label's, offset can be a positive or negative 32-bit value. See Table B-2 for a list of mnemonics. Instruction format: Jcondi tion label

Table B-2 Conditional Jump Mnemonics.

Mnemonic Comment Mnemonic Comment

JA Jump if above JF, Jump if equal

LNA Jump if not above JNE Jump if not equal

IAE Jump if above or equal YL Jump if /cro

JNAF, Jump if not above or equal JNZ Jump ii "not zero

JB Jump if below JS Jump if sign B-2 (Continued)

Mnemonic Comment Mnemonic Comment

JNB Jump if not below JNS Jump if not sign

JBE Jump if below or equal JC Jump if carry

JNBE Jump if not below or equal JNC Jump if no carry

JG Jump if greater JO Jump if overflow

JNG Jump if not greater JNO Jump if no overflow

JGE Jump if greater or equal JP Jump if parity

INGE Jump if not greater or equal JPE Jump if parity equal

JL Jump if less JNP Jump if no parity

JNL Jump if not less JPO Jump if parity odd

JLE Jump if less or equal JNLE Jump if not less than or equal

JCXZ, Jump If CX Is Zero JECXZ O D I S Z A

Jump to a short label if Hie CX register is equal to zero. The short label must be in the range — 128 to +127 bylcsfrom Ihe next instruction. On x 86 processors, JECXZ jumps if ECX equals zero. Instruction formats: JECXZ shortlabel

JMP Jump Unconditionally to Label GDIS A

Jump to a code label, A short jump is within—128 to +127 bytes from the current location. A near jump is within the same code segment, and a far jump is outside the current segment. Instruction formats: JMP regl 6 JMP meml6 JMP B.2 SET DiiAils (Not-i 655

LAHF Load AH from Flags 0 D I S Z A P C d ^ "1

The following flags arc copied to AM: Sign, Zero, Auxiliary Carry, Parity, and Carry. Instruction format; LAHP

LDS, Load Far Pointer LES, O D I A LFS,

LGS, Loads tlic contents of a doubleword memory operand into a segment register and the specified destination rviistcr. When usinc nrticcssois prior to the x^n, LDS loud1; into DS, !,ES loads into LSS RS.On the ..y,(\S .s into I-'S, LGS kwds inioGS, ;uij LSS loads mLo Ss. instruction format (same forLUS, LES, LI-S, LGS, LSS):

LDS 'eg, mejn

LEA Load Effective Address GDI S Z A I' C

Calculates and loads the ]6-bit or 32-bit effective address of a memory operand. Similar to MOV.. OFFSET, except that only LEA can obtain an address that is calculated at runtime. Instruction format: LEA r eg, mem

LEAVE High-Level Procedure Exit O D I A

Terminates llic slack frame of a procedure. This reverses the action of tlie ENTER instruction at the beginning of a procedure by restoring (Ii)SP and (E)BP to their original values. Instruction format: LEAVE LOCK Lock the System Bus O D 1 S Z A P C

Prevents other processors from executing during die next instruction. This instruction is used when another processor might modify a memory operand that is currently being accessed by the CPU. Instruction formui: LOCK instruction

LODS, Load Accumulator from String LODSB, O D 1 S 7, A 1' LODSW,

LODSD Loads a memory byte or word addressed by DS:(E)SI into the accumulator (AL, AX, or EAX). If LODS is used. Ihe memory operand must he specified. LODSB loads a byte into AL. LOUSW loads a word into AX, and LODSD on the xKG loads a double word into EAX. (F.)SI is increased or decreased according to the operand wi/e and the status of the direction U:IJT. If the Direction Rag (Dl;) = 1, (H).S1 is decreased; if Dr - 0,(E)SI is increa^d. InsliiK'licn forma1,:;:

LODSB LODSW

LOOP Loop O D I S Z A I' C

Decrements ECX and jumps to a short label if ECX is not equal to zero. The destination must be -128 to +127 bytes from the current location. Instruction formats: LOOP shortlabel LOOPW shortlsbel

LOOPD Loop (x86) O D I S Z A P C

Decrements ECX and jumps to a short label if ECX is not equal to zero. The destination must be -128 (o 4 127 byles from the current location. Instruction format: LOO&D shor-tJabel B.2 INSTRUCTION SET DuAiis (No.\5

LOOPE, Loop If Equal (Zero) LOOPZ GDI S z A P c

Decrements (li)CX and jumps to a short label if (E)CX > 0 and the Zero flag is set. Instruction formats: LOOPK shortlai>e.Z

LOOPNE, Loop If Not Equal (Zero) LOOPNZ O I s L A p c

Decrements (I:)CX and jumps to a short label if (H)CX > 0 and Ihe Zero flag is clear. Instruction format1;:

LOOPW Loop with 16-bit Counter

0 D 1 S /. A I1 C

Decrements CX and jumps to a short label of CX is not equal to zero. The destination must be -128 to +127 bytes from the current location. Instruction formal: LOOPW short-label

MOV Move O D I S Z A P C

Copies a byte or word from a source operand to a destination openmd. Instruction formats; MOV rag,reg MOV reg, imu MOV mem,reg MOV mem,imm MOV reg, mem MOV memlS, segreg MOV reg!6,segreg MOV segreg,meml6 MOV ssgreg,regl6 MOVS, Move String MOVSB, GDI S Z A P C MOVSW, MOVSD Copies a byte or word from memory addressed by DS;(E)S1 to memory addressed by ES:(E)DI. MOVS requires both operands to be specified. MOVSB copies a byte, MOVSW copies a word, and on the x86, MOVSD copies a doublcword. (E)SI and (E)DI arc increased or decreased according to the operand size and the status of the direction ftag. If the Direction flag (DF) = 1, (E)SI and (E)DI are decreased; if Dp = 0, (E)SI and (E)DI are increased. Instruction formats: MOVSB MOVSW I-iOVSD MOVS dest, source MOVS ES:deSt,

MOVSX Move with Sign-Extend O D I S Z A P C

Copies a byte or word from a source operand to a destination register and sign-extends inlo the upper bits of the destination. This instruction is used to copy an 8-bil or 16-bit operand into a larger destination. Instruction formats: MOVSX reg.32,reg8 MOVSX reg32,regie MOVSX reg32,meml6 MOVSX reg!6,reg8 MOVSX regie,m8 MOVZX Move with Zero-Extend GDI S Z A P c

Copies a byte or word from a source operand to a destination register and zero-extends into the upper bits of the destination. This instruction is used lo copy an 8-bit or 16-bit operand into a larger destination. Instruction formats: MOVZX reg32,reg8 MOVSX reg32,reglG MOVSX re$32,meml6 MOVSX regl6,reg8 MOVSX regie,m8 B,2 INSTRUCTION SFI Dimils (NoN 657

MUL Unsigned Integer Multiply GDIS 7, A P C [Z II ? '? ? *

Multiplies AL, AX, or EAX by a source operand. If the source is 8 bits, it is multiplied by AL and ihe product is stored in AX. If the source is 1 6 bits, il is multiplied by AX and the product is stored in DX:AX. If the source is 32 biis, it is mulliplied by EAX and the product is stored in EDX:liAX. Instruction foimnts: MUL reg MUL, mem

NEG Negate 0 D 1 S /, A P C L_niirav[ ~TI;TI

Calculates the twos complement of the destination operand and stores the result in the destination. Instruction formats: NEG reg NEG mem

NOP No Operation GDIS Z A P C

This instruction does nothing, but it may be used inside a timing loop or 10 align a subsequent instruction on a word boundary. Instruction format: NOP

NOT Not O D I S 7, A \> C

Performs a logical NOT operation on an operand by reversing each of its bits. Instruction formats: NOT reg NOT mem OR Inclusive OR GDI S Z A P C IJL * LLLlLlL Performs a boolean (bitwise) OR operation between each matching Viil in the destination operand and each bit in the source operand. Instruction formats: OR reg, reg OR reg, imm OR mem, reg OR mem , iimt OR reg, mem OK accum, inan

OUT Output to Port O D in1 S nZ A P C When using processors prior to the x86. this instruction outputs a hylc or word from the accumulator lo a port. The port address may he a constant if in the range 0-FFh, or DX may contain a port address between 0 and FFFFh, On an x86 processor, a doublcword can he output to a port. Instruction formats: OUT DX,accum

OUTS, Output String to Port (80286) OUTSB, O D 1 S Z A P C OUTSW,

OUTSD Outputs a string pointed to by ES:(E)DI to a port. The port number is specified in DX. For eucli value output, (H)D1 is adjusted in the same way as LODSB and similar string primitive instructions. The REP prefix may be Ubcd with this instruction. Instruction formats: OUTS dest,DX REP OUTSB dest,DX REP OUTSW dest.DX REP OUTSD des t,DX

POP Pop from Stack o D i s z A

Copies ;i word or ilouhleword at the current stack pointer location into the destination operand and adds 2 (or 4) to (E)SP. Instruction formats; POP regl6 fr32 POP mem!6/mem32 B.2 ioN SET Demils (NoN 659

POPA, Pop Alt GDI S Z A P C POPAD

Pops 16 bytes from the top of the stack inlo the eight general-purpose registers, in the following order: DI, SI, BP, SP, BX, DX, CX, AX. The value for SP is discarded, so SP is not reassigned. POPA pops into 16-bit registers, and POPAD on an x86 pops into 32-bit registers. Instruction formats:

POPA POPAD

POPF, Pop Flags from Stack POPFD GDI S Z A P C

POPF pups the top of the stack into the 16-bit FLAGS register. POPFD on an x86 pops the top of the stack into the 32-bit EFLAGS register. Instruction formats:

POPF POPFD

PUSH Push on Stack GDI S Z A P C

If a 16-bit operand is pushed, 2 is subtracted from ESP. If a 32-bit operand is pushed, 4 is subtracted from ESP. Next, the operand is copied into the stack at the location pointed to by ESP. Instruction formats: PUSH regiefreg32 PUSH segreg PUSH meml 6/mem32 PUSH iirwl6/imm32

PUSHA, Push All (80286) PUSHAD O D I S Z A P C

Pushes the following 16-bit registers on the stack, in order: AX, CX, DX, BX, SP, BP, SI, and DI. The PUSHAD instruction for the x86 processor pushes EAX, ECX, EDX, EBX, ESP, EBP, ESI, and EDI. Instruction formats:

PUSHA PUSH.AD PUSHF, Push Flags PUSHFD O D I S Z A P C

rUSHF pushes the 16-bit FLAGS register uulo tlie stack. PUSHFD pushes the 32-bit EFLAGS onto the suck (x86). Instruction formats'. PUSHF PUSHFD

PUSHW, Push on Stack PUSHD GDI S /, A P C

PUSHW pushes a 16-bit word on the slack, and on the x86, PUSHD pushes a 32-liit doubleword on the stack. Instruction formats:

RCL Rotate Carry Left O D I S Z A P c EHnz ZED Rotates the destination operand left, using the source operand to determine the number of rota- tions. The Carry flag is copied inlo the lowest bit, and the highest hit is copied inlo the Carry flag. The inunS operand must be a 1 when using tlic 8086/8088 processor. Instruction formats: RCL reg, iiwnS RCL mem, immS RCL reg,CL RCL mem,CL

RCR Rotate Carry Right O D I

Rotates I In? destination operand rii'.hi, using the source operand to determine the number of rota- tions. The Carry flag is copied inlo ihe highest bit, and the lowest bit is topk-.il into the Carry flag. The immS operand must be a 1 when using the 8086/80K8 processor. Instruction formats: RCR reg, I/nmS RCR mem, i/nmff RCR reg,CL RCR rriem,CL R.2 INSTRUCTION Sf.i Dtmils (NoN 641

REP Repeat String cO nD I S Z A, P C

Repeats a string primitive instruction, using (E)CX as a counter. (E)CX is dccrcmentetl each time the instruction is repeated, until (E)CX = 0. Format (shown witli MOVS); REP MOVS dest, source

REPcond/f/on Repeat String Conditionally

Repeats a string primitive instruction until (E)CX = 0 and while a flag condition is true. RHPZ (REPE) repeats while the Zero flag is sel. and REPNZ (RHPNE) repeals while the Zero flag is clear. Only SCAS and CMPS should he used with REP condition, because they are the only string primitives that modify the Zero flag. Formats used with SCAS: REPZ' SCAS dest REPNE SCAS dest REPZ SCASB REPNE SCASB REPE SCASW REPNZ SCASW

RET, Return from Procedure RETN, O D I ZAP RETF L

Pops a return address from the stack. RETN (return near) pops only the lop of the stack into (H)ll'. In reul-ad dress mode, RHTF (rciurn iarl pops the MLjtk lirsl into (E)1C atid then into C.S. RET may be cither near or far, depending on the attribute specified or implied by the PROC directive. An optional 8-bit immediate operand tells the CPU to add a value to (Fi)SP after pop- ping the return address. Instruction formats: RET RET imfiiS RETN RETN iwnS RETF RHTF immfl ROL Rotate Lett O D I S Z A 1'

Rotates the destination operand left, using the source operand to determine the number of rota- tions. The highest bit is copied into the Carry tlag and moved into ilie lowest bit position. The immS operand must be a 1 when using tile 80K6/S088 processor. Instruction formats: ROL reg, ROL ir.em, imm8 ROL reg,CL ROL mem,CL

ROR Rotate Right o n i s z A

Rotates the destination operand right, using the source operand to determine the number of rota- tions. The lowest bit is copied into both the Carry flag and the highest bit position. The tmmS operand must be a 1 when using: the 808d/SOK8 processor, Instruction formats: i

SAHF Store AH into Flags O D I S / A P C

Copies AH into bits 0 through 7 of the Flags register. Instruction format: SAHF

SAL Shift Arithmetic Left O D i s ;£ A P C * * , 7 , "T]

Shifts each bit in the destination operand to the left, using the source operand to determine ihe number of shifts. The highest bit is copied into the Carry flag, and the lowest bit is filled with a ?.ero. The imm8 operand must be a 1 when using the 8086/K08H processor. Instruction formats: SAL reg, imm8 SAL nte;n, imm8 SAL recr,CL SAL mem,CL B.2 iNSIRUCTfON SET DETAlIs (NON 645

SAR Shift Arithmetic Right GDI S Z, A P C * 1 * * * * 1

Shifts each bit in the destination operand to the right, using the source operand to determine the number of shifts. The lowest bit is copied into the Carry flag, and the highest bit retains its previ- ous value. This shift is often used with signed operands because it preserves the number's sign. The immS operand must be a I when using the 8086/8088 processor. Instruction formats: SAR reg, irnmS SAR mem, iirwS EAR reg,CL SAR mem.CL

O D I S Z A I1 C

Subtracts the source operand from the destination operand and then subtracts the Carry flag from the destination. Instruction formats: SBB reg, reg SBB reg, 1mm SBB mem, reg- SBB mem, imm SBB reg,mem

SCAS, Scan String SCASB, O D I A. SCASW, SCASD Scans a string in memory pointed to by ES:(E)DI for a value that matches the accumulator. SCAS requires the operands to be specified. SCASB scans for an 8-bit value matching AL, SCASW scans for a 16-bit value matching AX, and SCASD strans for a 32-bii value matching EAX. (E)DI is increased or decreased according to the operand size and the status of the direction flag. If DF = 1, (E)DI is decreased; if DF = 0, (E)DI is increased. Instruction formats: SCASW 644 AppiNtiix B • Tlit. xfl6 liNSTuuciioN Sr-i

BET condition Set Conditionally O D I S Z A P C

If the given flag condition is true, the byte specified by ihe destination operand is assigned the value 1. If the flag condition is false, the destination is assigned a value of 0, The possible values for condition were listed in Table B-2. Instruction formats:

SHL Shift Lett O D ) S Z A I' C * 1 * * ? .1. Tj

Shifts each bit in the dcsiiuation operand to the left, using the source operand to determine the number of shifts. The highest bit is copied into the Carry (lag, and [he lowest bit is tilled with n zero (identical to SAL). The immK operand must be a 1 when using the SOS6/80KS processor. Instruction formats: SHL rag, imn>8 SHL mem, imu8 SHL reg,CL SHL jnein,CL

SHLD Double-Precision Shift Left (x86) GDI S Z A P C

Shifts liie bits of the second operand inio the first operand. The third cipentnil indicates the number of bits to be shifted. The positions opened by the shift are filled by the niosl significant hits of the second operand. The second operand must always be a register, and the third operand may be either an immediate value or the CL register. Instruction formats: SHLD regie, r&gl 6, imm8 SHLD mcml6, regl6, SHLD reg32, ireg-32, imrnS SHLD mem32, reg32, SHLD reglo, regie,Cl, SHLD mentis, regl 6, C SHLD reg32,reg32,CL SHLD mew32, (3.2 INSTRUCTION SI.T n™ik (NoN I 61?

SHR Shift Right GDI S Z A P C * * ' ? * _*J

Shifts each bit in the destination operand to die right, using the source operand to determine the number of shifts. The highest bit is filled will) a zero, and the lowest bit is copied into the Carry flag. The imm8 operand must be a 1 when using the 80S6/S088 processor. Tnstniction formats: SHR regr, iivmS SHR mem, iitmS SHR r^g-,CL SHR mem.CL

SHRD Double-Precision Shift Right (xB6) O D I S Z A P C

[Z * ? * *J

Shifts l hi.1 bits of the second operand into the first operand. The third operand indicates the number of bit-, to be shifted. The positions i>pcn;dby tin1 si lift ;-.re Tilled by the least siunHk-tint bits of th,: s^c-on.I operand, '['he s^wn. opernsul ::ras; :i ways be anj.isUT, :mJ tii^ llsinl c.:-.-:und ma> be either an immediate value or the ( !L register. Instruction formats: SHRD regie, reg!6, imrnS 2HRD Kieml6, ray!6, inunS SliRD reg32 , reg32, immS SHRD mem32, recf32, ijnmS SHRD regie, regl6, CL SHKD meml 6, regie, CL SHRD reg32,reg32,CL SHRD mem32, reg32, CL

STC Set Carry Flag G D I S Z A P C 1 |

Sets the Carry flag. Instruction formal:

STC

STD Set Direction Flag GDI S 7, A P C

Sets Ihe Direction Dag, causing (E)SI and/or (E)D1 to be decremented by string primitive instructions. Thus, siring processing will be from high addresses to low addresses. Instruction format: STD 646 AppENtiix B • The x&6 SGI

STI Set Interrupt Flag O D I S Z A P C

Sets the Interrupt flag, which enables maskable interrupts. Interrupts are automatically disabled when an interrupt occurs, so an interrupt handler procedure immediately reenaWes uicrn, using STI. Instruction format: STI

STOS, Store String Data STOSB, O D I S Z A P C STOSW, zn STOSD Stores the accumulator in the memory location addressed by ES:(E)DL If STOS is used, a des- . dilation operand must he specified. STOSR copies AL to memory, STOSW copies AX to memory, mul STOSD for UK- xK6 processor copier, EA.X to memory. (E)DI is increased or decreased acL-ording lo the operand si/,s and. the suuus of the direction flag. If DP = 1, (EjDI is decreased; if DF = 0, (E)Dl is increased. Instruction formats: STOSB STOSW STOSD STOS mem STOS ES:mem

Subtract SUB GDI S Z A P C

* * * * *

Subtracts the source operand from the destination operand. Instruction formats: SUB reg, reg SUB reg, imm SUB mem, reg SUB mem, iram SUB reg, mem SUB acciire, imm

TEST Test O D I S Z A P C r — ~T — ~i — ~~P_r — ' | 0 | | * * nTiH Tests individual bits in the deslinavion operand against those in the source operand. Performs a logical AND operation that affects the flags but not the destination operand. Instruction formats: TEST reg, reg TEST reg, imm TEST mem, reg TEST mem, imm TEST reg, mem TEST accLjm,imm B.2 INSTRUCTION SEI DEiails (NoN 647

WAIT Wait for Coprocessor 0 D I S Z A P C '

Suspends CPU execution until the coprocessor finishes the current instruction. Instruction format: WAIT

. XADD Exchange and Add (Intel486) ODI S Z A P C

Adds the source operand lo the destination operand. At the same time, the original destination value is moved to the source operand. Instruction formats: XADD reg, reg XADD mem, reg

XCHG Exchange O D I S Z A ? C

Exchanges the contents of the source and destination operands. Instruction formats: XCH reg, reg XCH mem, reg XCH regr, mem -

XLAT, Translate Byte O D I S Z A P C XLATB | | |

Uses the value in AL lo index into a table pointed lo by DS:BX, The byte pointed to by the index is moved to AL. An operand may be specified in order to provide a segment override. XLATB may be substituted for XLAT. Instruction formats: XLAT XLAT segreg : mem XLAT mem XLATB 64S Appnvdix B • HIE \il& INSTRULIION Srj

XOR Exclusive OR O D I S Z A P C LJL * ? * 0 |

Kach bil in the source operand is exclusive ORed with its corresponding bit in the destination. The destination bit is a 1 only when [he original source and destination hits are different. Instruction formats: XOR reg, rcg XOR reg, irm XOR mem, reg XOR mem, imm XOR reg, me;n XOR accmn, imm

B.3 Floating-point Instructions Table B-3 contains a list of all x86 floating-point instructions, with brief descriptions and oper- and formats. Instructions are usually grouped by function rather than strict alphabetical order. For example, the Ft ADD instruction immediately follows FADD and FADDP because it performs the same operation with integer conversion. For complete mforniaiion about flouting-pjint instructions, consult the Intel Architecture: Manu- als. The word stack in this table refers to the FPU register slack. (Table B-l lists many of the symbols used when describing the formats and operands of floating-point instructions.)

B-? Floating-Point Instructions.

'= Instruction'1 ^1^$^ • "'•' .;:- ;^';;;i j ;V;:'-^ • ':". ;'- ', Description ' i K2XM1 Compute 2* - 1. No operands. FABS Absolute value. Clears sign bit of ST(0). No operands. FADD Add floating-point Adds destination and source operands, stores sum in destination operand. Formats: FADD Add ST(0) to ST(1), and pop stack FADD ni32fp Add m32fp to ST(0) FADD rn64fp Add m64fp to ST(0) FADD ST(0),ST{i) AddST(i) toST(O) FADD ST{i),ST(0) AddST(O) toST(i) FADDP Add flouting -point and pop. Performs the same operation as FADD, then pops [lie stack. Format: FADDP ST(i),ST(0) Add ST ( 0 ) Co ST(i)

P1ADP Convert integer to floalin^-poinl and add. AJdi dc'stiiijtliim and M.IUIVU (ipeiaiuls, sinres sumin deslinaiion operand. Formats: FIADD m32int Add m32int to ST(0) FIADD xilGint Add m!6int to ST(0) FBLD Load binary-coded decimal. Converts BCD source operand inlo double extended-precision floating-point format and pushes it on the stack. Format: FBLD mSObcd Push mSObcd onto register stack