0% found this document useful (0 votes)

2K views

Intel Instruction Set

Uploaded by

Braxton1981

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

2K views

Intel Instruction Set

Uploaded by

Braxton1981

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 854

Intel Architecture Software Developers Manual

Volume 2: Instruction Set Reference

NOTE: The Intel Architecture Software Developers Manual consists of three volumes: Basic Architecture, Order Number 243190; Instruction Set Reference, Order Number 243191; and the System Programming Guide, Order Number 243192. Please refer to all three volumes when evaluating your design needs.

1999

Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intels Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked reserved or undefined. Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. Intels Intel Architecture processors (e.g., Pentium, Pentium II, Pentium III, and Pentium Pro processors) may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an ordering number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or by visiting Intel's literature center at http://www.intel.com.
COPYRIGHT INTEL CORPORATION 1999 *THIRD-PARTY BRANDS AND NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS.

TABLE OF CONTENTS
CHAPTER 1 ABOUT THIS MANUAL 1.1. OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE DEVELOPERS MANUAL, 1-1 VOLUME 2: INSTRUCTION SET REFERENCE 1.2. OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE DEVELOPERS MANUAL, VOLUME 1: BASIC ARCHITECTURE 1-2 1.3. OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE DEVELOPERS MANUAL, 1-3 VOLUME 3: SYSTEM PROGRAMMING GUIDE 1.4. NOTATIONAL CONVENTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 1.4.1. Bit and Byte Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5 1.4.2. Reserved Bits and Software Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-6 1.4.3. Instruction Operands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7 1.4.4. Hexadecimal and Binary Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7 1.4.5. Segmented Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7 1.4.6. Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8 1.5. RELATED LITERATURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 CHAPTER 2 INSTRUCTION FORMAT 2.1. GENERAL INSTRUCTION FORMAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2. INSTRUCTION PREFIXES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.3. OPCODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.4. MODR/M AND SIB BYTES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.5. DISPLACEMENT AND IMMEDIATE BYTES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.6. ADDRESSING-MODE ENCODING OF MODR/M AND SIB BYTES . . . . . . . . . . . .

2-1 2-1 2-2 2-2 2-3 2-3

CHAPTER 3 INSTRUCTION SET REFERENCE 3.1. INTERPRETING THE INSTRUCTION REFERENCE PAGES . . . . . . . . . . . . . . . . 3-1 3.1.1. Instruction Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1 3.1.1.1. Opcode Column . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2 3.1.1.2. Instruction Column . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3 3.1.1.3. Description Column . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5 3.1.1.4. Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5 3.1.2. Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6 3.1.3. Intel C/C++ Compiler Intrinsics Equivalent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 3.1.3.1. The Intrinsics API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 3.1.3.2. MMX Technology Intrinsics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10 3.1.3.3. SIMD Floating-Point Intrinsics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10 3.1.4. Flags Affected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11 3.1.5. FPU Flags Affected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-12 3.1.6. Protected Mode Exceptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-12 3.1.7. Real-Address Mode Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-12 3.1.8. Virtual-8086 Mode Exceptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13 3.1.9. Floating-Point Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-14 3.1.10. SIMD Floating-Point Exceptions - Streaming SIMD Extensions Only . . . . . . . . .3-14

iii

TABLE OF CONTENTS

3.2.

INSTRUCTION REFERENCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16 AAAASCII Adjust After Addition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17 AADASCII Adjust AX Before Division . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-18 AAMASCII Adjust AX After Multiply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-19 AASASCII Adjust AL After Subtraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-20 ADCAdd with Carry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-21 ADDAdd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-23 ADDPSPacked Single-FP Add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-25 ADDSSScalar Single-FP Add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-27 ANDLogical AND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-30 ANDNPSBit-wise Logical And Not For Single-FP. . . . . . . . . . . . . . . . . . . . . . . . . . .3-32 ANDPSBit-wise Logical And For Single FP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-34 ARPLAdjust RPL Field of Segment Selector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-36 BOUNDCheck Array Index Against Bounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-38 BSFBit Scan Forward . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-40 BSRBit Scan Reverse. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-42 BSWAPByte Swap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-44 BTBit Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-45 BTCBit Test and Complement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-47 BTRBit Test and Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-49 BTSBit Test and Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-51 CALLCall Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-53 CBW/CWDEConvert Byte to Word/Convert Word to Doubleword . . . . . . . . . . . . . .3-64 CDQConvert Double to Quad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-65 CLCClear Carry Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-66 CLDClear Direction Flag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-67 CLIClear Interrupt Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-68 CLTSClear Task-Switched Flag in CR0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-70 CMCComplement Carry Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-71 CMOVccConditional Move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-72 CMPCompare Two Operands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-76 CMPPSPacked Single-FP Compare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-78 CMPS/CMPSB/CMPSW/CMPSDCompare String Operands. . . . . . . . . . . . . . . . . .3-87 CMPSSScalar Single-FP Compare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-90 CMPXCHGCompare and Exchange. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-100 CMPXCHG8BCompare and Exchange 8 Bytes . . . . . . . . . . . . . . . . . . . . . . . . . . .3-102 COMISSScalar Ordered Single-FP Compare and Set EFLAGS . . . . . . . . . . . . . .3-104 CPUIDCPU Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-111 CVTPI2PSPacked Signed INT32 to Packed Single-FP Conversion . . . . . . . . . . .3-119 CVTPS2PIPacked Single-FP to Packed INT32 Conversion. . . . . . . . . . . . . . . . . .3-123 CVTSI2SSScalar Signed INT32 to Single-FP Conversion . . . . . . . . . . . . . . . . . . .3-127 CVTSS2SIScalar Single-FP to Signed INT32 Conversion . . . . . . . . . . . . . . . . . . .3-130 CVTTPS2PIPacked Single-FP to Packed INT32 Conversion (Truncate). . . . . . . .3-133 CVTTSS2SIScalar Single-FP to Signed INT32 Conversion (Truncate) . . . . . . . . .3-137 CWD/CDQConvert Word to Doubleword/Convert Doubleword to Quadword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-141 CWDEConvert Word to Doubleword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-142

TABLE OF CONTENTS

DAADecimal Adjust AL after Addition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DASDecimal Adjust AL after Subtraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DECDecrement by 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DIVUnsigned Divide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DIVPSPacked Single-FP Divide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DIVSSScalar Single-FP Divide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EMMSEmpty MMX State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ENTERMake Stack Frame for Procedure Parameters . . . . . . . . . . . . . . . . . . . . . F2XM1Compute 2x1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FABSAbsolute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FADD/FADDP/FIADDAdd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FBLDLoad Binary Coded Decimal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FBSTPStore BCD Integer and Pop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FCHSChange Sign . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FCLEX/FNCLEXClear Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FCMOVccFloating-Point Conditional Move. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FCOM/FCOMP/FCOMPPCompare Real . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FCOMI/FCOMIP/ FUCOMI/FUCOMIPCompare Real and Set EFLAGS . . . . . . . FCOSCosine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FDECSTPDecrement Stack-Top Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FDIV/FDIVP/FIDIVDivide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FDIVR/FDIVRP/FIDIVRReverse Divide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FFREEFree Floating-Point Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FICOM/FICOMPCompare Integer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FILDLoad Integer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FINCSTPIncrement Stack-Top Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FINIT/FNINITInitialize Floating-Point Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FIST/FISTPStore Integer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FLDLoad Real. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FLD1/FLDL2T/FLDL2E/FLDPI/FLDLG2/FLDLN2/FLDZLoad Constant . . . . . . . . FLDCWLoad Control Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FLDENVLoad FPU Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FMUL/FMULP/FIMULMultiply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FNOPNo Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FPATANPartial Arctangent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FPREMPartial Remainder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FPREM1Partial Remainder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FPTANPartial Tangent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FRNDINTRound to Integer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FRSTORRestore FPU State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSAVE/FNSAVEStore FPU State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSCALEScale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSINSine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSINCOSSine and Cosine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSQRTSquare Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FST/FSTPStore Real . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FSTCW/FNSTCWStore Control Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-143 3-145 3-146 3-148 3-151 3-154 3-156 3-158 3-161 3-163 3-165 3-169 3-171 3-174 3-176 3-178 3-180 3-183 3-186 3-188 3-189 3-193 3-197 3-198 3-200 3-202 3-203 3-205 3-208 3-210 3-212 3-214 3-216 3-220 3-221 3-223 3-226 3-229 3-231 3-232 3-235 3-238 3-240 3-242 3-244 3-246 3-249

TABLE OF CONTENTS

FSTENV/FNSTENVStore FPU Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-251 FSTSW/FNSTSWStore Status Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-254 FSUB/FSUBP/FISUBSubtract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-257 FSUBR/FSUBRP/FISUBRReverse Subtract . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-261 FTSTTEST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-265 FUCOM/FUCOMP/FUCOMPPUnordered Compare Real . . . . . . . . . . . . . . . . . . .3-267 FWAITWait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-270 FXAMExamine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-271 FXCHExchange Register Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-273 FXRSTORRestore FP and MMX State and Streaming SIMD Extension State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-275 FXSAVEStore FP and MMX State and Streaming SIMD Extension State . . . . .3-279 FXTRACTExtract Exponent and Significand . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-285 FYL2XCompute y * log2x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-287 FYL2XP1Compute y * log2(x +1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-289 HLTHalt. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-291 IDIVSigned Divide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-292 IMULSigned Multiply. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-295 INInput from Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-299 INCIncrement by 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-301 INS/INSB/INSW/INSDInput from Port to String . . . . . . . . . . . . . . . . . . . . . . . . . . .3-303 INT n/INTO/INT 3Call to Interrupt Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-306 INVDInvalidate Internal Caches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-318 INVLPGInvalidate TLB Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-320 IRET/IRETDInterrupt Return. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-321 JccJump if Condition Is Met . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-329 JMPJump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-333 LAHFLoad Status Flags into AH Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-341 LARLoad Access Rights Byte. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-342 LDMXCSRLoad Streaming SIMD Extension Control/Status . . . . . . . . . . . . . . . . .3-345 LDS/LES/LFS/LGS/LSSLoad Far Pointer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-349 LEALoad Effective Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-353 LEAVEHigh Level Procedure Exit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-355 LESLoad Full Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-357 LFSLoad Full Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-358 LGDT/LIDTLoad Global/Interrupt Descriptor Table Register . . . . . . . . . . . . . . . . .3-359 LGSLoad Full Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-361 LLDTLoad Local Descriptor Table Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-362 LIDTLoad Interrupt Descriptor Table Register . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-364 LMSWLoad Machine Status Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-365 LOCKAssert LOCK# Signal Prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-367 LODS/LODSB/LODSW/LODSDLoad String. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-369 LOOP/LOOPccLoop According to ECX Counter . . . . . . . . . . . . . . . . . . . . . . . . . .3-372 LSLLoad Segment Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-375 LSSLoad Full Pointer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-379 LTRLoad Task Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-380 MASKMOVQByte Mask Write . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-382

TABLE OF CONTENTS

MAXPSPacked Single-FP Maximum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MAXSSScalar Single-FP Maximum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MINPSPacked Single-FP Minimum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MINSSScalar Single-FP Minimum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVMove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVMove to/from Control Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVMove to/from Debug Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVAPSMove Aligned Four Packed Single-FP. . . . . . . . . . . . . . . . . . . . . . . . . . MOVDMove 32 Bits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVHLPS High to Low Packed Single-FP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVHPSMove High Packed Single-FP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVLHPSMove Low to High Packed Single-FP . . . . . . . . . . . . . . . . . . . . . . . . . MOVLPSMove Low Packed Single-FP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVMSKPSMove Mask To Integer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVNTPSMove Aligned Four Packed Single-FP Non Temporal. . . . . . . . . . . . . MOVNTQMove 64 Bits Non Temporal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVQMove 64 Bits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVS/MOVSB/MOVSW/MOVSDMove Data from String to String . . . . . . . . . . . MOVSSMove Scalar Single-FP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVSXMove with Sign-Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MOVUPSMove Unaligned Four Packed Single-FP . . . . . . . . . . . . . . . . . . . . . . . MOVZXMove with Zero-Extend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MULUnsigned Multiply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MULPSPacked Single-FP Multiply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MULSSScalar Single-FP Multiply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NEGTwo's Complement Negation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NOPNo Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NOTOne's Complement Negation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ORLogical Inclusive OR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ORPSBit-wise Logical OR for Single-FP Data . . . . . . . . . . . . . . . . . . . . . . . . . . . OUTOutput to Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OUTS/OUTSB/OUTSW/OUTSDOutput String to Port . . . . . . . . . . . . . . . . . . . . . PACKSSWB/PACKSSDWPack with Signed Saturation . . . . . . . . . . . . . . . . . . . . PACKUSWBPack with Unsigned Saturation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . PADDB/PADDW/PADDDPacked Add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PADDSB/PADDSWPacked Add with Saturation . . . . . . . . . . . . . . . . . . . . . . . . . PADDUSB/PADDUSWPacked Add Unsigned with Saturation . . . . . . . . . . . . . . . PANDLogical AND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PANDNLogical AND NOT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PAVGB/PAVGWPacked Average . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PCMPEQB/PCMPEQW/PCMPEQDPacked Compare for Equal . . . . . . . . . . . . . PCMPGTB/PCMPGTW/PCMPGTDPacked Compare for Greater Than . . . . . . . PEXTRWExtract Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PINSRWInsert Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PMADDWDPacked Multiply and Add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PMAXSWPacked Signed Integer Word Maximum . . . . . . . . . . . . . . . . . . . . . . . . PMAXUBPacked Unsigned Integer Byte Maximum . . . . . . . . . . . . . . . . . . . . . . .

3-386 3-390 3-394 3-398 3-402 3-407 3-409 3-411 3-414 3-417 3-419 3-422 3-424 3-427 3-429 3-431 3-433 3-435 3-438 3-441 3-443 3-446 3-448 3-450 3-452 3-454 3-456 3-457 3-459 3-461 3-463 3-465 3-469 3-472 3-475 3-479 3-482 3-485 3-487 3-489 3-493 3-497 3-501 3-503 3-505 3-508 3-511

vii

TABLE OF CONTENTS

PMINSWPacked Signed Integer Word Minimum . . . . . . . . . . . . . . . . . . . . . . . . . .3-514 PMINUBPacked Unsigned Integer Byte Minimum . . . . . . . . . . . . . . . . . . . . . . . . .3-517 PMOVMSKBMove Byte Mask To Integer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-520 PMULHUWPacked Multiply High Unsigned . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-522 PMULHWPacked Multiply High . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-525 PMULLWPacked Multiply Low . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-528 POPPop a Value from the Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-531 POPA/POPADPop All General-Purpose Registers . . . . . . . . . . . . . . . . . . . . . . . .3-536 POPF/POPFDPop Stack into EFLAGS Register . . . . . . . . . . . . . . . . . . . . . . . . . .3-538 PORBitwise Logical OR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-541 PREFETCHPrefetch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-543 PSADBWPacked Sum of Absolute Differences . . . . . . . . . . . . . . . . . . . . . . . . . . .3-545 PSHUFWPacked Shuffle Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-548 PSLLW/PSLLD/PSLLQPacked Shift Left Logical . . . . . . . . . . . . . . . . . . . . . . . . . .3-550 PSRAW/PSRADPacked Shift Right Arithmetic. . . . . . . . . . . . . . . . . . . . . . . . . . . .3-555 PSRLW/PSRLD/PSRLQPacked Shift Right Logical. . . . . . . . . . . . . . . . . . . . . . . .3-558 PSUBB/PSUBW/PSUBDPacked Subtract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-563 PSUBSB/PSUBSWPacked Subtract with Saturation . . . . . . . . . . . . . . . . . . . . . . .3-567 PSUBUSB/PSUBUSWPacked Subtract Unsigned with Saturation . . . . . . . . . . . .3-570 PUNPCKHBW/PUNPCKHWD/PUNPCKHDQUnpack High Packed Data . . . . . . .3-573 PUNPCKLBW/PUNPCKLWD/PUNPCKLDQUnpack Low Packed Data . . . . . . . .3-577 PUSHPush Word or Doubleword Onto the Stack. . . . . . . . . . . . . . . . . . . . . . . . . .3-581 PUSHA/PUSHADPush All General-Purpose Registers . . . . . . . . . . . . . . . . . . . . .3-584 PUSHF/PUSHFDPush EFLAGS Register onto the Stack . . . . . . . . . . . . . . . . . . .3-587 PXORLogical Exclusive OR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-589 RCL/RCR/ROL/ROR-Rotate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-591 RCPPSPacked Single-FP Reciprocal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-596 RCPSSScalar Single-FP Reciprocal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-598 RDMSRRead from Model Specific Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-600 RDPMCRead Performance-Monitoring Counters. . . . . . . . . . . . . . . . . . . . . . . . . .3-602 RDTSCRead Time-Stamp Counter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-604 REP/REPE/REPZ/REPNE /REPNZRepeat String Operation Prefix . . . . . . . . . . .3-605 RETReturn from Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-608 ROL/RORRotate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-615 RSMResume from System Management Mode . . . . . . . . . . . . . . . . . . . . . . . . . . .3-616 RSQRTPSPacked Single-FP Square Root Reciprocal . . . . . . . . . . . . . . . . . . . . .3-617 RSQRTSSScalar Single-FP Square Root Reciprocal . . . . . . . . . . . . . . . . . . . . . .3-619 SAHFStore AH into Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-621 SAL/SAR/SHL/SHRShift. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-622 SBBInteger Subtraction with Borrow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-627 SCAS/SCASB/SCASW/SCASDScan String . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-629 SETccSet Byte on Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-632 SFENCEStore Fence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-634 SGDT/SIDTStore Global/Interrupt Descriptor Table Register . . . . . . . . . . . . . . . .3-636 SHL/SHRShift Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-639 SHLDDouble Precision Shift Left . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-640 SHRDDouble Precision Shift Right. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-643

viii

TABLE OF CONTENTS

SHUFPSShuffle Single-FP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SIDTStore Interrupt Descriptor Table Register . . . . . . . . . . . . . . . . . . . . . . . . . . . SLDTStore Local Descriptor Table Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SMSWStore Machine Status Word . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SQRTPSPacked Single-FP Square Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SQRTSSScalar Single-FP Square Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . STCSet Carry Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . STDSet Direction Flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . STISet Interrupt Flag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . STMXCSRStore Streaming SIMD Extension Control/Status . . . . . . . . . . . . . . . . STOS/STOSB/STOSW/STOSDStore String. . . . . . . . . . . . . . . . . . . . . . . . . . . . . STRStore Task Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SUBSubtract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SUBPSPacked Single-FP Subtract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SUBSSScalar Single-FP Subtract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SYSENTERFast Transition to System Call Entry Point . . . . . . . . . . . . . . . . . . . . SYSEXITFast Transition from System Call Entry Point . . . . . . . . . . . . . . . . . . . . TESTLogical Compare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UCOMISSUnordered Scalar Single-FP compare and set EFLAGS . . . . . . . . . . . UD2Undefined Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UNPCKHPSUnpack High Packed Single-FP Data . . . . . . . . . . . . . . . . . . . . . . . . UNPCKLPSUnpack Low Packed Single-FP Data . . . . . . . . . . . . . . . . . . . . . . . . VERR/VERWVerify a Segment for Reading or Writing. . . . . . . . . . . . . . . . . . . . . WAIT/FWAITWait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . WBINVDWrite Back and Invalidate Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . WRMSRWrite to Model Specific Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XADDExchange and Add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XCHGExchange Register/Memory with Register . . . . . . . . . . . . . . . . . . . . . . . . . XLAT/XLATBTable Look-up Translation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XORLogical Exclusive OR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XORPSBit-wise Logical Xor for Single-FP Data . . . . . . . . . . . . . . . . . . . . . . . . . .

3-646 3-651 3-652 3-654 3-656 3-659 3-662 3-663 3-664 3-666 3-668 3-671 3-673 3-675 3-678 3-681 3-685 3-688 3-690 3-697 3-698 3-701 3-704 3-707 3-708 3-710 3-712 3-714 3-716 3-718 3-720

APPENDIX A OPCODE MAP A.1. KEY TO ABBREVIATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 A.1.1. Codes for Addressing Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 A.1.2. Codes for Operand Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 A.1.3. Register Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 A.2. OPCODE LOOK-UP EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 A.2.1. One-Byte Opcode Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4 A.2.2. Two-Byte Opcode Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4 A.2.3. Opcode Map Shading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5 A.2.4. Opcode Map Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5 A.2.5. Opcode Extensions For One- And Two-byte Opcodes . . . . . . . . . . . . . . . . . . . A-10 A.2.6. Escape Opcode Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-12 A.2.6.1. Opcodes with ModR/M Bytes in the 00H through BFH Range . . . . . . . . . . . A-12 A.2.6.2. Opcodes with ModR/M Bytes outside the 00H through BFH Range. . . . . . . A-12 A.2.6.3. Escape Opcodes with D8 as First Byte. . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-12 A.2.6.4. Escape Opcodes with D9 as First Byte. . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-14

TABLE OF CONTENTS

A.2.6.5. A.2.6.6. A.2.6.7. A.2.6.8. A.2.6.9. A.2.6.10.

Escape Opcodes with DA as First Byte Escape Opcodes with DB as First Byte Escape Opcodes with DC as First Byte Escape Opcodes with DD as First Byte Escape Opcodes with DE as First Byte Escape Opcodes with DF As First Byte

............................ ............................ ............................ ............................ ............................ ............................

A-15 A-16 A-18 A-19 A-21 A-22

APPENDIX B INSTRUCTION FORMATS AND ENCODINGS B.1. MACHINE INSTRUCTION FORMAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 B.1.1. Reg Field (reg). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2 B.1.2. Encoding of Operand Size Bit (w) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 B.1.3. Sign Extend (s) Bit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 B.1.4. Segment Register Field (sreg). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 B.1.5. Special-Purpose Register (eee) Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 B.1.6. Condition Test Field (tttn) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-5 B.1.7. Direction (d) Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-5 B.2. INTEGER INSTRUCTION FORMATS AND ENCODINGS . . . . . . . . . . . . . . . . . . . B-6 B.3. MMX INSTRUCTION FORMATS AND ENCODINGS . . . . . . . . . . . . . . . . . . . . B-19 B.3.1. Granularity Field (gg). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-19 B.3.2. MMX and General-Purpose Register Fields (mmxreg and reg) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-19 B.3.3. MMX Instruction Formats and Encodings Table . . . . . . . . . . . . . . . . . . . . . . B-20 B.4. STREAMING SIMD EXTENSION FORMATS AND ENCODINGS TABLE . . . . . . B-24 B.4.1. Instruction Prefixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-24 B.4.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-26 B.4.3. Formats and Encodings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-27 B.5. FLOATING-POINT INSTRUCTION FORMATS AND ENCODINGS . . . . . . . . . . . B-36 APPENDIX C COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS C.1. SIMPLE INTRINSICS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2 C.2. COMPOSITE INTRINSICS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-11

TABLE OF FIGURES
Figure 1-1. Figure 2-1. Figure 3-1. Figure 3-2. Figure 3-3. Figure 3-4. Figure 3-5. Figure 3-6. Figure 3-7. Figure 3-8. Figure 3-9. Figure 3-10. Figure 3-11. Figure 3-12. Figure 3-13. Figure 3-14. Figure 3-15. Figure 3-16. Figure 3-17. Figure 3-18. Figure 3-19. Figure 3-20. Figure 3-21. Figure 3-22. Figure 3-23. Figure 3-24. Figure 3-25. Figure 3-26. Figure 3-27. Figure 3-28. Figure 3-29. Figure 3-30. Figure 3-31. Figure 3-32. Figure 3-33. Figure 3-34. Figure 3-35. Figure 3-36. Figure 3-37. Figure 3-38. Figure 3-39. Figure 3-40. Figure 3-41. Figure 3-42. Figure 3-43. Figure 3-44. Figure 3-45. Figure 3-46. Figure 3-47. Bit and Byte Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-6 Intel Architecture Instruction Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1 Bit Offset for BIT[EAX,21] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8 Memory Bit Indexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-12 Operation of the ADDPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-25 Operation of the ADDSS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-27 Operation of the ANDNPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-32 Operation of the ANDPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-34 Operation of the CMPPS (Imm8=0) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-78 Operation of the CMPPS (Imm8=1) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-78 Operation of the CMPPS (Imm8=2) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-79 Operation of the CMPPS (Imm8=3) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-79 Operation of the CMPPS (Imm8=4) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-80 Operation of the CMPPS (Imm8=5) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-80 Operation of the CMPPS (Imm8=6) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-81 Operation of the CMPPS (Imm8=7) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-81 Operation of the CMPSS (Imm8=0) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-92 Operation of the CMPSS (Imm8=1) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-92 Operation of the CMPSS (Imm8=2) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-93 Operation of the CMPSS (Imm8=3) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-93 Operation of the CMPSS (Imm8=4) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-94 Operation of the CMPSS (Imm8=5) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-94 Operation of the CMPSS (Imm8=6) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-95 Operation of the CMPSS (Imm8=7) Instruction . . . . . . . . . . . . . . . . . . . . . . .3-95 Operation of the COMISS Instruction, Condition One . . . . . . . . . . . . . . . . .3-104 Operation of the COMISS Instruction, Condition Two . . . . . . . . . . . . . . . . .3-105 Operation of the COMISS Instruction, Condition Three . . . . . . . . . . . . . . . .3-105 Operation of the COMISS Instruction, Condition Four . . . . . . . . . . . . . . . . .3-106 Version and Feature Information in Registers EAX and EDX. . . . . . . . . . . .3-112 Operation of the CVTPI2PS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-119 Operation of the CVTPS2PI Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-123 Operation of the CVTSI2SS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-127 Operation of the CVTSS2SI Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-130 Operation of the CVTTPS2PI Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . .3-133 Operation of the CVTTSS2SI Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . .3-137 Operation of the DIVPS Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-151 Operation of the DIVSS Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-154 Operation of the MAXPS Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-386 Operation of the MAXSS Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-390 Operation of the MINPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-394 Operation of the MINSS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-398 Operation of the MOVAPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-411 Operation of the MOVD Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-414 Operation of the MOVHLPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-417 Operation of the MOVHPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-419 Operation of the MOVLHPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-422 Operation of the MOVLPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-424 Operation of the MOVMSKPS Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . .3-427 Operation of the MOVQ Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-433 xi

TABLE OF FIGURES

Figure 3-48. Figure 3-49. Figure 3-50. Figure 3-51. Figure 3-52. Figure 3-53. Figure 3-54. Figure 3-55. Figure 3-56. Figure 3-57. Figure 3-58. Figure 3-59. Figure 3-60. Figure 3-61. Figure 3-62. Figure 3-63. Figure 3-64. Figure 3-65. Figure 3-66. Figure 3-67. Figure 3-68. Figure 3-69. Figure 3-70. Figure 3-71. Figure 3-72. Figure 3-73. Figure 3-74. Figure 3-75. Figure 3-76. Figure 3-77. Figure 3-78. Figure 3-79. Figure 3-80. Figure 3-81. Figure 3-82. Figure 3-83. Figure 3-84. Figure 3-85. Figure 3-86. Figure 3-87. Figure 3-88. Figure 3-89. Figure 3-90. Figure 3-91. Figure 3-92. Figure 3-93. Figure 3-94. Figure 3-95. Figure 3-96. Figure 3-97.

Operation of the MOVSS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-438 Operation of the MOVUPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-443 Operation of the MULPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-450 Operation of the MULSS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-452 Operation of the ORPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-461 Operation of the PACKSSDW Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . .3-469 Operation of the PACKUSWB Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . .3-472 Operation of the PADDW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-475 Operation of the PADDSW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-479 Operation of the PADDUSB Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-482 Operation of the PAND Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-485 Operation of the PANDN Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-487 Operation of the PAVGB/PAVGW Instruction. . . . . . . . . . . . . . . . . . . . . . . .3-489 Operation of the PCMPEQW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . .3-493 Operation of the PCMPGTW Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . .3-497 Operation of the PEXTRW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-501 Operation of the PINSRW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-503 Operation of the PMADDWD Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . .3-505 Operation of the PMAXSW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-508 Operation of the PMAXUB Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-511 Operation of the PMINSW Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-514 Operation of the PMINUB Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-517 Operation of the PMOVMSKB Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . .3-520 Operation of the PMULHUW Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . .3-522 Operation of the PMULHW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-525 Operation of the PMULLW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-528 Operation of the POR Instruction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-541 Operation of the PSADBW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-545 Operation of the PSHUFW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-548 Operation of the PSLLW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-550 Operation of the PSRAW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-555 Operation of the PSRLW Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-558 Operation of the PSUBW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-563 Operation of the PSUBSW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-567 Operation of the PSUBUSB Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-570 High-Order Unpacking and Interleaving of Bytes With the PUNPCKHBW Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-573 Low-Order Unpacking and Interleaving of Bytes With the PUNPCKLBW Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-577 Operation of the PXOR Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-589 Operation of the RCPPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-596 Operation of the RCPSS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-598 Operation of the RSQRTPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-617 Operation of the RSQRTSS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-619 Operation of the SHUFPS Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-647 Operation of the SQRTPS Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-656 Operation of the SQRTSS Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-659 Operation of the SUBPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-675 Operation of the SUBSS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-678 Operation of the UCOMISS Instruction, Condition One . . . . . . . . . . . . . . . .3-690 Operation of the UCOMISS Instruction, Condition Two . . . . . . . . . . . . . . . .3-691 Operation of the UCOMISS Instruction, Condition Three . . . . . . . . . . . . . . .3-691

xii

TABLE OF FIGURES

Figure 3-98. Figure 3-99. Figure 3-100. Figure 3-101. Figure A-1. Figure B-1. Figure B-2. Figure B-3.

Operation of the UCOMISS Instruction, Condition Four . . . . . . . . . . . . . . . 3-692 Operation of the UNPCKHPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . 3-699 Operation of the UNPCKLPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . 3-702 Operation of the XORPS Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-720 ModR/M Byte nnn Field (Bits 5, 4, and 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10 General Machine Instruction Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Key to Codes for MMX Data Type Cross-Reference. . . . . . . . . . . . . . . . . B-20 Key to Codes for Streaming SIMD Extensions Data Type Cross-Reference B-27

xiii

TABLE OF FIGURES

xiv

TABLE OF TABLES
Table 2-1. Table 2-2. Table 2-3. Table 3-1. Table 3-2. Table 3-3. Table 3-4. Table 3-5. Table 3-6. Table 3-7. Table 3-8. Table 3-9. Table A-1. Table A-2. Table A-3. Table A-4. Table A-5. Table A-6. Table A-7. Table A-8. Table A-9. Table A-10. Table A-11. Table A-12. Table A-13. Table A-14. Table A-15. Table A-16. Table A-17. Table A-18. Table A-19. Table A-20. Table A-21. Table A-22. Table B-1. Table B-2. Table B-3. Table B-4. Table B-5. Table B-6. Table B-7. Table B-8. Table B-9. Table B-10. Table B-11. Table B-12. Table B-13. Table B-14. xv 16-Bit Addressing Forms with the ModR/M Byte . . . . . . . . . . . . . . . . . . . . . . .2-5 32-Bit Addressing Forms with the ModR/M Byte . . . . . . . . . . . . . . . . . . . . . . .2-6 32-Bit Addressing Forms with the SIB Byte . . . . . . . . . . . . . . . . . . . . . . . . . . .2-7 Register Encodings Associated with the +rb, +rw, and +rd Nomenclature. . . .3-3 Exception Mnemonics, Names, and Vector Numbers . . . . . . . . . . . . . . . . . .3-13 Floating-Point Exception Mnemonics and Names . . . . . . . . . . . . . . . . . . . . .3-14 SIMD Floating-Point Exception Mnemonics and Names . . . . . . . . . . . . . . . .3-15 Streaming SIMD Extensions Faults (Interrupts 6 & 7) . . . . . . . . . . . . . . . . . .3-16 Information Returned by CPUID Instruction . . . . . . . . . . . . . . . . . . . . . . . . .3-111 Processor Type Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-113 Feature Flags Returned in EDX Register . . . . . . . . . . . . . . . . . . . . . . . . . . .3-114 Encoding of Cache and TLB Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . .3-116 Notes on Instruction Set Encoding Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5 One-byte Opcode Map (Left) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6 One-byte Opcode Map (Right) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7 Two-byte Opcode Map (Left) (First Byte is OFH) . . . . . . . . . . . . . . . . . . . . . . A-8 Two-byte Opcode Map (Right) (First Byte is OFH). . . . . . . . . . . . . . . . . . . . . A-9 Opcode Extensions for One- and Two-byte Opcodes by Group Number. . . A-11 D8 Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-12 D8 Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-13 D9 Opcode Map When ModR/M Byte is Within 00H to BFH1. . . . . . . . . . . . A-14 D9 Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-15 DA Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-15 DA Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-16 DB Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-17 DB Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-17 DC Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-18 DC Opcode Map When ModR/M Byte is Outside 00H to BFH4 . . . . . . . . . . A-19 DD Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-20 DD Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-20 DE Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-21 DE Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-22 DF Opcode Map When ModR/M Byte is Within 00H to BFH1 . . . . . . . . . . . A-23 DF Opcode Map When ModR/M Byte is Outside 00H to BFH1 . . . . . . . . . . A-23 Special Fields Within Instruction Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . B-2 Encoding of reg Field When w Field is Not Present in Instruction . . . . . . . . . B-2 Encoding of reg Field When w Field is Present in Instruction. . . . . . . . . . . . . B-3 Encoding of Operand Size (w) Bit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 Encoding of Sign-Extend (s) Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 Encoding of the Segment Register (sreg) Field . . . . . . . . . . . . . . . . . . . . . . . B-4 Encoding of Special-Purpose Register (eee) Field. . . . . . . . . . . . . . . . . . . . . B-4 Encoding of Conditional Test (tttn) Field. . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-5 Encoding of Operation Direction (d) Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 Integer Instruction Formats and Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 Encoding of Granularity of Data Field (gg) . . . . . . . . . . . . . . . . . . . . . . . . . . B-19 Encoding of the MMX Register Field (mmxreg) . . . . . . . . . . . . . . . . . . . . B-19 Encoding of the General-Purpose Register Field (reg) When Used in MMX Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-20 MMX Instruction Formats and Encodings . . . . . . . . . . . . . . . . . . . . . . . . . B-21

TABLE OF TABLES

Table B-15. Table B-16. Table B-17. Table B-18. Table B-19. Table B-20. Table B-21. Table B-22. Table B-23. Table C-1. Table C-2.

Streaming SIMD Extensions Instruction Behavior with Prefixes . . . . . . . . . B-25 SIMD Integer Instructions - Behavior with Prefixes . . . . . . . . . . . . . . . . . . . B-25 Cacheability Control Instruction Behavior with Prefixes . . . . . . . . . . . . . . . B-25 Key to Streaming SIMD Extensions Naming Convention . . . . . . . . . . . . . . . B-26 Encoding of the SIMD Floating-Point Register Field . . . . . . . . . . . . . . . . . . B-27 Encoding of the SIMD-Integer Register Field . . . . . . . . . . . . . . . . . . . . . . . . B-34 Encoding of the Streaming SIMD Extensions Cacheability Control Register Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-35 General Floating-Point Instruction Formats . . . . . . . . . . . . . . . . . . . . . . . . . B-36 Floating-Point Instruction Formats and Encodings . . . . . . . . . . . . . . . . . . . . B-37 Simple Intrinsics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2 Composite Intrinsics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-11

xvi

1
About This Manual

CHAPTER 1 ABOUT THIS MANUAL

The Intel Architecture Software Developers Manual, Volume 2: Instruction Set Reference (Order Number 243191) is part of a three-volume set that describes the architecture and programming environment of all Intel Architecture processors. The other two volumes in this set are:

The Intel Architecture Software Developers Manual, Volume 1: Basic Architecture (Order Number 243190). The Intel Architecture Software Developers Manual, Volume 3: System Programing Guide (Order Number 243192).

The Intel Architecture Software Developers Manual, Volume 1, describes the basic architecture and programming environment of an Intel Architecture processor; the Intel Architecture Software Developers Manual, Volume 2, describes the instructions set of the processor and the opcode structure. These two volumes are aimed at application programmers who are writing programs to run under existing operating systems or executives. The Intel Architecture Software Developers Manual, Volume 3, describes the operating-system support environment of an Intel Architecture processor, including memory management, protection, task management, interrupt and exception handling, and system management mode. It also provides Intel Architecture processor compatibility information. This volume is aimed at operating-system and BIOS designers and programmers.

1.1.

OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE DEVELOPERS MANUAL, VOLUME 2: INSTRUCTION SET REFERENCE

The contents of this manual are as follows: Chapter 1 About This Manual. Gives an overview of all three volumes of the Intel Architecture Software Developers Manual. It also describes the notational conventions in these manuals and lists related Intel manuals and documentation of interest to programmers and hardware designers. Chapter 2 Instruction Format. Describes the machine-level instruction format used for all Intel Architecture instructions and gives the allowable encodings of prefixes, the operand-identifier byte (ModR/M byte), the addressing-mode specifier byte (SIB byte), and the displacement and immediate bytes. Chapter 3 Instruction Set Reference. Describes each of the Intel Architecture instructions in detail, including an algorithmic description of operations, the effect on flags, the effect of operand- and address-size attributes, and the exceptions that may be generated. The instructions

1-1

ABOUT THIS MANUAL

are arranged in alphabetical order. The FPU, MMX Technology instructions, and Streaming SIMD Extensions are included in this chapter. Appendix A Opcode Map. Gives an opcode map for the Intel Architecture instruction set. Appendix B Instruction Formats and Encodings. Gives the binary encoding of each form of each Intel Architecture instruction. Appendix C Compiler Intrinsics and Functional Equivalents. Gives the Intel C/C++ compiler intrinsics and functional equivalents for the MMX Technology instructions and Streaming SIMD Extensions.

1.2.

OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE DEVELOPERS MANUAL, VOLUME 1: BASIC ARCHITECTURE

The contents of the Intel Architecture Software Developers Manual, Volume 1, are as follows: Chapter 1 About This Manual. Gives an overview of all three volumes of the Intel Architecture Software Developers Manual. It also describes the notational conventions in these manuals and lists related Intel manuals and documentation of interest to programmers and hardware designers. Chapter 2 Introduction to the Intel Architecture. Introduces the Intel Architecture and the families of Intel processors that are based on this architecture. It also gives an overview of the common features found in these processors and brief history of the Intel Architecture. Chapter 3 Basic Execution Environment. Introduces the models of memory organization and describes the register set used by applications. Chapter 4 Procedure Calls, Interrupts, and Exceptions. Describes the procedure stack and the mechanisms provided for making procedure calls and for servicing interrupts and exceptions. Chapter 5 Data Types and Addressing Modes. Describes the data types and addressing modes recognized by the processor. Chapter 6 Instruction Set Summary. Gives an overview of all the Intel Architecture instructions except those executed by the processors floating-point unit. The instructions are presented in functionally related groups. Chapter 7 Floating-Point Unit. Describes the Intel Architecture floating-point unit, including the floating-point registers and data types; gives an overview of the floating-point instruction set; and describes the processors floating-point exception conditions. Chapter 8 Programming with Intel MMX Technology. Describes the Intel MMX technology, including registers and data types, and gives an overview of the MMX technology instruction set. Chapter 9 Programming with the Streaming SIMD Extensions. Describes the Intel Streaming SIMD Extensions, including the registers and data types.

1-2

ABOUT THIS MANUAL

Chapter 10 Input/Output. Describes the processors I/O architecture, including I/O port addressing, the I/O instructions, and the I/O protection mechanism. Chapter 11 Processor Identification and Feature Determination. Describes how to determine the CPU type and the features that are available in the processor. Appendix A EFLAGS Cross-Reference. Summarizes how the Intel Architecture instructions affect the flags in the EFLAGS register. Appendix B EFLAGS Condition Codes. Summarizes how the conditional jump, move, and byte set on condition code instructions use the condition code flags (OF, CF, ZF, SF, and PF) in the EFLAGS register. Appendix C Floating-Point Exceptions Summary. Summarizes the exceptions that can be raised by floating-point instructions. Appendix D SIMD Floating-Point Exceptions Summary. Provides the Streaming SIMD Extensions mnemonics, and the exceptions that each instruction can cause. Appendix E Guidelines for Writing FPU Exception Handlers. Describes how to design and write MS-DOS* compatible exception handling facilities for FPU and SIMD floating-point exceptions, including both software and hardware requirements and assembly-language code examples. This appendix also describes general techniques for writing robust FPU exception handlers. Appendix F Guidelines for Writing SIMD-FP Exception Handlers. Provides guidelines for the Streaming SIMD Extensions instructions that can generate numeric (floating-point) exceptions, and gives an overview of the necessary support for handling such exceptions.

1.3.

OVERVIEW OF THE INTEL ARCHITECTURE SOFTWARE DEVELOPERS MANUAL, VOLUME 3: SYSTEM PROGRAMMING GUIDE

Bit offset

Byte 3

Byte 2

Byte 1

Byte 0

Lowest Address

Byte Offset

Figure 1-1. Bit and Byte Order

1.4.2.

Reserved Bits and Software Compatibility

In many register and memory layout descriptions, certain bits are marked as reserved. When bits are marked as reserved, it is essential for compatibility with future processors that software treat these bits as having a future, though unknown, effect. The behavior of reserved bits should be regarded as not only undefined, but unpredictable. Software should follow these guidelines in dealing with reserved bits:

Do not depend on the states of any reserved bits when testing the values of registers which contain such bits. Mask out the reserved bits before testing. Do not depend on the states of any reserved bits when storing to memory or to a register. Do not depend on the ability to retain information written into any reserved bits. When loading a register, always load the reserved bits with the values indicated in the documentation, if any, or reload them with values previously read from the same register.
NOTE

Avoid any software dependence upon the state of reserved bits in Intel Architecture registers. Depending upon the values of reserved register bits will make software dependent upon the unspecified manner in which the processor handles these bits. Programs that depend upon reserved values risk incompatibility with future processors.

1-6

ABOUT THIS MANUAL

1.4.3.

Instruction Operands

When instructions are represented symbolically, a subset of the Intel Architecture assembly language is used. In this subset, an instruction has the following format:
label: mnemonic argument1, argument2, argument3

where:

A label is an identifier which is followed by a colon. A mnemonic is a reserved name for a class of instruction opcodes which have the same function. The operands argument1, argument2, and argument3 are optional. There may be from zero to three operands, depending on the opcode. When present, they take the form of either literals or identifiers for data items. Operand identifiers are either reserved names of registers or are assumed to be assigned to data items declared in another part of the program (which may not be shown in the example).

When two operands are present in an arithmetic or logical instruction, the right operand is the source and the left operand is the destination. For example:
LOADREG: MOV EAX, SUBTOTAL

In this example, LOADREG is a label, MOV is the mnemonic identifier of an opcode, EAX is the destination operand, and SUBTOTAL is the source operand. Some assembly languages put the source and destination in reverse order.

1.4.4.

Hexadecimal and Binary Numbers

Base 16 (hexadecimal) numbers are represented by a string of hexadecimal digits followed by the character H (for example, F82EH). A hexadecimal digit is a character from the following set: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. Base 2 (binary) numbers are represented by a string of 1s and 0s, sometimes followed by the character B (for example, 1010B). The B designation is only used in situations where confusion as to the type of number might arise.

1.4.5.

Segmented Addressing

The processor uses byte addressing. This means memory is organized and accessed as a sequence of bytes. Whether one or more bytes are being accessed, a byte address is used to locate the byte or bytes of memory. The range of memory that can be addressed is called an address space.

1-7

ABOUT THIS MANUAL

The processor also supports segmented addressing. This is a form of addressing where a program may have many independent address spaces, called segments. For example, a program can keep its code (instructions) and stack in separate segments. Code addresses would always refer to the code space, and stack addresses would always refer to the stack space. The following notation is used to specify a byte address within a segment:
Segment-register:Byte-address

For example, the following segment address identifies the byte at address FF79H in the segment pointed by the DS register:
DS:FF79H

The following segment address identifies an instruction address in the code segment. The CS register points to the code segment and the EIP register contains the address of the instruction.
CS:EIP

1.4.6.

Exceptions

An exception is an event that typically occurs when an instruction causes an error. For example, an attempt to divide by zero generates an exception. However, some exceptions, such as breakpoints, occur under other conditions. Some types of exceptions may provide error codes. An error code reports additional information about the error. An example of the notation used to show an exception and error code is shown below.
#PF(fault code)

This example refers to a page-fault exception under conditions where an error code naming a type of fault is reported. Under some conditions, exceptions which produce error codes may not be able to report an accurate code. In this case, the error code is zero, as shown below for a general-protection exception.
#GP(0)

Refer to Chapter 5, Interrupt and Exception Handling, in the Intel Architecture Software Developers Manual, Volume 3, for a list of exception mnemonics and their descriptions.

1-8

ABOUT THIS MANUAL

1.5.

RELATED LITERATURE

The following books contain additional material related to Intel processors:

Intel Pentium II Processor Specification Update, Order Number 243337-010. Intel Pentium Pro Processor Specification Update, Order Number 242689. Intel Pentium Processor Specification Update, Order Number 242480. AP-485, Intel Processor Identification and the CPUID Instruction, Order Number 241618. AP-578, Software and Hardware Considerations for FPU Exception Handlers for Intel Architecture Processors, Order Number 242415-001. Pentium Pro Processor Family Developers Manual, Volume 1: Specifications, Order Number 242690-001. Pentium Processor Family Developers Manual, Order Number 241428. Intel486 Microprocessor Data Book, Order Number 240440. Intel486 SX CPU/Intel487 SX Math Coprocessor Data Book, Order Number 240950. Intel486 DX2 Microprocessor Data Book, Order Number 241245. Intel486 Microprocessor Product Brief Book, Order Number 240459. Intel386 Processor Hardware Reference Manual, Order Number 231732. Intel386 Processor System Software Writer's Guide, Order Number 231499. Intel386 High-Performance 32-Bit CHMOS Microprocessor with Integrated Memory Management, Order Number 231630. 376 Embedded Processor Programmers Reference Manual, Order Number 240314. 80387 DX Users Manual Programmers Reference, Order Number 231917. 376 High-Performance 32-Bit Embedded Processor, Order Number 240182. Intel386 SX Microprocessor, Order Number 240187. Microprocessor and Peripheral Handbook (Vol. 1), Order Number 230843. AP-528, Optimizations for Intels 32-Bit Processors, Order Number 242816-001.

1-9

ABOUT THIS MANUAL

1-10

2
Instruction Format

CHAPTER 2 INSTRUCTION FORMAT

This chapter describes the instruction format for all Intel Architecture processors.

2.1.

GENERAL INSTRUCTION FORMAT

All Intel Architecture instruction encodings are subsets of the general instruction format shown in Figure 2-1. Instructions consist of optional instruction prefixes (in any order), one or two primary opcode bytes, an addressing-form specifier (if required) consisting of the ModR/M byte and sometimes the SIB (Scale-Index-Base) byte, a displacement (if required), and an immediate data field (if required).

Instruction Prefixes Up to four prefixes of 1-byte each (optional) 7

Opcode 1 or 2 byte opcode

ModR/M 1 byte (if required)

SIB 1 byte (if required)

Displacement Address displacement of 1, 2, or 4 bytes or none 3 2 Index Base 0

Immediate Immediate data of 1, 2, or 4 bytes or none

65 Mod

32 0 Reg/ R/M Opcode

6 5

Scale

Figure 2-1. Intel Architecture Instruction Format

2.2.

INSTRUCTION PREFIXES

The instruction prefixes are divided into four groups, each with a set of allowable prefix codes:

Lock and repeat prefixes. F0HLOCK prefix. F2HREPNE/REPNZ prefix (used only with string instructions). F3HREP prefix (used only with string instructions). F3HREPE/REPZ prefix (used only with string instructions). F3HStreaming SIMD Extensions prefix.

2-1

INSTRUCTION FORMAT

Segment override. 2EHCS segment override prefix. 36HSS segment override prefix. 3EHDS segment override prefix. 26HES segment override prefix. 64HFS segment override prefix. 65HGS segment override prefix.

Operand-size override, 66H Address-size override, 67H

For each instruction, one prefix may be used from each of these groups and be placed in any order. The effect of redundant prefixes (more than one prefix from a group) is undefined and may vary from processor to processor.

Streaming SIMD Extensions prefix, 0FH

The nature of Streaming SIMD Extensions allows the use of existing instruction formats. Instructions use the ModR/M format and are preceded by the 0F prefix byte. In general, operations are not duplicated to provide two directions (i.e. separate load and store variants). For more information, see Section B.4.1., Instruction Prefixes in Appendix B, Instruction Formats and Encodings.

2.3.

OPCODE

The primary opcode is either 1 or 2 bytes. An additional 3-bit opcode field is sometimes encoded in the ModR/M byte. Smaller encoding fields can be defined within the primary opcode. These fields define the direction of the operation, the size of displacements, the register encoding, condition codes, or sign extension. The encoding of fields in the opcode varies, depending on the class of operation.

2.4.

MODR/M AND SIB BYTES

Most instructions that refer to an operand in memory have an addressing-form specifier byte (called the ModR/M byte) following the primary opcode. The ModR/M byte contains three fields of information:

The mod field combines with the r/m field to form 32 possible values: eight registers and 24 addressing modes. The reg/opcode field specifies either a register number or three more bits of opcode information. The purpose of the reg/opcode field is specified in the primary opcode. The r/m field can specify a register as an operand or can be combined with the mod field to encode an addressing mode.

2-2

INSTRUCTION FORMAT

Certain encodings of the ModR/M byte require a second addressing byte, the SIB byte, to fully specify the addressing form. The base-plus-index and scale-plus-index forms of 32-bit addressing require the SIB byte. The SIB byte includes the following fields:

The scale field specifies the scale factor. The index field specifies the register number of the index register. The base field specifies the register number of the base register.

Refer to Section 2.6. for the encodings of the ModR/M and SIB bytes.

2.5.

DISPLACEMENT AND IMMEDIATE BYTES

Some addressing forms include a displacement immediately following either the ModR/M or SIB byte. If a displacement is required, it can be 1, 2, or 4 bytes. If the instruction specifies an immediate operand, the operand always follows any displacement bytes. An immediate operand can be 1, 2, or 4 bytes.

2.6.

ADDRESSING-MODE ENCODING OF MODR/M AND SIB BYTES

The values and the corresponding addressing forms of the ModR/M and SIB bytes are shown in Tables 2-1 through 2-3. The 16-bit addressing forms specified by the ModR/M byte are in Table 2-1, and the 32-bit addressing forms specified by the ModR/M byte are in Table 2-2. Table 2-3 shows the 32-bit addressing forms specified by the SIB byte. In Tables 2-1 and 2-2, the first column (labeled Effective Address) lists 32 different effective addresses that can be assigned to one operand of an instruction by using the Mod and R/M fields of the ModR/M byte. The first 24 give the different ways of specifying a memory location; the last eight (specified by the Mod field encoding 11B) give the ways of specifying the general purpose, MMX technology, and SIMD floating-point registers. Each of the register encodings list five possible registers. For example, the first register-encoding (selected by the R/M field encoding of 000B) indicates the general-purpose registers EAX, AX or AL, the MMX technology register MM0, or the SIMD floating-point register XMM0. Which of these five registers is used is determined by the opcode byte and the operand-size attribute, which select either the EAX register (32 bits) or AX register (16 bits). The second and third columns in Tables 2-1 and 2-2 gives the binary encodings of the Mod and R/M fields in the ModR/M byte, respectively, required to obtain the associated effective address listed in the first column. All 32 possible combinations of the Mod and R/M fields are listed. Across the top of Tables 2-1 and 2-2, the eight possible values of the 3-bit Reg/Opcode field are listed, in decimal (sixth row from top) and in binary (seventh row from top). The seventh row is labeled REG=, which represents the use of these three bits to give the location of a second operand, which must be a general-purpose register, an MMX technology register, or a SIMD floating-point register. If the instruction does not require a second operand to be specified, then the 3 bits of the Reg/Opcode field may be used as an extension of the opcode, which is repre-

2-3

INSTRUCTION FORMAT

sented by the sixth row, labeled /digit (Opcode). The five rows above give the byte, word, and doubleword general-purpose registers; the MMX technology registers; the Streaming SIMD Extensions registers; and SIMD floating-point registers that correspond to the register numbers, with the same assignments as for the R/M field when Mod field encoding is 11B. As with the R/M field register options, which of the five possible registers is used is determined by the opcode byte along with the operand-size attribute. The body of Tables 2-1 and 2-2 (under the label Value of ModR/M Byte (in Hexadecimal)) contains a 32 by 8 array giving all of the 256 values of the ModR/M byte, in hexadecimal. Bits 3, 4 and 5 are specified by the column of the table in which a byte resides, and the row specifies bits 0, 1 and 2, and also bits 6 and 7.

2-4

INSTRUCTION FORMAT

Table 2-1. 16-Bit Addressing Forms with the ModR/M Byte

r8(/r) r16(/r) r32(/r) mm(/r) xmm(/r) /digit (Opcode) REG = AL AX EAX MM0 XMM0 0 000 CL CX ECX MM1 XMM1 1 001 DL DX EDX MM2 XMM2 2 010 BL BX EBX MM3 XMM3 3 011 AH SP ESP MM4 XMM4 4 100 CH BP1 EBP MM5 XMM5 5 101 DH SI ESI MM6 XMM6 6 110 BH DI EDI MM7 XMM7 7 111

Effective Address [BX+SI] [BX+DI] [BP+SI] [BP+DI] [SI] [DI] disp162 [BX] [BX+SI]+disp83 [BX+DI]+disp8 [BP+SI]+disp8 [BP+DI]+disp8 [SI]+disp8 [DI]+disp8 [BP]+disp8 [BX]+disp8 [BX+SI]+disp16 [BX+DI]+disp16 [BP+SI]+disp16 [BP+DI]+disp16 [SI]+disp16 [DI]+disp16 [BP]+disp16 [BX]+disp16 EAX/AX/AL/MM0/XMM0 ECX/CX/CL/MM1/XMM1 EDX/DX/DL/MM2/XMM2 EBX/BX/BL/MM3/XMM3 ESP/SP/AHMM4/XMM4 EBP/BP/CH/MM5/XMM5 ESI/SI/DH/MM6/XMM6 EDI/DI/BH/MM7/XMM7

Mod 00

R/M 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111 00 01 02 03 04 05 06 07 40 41 42 43 44 45 46 47 80 81 82 83 84 85 86 87 C0 C1 C2 C3 C4 C5 C6 C7

Value of ModR/M Byte (in Hexadecimal) 08 09 0A 0B 0C 0D 0E 0F 48 49 4A 4B 4C 4D 4E 4F 88 89 8A 8B 8C 8D 8E 8F C8 C9 CA CB CC CD CE CF 10 11 12 13 14 15 16 17 50 51 52 53 54 55 56 57 90 91 92 93 94 95 96 97 D0 D1 D2 D3 D4 D5 D6 D7 18 19 1A 1B 1C 1D 1E 1F 58 59 5A 5B 5C 5D 5E 5F 98 99 9A 9B 9C 9D 9E 9F D8 D9 DA DB DC DD DE DF 20 21 22 23 24 25 26 27 60 61 62 63 64 65 66 67 A0 A1 A2 A3 A4 A5 A6 A7 E0 EQ E2 E3 E4 E5 E6 E7 28 29 2A 2B 2C 2D 2E 2F 68 69 6A 6B 6C 6D 6E 6F A8 A9 AA AB AC AD AE AF E8 E9 EA EB EC ED EE EF 30 31 32 33 34 35 36 37 70 71 72 73 74 75 76 77 B0 B1 B2 B3 B4 B5 B6 B7 F0 F1 F2 F3 F4 F5 F6 F7 38 39 3A 3B 3C 3D 3E 3F 78 79 7A 7B 7C 7D 7E 7F B8 B9 BA BB BC BD BE BF F8 F9 FA FB FC FD FE FF

NOTES: 1. The default segment register is SS for the effective addresses containing a BP index, DS for other effective addresses. 2. The disp16 nomenclature denotes a 16-bit displacement following the ModR/M byte, to be added to the index. 3. The disp8 nomenclature denotes an 8-bit displacement following the ModR/M byte, to be sign-extended and added to the index.

2-5

INSTRUCTION FORMAT

Table 2-2. 32-Bit Addressing Forms with the ModR/M Byte

r8(/r) r16(/r) r32(/r) mm(/r) xmm(/r) /digit (Opcode) REG = AL AX EAX MM0 XMM0 0 000 CL CX ECX MM1 XMM1 1 001 DL DX EDX MM2 XMM2 2 010 BL BX EBX MM3 XMM3 3 011 AH SP ESP MM4 XMM4 4 100 CH BP EBP MM5 XMM5 5 101 DH SI ESI MM6 XMM6 6 110 BH DI EDI MM7 XMM7 7 111

Effective Address [EAX] [ECX] [EDX] [EBX] [--][--]1 disp322 [ESI] [EDI] disp8[EAX]3 disp8[ECX] disp8[EDX] disp8[EBX]; disp8[--][--] disp8[EBP] disp8[ESI] disp8[EDI] disp32[EAX] disp32[ECX] disp32[EDX] disp32[EBX] disp32[--][--] disp32[EBP] disp32[ESI] disp32[EDI] EAX/AX/AL/MM0/XMM0 ECX/CX/CL/MM1/XMM1 EDX/DX/DL/MM2XMM2 EBX/BX/BL/MM3/XMM3 ESP/SP/AH/MM4/XMM4 EBP/BP/CH/MM5/XMM5 ESI/SI/DH/MM6/XMM6 EDI/DI/BH/MM7/XMM7 NOTES:

Mod 00

Value of ModR/M Byte (in Hexadecimal) 08 09 0A 0B 0C 0D 0E 0F 48 49 4A 4B 4C 4D 4E 4F 88 89 8A 8B 8C 8D 8E 8F C8 C9 CA CB CC CD CE CF 10 11 12 13 14 15 16 17 50 51 52 53 54 55 56 57 90 91 92 93 94 95 96 97 D0 D1 D2 D3 D4 D5 D6 D7 18 19 1A 1B 1C 1D 1E 1F 58 59 5A 5B 5C 5D 5E 5F 98 99 9A 9B 9C 9D 9E 9F D8 D9 DA DB DC DD DE DF 20 21 22 23 24 25 26 27 60 61 62 63 64 65 66 67 A0 A1 A2 A3 A4 A5 A6 A7 E0 E1 E2 E3 E4 E5 E6 E7 28 29 2A 2B 2C 2D 2E 2F 68 69 6A 6B 6C 6D 6E 6F A8 A9 AA AB AC AD AE AF E8 E9 EA EB EC ED EE EF 30 31 32 33 34 35 36 37 70 71 72 73 74 75 76 77 B0 B1 B2 B3 B4 B5 B6 B7 F0 F1 F2 F3 F4 F5 F6 F7 38 39 3A 3B 3C 3D 3E 3F 78 79 7A 7B 7C 7D 7E 7F B8 B9 BA BB BC BD BE BF F8 F9 FA FB FC FD FE FF

1. The [--][--] nomenclature means a SIB follows the ModR/M byte. 2. The disp32 nomenclature denotes a 32-bit displacement following the SIB byte, to be added to the index. 3. The disp8 nomenclature denotes an 8-bit displacement following the SIB byte, to be sign-extended and added to the index.

2-6

INSTRUCTION FORMAT

Table 2-3 is organized similarly to Tables 2-1 and 2-2, except that its body gives the 256 possible values of the SIB byte, in hexadecimal. Which of the 8 general-purpose registers will be used as base is indicated across the top of the table, along with the corresponding values of the base field (bits 0, 1 and 2) in decimal and binary. The rows indicate which register is used as the index (determined by bits 3, 4 and 5) along with the scaling factor (determined by bits 6 and 7).
Table 2-3. 32-Bit Addressing Forms with the SIB Byte
r32 Base = Base = Scaled Index [EAX] [ECX] [EDX] [EBX] none [EBP] [ESI] [EDI] [EAX*2] [ECX*2] [EDX*2] [EBX*2] none [EBP*2] [ESI*2] [EDI*2] [EAX*4] [ECX*4] [EDX*4] [EBX*4] none [EBP*4] [ESI*4] [EDI*4] [EAX*8] [ECX*8] [EDX*8] [EBX*8] none [EBP*8] [ESI*8] [EDI*8] NOTE: 1. The [*] nomenclature means a disp32 with no base if MOD is 00, [EBP] otherwise. This provides the following addressing modes: disp32[index] disp8[EBP][index] disp32[EBP][index] (MOD=00). (MOD=01). (MOD=10). SS 00 Index 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111 00 08 10 18 20 28 30 38 40 48 50 58 60 68 70 78 80 88 90 98 A0 A8 B0 B8 C0 C8 D0 D8 E0 E8 F0 F8 01 09 11 19 21 29 31 39 41 49 51 59 61 69 71 79 81 89 91 89 A1 A9 B1 B9 C1 C9 D1 D9 E1 E9 F1 F9 EAX 0 000 ECX 1 001 EDX 2 010 EBX 3 011 ESP 4 100 [*] 5 101 ESI 6 110 EDI 7 111

Value of SIB Byte (in Hexadecimal) 02 0A 12 1A 22 2A 32 3A 42 4A 52 5A 62 6A 72 7A 82 8A 92 9A A2 AA B2 BA C2 CA D2 DA E2 EA F2 FA 03 0B 13 1B 23 2B 33 3B 43 4B 53 5B 63 6B 73 7B 83 8B 93 9B A3 AB B3 BB C3 CB D3 DB E3 EB F3 FB 04 0C 14 1C 24 2C 34 3C 44 4C 54 5C 64 6C 74 7C 84 8C 94 9C A4 AC B4 BC C4 CC D4 DC E4 EC F4 FC 05 0D 15 1D 25 2D 35 3D 45 4D 55 5D 65 6D 75 7D 85 8D 95 9D A5 AD B5 BD C5 CD D5 DD E5 ED F5 FD 06 0E 16 1E 26 2E 36 3E 46 4E 56 5E 66 6E 76 7E 86 8E 96 9E A6 AE B6 BE C6 CE D6 DE E6 EE F6 FE 07 0F 17 1F 27 2F 37 3F 47 4F 57 5F 67 6F 77 7F 87 8F 97 9F A7 AF B7 BF C7 CF D7 DF E7 EF F7 FF

2-7

INSTRUCTION FORMAT

2-8

3
Instruction Set Reference

CHAPTER 3 INSTRUCTION SET REFERENCE

This chapter describes the complete Intel Architecture instruction set, including the integer, floating-point, MMX technology, Streaming SIMD Extensions, and system instructions. The instruction descriptions are arranged in alphabetical order. For each instruction, the forms are given for each operand combination, including the opcode, operands required, and a description. Also given for each instruction are a description of the instruction and its operands, an operational description, a description of the effect of the instructions on flags in the EFLAGS register, and a summary of the exceptions that can be generated.

3.1.

INTERPRETING THE INSTRUCTION REFERENCE PAGES

This section describes the information contained in the various sections of the instruction reference pages that make up the majority of this chapter. It also explains the notational conventions and abbreviations used in these sections.

3.1.1.

Instruction Format

The following is an example of the format used for each Intel Architecture instruction description in this chapter:

3-1

INSTRUCTION SET REFERENCE

CMCComplement Carry Flag

Opcode F5 Instruction CMC Description Complement carry flag

3.1.1.1.

OPCODE COLUMN

The Opcode column gives the complete object code produced for each form of the instruction. When possible, the codes are given as hexadecimal bytes, in the same order in which they appear in memory. Definitions of entries other than hexadecimal bytes are as follows:

/digitA digit between 0 and 7 indicates that the ModR/M byte of the instruction uses only the r/m (register or memory) operand. The reg field contains the digit that provides an extension to the instruction's opcode. /rIndicates that the ModR/M byte of the instruction contains both a register operand and an r/m operand. cb, cw, cd, cpA 1-byte (cb), 2-byte (cw), 4-byte (cd), or 6-byte (cp) value following the opcode that is used to specify a code offset and possibly a new value for the code segment register. ib, iw, idA 1-byte (ib), 2-byte (iw), or 4-byte (id) immediate operand to the instruction that follows the opcode, ModR/M bytes or scale-indexing bytes. The opcode determines if the operand is a signed value. All words and doublewords are given with the low-order byte first. +rb, +rw, +rdA register code, from 0 through 7, added to the hexadecimal byte given at the left of the plus sign to form a single opcode byte. The register codes are given in Table 3-1. +iA number used in floating-point instructions when one of the operands is ST(i) from the FPU register stack. The number i (which can range from 0 to 7) is added to the hexadecimal byte given at the left of the plus sign to form a single opcode byte.

3-2

INSTRUCTION SET REFERENCE

Table 3-1. Register Encodings Associated with the +rb, +rw, and +rd Nomenclature
rb AL CL DL BL = = = = rb AH CH DH BH = = = = 4 5 6 7 SP BP SI DI 0 1 2 3 AX CX DX BX rw = = = = rw = = = = 4 5 6 7 ESP EBP ESI EDI 0 1 2 3 EAX ECX EDX EBX rd = = = = rd = = = = 4 5 6 7 0 1 2 3

3.1.1.2.

INSTRUCTION COLUMN

The Instruction column gives the syntax of the instruction statement as it would appear in an ASM386 program. The following is a list of the symbols used to represent operands in the instruction statements:

rel8A relative address in the range from 128 bytes before the end of the instruction to 127 bytes after the end of the instruction. rel16 and rel32A relative address within the same code segment as the instruction assembled. The rel16 symbol applies to instructions with an operand-size attribute of 16 bits; the rel32 symbol applies to instructions with an operand-size attribute of 32 bits. ptr16:16 and ptr16:32A far pointer, typically in a code segment different from that of the instruction. The notation 16:16 indicates that the value of the pointer has two parts. The value to the left of the colon is a 16-bit selector or value destined for the code segment register. The value to the right corresponds to the offset within the destination segment. The ptr16:16 symbol is used when the instruction's operand-size attribute is 16 bits; the ptr16:32 symbol is used when the operand-size attribute is 32 bits. r8One of the byte general-purpose registers AL, CL, DL, BL, AH, CH, DH, or BH. r16One of the word general-purpose registers AX, CX, DX, BX, SP, BP, SI, or DI. r32One of the doubleword general-purpose registers EAX, ECX, EDX, EBX, ESP, EBP, ESI, or EDI. imm8An immediate byte value. The imm8 symbol is a signed number between 128 and +127 inclusive. For instructions in which imm8 is combined with a word or doubleword operand, the immediate value is sign-extended to form a word or doubleword. The upper byte of the word is filled with the topmost bit of the immediate value. imm16An immediate word value used for instructions whose operand-size attribute is 16 bits. This is a number between 32,768 and +32,767 inclusive.

3-3

INSTRUCTION SET REFERENCE

imm32An immediate doubleword value used for instructions whose operandsize attribute is 32 bits. It allows the use of a number between +2,147,483,647 and 2,147,483,648 inclusive. r/m8A byte operand that is either the contents of a byte general-purpose register (AL, BL, CL, DL, AH, BH, CH, and DH), or a byte from memory. r/m16A word general-purpose register or memory operand used for instructions whose operand-size attribute is 16 bits. The word general-purpose registers are: AX, BX, CX, DX, SP, BP, SI, and DI. The contents of memory are found at the address provided by the effective address computation. r/m32A doubleword general-purpose register or memory operand used for instructions whose operand-size attribute is 32 bits. The doubleword general-purpose registers are: EAX, EBX, ECX, EDX, ESP, EBP, ESI, and EDI. The contents of memory are found at the address provided by the effective address computation. mA 16- or 32-bit operand in memory. m8A byte operand in memory, usually expressed as a variable or array name, but pointed to by the DS:(E)SI or ES:(E)DI registers. This nomenclature is used only with the string instructions and the XLAT instruction. m16A word operand in memory, usually expressed as a variable or array name, but pointed to by the DS:(E)SI or ES:(E)DI registers. This nomenclature is used only with the string instructions. m32A doubleword operand in memory, usually expressed as a variable or array name, but pointed to by the DS:(E)SI or ES:(E)DI registers. This nomenclature is used only with the string instructions. m64A memory quadword operand in memory. This nomenclature is used only with the CMPXCHG8B instruction. m128A memory double quadword operand in memory. This nomenclature is used only with the Streaming SIMD Extensions. m16:16, m16:32A memory operand containing a far pointer composed of two numbers. The number to the left of the colon corresponds to the pointer's segment selector. The number to the right corresponds to its offset. m16&32, m16&16, m32&32A memory operand consisting of data item pairs whose sizes are indicated on the left and the right side of the ampersand. All memory addressing modes are allowed. The m16&16 and m32&32 operands are used by the BOUND instruction to provide an operand containing an upper and lower bounds for array indices. The m16&32 operand is used by LIDT and LGDT to provide a word with which to load the limit field, and a doubleword with which to load the base field of the corresponding GDTR and IDTR registers. moffs8, moffs16, moffs32A simple memory variable (memory offset) of type byte, word, or doubleword used by some variants of the MOV instruction. The actual address is given by a simple offset relative to the segment base. No ModR/M byte is used in the

3-4

INSTRUCTION SET REFERENCE

instruction. The number shown with moffs indicates its size, which is determined by the address-size attribute of the instruction.

SregA segment register. The segment register bit assignments are ES=0, CS=1, SS=2, DS=3, FS=4, and GS=5. m32real, m64real, m80realA single-, double-, and extended-real (respectively) floating-point operand in memory. m16int, m32int, m64intA word-, short-, and long-integer (respectively) floating-point operand in memory. ST or ST(0)The top element of the FPU register stack. ST(i)The ith element from the top of the FPU register stack. (i = 0 through 7) mmAn MMX technology register. The 64-bit MMX technology registers are: MM0 through MM7. xmmA SIMD floating-point register. The 128-bit SIMD floating-point registers are: XMM0 through XMM7. mm/m32The low order 32 bits of an MMX technology register or a 32-bit memory operand. The 64-bit MMX technology registers are: MM0 through MM7. The contents of memory are found at the address provided by the effective address computation. mm/m64An MMX technology register or a 64-bit memory operand. The 64-bit MMX technology registers are: MM0 through MM7. The contents of memory are found at the address provided by the effective address computation. xmm/m32A SIMD floating-points register or a 32-bit memory operand. The 128-bit SIMD floating-point registers are XMM0 through XMM7. The contents of memory are found at the address provided by the effective address computation. xmm/m64A SIMD floating-point register or a 64-bit memory operand. The 64-bit SIMD floating-point registers are XMM0 through XMM7. The contents of memory are found at the address provided by the effective address computation. xmm/m128A SIMD floating-point register or a 128-bit memory operand. The 128-bit SIMD floating-point registers are XMM0 through XMM7. The contents of memory are found at the address provided by the effective address computation. DESCRIPTION COLUMN

3.1.1.3.

The Description column following the Instruction column briefly explains the various forms of the instruction. The following Description and Operation sections contain more details of the instruction's operation. 3.1.1.4. DESCRIPTION

The Pentium with MMX technology, Pentium II, and Pentium III processors have characteristics that enable the development of advanced multimedia applications. This section describes the compiler intrinsic equivalents that can be used with the Intel C/C++ Compiler. Intrinsics are special coding extensions that allow using the syntax of C function calls and C variables instead of hardware registers. Using these intrinsics frees programmers from having to manage registers and assembly programming. Further, the compiler optimizes the instruction scheduling so that executables runs faster. The following sections discuss the intrinsics API and the MMX technology and SIMD floating-point intrinsics. Each intrinsic equivalent is listed with the instruction description. There may be additional intrinsics that do not have an instruction equivalent. It is strongly recommended that the reader reference the compiler documentation for the complete list of supported intrinsics. Please refer to the Intel C/C++ Compiler Users Guide for Win32* Systems With
Streaming SIMD Extension Support (Order Number 718195-00B). Refer to Appendix C, Compiler Intrinsics and Functional Equivalents for more information on using intrinsics.

Most of the intrinsics that use __m64 operands have two different names. If two intrinsic names are shown for the same equivalent, the first name is the intrinsic for Intel C/C++ Compiler versions prior to 4.0 and the second name should be used with the Intel C/C++ Compiler version 4.0 and future versions. The Intel C/C++ Compiler version 4.0 will support the old intrinsic names. Programs written using pre-4.0 intrinsic names will compile with version 4.0. Version 4.0 intrinsic names will not compile on pre-4.0 compilers. 3.1.3.1. THE INTRINSICS API

The benefit of coding with MMX technology intrinsics and SIMD floating-point intrinsics is that you can use the syntax of C function calls and C variables instead of hardware registers. This frees you from managing registers and programming assembly. Further, the compiler optimizes the instruction scheduling so that your executable runs faster. For each computational and data manipulation instruction in the new instruction set, there is a corresponding C intrinsic that implements it directly. The intrinsics allow you to specify the underlying implementation (instruction selection) of an algorithm yet leave instruction scheduling and register allocation to the compiler.

3-9

INSTRUCTION SET REFERENCE

3.1.3.2.

MMX TECHNOLOGY INTRINSICS

The MMX technology intrinsics are based on a new __m64 data type to represent the specific contents of an MMX technology register. You can specify values in bytes, short integers, 32bit values, or a 64-bit object. The __m64 data type, however, is not a basic ANSI C data type, and therefore you must observe the following usage restrictions:

Use __m64 data only on the left-hand side of an assignment, as a return value, or as a parameter. You cannot use it with other arithmetic expressions ("+", ">>", and so on). Use __m64 objects in aggregates, such as unions to access the byte elements and structures; the
address of an __m64 object may be taken.

Use __m64 data only with the MMX technology intrinsics described in this guide and the Intel C/C++ Compiler Users Guide for Win32* Systems With Streaming SIMD Extension
Support (Order Number 718195-00B). Refer to Appendix C, Compiler Intrinsics and Functional Equivalents for more information on using intrinsics.

3.1.3.3.

SIMD FLOATING-POINT INTRINSICS

The __m128 data type is used to represent the contents of an xmm register, which is either four packed single-precision floating-point values or one scalar single-precision number. The __m128 data type is not a basic ANSI C datatype and therefore some restrictions are placed on its usage:

Use __m128 only on the left-hand side of an assignment, as a return value, or as a parameter. Do not use it in other arithmetic expressions such as "+" and ">>". Do not initialize __m128 with literals; there is no way to express 128-bit constants. Use __m128 objects in aggregates, such as unions (for example, to access the float elements) and structures. The address of an __m128 object may be taken. Use __m128 data only with the intrinsics described in this users guide. Refer to Appendix C, Compiler Intrinsics and Functional Equivalents for more information on using intrinsics.

The compiler aligns __m128 local data to 16B boundaries on the stack. Global __m128 data is also 16B-aligned. (To align float arrays, you can use the alignment declspec described in the following section.) Because the new instruction set treats the SIMD floating-point registers in the same way whether you are using packed or scalar data, there is no __m32 datatype to represent scalar data as you might expect. For scalar operations, you should use the __m128 objects and the scalar forms of the intrinsics; the compiler and the processor implement these operations with 32-bit memory references. The suffixes ps and ss are used to denote packed single and scalar single precision operations. The packed floats are represented in right-to-left order, with the lowest word (right-most) being used for scalar operations: [z, y, x, w]. To explain how memory storage reflects this, consider the following example.

3-10

INSTRUCTION SET REFERENCE

The operation
float a[4] = { 1.0, 2.0, 3.0, 4.0 }; __m128 t = _mm_load_ps(a);

produces the same result as follows:

__m128 t = _mm_set_ps(4.0, 3.0, 2.0, 1.0);

In other words,
t = [ 4.0, 3.0, 2.0, 1.0 ]

where the scalar element is 1.0. Some intrinsics are composites because they require more than one instruction to implement them. You should be familiar with the hardware features provided by the Streaming SIMD Extensions and MMX technology when writing programs with the intrinsics. Keep the following three important issues in mind:

Certain intrinsics, such as _mm_loadr_ps and _mm_cmpgt_ss, are not directly supported by the instruction set. While these intrinsics are convenient programming aids, be mindful of their implementation cost. Floating-point data loaded or stored as __m128 objects must generally be 16-bytealigned. Some intrinsics require that their argument be immediates, that is, constant integers (literals), due to the nature of the instruction. The result of arithmetic operations acting on two NaN (Not a Number) arguments is undefined. Therefore, FP operations using NaN arguments will not match the expected behavior of the corresponding assembly instructions.

For a more detailed description of each intrinsic and additional information related to its usage, refer to the Intel C/C++ Compiler Users Guide for Win32* Systems With Streaming SIMD Extension
Support (Order Number 718195-00B). Refer to Appendix C, Compiler Intrinsics and Functional Equivalents for more information on using intrinsics.

3.1.4.

Flags Affected

The Flags Affected section lists the flags in the EFLAGS register that are affected by the instruction. When a flag is cleared, it is equal to 0; when it is set, it is equal to 1. The arithmetic and logical instructions usually assign values to the status flags in a uniform manner. For more information, refer to Appendix A, EFLAGS Cross-Reference, of the Intel Architecture Software Developers Manual, Volume 1. Non-conventional assignments are described in the Operation section. The values of flags listed as undefined may be changed by the instruction in an indeterminate manner. Flags that are not listed are unchanged by the instruction.

3-11

INSTRUCTION SET REFERENCE

0 7

BitBase + 1

BitBase

BitBase 1

BitOffset = +13
7 0 7 0 7 5 0

BitBase

BitBase 1 BitOffset = 11

BitBase 2

Figure 3-2. Memory Bit Indexing

3.1.5.

FPU Flags Affected

The floating-point instructions have an FPU Flags Affected section that describes how each instruction can affect the four condition code flags of the FPU status word.

3.1.6.

Protected Mode Exceptions

The Protected Mode Exceptions section lists the exceptions that can occur when the instruction is executed in protected mode and the reasons for the exceptions. Each exception is given a mnemonic that consists of a pound sign (#) followed by two letters and an optional error code in parentheses. For example, #GP(0) denotes a general protection exception with an error code of 0. Table 3-2 associates each two-letter mnemonic with the corresponding interrupt vector number and exception name. Refer to Chapter 5, Interrupt and Exception Handling, of the Intel Architecture Software Developers Manual, Volume 3, for a detailed description of the exceptions. Application programmers should consult the documentation provided with their operating systems to determine the actions taken when exceptions occur.

3.1.7.

Real-Address Mode Exceptions

The Real-Address Mode Exceptions section lists the exceptions that can occur when the instruction is executed in real-address mode.

3-12

INSTRUCTION SET REFERENCE

Table 3-2. Exception Mnemonics, Names, and Vector Numbers

Vector No. 0 1 3 4 5 6 7 8 10 11 12 13 14 16 17 18 19 Mnemonic #DE #DB #BP #OF #BR #UD #NM #DF #TS #NP #SS #GP #PF #MF #AC #MC #XF Divide Error Debug Breakpoint Overflow BOUND Range Exceeded Invalid Opcode (Undefined Opcode) Device Not Available (No Math Coprocessor) Double Fault Invalid TSS Segment Not Present Stack Segment Fault General Protection Page Fault Floating-Point Error (Math Fault) Alignment Check Machine Check SIMD Floating-Point Numeric Error Name Source DIV and IDIV instructions. Any code or data reference. INT 3 instruction. INTO instruction. BOUND instruction. UD2 instruction or reserved opcode.1 Floating-point or WAIT/FWAIT instruction. Any instruction that can generate an exception, an NMI, or an INTR. Task switch or TSS access. Loading segment registers or accessing system segments. Stack operations and SS register loads. Any memory reference and other protection checks. Any memory reference. Floating-point or WAIT/FWAIT instruction. Any data reference in memory.2 Model dependent.3 Streaming SIMD Extensions4

NOTES: 1. The UD2 instruction was introduced in the Pentium Pro processor. 2. This exception was introduced in the Intel486 processor. 3. This exception was introduced in the Pentium processor and enhanced in the Pentium Pro processor.

4. This exception was introduced in the Pentium III processor.

3.1.8.

Virtual-8086 Mode Exceptions

The Virtual-8086 Mode Exceptions section lists the exceptions that can occur when the instruction is executed in virtual-8086 mode.

3-13

INSTRUCTION SET REFERENCE

3.1.9.

Floating-Point Exceptions

The Floating-Point Exceptions section lists additional exceptions that can occur when a floating-point instruction is executed in any mode. All of these exception conditions result in a floating-point error exception (#MF, vector number 16) being generated. Table 3-3 associates each one- or two-letter mnemonic with the corresponding exception name. Refer to Section 7.8., Floating-Point Exception Conditions in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1, for a detailed description of these exceptions.
Table 3-3. Floating-Point Exception Mnemonics and Names
Vector No. 16 #IS #IA 16 16 16 16 16 #Z #D #O #U #P Mnemonic Name Floating-point invalid operation: - Stack overflow or underflow - Invalid arithmetic operation Floating-point divide-by-zero Floating-point denormalized operation Floating-point numeric overflow Floating-point numeric underflow Floating-point inexact result (precision) Source - FPU stack overflow or underflow - Invalid FPU arithmetic operation FPU divide-by-zero Attempting to operate on a denormal number FPU numeric overflow FPU numeric underflow Inexact result (precision)

3.1.10. SIMD Floating-Point Exceptions - Streaming SIMD Extensions Only

The SIMD Floating-Point Exceptions section lists additional exceptions that can occur when a SIMD floating-point instruction is executed in any mode. All of these exception conditions result in a SIMD floating-point error exception (#XF, vector number 19) being generated. Table 3-4 associates each one-or two-letter mnemonic with the corresponding exception name. For a detailed description of these exceptions, refer to Chapter 9, Programming with the Streaming SIMD Extensions, of the Intel Architecture Software Developers Manual, Volume 1.

3-14

INSTRUCTION SET REFERENCE

Table 3-4. SIMD Floating-Point Exception Mnemonics and Names

Vector No. 6 6

Mnemonic #UD #UD

Name Invalid opcode Invalid opcode

Source Memory access Refer to Note 1 & Table 3-5 Refer to Note 1 & Table 3-5 Memory access Refer to Note 2 Memory access Refer to Note 3 Refer to Note 4 Refer to Note 4 Refer to Note 4 Refer to Note 5 Refer to Note 5 Refer to Note 5

#NM

Device not available Stack exception General protection Page fault Alignment check Invalid operation Divide-by-zero Denormalized operand Numeric overflow Numeric underflow Inexact result

12 13 14 17 19 19 19 19 19 19

#SS #GP #PF #AC #I #Z #D #O #U #P

Note 1:These are system exceptions. Table 3-5 lists the causes for Interrupt 6 and Interrupt 7 with Streaming SIMD Extensions. Note 2:Executing a Streaming SIMD Extension with a misaligned 128-bit memory reference generates a general protection exception; a 128-bit reference within the stack segment, which is not aligned to a 16byte boundary will also generate a GP fault, not a stack exception (SS). However, the MOVUPS instruction, which performs an unaligned 128-bit load or store, will not generate an exception for data that is not aligned to a 16-byte boundary. Note 3:This type of alignment check is done for operands which are less than 128-bits in size: 32-bit scalar single and 16-bit/32-bit/64-bit integer MMX technology; the exception is the MOVUPS instruction, which performs a 128-bit unaligned load or store, is also covered by this alignment check. There are three conditions that must be true to enable #AC interrupt generation. Note 4:Invalid, Divide-by-zero and Denormal exceptions are pre-computation exceptions, i.e., they are detected before any arithmetic operation occurs. Note 5:Underflow, Overflow and Precision exceptions are post-computation exceptions.

3-15

INSTRUCTION SET REFERENCE

Table 3-5. Streaming SIMD Extensions Faults (Interrupts 6 & 7)

CR0.EM 1 0 CR0.TS 1 CR4.OSFXSR 1 0 CPUID.XMM 1 0 Exception #UD Interrupt 6 #NM Interrupt 7 #UD Interrupt 6 #UD Interrupt 6

Opcode 0F,58,/r Instruction ADDPS xmm1, xmm2/m128 Description Add packed SP FP numbers from XMM2/Mem to XMM1.

Description The ADDPS instruction adds the packed SP FP numbers of both their operands.

ADD PS xmm1, xmm2/M128 Xmm1 4.0 3.0

+
Xmm2/ m128 Xmm1 1.0 2.0

+
3.0

+
4.0

=
5.0

Figure 3-3. Operation of the ADDPS Instruction

Operation
DEST[31-0] DEST[63-32] DEST[95-64] DEST[127-96] = DEST[31-0] + SRC/m128[31-0]; = DEST[63-32] + SRC/m128[63-32]; = DEST[95-64] + SRC/m128[95-64]; = DEST[127-96] + SRC/m128[127-96];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_add_ps(__m128 a, __m128 b)

Adds the four SP FP values of a and b.

3-25

INSTRUCTION SET REFERENCE

ADDPSPacked Single-FP Add (Continued)

Exceptions General protection exception if not aligned on 16-byte boundary, regardless of segment. Numeric Exceptions Overflow, Underflow, Invalid, Precision, Denormal. Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM #XM #UD #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault If CR0.EM = 1. If TS bit in CR0 is set. For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =1). For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =0). If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

Real Address Mode Exceptions Interrupt 13 #UD #NM #XM #UD If any part of the operand would lie outside of the effective address space from 0 to 0FFFFH. If CR0.EM = 1. If TS bit in CR0 is set. For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =1). For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =0).

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) For a page fault.

3-26

INSTRUCTION SET REFERENCE

ADDSSScalar Single-FP Add

Opcode F3,0F,58, /r Instruction ADDSS xmm1, xmm2/m32 Description Add the lower SP FP number from XMM2/Mem to XMM1.

Description The ADDSS instruction adds the lower SP FP numbers of both their operands; the upper three fields are passed through from xmm1.

ADD SS xmm1, xmm2/m32 Xmm1

+
Xmm2/ m32 Xmm1

+ =

+
4.0

=
5.0

Figure 3-4. Operation of the ADDSS Instruction

Operation
DEST[31-0] DEST[63-32] DEST[95-64] DEST[127-96] = DEST[31-0] + SRC/m32[31-0]; = DEST[63-32]; = DEST[95-64]; = DEST[127-96];

ANDLogical AND
Opcode 24 ib 25 iw 25 id 80 /4 ib 81 /4 iw 81 /4 id 83 /4 ib 83 /4 ib 20 /r 21 /r 21 /r 22 /r 23 /r 23 /r Instruction AND AL,imm8 AND AX,imm16 AND EAX,imm32 AND r/m8,imm8 AND r/m16,imm16 AND r/m32,imm32 AND r/m16,imm8 AND r/m32,imm8 AND r/m8,r8 AND r/m16,r16 AND r/m32,r32 AND r8,r/m8 AND r16,r/m16 AND r32,r/m32 Description AL AND imm8 AX AND imm16 EAX AND imm32

r/m8 AND imm8 r/m16 AND imm16 r/m32 AND imm32 r/m16 AND imm8 (sign-extended) r/m32 AND imm8 (sign-extended) r/m8 AND r8 r/m16 AND r16 r/m32 AND r32 r8 AND r/m8 r16 AND r/m16 r32 AND r/m32

Description This instruction performs a bitwise AND operation on the destination (first) and source (second) operands and stores the result in the destination operand location. The source operand can be an immediate, a register, or a memory location; the destination operand can be a register or a memory location. Two memory operands cannot, however, be used in one instruction. Each bit of the instruction result is a 1 if both corresponding bits of the operands are 1; otherwise, it becomes a 0. Operation
DEST DEST AND SRC;

Flags Affected The OF and CF flags are cleared; the SF, ZF, and PF flags are set according to the result. The state of the AF flag is undefined.

3-30

INSTRUCTION SET REFERENCE

ANDLogical AND (Continued)

Protected Mode Exceptions #GP(0) If the destination operand points to a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-31

INSTRUCTION SET REFERENCE

ANDNPSBit-wise Logical And Not For Single-FP

Opcode 0F,55,/r Instruction ANDNPS xmm1, xmm2/m128 Description Invert the 128 bits in XMM1and then AND the result with 128 bits from XMM2/Mem.

Description The ANDNPS instructions returns a bit-wise logical AND between the complement of XMM1 and XMM2/Mem.

ANDNPS xmm1, xmm2/M128 Xmm1 0x00001111 0x11110000

&
Xmm2/ m128 Xmm1 0x11110000 0x00001111

&
0x11110000

&
0x00001111

=
0x00001111

=
0x11110000

=
0x00001111

=
0x11110000

Figure 3-5. Operation of the ANDNPS Instruction

Operation
DEST[127-0] = NOT (DEST[127-0]) AND SRC/m128[127-0];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_andnot_ps(__m128 a, __m128 b)

Computes the bitwise AND-NOT of the four SP FP values of a and b.

3-32

INSTRUCTION SET REFERENCE

ANDNPSBit-wise Logical And Not for Single-FP (Continued)

Exceptions General protection exception if not aligned on 16-byte boundary, regardless of segment. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

Real-Address Mode Exceptions Interrupt 13 #UD #NM If any part of the operand would lie outside of the effective address space from 0 to 0FFFFH If CR0.EM = 1. If TS bit in CR0 is set.

Virtual-8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) #UD #UD Comments The usage of Repeat Prefix (F3H) with ANDNPS is reserved. Different processor implementations may handle this prefix differently. Usage of this prefix with ANDNPS risks incompatibility with future processors. For a page fault. If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

3-33

INSTRUCTION SET REFERENCE

ANDPSBit-wise Logical And For Single FP

Opcode 0F,54,/r Instruction ANDPS xmm1, xmm2/m128 Description Logical AND of 128 bits from XMM2/Mem to XMM1 register.

Description The ANDPS instruction returns a bit-wise logical AND between XMM1 and XMM2/Mem.
ANDPS xmm1, xmm2/m128 Xmm1 Xmm2/ m128 Xmm1 0x00001111 0x11110000 0x00001111 0x11110000

&
0x11110000

&
0x00001111

&
0x11110000

&
0x00001111

=
0X00000000

Figure 3-6. Operation of the ANDPS Instruction

Operation
DEST[127-0] AND= SRC/m128[127-0];

BSRBit Scan Reverse (Continued)

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-43

INSTRUCTION SET REFERENCE

BSWAPByte Swap
Opcode 0F C8+rd Instruction BSWAP r32 Description Reverses the byte order of a 32-bit register.

Description This instruction reverses the byte order of a 32-bit (destination) register: bits 0 through 7 are swapped with bits 24 through 31, and bits 8 through 15 are swapped with bits 16 through 23. This instruction is provided for converting little-endian values to big-endian format and vice versa. To swap bytes in a word value (16-bit register), use the XCHG instruction. When the BSWAP instruction references a 16-bit register, the result is undefined. Intel Architecture Compatibility The BSWAP instruction is not supported on Intel Architecture processors earlier than the Intel486 processor family. For compatibility with this instruction, include functionally equivalent code for execution on Intel processors earlier than the Intel486 processor family. Operation
TEMP DEST DEST(7..0) TEMP(31..24) DEST(15..8) TEMP(23..16) DEST(23..16) TEMP(15..8) DEST(31..24) TEMP(7..0)

Flags Affected None. Exceptions (All Operating Modes) None.

3-44

INSTRUCTION SET REFERENCE

BTBit Test
Opcode 0F A3 0F A3 0F BA /4 ib 0F BA /4 ib Instruction BT r/m16,r16 BT r/m32,r32 BT r/m16,imm8 BT r/m32,imm8 Description Store selected bit in CF flag Store selected bit in CF flag Store selected bit in CF flag Store selected bit in CF flag

Description This instruction selects the bit in a bit string (specified with the first operand, called the bit base) at the bit-position designated by the bit offset operand (second operand) and stores the value of the bit in the CF flag. The bit base operand can be a register or a memory location; the bit offset operand can be a register or an immediate value. If the bit base operand specifies a register, the instruction takes the modulo 16 or 32 (depending on the register size) of the bit offset operand, allowing any bit position to be selected in a 16- or 32-bit register, respectively (refer to Figure 3-1). If the bit base operand specifies a memory location, it represents the address of the byte in memory that contains the bit base (bit 0 of the specified byte) of the bit string (refer to Figure 3-2). The offset operand then selects a bit position within the range 231 to 231 1 for a register offset and 0 to 31 for an immediate offset. Some assemblers support immediate bit offsets larger than 31 by using the immediate bit offset field in combination with the displacement field of the memory operand. In this case, the loworder three or five bits (three for 16-bit operands, five for 32-bit operands) of the immediate bit offset are stored in the immediate bit offset field, and the high-order bits are shifted and combined with the byte displacement in the addressing mode by the assembler. The processor will ignore the high order bits if they are not zero. When accessing a bit in memory, the processor may access four bytes starting from the memory address for a 32-bit operand size, using by the following relationship:
Effective Address + (4 (BitOffset DIV 32))

BTSBit Test and Set (Continued)

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

Virtual-8086 Mode Exceptions #GP #SS #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made.

3-52

INSTRUCTION SET REFERENCE

CALLCall Procedure
Opcode E8 cw E8 cd FF /2 FF /2 9A cd 9A cp FF /3 FF /3 Instruction CALL rel16 CALL rel32 CALL r/m16 CALL r/m32 CALL ptr16:16 CALL ptr16:32 CALL m16:16 CALL m16:32 Description Call near, relative, displacement relative to next instruction Call near, relative, displacement relative to next instruction Call near, absolute indirect, address given in r/m16 Call near, absolute indirect, address given in r/m32 Call far, absolute, address given in operand Call far, absolute, address given in operand Call far, absolute indirect, address given in m16:16 Call far, absolute indirect, address given in m16:32

Description This instruction saves procedure linking information on the stack and branches to the procedure (called procedure) specified with the destination (target) operand. The target operand specifies the address of the first instruction in the called procedure. This operand can be an immediate value, a general-purpose register, or a memory location. This instruction can be used to execute four different types of calls:

Near callA call to a procedure within the current code segment (the segment currently pointed to by the CS register), sometimes referred to as an intrasegment call. Far callA call to a procedure located in a different segment than the current code segment, sometimes referred to as an intersegment call. Inter-privilege-level far callA far call to a procedure in a segment at a different privilege level than that of the currently executing program or procedure. Task switchA call to a procedure located in a different task.

The latter two call types (inter-privilege-level call and task switch) can only be executed in protected mode. Refer to Section 4.3., Calling Procedures Using CALL and RET in Chapter 4, Procedure Calls, Interrupts, and Exceptions of the Intel Architecture Software Developers Manual, Volume 1, for additional information on near, far, and inter-privilege-level calls. Refer to Chapter 6, Task Management, of the Intel Architecture Software Developers Manual, Volume 3, for information on performing task switches with the CALL instruction. Near Call. When executing a near call, the processor pushes the value of the EIP register (which contains the offset of the instruction following the CALL instruction) onto the stack (for use later as a return-instruction pointer). The processor then branches to the address in the current code segment specified with the target operand. The target operand specifies either an absolute offset in the code segment (that is an offset from the base of the code segment) or a relative offset (a signed displacement relative to the current value of the instruction pointer in the EIP register, which points to the instruction following the CALL instruction). The CS register is not changed on near calls.

3-53

INSTRUCTION SET REFERENCE

CALLCall Procedure (Continued)

For a near call, an absolute offset is specified indirectly in a general-purpose register or a memory location (r/m16 or r/m32). The operand-size attribute determines the size of the target operand (16 or 32 bits). Absolute offsets are loaded directly into the EIP register. If the operandsize attribute is 16, the upper two bytes of the EIP register are cleared to 0s, resulting in a maximum instruction pointer size of 16 bits. (When accessing an absolute offset indirectly using the stack pointer [ESP] as a base register, the base value used is the value of the ESP before the instruction executes.) A relative offset (rel16 or rel32) is generally specified as a label in assembly code, but at the machine code level, it is encoded as a signed, 16- or 32-bit immediate value. This value is added to the value in the EIP register. As with absolute offsets, the operand-size attribute determines the size of the target operand (16 or 32 bits). Far Calls in Real-Address or Virtual-8086 Mode. When executing a far call in realaddress or virtual-8086 mode, the processor pushes the current value of both the CS and EIP registers onto the stack for use as a return-instruction pointer. The processor then performs a far branch to the code segment and offset specified with the target operand for the called procedure. Here the target operand specifies an absolute far address either directly with a pointer (ptr16:16 or ptr16:32) or indirectly with a memory location (m16:16 or m16:32). With the pointer method, the segment and offset of the called procedure is encoded in the instruction, using a 4-byte (16-bit operand size) or 6-byte (32-bit operand size) far address immediate. With the indirect method, the target operand specifies a memory location that contains a 4-byte (16-bit operand size) or 6-byte (32-bit operand size) far address. The operand-size attribute determines the size of the offset (16 or 32 bits) in the far address. The far address is loaded directly into the CS and EIP registers. If the operand-size attribute is 16, the upper two bytes of the EIP register are cleared to 0s. Far Calls in Protected Mode. When the processor is operating in protected mode, the CALL instruction can be used to perform the following three types of far calls:

Far call to the same privilege level. Far call to a different privilege level (inter-privilege level call). Task switch (far call to another task).

CALLCall Procedure (Continued)

Protected Mode Exceptions #GP(0) If target offset in destination operand is beyond the new code segment limit. If the segment selector in the destination operand is null. If the code segment selector in the gate is null. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a null segment selector. #GP(selector) If code segment or gate or TSS selector index is outside descriptor table limits. If the segment descriptor pointed to by the segment selector in the destination operand is not for a conforming-code segment, nonconforming-code segment, call gate, task gate, or task state segment. If the DPL for a nonconforming-code segment is not equal to the CPL or the RPL for the segments segment selector is greater than the CPL. If the DPL for a conforming-code segment is greater than the CPL. If the DPL from a call-gate, task-gate, or TSS segment descriptor is less than the CPL or than the RPL of the call-gate, task-gate, or TSSs segment selector. If the segment descriptor for a segment selector from a call gate does not indicate it is a code segment. If the segment selector from a call gate is beyond the descriptor table limits. If the DPL for a code-segment obtained from a call gate is greater than the CPL. If the segment selector for a TSS has its local/global bit set for local. If a TSS segment descriptor specifies that the TSS is busy or not available. #SS(0) If pushing the return address, parameters, or stack segment pointer onto the stack exceeds the bounds of the stack segment, when no stack switch occurs. If a memory operand effective address is outside the SS segment limit. #SS(selector) If pushing the return address, parameters, or stack segment pointer onto the stack exceeds the bounds of the stack segment, when a stack switch occurs.

3-62

INSTRUCTION SET REFERENCE

CALLCall Procedure (Continued)

If the SS register is being loaded as part of a stack switch and the segment pointed to is marked not present. If stack segment does not have room for the return address, parameters, or stack segment pointer, when stack switch occurs. #NP(selector) #TS(selector) If a code segment, data segment, stack segment, call gate, task gate, or TSS is not present. If the new stack segment selector and ESP are beyond the end of the TSS. If the new stack segment selector is null. If the RPL of the new stack segment selector in the TSS is not equal to the DPL of the code segment being accessed. If DPL of the stack segment descriptor for the new stack segment is not equal to the DPL of the code segment descriptor. If the new stack segment is not a writable data segment. If segment-selector index for stack segment is outside descriptor table limits. #PF(fault-code) #AC(0) If a page fault occurs. If an unaligned memory access occurs when the CPL is 3 and alignment checking is enabled.

Real-Address Mode Exceptions #GP If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the target offset is beyond the code segment limit. Virtual-8086 Mode Exceptions #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the target offset is beyond the code segment limit. #PF(fault-code) #AC(0) If a page fault occurs. If an unaligned memory access occurs when alignment checking is enabled.

3-63

INSTRUCTION SET REFERENCE

CBW/CWDEConvert Byte to Word/Convert Word to Doubleword

Opcode 98 98 Instruction CBW CWDE Description AX sign-extend of AL EAX sign-extend of AX

Description These instructions double the size of the source operand by means of sign extension (refer to Figure 6-5 in Chapter 6, Instruction Set Summary of the Intel Architecture Software Developers Manual, Volume 1). The CBW (convert byte to word) instruction copies the sign (bit 7) in the source operand into every bit in the AH register. The CWDE (convert word to doubleword) instruction copies the sign (bit 15) of the word in the AX register into the higher 16 bits of the EAX register. The CBW and CWDE mnemonics reference the same opcode. The CBW instruction is intended for use when the operand-size attribute is 16 and the CWDE instruction for when the operandsize attribute is 32. Some assemblers may force the operand size to 16 when CBW is used and to 32 when CWDE is used. Others may treat these mnemonics as synonyms (CBW/CWDE) and use the current setting of the operand-size attribute to determine the size of values to be converted, regardless of the mnemonic used. The CWDE instruction is different from the CWD (convert word to double) instruction. The CWD instruction uses the DX:AX register pair as a destination operand; whereas, the CWDE instruction uses the EAX register as a destination. Operation
IF OperandSize = 16 (* instruction = CBW *) THEN AX SignExtend(AL); ELSE (* OperandSize = 32, instruction = CWDE *) EAX SignExtend(AX); FI;

Flags Affected None. Exceptions (All Operating Modes) None.

3-64

INSTRUCTION SET REFERENCE

CDQConvert Double to Quad

Refer to entry for CWD/CDQ Convert Word to Doubleword/Convert Doubleword to Quadword.

3-65

INSTRUCTION SET REFERENCE

CLCClear Carry Flag

Opcode F8 Instruction CLC Description Clear CF flag

Description This instruction clears the CF flag in the EFLAGS register. Operation
CF 0;

Flags Affected The CF flag is cleared to 0. The OF, ZF, SF, AF, and PF flags are unaffected. Exceptions (All Operating Modes) None.

3-66

INSTRUCTION SET REFERENCE

CLDClear Direction Flag

Opcode FC Instruction CLD Description Clear DF flag

CLTSClear Task-Switched Flag in CR0

Opcode 0F 06 Instruction CLTS Description Clears TS flag in CR0

Description This instruction clears the task-switched (TS) flag in the CR0 register. This instruction is intended for use in operating-system procedures. It is a privileged instruction that can only be executed at a CPL of 0. It is allowed to be executed in real-address mode to allow initialization for protected mode. The processor sets the TS flag every time a task switch occurs. The flag is used to synchronize the saving of FPU context in multitasking applications. Refer to the description of the TS flag in Section 2.5., Control Registers in Chapter 2, System Architecture Overview of the Intel Architecture Software Developers Manual, Volume 3, for more information about this flag. Operation
CR0(TS) 0;

Flags Affected The TS flag in CR0 register is cleared. Protected Mode Exceptions #GP(0) If the CPL is greater than 0.

Real-Address Mode Exceptions None. Virtual-8086 Mode Exceptions #GP(0) If the CPL is greater than 0.

3-70

INSTRUCTION SET REFERENCE

CMCComplement Carry Flag

Opcode F5 Instruction CMC Description Complement CF flag

Description This instruction complements the CF flag in the EFLAGS register. Operation
CF NOT CF;

Flags Affected The CF flag contains the complement of its original value. The OF, ZF, SF, AF, and PF flags are unaffected. Exceptions (All Operating Modes) None.

3-71

INSTRUCTION SET REFERENCE

CMOVccConditional Move
Opcode 0F 47 /r 0F 47 /r 0F 43 /r 0F 43 /r 0F 42 /r 0F 42 /r 0F 46 /r 0F 46 /r 0F 42 /r 0F 42 /r 0F 44 /r 0F 44 /r 0F 4F /r 0F 4F /r 0F 4D /r 0F 4D /r 0F 4C /r 0F 4C /r 0F 4E /r 0F 4E /r 0F 46 /r 0F 46 /r 0F 42 /r 0F 42 /r 0F 43 /r 0F 43 /r 0F 47 /r 0F 47 /r 0F 43 /r 0F 43 /r 0F 45 /r 0F 45 /r 0F 4E /r 0F 4E /r 0F 4C /r 0F 4C /r 0F 4D /r 0F 4D /r 0F 4F /r 0F 4F /r Instruction CMOVA r16, r/m16 CMOVA r32, r/m32 CMOVAE r16, r/m16 CMOVAE r32, r/m32 CMOVB r16, r/m16 CMOVB r32, r/m32 CMOVBE r16, r/m16 CMOVBE r32, r/m32 CMOVC r16, r/m16 CMOVC r32, r/m32 CMOVE r16, r/m16 CMOVE r32, r/m32 CMOVG r16, r/m16 CMOVG r32, r/m32 CMOVGE r16, r/m16 CMOVGE r32, r/m32 CMOVL r16, r/m16 CMOVL r32, r/m32 CMOVLE r16, r/m16 CMOVLE r32, r/m32 CMOVNA r16, r/m16 CMOVNA r32, r/m32 CMOVNAE r16, r/m16 CMOVNAE r32, r/m32 CMOVNB r16, r/m16 CMOVNB r32, r/m32 CMOVNBE r16, r/m16 CMOVNBE r32, r/m32 CMOVNC r16, r/m16 CMOVNC r32, r/m32 CMOVNE r16, r/m16 CMOVNE r32, r/m32 CMOVNG r16, r/m16 CMOVNG r32, r/m32 CMOVNGE r16, r/m16 CMOVNGE r32, r/m32 CMOVNL r16, r/m16 CMOVNL r32, r/m32 CMOVNLE r16, r/m16 CMOVNLE r32, r/m32 Description Move if above (CF=0 and ZF=0) Move if above (CF=0 and ZF=0) Move if above or equal (CF=0) Move if above or equal (CF=0) Move if below (CF=1) Move if below (CF=1) Move if below or equal (CF=1 or ZF=1) Move if below or equal (CF=1 or ZF=1) Move if carry (CF=1) Move if carry (CF=1) Move if equal (ZF=1) Move if equal (ZF=1) Move if greater (ZF=0 and SF=OF) Move if greater (ZF=0 and SF=OF) Move if greater or equal (SF=OF) Move if greater or equal (SF=OF) Move if less (SF<>OF) Move if less (SF<>OF) Move if less or equal (ZF=1 or SF<>OF) Move if less or equal (ZF=1 or SF<>OF) Move if not above (CF=1 or ZF=1) Move if not above (CF=1 or ZF=1) Move if not above or equal (CF=1) Move if not above or equal (CF=1) Move if not below (CF=0) Move if not below (CF=0) Move if not below or equal (CF=0 and ZF=0) Move if not below or equal (CF=0 and ZF=0) Move if not carry (CF=0) Move if not carry (CF=0) Move if not equal (ZF=0) Move if not equal (ZF=0) Move if not greater (ZF=1 or SF<>OF) Move if not greater (ZF=1 or SF<>OF) Move if not greater or equal (SF<>OF) Move if not greater or equal (SF<>OF) Move if not less (SF=OF) Move if not less (SF=OF) Move if not less or equal (ZF=0 and SF=OF) Move if not less or equal (ZF=0 and SF=OF)

3-72

INSTRUCTION SET REFERENCE

CMOVccConditional Move (Continued)

Opcode 0F 41 /r 0F 41 /r 0F 4B /r 0F 4B /r 0F 49 /r 0F 49 /r 0F 45 /r 0F 45 /r 0F 40 /r 0F 40 /r 0F 4A /r 0F 4A /r 0F 4A /r 0F 4A /r 0F 4B /r 0F 4B /r 0F 48 /r 0F 48 /r 0F 44 /r 0F 44 /r Instruction CMOVNO r16, r/m16 CMOVNO r32, r/m32 CMOVNP r16, r/m16 CMOVNP r32, r/m32 CMOVNS r16, r/m16 CMOVNS r32, r/m32 CMOVNZ r16, r/m16 CMOVNZ r32, r/m32 CMOVO r16, r/m16 CMOVO r32, r/m32 CMOVP r16, r/m16 CMOVP r32, r/m32 CMOVPE r16, r/m16 CMOVPE r32, r/m32 CMOVPO r16, r/m16 CMOVPO r32, r/m32 CMOVS r16, r/m16 CMOVS r32, r/m32 CMOVZ r16, r/m16 CMOVZ r32, r/m32 Description Move if not overflow (OF=0) Move if not overflow (OF=0) Move if not parity (PF=0) Move if not parity (PF=0) Move if not sign (SF=0) Move if not sign (SF=0) Move if not zero (ZF=0) Move if not zero (ZF=0) Move if overflow (OF=0) Move if overflow (OF=0) Move if parity (PF=1) Move if parity (PF=1) Move if parity even (PF=1) Move if parity even (PF=1) Move if parity odd (PF=0) Move if parity odd (PF=0) Move if sign (SF=1) Move if sign (SF=1) Move if zero (ZF=1) Move if zero (ZF=1)

Description The CMOVcc instructions check the state of one or more of the status flags in the EFLAGS register (CF, OF, PF, SF, and ZF) and perform a move operation if the flags are in a specified state (or condition). A condition code (cc) is associated with each instruction to indicate the condition being tested for. If the condition is not satisfied, a move is not performed and execution continues with the instruction following the CMOVcc instruction. These instructions can move a 16- or 32-bit value from memory to a general-purpose register or from one general-purpose register to another. Conditional moves of 8-bit register operands are not supported. The conditions for each CMOVcc mnemonic is given in the description column of the above table. The terms less and greater are used for comparisons of signed integers and the terms above and below are used for unsigned integers. Because a particular state of the status flags can sometimes be interpreted in two ways, two mnemonics are defined for some opcodes. For example, the CMOVA (conditional move if above) instruction and the CMOVNBE (conditional move if not below or equal) instruction are alternate mnemonics for the opcode 0F 47H.

3-73

INSTRUCTION SET REFERENCE

CMOVccConditional Move (Continued)

The CMOVcc instructions are new for the Pentium Pro processor family; however, they may not be supported by all the processors in the family. Software can determine if the CMOVcc instructions are supported by checking the processors feature information with the CPUID instruction (refer to COMISSScalar Ordered Single-FP Compare and Set EFLAGS in this chapter). Operation
temp DEST IF condition TRUE THEN DEST SRC ELSE DEST temp FI;

Flags Affected None. Protected Mode Exceptions #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-74

INSTRUCTION SET REFERENCE

CMOVccConditional Move (Continued)

3-75

INSTRUCTION SET REFERENCE

CMPCompare Two Operands

Opcode 3C ib 3D iw 3D id 80 /7 ib 81 /7 iw 81 /7 id 83 /7 ib 83 /7 ib 38 /r 39 /r 39 /r 3A /r 3B /r 3B /r Instruction CMP AL, imm8 CMP AX, imm16 CMP EAX, imm32 CMP r/m8, imm8 CMP r/m16, imm16 CMP r/m32,imm32 CMP r/m16,imm8 CMP r/m32,imm8 CMP r/m8,r8 CMP r/m16,r16 CMP r/m32,r32 CMP r8,r/m8 CMP r16,r/m16 CMP r32,r/m32 Description Compare imm8 with AL Compare imm16 with AX Compare imm32 with EAX Compare imm8 with r/m8 Compare imm16 with r/m16 Compare imm32 with r/m32 Compare imm8 with r/m16 Compare imm8 with r/m32 Compare r8 with r/m8 Compare r16 with r/m16 Compare r32 with r/m32 Compare r/m8 with r8 Compare r/m16 with r16 Compare r/m32 with r32

Description This instruction compares the first source operand with the second source operand and sets the status flags in the EFLAGS register according to the results. The comparison is performed by subtracting the second operand from the first operand and then setting the status flags in the same manner as the SUB instruction. When an immediate value is used as an operand, it is signextended to the length of the first operand. The CMP instruction is typically used in conjunction with a conditional jump (Jcc), condition move (CMOVcc), or SETcc instruction. The condition codes used by the Jcc, CMOVcc, and SETcc instructions are based on the results of a CMP instruction. Appendix B, EFLAGS Condition Codes, in the Intel Architecture Software Developers Manual, Volume 1, shows the relationship of the status flags and the condition codes. Operation
temp SRC1 SignExtend(SRC2); ModifyStatusFlags; (* Modify status flags in the same manner as the SUB instruction*)

Flags Affected The CF, OF, SF, ZF, AF, and PF flags are set according to the result.

3-76

INSTRUCTION SET REFERENCE

CMPCompare Two Operands (Continued)

Protected Mode Exceptions #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-77

INSTRUCTION SET REFERENCE

CMPPSPacked Single-FP Compare

Opcode 0F,C2,/r,ib Instruction CMPPS xmm1, xmm2/m128, imm8 Description Compare packed SP FP numbers from XMM2/Mem to packed SP FP numbers in XMM1 register using imm8 as predicate.

Description For each individual pair of SP FP numbers, the CMPPS instruction returns an all "1" 32-bit mask or an all "0" 32-bit mask, using the comparison predicate specified by imm8.

CMPPS xmm1, xmm2/m128, imm8 Xmm1 10.0 2.0

(imm8=0)

==
Xmm2/ m128 Xmm1 10.0

==
9.0

11111111 True

00000000 False

11111111 True

00000000 False

Figure 3-7. Operation of the CMPPS (Imm8=0) Instruction

CMPPS xmm1, xmm2/m128,imm8 Xmm1 Xmm2/ m128 Xmm1 10.0 2.0 9.0

(Imm8=1) 1.0

<
3.0

<
11.0

<
9.0 00000000 False

<
4.0

00000000 False

11111111 True

Figure 3-8. Operation of the CMPPS (Imm8=1) Instruction

3-78

INSTRUCTION SET REFERENCE

CMPPSPacked Single-FP Compare (Continued)

CMPPS xmm1, xmm2/m128, imm8 Xmm1 10.0 2.0 (imm8=2)

<=
Xmm2/ m128 Xmm1 3.0

<=
9.0

00000000 False

11111111 True

Figure 3-9. Operation of the CMPPS (Imm8=2) Instruction

CMPPS xmm1, xmm2/m128,imm8 Xmm1 Xmm2/ m128 10.0 QNaN 9.0

(Imm8=3) 1.0

?
3.0 Xmm1

?
11.0

?
9.0 00000000 False

?
QNaN

00000000 False

11111111 True

Figure 3-10. Operation of the CMPPS (Imm8=3) Instruction

3-79

INSTRUCTION SET REFERENCE

CMPPSPacked Single-FP Compare (Continued)

CMPPS xmm1, xmm2/m128, imm8 Xmm1 10.0 2.0 (imm8=4)

!=
Xmm2/ m128 Xmm1 3.0

!=
9.0

11111111 True

00000000 False

11111111 True

Figure 3-11. Operation of the CMPPS (Imm8=4) Instruction

CMPPS xmm1, xmm2/m128,imm8 Xmm1 Xmm2/ m128 10.0 2.0 9.0

(Imm8=5) 1.0

!<
3.0

!<
11.0 9.0 4.0

Xmm1

11111111 True

00000000 False

11111111 True

00000000 False

Figure 3-12. Operation of the CMPPS (Imm8=5) Instruction

3-80

INSTRUCTION SET REFERENCE

CMPPSPacked Single-FP Compare (Continued)

CMPPS xmm1, xmm2/m128, imm8 Xmm1 10.0 2.0 (imm8=6)

!<=
Xmm2/ m128 Xmm1 3.0 9.0

!<=

11111111 True

00000000 False

Figure 3-13. Operation of the CMPPS (Imm8=6) Instruction

CMPPS xmm1, xmm2/m128,imm8 Xmm1 Xmm2/ m128 10.0 QNaN 9.0

(Imm8=7) 1.0

!?
3.0

!?
11.0 9.0 QNaN

Xmm1

11111111 True

00000000 False

11111111 True

00000000 False

Figure 3-14. Operation of the CMPPS (Imm8=7) Instruction

3-81

INSTRUCTION SET REFERENCE

CMPPSPacked Single-FP Compare (Continued)

Note that a subsequent computational instruction which uses this mask as an input operand will not generate a fault, since a mask of all "0s" corresponds to an FP value of +0.0 and a mask of all "1s" corresponds to an FP value of -qNaN. Some of the comparisons can be achieved only through software emulation. For these comparisons the programmer must swap the operands, copying registers when necessary to protect the data that will now be in the destination, and then perform the compare using a different predicate. The predicate to be used for these emulations is listed in the table under the heading "Emulation". The following table shows the different comparison types:
:

Predicate

Description

Relation

Emulation

imm8 Encoding

Result if NaN Operand False False False False False

Q/SNaN Operand Signals Invalid No Yes Yes Yes Yes No No Yes Yes Yes Yes No

eq lt le

equal less-than less-than-or-equal greater than greater-than-orequal

xmm1 == xmm2 xmm1 < xmm2 xmm1 <= xmm2 xmm1 > xmm2 xmm1 >= xmm2 xmm1 ? xmm2 !(xmm1 == xmm2) !(xmm1 < xmm2) !(xmm1 <= xmm2) !(xmm1 > xmm2) !(xmm1 >= xmm2) !(xmm1 ? xmm2) swap, protect, nlt swap, protect, nle swap, protect, lt swap protect, le

000B 001B 010B

unord neq nlt nle

unordered not-equal not-less-than not-less-than-orequal not-greater-than not-greater-than-orequal

011B 100B 101B 110B

True True True True True True

ord

ordered

111B

False

NOTE: The greater-than, greater-than-or-equal, not-greater-than, and not-greater-than-or-equal relations are not directly implemented in hardware.

3-82

INSTRUCTION SET REFERENCE

CMPPSPacked Single-FP Compare (Continued)

Operation
IF (imm8 = 0) THEN OP = "EQ"; ELSE IF (imm8 = 1) THEN OP = "LT"; ELSE IF (imm8 = 2) THEN OP = "LE"; ELSE IF (imm8 = 3) THEN OP = "UNORD"; ELSE IF (imm8 = 4) THEN OP = "NE"; ELSE IF (imm8 = 5) THEN OP = "NLT"; ELSE IF (imm8 = 6) THEN OP = "NLE"; ELSE IF (imm8 = 7) THEN OP = "ORD"; FI FI FI FI FI FI FI FI CMP0 = DEST[31-0] OP SRC/m128[31-0]; CMP1 = DEST[63-32] OP SRC/m128[63-32]; CMP2 = DEST [95-64] OP SRC/m128[95-64]; CMP3 = DEST[127-96] OP SRC/m128[127-96]; IF (CMP0 = TRUE) THEN DEST[31-0] = 0XFFFFFFFF; DEST[63-32] = 0XFFFFFFFF; DEST[95-64] = 0XFFFFFFFF; DEST[127-96] = 0XFFFFFFFF;

3-83

INSTRUCTION SET REFERENCE

CMPPSPacked Single-FP Compare (Continued)

ELSE DEST[31-0] = 0X00000000; DEST[63-32] = 0X00000000; DEST[95-64] = 0X00000000; DEST[127-96] = 0X00000000; FI

Intel C/C++ Compiler Intrinsic Equivalents

__m128 _mm_cmpeq_ps(__m128 a, __m128 b)

Compare for equality.

__m128 _mm_cmplt_ps(__m128 a, __m128 b)

Compare for less-than.

__m128 _mm_cmple_ps(__m128 a, __m128 b)

Compare for less-than-or-equal.

__m128 _mm_cmpgt_ps(__m128 a, __m128 b)

Compare for greater-than.

__m128 _mm_cmpge_ps(__m128 a, __m128 b)

Compare for greater-than-or-equal.

__m128 _mm_cmpneq_ps(__m128 a, __m128 b)

Compare for inequality.

__m128 _mm_cmpnlt_ps(__m128 a, __m128 b)

Compare for not-less-than.

__m128 _mm_cmpngt_ps(__m128 a, __m128 b)

Compare for not-greater-than.

__m128 _mm_cmpnge_ps(__m128 a, __m128 b)

Compare for not-greater-than-or-equal.

__m128 _mm_cmpord_ps(__m128 a, __m128 b)

Compare for ordered.

__m128 _mm_cmpunord_ps(__m128 a, __m128 b)

Compare for unordered.

__m128 _mm_cmpnle_ps(__m128 a, __m128 b)

Compare for not-less-than-or-equal.

3-84

CMPSSScalar Single-FP Compare

Opcode F3,0F,C2,/r,ib Instruction CMPSS xmm1, xmm2/m32, imm8 Description Compare lowest SP FP number from XMM2/Mem to lowest SP FP number in XMM1 register using imm8 as predicate.

Description For the lowest pair of SP FP numbers, the CMPSS instruction returns an all "1" 32-bit mask or an all "0" 32-bit mask, using the comparison predicate specified by imm8. The values for the upper three pairs of SP FP numbers are not compared. Note that a subsequent computational instruction, which uses this mask as an input operand, will not generate a fault, since a mask of all "0"s corresponds to an FP value of +0.0, and a mask of all "1s" corresponds to an FP value of -qNaN. Some comparisons can be achieved only through software emulation. For those comparisons, the programmer must swap the operands, copying registers when necessary to protect the data that will now be in the destination, and then perform the compare using a different predicate. The predicate to be used for these emulations is listed under the heading "Emulation."

3-90

INSTRUCTION SET REFERENCE

CMPSSScalar Single-FP Compare (Continued)

The following table shows the different comparison types:

Predicate

Description

Relation

Emulation

imm8 Encoding

Result if NaN Operand False False False False False

qNaN Operand Signals Invalid No Yes Yes Yes Yes No No Yes Yes Yes Yes No

eq lt le

equal less-than less-than-or-equal greater than greater-than-or-equal

000B 001B 010B

unord neq nlt nle

unordered not-equal not-less-than not-less-than-or-equal not-greater-than not-greater-than-or-equal

011B 100B 101B 110B

True True True True True True

ord NOTE:

CMPSSScalar Single-FP Compare (Continued)

Intel C/C++ Compiler Intrinsic Equivalents
__m128 _mm_cmpeq_ss(__m128 a, __m128 b)

Compare for equality.

__m128 _mm_cmplt_ss(__m128 a, __m128 b)

Compare for less-than.

__m128 _mm_cmple_ss(__m128 a, __m128 b)

Compare for less-than-or-equal.

__m128 _mm_cmpgt_ss(__m128 a, __m128 b)

Compare for greater-than.

__m128 _mm_cmpge_ss(__m128 a, __m128 b)

Compare for greater-than-or-equal.

__m128 _mm_cmpneq_ss(__m128 a, __m128 b)

Compare for inequality.

__m128 _mm_cmpnlt_ss(__m128 a, __m128 b)

Compare for not-less-than.

__m128 _mm_cmpnle_ss(__m128 a, __m128 b)

Compare for not-less-than-or-equal.

__m128 _mm_cmpngt_ss(__m128 a, __m128 b)

Compare for not-greater-than.

__m128 _mm_cmpnge_ss(__m128 a, __m128 b)

Compare for not-greater-than-or-equal.

__m128 _mm_cmpord_ss(__m128 a, __m128 b)

Compare for ordered.

__m128 _mm_cmpunord_ss(__m128 a, __m128 b)

Compare for unordered.

3-97

INSTRUCTION SET REFERENCE

CMPSSScalar Single-FP Compare (Continued)

Exceptions None. Numeric Exceptions Invalid if sNaN operand, invalid if qNaN and predicate as listed in above table, denormal. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #AC #XM #UD #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For unaligned memory reference. To enable #AC exceptions, three conditions must be true (CR0.AM is set; EFLAGS.AC is set; current CPL is 3). For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =1). For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =0). If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

3-98

INSTRUCTION SET REFERENCE

CMPSSScalar Single-FP Compare (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) Comments Compilers and assemblers should implement the following 2-operand pseudo-ops in addition to the 3-operand CMPSS instruction. For unaligned memory reference if the current privilege level is 3. For a page fault.

Pseudo-Op CMPEQSS xmm1, xmm2 CMPLTSS xmm1, xmm2 CMPLESS xmm1, xmm2 CMPUNORDSS xmm1, xmm2 CMPNEQSS xmm1, xmm2 CMPNLTSS xmm1, xmm2 CMPNLESS xmm1, xmm2 CMPORDSS xmm1, xmm2

Implementation CMPSS xmm1,xmm2, 0 CMPSS xmm1,xmm2, 1 CMPSS xmm1,xmm2, 2 CMPSS xmm1,xmm2, 3 CMPSS xmm1,xmm2, 4 CMPSS xmm1,xmm2, 5 CMPSS xmm1,xmm2, 6 CMPSS xmm1,xmm2, 7

3-99

INSTRUCTION SET REFERENCE

CMPXCHGCompare and Exchange

Opcode 0F B0/r 0F B1/r 0F B1/r Instruction CMPXCHG r/m8,r8 CMPXCHG r/m16,r16 CMPXCHG r/m32,r32 Description Compare AL with r/m8. If equal, ZF is set and r8 is loaded into r/m8. Else, clear ZF and load r/m8 into AL. Compare AX with r/m16. If equal, ZF is set and r16 is loaded into r/m16. Else, clear ZF and load r/m16 into AL Compare EAX with r/m32. If equal, ZF is set and r32 is loaded into r/m32. Else, clear ZF and load r/m32 into AL

CMPXCHG8BCompare and Exchange 8 Bytes (Continued)

Protected Mode Exceptions #UD #GP(0) If the destination operand is not a memory location. If the destination is located in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #UD #GP #SS If the destination operand is not a memory location. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

Virtual-8086 Mode Exceptions #UD #GP(0) #SS(0) #PF(fault-code) #AC(0) If the destination operand is not a memory location. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made.

3-103

INSTRUCTION SET REFERENCE

COMISSScalar Ordered Single-FP Compare and Set EFLAGS

Opcode 0F,2F,/r Instruction COMISS xmm1, xmm2/m32 Description Compare lower SP FP number in XMM1 register with lower SP FP number in XMM2/Mem and set the status flags accordingly

Description The COMISS instruction compares two SP FP numbers and sets the ZF,PF,CF bits in the EFLAGS register as described above. Although the data type is packed single-FP, only the lower SP numbers are compared. In addition, the OF, SF, and AF bits in the EFLAGS register are zeroed out. The unordered predicate is returned if either input is a NaN (qNaN or sNaN).
COMISS xmm1, xmm2/m32 Xmm1

Xmm2/ m32 Xmm1

Figure 3-23. Operation of the COMISS Instruction, Condition One EFLAGS: OF,SF,AF=000 EFLAGS: ZF,PF,CF=111 MXCSR flags: Invalid flag is set

3-104

INSTRUCTION SET REFERENCE

COMISSScalar Ordered Single-FP Compare And Set EFLAGS (Continued)

COMISS xmm1, xmm2/m32 Xmm1 Xmm2/ m32 9.0

6.0

=
Xmm1

=
9.0

Figure 3-24. Operation of the COMISS Instruction, Condition Two EFLAGS: OF,SF,AF=000 EFLAGS: ZF,PF,CF=000 MXCSR flags: Invalid flag is set

COMISS xmm1, xmm2/m32 Xmm1

Xmm2/ m32 Xmm1

Figure 3-25. Operation of the COMISS Instruction, Condition Three EFLAGS: OF,SF,AF=000 EFLAGS: ZF,PF,CF=001 MXCSR flags: Invalid flag is set

3-105

INSTRUCTION SET REFERENCE

COMISSScalar Ordered Single-FP Compare And Set EFLAGS (Continued)

COMISS xmm1, xmm2/m32 Xmm1 Xmm2/ m32 6.0

6.0

=
Xmm1

=
6.0

Figure 3-26. Operation of the COMISS Instruction, Condition Four EFLAGS: OF,SF,AF=000 EFLAGS: ZF,PF,CF=100 MXCSR flags: Invalid flag is set

3-106

INSTRUCTION SET REFERENCE

COMISSScalar Ordered Single-FP Compare And Set EFLAGS (Continued)

Operation
OF = 0; SF = 0; AF = 0; IF ((DEST[31-0] UNORD SRC/m32[31-0]) = TRUE) THEN ZF = 1; PF = 1; CF = 1; ELSE IF ((DEST[31-0] GTRTHAN SRC/m32[31-0]) = TRUE)THEN ZF = 0; PF = 0; CF = 0; ELSE IF ((DEST[31-0] LESSTHAN SRC/m32[31-0]) = TRUE THEN ZF = 0; PF = 0; CF = 1; ELSE ZF = 1; PF = 0; CF = 0; FI FI FI

3-107

INSTRUCTION SET REFERENCE

COMISSScalar Ordered Single-FP Compare And Set EFLAGS (Continued)

Intel C/C++ Compiler Intrinsic Equivalents
int_mm_comieq_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a equal to b. If a and b are equal, 1 is returned. Otherwise 0 is returned.
int_mm_comilt_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a less than b. If a is less than b, 1 is returned. Otherwise 0 is returned.
int_mm_comile_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a less than or equal to b. If a is less than or equal to b, 1 is returned. Otherwise 0 is returned.
int_mm_comigt_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a greater than b. If a is greater than b are equal, 1 is returned. Otherwise 0 is returned.
int_mm_comige_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a greater than or equal to b. If a is greater than or equal to b, 1 is returned. Otherwise 0 is returned.
int_mm_comineq_ss(__m128 a, __m128 b)

CPUIDCPU Identification (Continued)

When the input value is 1, the processor returns version information in the EAX register and feature information in the EDX register (refer to Figure 3-27).

14 13 12 11

8 7

4 3

EAX

Family

Model

Stepping ID

Processor Type Family (0110B for the Pentium Pro Processor Family) Model (Beginning with 0001B)

Streaming SIMD Extensions

Figure 3-27. Version and Feature Information in Registers EAX and EDX

The version information consists of an Intel Architecture family identifier, a model identifier, a stepping ID, and a processor type. The model, family, and processor type for the first processor in the Intel Pentium Pro family is as follows:

Model0001B Family0110B Processor Type00B

3-112

INSTRUCTION SET REFERENCE

CPUIDCPU Identification (Continued)

Refer to AP-485, Intel Processor Identification and the CPUID Instruction (Order Number 241618), the Intel Pentium Pro Processor Specification Update (Order Number 242689), and the Intel Pentium Processor Specification Update (Order Number 242480) for more information on identifying earlier Intel Architecture processors. The available processor types are given in Table 3-7. Intel releases information on stepping IDs as needed.
Table 3-7. Processor Type Field
Type Original OEM Processor Intel OverDrive Processor Dual processor * Intel reserved. * Not applicable to Intel386 and Intel486 processors.

Encoding 00B 01B 10B 11B

3-113

INSTRUCTION SET REFERENCE

CPUIDCPU Identification (Continued)

Table 3-8 shows the encoding of the feature flags in the EDX register. A feature flag set to 1 indicates the corresponding feature is supported. Software should identify Intel as the vendor to properly interpret the feature flags.
Table 3-8. Feature Flags Returned in EDX Register
Bit 0 1 Feature FPUFloatingPoint Unit on Chip VMEVirtual8086 Mode Enhancements Description Processor contains an FPU and executes the Intel 387 instruction set. Processor supports the following virtual-8086 mode enhancements: CR4.VME bit enables virtual-8086 mode extensions. CR4.PVI bit enables protected-mode virtual interrupts. Expansion of the TSS with the software indirection bitmap. EFLAGS.VIF bit (virtual interrupt flag). EFLAGS.VIP bit (virtual interrupt pending flag). Processor supports I/O breakpoints, including the CR4.DE bit for enabling debug extensions and optional trapping of access to the DR4 and DR5 registers. Processor supports 4-Mbyte pages, including the CR4.PSE bit for enabling page size extensions, the modified bit in page directory entries (PDEs), page directory entries, and page table entries (PTEs). Processor supports the RDTSC (read time stamp counter) instruction, including the CR4.TSD bit that, along with the CPL, controls whether the time stamp counter can be read. Processor supports the RDMSR (read model-specific register) and WRMSR (write model-specific register) instructions. Processor supports physical addresses greater than 32 bits, the extended page-table-entry format, an extra level in the page translation tables, and 2MByte pages. The CR4.PAE bit enables this feature. The number of address bits is implementation specific. The Pentium Pro processor supports 36 bits of addressing when the PAE bit is set. Processor supports the CR4.MCE bit, enabling machine check exceptions. However, this feature does not define the model-specific implementations of machine-check error logging, reporting, or processor shutdowns. Machinecheck exception handlers might have to check the processor version to do model-specific processing of the exception or check for presence of the machine-check feature. Processor supports the CMPXCHG8B (compare and exchange 8 bytes) instruction. Processor contains an on-chip Advanced Programmable Interrupt Controller (APIC) and it has been enabled and is available for use.

DEDebugging Extensions PSEPage Size Extensions TSCTime Stamp Counter MSRModel Specific Registers PAEPhysical Address Extension

5 6

MCEMachine Check Exception

8 9 10

CX8CMPXCHG 8B Instruction APIC Reserved

3-114

INSTRUCTION SET REFERENCE

CPUIDCPU Identification (Continued)

Bit 11 12 Feature SEPFast System Call MTRRMemory Type Range Registers Description Indicates whether the processor supports the Fast System Call instructions, SYSENTER and SYSEXIT. Processor supports machine-specific memory-type range registers (MTRRs). The MTRRs contains bit fields that indicate the processors MTRR capabilities, including which memory types the processor supports, the number of variable MTRRs the processor supports, and whether the processor supports fixed MTRRs. Processor supports the CR4.PGE flag enabling the global bit in both PTDEs and PTEs. These bits are used to indicate translation lookaside buffer (TLB) entries that are common to different tasks and need not be flushed when control register CR3 is written. Processor supports the MCG_CAP (machine check global capability) MSR. The MCG_CAP register indicates how many banks of error reporting MSRs the processor supports. Processor supports the CMOVcc instruction and, if the FPU feature flag (bit 0) is also set, supports the FCMOVcc and FCOMI instructions. Processor supports CMOVcc, and if the FPU feature flag (bit 0) is also set, supports the FMOVCC and FCOMI instructions. Processor supports 4MB pages with 36 bit physical addresses. Processor supports the 96-bit Processor Number feature, and the feature is enabled

PGEPTE Global Flag

MCAMachine Check Architecture CMOVConditional Move and Compare Instructions FGPATPage Attribute Table PSE-3636-bit Page Size Extension PNProcessor Number Reserved MMX Technology

16 17 18 19-22 23

Processor supports the MMX instruction set. These instructions operate in parallel on multiple data elements (8 bytes, 4 words, or 2 doublewords) packed into quadword registers or memory locations. Indicates whether the processor supports the FXSAVE and FXRSTOR instructions for fast save and restore of the floating point context. Presence of this bit also indicates that CR4.OSFXSR is available for an operating system to indicate that it uses the fast save/restore instructions. Processor supports the Streaming SIMD Extensions instruction set.

FXSRFast FP/MMX Technology/Streaming SIMD Extensions save/restore XMMStreaming SIMD Extensions Reserved

25 26-31

3-115

INSTRUCTION SET REFERENCE

CPUIDCPU Identification (Continued)

When the input value is 2, the processor returns information about the processors internal caches and TLBs in the EAX, EBX, ECX, and EDX registers. The encoding of these registers is as follows:

The least-significant byte in register EAX (register AL) indicates the number of times the CPUID instruction must be executed with an input value of 2 to get a complete description of the processors caches and TLBs. The Pentium Pro family of processors will return a 1. The most significant bit (bit 31) of each register indicates whether the register contains valid information (cleared to 0) or is reserved (set to 1). If a register contains valid information, the information is contained in one-byte descriptors. Table 3-9 shows the encoding of these descriptors.
Table 3-9. Encoding of Cache and TLB Descriptors
Descriptor Value 00H 01H 02H 03H 04H 06H 08H 0AH 0CH 40H 41H 42H 43H 44H 45H Null descriptor Instruction TLB: 4K-Byte Pages, 4-way set associative, 32 entries Instruction TLB: 4M-Byte Pages, fully associative, two entries Data TLB: 4K-Byte Pages, 4-way set associative, 64 entries Data TLB: 4M-Byte Pages, 4-way set associative, eight entries Instruction cache: 8K Bytes, 4-way set associative, 32 byte line size Instruction cache: 16K Bytes, 4-way set associative, 32 byte line size Data cache: 8K Bytes, 2-way set associative, 32 byte line size Data cache: 16K Bytes, 2-way or 4-way set associative, 32 byte line size No L2 Cache L2 Unified cache: 128K Bytes, 4-way set associative, 32 byte line size L2 Unified cache: 256K Bytes, 4-way set associative, 32 byte line size L2 Unified cache: 512K Bytes, 4-way set associative, 32 byte line size L2 Unified cache: 1M Byte, 4-way set associative, 32 byte line size L2 Unified cache: 2M Byte, 4-way set associative, 32 byte line size Cache or TLB Description

3-116

INSTRUCTION SET REFERENCE

CPUIDCPU Identification (Continued)

The first member of the Pentium Pro processor family will return the following information about caches and TLBs when the CPUID instruction is executed with an input value of 2: EAX EBX ECX EDX 03 02 01 01H 0H 0H 06 04 0A 42H

These values are interpreted as follows:

The least-significant byte (byte 0) of register EAX is set to 01H, indicating that the CPUID instruction needs to be executed only once with an input value of 2 to retrieve complete information about the processors caches and TLBs. The most-significant bit of all four registers (EAX, EBX, ECX, and EDX) is set to 0, indicating that each register contains valid 1-byte descriptors. Bytes 1, 2, and 3 of register EAX indicate that the processor contains the following: 01HA 32-entry instruction TLB (4-way set associative) for mapping 4-KByte pages. 02HA 2-entry instruction TLB (fully associative) for mapping 4-MByte pages. 03HA 64-entry data TLB (4-way set associative) for mapping 4-KByte pages.

The descriptors in registers EBX and ECX are valid, but contain null descriptors. Bytes 0, 1, 2, and 3 of register EDX indicate that the processor contains the following: 42HA 256-KByte unified cache (the L2 cache), 4-way set associative, with a 32-byte cache line size. 0AHAn 8-KByte data cache (the L1 data cache), 2-way set associative, with a 32-byte cache line size. 04HAn 8-entry data TLB (4-way set associative) for mapping 4M-byte pages. 06HAn 8-KByte instruction cache (the L1 instruction cache), 4-way set associative, with a 32-byte cache line size.

Intel Architecture Compatibility The CPUID instruction is not supported in early models of the Intel486 processor or in any Intel Architecture processor earlier than the Intel486 processor. The ID flag in the EFLAGS register can be used to determine if this instruction is supported. If a procedure is able to set or clear this flag, the CPUID is supported by the processor running the procedure.

3-117

INSTRUCTION SET REFERENCE

CPUIDCPU Identification (Continued)

Operation
CASE (EAX) OF EAX = 0: EAX highest input value understood by CPUID; (* 2 for Pentium Pro processor *) EBX Vendor identification string; EDX Vendor identification string; ECX Vendor identification string; BREAK; EAX = 1: EAX[3:0] Stepping ID; EAX[7:4] Model; EAX[11:8] Family; EAX[13:12] Processor type; EAX[31:12] Reserved; EBX Reserved;ECX Reserved; EDX Feature flags; (* Refer to Figure 3-27 *) BREAK; EAX = 2: EAX Cache and TLB information; EBX Cache and TLB information; ECX Cache and TLB information; EDX Cache and TLB information; BREAK; DEFAULT: (* EAX > highest value recognized by CPUID *) EAX reserved, undefined; EBX reserved, undefined; ECX reserved, undefined; EDX reserved, undefined; BREAK; ESAC;

Flags Affected None. Exceptions (All Operating Modes) None.

3-118

INSTRUCTION SET REFERENCE

CVTPI2PSPacked Signed INT32 to Packed Single-FP Conversion

Opcode 0F,2A,/r Instruction CVTPI2PS xmm, mm/m64 Description Convert two 32-bit signed integers from MM/Mem to two SP FP.

Description The CVTPI2PS instruction converts signed 32-bit integers to SP FP numbers. When the conversion is inexact, rounding is done according to MXCSR. A #MF fault is signaled if there is a pending x87 fault.
CVTPI2PS xmm1, xmm1/m64 Xmm1 Mm1/ m64 Float Xmm1 Float 1.0

Figure 3-28. Operation of the CVTPI2PS Instruction

Operation
DEST[31-0] DEST[63-32] DEST[95-64] DEST[127-96] = (float) (SRC/m64[31-0]); = (float) (SRC/m64[63-32]); = DEST[95-64]; = DEST[127-96];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_cvt_pi2ps(__m128 a, __m64 b) __m128 _mm_cvtpi32_ps(__m128 a, __m64 b)

CVTPI2PSPacked Signed INT32 to Packed Single-FP Conversion (Continued)

Comments This instruction behaves identically to original MMX instructions, in the presence of x87-FP instructions:

Transition from x87-FP to MMX technology (TOS=0, FP valid bits set to all valid). MMX instructions write ones (1s) to the exponent part of the corresponding x87-FP register.

However, the use of a memory source operand with this instruction will not result in the above transition from x87-FP to MMX technology. Prioritizing for fault and assist behavior for CVTPI2PS is as follows: Memory source 1. Invalid opcode (CR0.EM=1) 2. DNA (CR0.TS=1) 3. #SS or #GP, for limit violation 4. #PF, page fault 5. Streaming SIMD Extensions numeric fault (i.e., precision) Register source 1. Invalid opcode (CR0.EM=1) 2. DNA (CR0.TS=1) 3. #MF, pending x87-FP fault signaled 4. After returning from #MF, x87-FP->MMX technology transition 5. Streaming SIMD Extensions numeric fault (i.e., precision)

3-122

INSTRUCTION SET REFERENCE

CVTPS2PIPacked Single-FP to Packed INT32 Conversion

Opcode 0F,2D,/r Instruction CVTPS2PI mm, xmm/m64 Description Convert lower two SP FP from XMM/Mem to two 32-bit signed integers in MM using rounding specified by MXCSR.

Description The CVTPS2PI instruction converts the lower two SP FP numbers in xmm/m64 to signed 32-bit integers in mm. When the conversion is inexact, the value rounded according to the MXCSR is returned. If the converted result(s) is/are larger than the maximum signed 32 bit value, the Integer Indefinite value (0x80000000) will be returned.
CVTPS2PI xmm1, xmm1/m64 Xmm1 Xmm2/ m64 Int Mm1

1.0 Int

Figure 3-29. Operation of the CVTPS2PI Instruction

Operation
DEST[31-0] = (int) (SRC/m64[31-0]); DEST[63-32]= (int) (SRC/m64[63-32]);

Intel C/C++ Compiler Intrinsic Equivalent

__m64 _mm_cvt_ps2pi(__m128 a) __m64 _mm_cvtps_pi32(__m128 a)

CVTPS2PIPacked Single-FP to Packed INT32 Conversion (Continued)

Comments This instruction behaves identically to original MMX instructions, in the presence of x87-FP instructions:

Transition from x87-FP to MMX technology (TOS=0, FP valid bits set to all valid). MMX instructions write ones (1s) to the exponent part of the corresponding x87-FP register.

Prioritizing for fault and assist behavior for CVTPS2PI is as follows: Memory source 1. Invalid opcode (CR0.EM=1) 2. DNA (CR0.TS=1) 3. #MF, pending x87-FP fault signaled 4. After returning from #MF, x87-FP->MMX technology transition 5. #SS or #GP, for limit violation 6. #PF, page fault 7. Streaming SIMD Extensions numeric fault (i.e., invalid, precision) Register source 1. Invalid opcode (CR0.EM=1) 2. DNA (CR0.TS=1) 3. #MF, pending x87-FP fault signaled 4. After returning from #MF, x87-FP->MMX technology transition 5. Streaming SIMD Extensions numeric fault (i.e., precision)

3-126

INSTRUCTION SET REFERENCE

CVTSI2SSScalar Signed INT32 to Single-FP Conversion

Opcode F3,0F,2A,/r Instruction CVTSI2SS xmm, r/m32 Description Convert one 32-bit signed integer from Integer Reg/Mem to one SP FP.

Description The CVTSI2SS instruction converts a signed 32-bit integer from memory or from a 32-bit integer register to an SP FP number. When the conversion is inexact, rounding is done according to the MXCSR.

CVTSI2SS xmm1, r/m32 Xmm1

R/m32 Float Xmm1

Figure 3-30. Operation of the CVTSI2SS Instruction

Operation
DEST[31-0] DEST[63-32] DEST[95-64] DEST[127-96] = (float) (R/m32); = DEST[63-32]; = DEST[95-64]; = DEST[127-96];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_cvt_si2ss(__m128 a, int b) __m128 _mm_cvtsi32_ss(__m128 a, int b)

Convert the 32-bit integer value b to an SP FP value; the upper three SP FP values are passed through from a.

3-127

INSTRUCTION SET REFERENCE

CVTSI2SSScalar Signed INT32 to Single-FP Conversion (Continued)

Exceptions None. Numeric Exceptions Precision. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #AC #XM #UD #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3). For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =1). For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =0). If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

3-128

INSTRUCTION SET REFERENCE

CVTSI2SSScalar Signed INT32 to Single-FP Conversion (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) For unaligned memory reference if the current privilege level is 3. For a page fault.

3-129

INSTRUCTION SET REFERENCE

CVTSS2SIScalar Single-FP to Signed INT32 Conversion

Opcode F3,0F,2D,/r Instruction CVTSS2SI r32, xmm/m32 Description Convert one SP FP from XMM/Mem to one 32 bit signed integer using rounding mode specified by MXCSR, and move the result to an integer register.

Description The CVTSS2SI instruction converts an SP FP number to a signed 32-bit integer and returns it in the 32-bit integer register. When the conversion is inexact, the rounded value according to the MXCSR is returned. If the converted result is larger than the maximum signed 32 bit integer, the Integer Indefinite value (0x80000000) will be returned.
CVTSS2SI r32, xmm1/m32

r32

Xmm1/ m32

r32

Figure 3-31. Operation of the CVTSS2SI Instruction

Operation
r32 = (int) (SRC/m32[31-0]);

Intel C/C++ Compiler Intrinsic Equivalent

int_mm_cvt_ss2si(__m128 a) int_mm_cvtss_si32(__m128 a)

CVTTSS2SIScalar Single-FP to Signed INT32 Conversion (Truncate) (Continued)

Intel C/C++ Compiler Intrinsic Equivalent Version 4.0 and later Intel C/C++ Compiler intrinsic:
int_mm_cvtt_ss2si(__m128 a) int_mm_cvttss_si32(__m128 a)

Convert the lower SP FP value of a to a 32-bit integer according to the current rounding mode. Pre-4.0 Intel C/C++ Compiler intrinsic:
_m64_m_from_int(int_i)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

_m64_mm_cvttsi32_si64(int_i)

Convert the integer object i to a 64-bit __m64 object. The integer value is zero extended to 64 bits. Pre-4.0 Intel C/C++ Compiler intrinsic:
int_m_to_int(__m64_m)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

int_mm_cvtsi64_si32(__m64_m)

Convert the lower 32 bits of the __m64 object m to an integer. Exceptions None. Numeric Exceptions Invalid, Precision.

3-138

INSTRUCTION SET REFERENCE

CVTTSS2SIScalar Single-FP to Signed INT32 Conversion (Truncate) (Continued)

INSTRUCTION SET REFERENCE

DIVUnsigned Divide
Opcode F6 /6 F7 /6 F7 /6 Instruction DIV r/m8 DIV r/m16 DIV r/m32 Description Unsigned divide AX by r/m8; AL Quotient, AH Remainder Unsigned divide DX:AX by r/m16; AX Quotient, DX Remainder Unsigned divide EDX:EAX by r/m32 doubleword; EAX Quotient, EDX Remainder

Description This instruction divides (unsigned) the value in the AX register, DX:AX register pair, or EDX:EAX register pair (dividend) by the source operand (divisor) and stores the result in the AX (AH:AL), DX:AX, or EDX:EAX registers. The source operand can be a general-purpose register or a memory location. The action of this instruction depends on the operand size, as shown in the following table:
Maximum Quotient 255 65,535 232 1

Operand Size Word/byte Doubleword/word Quadword/doubleword

Dividend AX DX:AX EDX:EAX

Divisor r/m8 r/m16 r/m32

Quotient AL AX EAX

DIVPSPacked Single-FP Divide

Opcode 0F,5E,/r Instruction DIVPS xmm1, xmm2/m128 Description Divide packed SP FP numbers in XMM1 by XMM2/Mem

Description The DIVPS instruction divides the packed SP FP numbers of both their operands.

Xmm1 Xmm2/ m128 Xmm1

100.0

1050.0

25.0

36.0

=
4.0

10.0

25.0

=
10.0

Figure 3-34. Operation of the DIVPS Instruction

Operation
DEST[31-0] DEST[63-32] DEST[95-64] DEST[127-96] = DEST[31-0] / (SRC/m128[31-0]); = DEST[63-32] / (SRC/m128[63-32]); = DEST[95-64] / (SRC/m128[95-64]); = DEST[127-96] / (SRC/m128[127-96]);

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_div_ps(__m128 a, __m128 b)

Divides the four SP FP values of a and b.

3-151

INSTRUCTION SET REFERENCE

DIVPSPacked Single-FP Divide (Continued)

Exceptions General protection exception if not aligned on 16-byte boundary, regardless of segment. Numeric Exceptions Overflow, Underflow, Invalid, Divide-by-Zero, Precision, Denormal. Protected Mode Exceptions #GP #GP #SS #PF #UD #NM #XM #UD #UD #UD If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. (0) for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. (0) for an illegal address in the SS segment. (fault-code) for a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =1) For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =0). If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

3-152

INSTRUCTION SET REFERENCE

DIVPSPacked Single-FP Divide (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code). If a page fault occurs.

3-153

INSTRUCTION SET REFERENCE

DIVSSScalar Single-FP Divide

Opcode F3,0F,5E,/r Instruction DIVSS xmm1, xmm2/m32 Description Divide lower SP FP numbers in XMM1 by XMM2/Mem

Description The DIVSS instructions divide the lowest SP FP numbers of both operands; the upper three fields are passed through from xmm1.
DIVSS xmm1, xmm2/m32 Xmm1

Xmm2/ m32 Xmm1

Figure 3-35. Operation of the DIVSS Instruction

Operation
DEST[31-0] DEST[63-32] DEST[95-64] DEST[127-96] = DEST[31-0] / (SRC/m32[31-0]); = DEST[63-32]; = DEST[95-64]; = DEST[127-96];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_div_ss(__m128 a, __m128 b)

Divides the lower SP FP values of a and b; the upper three SP FP values are passed through from a. Exceptions None. Overflow, Underflow, Invalid, Divide-by-Zero, Precision, Denormal.

3-154

INSTRUCTION SET REFERENCE

DIVSSScalar Single-FP Divide (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) For unaligned memory reference if the current privilege level is 3. For a page fault.

3-155

INSTRUCTION SET REFERENCE

EMMSEmpty MMX State

Opcode 0F 77 Instruction EMMS Description Set the FP tag word to empty.

Description This instruction sets the values of all the tags in the FPU tag word to empty (all ones). This operation marks the MMX technology registers as available, so they can subsequently be used by floating-point instructions. Refer to Figure 7-11 in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1, for the format of the FPU tag word. All other MMX instructions (other than the EMMS instruction) set all the tags in FPU tag word to valid (all zeroes). The EMMS instruction must be used to clear the MMX technology state at the end of all MMX technology routines and before calling other procedures or subroutines that may execute floating-point instructions. If a floating-point instruction loads one of the registers in the FPU register stack before the FPU tag word has been reset by the EMMS instruction, a floatingpoint stack overflow can occur that will result in a floating-point exception or incorrect result. Operation
FPUTagWord FFFF

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
void_m_empty()

CONTINUE: IF StackSize = 32 THEN EBP FrameTemp ESP EBP Size; ELSE (* StackSize = 16*) BP FrameTemp SP BP Size; FI; END;

Flags Affected None. Protected Mode Exceptions #SS(0) #PF(fault-code) If the new value of the SP or ESP register is outside the stack segment limit. If a page fault occurs.

Real-Address Mode Exceptions #SS(0) If the new value of the SP or ESP register is outside the stack segment limit.

Virtual-8086 Mode Exceptions #SS(0) #PF(fault-code) If the new value of the SP or ESP register is outside the stack segment limit. If a page fault occurs.

3-160

INSTRUCTION SET REFERENCE

F2XM1Compute 2x1
Opcode D9 F0 Instruction F2XM1 Description Replace ST(0) with (2ST(0) 1)

Description This instruction calculates the exponential value of 2 to the power of the source operand minus 1. The source operand is located in register ST(0) and the result is also stored in ST(0). The value of the source operand must lie in the range 1.0 to +1.0. If the source value is outside this range, the result is undefined. The following table shows the results obtained when computing the exponential value of various classes of numbers, assuming that neither overflow nor underflow occurs.
ST(0) SRC 1.0 to 0 0 +0 +0 to +1.0 ST(0) DEST 0.5 to 0 0 +0 +0 to 1.0

Values other than 2 can be exponentiated using the following formula:

xy = 2(y log2x)

Operation
ST(0) (2ST(0) 1);

FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction if the inexact result exception (#P) is generated: 0 = not roundup; 1 = roundup. C0, C2, C3 Undefined.

3-161

INSTRUCTION SET REFERENCE

F2XM1Compute 2x1 (Continued)

Floating-Point Exceptions #IS #IA #D #U #P Stack underflow occurred. Source operand is an sNaN value or unsupported format. Result is a denormal value. Result is too small for destination format. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-162

INSTRUCTION SET REFERENCE

FABSAbsolute Value
Opcode D9 E1 Instruction FABS Description Replace ST with its absolute value.

Description This instruction clears the sign bit of ST(0) to create the absolute value of the operand. The following table shows the results obtained when creating the absolute value of various classes of numbers.
ST(0) SRC F 0 +0 +F + NaN NOTE: F Means finite-real number. ST(0) DEST + +F +0 +0 +F + NaN

Operation
ST(0) |ST(0)|

FPU Flags Affected C1 C0, C2, C3 Set to 0 if stack underflow occurred; otherwise, cleared to 0. Undefined.

Floating-Point Exceptions #IS Stack underflow occurred.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

3-163

INSTRUCTION SET REFERENCE

FABSAbsolute Value (Continued)

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-164

INSTRUCTION SET REFERENCE

FADD/FADDP/FIADDAdd
Opcode D8 /0 DC /0 D8 C0+i DC C0+i DE C0+i DE C1 DA /0 DE /0 Instruction FADD m32 real FADD m64real FADD ST(0), ST(i) FADD ST(i), ST(0) FADDP ST(i), ST(0) FADDP FIADD m32int FIADD m16int Description Add m32real to ST(0) and store result in ST(0) Add m64real to ST(0) and store result in ST(0) Add ST(0) to ST(i) and store result in ST(0) Add ST(i) to ST(0) and store result in ST(i) Add ST(0) to ST(i), store result in ST(i), and pop the register stack Add ST(0) to ST(1), store result in ST(1), and pop the register stack Add m32int to ST(0) and store result in ST(0) Add m16int to ST(0) and store result in ST(0)

Description This instruction adds the destination and source operands and stores the sum in the destination location. The destination operand is always an FPU register; the source operand can be a register or a memory location. Source operands in memory can be in single-real, double-real, wordinteger, or short-integer formats. The no-operand version of the instruction adds the contents of the ST(0) register to the ST(1) register. The one-operand version adds the contents of a memory location (either a real or an integer value) to the contents of the ST(0) register. The two-operand version, adds the contents of the ST(0) register to the ST(i) register or vice versa. The value in ST(0) can be doubled by coding:
FADD ST(0), ST(0);

The FADDP instructions perform the additional operation of popping the FPU register stack after storing the result. To pop the register stack, the processor marks the ST(0) register as empty and increments the stack pointer (TOP) by 1. (The no-operand version of the floating-point add instructions always results in the register stack being popped. In some assemblers, the mnemonic for this instruction is FADD rather than FADDP.) The FIADD instructions convert an integer source operand to extended-real format before performing the addition. The table on the following page shows the results obtained when adding various classes of numbers, assuming that neither overflow nor underflow occurs. When the sum of two operands with opposite signs is 0, the result is +0, except for the round toward mode, in which case the result is 0. When the source operand is an integer 0, it is treated as a +0. When both operand are infinities of the same sign, the result is of the expected sign. If both operands are infinities of opposite signs, an invalid operation exception is generated.

3-165

INSTRUCTION SET REFERENCE

FADD/FADDP/FIADDAdd (Continued)
.

DEST - F or I SRC 0 +0 +F or +I + NaN NOTES: F Means finite-real number. I Means integer. * Indicates floating-point invalid-arithmetic-operand (#IA) exception. - - - - - * NaN F - F DEST DEST F or 0 + NaN 0 - SRC 0 0 SRC + NaN +0 - SRC 0 +0 SRC + NaN +F - F or 0 DEST DEST +F + NaN + * + + + + + NaN NaN NaN NaN NaN NaN NaN NaN NaN

Operation
IF instruction is FIADD THEN DEST DEST + ConvertExtendedReal(SRC); ELSE (* source operand is real number *) DEST DEST + SRC; FI; IF instruction = FADDP THEN PopRegisterStack; FI;

FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction if the inexact result exception (#P) is generated: 0 = not roundup; 1 = roundup. C0, C2, C3 Undefined.

3-166

INSTRUCTION SET REFERENCE

FADD/FADDP/FIADDAdd (Continued)
Floating-Point Exceptions #IS #IA Stack underflow occurred. Operand is an sNaN value or unsupported format. Operands are infinities of unlike sign. #D #U #O #P Source operand is a denormal value. Result is too small for destination format. Result is too large for destination format. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS #NM If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set.

3-167

INSTRUCTION SET REFERENCE

FADD/FADDP/FIADDAdd (Continued)
Virtual-8086 Mode Exceptions #GP(0) #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made.

3-168

INSTRUCTION SET REFERENCE

FBLDLoad Binary Coded Decimal

Opcode DF /4 Instruction FBLD m80 dec Description Convert BCD value to real and push onto the FPU stack.

Description This instruction converts the BCD source operand into extended-real format and pushes the value onto the FPU stack. The source operand is loaded without rounding errors. The sign of the source operand is preserved, including that of 0. The packed BCD digits are assumed to be in the range 0 through 9; the instruction does not check for invalid digits (AH through FH). Attempting to load an invalid encoding produces an undefined result. Operation
TOP TOP 1; ST(0) ExtendedReal(SRC);

FPU Flags Affected C1 C0, C2, C3 Set to 1 if stack overflow occurred; otherwise, cleared to 0. Undefined.

Floating-Point Exceptions #IS Stack overflow occurred.

Protected Mode Exceptions #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-169

INSTRUCTION SET REFERENCE

FBLDLoad Binary Coded Decimal (Continued)

Virtual-8086 Mode Exceptions #GP(0) #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made.

3-170

INSTRUCTION SET REFERENCE

FBSTPStore BCD Integer and Pop

Opcode DF /6 Instruction FBSTP m80bcd Description Store ST(0) in m80bcd and pop ST(0).

Description This instruction converts the value in the ST(0) register to an 18-digit packed BCD integer, stores the result in the destination operand, and pops the register stack. If the source value is a non-integral value, it is rounded to an integer value, according to rounding mode specified by the RC field of the FPU control word. To pop the register stack, the processor marks the ST(0) register as empty and increments the stack pointer (TOP) by 1. The destination operand specifies the address where the first byte destination value is to be stored. The BCD value (including its sign bit) requires 10 bytes of space in memory. The following table shows the results obtained when storing various classes of numbers in packed BCD format.
ST(0) - F < 1 1 < F < 0 0 +0 +0 < +F < +1 +F > +1 + NaN NOTES: F Means finite-real number. D Means packed-BCD number. * Indicates floating-point invalid operation (#IA) exception. ** 0 or 1, depending on the rounding mode. DEST * D ** 0 +0 ** +D * *

If the source value is too large for the destination format and the invalid operation exception is not masked, an invalid operation exception is generated and no value is stored in the destination operand. If the invalid operation exception is masked, the packed BCD indefinite value is stored in memory. If the source value is a quiet NaN, an invalid operation exception is generated. Quiet NaNs do not normally cause this exception to be generated.

3-171

INSTRUCTION SET REFERENCE

FBSTPStore BCD Integer and Pop (Continued)

Operation
DEST BCD(ST(0)); PopRegisterStack;

FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction if the inexact exception (#P) is generated: 0 = not roundup; 1 = roundup. C0, C2, C3 Undefined.

Floating-Point Exceptions #IS #IA #P Stack underflow occurred. Source operand is empty; contains a NaN, , or unsupported format; or contains value that exceeds 18 BCD digits in length. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #GP(0) If a segment register is being loaded with a segment selector that points to a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-172

INSTRUCTION SET REFERENCE

FBSTPStore BCD Integer and Pop (Continued)

3-173

INSTRUCTION SET REFERENCE

FCHSChange Sign
Opcode D9 E0 Instruction FCHS Description Complements sign of ST(0)

Description This instruction complements the sign bit of ST(0). This operation changes a positive value into a negative value of equal magnitude or vice versa. The following table shows the results obtained when changing the sign of various classes of numbers.
ST(0) SRC F 0 +0 +F + NaN NOTE: F Means finite-real number. ST(0) DEST + +F +0 0 F NaN

Operation
SignBit(ST(0)) NOT (SignBit(ST(0)))

FPU Flags Affected C1 C0, C2, C3 Set to 0 if stack underflow occurred; otherwise, cleared to 0. Undefined.

Floating-Point Exceptions #IS Stack underflow occurred.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-177

INSTRUCTION SET REFERENCE

FCMOVccFloating-Point Conditional Move

Opcode DA C0+i DA C8+i DA D0+i DA D8+i DB C0+i DB C8+i DB D0+i DB D8+i Instruction FCMOVB ST(0), ST(i) FCMOVE ST(0), ST(i) FCMOVBE ST(0), ST(i) FCMOVU ST(0), ST(i) FCMOVNB ST(0), ST(i) FCMOVNE ST(0), ST(i) FCMOVNBE ST(0), ST(i) FCMOVNU ST(0), ST(i) Description Move if below (CF=1) Move if equal (ZF=1) Move if below or equal (CF=1 or ZF=1) Move if unordered (PF=1) Move if not below (CF=0) Move if not equal (ZF=0) Move if not below or equal (CF=0 and ZF=0) Move if not unordered (PF=0)

Description This instruction tests the status flags in the EFLAGS register and moves the source operand (second operand) to the destination operand (first operand) if the given test condition is true. The conditions for each mnemonic are given in the Description column above and in Table 6-4 in Chapter 6, Instruction Set Summary of the Intel Architecture Software Developers Manual, Volume 1. The source operand is always in the ST(i) register and the destination operand is always ST(0). The FCMOVcc instructions are useful for optimizing small IF constructions. They also help eliminate branching overhead for IF operations and the possibility of branch mispredictions by the processor. A processor may not support the FCMOVcc instructions. Software can check if the FCMOVcc instructions are supported by checking the processors feature information with the CPUID instruction (refer to COMISSScalar Ordered Single-FP Compare and Set EFLAGS in this chapter). If both the CMOV and FPU feature bits are set, the FCMOVcc instructions are supported. Intel Architecture Compatibility The FCMOVcc instructions were introduced to the Intel Architecture in the Pentium Pro processor family and is not available in earlier Intel Architecture processors. Operation
IF condition TRUE ST(0) ST(i) FI;

FPU Flags Affected C1 C0, C2, C3 Set to 0 if stack underflow occurred. Undefined.

3-178

INSTRUCTION SET REFERENCE

FCMOVccFloating-Point Conditional Move (Continued)

Floating-Point Exceptions #IS Stack underflow occurred.

Integer Flags Affected None. Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-179

INSTRUCTION SET REFERENCE

FCOM/FCOMP/FCOMPPCompare Real
Opcode D8 /2 DC /2 D8 D0+i D8 D1 D8 /3 DC /3 D8 D8+i D8 D9 DE D9 Instruction FCOM m32real FCOM m64real FCOM ST(i) FCOM FCOMP m32real FCOMP m64real FCOMP ST(i) FCOMP FCOMPP Description Compare ST(0) with m32real. Compare ST(0) with m64real. Compare ST(0) with ST(i). Compare ST(0) with ST(1). Compare ST(0) with m32real and pop register stack. Compare ST(0) with m64real and pop register stack. Compare ST(0) with ST(i) and pop register stack. Compare ST(0) with ST(1) and pop register stack. Compare ST(0) with ST(1) and pop register stack twice.

FPU Flags Affected C1 C0, C2, C3 Set to 0 if stack underflow occurred; otherwise, cleared to 0. Not affected.

Floating-Point Exceptions #IS #IA Stack underflow occurred. (FCOMI or FCOMIP instruction) One or both operands are NaN values or have unsupported formats. (FUCOMI or FUCOMIP instruction) One or both operands are sNaN values (but not qNaNs) or have undefined formats. Detection of a qNaN value does not raise an invalid-operand exception. Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-185

INSTRUCTION SET REFERENCE

FCOSCosine
Opcode D9 FF Instruction FCOS Description Replace ST(0) with its cosine

Description This instruction calculates the cosine of the source operand in register ST(0) and stores the result in ST(0). The source operand must be given in radians and must be within the range 263 to +263. The following table shows the results obtained when taking the cosine of various classes of numbers, assuming that neither overflow nor underflow occurs.
ST(0) SRC F 0 +0 +F + NaN NOTES: F Means finite-real number. * Indicates floating-point invalid-arithmetic-operand (#IA) exception. ST(0) DEST * 1 to +1 +1 +1 1 to +1 * NaN

If the source operand is outside the acceptable range, the C2 flag in the FPU status word is set, and the value in register ST(0) remains unchanged. The instruction does not raise an exception when the source operand is out of range. It is up to the program to check the C2 flag for out-ofrange conditions. Source values outside the range 263 to +263 can be reduced to the range of the instruction by subtracting an appropriate integer multiple of 2 or by using the FPREM instruction with a divisor of 2. Refer to Section 7.5.8., Pi in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1, for a discussion of the proper value to use for in performing such reductions. Operation
IF |ST(0)| < 263 THEN C2 0; ST(0) cosine(ST(0)); ELSE (*source operand is out-of-range *) C2 1; FI;

3-186

INSTRUCTION SET REFERENCE

FCOSCosine (Continued)
FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction if the inexact result exception (#P) is generated: 0 = not roundup; 1 = roundup. Undefined if C2 is 1. C2 C0, C3 Set to 1 if source operand is outside the range 263 to +263; otherwise, cleared to 0. Undefined.

Floating-Point Exceptions #IS #IA #D #U #P Stack underflow occurred. Source operand is an sNaN value, , or unsupported format. Result is a denormal value. Result is too small for destination format. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-187

INSTRUCTION SET REFERENCE

FDECSTPDecrement Stack-Top Pointer

Opcode D9 F6 Instruction FDECSTP Description Decrement TOP field in FPU status word.

Description This instruction subtracts one from the TOP field of the FPU status word (decrements the topof-stack pointer). If the TOP field contains a 0, it is set to 7. The effect of this instruction is to rotate the stack by one position. The contents of the FPU data registers and tag register are not affected. Operation
IF TOP = 0 THEN TOP 7; ELSE TOP TOP 1; FI;

FPU Flags Affected The C1 flag is set to 0; otherwise, cleared to 0. The C0, C2, and C3 flags are undefined. Floating-Point Exceptions None. Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-188

INSTRUCTION SET REFERENCE

FDIV/FDIVP/FIDIVDivide
Opcode D8 /6 DC /6 D8 F0+i DC F8+i DE F8+i DE F9 DA /6 DE /6 Instruction FDIV m32real FDIV m64real FDIV ST(0), ST(i) FDIV ST(i), ST(0) FDIVP ST(i), ST(0) FDIVP FIDIV m32int FIDIV m16int Description Divide ST(0) by m32real and store result in ST(0) Divide ST(0) by m64real and store result in ST(0) Divide ST(0) by ST(i) and store result in ST(0) Divide ST(i) by ST(0) and store result in ST(i) Divide ST(i) by ST(0), store result in ST(i), and pop the register stack Divide ST(1) by ST(0), store result in ST(1), and pop the register stack Divide ST(0) by m32int and store result in ST(0) Divide ST(0) by m16int and store result in ST(0)

Description These instructions divide the destination operand by the source operand and stores the result in the destination location. The destination operand (dividend) is always in an FPU register; the source operand (divisor) can be a register or a memory location. Source operands in memory can be in single-real, double-real, word-integer, or short-integer formats. The no-operand version of the instruction divides the contents of the ST(1) register by the contents of the ST(0) register. The one-operand version divides the contents of the ST(0) register by the contents of a memory location (either a real or an integer value). The two-operand version, divides the contents of the ST(0) register by the contents of the ST(i) register or vice versa. The FDIVP instructions perform the additional operation of popping the FPU register stack after storing the result. To pop the register stack, the processor marks the ST(0) register as empty and increments the stack pointer (TOP) by 1. The no-operand version of the floating-point divide instructions always results in the register stack being popped. In some assemblers, the mnemonic for this instruction is FDIV rather than FDIVP. The FIDIV instructions convert an integer source operand to extended-real format before performing the division. When the source operand is an integer 0, it is treated as a +0. If an unmasked divide-by-zero exception (#Z) is generated, no result is stored; if the exception is masked, an of the appropriate sign is stored in the destination operand. The following table shows the results obtained when dividing various classes of numbers, assuming that neither overflow nor underflow occurs.

3-189

INSTRUCTION SET REFERENCE

FDIV/FDIVP/FIDIVDivide (Continued)
DEST - F I SRC 0 +0 +I +F + NaN NOTES: F Means finite-real number. I Means integer. * Indicates floating-point invalid-arithmetic-operand (#IA) exception. ** Indicates floating-point zero-divide (#Z) exception. * + + + * NaN F +0 +F +F ** ** F F 0 NaN 0 +0 +0 +0 * * 0 0 0 NaN +0 0 0 0 * * +0 +0 +0 NaN +F 0 F F ** ** +F +F +0 NaN + * + + + * NaN NaN NaN NaN NaN NaN NaN NaN NaN NaN NaN

Operation
IF SRC = 0 THEN #Z ELSE IF instruction is FIDIV THEN DEST DEST / ConvertExtendedReal(SRC); ELSE (* source operand is real number *) DEST DEST / SRC; FI; FI; IF instruction = FDIVP THEN PopRegisterStack FI;

3-190

INSTRUCTION SET REFERENCE

FDIV/FDIVP/FIDIVDivide (Continued)
FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction if the inexact result exception (#P) is generated: 0 = not roundup; 1 = roundup. C0, C2, C3 Undefined.

Floating-Point Exceptions #IS #IA Stack underflow occurred. Operand is an sNaN value or unsupported format. / ; 0 / 0 #D #Z #U #O #P Result is a denormal value. DEST / 0, where DEST is not equal to 0. Result is too small for destination format. Result is too large for destination format. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-191

INSTRUCTION SET REFERENCE

FDIV/FDIVP/FIDIVDivide (Continued)
Virtual-8086 Mode Exceptions #GP(0) #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made.

3-192

INSTRUCTION SET REFERENCE

INSTRUCTION SET REFERENCE

FFREEFree Floating-Point Register

Opcode DD C0+i Instruction FFREE ST(i) Description Sets tag for ST(i) to empty

Description This instruction sets the tag in the FPU tag register associated with register ST(i) to empty (11B). The contents of ST(i) and the FPU stack-top pointer (TOP) are not affected. Operation
TAG(i) 11B;

FPU Flags Affected C0, C1, C2, C3 undefined. Floating-Point Exceptions None. Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-197

INSTRUCTION SET REFERENCE

FICOM/FICOMPCompare Integer
Opcode DE /2 DA /2 DE /3 DA /3 Instruction FICOM m16int FICOM m32int FICOMP m16int FICOMP m32int Description Compare ST(0) with m16int Compare ST(0) with m32int Compare ST(0) with m16int and pop stack register Compare ST(0) with m32int and pop stack register

Description These instruction compare the value in ST(0) with an integer source operand and sets the condition code flags C0, C2, and C3 in the FPU status word according to the results (refer to table below). The integer value is converted to extended-real format before the comparison is made.
Condition ST(0) > SRC ST(0) < SRC ST(0) = SRC Unordered C3 0 0 1 1 C2 0 0 0 1 C0 0 1 0 1

These instructions perform an unordered comparison. An unordered comparison also checks the class of the numbers being compared (refer to FXAMExamine in this chapter). If either operand is a NaN or is in an undefined format, the condition flags are set to unordered. The sign of zero is ignored, so that 0.0 = +0.0. The FICOMP instructions pop the register stack following the comparison. To pop the register stack, the processor marks the ST(0) register empty and increments the stack pointer (TOP) by 1. Operation
CASE (relation of operands) OF ST(0) > SRC: C3, C2, C0 000; ST(0) < SRC: C3, C2, C0 001; ST(0) = SRC: C3, C2, C0 100; Unordered: C3, C2, C0 111; ESAC; IF instruction = FICOMP THEN PopRegisterStack; FI;

3-198

INSTRUCTION SET REFERENCE

FICOM/FICOMPCompare Integer (Continued)

FPU Flags Affected C1 C0, C2, C3 Set to 0 if stack underflow occurred; otherwise, set to 0. Refer to table on previous page.

Floating-Point Exceptions #IS #IA #D Stack underflow occurred. One or both operands are NaN values or have unsupported formats. One or both operands are denormal values.

Protected Mode Exceptions #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-199

INSTRUCTION SET REFERENCE

FILDLoad Integer
Opcode DF /0 DB /0 DF /5 Instruction FILD m16int FILD m32int FILD m64int Description Push m16int onto the FPU register stack. Push m32int onto the FPU register stack. Push m64int onto the FPU register stack.

Description This instruction converts the signed-integer source operand into extended-real format and pushes the value onto the FPU register stack. The source operand can be a word, short, or long integer value. It is loaded without rounding errors. The sign of the source operand is preserved. Operation
TOP TOP 1; ST(0) ExtendedReal(SRC);

FPU Flags Affected C1 C0, C2, C3 Set to 1 if stack overflow occurred; cleared to 0 otherwise. Undefined.

Floating-Point Exceptions #IS Stack overflow occurred.

Protected Mode Exceptions #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-200

INSTRUCTION SET REFERENCE

FILDLoad Integer (Continued)

3-201

INSTRUCTION SET REFERENCE

FINCSTPIncrement Stack-Top Pointer

Opcode D9 F7 Instruction FINCSTP Description Increment the TOP field in the FPU status register

Description This instruction adds one to the TOP field of the FPU status word (increments the top-of-stack pointer). If the TOP field contains a 7, it is set to 0. The effect of this instruction is to rotate the stack by one position. The contents of the FPU data registers and tag register are not affected. This operation is not equivalent to popping the stack, because the tag for the previous top-ofstack register is not marked empty. Operation
IF TOP = 7 THEN TOP 0; ELSE TOP TOP + 1; FI;

FPU Flags Affected The C1 flag is set to 0; otherwise, cleared to 0. The C0, C2, and C3 flags are undefined. Floating-Point Exceptions None. Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction of if the inexact exception (#P) is generated: 0 = not roundup; 1 = roundup. Cleared to 0 otherwise. C0, C2, C3 Undefined.

Floating-Point Exceptions #IS #IA Stack underflow occurred. Source operand is too large for the destination format Source operand is a NaN value or unsupported format. #P Value cannot be represented exactly in destination format.

3-206

INSTRUCTION SET REFERENCE

FIST/FISTPStore Integer (Continued)

Protected Mode Exceptions #GP(0) If the destination is located in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a null segment selector. #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-207

INSTRUCTION SET REFERENCE

FLDLoad Real
Opcode D9 /0 DD /0 DB /5 D9 C0+i Instruction FLD m32real FLD m64real FLD m80real FLD ST(i) Description Push m32real onto the FPU register stack. Push m64real onto the FPU register stack. Push m80real onto the FPU register stack. Push ST(i) onto the FPU register stack.

Description This instruction pushes the source operand onto the FPU register stack. If the source operand is in single- or double-real format, it is automatically converted to the extended-real format before being pushed on the stack. The FLD instruction can also push the value in a selected FPU register [ST(i)] onto the stack. Here, pushing register ST(0) duplicates the stack top. Operation
IF SRC is ST(i) THEN temp ST(i) TOP TOP 1; IF SRC is memory-operand THEN ST(0) ExtendedReal(SRC); ELSE (* SRC is ST(i) *) ST(0) temp;

FPU Flags Affected C1 C0, C2, C3 Set to 1 if stack overflow occurred; otherwise, cleared to 0. Undefined.

Floating-Point Exceptions #IS #IA #D Stack overflow occurred. Source operand is an sNaN value or unsupported format. Source operand is a denormal value. Does not occur if the source operand is in extended-real format.

3-208

INSTRUCTION SET REFERENCE

FLDLoad Real (Continued)

Protected Mode Exceptions #GP(0) If destination is located in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a null segment selector. #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-209

INSTRUCTION SET REFERENCE

FLD1/FLDL2T/FLDL2E/FLDPI/FLDLG2/FLDLN2/FLDZLoad Constant
Opcode D9 E8 D9 E9 D9 EA D9 EB D9 EC D9 ED D9 EE Instruction FLD1 FLDL2T FLDL2E FLDPI FLDLG2 FLDLN2 FLDZ Description Push +1.0 onto the FPU register stack. Push log210 onto the FPU register stack. Push log2e onto the FPU register stack. Push onto the FPU register stack. Push log102 onto the FPU register stack. Push loge2 onto the FPU register stack. Push +0.0 onto the FPU register stack.

Description These instructions push one of seven commonly used constants (in extended-real format) onto the FPU register stack. The constants that can be loaded with these instructions include +1.0, +0.0, log210, log2e, , log102, and loge2. For each constant, an internal 66-bit constant is rounded (as specified by the RC field in the FPU control word) to external-real format. The inexact result exception (#P) is not generated as a result of the rounding. Refer to Section 7.5.8., Pi in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1, for a description of the constant. Operation
TOP TOP 1; ST(0) CONSTANT;

FPU Flags Affected C1 C0, C2, C3 Set to 1 if stack overflow occurred; otherwise, cleared to 0. Undefined.

Floating-Point Exceptions #IS Stack overflow occurred.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

3-210

INSTRUCTION SET REFERENCE

FLD1/FLDL2T/FLDL2E/FLDPI/FLDLG2/FLDLN2/FLDZLoad Constant (Continued)

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

Intel Architecture Compatibility When the RC field is set to round to nearest mode, the FPU produces the same constants that is produced by the Intel 8087 and Intel287 math coprocessors.

3-211

INSTRUCTION SET REFERENCE

FLDCWLoad Control Word

Opcode D9 /5 Instruction FLDCW m2byte Description Load FPU control word from m2byte.

Description This instruction loads the 16-bit source operand into the FPU control word. The source operand is a memory location. This instruction is typically used to establish or change the FPUs mode of operation. If one or more exception flags are set in the FPU status word prior to loading a new FPU control word and the new control word unmasks one or more of those exceptions, a floating-point exception will be generated upon execution of the next floating-point instruction (except for the no-wait floating-point instructions. For more information, refer to Section 7.7.3., Software Exception Handling in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1). To avoid raising exceptions when changing FPU operating modes, clear any pending exceptions (using the FCLEX or FNCLEX instruction) before loading the new control word. Intel Architecture Compatibility On a Pentium III processor, the FLDCW instruction operates the same as on a Pentium II processor. It has no effect on the Pentium III processor SIMD floating-point functional unit or control/status register. Operation
FPUControlWord SRC;

FPU Flags Affected C0, C1, C2, C3 undefined. Floating-Point Exceptions None; however, this operation might unmask a pending exception in the FPU status word. That exception is then generated upon execution of the next waiting floating-point instruction.

3-212

INSTRUCTION SET REFERENCE

FLDCWLoad Control Word (Continued)

Protected Mode Exceptions #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a null segment selector. #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-213

INSTRUCTION SET REFERENCE

FLDENVLoad FPU Environment

Opcode D9 /4 Instruction FLDENV m14/28byte Description Load FPU environment from m14byte or m28byte.

Description This instruction loads the complete FPU operating environment from memory into the FPU registers. The source operand specifies the first byte of the operating-environment data in memory. This data is typically written to the specified memory location by a FSTENV or FNSTENV instruction. The FPU operating environment consists of the FPU control word, status word, tag word, instruction pointer, data pointer, and last opcode. Figures 7-13 through Figure 7-16 in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1, show the layout in memory of the loaded environment, depending on the operating mode of the processor (protected or real) and the current operand-size attribute (16-bit or 32-bit). In virtual8086 mode, the real mode layouts are used. The FLDENV instruction should be executed in the same operating mode as the corresponding FSTENV/FNSTENV instruction. If one or more unmasked exception flags are set in the new FPU status word, a floating-point exception will be generated upon execution of the next floating-point instruction (except for the no-wait floating-point instructions. or more information, refer to Section 7.7.3., Software Exception Handling in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1). To avoid generating exceptions when loading a new environment, clear all the exception flags in the FPU status word that is being loaded. Intel Architecture Compatibility On a Pentium III processor, the FLDENV instruction operates the same as on a Pentium II processor. It has no effect on the Pentium III processor SIMD floating-point functional unit or control/status register. Operation
FPUControlWord SRC(FPUControlWord); FPUStatusWord SRC(FPUStatusWord); FPUTagWord SRC(FPUTagWord); FPUDataPointer SRC(FPUDataPointer); FPUInstructionPointer SRC(FPUInstructionPointer); FPULastInstructionOpcode SRC(FPULastInstructionOpcode);

3-219

INSTRUCTION SET REFERENCE

FNOPNo Operation
Opcode D9 D0 Instruction FNOP Description No operation is performed.

Description This instruction performs no FPU operation. This instruction takes up space in the instruction stream but does not affect the FPU or machine context, except the EIP register. FPU Flags Affected C0, C1, C2, C3 undefined. Floating-Point Exceptions None. Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-220

INSTRUCTION SET REFERENCE

FPATANPartial Arctangent
Opcode D9 F3 Instruction FPATAN Description Replace ST(1) with arctan(ST(1)/ST(0)) and pop the register stack

Description This instruction computes the arctangent of the source operand in register ST(1) divided by the source operand in register ST(0), stores the result in ST(1), and pops the FPU register stack. The result in register ST(0) has the same sign as the source operand ST(1) and a magnitude less than +. The FPATAN instruction returns the angle between the X axis and the line from the origin to the point (X,Y), where Y (the ordinate) is ST(1) and X (the abscissa) is ST(0). The angle depends on the sign of X and Y independently, not just on the sign of the ratio Y/X. This is because a point (X,Y) is in the second quadrant, resulting in an angle between /2 and , while a point (X,Y) is in the fourth quadrant, resulting in an angle between 0 and /2. A point (X,Y) is in the third quadrant, giving an angle between /2 and . The following table shows the results obtained when computing the arctangent of various classes of numbers, assuming that underflow does not occur.
ST(0) ST(1) F 0 +0 +F + NaN NOTES: F Means finite-real number. * Table 7-21 in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1, specifies that the ratios 0/0 and / generate the floating-point invalid arithmetic-operation exception and, if this exception is masked, the real indefinite value is returned. With the FPATAN instruction, the 0/0 or / value is actually not calculated using division. Instead, the arctangent of the two variables is derived from a common mathematical formulation that is generalized to allow complex numbers as arguments. In this complex variable formulation, arctangent(0,0) etc. has well defined values. These values are needed to develop a library to compute transcendental functions with complex arguments, based on the FPU functions that only allow real numbers as arguments. 3/4* + + +3/4* NaN F /2 to /2 + + to +/2 +/2 NaN 0 /2 /2 * +* +/2 +/2 NaN +0 /2 /2 0* +0* +/2 +/2 NaN +F /2 /2 to 0 0 +0 +/2 to +0 +/2 NaN + /4* -0 0 +0 +0 +/4* NaN NaN NaN NaN NaN NaN NaN NaN NaN

There is no restriction on the range of source operands that FPATAN can accept.

3-221

INSTRUCTION SET REFERENCE

FPATANPartial Arctangent (Continued)

Intel Architecture Compatibility The source operands for this instruction are restricted for the 80287 math coprocessor to the following range: 0 |ST(1)| < |ST(0)| < + Operation
ST(1) arctan(ST(1) / ST(0)); PopRegisterStack;

FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction if the inexact result exception (#P) is generated: 0 = not roundup; 1 = roundup. C0, C2, C3 Undefined.

Floating-Point Exceptions #IS #IA #D #U #P Stack underflow occurred. Source operand is an sNaN value or unsupported format. Source operand is a denormal value. Result is too small for destination format. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-222

INSTRUCTION SET REFERENCE

FPREMPartial Remainder
Opcode D9 F8 Instruction FPREM Description Replace ST(0) with the remainder obtained from dividing ST(0) by ST(1)

Description This instruction computes the remainder obtained from dividing the value in the ST(0) register (the dividend) by the value in the ST(1) register (the divisor or modulus), and stores the result in ST(0). The remainder represents the following value: Remainder = ST(0) (Q ST(1)) Here, Q is an integer value that is obtained by truncating the real-number quotient of [ST(0) / ST(1)] toward zero. The sign of the remainder is the same as the sign of the dividend. The magnitude of the remainder is less than that of the modulus, unless a partial remainder was computed (as described below). This instruction produces an exact result; the precision (inexact) exception does not occur and the rounding control has no effect. The following table shows the results obtained when computing the remainder of various classes of numbers, assuming that underflow does not occur.
ST(1) ST(0) F 0 +0 +F + NaN NOTES: F Means finite-real number. * Indicates floating-point invalid-arithmetic-operand (#IA) exception. ** Indicates floating-point zero-divide (#Z) exception. * ST(0) 0 +0 ST(0) * NaN F * F or 0 0 +0 +F or +0 * NaN 0 * ** * * ** * NaN +0 * ** * * ** * NaN +F * F or 0 0 +0 +F or +0 * NaN + * ST(0) 0 +0 ST(0) * NaN NaN NaN NaN NaN NaN NaN NaN NaN

When the result is 0, its sign is the same as that of the dividend. When the modulus is , the result is equal to the value in ST(0).

3-223

INSTRUCTION SET REFERENCE

FPREMPartial Remainder (Continued)

The FPREM instruction gets its name partial remainder because of the way it computes the remainder. This instructions arrives at a remainder through iterative subtraction. It can, however, reduce the exponent of ST(0) by no more than 63 in one execution of the instruction. If the instruction succeeds in producing a remainder that is less than the modulus, the operation is complete and the C2 flag in the FPU status word is cleared. Otherwise, C2 is set, and the result in ST(0) is called the partial remainder. The exponent of the partial remainder will be less than the exponent of the original dividend by at least 32. Software can re-execute the instruction (using the partial remainder in ST(0) as the dividend) until C2 is cleared. (Note that while executing such a remainder-computation loop, a higher-priority interrupting routine that needs the FPU can force a context switch in-between the instructions in the loop.) An important use of the FPREM instruction is to reduce the arguments of periodic functions. When reduction is complete, the instruction stores the three least-significant bits of the quotient in the C3, C1, and C0 flags of the FPU status word. This information is important in argument reduction for the tangent function (using a modulus of /4), because it locates the original angle in the correct one of eight sectors of the unit circle. Operation
D exponent(ST(0)) exponent(ST(1)); IF D < 64 THEN Q Integer(TruncateTowardZero(ST(0) / ST(1))); ST(0) ST(0) (ST(1) Q); C2 0; C0, C3, C1 LeastSignificantBits(Q); (* Q2, Q1, Q0 *) ELSE C2 1; N an implementation-dependent number between 32 and 63; QQ Integer(TruncateTowardZero((ST(0) / ST(1)) / 2(D N))); ST(0) ST(0) (ST(1) QQ 2(D N)); FI;

FPU Flags Affected C0 C1 C2 C3 Set to bit 2 (Q2) of the quotient. Set to 0 if stack underflow occurred; otherwise, set to least significant bit of quotient (Q0). Set to 0 if reduction complete; set to 1 if incomplete. Set to bit 1 (Q1) of the quotient.

3-224

INSTRUCTION SET REFERENCE

FPREMPartial Remainder (Continued)

Floating-Point Exceptions #IS #IA #D #U Stack underflow occurred. Source operand is an sNaN value, modulus is 0, dividend is , or unsupported format. Source operand is a denormal value. Result is too small for destination format.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-225

INSTRUCTION SET REFERENCE

FPREM1Partial Remainder
Opcode D9 F5 Instruction FPREM1 Description Replace ST(0) with the IEEE remainder obtained from dividing ST(0) by ST(1)

Description This instruction computes the IEEE remainder obtained from dividing the value in the ST(0) register (the dividend) by the value in the ST(1) register (the divisor or modulus), and stores the result in ST(0). The remainder represents the following value: Remainder = ST(0) (Q ST(1)) Here, Q is an integer value that is obtained by rounding the real-number quotient of [ST(0) / ST(1)] toward the nearest integer value. The magnitude of the remainder is less than half the magnitude of the modulus, unless a partial remainder was computed (as described below). This instruction produces an exact result; the precision (inexact) exception does not occur and the rounding control has no effect. The following table shows the results obtained when computing the remainder of various classes of numbers, assuming that underflow does not occur.
ST(1) ST(0) F 0 +0 +F + NaN NOTES: F Means finite-real number. * Indicates floating-point invalid-arithmetic-operand (#IA) exception. ** Indicates floating-point zero-divide (#Z) exception. * ST(0) 0 +0 ST(0) * NaN F * F or 0 0 +0 F or +0 * NaN 0 * ** * * ** * NaN +0 * ** * * ** * NaN +F * F or 0 0 +0 F or +0 * NaN + * ST(0) 0 +0 ST(0) * NaN NaN NaN NaN NaN NaN NaN NaN NaN

When the result is 0, its sign is the same as that of the dividend. When the modulus is , the result is equal to the value in ST(0). The FPREM1 instruction computes the remainder specified in IEEE Std 754. This instruction operates differently from the FPREM instruction in the way that it rounds the quotient of ST(0) divided by ST(1) to an integer (refer to the Operation section below).

3-226

INSTRUCTION SET REFERENCE

FPREM1Partial Remainder (Continued)

Like the FPREM instruction, the FPREM1 computes the remainder through iterative subtraction, but can reduce the exponent of ST(0) by no more than 63 in one execution of the instruction. If the instruction succeeds in producing a remainder that is less than one half the modulus, the operation is complete and the C2 flag in the FPU status word is cleared. Otherwise, C2 is set, and the result in ST(0) is called the partial remainder. The exponent of the partial remainder will be less than the exponent of the original dividend by at least 32. Software can reexecute the instruction (using the partial remainder in ST(0) as the dividend) until C2 is cleared. (Note that while executing such a remainder-computation loop, a higher-priority interrupting routine that needs the FPU can force a context switch in-between the instructions in the loop.) An important use of the FPREM1 instruction is to reduce the arguments of periodic functions. When reduction is complete, the instruction stores the three least-significant bits of the quotient in the C3, C1, and C0 flags of the FPU status word. This information is important in argument reduction for the tangent function (using a modulus of /4), because it locates the original angle in the correct one of eight sectors of the unit circle. Operation
D exponent(ST(0)) exponent(ST(1)); IF D < 64 THEN Q Integer(RoundTowardNearestInteger(ST(0) / ST(1))); ST(0) ST(0) (ST(1) Q); C2 0; C0, C3, C1 LeastSignificantBits(Q); (* Q2, Q1, Q0 *) ELSE C2 1; N an implementation-dependent number between 32 and 63; QQ Integer(TruncateTowardZero((ST(0) / ST(1)) / 2(D N))); ST(0) ST(0) (ST(1) QQ 2(D N)); FI;

3-227

INSTRUCTION SET REFERENCE

FPREM1Partial Remainder (Continued)

Floating-Point Exceptions #IS #IA #D #U Stack underflow occurred. Source operand is an sNaN value, modulus (divisor) is 0, dividend is , or unsupported format. Source operand is a denormal value. Result is too small for destination format.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-228

INSTRUCTION SET REFERENCE

FPTANPartial Tangent
Opcode D9 F2 Instruction FPTAN Clocks 17-173 Description Replace ST(0) with its tangent and push 1 onto the FPU stack.

Description This instruction computes the tangent of the source operand in register ST(0), stores the result in ST(0), and pushes a 1.0 onto the FPU register stack. The source operand must be given in radians and must be less than 263. The following table shows the unmasked results obtained when computing the partial tangent of various classes of numbers, assuming that underflow does not occur.
ST(0) SRC F 0 +0 +F + NaN NOTES: F Means finite-real number. * Indicates floating-point invalid-arithmetic-operand (#IA) exception. ST(0) DEST * F to +F 0 +0 F to +F * NaN

If the source operand is outside the acceptable range, the C2 flag in the FPU status word is set, and the value in register ST(0) remains unchanged. The instruction does not raise an exception when the source operand is out of range. It is up to the program to check the C2 flag for out-ofrange conditions. Source values outside the range 263 to +263 can be reduced to the range of the instruction by subtracting an appropriate integer multiple of 2 or by using the FPREM instruction with a divisor of 2. Refer to Section 7.5.8., Pi in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1, for a discussion of the proper value to use for in performing such reductions. The value 1.0 is pushed onto the register stack after the tangent has been computed to maintain compatibility with the Intel 8087 and Intel287 math coprocessors. This operation also simplifies the calculation of other trigonometric functions. For instance, the cotangent (which is the reciprocal of the tangent) can be computed by executing a FDIVR instruction after the FPTAN instruction.

Floating-Point Exceptions #IS #IA #D #U #O #P Stack underflow occurred. Source operand is an sNaN value or unsupported format. Source operand is a denormal value. Result is too small for destination format. Result is too large for destination format. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-239

INSTRUCTION SET REFERENCE

FSINSine
Opcode D9 FE Instruction FSIN Description Replace ST(0) with its sine.

Description This instruction calculates the sine of the source operand in register ST(0) and stores the result in ST(0). The source operand must be given in radians and must be within the range 263 to +263. The following table shows the results obtained when taking the sine of various classes of numbers, assuming that underflow does not occur.
SRC (ST(0)) F 0 +0 +F + NaN NOTES: F Means finite-real number. * Indicates floating-point invalid-arithmetic-operand (#IA) exception. DEST (ST(0)) * 1 to +1 0 +0 1 to +1 * NaN

If the source operand is outside the acceptable range, the C2 flag in the FPU status word is set, and the value in register ST(0) remains unchanged. The instruction does not raise an exception when the source operand is out of range. It is up to the program to check the C2 flag for out-ofrange conditions. Source values outside the range 263 to +263 can be reduced to the range of the instruction by subtracting an appropriate integer multiple of 2 or by using the FPREM instruction with a divisor of 2. Refer to Section 7.5.8., Pi in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1, for a discussion of the proper value to use for in performing such reductions. Operation
IF ST(0) < 263 THEN C2 0; ST(0) sin(ST(0)); ELSE (* source operand out of range *) C2 1; FI:

3-240

INSTRUCTION SET REFERENCE

FSINSine (Continued)
FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction if the inexact result exception (#P) is generated: 0 = not roundup; 1 = roundup. C2 C0, C3 Set to 1 if source operand is outside the range 263 to +263; otherwise, cleared to 0. Undefined.

Floating-Point Exceptions #IS #IA #D #P Stack underflow occurred. Source operand is an sNaN value, , or unsupported format. Source operand is a denormal value. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-241

Description This instruction calculates the square root of the source value in the ST(0) register and stores the result in ST(0). The following table shows the results obtained when taking the square root of various classes of numbers, assuming that neither overflow nor underflow occurs.
SRC (ST(0)) F 0 +0 +F + NaN NOTES: F Means finite-real number. * Indicates floating-point invalid-arithmetic-operand (#IA) exception. DEST (ST(0)) * * 0 +0 +F + NaN

Operation
ST(0) SquareRoot(ST(0));

FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction if inexact result exception (#P) is generated: 0 = not roundup; 1 = roundup. C0, C2, C3 Undefined.

3-244

INSTRUCTION SET REFERENCE

FSQRTSquare Root (Continued)

Floating-Point Exceptions #IS #IA Stack underflow occurred. Source operand is an sNaN value or unsupported format. Source operand is a negative value (except for 0). #D #P Source operand is a denormal value. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-245

INSTRUCTION SET REFERENCE

FST/FSTPStore Real
Opcode D9 /2 DD /2 DD D0+i D9 /3 DD /3 DB /7 DD D8+i Instruction FST m32real FST m64real FST ST(i) FSTP m32real FSTP m64real FSTP m80real FSTP ST(i) Description Copy ST(0) to m32real Copy ST(0) to m64real Copy ST(0) to ST(i) Copy ST(0) to m32real and pop register stack Copy ST(0) to m64real and pop register stack Copy ST(0) to m80real and pop register stack Copy ST(0) to ST(i) and pop register stack

Description The FST instruction copies the value in the ST(0) register to the destination operand, which can be a memory location or another register in the FPU register stack. When storing the value in memory, the value is converted to single- or double-real format. The FSTP instruction performs the same operation as the FST instruction and then pops the register stack. To pop the register stack, the processor marks the ST(0) register as empty and increments the stack pointer (TOP) by 1. The FSTP instruction can also store values in memory in extended-real format. If the destination operand is a memory location, the operand specifies the address where the first byte of the destination value is to be stored. If the destination operand is a register, the operand specifies a register in the register stack relative to the top of the stack. If the destination size is single- or double-real, the significand of the value being stored is rounded to the width of the destination (according to rounding mode specified by the RC field of the FPU control word), and the exponent is converted to the width and bias of the destination format. If the value being stored is too large for the destination format, a numeric overflow exception (#O) is generated and, if the exception is unmasked, no value is stored in the destination operand. If the value being stored is a denormal value, the denormal exception (#D) is not generated. This condition is simply signaled as a numeric underflow exception (#U) condition. If the value being stored is 0, , or a NaN, the least-significant bits of the significand and the exponent are truncated to fit the destination format. This operation preserves the values identity as a 0, , or NaN. If the destination operand is a non-empty register, the invalid operation exception is not generated. Operation
DEST ST(0); IF instruction = FSTP THEN PopRegisterStack; FI;

3-246

INSTRUCTION SET REFERENCE

FST/FSTPStore Real (Continued)

FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction of if the floating-point inexact exception (#P) is generated: 0 = not roundup; 1 = roundup. C0, C2, C3 Undefined.

Floating-Point Exceptions #IS #IA #U #O #P Stack underflow occurred. Source operand is an sNaN value or unsupported format. Result is too small for the destination format. Result is too large for the destination format. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #GP(0) If the destination is located in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a null segment selector. #SS(0) #NM #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. EM or TS in CR0 is set. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-247

INSTRUCTION SET REFERENCE

FST/FSTPStore Real (Continued)

3-248

INSTRUCTION SET REFERENCE

FSTCW/FNSTCWStore Control Word

Opcode 9B D9 /7 D9 /7 NOTE: * Refer to Intel Architecture Compatibility below. Instruction FSTCW m2byte FNSTCW* m2byte Description Store FPU control word to m2byte after checking for pending unmasked floating-point exceptions. Store FPU control word to m2byte without checking for pending unmasked floating-point exceptions.

Description These instructions store the current value of the FPU control word at the specified destination in memory. The FSTCW instruction checks for and handles pending unmasked floating-point exceptions before storing the control word; the FNSTCW instruction does not. Intel Architecture Compatibility When operating a Pentium or Intel486 processor in MS-DOS compatibility mode, it is possible (under unusual circumstances) for an FNSTCW instruction to be interrupted prior to being executed to handle a pending FPU exception. Refer to Section E.2.1.3, No-Wait FPU Instructions Can Get FPU Interrupt in Window in Appendix E, Guidelines for Writing FPU Exception Handlers of the Intel Architecture Software Developers Manual, Volume 1, for a description of these circumstances. An FNSTCW instruction cannot be interrupted in this way on a Pentium Pro processor. On a Pentium III processor, the FSTCW/FNSTCW instructions operate the same as on a Pentium II processor. They have no effect on the Pentium III processor SIMD floating-point functional unit or control/status register. Operation
DEST FPUControlWord;

FPU Flags Affected The C0, C1, C2, and C3 flags are undefined. Floating-Point Exceptions None.

3-249

INSTRUCTION SET REFERENCE

INSTRUCTION SET REFERENCE

FSTSW/FNSTSWStore Status Word (Continued)

Operation
DEST FPUStatusWord;

3-255

INSTRUCTION SET REFERENCE

FSTSW/FNSTSWStore Status Word (Continued)

3-256

INSTRUCTION SET REFERENCE

FSUB/FSUBP/FISUBSubtract
Opcode D8 /4 DC /4 D8 E0+i DC E8+i DE E8+i DE E9 DA /4 DE /4 Instruction FSUB m32real FSUB m64real FSUB ST(0), ST(i) FSUB ST(i), ST(0) FSUBP ST(i), ST(0) FSUBP FISUB m32int FISUB m16int Description Subtract m32real from ST(0) and store result in ST(0) Subtract m64real from ST(0) and store result in ST(0) Subtract ST(i) from ST(0) and store result in ST(0) Subtract ST(0) from ST(i) and store result in ST(i) Subtract ST(0) from ST(i), store result in ST(i), and pop register stack Subtract ST(0) from ST(1), store result in ST(1), and pop register stack Subtract m32int from ST(0) and store result in ST(0) Subtract m16int from ST(0) and store result in ST(0)

Description These instructions subtract the source operand from the destination operand and stores the difference in the destination location. The destination operand is always an FPU data register; the source operand can be a register or a memory location. Source operands in memory can be in single-real, double-real, word-integer, or short-integer formats. The no-operand version of the instruction subtracts the contents of the ST(0) register from the ST(1) register and stores the result in ST(1). The one-operand version subtracts the contents of a memory location (either a real or an integer value) from the contents of the ST(0) register and stores the result in ST(0). The two-operand version, subtracts the contents of the ST(0) register from the ST(i) register or vice versa. The FSUBP instructions perform the additional operation of popping the FPU register stack following the subtraction. To pop the register stack, the processor marks the ST(0) register as empty and increments the stack pointer (TOP) by 1. The no-operand version of the floatingpoint subtract instructions always results in the register stack being popped. In some assemblers, the mnemonic for this instruction is FSUB rather than FSUBP. The FISUB instructions convert an integer source operand to extended-real format before performing the subtraction. The following table shows the results obtained when subtracting various classes of numbers from one another, assuming that neither overflow nor underflow occurs. Here, the SRC value is subtracted from the DEST value (DEST SRC = result). When the difference between two operands of like sign is 0, the result is +0, except for the round toward mode, in which case the result is 0. This instruction also guarantees that +0 (0) = +0, and that 0 (+0) = 0. When the source operand is an integer 0, it is treated as a +0. When one operand is , the result is of the expected sign. If both operands are of the same sign, an invalid operation exception is generated.

3-257

INSTRUCTION SET REFERENCE

FSUB/FSUBP/FISUBSubtract (Continued)
SRC F DEST 0 +0 +F + NaN NOTES: F Means finite-real number. I Means integer. * Indicates floating-point invalid-arithmetic-operand (#IA) exception. * + + + + + NaN F or I F or 0 SRC SRC +F + NaN 0 DEST 0 +0 DEST + NaN +0 DEST 0 0 DEST + NaN +F or +I F SRC SRC F or 0 + NaN + * NaN NaN NaN NaN NaN NaN NaN NaN NaN

Operation
IF instruction is FISUB THEN DEST DEST ConvertExtendedReal(SRC); ELSE (* source operand is real number *) DEST DEST SRC; FI; IF instruction is FSUBP THEN PopRegisterStack FI;

FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction if the inexact result exception (#P) fault is generated: 0 = not roundup; 1 = roundup. C0, C2, C3 Undefined.

3-258

INSTRUCTION SET REFERENCE

FSUB/FSUBP/FISUBSubtract (Continued)
Floating-Point Exceptions #IS #IA Stack underflow occurred. Operand is an sNaN value or unsupported format. Operands are infinities of like sign. #D #U #O #P Source operand is a denormal value. Result is too small for destination format. Result is too large for destination format. Value cannot be represented exactly in destination format.

3-259

3-262

INSTRUCTION SET REFERENCE

FSUBR/FSUBRP/FISUBRReverse Subtract (Continued)

Floating-Point Exceptions #IS #IA Stack underflow occurred. Operand is an sNaN value or unsupported format. Operands are infinities of like sign. #D #U #O #P Source operand is a denormal value. Result is too small for destination format. Result is too large for destination format. Value cannot be represented exactly in destination format.

3-263

INSTRUCTION SET REFERENCE

FSUBR/FSUBRP/FISUBRReverse Subtract (Continued)

3-264

INSTRUCTION SET REFERENCE

FTSTTEST
Opcode D9 E4 Instruction FTST Description Compare ST(0) with 0.0.

Description This instruction compares the value in the ST(0) register with 0.0 and sets the condition code flags C0, C2, and C3 in the FPU status word according to the results (refer to the table below).
Condition ST(0) > 0.0 ST(0) < 0.0 ST(0) = 0.0 Unordered C3 0 0 1 1 C2 0 0 0 1 C0 0 1 0 1

This instruction performs an unordered comparison. An unordered comparison also checks the class of the numbers being compared (refer to FXAMExamine in this chapter). If the value in register ST(0) is a NaN or is in an undefined format, the condition flags are set to unordered and the invalid operation exception is generated. The sign of zero is ignored, so that 0.0 = +0.0. Operation
CASE (relation of operands) OF Not comparable: C3, C2, C0 111; ST(0) > 0.0: C3, C2, C0 000; ST(0) < 0.0: C3, C2, C0 001; ST(0) = 0.0: C3, C2, C0 100; ESAC;

FPU Flags Affected C1 C0, C2, C3 Set to 0 if stack underflow occurred; otherwise, cleared to 0. Refer to above table.

Floating-Point Exceptions #IS #IA #D Stack underflow occurred. The source operand is a NaN value or is in an unsupported format. The source operand is a denormal value.

3-265

INSTRUCTION SET REFERENCE

FTSTTEST (Continued)
Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-266

INSTRUCTION SET REFERENCE

FUCOM/FUCOMP/FUCOMPPUnordered Compare Real

Opcode DD E0+i DD E1 DD E8+i DD E9 DA E9 Instruction FUCOM ST(i) FUCOM FUCOMP ST(i) FUCOMP FUCOMPP Description Compare ST(0) with ST(i) Compare ST(0) with ST(1) Compare ST(0) with ST(i) and pop register stack Compare ST(0) with ST(1) and pop register stack Compare ST(0) with ST(1) and pop register stack twice

Description These instructions perform an unordered comparison of the contents of register ST(0) and ST(i) and sets condition code flags C0, C2, and C3 in the FPU status word according to the results (refer to the table below). If no operand is specified, the contents of registers ST(0) and ST(1) are compared. The sign of zero is ignored, so that 0.0 = +0.0.
Comparison Results ST0 > ST(i) ST0 < ST(i) ST0 = ST(i) Unordered NOTE: * Flags not set if unmasked invalid-arithmetic-operand (#IA) exception is generated. C3 0 0 1 1 C2 0 0 0 1 C0 0 1 0 1

An unordered comparison checks the class of the numbers being compared (refer to FXAMExamine in this chapter). The FUCOM instructions perform the same operations as the FCOM instructions. The only difference is that the FUCOM instructions raise the invalidarithmetic-operand exception (#IA) only when either or both operands are an sNaN or are in an unsupported format; qNaNs cause the condition code flags to be set to unordered, but do not cause an exception to be generated. The FCOM instructions raise an invalid operation exception when either or both of the operands are a NaN value of any kind or are in an unsupported format. As with the FCOM instructions, if the operation results in an invalid-arithmetic-operand exception being raised, the condition code flags are set only if the exception is masked. The FUCOMP instruction pops the register stack following the comparison operation and the FUCOMPP instruction pops the register stack twice following the comparison operation. To pop the register stack, the processor marks the ST(0) register as empty and increments the stack pointer (TOP) by 1.

3-267

INSTRUCTION SET REFERENCE

FUCOM/FUCOMP/FUCOMPPUnordered Compare Real (Continued)

Operation
CASE (relation of operands) OF ST > SRC: C3, C2, C0 000; ST < SRC: C3, C2, C0 001; ST = SRC: C3, C2, C0 100; ESAC; IF ST(0) or SRC = QNaN, but not SNaN or unsupported format THEN C3, C2, C0 111; ELSE (* ST(0) or SRC is SNaN or unsupported format *) #IA; IF FPUControlWord.IM = 1 THEN C3, C2, C0 111; FI; FI; IF instruction = FUCOMP THEN PopRegisterStack; FI; IF instruction = FUCOMPP THEN PopRegisterStack; PopRegisterStack; FI;

FPU Flags Affected C1 C0, C2, C3 Set to 0 if stack underflow occurred. Refer to table on previous page.

Floating-Point Exceptions #IS #IA Stack underflow occurred. One or both operands are sNaN values or have unsupported formats. Detection of a qNaN value in and of itself does not raise an invalidoperand exception. One or both operands are denormal values.

3-268

INSTRUCTION SET REFERENCE

FUCOM/FUCOMP/FUCOMPPUnordered Compare Real (Continued)

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-269

INSTRUCTION SET REFERENCE

FWAITWait
Refer to entry for WAIT/FWAITWait.

3-270

INSTRUCTION SET REFERENCE

FXAMExamine
Opcode D9 E5 Instruction FXAM Description Classify value or number in ST(0)

Description This instruction examines the contents of the ST(0) register and sets the condition code flags C0, C2, and C3 in the FPU status word to indicate the class of value or number in the register (refer to the table below).
.

Class Unsupported NaN Normal finite number Infinity Zero Empty Denormal number

C3 0 0 0 0 1 1 1

C2 0 0 1 1 0 0 1

C0 0 1 0 1 0 1 0

The C1 flag is set to the sign of the value in ST(0), regardless of whether the register is empty or full. Operation
C1 sign bit of ST; (* 0 for positive, 1 for negative *) CASE (class of value or number in ST(0)) OF Unsupported:C3, C2, C0 000; NaN: C3, C2, C0 001; Normal: C3, C2, C0 010; Infinity: C3, C2, C0 011; Zero: C3, C2, C0 100; Empty: C3, C2, C0 101; Denormal: C3, C2, C0 110; ESAC;

FPU Flags Affected C1 C0, C2, C3 Sign of value in ST(0). Refer to table above.

3-271

INSTRUCTION SET REFERENCE

FXAMExamine (Continued)
Floating-Point Exceptions None. Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-272

INSTRUCTION SET REFERENCE

FXCHExchange Register Contents

Opcode D9 C8+i D9 C9 Instruction FXCH ST(i) FXCH Description Exchange the contents of ST(0) and ST(i) Exchange the contents of ST(0) and ST(1)

Description This instruction exchanges the contents of registers ST(0) and ST(i). If no source operand is specified, the contents of ST(0) and ST(1) are exchanged. This instruction provides a simple means of moving values in the FPU register stack to the top of the stack [ST(0)], so that they can be operated on by those floating-point instructions that can only operate on values in ST(0). For example, the following instruction sequence takes the square root of the third register from the top of the register stack:
FXCH ST(3); FSQRT; FXCH ST(3);

Operation
IF number-of-operands is 1 THEN temp ST(0); ST(0) SRC; SRC temp; ELSE temp ST(0); ST(0) ST(1); ST(1) temp;

FPU Flags Affected C1 C0, C2, C3 Set to 0 if stack underflow occurred; otherwise, cleared to 0. Undefined.

Floating-Point Exceptions #IS Stack underflow occurred.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

3-273

INSTRUCTION SET REFERENCE

FXCHExchange Register Contents (Continued)

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-274

INSTRUCTION SET REFERENCE

FXRSTORRestore FP and MMX State and Streaming SIMD Extension State

Opcode 0F,AE,/1 Instruction FXRSTOR m512byte Description Load FP and MMX technology and Streaming SIMD Extension state from m512byte.

Description The FXRSTOR instruction reloads the FP and MMX technology state, and the Streaming SIMD Extension state (environment and registers), from the memory area defined by m512byte. This data should have been written by a previous FXSAVE. The floating-point, MMX technology, and Streaming SIMD Extension environment and registers consist of the following data structure (little-endian byte order as arranged in memory, with byte offset into row described by right column):

3-275

INSTRUCTION SET REFERENCE

FXRSTORRestore FP And MMX State and Streaming SIMD Extension State (Continued)
15 14 13
CS Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved XMM0 XMM1 XMM2 XMM3 XMM4 XMM5 XMM6 XMM7 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved

11 10
IP

6
FOP

5
DS

4
FTW

2
DP

1
FCW

0
0 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496

Rsrvd

FSW

Reserved

MXCSR

Rsrvd

ST0/MM0 ST1/MM1 ST2/MM2 ST3/MM3 ST4/MM4 ST5/MM5 ST6/MM6 ST7/MM7

3-276

INSTRUCTION SET REFERENCE

FXRSTORRestore FP And MMX State And Streaming SIMD Extension State (Continued)
Three fields in the floating-point save area contain reserved bits that are not indicated in the table: FOP IP & DP The lower 11-bits contain the opcode, upper 5-bits are reserved. 32-bit mode: 32-bit IP-offset. 16-bit mode: lower 16 bits are IP-offset and upper 16 bits are reserved. If the MXCSR state contains an unmasked exception with a corresponding status flag also set, loading it will not result in a floating-point error condition being asserted. Only the next occurrence of this unmasked exception will result in the error condition being asserted. Some bits of MXCSR (bits 31-16 and bit 6) are defined as reserved and cleared; attempting to write a non-zero value to these bits will result in a general protection exception. FXRSTOR does not flush pending x87-FP exceptions, unlike FRSTOR. To check and raise exceptions when loading a new operating environment, use FWAIT after FXRSTOR. The Streaming SIMD Extension fields in the save image (XMM0-XMM7 and MXCSR) will not be loaded into the processor if the CR4.OSFXSR bit is not set. This CR4 bit must be set in order to enable execution of Streaming SIMD Extension. Operation
FP and MMX technology state and Streaming SIMD Extension state = m512byte;

Exceptions #AC If exception detection is disabled, a general protection exception is signaled if the address is not aligned on 16-byte boundary. Note that if #AC is enabled (and CPL is 3), signaling of #AC is not guaranteed and may vary with implementation. In all implementations where #AC is not signaled, a general protection fault will instead be signaled. In addition, the width of the alignment check when #AC is enabled may also vary with implementation; for instance, for a given implementation, #AC might be signaled for a 2-byte misalignment, whereas #GP might be signaled for all other misalignments (4-/8-/16-byte). Invalid opcode exception if instruction is preceded by a LOCK override prefix. General protection fault if reserved bits of MXCSR are loaded with non-zero values.

Numeric Exceptions None.

3-277

INSTRUCTION SET REFERENCE

FXRSTORRestore FP And MMX State And Streaming SIMD Extension State (Continued)
Protected Mode Exceptions #GP(0) For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments, or if an attempt is made to load non-zero values to reserved bits in the MXCSR field. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3).

#SS(0) #PF (fault-code) #NM #NM #AC

Real Address Mode Exceptions Interrupt 13 #NM #NM If any part of the operand would lie outside of the effective address space from 0 to 0FFFFH. If CR0.EM = 1. If TS bit in CR0 is set.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) Comments State saved with FXSAVE and restored with FRSTOR, and state saved with FSAVE and restored with FXRSTOR, will result in incorrect restoration of state in the processor. The address size prefix will have the usual effect on address calculation, but will have no effect on the format of the FXRSTOR image. The use of Repeat (F2H, F3H) and Operand-size (66H) prefixes with FXRSTOR is reserved. Different processor implementations may handle these prefixes differently. Usage of these prefixes with FXRSTOR risks incompatibility with future processors. For unaligned memory reference if the current privilege level is 3. For a page fault.

3-278

INSTRUCTION SET REFERENCE

FXSAVEStore FP and MMX State and Streaming SIMD Extension State

Opcode 0F,AE,/0 Instruction FXSAVE m512byte Description Store FP and MMX technology state and Streaming SIMD Extension state to m512byte.

Description The FXSAVE instruction writes the current FP and MMX technology state, and Streaming SIMD Extension state (environment and registers), to the specified destination defined by m512byte. It does this without checking for pending unmasked floating-point exceptions (similar to the operation of FNSAVE). Unlike the FSAVE/FNSAVE instructions, the processor retains the contents of the FP and MMX technology state and Streaming SIMD Extension state in the processor after the state has been saved. This instruction has been optimized to maximize floating-point save performance. The save data structure is as follows (little-endian byte order as arranged in memory, with byte offset into row described by right column):

3-279

INSTRUCTION SET REFERENCE

FXSAVEStore FP and MMX State And Streaming SIMD Extension State (Continued)
15 14 13
CS Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved XMM0 XMM1 XMM2 XMM3 XMM4 XMM5 XMM6 XMM7 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved

11 10
IP

6
FOP

5
DS

4
FTW

2
DP

1
FCW

0
0 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496

Rsrvd

FSW

Reserved

MXCSR

Rsrvd

ST0/MM0 ST1/MM1 ST2/MM2 ST3/MM3 ST4/MM4 ST5/MM5 ST6/MM6 ST7/MM7

3-280

INSTRUCTION SET REFERENCE

FXSAVEStore FP and MMX State And Streaming SIMD Extension State (Continued)
Three fields in the floating-point save area contain reserved bits that are not indicated in the table: FOP: IP & DP: The lower 11-bits contain the opcode, upper 5-bits are reserved. 32-bit mode: 32-bit IP-offset. 16-bit mode: lower 16 bits are IP-offset and upper 16 bits are reserved. The FXSAVE instruction is used when an operating system needs to perform a context switch or when an exception handler needs to use the floating-point, MMX technology, and Streaming SIMD Extension units. It cannot be used by an application program to pass a "clean" FP state to a procedure, since it retains the current state. An application must explicitly execute an FINIT instruction after FXSAVE to provide for this functionality. All of the x87-FP fields retain the same internal format as in FSAVE except for FTW. Unlike FSAVE, FXSAVE saves only the FTW valid bits rather than the entire x87-FP FTW field. The FTW bits are saved in a non-TOS relative order, which means that FR0 is always saved first, followed by FR1, FR2 and so forth. As an example, if TOS=4 and only ST0, ST1 and ST2 are valid, FSAVE saves the FTW field in the following format: ST3 FR7 11 ST2 FR6 xx ST1 FR5 xx ST0 FR4 xx ST7 FR3 11 ST6 FR2 11 ST5 FR1 11 ST4 (TOS=4) FR0 11

where xx is one of (00, 01, 10). (11) indicates an empty stack elements, and the 00, 01, and 10 indicate Valid, Zero, and Special, respectively. In this example, FXSAVE would save the following vector: FR7 0 FRits6 FR5 1 1 FR4 1 FR3 0 FR2 0 FR1 0 FR0 0

3-281

INSTRUCTION SET REFERENCE

FXSAVEStore FP and MMX State And Streaming SIMD Extension State (Continued)
The FSAVE format for FTW can be recreated from the FTW valid bits and the stored 80-bit FP data (assuming the stored data was not the contents of MMX technology registers) using the following table:
Exponent all 1s 0 0 0 0 0 0 0 0 1 1 1 1 Exponent all 0s 0 0 0 0 1 1 1 1 0 0 0 0 Fraction all 0s 0 0 1 1 0 0 1 1 0 0 1 1 J and M bits 0x 1x 00 10 0x 1x 00 10 1x 1x 00 10 FTW valid bit 1 1 1 1 1 1 1 1 1 1 1 1 0 x87 FTW Special Valid Special Valid Special Special Zero Special Special Special Special Special Empty 10 00 10 00 10 10 01 10 10 10 10 10 11

For all legal combinations above

The J-bit is defined to be the 1-bit binary integer to the left of the decimal place in the significand. The M-bit is defined to be the most significant bit of the fractional portion of the significand (i.e., the bit immediately to the right of the decimal place). When the M- bit is the most significant bit of the fractional portion of the significand, it must be 0 if the fraction is all 0s. If the FXSAVE instruction is immediately preceded by an FP instruction which does not use a memory operand, then the FXSAVE instruction does not write/update the DP field, in the FXSAVE image. MXCSR holds the contents of the SIMD floating-point Control/Status Register. Refer to the LDMXCSR instruction for a full description of this field. The fields XMM0-XMM7 contain the content of registers XMM0-XMM7 in exactly the same format as they exist in the registers.

3-282

INSTRUCTION SET REFERENCE

FXSAVEStore FP and MMX State And Streaming SIMD Extension State (Continued)
The Streaming SIMD Extension fields in the save image (XMM0-XMM7 and MXCSR) may not be loaded into the processor if the CR4.OSFXSR bit is not set. This CR4 bit must be set in order to enable execution of Streaming SIMD Extensions. The destination m512byte is assumed to be aligned on a 16-byte boundary. If m512byte is not aligned on a 16-byte boundary, FXSAVE generates a general protection exception. Operation
m512byte = FP and MMX technology state and Streaming SIMD Extension state;

Numeric Exceptions Invalid, Precision. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #NM #NM #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3).

3-283

INSTRUCTION SET REFERENCE

FXSAVEStore FP and MMX State And Streaming SIMD Extension State (Continued)
Real Address Mode Exceptions Interrupt 13 #NM #NM If any part of the operand would lie outside of the effective address space from 0 to 0FFFFH. If CR0.EM = 1. If TS bit in CR0 is set.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) Comments State saved with FXSAVE and restored with FRSTOR, and state saved with FSAVE and restored with FXRSTOR, will result in incorrect restoration of state in the processor. The address size prefix will have the usual effect on address calculation, but will have no effect on the format of the FXSAVE image. The use of Repeat (F2H, F3H) and Operand-size (66H) prefixes with FXSAVE is reserved. Different processor implementations may handle these prefixes differently. Usage of these prefixes with FXSAVE risks incompatibility with future processors. For unaligned memory reference if the current privilege level is 3. For a page fault.

3-284

INSTRUCTION SET REFERENCE

FXTRACTExtract Exponent and Significand

Opcode D9 F4 Instruction FXTRACT Description Separate value in ST(0) into exponent and significand, store exponent in ST(0), and push the significand onto the register stack.

Description This instruction separates the source value in the ST(0) register into its exponent and significand, stores the exponent in ST(0), and pushes the significand onto the register stack. Following this operation, the new top-of-stack register ST(0) contains the value of the original significand expressed as a real number. The sign and significand of this value are the same as those found in the source operand, and the exponent is 3FFFH (biased value for a true exponent of zero). The ST(1) register contains the value of the original operands true (unbiased) exponent expressed as a real number. (The operation performed by this instruction is a superset of the IEEE-recommended logb(x) function.) This instruction and the F2XM1 instruction are useful for performing power and range scaling operations. The FXTRACT instruction is also useful for converting numbers in extended-real format to decimal representations (e.g., for printing or displaying). If the floating-point zero-divide exception (#Z) is masked and the source operand is zero, an exponent value of is stored in register ST(1) and 0 with the sign of the source operand is stored in register ST(0). Operation
TEMP Significand(ST(0)); ST(0) Exponent(ST(0)); TOP TOP 1; ST(0) TEMP;

FPU Flags Affected C1 C0, C2, C3 Set to 0 if stack underflow occurred; set to 1 if stack overflow occurred. Undefined.

Floating-Point Exceptions #IS Stack underflow occurred. Stack overflow occurred. #IA #Z #D Source operand is an sNaN value or unsupported format. ST(0) operand is 0. Source operand is a denormal value.

3-285

INSTRUCTION SET REFERENCE

FXTRACTExtract Exponent and Significand (Continued)

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-286

INSTRUCTION SET REFERENCE

FYL2XCompute y log2x
Opcode D9 F1 Instruction FYL2X Description Replace ST(1) with (ST(1) log2ST(0)) and pop the register stack

Description This instruction calculates (ST(1) log2 (ST(0))), stores the result in resister ST(1), and pops the FPU register stack. The source operand in ST(0) must be a non-zero positive number. The following table shows the results obtained when taking the log of various classes of numbers, assuming that neither overflow nor underflow occurs.
ST(0) ST(1) F 0 +0 +F + NaN NOTES: F Means finite-real number. * Indicates floating-point invalid operation (#IA) exception. ** Indicates floating-point zero-divide (#Z) exception. * * * * * * NaN F * * * * * * NaN 0 + ** * * ** NaN +0 < +F < +1 + +F +0 0 F NaN +1 * 0 0 +0 +0 NaN +F > +1 F 0 +0 +F + NaN + * * + + NaN NaN NaN NaN NaN NaN NaN NaN NaN

If the divide-by-zero exception is masked and register ST(0) contains 0, the instruction returns with a sign that is the opposite of the sign of the source operand in register ST(1). The FYL2X instruction is designed with a built-in multiplication to optimize the calculation of logarithms with an arbitrary positive base (b):
logbx = (log2b)1 log2x

Operation
ST(1) ST(1) log2ST(0); PopRegisterStack;

3-287

INSTRUCTION SET REFERENCE

FYL2XCompute y log2x (Continued)

FPU Flags Affected C1 Set to 0 if stack underflow occurred. Indicates rounding direction if the inexact result exception (#P) is generated: 0 = not roundup; 1 = roundup. C0, C2, C3 Undefined.

Floating-Point Exceptions #IS #IA Stack underflow occurred. Either operand is an sNaN or unsupported format. Source operand in register ST(0) is a negative finite value (not 0). #Z #D #U #O #P Source operand in register ST(0) is 0. Source operand is a denormal value. Result is too small for destination format. Result is too large for destination format. Value cannot be represented exactly in destination format.

Protected Mode Exceptions #NM EM or TS in CR0 is set.

Real-Address Mode Exceptions #NM EM or TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM EM or TS in CR0 is set.

3-288

Flags Affected None. Protected Mode Exceptions #GP(0) If the current privilege level is not 0.

Real-Address Mode Exceptions None. Virtual-8086 Mode Exceptions #GP(0) If the current privilege level is not 0.

3-291

INSTRUCTION SET REFERENCE

IDIVSigned Divide
Opcode F6 /7 Instruction IDIV r/m8 Description Signed divide AX (where AH must contain signextension of AL) by r/m byte. (Results: AL=Quotient, AH=Remainder) Signed divide DX:AX (where DX must contain signextension of AX) by r/m word. (Results: AX=Quotient, DX=Remainder) Signed divide EDX:EAX (where EDX must contain sign-extension of EAX) by r/m doubleword. (Results: EAX=Quotient, EDX=Remainder)

F7 /7

IDIV r/m16

F7 /7

IDIV r/m32

INInput from Port

Opcode E4 ib E5 ib E5 ib EC ED ED Instruction IN AL,imm8 IN AX,imm8 IN EAX,imm8 IN AL,DX IN AX,DX IN EAX,DX Description Input byte from imm8 I/O port address into AL Input byte from imm8 I/O port address into AX Input byte from imm8 I/O port address into EAX Input byte from I/O port in DX into AL Input word from I/O port in DX into AX Input doubleword from I/O port in DX into EAX

Description This instruction copies the value from the I/O port specified with the second operand (source operand) to the destination operand (first operand). The source operand can be a byte-immediate or the DX register; the destination operand can be register AL, AX, or EAX, depending on the size of the port being accessed (8, 16, or 32 bits, respectively). Using the DX register as a source operand allows I/O port addresses from 0 to 65,535 to be accessed; using a byte immediate allows I/O port addresses 0 to 255 to be accessed. When accessing an 8-bit I/O port, the opcode determines the port size; when accessing a 16- and 32-bit I/O port, the operand-size attribute determines the port size. At the machine code level, I/O instructions are shorter when accessing 8-bit I/O ports. Here, the upper eight bits of the port address will be 0. This instruction is only useful for accessing I/O ports located in the processors I/O address space. Refer to Chapter 10, Input/Output of the Intel Architecture Software Developers Manual, Volume 1, for more information on accessing I/O ports in the I/O address space. Operation
IF ((PE = 1) AND ((CPL > IOPL) OR (VM = 1))) THEN (* Protected mode with CPL > IOPL or virtual-8086 mode *) IF (Any I/O Permission Bit for I/O port being accessed = 1) THEN (* I/O operation is not allowed *) #GP(0); ELSE ( * I/O operation is allowed *) DEST SRC; (* Reads from selected I/O port *) FI; ELSE (Real Mode or Protected Mode with CPL IOPL *) DEST SRC; (* Reads from selected I/O port *) FI;

Flags Affected None.

3-299

INSTRUCTION SET REFERENCE

INInput from Port (Continued)

Real-Address Mode Exceptions None. Virtual-8086 Mode Exceptions #GP(0) If any of the I/O permission bits in the TSS for the I/O port being accessed is 1.

3-300

INSTRUCTION SET REFERENCE

INCIncrement by 1
Opcode FE /0 FF /0 FF /0 40+ rw 40+ rd Instruction INC r/m8 INC r/m16 INC r/m32 INC r16 INC r32 Description Increment r/m byte by 1 Increment r/m word by 1 Increment r/m doubleword by 1 Increment word register by 1 Increment doubleword register by 1

Description This instruction adds one to the destination operand, while preserving the state of the CF flag. The destination operand can be a register or a memory location. This instruction allows a loop counter to be updated without disturbing the CF flag. (Use a ADD instruction with an immediate operand of 1 to perform an increment operation that does updates the CF flag.) Operation
DEST DEST +1;

Flags Affected The CF flag is not affected. The OF, SF, ZF, AF, and PF flags are set according to the result. Protected Mode Exceptions #GP(0) If the destination operand is located in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a null segment selector. #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-301

3-304

INSTRUCTION SET REFERENCE

INS/INSB/INSW/INSDInput from Port to String (Continued)

Protected Mode Exceptions #GP(0) If the CPL is greater than (has less privilege) the I/O privilege level (IOPL) and any of the corresponding I/O permission bits in TSS for the I/O port being accessed is 1. If the destination is located in a nonwritable segment. If an illegal memory operand effective address in the ES segments is given. #PF(fault-code) #AC(0) If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

Virtual-8086 Mode Exceptions #GP(0) #PF(fault-code) #AC(0) If any of the I/O permission bits in the TSS for the I/O port being accessed is 1. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made.

3-305

INSTRUCTION SET REFERENCE

INT n/INTO/INT 3Call to Interrupt Procedure

Opcode CC CD CE Instruction INT 3 INT imm8 INTO Description Interrupt 3trap to debugger Interrupt vector number specified by immediate byte Interrupt 4if overflow flag is 1

Description The INT n instruction generates a call to the interrupt or exception handler specified with the destination operand. For more information, refer to Section 4.4., Interrupts and Exceptions in Chapter 4, Procedure Calls, Interrupts, and Exceptions of the Intel Architecture Software Developers Manual, Volume 1. The destination operand specifies an interrupt vector number from 0 to 255, encoded as an 8-bit unsigned intermediate value. Each interrupt vector number provides an index to a gate descriptor in the IDT. The first 32 interrupt vector numbers are reserved by Intel for system use. Some of these interrupts are used for internally generated exceptions. The INT n instruction is the general mnemonic for executing a software-generated call to an interrupt handler. The INTO instruction is a special mnemonic for calling overflow exception (#OF), interrupt vector number 4. The overflow interrupt checks the OF flag in the EFLAGS register and calls the overflow interrupt handler if the OF flag is set to 1. The INT 3 instruction generates a special one byte opcode (CC) that is intended for calling the debug exception handler. (This one byte form is valuable because it can be used to replace the first byte of any instruction with a breakpoint, including other one byte instructions, without over-writing other code). To further support its function as a debug breakpoint, the interrupt generated with the CC opcode also differs from the regular software interrupts as follows:

Interrupt redirection does not happen when in VME mode; the interrupt is handled by a protected-mode handler. The virtual-8086 mode IOPL checks do not occur. The interrupt is taken without faulting at any IOPL level.

Note that the normal 2-byte opcode for INT 3 (CD03) does not have these special features. Intel and Microsoft assemblers will not generate the CD03 opcode from any mnemonic, but this opcode can be created by direct numeric code definition or by self-modifying code. The action of the INT n instruction (including the INTO and INT 3 instructions) is similar to that of a far call made with the CALL instruction. The primary difference is that with the INT n instruction, the EFLAGS register is pushed onto the stack before the return address. (The return address is a far address consisting of the current values of the CS and EIP registers.) Returns from interrupt procedures are handled with the IRET instruction, which pops the EFLAGS information and return address from the stack.

3-306

INSTRUCTION SET REFERENCE

INT n/INTO/INT 3Call to Interrupt Procedure (Continued)

The interrupt vector number specifies an interrupt descriptor in the interrupt descriptor table (IDT); that is, it provides index into the IDT. The selected interrupt descriptor in turn contains a pointer to an interrupt or exception handler procedure. In protected mode, the IDT contains an array of 8-byte descriptors, each of which is an interrupt gate, trap gate, or task gate. In realaddress mode, the IDT is an array of 4-byte far pointers (2-byte code segment selector and a 2-byte instruction pointer), each of which point directly to a procedure in the selected segment. (Note that in real-address mode, the IDT is called the interrupt vector table, and its pointers are called interrupt vectors.) The following decision table indicates which action in the lower portion of the table is taken given the conditions in the upper portion of the table. Each Y in the lower section of the decision table represents a procedure defined in the Operation section for this instruction (except #GP).
PE VM IOPL DPL/CPL RELATIONSHIP INTERRUPT TYPE GATE TYPE REAL-ADDRESSMODE PROTECTED-MODE TRAP-ORINTERRUPT-GATE INTER-PRIVILEGELEVEL-INTERRUPT INTRA-PRIVILEGELEVEL-INTERRUPT INTERRUPT-FROMVIRTUAL-8086MODE TASK-GATE #GP NOTES: Y Blank Dont Care. Yes, Action Taken. Action Not Taken. Y Y Y Y Y Y 0 1 DPL< CPL S/W 1 1 DPL> CPL Trap or Interrupt 1 DPL= CPL or C Trap or Interrupt 1 0 DPL< CPL & NC Trap or Interrupt 1 1 <3 1 1 =3

Task

Trap or Interrupt

Y Y

Y Y Y

INT n/INTO/INT 3Call to Interrupt Procedure (Continued)

Protected Mode Exceptions #GP(0) #GP(selector) If the instruction pointer in the IDT or in the interrupt-, trap-, or task gate is beyond the code segment limits. If the segment selector in the interrupt-, trap-, or task gate is null. If a interrupt-, trap-, or task gate, code segment, or TSS segment selector index is outside its descriptor table limits. If the interrupt vector number is outside the IDT limits. If an IDT descriptor is not an interrupt-, trap-, or task-descriptor. If an interrupt is generated by the INT n, INT 3, or INTO instruction and the DPL of an interrupt-, trap-, or task-descriptor is less than the CPL. If the segment selector in an interrupt- or trap-gate does not point to a segment descriptor for a code segment. If the segment selector for a TSS has its local/global bit set for local. If a TSS segment descriptor specifies that the TSS is busy or not available. #SS(0) #SS(selector) If pushing the return address, flags, or error code onto the stack exceeds the bounds of the stack segment and no stack switch occurs. If the SS register is being loaded and the segment pointed to is marked not present. If pushing the return address, flags, error code, or stack segment pointer exceeds the bounds of the new stack segment when a stack switch occurs. #NP(selector) #TS(selector) If code segment, interrupt-, trap-, or task gate, or TSS is not present. If the RPL of the stack segment selector in the TSS is not equal to the DPL of the code segment being accessed by the interrupt or trap gate. If DPL of the stack segment descriptor pointed to by the stack segment selector in the TSS is not equal to the DPL of the code segment descriptor for the interrupt or trap gate. If the stack segment selector in the TSS is null. If the stack segment for the TSS is not a writable data segment. If segment-selector index for stack segment is outside descriptor table limits. #PF(fault-code) If a page fault occurs.

3-315

INSTRUCTION SET REFERENCE

INT n/INTO/INT 3Call to Interrupt Procedure (Continued)

Real-Address Mode Exceptions #GP If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the interrupt vector number is outside the IDT limits. #SS If stack limit violation on push. If pushing the return address, flags, or error code onto the stack exceeds the bounds of the stack segment.

3-316

INSTRUCTION SET REFERENCE

INT n/INTO/INT 3Call to Interrupt Procedure (Continued)

Virtual-8086 Mode Exceptions #GP(0) (For INT n, INTO, or BOUND instruction) If the IOPL is less than 3 or the DPL of the interrupt-, trap-, or task-gate descriptor is not equal to 3. If the instruction pointer in the IDT or in the interrupt-, trap-, or task gate is beyond the code segment limits. #GP(selector) If the segment selector in the interrupt-, trap-, or task gate is null. If a interrupt-, trap-, or task gate, code segment, or TSS segment selector index is outside its descriptor table limits. If the interrupt vector number is outside the IDT limits. If an IDT descriptor is not an interrupt-, trap-, or task-descriptor. If an interrupt is generated by the INT n instruction and the DPL of an interrupt-, trap-, or task-descriptor is less than the CPL. If the segment selector in an interrupt- or trap-gate does not point to a segment descriptor for a code segment. If the segment selector for a TSS has its local/global bit set for local. #SS(selector) If the SS register is being loaded and the segment pointed to is marked not present. If pushing the return address, flags, error code, stack segment pointer, or data segments exceeds the bounds of the stack segment. #NP(selector) #TS(selector) If code segment, interrupt-, trap-, or task gate, or TSS is not present. If the RPL of the stack segment selector in the TSS is not equal to the DPL of the code segment being accessed by the interrupt or trap gate. If DPL of the stack segment descriptor for the TSSs stack segment is not equal to the DPL of the code segment descriptor for the interrupt or trap gate. If the stack segment selector in the TSS is null. If the stack segment for the TSS is not a writable data segment. If segment-selector index for stack segment is outside descriptor table limits. #PF(fault-code) #BP #OF If a page fault occurs. If the INT 3 instruction is executed. If the INTO instruction is executed and the OF flag is set.

3-317

INSTRUCTION SET REFERENCE

INVDInvalidate Internal Caches

Opcode 0F 08 Instruction INVD Description Flush internal caches; initiate flushing of external caches.

Description This instruction invalidates (flushes) the processors internal caches and issues a special-function bus cycle that directs external caches to also flush themselves. Data held in internal caches is not written back to main memory. After executing this instruction, the processor does not wait for the external caches to complete their flushing operation before proceeding with instruction execution. It is the responsibility of hardware to respond to the cache flush signal. The INVD instruction is a privileged instruction. When the processor is running in protected mode, the CPL of a program or procedure must be 0 to execute this instruction. Use this instruction with care. Data cached internally and not written back to main memory will be lost. Unless there is a specific requirement or benefit to flushing caches without writing back modified cache lines (for example, testing or fault recovery where cache coherency with main memory is not a concern), software should use the WBINVD instruction. Intel Architecture Compatibility The INVD instruction is implementation dependent, and its function may be implemented differently on future Intel Architecture processors. This instruction is not supported on Intel Architecture processors earlier than the Intel486 processor. Operation
Flush(InternalCaches); SignalFlush(ExternalCaches); Continue (* Continue execution);

Flags Affected None. Protected Mode Exceptions #GP(0) If the current privilege level is not 0.

3-318

INSTRUCTION SET REFERENCE

INVDInvalidate Internal Caches (Continued)

Real-Address Mode Exceptions None. Virtual-8086 Mode Exceptions #GP(0) The INVD instruction cannot be executed in virtual-8086 mode.

3-319

INSTRUCTION SET REFERENCE

INVLPGInvalidate TLB Entry

Opcode 0F 01/7 Instruction INVLPG m Description Invalidate TLB Entry for page that contains m

Description This instruction invalidates (flushes) the translation lookaside buffer (TLB) entry specified with the source operand. The source operand is a memory address. The processor determines the page that contains that address and flushes the TLB entry for that page. The INVLPG instruction is a privileged instruction. When the processor is running in protected mode, the CPL of a program or procedure must be 0 to execute this instruction. The INVLPG instruction normally flushes the TLB entry only for the specified page; however, in some cases, it flushes the entire TLB. Refer to MOVMove to/from Control Registers in this chapter for further information on operations that flush the TLB. Intel Architecture Compatibility The INVLPG instruction is implementation dependent, and its function may be implemented differently on future Intel Architecture processors. This instruction is not supported on Intel Architecture processors earlier than the Intel486 processor. Operation
Flush(RelevantTLBEntries); Continue (* Continue execution);

Flags Affected None. Protected Mode Exceptions #GP(0) #UD If the current privilege level is not 0. Operand is a register.

Real-Address Mode Exceptions #UD Operand is a register.

Virtual-8086 Mode Exceptions #GP(0) The INVLPG instruction cannot be executed at the virtual-8086 mode.

3-320

INSTRUCTION SET REFERENCE

IRET/IRETDInterrupt Return
Opcode CF CF Instruction IRET IRETD Description Interrupt return (16-bit operand size) Interrupt return (32-bit operand size)

Description These instructions return program control from an exception or interrupt handler to a program or procedure that was interrupted by an exception, an external interrupt, or a software-generated interrupt. These instructions are also used to perform a return from a nested task. (A nested task is created when a CALL instruction is used to initiate a task switch or when an interrupt or exception causes a task switch to an interrupt or exception handler.) Refer to Section 6.4., Task Linking in Chapter 6, Task Management of the Intel Architecture Software Developers Manual, Volume 3. IRET and IRETD are mnemonics for the same opcode. The IRETD mnemonic (interrupt return double) is intended for use when returning from an interrupt when using the 32-bit operand size; however, most assemblers use the IRET mnemonic interchangeably for both operand sizes. In Real-Address Mode, the IRET instruction preforms a far return to the interrupted program or procedure. During this operation, the processor pops the return instruction pointer, return code segment selector, and EFLAGS image from the stack to the EIP, CS, and EFLAGS registers, respectively, and then resumes execution of the interrupted program or procedure. In Protected Mode, the action of the IRET instruction depends on the settings of the NT (nested task) and VM flags in the EFLAGS register and the VM flag in the EFLAGS image stored on the current stack. Depending on the setting of these flags, the processor performs the following types of interrupt returns:

Return from virtual-8086 mode. Return to virtual-8086 mode. Intra-privilege level return. Inter-privilege level return. Return from nested task (task switch).

IRET/IRETDInterrupt Return (Continued)

Protected Mode Exceptions #GP(0) If the return code or stack segment selector is null. If the return instruction pointer is not within the return code segment limit. #GP(selector) If a segment selector index is outside its descriptor table limits. If the return code segment selector RPL is greater than the CPL. If the DPL of a conforming-code segment is greater than the return code segment selector RPL. If the DPL for a nonconforming-code segment is not equal to the RPL of the code segment selector. If the stack segment descriptor DPL is not equal to the RPL of the return code segment selector. If the stack segment is not a writable data segment. If the stack segment selector RPL is not equal to the RPL of the return code segment selector. If the segment descriptor for a code segment does not indicate it is a code segment. If the segment selector for a TSS has its local/global bit set for local. If a TSS segment descriptor specifies that the TSS is busy or not available. #SS(0) #NP(selector) #PF(fault-code) #AC(0) If the top bytes of stack are not within stack limits. If the return code or stack segment is not present. If a page fault occurs. If an unaligned memory reference occurs when the CPL is 3 and alignment checking is enabled.

JccJump if Condition Is Met (Continued)

The target instruction is specified with a relative offset (a signed offset relative to the current value of the instruction pointer in the EIP register). A relative offset (rel8, rel16, or rel32) is generally specified as a label in assembly code, but at the machine code level, it is encoded as a signed, 8-bit or 32-bit immediate value, which is added to the instruction pointer. Instruction coding is most efficient for offsets of 128 to +127. If the operand-size attribute is 16, the upper two bytes of the EIP register are cleared to 0s, resulting in a maximum instruction pointer size of 16 bits. The conditions for each Jcc mnemonic are given in the Description column of the table on the preceding page. The terms less and greater are used for comparisons of signed integers and the terms above and below are used for unsigned integers. Because a particular state of the status flags can sometimes be interpreted in two ways, two mnemonics are defined for some opcodes. For example, the JA (jump if above) instruction and the JNBE (jump if not below or equal) instruction are alternate mnemonics for the opcode 77H. The Jcc instruction does not support far jumps (jumps to other code segments). When the target for the conditional jump is in a different segment, use the opposite condition from the condition being tested for the Jcc instruction, and then access the target with an unconditional far jump (JMP instruction) to the other segment. For example, the following conditional far jump is illegal:
JZ FARLABEL;

To accomplish this far jump, use the following two instructions:

INSTRUCTION SET REFERENCE

JMPJump (Continued)
Operation
IF near jump THEN IF near relative jump THEN tempEIP EIP + DEST; (* EIP is instruction following JMP instruction*) ELSE (* near absolute jump *) tempEIP DEST; FI; IF tempEIP is beyond code segment limit THEN #GP(0); FI; IF OperandSize = 32 THEN EIP tempEIP; ELSE (* OperandSize=16 *) EIP tempEIP AND 0000FFFFH; FI; FI: IF far jump AND (PE = 0 OR (PE = 1 AND VM = 1)) (* real-address or virtual-8086 mode *) THEN tempEIP DEST(offset); (* DEST is ptr16:32 or [m16:32] *) IF tempEIP is beyond code segment limit THEN #GP(0); FI; CS DEST(segment selector); (* DEST is ptr16:32 or [m16:32] *) IF OperandSize = 32 THEN EIP tempEIP; (* DEST is ptr16:32 or [m16:32] *) ELSE (* OperandSize = 16 *) EIP tempEIP AND 0000FFFFH; (* clear upper 16 bits *) FI; FI; IF far jump AND (PE = 1 AND VM = 0) (* Protected mode, not virtual-8086 mode *) THEN IF effective address in the CS, DS, ES, FS, GS, or SS segment is illegal OR segment selector in target operand null THEN #GP(0); FI; IF segment selector index not within descriptor table limits THEN #GP(new selector); FI; Read type and access rights of segment descriptor; IF segment type is not a conforming or nonconforming code segment, call gate, task gate, or TSS THEN #GP(segment selector); FI; Depending on type and access rights GO TO CONFORMING-CODE-SEGMENT; GO TO NONCONFORMING-CODE-SEGMENT;

3-336

INSTRUCTION SET REFERENCE

JMPJump (Continued)
GO TO CALL-GATE; GO TO TASK-GATE; GO TO TASK-STATE-SEGMENT; ELSE #GP(segment selector); FI; CONFORMING-CODE-SEGMENT: IF DPL > CPL THEN #GP(segment selector); FI; IF segment not present THEN #NP(segment selector); FI; tempEIP DEST(offset); IF OperandSize=16 THEN tempEIP tempEIP AND 0000FFFFH; FI; IF tempEIP not in code segment limit THEN #GP(0); FI; CS DEST(SegmentSelector); (* segment descriptor information also loaded *) CS(RPL) CPL EIP tempEIP; END; NONCONFORMING-CODE-SEGMENT: IF (RPL > CPL) OR (DPL CPL) THEN #GP(code segment selector); FI; IF segment not present THEN #NP(segment selector); FI; IF instruction pointer outside code segment limit THEN #GP(0); FI; tempEIP DEST(offset); IF OperandSize=16 THEN tempEIP tempEIP AND 0000FFFFH; FI; IF tempEIP not in code segment limit THEN #GP(0); FI; CS DEST(SegmentSelector); (* segment descriptor information also loaded *) CS(RPL) CPL EIP tempEIP; END; CALL-GATE: IF call gate DPL < CPL OR call gate DPL < call gate segment-selector RPL THEN #GP(call gate selector); FI; IF call gate not present THEN #NP(call gate selector); FI; IF call gate code-segment selector is null THEN #GP(0); FI; IF call gate code-segment selector index is outside descriptor table limits THEN #GP(code segment selector); FI; Read code segment descriptor;

3-337

INSTRUCTION SET REFERENCE

JMPJump (Continued)
IF code-segment segment descriptor does not indicate a code segment OR code-segment segment descriptor is conforming and DPL > CPL OR code-segment segment descriptor is non-conforming and DPL CPL THEN #GP(code segment selector); FI; IF code segment is not present THEN #NP(code-segment selector); FI; IF instruction pointer is not within code-segment limit THEN #GP(0); FI; tempEIP DEST(offset); IF GateSize=16 THEN tempEIP tempEIP AND 0000FFFFH; FI; IF tempEIP not in code segment limit THEN #GP(0); FI; CS DEST(SegmentSelector); (* segment descriptor information also loaded *) CS(RPL) CPL EIP tempEIP; END; TASK-GATE: IF task gate DPL < CPL OR task gate DPL < task gate segment-selector RPL THEN #GP(task gate selector); FI; IF task gate not present THEN #NP(gate selector); FI; Read the TSS segment selector in the task-gate descriptor; IF TSS segment selector local/global bit is set to local OR index not within GDT limits OR TSS descriptor specifies that the TSS is busy THEN #GP(TSS selector); FI; IF TSS not present THEN #NP(TSS selector); FI; SWITCH-TASKS to TSS; IF EIP not within code segment limit THEN #GP(0); FI; END; TASK-STATE-SEGMENT: IF TSS DPL < CPL OR TSS DPL < TSS segment-selector RPL OR TSS descriptor indicates TSS not available THEN #GP(TSS selector); FI; IF TSS is not present THEN #NP(TSS selector); FI; SWITCH-TASKS to TSS IF EIP not within code segment limit THEN #GP(0); FI; END;

Flags Affected All flags are affected if a task switch occurs; no flags are affected if a task switch does not occur.

3-338

3-341

INSTRUCTION SET REFERENCE

LARLoad Access Rights Byte

Opcode 0F 02 /r 0F 02 /r Instruction LAR r16,r/m16 LAR r32,r/m32 Description

r16 r/m16 masked by FF00H r32 r/m32 masked by 00FxFF00H

Description This instruction loads the access rights from the segment descriptor specified by the second operand (source operand) into the first operand (destination operand) and sets the ZF flag in the EFLAGS register. The source operand (which can be a register or a memory location) contains the segment selector for the segment descriptor being accessed. The destination operand is a general-purpose register. The processor performs access checks as part of the loading process. Once loaded in the destination register, software can perform additional checks on the access rights information. When the operand size is 32 bits, the access rights for a segment descriptor include the type and DPL fields and the S, P, AVL, D/B, and G flags, all of which are located in the second doubleword (bytes 4 through 7) of the segment descriptor. The doubleword is masked by 00FXFF00H before it is loaded into the destination operand. When the operand size is 16 bits, the access rights include the type and DPL fields. Here, the two lower-order bytes of the doubleword are masked by FF00H before being loaded into the destination operand. This instruction performs the following checks before it loads the access rights in the destination register:

LDMXCSRLoad Streaming SIMD Extension Control/Status

Opcode 0F,AE,/2 Instruction LDMXCSR m32 Description Load Streaming SIMD Extension control/status word from m32.

Description The MXCSR control/status register is used to enable masked/unmasked exception handling, to set rounding modes, to set flush-to-zero mode, and to view exception status flags. The following figure shows the format and encoding of the fields in MXCSR:
31-16 Rsvd 15 FZ RC RC PM UM 10 OM ZM DM IM Rsvd 5 PE UE OE ZE DE 0 IE

The default MXCSR value at reset is 0x1f80. Bits 5-0 indicate whether a Streaming SIMD Extension numerical exception has been detected. They are sticky flags, and can be cleared by using the LDMXCSR instruction to write zeroes to these fields. If an LDMXCSR instruction clears a mask bit and sets the corresponding exception flag bit, an exception will not be immediately generated. The exception will occur only upon the next Streaming SIMD Extension to cause this type of exception. Streaming SIMD Extension uses only one exception flag for each exception. There is no provision for individual exception reporting within a packed data type. In situations where multiple identical exceptions occur within the same instruction, the associated exception flag is updated and indicates that at least one of these conditions happened. These flags are cleared upon reset. Bits 12-7 configure numerical exception masking. An exception type is masked if the corresponding bit is set, and unmasked if the bit is clear. These enables are set upon reset, meaning that all numerical exceptions are masked. Bits 14-13 encode the rounding control, which provides for the common round to nearest mode, as well as directed rounding and true chop. Rounding control affects the arithmetic instructions and certain conversion instructions. The encoding for RC is as follows:

3-345

INSTRUCTION SET REFERENCE

LDMXCSRLoad Streaming SIMD Extension Control/Status (Continued)

Rounding Mode Round to nearest (even) RC Field 00B Description Rounded result is the closest to the infinitely precise result. If two values are equally close, the result is the even value (that is, the one with the least-significant bit of zero). Rounded result is close to but no greater than the infinitely precise result Rounded result is close to but no less than the infinitely precise result. Rounded result is close to but no greater in absolute value than the infinitely precise result.

Round down (to minus infinity) Round up (toward positive infinity) Round toward zero (truncate)

01B 10B 11B

The rounding control is set to round to nearest upon reset. Bit 15 (FZ) is used to turn on the Flush-To-Zero mode (bit is set). Turning on the Flush-To-Zero mode has the following effects during underflow situations:

zero results are returned with the sign of the true result precision and underflow exception flags are set

The IEEE mandated masked response to underflow is to deliver the denormalized result (i.e., gradual underflow); consequently, the flush-to-zero mode is not compatible with IEEE Std. 754. It is provided primarily for performance reasons. At the cost of a slight precision loss, faster execution can be achieved for applications where underflows are common. Unmasking the underflow exception takes precedence over Flush-To-Zero mode. This arrangement means that an exception handler will be invoked for a Streaming SIMD Extension that generates an underflow condition while this exception is unmasked, regardless of whether flush-to-zero is enabled. The other bits of MXCSR (bits 31-16 and bit 6) are defined as reserved and cleared; attempting to write a non-zero value to these bits, using either the FXRSTOR or LDMXCSR instructions, will result in a general protection exception. The linear address corresponds to the address of the least-significant byte of the referenced memory data. Operation
MXCSR = m32;

3-346

INSTRUCTION SET REFERENCE

LDMXCSRLoad Streaming SIMD Extension Control/Status (Continued)

C/C++ Compiler Intrinsic Equivalent
_mm_setcsr(unsigned int i)

Sets the control register to the value specified. Exceptions General protection fault if reserved bits are loaded with non-zero values. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. #AC for unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3). If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

#UD #UD

LDS/LES/LFS/LGS/LSSLoad Far Pointer (Continued)

Operation
IF Protected Mode THEN IF SS is loaded THEN IF SegementSelector = null THEN #GP(0); FI; ELSE IF Segment selector index is not within descriptor table limits OR Segment selector RPL CPL OR Access rights indicate nonwritable data segment OR DPL CPL THEN #GP(selector); FI; ELSE IF Segment marked not present THEN #SS(selector); FI; SS SegmentSelector(SRC); SS SegmentDescriptor([SRC]); ELSE IF DS, ES, FS, or GS is loaded with non-null segment selector THEN IF Segment selector index is not within descriptor table limits OR Access rights indicate segment neither data nor readable code segment OR (Segment is data or nonconforming-code segment AND both RPL and CPL > DPL) THEN #GP(selector); FI; ELSE IF Segment marked not present THEN #NP(selector); FI; SegmentRegister SegmentSelector(SRC) AND RPL; SegmentRegister SegmentDescriptor([SRC]); ELSE IF DS, ES, FS or GS is loaded with a null selector: SegmentRegister NullSelector; SegmentRegister(DescriptorValidBit) 0; (*hidden flag; not accessible by software*) FI; FI; IF (Real-Address or Virtual-8086 Mode) THEN SegmentRegister SegmentSelector(SRC); FI; DEST Offset(SRC);

3-350

Virtual-8086 Mode Exceptions #UD If source operand is not a memory location.

3-354

INSTRUCTION SET REFERENCE

LEAVEHigh Level Procedure Exit

Opcode C9 C9 Instruction LEAVE LEAVE Description Set SP to BP, then pop BP Set ESP to EBP, then pop EBP

Description This instruction releases the stack frame set up by an earlier ENTER instruction. The LEAVE instruction copies the frame pointer (in the EBP register) into the stack pointer register (ESP), which releases the stack space allocated to the stack frame. The old frame pointer (the frame pointer for the calling procedure that was saved by the ENTER instruction) is then popped from the stack into the EBP register, restoring the calling procedures stack frame. A RET instruction is commonly executed following a LEAVE instruction to return program control to the calling procedure. Refer to Section 4.5., Procedure Calls for Block-Structured Languages in Chapter 4, Procedure Calls, Interrupts, and Exceptions of the Intel Architecture Software Developers Manual, Volume 1, for detailed information on the use of the ENTER and LEAVE instructions. Operation
IF StackAddressSize = 32 THEN ESP EBP; ELSE (* StackAddressSize = 16*) SP BP; FI; IF OperandSize = 32 THEN EBP Pop(); ELSE (* OperandSize = 16*) BP Pop(); FI;

Flags Affected None.

3-355

INSTRUCTION SET REFERENCE

LEAVEHigh Level Procedure Exit (Continued)

Protected Mode Exceptions #SS(0) #PF(fault-code) #AC(0) If the EBP register points to a location that is not within the limits of the current stack segment. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP If the EBP register points to a location outside of the effective address space from 0 to 0FFFFH.

LGDT/LIDTLoad Global/Interrupt Descriptor Table Register (Continued)

Flags Affected None. Protected Mode Exceptions #UD #GP(0) If source operand is not a memory location. If the current privilege level is not 0. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a null segment selector. #SS(0) #PF(fault-code) If a memory operand effective address is outside the SS segment limit. If a page fault occurs.

Real-Address Mode Exceptions #UD #GP #SS If source operand is not a memory location. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

Virtual-8086 Mode Exceptions #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit.

3-360

INSTRUCTION SET REFERENCE

LGSLoad Full Pointer

INSTRUCTION SET REFERENCE

LMSWLoad Machine Status Word

Opcode 0F 01 /6 Instruction LMSW r/m16 Description Loads r/m16 in machine status word of CR0

Description This instruction loads the source operand into the machine status word, bits 0 through 15 of register CR0. The source operand can be a 16-bit general-purpose register or a memory location. Only the low-order four bits of the source operand (which contains the PE, MP, EM, and TS flags) are loaded into CR0. The PG, CD, NW, AM, WP, NE, and ET flags of CR0 are not affected. The operand-size attribute has no effect on this instruction. If the PE flag of the source operand (bit 0) is set to 1, the instruction causes the processor to switch to protected mode. While in protected mode, the LMSW instruction cannot be used clear the PE flag and force a switch back to real-address mode. The LMSW instruction is provided for use in operating-system software; it should not be used in application programs. In protected or virtual-8086 mode, it can only be executed at CPL 0. This instruction is provided for compatibility with the Intel 286 processor; programs and procedures intended to run on the P6 family, Intel486, and Intel386 processors should use the MOV (control registers) instruction to load the whole CR0 register. The MOV CR0 instruction can be used to set and clear the PE flag in CR0, allowing a procedure or program to switch between protected and real-address modes. This instruction is a serializing instruction. Operation
CR0[0:3] SRC[0:3];

Flags Affected None. Protected Mode Exceptions #GP(0) If the current privilege level is not 0. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a null segment selector. #SS(0) #PF(fault-code) If a memory operand effective address is outside the SS segment limit. If a page fault occurs.

3-365

INSTRUCTION SET REFERENCE

LMSWLoad Machine Status Word (Continued)

LOOP/LOOPccLoop According to ECX Counter (Continued)

Operation
IF AddressSize = 32 THEN Count is ECX; ELSE (* AddressSize = 16 *) Count is CX; FI; Count Count 1; IF instruction is not LOOP THEN IF (instruction = LOOPE) OR (instruction = LOOPZ) THEN IF (ZF =1) AND (Count 0) THEN BranchCond 1; ELSE BranchCond 0; FI; FI; IF (instruction = LOOPNE) OR (instruction = LOOPNZ) THEN IF (ZF =0 ) AND (Count 0) THEN BranchCond 1; ELSE BranchCond 0; FI; FI; ELSE (* instruction = LOOP *) IF (Count 0) THEN BranchCond 1; ELSE BranchCond 0; FI; FI; IF BranchCond = 1 THEN EIP EIP + SignExtend(DEST); IF OperandSize = 16 THEN EIP EIP AND 0000FFFFH; FI; ELSE Terminate loop and continue program execution at EIP; FI;

3-373

INSTRUCTION SET REFERENCE

LOOP/LOOPccLoop According to ECX Counter (Continued)

Flags Affected None. Protected Mode Exceptions #GP(0) If the offset jumped to is beyond the limits of the code segment.

Real-Address Mode Exceptions None. Virtual-8086 Mode Exceptions None.

3-374

INSTRUCTION SET REFERENCE

LSLLoad Segment Limit

Opcode 0F 03 /r 0F 03 /r Instruction LSL r16,r/m16 LSL r32,r/m32 Description Load: r16 segment limit, selector r/m16 Load: r32 segment limit, selector r/m32)

Description This instruction loads the unscrambled segment limit from the segment descriptor specified with the second operand (source operand) into the first operand (destination operand) and sets the ZF flag in the EFLAGS register. The source operand (which can be a register or a memory location) contains the segment selector for the segment descriptor being accessed. The destination operand is a general-purpose register. The processor performs access checks as part of the loading process. Once loaded in the destination register, software can compare the segment limit with the offset of a pointer. The segment limit is a 20-bit value contained in bytes 0 and 1 and in the first four bits of byte 6 of the segment descriptor. If the descriptor has a byte granular segment limit (the granularity flag is set to 0), the destination operand is loaded with a byte granular value (byte limit). If the descriptor has a page granular segment limit (the granularity flag is set to 1), the LSL instruction will translate the page granular limit (page limit) into a byte limit before loading it into the destination operand. The translation is performed by shifting the 20-bit raw limit left 12 bits and filling the low-order 12 bits with 1s. When the operand size is 32 bits, the 32-bit byte limit is stored in the destination operand. When the operand size is 16 bits, a valid 32-bit limit is computed; however, the upper 16 bits are truncated and only the low-order 16 bits are loaded into the destination operand. This instruction performs the following checks before it loads the segment limit into the destination register:

Checks that the segment selector is not null. Checks that the segment selector points to a descriptor that is within the limits of the GDT or LDT being accessed Checks that the descriptor type is valid for this instruction. All code and data segment descriptors are valid for (can be accessed with) the LSL instruction. The valid special segment and gate descriptor types are given in the following table. If the segment is not a conforming code segment, the instruction checks that the specified segment descriptor is visible at the CPL (that is, if the CPL and the RPL of the segment selector are less than or equal to the DPL of the segment selector).

If the segment descriptor cannot be accessed or is an invalid type for the instruction, the ZF flag is cleared and no value is loaded in the destination operand.

3-375

INSTRUCTION SET REFERENCE

The Mod field of the ModR/M byte must be 11, or an Invalid Opcode Exception will result.

3-382

INSTRUCTION SET REFERENCE

MASKMOVQByte Mask Write (Continued)

Operation
IF (SRC[7] = 1) THEN m64[EDI] = DEST[7-0]; ELSE M64[EDI] = 0X0; IF (SRC[15] = 1) THEN m64[EDI] = DEST[15-8]; ELSE M64[EDI] = 0X0; IF (SRC[23] = 1) THEN m64[EDI] = DEST[23-16]; ELSE M64[EDI] = 0X0; IF (SRC[31] = 1) THEN m64[EDI] = DEST[31-24]; ELSE M64[EDI] = 0X0; IF (SRC[39] = 1) THEN m64[EDI] = DEST[39-32]; ELSE M64[EDI] = 0X0; IF (SRC[47] = 1) THEN m64[EDI] = DEST[47-40]; ELSE M64[EDI] = 0X0; IF (SRC[55] = 1) THEN m64[EDI] = DEST[55-48]; ELSE M64[EDI] = 0X0; IF (SRC[63] = 1) THEN m64[EDI] = DEST[63-56]; ELSE M64[EDI] = 0X0;

3-383

INSTRUCTION SET REFERENCE

MASKMOVQByte Mask Write (Continued)

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
void_m_maskmovq(__m64d, __m64n, char * p)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

void_mm_maskmove_si64(__m64d, __m64n, char * p)

Conditionally store byte elements of d to address p. The high bit of each byte in the selector n determines whether the corresponding byte in d will be stored. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3)

Real Address Mode Exceptions Interrupt 13 #UD #NM #MF If any part of the operand would lie outside of the effective address space from 0 to 0FFFFH. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception.

3-384

INSTRUCTION SET REFERENCE

MASKMOVQByte Mask Write (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) Comments MASKMOVQ can be used to improve performance for algorithms which need to merge data on a byte granularity. MASKMOVQ should not cause a read for ownership; doing so generates unnecessary bandwidth since data is to be written directly using the byte-mask without allocating old data prior to the store. Similar to the Streaming SIMD Extension non-temporal store instructions, MASKMOVQ minimizes pollution of the cache hierarchy. MASKMOVQ implicitly uses weakly-ordered, write-combining stores (WC). Refer to Section 9.3.9., Cacheability Control Instructions in Chapter 9, Programming with the Streaming SIMD Extensions of the Intel Architecture Software Developers Manual, Volume 1, for further information about nontemporal stores. As a consequence of the resulting weakly-ordered memory consistency model, a fencing operation such as SFENCE should be used if multiple processors may use different memory types to read/write the same memory location specified by edi. This instruction behaves identically to MMX instructions, in the presence of x87-FP instructions: transition from x87-FP to MMX technology (TOS=0, FP valid bits set to all valid). MASMOVQ ignores the value of CR4.OSFXSR. Since it does not affect the new Streaming SIMD Extension state, they will not generate an invalid exception if CR4.OSFXSR = 0. For unaligned memory reference if the current privilege level is 3. For a page fault.

3-385

INSTRUCTION SET REFERENCE

MAXPSPacked Single-FP Maximum

Opcode 0F,5F,/r Instruction MAXPS xmm1, xmm2/m128 Description Return the maximum SP FP numbers between XMM2/Mem and XMM1.

Description The MAXPS instruction returns the maximum SP FP numbers from XMM1 and XMM2/Mem. If the values being compared are both zeroes, source2 (xmm2/m128) would be returned. If source2 (xmm2/m128) is an sNaN, this sNaN is forwarded unchanged to the destination (i.e., a quieted version of the sNaN is not returned).

Xmm1 Xmm2/ m128 Xmm1

99.1

10.99

> =

65.0

267.0

> =

519.0

8.7

=
519.0

Figure 3-36. Operation of the MAXPS Instruction

Operation
IF (DEST[31-0]=NaN) THEN DEST[31-0] = SRC[31-0]; ELSE IF (SRC[31-0] = NaN) THEN DEST[31-0] = SRC[31-0]; ELSE IF (DEST[31-0] > SRC/m128[31-0]) THEN DEST[31-0] = DEST[31-0]; ELSE DEST[31-0] = SRC/m128[31-0]; FI FI FI

3-386

INSTRUCTION SET REFERENCE

MAXPSPacked Single-FP Maximum (Continued)

IF (DEST[63-32]=NaN) THEN DEST[63-32] = SRC[63-32]; ELSE IF (SRC[63-32] = NaN) THEN DEST[63-32] = SRC[63-32]; ELSE IF (DEST[63-32] > SRC/m128[63-32]) THEN DEST[63-32] = DEST[63-32]; ELSE DEST[63-32] = SRC/m128[63-32]; FI FI FI IF (DEST[95-64]=NaN) THEN DEST[95-64] = SRC[95-64]; ELSE IF (SRC[95-64] = NaN) THEN DEST[95-64] = SRC[95-64]; ELSE IF (DEST[95-64] > SRC/m128[95-64]) THEN DEST[95-64] = DEST[95-64]; ELSE DEST[95-64] = SRC/m128[95-64]; FI FI FI IF (DEST[127-96]=NaN) THEN DEST[127-96] = SRC[127-96]; ELSE IF (SRC[127-96] = NaN) THEN DEST[127-96] = SRC[127-96]; ELSE IF (DEST[127-96] > SRC/m128[127-96]) THEN DEST[127-96] = DEST[127-96]; ELSE DEST[127-96] = SRC/m128[127-96]; FI FI FI

3-387

Figure 3-37. Operation of the MAXSS Instruction

3-390

INSTRUCTION SET REFERENCE

MAXSSScalar Single-FP Maximum (Continued)

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_max_ss(__m128 a, __m128 b)

Opcode 0F,5D,/r Instruction MINPS xmm1, xmm2/m128 Description Return the minimum SP numbers between XMM2/Mem and XMM1.

Description The MINPS instruction returns the minimum SP FP numbers from XMM1 and XMM2/Mem. If the values being compared are both zeroes, source2 (xmm2/m128) would be returned. If source2 (xmm2/m128) is an sNaN, this sNaN is forwarded unchanged to the destination (i.e., a quieted version of the sNaN is not returned).
MINPS xmm1, xmm2/m128 Xmm1 Xmm2/ m128 Xmm1 99.1 10.99 65.0 267.0

<
519.0

<
8.7

<
38.9

<
107.3

=
99.1

=
8.7

=
38.9

=
107.3

Figure 3-38. Operation of the MINPS Instruction

Operation
IF (DEST[31-0]=NaN) THEN DEST[31-0] = SRC[31-0]; ELSE IF (SRC[31-0] = NaN) THEN DEST[31-0] = SRC[31-0]; ELSE IF (DEST[31-0] < SRC/m128[31-0]) THEN DEST[31-0] = DEST[31-0]; ELSE DEST[31-0] = SRC/m128[31-0]; FI FI FI

3-394

INSTRUCTION SET REFERENCE

MINPSPacked Single-FP Minimum (Continued)

IF (DEST[63-32]=NaN) THEN DEST[63-32] = SRC[63-32]; ELSE IF (SRC[63-32] = NaN) THEN DEST[63-32] = SRC[63-32]; ELSE IF (DEST[63-32] < SRC/m128[63-32]) THEN DEST[63-32] = DEST[63-32]; ELSE DEST[63-32] = SRC/m128[63-32]; FI FI FI IF (DEST[95-64]=NaN) THEN DEST[95-64] = SRC[95-64]; ELSE IF (SRC[95-64] = NaN) THEN DEST[95-64] = SRC[95-64]; ELSE IF (DEST[95-64] < SRC/m128[95-64]) THEN DEST[95-64] = DEST[95-64]; ELSE DEST[95-64] = SRC/m128[95-64]; FI FI FI IF (DEST[127-96]=NaN) THEN DEST[127-96] = SRC[127-96]; ELSE IF (SRC[127-96] = NaN) THEN DEST[127-96] = SRC[127-96]; ELSE IF (DEST[127-96] < SRC/m128[127-96]) THEN DEST[127-96] = DEST[127-96]; ELSE DEST[127-96] = SRC/m128[127-96]; FI FI FI

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_min_ps(__m128 a, __m128 b)

Computes the minimums of the four SP FP values of a and b.

Description The MINSS instruction returns the minimum SP FP number from the lower SP FP numbers from XMM1 and XMM2/Mem; the upper three fields are passed through from xmm1. If the values being compared are both zeroes, source2 (xmm2/m128) would be returned. If source2 (xmm2/m128) is an sNaN, this sNaN is forwarded unchanged to the destination (i.e., a quieted version of the sNaN is not returned).

MINSS xmm1, xmm2/m32 Xmm1

< =

Xmm2/ m32 Xmm1

Figure 3-39. Operation of the MINSS Instruction

3-398

INSTRUCTION SET REFERENCE

MINSSScalar Single-FP Minimum (Continued)

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_min_ss(__m128 a, __m128 b)

Computes the minimum of the lower SP FP values of a and b; the upper three SP FP values are passed through from a. Exceptions None. Numeric Exceptions Invalid (including qNaN source operand), Denormal.

3-399

INSTRUCTION SET REFERENCE

MINSSScalar Single-FP Minimum (Continued)

INSTRUCTION SET REFERENCE

MOVMove (Continued)
Virtual-8086 Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #AC(0) #UD If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made. If attempt is made to load the CS register.

3-406

INSTRUCTION SET REFERENCE

MOVMove to/from Control Registers

Opcode 0F 22 /r 0F 22 /r 0F 22 /r 0F 22 /r 0F 20 /r 0F 20 /r 0F 20 /r 0F 20 /r Instruction MOV CR0,r32 MOV CR2,r32 MOV CR3,r32 MOV CR4,r32 MOV r32,CR0 MOV r32,CR2 MOV r32,CR3 MOV r32,CR4 Description Move r32 to CR0 Move r32 to CR2 Move r32 to CR3 Move r32 to CR4 Move CR0 to r32 Move CR2 to r32 Move CR3 to r32 Move CR4 to r32

Description This instruction moves the contents of a control register (CR0, CR2, CR3, or CR4) to a generalpurpose register or vice versa. The operand size for these instructions is always 32 bits, regardless of the operand-size attribute. Refer to Section 2.5., Control Registers in Chapter 2, System Architecture Overview of the Intel Architecture Software Developers Manual, Volume 3, for a detailed description of the flags and fields in the control registers. When loading a control register, a program should not attempt to change any of the reserved bits; that is, always set reserved bits to the value previously read. At the opcode level, the reg field within the ModR/M byte specifies which of the control registers is loaded or read. The two bits in the mod field are always 11B. The r/m field specifies the general-purpose register loaded or read. These instructions have the following side effects:

When writing to control register CR3, all non-global TLB entries are flushed. Refer to Section 3.7., Translation Lookaside Buffers (TLBs) in Chapter 3, Protected-Mode Memory Management of the Intel Architecture Software Developers Manual, Volume 3, for a detailed description of the flags and fields in the control registers.

3-407

INSTRUCTION SET REFERENCE

MOVMove to/from Control Registers (Continued)

The following side effects are implementation specific for the Pentium Pro processors. Software should not depend on this functionality in future Intel Architecture processors:

When modifying any of the paging flags in the control registers (PE and PG in register CR0 and PGE, PSE, and PAE in register CR4), all TLB entries are flushed, including global entries. If the PG flag is set to 1 and control register CR4 is written to set the PAE flag to 1 (to enable the physical address extension mode), the pointers (PDPTRs) in the page-directory pointers table will be loaded into the processor (into internal, non-architectural registers). If the PAE flag is set to 1 and the PG flag set to 1, writing to control register CR3 will cause the PDPTRs to be reloaded into the processor. If the PAE flag is set to 1 and control register CR0 is written to set the PG flag, the PDPTRs are reloaded into the processor.

Operation
DEST SRC;

Flags Affected The OF, SF, ZF, AF, PF, and CF flags are undefined. Protected Mode Exceptions #GP(0) If the current privilege level is not 0. If an attempt is made to write invalid bit combinations in CR0 (such as setting the PG flag to 1 when the PE flag is set to 0, or setting the CD flag to 0 when the NE flag is set to 1). If an attempt is made to write a 1 to any reserved bit in CR4. If an attempt is made to write reserved bits in the page-directory pointers table (used in the extended physical addressing mode) when the PAE flag in control register CR4 and the PG flag in control register CR0 are set to 1. Real-Address Mode Exceptions #GP If an attempt is made to write a 1 to any reserved bit in CR4.

Virtual-8086 Mode Exceptions #GP(0) These instructions cannot be executed in virtual-8086 mode.

3-408

INSTRUCTION SET REFERENCE

MOVMove to/from Debug Registers

Opcode 0F 21/r 0F 23 /r Instruction MOV r32, DR0-DR7 MOV DR0-DR7,r32 Description Move debug register to r32 Move r32 to debug register

Description This instruction moves the contents of a debug register (DR0, DR1, DR2, DR3, DR4, DR5, DR6, or DR7) to a general-purpose register or vice versa. The operand size for these instructions is always 32 bits, regardless of the operand-size attribute. Refer to Chapter 15, Debugging and Performance Monitoring of the Intel Architecture Software Developers Manual, Volume 3, for a detailed description of the flags and fields in the debug registers. The instructions must be executed at privilege level 0 or in real-address mode. When the debug extension (DE) flag in register CR4 is clear, these instructions operate on debug registers in a manner that is compatible with Intel386 and Intel486 processors. In this mode, references to DR4 and DR5 refer to DR6 and DR7, respectively. When the DE set in CR4 is set, attempts to reference DR4 and DR5 result in an undefined opcode (#UD) exception. (The CR4 register was added to the Intel Architecture beginning with the Pentium processor.) At the opcode level, the reg field within the ModR/M byte specifies which of the debug registers is loaded or read. The two bits in the mod field are always 11. The r/m field specifies the generalpurpose register loaded or read. Operation
IF ((DE = 1) and (SRC or DEST = DR4 or DR5)) THEN #UD; ELSE DEST SRC;

Flags Affected The OF, SF, ZF, AF, PF, and CF flags are undefined. Protected Mode Exceptions #GP(0) #UD #DB If the current privilege level is not 0. If the DE (debug extensions) bit of CR4 is set and a MOV instruction is executed involving DR4 or DR5. If any debug register is accessed while the GD flag in debug register DR7 is set.

3-409

INSTRUCTION SET REFERENCE

MOVMove to/from Debug Registers (Continued)

Real-Address Mode Exceptions #UD #DB If the DE (debug extensions) bit of CR4 is set and a MOV instruction is executed involving DR4 or DR5. If any debug register is accessed while the GD flag in debug register DR7 is set.

Virtual-8086 Mode Exceptions #GP(0) The debug registers cannot be loaded or read when in virtual-8086 mode.

3-410

INSTRUCTION SET REFERENCE

MOVAPSMove Aligned Four Packed Single-FP

Opcode 0F,28,/r 0F,29,/r Instruction MOVAPS xmm1, xmm2/m128 MOVAPS xmm2/m128, xmm1 Description Move 128 bits representing four packed SP data from XMM2/Mem to XMM1 register. Move 128 bits representing four packed SP from XMM1 register to XMM2/Mem.

Description The linear address corresponds to the address of the least-significant byte of the referenced memory data. When a memory address is indicated, the 16 bytes of data at memory location m128 are loaded or stored. When the register-register form of this operation is used, the content of the 128-bit source register is copied into the 128-bit destination register.
MOVAPS xmm1, xmm2/m128 (xmm2/m128, xmm1) Xmm1

Xmm2/ m128 Xmm1

Figure 3-40. Operation of the MOVAPS Instruction

3-411

INSTRUCTION SET REFERENCE

MOVAPSMove Aligned Four Packed Single-FP (Continued)

Operation
IF (destination = DEST) THEN IF (SRC = m128)THEN (* load instruction *) DEST[127-0] = m128; ELSE(* move instruction *) DEST[127=0] = SRC[127-0]; FI; ELSE IF (destination = m128)THEN (* store instruction *) m128 = SRC[127-0]; ELSE(* move instruction *) DEST[127-0] = SRC[127-0]; FI; FI;

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_load_ps(float * p)

Loads four SP FP values. The address must be 16-byte-aligned.

void_mm_store_ps(float *p, __m128 a)

Stores four SP FP values. The address must be 16-byte-aligned. Exceptions General protection exception if not aligned on 16-byte boundary, regardless of segment. Numeric Exceptions None.

3-412

INSTRUCTION SET REFERENCE

MOVAPSMove Aligned Four Packed Single-FP (Continued)

Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) Comments MOVAPS should be used when dealing with 16-byte aligned SP FP numbers. If the data is not known to be aligned, MOVUPS should be used instead of MOVAPS. The usage of this instruction should be limited to the cases where the aligned restriction is easy to meet. Processors that support Streaming SIMD Extension will provide optimal aligned performance for the MOVAPS instruction. The usage of Repeat Prefix (F3H) with MOVAPS is reserved. Different processor implementations may handle this prefix differently. Usage of this prefix with MOVAPS risks incompatibility with future processors. For a page fault.

3-413

INSTRUCTION SET REFERENCE

MOVDMove 32 Bits
Opcode 0F 6E /r 0F 7E /r Instruction MOVD mm, r/m32 MOVD r/m32, mm Description Move doubleword from r/m32 to mm. Move doubleword from mm to r/m32.

Description This instruction copies doubleword from source operand (second operand) to destination operand (first operand). Source and destination operands can be MMX technology registers, memory locations, or 32-bit general-purpose registers; however, data cannot be transferred from an MMX technology register to another MMX technology register, from one memory location to another memory location, or from one general-purpose register to another generalpurpose register. When the destination operand is an MMX technology register, the 32-bit source value is written to the low-order 32 bits of the 64-bit MMX technology register and zero-extended to 64 bits (refer to Figure 3-41). When the source operand is an MMX technology register, the low-order 32 bits of the MMX technology register are written to the 32-bit general-purpose register or 32-bit memory location selected with the destination operand.

MOVD m32, mm 63 0 32 31 xxxxxxxx b 3 b2 b1 b0 mm

15 b3 b1

0 b2 b0

W N+1 WN+1 m32

MOVD mm, r32 63 32 31 0 00000000 b 3 b2 b1 b0 mm

31 0 b 3 b2 b 1 b0 r32

3006010

Figure 3-41. Operation of the MOVD Instruction

3-414

INSTRUCTION SET REFERENCE

MOVDMove 32 Bits (Continued)

Operation
IF DEST is MMX technology register THEN DEST ZeroExtend(SRC); ELSE (* SRC is MMX technology register *) DEST LowOrderDoubleword(SRC);

Flags Affected None. Protected Mode Exceptions #GP(0) If the destination operand is in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. #SS(0) #UD #NM #MF #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #UD #NM #MF If any part of the operand lies outside of the effective address space from 0 to FFFFH. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception.

3-415

INSTRUCTION SET REFERENCE

MOVDMove 32 Bits (Continued)

Virtual-8086 Mode Exceptions #GP #UD #NM #MF #PF(fault-code) #AC(0) If any part of the operand lies outside of the effective address space from 0 to FFFFH. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made.

3-416

INSTRUCTION SET REFERENCE

MOVHLPS High to Low Packed Single-FP

Opcode OF,12,/r Instruction MOVHLPS xmm1, xmm2 Description Move 64 bits representing higher two SP operands from xmm2 to lower two fields of xmm1 register.

Description The upper 64-bits of the source register xmm2 are loaded into the lower 64-bits of the 128-bit register xmm1, and the upper 64-bits of xmm1 are left unchanged.

MOVHLPS xmm1, xmm2 Xmm1 Xmm2

=
Xmm1

Figure 3-42. Operation of the MOVHLPS Instruction

Operation
DEST[127-64] = DEST[127-64]; DEST[63-0] = SRC[127-64];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_movehl_ps(__m128 a, __m128 b)

Moves the upper 2 SP FP values of b to the lower 2 SP FP values of the result. The upper 2 SP FP values of a are passed through to the result.

3-417

INSTRUCTION SET REFERENCE

MOVHLPS High to Low Packed Single-FP (Continued)

Exceptions None Numeric Exceptions None. Protected Mode Exceptions #UD #NM #UD #UD If CR0.EM = 1. If TS bit in CR0 is set. If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

Real Address Mode Exceptions #UD #NM #UD #UD If CR0.EM = 1. If TS bit in CR0 is set. If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. Comments The usage of Repeat (F2H, F3H) and Operand Size (66H) prefixes with MOVHLPS is reserved. Different processor implementations may handle these prefixes differently. Usage of these prefixes with MOVHLPS risks incompatibility with future processors.

3-418

INSTRUCTION SET REFERENCE

MOVHPSMove High Packed Single-FP

Opcode 0F,16,/r 0F,17,/r Instruction MOVHPS xmm, m64 MOVHPS m64, xmm Description Move 64 bits representing two SP operands from Mem to upper two fields of XMM register. Move 64 bits representing two SP operands from upper two fields of XMM register to Mem.

Description The linear address corresponds to the address of the least-significant byte of the referenced memory data. When the load form of this operation is used, m64 is loaded into the upper 64-bits of the 128-bit register xmm, and the lower 64-bits are left unchanged.
MOVHPS xmm1, m64 (m64, xmm1) Xmm1

m64

Xmm1

Figure 3-43. Operation of the MOVHPS Instruction

3-419

INSTRUCTION SET REFERENCE

MOVHPSMove High Packed Single-FP (Continued)

Operation
IF (destination = DEST) THEN(* load instruction *) DEST[127-64] = m64; DEST[31-0] = DEST[31-0]; DEST[63-32] = DEST[63-32]; ELSE (* store instruction *) m64 = SRC[127-64]; FI;

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_loadh_pi(__m128 a, __m64 * p)

Sets the upper two SP FP values with 64 bits of data loaded from the address p; the lower two values are passed through from a.
void_mm_storeh_pi(__m64 * p, __m128 a)

Stores the upper two SP FP values of a to the address p. Exceptions None. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #AC #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3). If CR4.OSFXSR(bit 9) = 0 If CPUID.XMM(EDX bit 25) = 0.

3-420

INSTRUCTION SET REFERENCE

MOVHPSMove High Packed Single-FP (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF (fault-code) #AC Comments The usage of Repeat Prefixes (F2H, F3H) with MOVHPS is reserved. Different processor implementations may handle these prefixes differently. Usage of these prefixes with MOVHPS risks incompatibility with future processors. For a page fault. For unaligned memory reference if the current privilege level is 3.

3-421

INSTRUCTION SET REFERENCE

MOVLHPSMove Low to High Packed Single-FP

Opcode OF,16,/r Instruction MOVLHPS xmm1, xmm2 Description Move 64 bits representing lower two SP operands from xmm2 to upper two fields of xmm1 register.

Description The lower 64-bits of the source register xmm2 are loaded into the upper 64-bits of the 128-bit register xmm1, and the lower 64-bits of xmm1 are left unchanged.

MOVLHPS xmm1, xmm2 Xmm1 Xmm2

=
Xmm1

Figure 3-44. Operation of the MOVLHPS Instruction

Operation
DEST[127-64] = SRC[63-0]; DEST[63-0] = DEST[63-0];

3-422

INSTRUCTION SET REFERENCE

MOVLHPSMove Low to High Packed Single-FP (Continued)

Intel C/C++ Compiler Intrinsic Equivalent
__m128 _mm_movelh_ps (__m128 a, __m128 b)

Moves the lower 2 SP FP values of b to the upper 2 SP FP values of the result. The lower 2 SP FP values of a are passed through to the result. Exceptions None. Numeric Exceptions None. Protected Mode Exceptions #UD #NM #UD #UD If CR0.EM = 1. If TS bit in CR0 is set. If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

Real Address Mode Exceptions #UD #NM #UD #UD If CR0.EM = 1. If TS bit in CR0 is set. If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. Comments The usage of Repeat (F2H, F3H) and Operand Size (66H) prefixes with MOVLHPS is reserved. Different processor implementations may handle these prefixes differently. Usage of these prefixes with MOVLHPS risks incompatibility with future processors.

3-423

INSTRUCTION SET REFERENCE

MOVLPSMove Low Packed Single-FP

Opcode 0F,12,/r 0F,13,/r Instruction MOVLPS xmm, m64 MOVLPS m64, xmm Description Move 64 bits representing two SP operands from Mem to lower two fields of XMM register. Move 64 bits representing two SP operands from lower two fields of XMM register to Mem.

Description The linear address corresponds to the address of the least-significant byte of the referenced memory data. When the load form of this operation is used, m64 is loaded into the lower 64-bits of the 128-bit register xmm, and the upper 64-bits are left unchanged.

MOVLPS xmm1, m64 (m64, xmm1) Xmm1

m64

Xmm1

Figure 3-45. Operation of the MOVLPS Instruction

3-424

INSTRUCTION SET REFERENCE

MOVLPSMove Low Packed Single-FP (Continued)

Operation
IF (destination = DEST) THEN(* load instruction *) DEST[63-0] = m64; DEST[95-64] = DEST[95-64]; DEST[127-96] = DEST[127-96]; ELSE(* store instruction *) m64 = DEST[63-0]; FI

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_loadl_pi(__m128 a, __m64 *p)

Sets the lower two SP FP values with 64 bits of data loaded from the address p; the upper two values are passed through from a.
void_mm_storel_pi(__m64 * p, __m128 a)

Stores the lower two SP FP values of a to the address p. Exceptions None. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0 #PF (fault-code) #UD #NM #AC #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3). If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

3-425

INSTRUCTION SET REFERENCE

MOVLPSMove Low Packed Single-FP (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF (fault-code) #AC Comments The usage of Repeat Prefix (F3H) with MOVLPS is reserved. Different processor implementations may handle this prefix differently. Usage of this prefix with MOVLPS risks incompatibility with future processors. For a page fault. For unaligned memory reference if the current privilege level is 3.

3-426

INSTRUCTION SET REFERENCE

MOVMSKPSMove Mask To Integer

Opcode 0F,50,/r Instruction MOVMSKPS r32, xmm Description Move the single mask to r32.

Description The MOVMSKPS instruction returns to the integer register r32 a 4-bit mask formed of the most significant bits of each SP FP number of its operand.
MOVMSKPS r32, xmm1

R32

MOVNTPSMove Aligned Four Packed Single-FP Non Temporal (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) Comments MOVTNPS should be used when dealing with 16-byte aligned single-precision FP numbers. MOVNTPS minimizes pollution in the cache hierarchy. As a consequence of the resulting weakly-ordered memory consistency model, a fencing operation should be used if multiple processors may use different memory types to read/write the memory location. Refer to Section 9.3.9., Cacheability Control Instructions in Chapter 9, Programming with the Streaming SIMD Extensions of the Intel Architecture Software Developers Manual, Volume 1, for further information about non-temporal stores. The usage of Repeat Prefix (F3H) with MOVNTPS is reserved. Different processor implementations may handle this prefix differently. Usage of this prefix with MOVNTPS risks incompatibility with future processors. For a page fault.

3-430

INSTRUCTION SET REFERENCE

MOVNTQMove 64 Bits Non Temporal

Opcode 0F,E7,/r Instruction MOVNTQ m64, mm Description Move 64 bits representing integer operands (8b, 16b, 32b) from MM register to memory, minimizing pollution within cache hierarchy.

Description The linear address corresponds to the address of the least-significant byte of the referenced memory data. This store instruction minimizes cache pollution. Operation
m64 = SRC;

C/C++ Compiler Intrinsic Equivalent

void_mm_stream_pi(__m64 * p, __m64 a)

Stores the data in a to the address p without polluting the caches. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true (CR0.AM is set; EFLAGS.AC is set; current CPL is 3)

3-431

INSTRUCTION SET REFERENCE

MOVNTQMove 64 Bits Non Temporal (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) Comments MOVNTQ minimizes pollution in the cache hierarchy. As a consequence of the resulting weakly-ordered memory consistency model, a fencing operation should be used if multiple processors may use different memory types to read/write the memory location. Refer to Section 9.3.9., Cacheability Control Instructions in Chapter 9, Programming with the Streaming SIMD Extensions of the Intel Architecture Software Developers Manual, Volume 1, for further information about non-temporal stores. MOVNTQ ignores the value of CR4.OSFXSR. Since it does not affect the new Streaming SIMD Extension state, MOVNTQ will not generate an invalid exception if CR4.OSFXSR = 0. For unaligned memory reference if the current privilege level is 3. For a page fault.

3-432

INSTRUCTION SET REFERENCE

MOVQMove 64 Bits
Opcode 0F 6F /r 0F 7F /r Instruction MOVQ mm, mm/m64 MOVQ mm/m64, mm Description Move quadword from mm/m64 to mm. Move quadword from mm to mm/m64.

Description This instruction copies quadword from the source operand (second operand) to the destination operand (first operand) (refer to Figure 3-47). A source or destination operand can be either an MMX technology register or a memory location; however, data cannot be transferred from one memory location to another memory location. Data can be transferred from one MMX technology register to another MMX technology register.
MOVQ mm, m64 15 b7 b5 b3 b1 0 b6 W N+3 b4 b2 b0 W N+2 W N+1 W N+0 m64
3006013

63 48 47 32 31 1615 0 b7 b6 b5 b4 b3 b2 b1 b0 mm

Figure 3-47. Operation of the MOVQ Instructions

Operation
DEST SRC;

Flags Affected None.

3-433

INSTRUCTION SET REFERENCE

MOVQMove 64 Bits (Continued)

Description The linear address corresponds to the address of the least-significant byte of the referenced memory data. When a memory address is indicated, the four bytes of data at memory location m32 are loaded or stored. When the load form of this operation is used, the 32 bits from memory are copied into the lower 32 bits of the 128-bit register xmm, the 96 most significant bits being cleared.
MOVSS xmm1,xmm2/m32 (xmm2/m32, xmm1) Xmm1

Xmm2/ m32 Xmm1

Figure 3-48. Operation of the MOVSS Instruction

3-438

INSTRUCTION SET REFERENCE

MOVSSMove Scalar Single-FP (Continued)

Operation
IF (destination = DEST) THEN IF (SRC == m32) THEN(* load instruction *) DEST[31-0] = m32; DEST [63-32] = 0X00000000; DEST [95-64] = 0X00000000; DEST [127-96] = 0X00000000; ELSE(* move instruction *) DEST [31-0] = SRC[31-0]; DEST [63-32] = DEST [63-32]; DEST [95-64] = DEST [95-64]; DEST [127-96] = DEST [127-96]; FI ELSE IF (destination = m32) THEN(* store instruction *) m32 = SRC[31-0]; ELSE (* move instruction *) DEST [31-0] = SRC[31-0] DEST [63-32] = DEST[63-32]; DEST [95-64] = DEST [95-64]; DEST [127-96] = DEST [127-96]; FI FI

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_load_ss(float * p)

Loads an SP FP value into the low word and clears the upper three words.
void_mm_store_ss(float * p, __m128 a)

Stores the lower SP FP value.

__m128 _mm_move_ss(__m128 a, __m128 b)

Sets the low word to the SP FP value of b. The upper 3 SP FP values are passed through from a. Exceptions None. Numeric Exceptions None.

3-439

INSTRUCTION SET REFERENCE

MOVSSMove Scalar Single-FP (Continued)

Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #AC #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For unaligned memory reference.To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3). If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) For unaligned memory reference if the current privilege level is 3. For a page fault.

3-440

INSTRUCTION SET REFERENCE

MOVSXMove with Sign-Extension

Opcode 0F BE /r 0F BE /r 0F BF /r Instruction MOVSX r16,r/m8 MOVSX r32,r/m8 MOVSX r32,r/m16 Description Move byte to word with sign-extension Move byte to doubleword, sign-extension Move word to doubleword, sign-extension

Description This instruction copies the contents of the source operand (register or memory location) to the destination operand (register) and sign extends the value to 16 or 32 bits. For more information, refer to Section 6-5, Sign Extension in Chapter 6, Instruction Set Summary of the Intel Architecture Software Developers Manual, Volume 1. The size of the converted value depends on the operand-size attribute. Operation
DEST SignExtend(SRC);

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-441

INSTRUCTION SET REFERENCE

MOVSXMove with Sign-Extension (Continued)

Virtual-8086 Mode Exceptions #GP(0) #SS(0) #PF(fault-code) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If a page fault occurs.

3-442

INSTRUCTION SET REFERENCE

MOVUPSMove Unaligned Four Packed Single-FP

Opcode 0F,10,/r 0F,11,/r Instruction MOVUPS xmm1, xmm2/m128 MOVUPS xmm2/m128, xmm1 Description Move 128 bits representing four SP data from XMM2/Mem to XMM1 register. Move 128 bits representing four SP data from XMM1 register to XMM2/Mem.

Description The linear address corresponds to the address of the least-significant byte of the referenced memory data. When a memory address is indicated, the 16 bytes of data at memory location m128 are loaded to the 128-bit multimedia register xmm or stored from the 128-bit multimedia register xmm. When the register-register form of this operation is used, the content of the 128bit source register is copied into 128-bit register xmm. No assumption is made about alignment.
MOVUPS xmm1, xmm2/m128 (xmm2/m128, xmm1) Xmm1

Xmm2/ m128 Xmm1

Figure 3-49. Operation of the MOVUPS Instruction

3-443

INSTRUCTION SET REFERENCE

MOVUPSMove Unaligned Four Packed Single-FP (Continued)

Operation
IF (destination = xmm) THEN IF (SRC = m128)THEN(* load instruction *) DEST[127-0] = m128; ELSE (* move instruction *) DEST[127-0] = SRC[127-0]; FI ELSE IF (destination = m128) THEN(* store instruction *) m128 = SRC[127-0]; ELSE (* move instruction *) DEST[127-0] = SRC[127-0]; FI FI

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_loadu_ps(float * p)

3-447

INSTRUCTION SET REFERENCE

MULUnsigned Multiply
Opcode F6 /4 F7 /4 F7 /4 Instruction MUL r/m8 MUL r/m16 MUL r/m32 Description Unsigned multiply (AX AL r/m8) Unsigned multiply (DX:AX AX r/m16) Unsigned multiply (EDX:EAX EAX r/m32)

Description This instruction performs an unsigned multiplication of the first operand (destination operand) and the second operand (source operand) and stores the result in the destination operand. The destination operand is an implied operand located in register AL, AX or EAX (depending on the size of the operand); the source operand is located in a general-purpose register or a memory location. The action of this instruction and the location of the result depends on the opcode and the operand size as shown in the following table.
:

Operand Size Byte Word Doubleword

Source 1 AL AX EAX

Source 2 r/m8 r/m16 r/m32

Destination AX DX:AX EDX:EAX

The result is stored in register AX, register pair DX:AX, or register pair EDX:EAX (depending on the operand size), with the high-order bits of the product contained in register AH, DX, or EDX, respectively. If the high-order bits of the product are 0, the CF and OF flags are cleared; otherwise, the flags are set. Operation
IF byte operation THEN AX AL SRC ELSE (* word or doubleword operation *) IF OperandSize = 16 THEN DX:AX AX SRC ELSE (* OperandSize = 32 *) EDX:EAX EAX SRC FI; FI;

Flags Affected The OF and CF flags are cleared to 0 if the upper half of the result is 0; otherwise, they are set to 1. The SF, ZF, AF, and PF flags are undefined.

3-448

INSTRUCTION SET REFERENCE

MULUnsigned Multiply (Continued)

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-449

INSTRUCTION SET REFERENCE

MULPSPacked Single-FP Multiply

Opcode 0F,59,/r Instruction MULPS xmm1, xmm2/m128 Description Multiply packed SP FP numbers in XMM2/Mem to XMM1.

Description The MULPS instructions multiply the packed SP FP numbers of both their operands.
MULPS xmm1, xmm2/m128 Xmm1

Xmm2/ m128 Xmm1

Figure 3-50. Operation of the MULPS Instruction

Operation
DEST[31-0] = DEST[31-0] * SRC/m128[31-0]; DEST[63-32] = DEST[63-32] * SRC/m128[63-32]; DEST[95-64] = DEST[95-64] * SRC/m128[95-64]; DEST[127-96] = DEST[127-96] * SRC/m128[127-96];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_mul_ps(__m128 a, __m128 b)

Multiplies the four SP FP values of a and b.

3-450

INSTRUCTION SET REFERENCE

MULPSPacked Single-FP Multiply (Continued)

Exceptions General protection exception if not aligned on 16-byte boundary, regardless of segment. Numeric Exceptions Overflow, Underflow, Invalid, Precision, Denormal. Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM #XM #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =1). For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =0).

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) For a page fault.

3-451

INSTRUCTION SET REFERENCE

MULSSScalar Single-FP Multiply

Opcode F3,0F,59,/r Instruction MULSS xmm1 xmm2/m32 Description Multiply the lowest SP FP number in XMM2/Mem to XMM1.

Description The MULSS instructions multiply the lowest SP FP numbers of both their operands; the upper three fields are passed through from xmm1.
MULSS xmm1, xmm2/m128 Xmm1
-4.75

Xmm2/ m128

2501.4

=
Xmm1

=
-11881.65

Figure 3-51. Operation of the MULSS Instruction

Operation
DEST[31-0] = DEST[31-0] * SRC/m32[31-0]; DEST[63-32] = DEST[63-32]; DEST[95-64] = DEST[95-64]; DEST[127-96] = DEST[127-96];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_mul_ss(__m128 a, __m128 b)

Multiplies the lower SP FP values of a and b; the upper three SP FP values are passed through from a. Exceptions None. Numeric Exceptions Overflow, Underflow, Invalid, Precision, Denormal.

3-452

INSTRUCTION SET REFERENCE

INSTRUCTION SET REFERENCE

ORLogical Inclusive OR
Opcode 0C ib 0D iw 0D id 80 /1 ib 81 /1 iw 81 /1 id 83 /1 ib 83 /1 ib 08 /r 09 /r 09 /r 0A /r 0B /r 0B /r Instruction OR AL,imm8 OR AX,imm16 OR EAX,imm32 OR r/m8,imm8 OR r/m16,imm16 OR r/m32,imm32 OR r/m16,imm8 OR r/m32,imm8 OR r/m8,r8 OR r/m16,r16 OR r/m32,r32 OR r8,r/m8 OR r16,r/m16 OR r32,r/m32 Description AL OR imm8 AX OR imm16 EAX OR imm32

r/m8 OR imm8 r/m16 OR imm16 r/m32 OR imm32 r/m16 OR imm8 (sign-extended) r/m32 OR imm8 (sign-extended) r/m8 OR r8 r/m16 OR r16 r/m32 OR r32 r8 OR r/m8 r16 OR r/m16 r32 OR r/m32

Description This instruction performs a bitwise inclusive OR operation between the destination (first) and source (second) operands and stores the result in the destination operand location. The source operand can be an immediate, a register, or a memory location; the destination operand can be a register or a memory location. (However, two memory operands cannot be used in one instruction.) Each bit of the result of the OR instruction is 0 if both corresponding bits of the operands are 0; otherwise, each bit is 1. Operation
DEST DEST OR SRC;

Flags Affected The OF and CF flags are cleared; the SF, ZF, and PF flags are set according to the result. The state of the AF flag is undefined.

3-459

INSTRUCTION SET REFERENCE

ORLogical Inclusive OR (Continued)

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-460

INSTRUCTION SET REFERENCE

ORPSBit-wise Logical OR for Single-FP Data

Opcode 0F,56,/r Instruction ORPS xmm1, xmm2/m128 Description OR 128 bits from XMM2/Mem to XMM1 register.

Description The ORPS instructions return a bit-wise logical OR between xmm1 and xmm2/mem.

Xmm1 Xmm2/ m128 Xmm1

0xEB460053

0xFB37D019

0x00038AC2

0x999333CC

0x00FF00AA

=
0xEBFF00FB

Figure 3-52. Operation of the ORPS Instruction

Operation
DEST[127-0] |= SRC/m128[127-0];

Operation
IF ((PE = 1) AND ((CPL > IOPL) OR (VM = 1))) THEN (* Protected mode with CPL > IOPL or virtual-8086 mode *) IF (Any I/O Permission Bit for I/O port being accessed = 1) THEN (* I/O operation is not allowed *) #GP(0); ELSE ( * I/O operation is allowed *) DEST SRC; (* Writes to I/O port *) FI; ELSE (Real Mode or Protected Mode with CPL IOPL *) DEST SRC; (* Writes to I/O port *) FI; IF (byte transfer) THEN IF DF = 0 THEN (E)SI (E)SI + 1; ELSE (E)SI (E)SI 1; FI; ELSE IF (word transfer) THEN IF DF = 0 THEN (E)SI (E)SI + 2; ELSE (E)SI (E)SI 2; FI; ELSE (* doubleword transfer *) THEN IF DF = 0 THEN (E)SI (E)SI + 4; ELSE (E)SI (E)SI 4; FI; FI; FI;

Flags Affected None.

3-467

INSTRUCTION SET REFERENCE

OUTS/OUTSB/OUTSW/OUTSDOutput String to Port (Continued)

Protected Mode Exceptions #GP(0) If the CPL is greater than (has less privilege) the I/O privilege level (IOPL) and any of the corresponding I/O permission bits in TSS for the I/O port being accessed is 1. If a memory operand effective address is outside the limit of the CS, DS, ES, FS, or GS segment. If the segment register contains a null segment selector. #PF(fault-code) #AC(0) If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-468

INSTRUCTION SET REFERENCE

PACKSSWB/PACKSSDWPack with Signed Saturation

Opcode 0F 63 /r Instruction PACKSSWB mm, mm/m64 PACKSSDW mm, mm/m64 Description Packs and saturate pack four signed words from mm and four signed words from mm/m64 into eight signed bytes in mm. Pack and saturate two signed doublewords from mm and two signed doublewords from mm/m64 into four signed words in mm.

0F 6B /r

Description These instructions pack and saturate signed words into bytes (PACKSSWB) or signed doublewords into words (PACKSSDW). The PACKSSWB instruction packs four signed words from the destination operand (first operand) and four signed words from the source operand (second operand) into eight signed bytes in the destination operand. If the signed value of a word is beyond the range of a signed byte (that is, greater than 7FH or less than 80H), the saturated byte value of 7FH or 80H, respectively, is stored into the destination. The PACKSSDW instruction packs two signed doublewords from the destination operand (first operand) and two signed doublewords from the source operand (second operand) into four signed words in the destination operand (refer to Figure 3-53). If the signed value of a doubleword is beyond the range of a signed word (that is, greater than 7FFFH or less than 8000H), the saturated word value of 7FFFH or 8000H, respectively, is stored into the destination. The destination operand for either the PACKSSWB or PACKSSDW instruction must be an MMX technology register; the source operand may be either an MMX technology register or a quadword memory location.

PACKSSDW mm, mm/m64 mm/m64 D C mm B A

Figure 3-53. Operation of the PACKSSDW Instruction

3-469

INSTRUCTION SET REFERENCE

PACKSSWB/PACKSSDWPack with Signed Saturation (Continued)

Operation
IF instruction is PACKSSWB THEN DEST(7..0) SaturateSignedWordToSignedByte DEST(15..0); DEST(15..8) SaturateSignedWordToSignedByte DEST(31..16); DEST(23..16) SaturateSignedWordToSignedByte DEST(47..32); DEST(31..24) SaturateSignedWordToSignedByte DEST(63..48); DEST(39..32) SaturateSignedWordToSignedByte SRC(15..0); DEST(47..40) SaturateSignedWordToSignedByte SRC(31..16); DEST(55..48) SaturateSignedWordToSignedByte SRC(47..32); DEST(63..56) SaturateSignedWordToSignedByte SRC(63..48); ELSE (* instruction is PACKSSDW *) DEST(15..0) SaturateSignedDoublewordToSignedWord DEST(31..0); DEST(31..16) SaturateSignedDoublewordToSignedWord DEST(63..32); DEST(47..32) SaturateSignedDoublewordToSignedWord SRC(31..0); DEST(63..48) SaturateSignedDoublewordToSignedWord SRC(63..32); FI;

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_packsswb (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_packs_pi16(__m64 m1, __m64 m2)

Pack the four 16-bit values from m1 into the lower four 8-bit values of the result with signed saturation, and pack the four 16-bit values from m2 into the upper four 8-bit values of the result with signed saturation. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_packssdw (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_packs_pi32 (__m64 m1, __m64 m2)

Pack the two 32-bit values from m1 into the lower two 16-bit values of the result with signed saturation, and pack the two 32-bit values from m2 into the upper two 16-bit values of the result with signed saturation. Flags Affected None.

3-470

INSTRUCTION SET REFERENCE

PACKSSWB/PACKSSDWPack with Signed Saturation (Continued)

Protected Mode Exceptions #GP(0) #SS(0) #UD #NM #MF #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-471

INSTRUCTION SET REFERENCE

PACKUSWBPack with Unsigned Saturation

Opcode 0F 67 /r Instruction PACKUSWB mm, mm/m64 Description Pack and saturate four signed words from mm and four signed words from mm/m64 into eight unsigned bytes in mm.

Description This instruction packs and saturates four signed words from the destination operand (first operand) and four signed words from the source operand (second operand) into eight unsigned bytes in the destination operand (refer to Figure 3-54). If the signed value of a word is beyond the range of an unsigned byte (that is, greater than FFH or less than 00H), the saturated byte value of FFH or 00H, respectively, is stored into the destination. The destination operand must be an MMX technology register; the source operand may be either an MMX technology register or a quadword memory location.

PACKUSWB mm, mm/m64 mm/m64 H G F E

mm D C B A

H G F E D C B A mm
3006014

Figure 3-54. Operation of the PACKUSWB Instruction

Operation
DEST(7..0) SaturateSignedWordToUnsignedByte DEST(15..0); DEST(15..8) SaturateSignedWordToUnsignedByte DEST(31..16); DEST(23..16) SaturateSignedWordToUnsignedByte DEST(47..32); DEST(31..24) SaturateSignedWordToUnsignedByte DEST(63..48); DEST(39..32) SaturateSignedWordToUnsignedByte SRC(15..0); DEST(47..40) SaturateSignedWordToUnsignedByte SRC(31..16); DEST(55..48) SaturateSignedWordToUnsignedByte SRC(47..32); DEST(63..56) SaturateSignedWordToUnsignedByte SRC(63..48);

3-472

INSTRUCTION SET REFERENCE

PACKUSWBPack with Unsigned Saturation (Continued)

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_packuswb(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_packs_pu16(__m64 m1, __m64 m2)

Pack the four 16-bit values from m1 into the lower four 8-bit values of the result with unsigned saturation, and pack the four 16-bit values from m2 into the upper four 8-bit values of the result with unsigned saturation. Flags Affected None. Protected Mode Exceptions #GP(0) #SS(0) #UD #NM #MF #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-473

INSTRUCTION SET REFERENCE

PACKUSWBPack with Unsigned Saturation (Continued)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_addw_pi16(__m64 m1, __m64 m2)

Add the four 16-bit values in m1 to the four 16-bit values in m2. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_paddd(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_add_pi32(__m64 m1, __m64 m2)

Add the two 32-bit values in m1 to the two 32-bit values in m2. Flags Affected None. Protected Mode Exceptions #GP(0) #SS(0) #UD #NM #MF #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-477

INSTRUCTION SET REFERENCE

PADDB/PADDW/PADDDPacked Add (Continued)

3-478

INSTRUCTION SET REFERENCE

PADDSB/PADDSWPacked Add with Saturation

Opcode 0F EC /r 0F ED /r Instruction PADDSB mm, mm/m64 PADDSW mm, mm/m64 Description Add signed packed bytes from mm/m64 to signed packed bytes in mm and saturate. Add signed packed words from mm/m64 to signed packed words in mm and saturate.

Description These instructions add the individual signed data elements (bytes or words) of the source operand (second operand) to the individual signed data elements of the destination operand (first operand) (refer to Figure 3-56). If the result of an individual addition exceeds the range for the specified data type, the result is saturated. The destination operand must be an MMX technology register; the source operand can be either an MMX technology register or a quadword memory location.

PADDSW mm, mm/m64 mm 1000000000000000 0111111100111000

+
mm/m64 mm

+
1111111111111111 1000000000000000

+
0001011100000111 0111111111111111
3006016

Figure 3-56. Operation of the PADDSW Instruction

The PADDSB instruction adds the signed bytes of the source operand to the signed bytes of the destination operand and stores the results to the destination operand. When an individual result is beyond the range of a signed byte (that is, greater than 7FH or less than 80H), the saturated byte value of 7FH or 80H, respectively, is written to the destination operand. The PADDSW instruction adds the signed words of the source operand to the signed words of the destination operand and stores the results to the destination operand. When an individual result is beyond the range of a signed word (that is, greater than 7FFFH or less than 8000H), the saturated word value of 7FFFH or 8000H, respectively, is written to the destination operand.

3-479

INSTRUCTION SET REFERENCE

PADDSB/PADDSWPacked Add with Saturation (Continued)

Operation
IF instruction is PADDSB THEN DEST(7..0) SaturateToSignedByte(DEST(7..0) + SRC (7..0)) ; DEST(15..8) SaturateToSignedByte(DEST(15..8) + SRC(15..8) ); DEST(23..16) SaturateToSignedByte(DEST(23..16)+ SRC(23..16) ); DEST(31..24) SaturateToSignedByte(DEST(31..24) + SRC(31..24) ); DEST(39..32) SaturateToSignedByte(DEST(39..32) + SRC(39..32) ); DEST(47..40) SaturateToSignedByte(DEST(47..40)+ SRC(47..40) ); DEST(55..48) SaturateToSignedByte(DEST(55..48) + SRC(55..48) ); DEST(63..56) SaturateToSignedByte(DEST(63..56) + SRC(63..56) ); ELSE { (* instruction is PADDSW *) DEST(15..0) SaturateToSignedWord(DEST(15..0) + SRC(15..0) ); DEST(31..16) SaturateToSignedWord(DEST(31..16) + SRC(31..16) ); DEST(47..32) SaturateToSignedWord(DEST(47..32) + SRC(47..32) ); DEST(63..48) SaturateToSignedWord(DEST(63..48) + SRC(63..48) ); FI;

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_paddsb(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_adds_pi8(__m64 m1, __m64 m2)

Add the eight signed 8-bit values in m1 to the eight signed 8-bit values in m2 and saturate. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_paddsw(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_adds_pi16(__m64 m1, __m64 m2)

Add the four signed 16-bit values in m1 to the four signed 16-bit values in m2 and saturate. Flags Affected None.

3-480

INSTRUCTION SET REFERENCE

PADDSB/PADDSWPacked Add with Saturation (Continued)

3-481

INSTRUCTION SET REFERENCE

PADDUSB/PADDUSWPacked Add Unsigned with Saturation

Opcode 0F DC /r 0F DD /r Instruction PADDUSB mm, mm/m64 PADDUSW mm, mm/m64 Description Add unsigned packed bytes from mm/m64 to unsigned packed bytes in mm and saturate. Add unsigned packed words from mm/m64 to unsigned packed words in mm and saturate.

Description These instructions add the individual unsigned data elements (bytes or words) of the packed source operand (second operand) to the individual unsigned data elements of the packed destination operand (first operand) (refer to Figure 3-57). If the result of an individual addition exceeds the range for the specified unsigned data type, the result is saturated. The destination operand must be an MMX technology register; the source operand can be either an MMX technology register or a quadword memory location.

PADDUSB mm, mm/m64 mm 10000000 01111111 00111000

+
mm/m64 mm

PANDLogical AND
Opcode 0F DB /r Instruction PAND mm, mm/m64 Description AND quadword from mm/m64 to quadword in mm.

Description This instruction performs a bitwise logical AND operation on the quadword source (second) and destination (first) operands and stores the result in the destination operand location (refer to Figure 3-58). The source operand can be an MMX technology register or a quadword memory location; the destination operand must be an MMX technology register. Each bit of the result of the PAND instruction is set to 1 if the corresponding bits of the operands are both 1; otherwise it is made zero

PAND mm, mm/m64 mm 1111111111111000000000000000010110110101100010000111011101110111

&
mm/m64 0001000011011001010100000011000100011110111011110001010110010101 mm 0001000011011000000000000000000100010100100010000001010100010101
3006019

Figure 3-58. Operation of the PAND Instruction

Operation
DEST DEST AND SRC;

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pand(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_and_si64(__m64 m1, __m64 m2)

Perform a bitwise AND of the 64-bit value in m1 with the 64-bit value in m2. Flags Affected None.

3-485

INSTRUCTION SET REFERENCE

PANDLogical AND (Continued)

3-486

INSTRUCTION SET REFERENCE

PANDNLogical AND NOT

Opcode 0F DF /r Instruction PANDN mm, mm/m64 Description AND quadword from mm/m64 to NOT quadword in mm.

Description This instruction performs a bitwise logical NOT on the quadword destination operand (first operand). Then, the instruction performs a bitwise logical AND operation on the inverted destination operand and the quadword source operand (second operand) (refer to Figure 3-59). Each bit of the result of the AND operation is set to one if the corresponding bits of the source and inverted destination bits are one; otherwise it is set to zero. The result is stored in the destination operand location. The source operand can be an MMX technology register or a quadword memory location; the destination operand must be an MMX technology register.

PANDN mm, mm/m64

~
mm
11111111111110000000000000000101101101010011101111000100010001000

&
m/m64 mm
11111111111110000000000000000101101101010011101111000100010001000

11111111111110000000000000000101101101010011101111000100010001000

Figure 3-59. Operation of the PANDN Instruction

Operation
DEST (NOT DEST) AND SRC;

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pandn(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_andnot_si64(__m64 m1, __m64 m2)

Perform a logical NOT on the 64-bit value in m1 and use the result in a bitwise AND with the 64-bit value in m2.

3-487

INSTRUCTION SET REFERENCE

PANDNLogical AND NOT (Continued)

Flags Affected None. Protected Mode Exceptions #GP(0) #SS(0) #UD #NM #MF #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-488

INSTRUCTION SET REFERENCE

PAVGB/PAVGWPacked Average
Opcode 0F,E0, /r 0F,E3, /r Instruction PAVGB mm1,mm2/m64 PAVGW mm1, mm2/m64 Description Average with rounding packed unsigned bytes from MM2/Mem to packed bytes in MM1 register. Average with rounding packed unsigned words from MM2/Mem to packed words in MM1 register.

Description The PAVG instructions add the unsigned data elements of the source operand to the unsigned data elements of the destination register, along with a carry-in. The results of the add are then each independently right-shifted by one bit position. The high order bits of each element are filled with the carry bits of the corresponding sum. The destination operand is an MMX technology register. The source operand can either be an MMX technology register or a 64-bit memory operand. The PAVGB instruction operates on packed unsigned bytes, and the PAVGW instruction operates on packed unsigned words.
PAVGB mm1,mm2/m64 mm1 255 1 0 253 254 255 1 0

mm2/ 64 mm1

255

=
255

=
2

=
0

=
254

=
255

=
2

=
0

Figure 3-60. Operation of the PAVGB/PAVGW Instruction

3-489

INSTRUCTION SET REFERENCE

PAVGB/PAVGWPacked Average (Continued)

Operation
IF (* instruction = PAVGB *) THEN X[0] = DEST[7-0]; Y[0] = SRC/m64[7-0]; X[1] = DEST[15-8]; Y[1] = SRC/m64[15-8]; X[2] = DEST[23-16]; Y[2] = SRC/m64[23-16]; X[3] = DEST[31-24]; Y[3] = SRC/m64[31-24]; X[4] = DEST[39-32]; Y[4] = SRC/m64[39-32]; X[5] = DEST[47-40]; Y[5] = SRC/m64[47-40]; X[6] = DEST[55-48]; Y[6] = SRC/m64[55-48]; X[7] = DEST[63-56]; Y[7] = SRC/m64[63-56]; WHILE (I < 8) TEMP[I] = ZERO_EXT(X[I], 8) + ZERO_EXT{Y[I], 8); RES[I] = (TEMP[I] + 1) >> 1; ENDWHILE DEST[7-0] = RES[0]; DEST[15-8] = RES[1]; DEST[23-16] = RES[2]; DEST[31-24] = RES[3]; DEST[39-32] = RES[4]; DEST[47-40] = RES[5]; DEST[55-48] = RES[6]; DEST[63-56] = RES[7]; ELSE IF (* instruction PAVGW *)THEN X[0] = DEST[15-0]; Y[0] = SRC/m64[15-0]; X[1] = DEST[31-16]; Y[1] = SRC/m64[31-16]; X[2] = DEST[47-32]; Y[2] = SRC/m64[47-32]; X[3] = DEST[63-48]; Y[3] = SRC/m64[63-48];

3-490

INSTRUCTION SET REFERENCE

PAVGB/PAVGWPacked Average (Continued)

WHILE (I < 4) TEMP[I] = ZERO_EXT(X[I], 16) + ZERO_EXT{Y[I], 16); RES[I] = (TEMP[I] + 1) >> 1; ENDWHILE DEST[15-0] = RES[0]; DEST[31-16] = RES[1]; DEST[47-32] = RES[2]; DEST[63-48] = RES[3]; FI;

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64_mm_pavgb(__m64 a, __m64 b)

Pre-4.0 Intel C/C++ Compiler intrinsic:

__m64_mm_avg_pu8(__m64 a, __m64 b)

Performs the packed average on the eight 8-bit values of the two operands. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64_mm_pavgw(__m64 a, __m64 b)

Pre-4.0 Intel C/C++ Compiler intrinsic:

__m64_mm_avg_pu16(__m64 a, __m64 b)

Performs the packed average on the four 16-bit values of the two operands. Numeric Exceptions None.

3-491

INSTRUCTION SET REFERENCE

PAVGB/PAVGWPacked Average (Continued)

Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3).

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) #AC For a page fault. For unaligned memory references (if the current privilege level is 3).

3-492

INSTRUCTION SET REFERENCE

PCMPEQB/PCMPEQW/PCMPEQDPacked Compare for Equal

Opcode 0F 74 /r 0F 75 /r 0F 76 /r Instruction PCMPEQB mm, mm/m64 PCMPEQW mm, mm/m64 PCMPEQD mm, mm/m64 Description Compare packed bytes in mm/m64 with packed bytes in mm for equality. Compare packed words in mm/m64 with packed words in mm for equality. Compare packed doublewords in mm/m64 with packed doublewords in mm for equality.

Description These instructions compare the individual data elements (bytes, words, or doublewords) in the destination operand (first operand) to the corresponding data elements in the source operand (second operand) (refer to Figure 3-61). If a pair of data elements are equal, the corresponding data element in the destination operand is set to all ones; otherwise, it is set to all zeroes. The destination operand must be an MMX technology register; the source operand may be either an MMX technology register or a 64-bit memory location.

PCMPEQW mm, mm/m64 mm 0000000000000000 0000000000000001 0000000000000111 0111000111000111

mm/m64 0000000000000000 0000000000000000 0111000111000111 0111000111000111 True False False True mm 1111111111111111 0000000000000000 0000000000000000 1111111111111111
3006020

Figure 3-61. Operation of the PCMPEQW Instruction

The PCMPEQB instruction compares the bytes in the destination operand to the corresponding bytes in the source operand, with the bytes in the destination operand being set according to the results. The PCMPEQW instruction compares the words in the destination operand to the corresponding words in the source operand, with the words in the destination operand being set according to the results. The PCMPEQD instruction compares the doublewords in the destination operand to the corresponding doublewords in the source operand, with the doublewords in the destination operand being set according to the results.

3-493

INSTRUCTION SET REFERENCE

PCMPEQB/PCMPEQW/PCMPEQDPacked Compare for Equal (Continued)

Operation
IF instruction is PCMPEQB THEN IF DEST(7..0) = SRC(7..0) THEN DEST(7 0) FFH; ELSE DEST(7..0) 0; * Continue comparison of second through seventh bytes in DEST and SRC * IF DEST(63..56) = SRC(63..56) THEN DEST(63..56) FFH; ELSE DEST(63..56) 0; ELSE IF instruction is PCMPEQW THEN IF DEST(15..0) = SRC(15..0) THEN DEST(15..0) FFFFH; ELSE DEST(15..0) 0; * Continue comparison of second and third words in DEST and SRC * IF DEST(63..48) = SRC(63..48) THEN DEST(63..48) FFFFH; ELSE DEST(63..48) 0; ELSE (* instruction is PCMPEQD *) IF DEST(31..0) = SRC(31..0) THEN DEST(31..0) FFFFFFFFH; ELSE DEST(31..0) 0; IF DEST(63..32) = SRC(63..32) THEN DEST(63..32) FFFFFFFFH; ELSE DEST(63..32) 0; FI;

3-494

INSTRUCTION SET REFERENCE

PCMPEQB/PCMPEQW/PCMPEQDPacked Compare for Equal (Continued)

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pcmpeqb (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_cmpeq_pi8 (__m64 m1, __m64 m2)

If the respective 8-bit values in m1 are equal to the respective 8-bit values in m2 set the respective 8-bit resulting values to all ones, otherwise set them to all zeroes. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pcmpeqw (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_cmpeq_pi16 (__m64 m1, __m64 m2)

If the respective 16-bit values in m1 are equal to the respective 16-bit values in m2 set the respective 16-bit resulting values to all ones, otherwise set them to all zeroes. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pcmpeqd (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_cmpeq_pi32 (__m64 m1, __m64 m2)

If the respective 32-bit values in m1 are equal to the respective 32-bit values in m2 set the respective 32-bit resulting values to all ones, otherwise set them to all zeroes. Flags Affected None:

3-495

INSTRUCTION SET REFERENCE

PCMPEQB/PCMPEQW/PCMPEQDPacked Compare for Equal (Continued)

3-496

INSTRUCTION SET REFERENCE

PCMPGTB/PCMPGTW/PCMPGTDPacked Compare for Greater Than

Opcode 0F 64 /r 0F 65 /r 0F 66 /r Instruction PCMPGTB mm, mm/m64 PCMPGTW mm, mm/m64 PCMPGTD mm, mm/m64 Description Compare packed bytes in mm with packed bytes in mm/m64 for greater value. Compare packed words in mm with packed words in mm/m64 for greater value. Compare packed doublewords in mm with packed doublewords in mm/m64 for greater value.

Description These instructions compare the individual signed data elements (bytes, words, or doublewords) in the destination operand (first operand) to the corresponding signed data elements in the source operand (second operand) (refer to Figure 3-62). If a data element in the destination operand is greater than its corresponding data element in the source operand, the data element in the destination operand is set to all ones; otherwise, it is set to all zeroes. The destination operand must be an MMX technology register; the source operand may be either an MMX technology register or a 64-bit memory location.

PCMPGTW mm, mm/m64 mm 0000000000000000 0000000000000001 0000000000000111 0111000111000111

>
mm

mm/m64 0000000000000000 0000000000000000 0111000111000111 0111000111000111 True False False False 0000000000000000 1111111111111111 0000000000000000 0000000000000000
3006021

Figure 3-62. Operation of the PCMPGTW Instruction

The PCMPGTB instruction compares the signed bytes in the destination operand to the corresponding signed bytes in the source operand, with the bytes in the destination operand being set according to the results. The PCMPGTW instruction compares the signed words in the destination operand to the corresponding signed words in the source operand, with the words in the destination operand being set according to the results. The PCMPGTD instruction compares the signed doublewords in the destination operand to the corresponding signed doublewords in the source operand, with the doublewords in the destination operand being set according to the results.

3-497

INSTRUCTION SET REFERENCE

PCMPGTB/PCMPGTW/PCMPGTDPacked Compare for Greater Than (Continued)

Operation
IF instruction is PCMPGTB THEN IF DEST(7..0) > SRC(7..0) THEN DEST(7 0) FFH; ELSE DEST(7..0) 0; * Continue comparison of second through seventh bytes in DEST and SRC * IF DEST(63..56) > SRC(63..56) THEN DEST(63..56) FFH; ELSE DEST(63..56) 0; ELSE IF instruction is PCMPGTW THEN IF DEST(15..0) > SRC(15..0) THEN DEST(15..0) FFFFH; ELSE DEST(15..0) 0; * Continue comparison of second and third bytes in DEST and SRC * IF DEST(63..48) > SRC(63..48) THEN DEST(63..48) FFFFH; ELSE DEST(63..48) 0; ELSE { (* instruction is PCMPGTD *) IF DEST(31..0) > SRC(31..0) THEN DEST(31..0) FFFFFFFFH; ELSE DEST(31..0) 0; IF DEST(63..32) > SRC(63..32) THEN DEST(63..32) FFFFFFFFH; ELSE DEST(63..32) 0; FI;

3-498

INSTRUCTION SET REFERENCE

PCMPGTB/PCMPGTW/PCMPGTDPacked Compare for Greater Than (Continued)

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pcmpgtb (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_cmpgt_pi8 (__m64 m1, __m64 m2)

If the respective 8-bit values in m1 are greater than the respective 8-bit values in m2 set the respective 8-bit resulting values to all ones, otherwise set them to all zeroes. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pcmpgtw (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_pcmpgt_pi16 (__m64 m1, __m64 m2)

If the respective 16-bit values in m1 are greater than the respective 16-bit values in m2 set the respective 16-bit resulting values to all ones, otherwise set them to all zeroes. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pcmpgtd (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_pcmpgt_pi32 (__m64 m1, __m64 m2)

If the respective 32-bit values in m1 are greater than the respective 32-bit values in m2 set the respective 32-bit resulting values to all ones, otherwise set them all to zeroes. Flags Affected None.

3-499

INSTRUCTION SET REFERENCE

PCMPGTB/PCMPGTW/PCMPGTDPacked Compare for Greater Than (Continued)

3-500

INSTRUCTION SET REFERENCE

PEXTRWExtract Word
Opcode 0F,C5, /r, ib Instruction PEXTRW r32, mm, imm8 Description Extract the word pointed to by imm8 from MM and move it to a 32-bit integer register.

Description The PEXTRW instruction moves the word in MM (selected by the two least significant bits of imm8) to the lower half of a 32-bit integer register.
PEXTRW r32,mm1,0x09 R32

Mm1

=
R32

Figure 3-63. Operation of the PEXTRW Instruction

Operation
SEL = imm8 AND 0X3; MM_TEMP = (SRC >> (SEL * 16)) AND 0XFFFF; r32[15-0] = MM_TEMP[15-0]; r32[31-16] = 0X0000;

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
int_m_pextrw(__m64 a, int n)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

int_mm_extract_pi16(__m64 a, int n)

Extracts one of the four words of a. The selector n must be an immediate.

3-501

INSTRUCTION SET REFERENCE

PEXTRWExtract Word (Continued)

Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM #MF For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) For a page fault.

3-502

INSTRUCTION SET REFERENCE

PINSRWInsert Word
Opcode 0F,C4,/r,ib Instruction PINSRW mm, r32/m16, imm8 Description Insert the word from the lower half of r32 or from Mem16 into the position in MM pointed to by imm8 without touching the other words.

Description The PINSRW instruction loads a word from the lower half of a 32-bit integer register (or from memory) and inserts it in the MM destination register, at a position defined by the two least significant bits of the imm8 constant. The insertion is done in such a way that the three other words from the destination register are left untouched.
PINSRW mm1,r32/m16, 0x0A R32/m16

Mm1

0x4326

0x985F

=
mm1 0x985F

Figure 3-64. Operation of the PINSRW Instruction

Operation
SEL = imm8 AND 0X3; IF(SEL = 0) THEN MASK=0X000000000000FFFF; ELSE IF(SEL = 1) THEN MASK=0X00000000FFFF0000 : ELSE IF(SEL = 2) THEN MASK=0XFFFF000000000000; FI FI FI DEST = (DEST AND NOT MASK) OR ((m16/r32[15-0] << (SEL * 16)) AND MASK);

3-503

INSTRUCTION SET REFERENCE

PINSRWInsert Word (Continued)

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pinsrw(__m64 a, int d, int n)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_insert_pi16(__m64 a, int d, int n)

Inserts word d into one of four words of a. The selector n must be an immediate. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) For unaligned memory reference if the current privilege level is 3. For a page fault.

3-504

INSTRUCTION SET REFERENCE

PMADDWDPacked Multiply and Add

Opcode 0F F5 /r Instruction PMADDWD mm, mm/m64 Description Multiply the packed words in mm by the packed words in mm/m64. Add the 32-bit pairs of results and store in mm as doubleword

Description This instruction multiplies the individual signed words of the destination operand by the corresponding signed words of the source operand, producing four signed, doubleword results (refer to Figure 3-65). The two doubleword results from the multiplication of the high-order words are added together and stored in the upper doubleword of the destination operand; the two doubleword results from the multiplication of the low-order words are added together and stored in the lower doubleword of the destination operand. The destination operand must be an MMX technology register; the source operand may be either an MMX technology register or a 64-bit memory location. The PMADDWD instruction wraps around to 80000000H only when all four words of both the source and destination operands are 8000H.

PMADDWD mm, mm/m64 mm

0111000111000111 0111000111000111

mm/m64

1000000000000000 0000010000000000

+
mm
1100100011100011

+
1001110000000000

Figure 3-65. Operation of the PMADDWD Instruction

Operation
DEST(31..0) (DEST(15..0) SRC(15..0)) + (DEST(31..16) SRC(31..16)); DEST(63..32) (DEST(47..32) SRC(47..32)) + (DEST(63..48) SRC(63..48));

3-505

INSTRUCTION SET REFERENCE

PMADDWDPacked Multiply and Add (Continued)

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pmaddwd(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_madd_pi16(__m64 m1, __m64 m2)

Multiply four 16-bit values in m1 by four 16-bit values in m2 producing four 32-bit intermediate results, which are then summed by pairs to produce two 32-bit results. Flags Affected None. Protected Mode Exceptions #GP(0) #SS(0) #UD #NM #MF #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-506

INSTRUCTION SET REFERENCE

PMADDWDPacked Multiply and Add (Continued)

3-507

INSTRUCTION SET REFERENCE

PMAXSWPacked Signed Integer Word Maximum

Opcode 0F,EE, /r Instruction PMAXSW mm1, mm2/m64 Description Return the maximum words between MM2/Mem and MM1.

Description The PMAXSW instruction returns the maximum between the four signed words in MM1 and MM2/Mem.

mm1

mm2/ m64 mm1

Figure 3-66. Operation of the PMAXSW Instruction

3-508

INSTRUCTION SET REFERENCE

PMAXSWPacked Signed Integer Word Maximum (Continued)

Operation
IF DEST[15-0] > SRC/m64[15-0]) THEN (DEST[15-0] = DEST[15-0]; ELSE (DEST[15-0] = SRC/m64[15-0]; FI IF DEST[31-16] > SRC/m64[31-16]) THEN (DEST[31-16] = DEST[31-16]; ELSE (DEST[31-16] = SRC/m64[31-16]; FI IF DEST[47-32] > SRC/m64[47-32]) THEN (DEST[47-32] = DEST[47-32]; ELSE (DEST[47-32] SRC/m64[47-32]; FI IF DEST[63-48] > SRC/m64[63-48]) THEN (DEST[63-48] = DEST[63-48]; ELSE (DEST[63-48] = SRC/m64[63-48]; FI

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pmaxsw(__m64 a, __m64 b)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_max_pi16(__m64 a, __m64 b)

Computes the element-wise maximum of the words in a and b. Numeric Exceptions None.

3-509

INSTRUCTION SET REFERENCE

PMAXSWPacked Signed Integer Word Maximum (Continued)

Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) #AC For a page fault. For unaligned memory reference if the current privilege level is 3.

3-510

INSTRUCTION SET REFERENCE

PMAXUBPacked Unsigned Integer Byte Maximum

Opcode 0F,DE, /r Instruction PMAXUB mm1, mm2/m64 Description Return the maximum bytes between MM2/Mem and MM1.

Description The PMAXUB instruction returns the maximum between the eight unsigned words in MM1 and MM2/Mem.
PMAXUB mm1, mm2/m64 mm1 59 46 40 87 187 55 221 27

mm2/ m64 mm1

101

207

111

=
59

=
65

=
40

=
101

=
187

=
207

=
221

=
36

Figure 3-67. Operation of the PMAXUB Instruction

3-511

INSTRUCTION SET REFERENCE

PMAXUBPacked Unsigned Integer Byte Maximum (Continued)

Operation
IF DEST[7-0] > SRC/m64[7-0]) THEN (DEST[7-0] = DEST[7-0]; ELSE (DEST[7-0] = SRC/m64[7-0]; FI IF DEST[15-8] > SRC/m64[15-8]) THEN (DEST[15-8] = DEST[15-8]; ELSE (DEST[15-8] = SRC/m64[15-8]; FI IF DEST[23-16] > SRC/m64[23-16]) THEN (DEST[23-16] = DEST[23-16]; ELSE (DEST[23-16] = SRC/m64[23-16]; FI IF DEST[31-24] > SRC/m64[31-24]) THEN (DEST[31-24] = DEST[31-24]; ELSE (DEST[31-24] = SRC/m64[31-24]; FI IF DEST[39-32] > SRC/m64[39-32]) THEN (DEST[39-32] = DEST[39-32]; ELSE (DEST[39-32] = SRC/m64[39-32]; FI IF DEST[47-40] > SRC/m64[47-40]) THEN (DEST[47-40] = DEST[47-40]; ELSE (DEST[47-40] = SRC/m64[47-40]; FI IF DEST[55-48] > SRC/m64[55-48]) THEN (DEST[55-48] = DEST[55-48]; ELSE (DEST[55-48] = SRC/m64[55-48]; FI IF DEST[63-56] > SRC/m64[63-56]) THEN (DEST[63-56] = DEST[63-56]; ELSE (DEST[63-56] = SRC/m64[63-56]; FI

3-512

INSTRUCTION SET REFERENCE

PMAXUBPacked Unsigned Integer Byte Maximum (Continued)

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pmaxub(__m64 a, __m64 b)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_max_pu8(__m64 a, __m64 b)

Computes the element-wise maximum of the unsigned bytes in a and b. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) #AC For a page fault. For unaligned memory reference if the current privilege level is 3.

3-513

INSTRUCTION SET REFERENCE

PMINSWPacked Signed Integer Word Minimum

Opcode 0F,EA, /r Instruction PMINSW mm1, mm2/m64 Description Return the minimum words between MM2/Mem and MM1.

Description The PMINSW instruction returns the minimum between the four signed words in MM1 and MM2/Mem.

mm1

mm2/ m64 mm1

Figure 3-68. Operation of the PMINSW Instruction

3-514

INSTRUCTION SET REFERENCE

PMINSWPacked Signed Integer Word Minimum (Continued)

Operation
IF DEST[15-0] < SRC/m64[15-0]) THEN (DEST[15-0] = DEST[15-0]; ELSE (DEST[15-0] = SRC/m64[15-0]; FI IF DEST[31-16] < SRC/m64[31-16]) THEN (DEST[31-16] = DEST[31-16]; ELSE (DEST[31-16] = SRC/m64[31-16]; FI IF DEST[47-32] < SRC/m64[47-32]) THEN (DEST[47-32] = DEST[47-32]; ELSE (DEST[47-32] SRC/m64[47-32]; FI IF DEST[63-48] < SRC/m64[63-48]) THEN (DEST[63-48] = DEST[63-48]; ELSE (DEST[63-48] = SRC/m64[63-48]; FI

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pminsw(__m64 a, __m64 b)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_min_pi16(__m64 a, __m64 b)

Computes the element-wise minimum of the words in a and b. Numeric Exceptions None.

3-515

INSTRUCTION SET REFERENCE

PMINSWPacked Signed Integer Word Minimum (Continued)

Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) #AC For a page fault. For unaligned memory reference if the current privilege level is 3.

3-516

INSTRUCTION SET REFERENCE

PMINUBPacked Unsigned Integer Byte Minimum

Opcode 0F,DA, /r Instruction PMINUB mm1, mm2/m64 Description Return the minimum bytes between MM2/Mem and MM1.

Description The PMINUB instruction returns the minimum between the eight unsigned words in MM1 and MM2/Mem.
PMINUB mm1, mm2/m64 mm1 59 46 40 87 187 55 221 27

mm2/ m64 mm1

101

207

111

=
24

=
46

=
11

=
87

=
78

=
55

=
111

=
27

Figure 3-69. Operation of the PMINUB Instruction

3-517

INSTRUCTION SET REFERENCE

PMINUBPacked Unsigned Integer Byte Minimum (Continued)

Operation
IF DEST[7-0] < SRC/m64[7-0]) THEN (DEST[7-0] = DEST[7-0]; ELSE (DEST[7-0] = SRC/m64[7-0]; FI IF DEST[15-8] < SRC/m64[15-8]) THEN (DEST[15-8] = DEST[15-8]; ELSE (DEST[15-8] = SRC/m64[15-8]; FI IF DEST[23-16] < SRC/m64[23-16]) THEN (DEST[23-16] = DEST[23-16]; ELSE (DEST[23-16] = SRC/m64[23-16]; FI IF DEST[31-24] < SRC/m64[31-24]) THEN (DEST[31-24] = DEST[31-24]; ELSE (DEST[31-24] = SRC/m64[31-24]; FI IF DEST[39-32] < SRC/m64[39-32]) THEN (DEST[39-32] = DEST[39-32]; ELSE (DEST[39-32] = SRC/m64[39-32]; FI IF DEST[47-40] < SRC/m64[47-40]) THEN (DEST[47-40] = DEST[47-40]; ELSE (DEST[47-40] = SRC/m64[47-40]; FI IF DEST[55-48] < SRC/m64[55-48]) THEN (DEST[55-48] = DEST[55-48]; ELSE (DEST[55-48] = SRC/m64[55-48]; FI IF DEST[63-56] < SRC/m64[63-56]) THEN (DEST[63-56] = DEST[63-56]; ELSE (DEST[63-56] = SRC/m64[63-56]; FI

3-518

INSTRUCTION SET REFERENCE

PMINUBPacked Unsigned Integer Byte Minimum (Continued)

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pminub(__m64 a, __m64 b)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _m_min_pu8(__m64 a, __m64 b)

Computes the element-wise minimum of the unsigned bytes in a and b. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3).

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) #AC For a page fault. For unaligned memory reference if the current privilege level is 3.

3-519

INSTRUCTION SET REFERENCE

PMOVMSKBMove Byte Mask To Integer

Opcode 0F,D7,/r Instruction PMOVMSKB r32, mm Description Move the byte mask of MM to r32.

Description The PMOVMSKB instruction returns an 8-bit mask formed of the most significant bits of each byte of its source operand.

PMOVMSKB r32, mm1 mm1 R32

=
R32

Figure 3-70. Operation of the PMOVMSKB Instruction

Operation
r32[7] = SRC[63]; r32[6] = SRC[55]; r32[5] = SRC[47]; r32[4] = SRC[39]; r32[3] = SRC[31]; r32[2] = SRC[23]; r32[1] = SRC[15]; r32[0] = SRC[7]; r32[31-8] = 0X000000;

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
int_m_pmovmskb(__m64 a)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

int_mm_movemask_pi8(__m64 a)

Creates an 8-bit mask from the most significant bits of the bytes in a.

3-520

INSTRUCTION SET REFERENCE

PMOVMSKBMove Byte Mask To Integer (Continued)

Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3).

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF (fault-code) #AC For a page fault. For unaligned memory reference if the current privilege level is 3.

3-521

INSTRUCTION SET REFERENCE

PMULHUWPacked Multiply High Unsigned

Opcode 0F,E4,/r Instruction PMULHUW mm1, mm2/m64 Description Multiply the packed unsigned words in MM1 register with the packed unsigned words in MM2/Mem, then store the high-order 16 bits of the results in MM1.

Description The PMULHUW instruction multiplies the four unsigned words in the destination operand with the four unsigned words in the source operand. The high-order 16 bits of the 32-bit intermediate results are written to the destination operand.

mm1

*
mm2/ m64 mm1

* =

Figure 3-71. Operation of the PMULHUW Instruction

Operation
DEST[15-0] = (DEST[15-0] * SRC/m64[15-0])[31-16]; DEST[31-16] = (DEST[31-16] * SRC/m64[31-16])[31-16]; DEST[47-32] = (DEST[47-32] * SRC/m64[47-32])[31-16]; DEST[63-48] = (DEST[63-48] * SRC/m64[63-48])[31-16];

3-522

INSTRUCTION SET REFERENCE

PMULHUWPacked Multiply High Unsigned (Continued)

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pmulhuw(__m64 a, __m64 b)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_mulhi_pu16(__m64 a, __m64 b)

Multiplies the unsigned words in a and b, returning the upper 16 bits of the 32-bit intermediate results. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3).

3-523

INSTRUCTION SET REFERENCE

PMULHUWPacked Multiply High Unsigned (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) #AC For a page fault. For unaligned memory reference if the current privilege level is 3.

3-524

INSTRUCTION SET REFERENCE

PMULHWPacked Multiply High

Opcode 0F E5 /r Instruction PMULHW mm, mm/m64 Description Multiply the signed packed words in mm by the signed packed words in mm/m64, then store the high-order word of each doubleword result in mm.

Description This instruction multiplies the four signed words of the source operand (second operand) by the four signed words of the destination operand (first operand), producing four signed, doubleword, intermediate results (refer to Figure 3-72). The high-order word of each intermediate result is then written to its corresponding word location in the destination operand. The destination operand must be an MMX technology register; the source operand may be either an MMX technology register or a 64-bit memory location.

PMULHW mm, mm/m64 mm 0111000111000111 0111000111000111

*
mm/m64 High Order mm

*
High Order

1000000000000000 0000010000000000 High Order High Order 1100011100011100 0000000111000111

3006022

3006025

Figure 3-73. Operation of the PMULLW Instruction

Operation
DEST(15..0) LowOrderWord(DEST(15..0) SRC(15..0)); DEST(31..16) LowOrderWord(DEST(31..16) SRC(31..16)); DEST(47..32) LowOrderWord(DEST(47..32) SRC(47..32)); DEST(63..48) LowOrderWord(DEST(63..48) SRC(63..48));

3-528

INSTRUCTION SET REFERENCE

PMULLWPacked Multiply Low (Continued)

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pmullw(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_mullo_pi16(__m64 m1, __m64 m2)

Multiply four 16-bit values in m1 by four 16-bit values in m2 and produce the low 16 bits of the four results. Flags Affected None. Protected Mode Exceptions #GP(0) #SS(0) #UD #NM #MF #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-529

INSTRUCTION SET REFERENCE

PMULLWPacked Multiply Low (Continued)

3-530

INSTRUCTION SET REFERENCE

POPPop a Value from the Stack

Opcode 8F /0 8F /0 58+ rw 58+ rd 1F 07 17 0F A1 0F A9 Instruction POP m16 POP m32 POP r16 POP r32 POP DS POP ES POP SS POP FS POP GS Description Pop top of stack into m16; increment stack pointer Pop top of stack into m32; increment stack pointer Pop top of stack into r16; increment stack pointer Pop top of stack into r32; increment stack pointer Pop top of stack into DS; increment stack pointer Pop top of stack into ES; increment stack pointer Pop top of stack into SS; increment stack pointer Pop top of stack into FS; increment stack pointer Pop top of stack into GS; increment stack pointer

Description This instruction loads the value from the top of the stack to the location specified with the destination operand and then increments the stack pointer. The destination operand can be a generalpurpose register, memory location, or segment register. The current operand-size attribute of the stack segment determines the stack pointer size (16 bits or 32 bitsthe source address size), and the operand-size attribute of the current code segment determines the amount the stack pointer is incremented (two bytes or four bytes). For example, if these address- and operand-size attributes are 32, the 32-bit ESP register (stack pointer) is incremented by four and, if they are 16, the 16-bit SP register is incremented by two. (The B flag in the stack segments segment descriptor determines the stacks address-size attribute, and the D flag in the current code segments segment descriptor, along with prefixes, determines the operand-size attribute and also the address-size attribute of the destination operand.) If the destination operand is one of the segment registers DS, ES, FS, GS, or SS, the value loaded into the register must be a valid segment selector. In protected mode, popping a segment selector into a segment register automatically causes the descriptor information associated with that segment selector to be loaded into the hidden (shadow) part of the segment register and causes the selector and the descriptor information to be validated (refer to the Operation section below). A null value (0000-0003) may be popped into the DS, ES, FS, or GS register without causing a general protection fault. However, any subsequent attempt to reference a segment whose corresponding segment register is loaded with a null value causes a general protection exception (#GP). In this situation, no memory reference occurs and the saved value of the segment register is null. The POP instruction cannot pop a value into the CS register. To load the CS register from the stack, use the RET instruction. If the ESP register is used as a base register for addressing a destination operand in memory, the POP instruction computes the effective address of the operand after it increments the ESP register. For the case of a 16-bit stack where ESP wraps to 0h as a result of the POP instruction, the resulting location of the memory write is processor-family-specific.

3-531

INSTRUCTION SET REFERENCE

POPPop a Value from the Stack (Continued)

The POP ESP instruction increments the stack pointer (ESP) before data at the old top of stack is written into the destination. A POP SS instruction inhibits all interrupts, including the NMI interrupt, until after execution of the next instruction. This action allows sequential execution of POP SS and MOV ESP, EBP instructions without the danger of having an invalid stack during an interrupt1. However, use of the LSS instruction is the preferred method of loading the SS and ESP registers. Operation
IF StackAddrSize = 32 THEN IF OperandSize = 32 THEN DEST SS:ESP; (* copy a doubleword *) ESP ESP + 4; ELSE (* OperandSize = 16*) DEST SS:ESP; (* copy a word *) ESP ESP + 2; FI; ELSE (* StackAddrSize = 16* ) IF OperandSize = 16 THEN DEST SS:SP; (* copy a word *) SP SP + 2; ELSE (* OperandSize = 32 *) DEST SS:SP; (* copy a doubleword *) SP SP + 4; FI; FI;

3-532

INSTRUCTION SET REFERENCE

POPPop a Value from the Stack (Continued)

FI; IF segment selector index is outside descriptor table limits OR segment selectors RPL CPL OR segment is not a writable data segment OR DPL CPL THEN #GP(selector); FI; IF segment not marked present THEN #SS(selector); ELSE SS segment selector; SS segment descriptor; FI; FI; IF DS, ES, FS or GS is loaded with non-null selector; THEN IF segment selector index is outside descriptor table limits OR segment is not a data or readable code segment OR ((segment is a data or nonconforming code segment) AND (both RPL and CPL > DPL)) THEN #GP(selector); IF segment not marked present THEN #NP(selector); ELSE SegmentRegister segment selector; SegmentRegister segment descriptor; FI; FI; IF DS, ES, FS or GS is loaded with a null selector; THEN SegmentRegister segment selector; SegmentRegister segment descriptor; FI;

Flags Affected None.

3-533

POPA/POPADPop All General-Purpose Registers (Continued)

Flags Affected None. Protected Mode Exceptions #SS(0) #PF(fault-code) #AC(0) If the starting or ending stack address is not within the stack segment. If a page fault occurs. If an unaligned memory reference is made while the current privilege level is 3 and alignment checking is enabled.

PORBitwise Logical OR
Opcode 0F EB /r Instruction POR mm, mm/m64 Description OR quadword from mm/m64 to quadword in mm.

Description This instruction performs a bitwise logical OR operation on the quadword source (second) and destination (first) operands and stores the result in the destination operand location (refer to Figure 3-74). The source operand can be an MMX technology register or a quadword memory location; the destination operand must be an MMX technology register. Each bit of the result is made 0 if the corresponding bits of both operands are 0; otherwise the bit is set to 1.

POR mm, mm/m64 mm 1111111111111000000000000000010110110101100010000111011101110111

mm/m64 0001000011011001010100000011000100011110111011110001010110010101

1111111111111001010100000011010110111111111011110111011111110111
3006024

Figure 3-74. Operation of the POR Instruction.

Operation
DEST DEST OR SRC;

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_por(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_or_si64(__m64 m1, __m64 m2)

Perform a bitwise OR of the 64-bit value in m1 with the 64-bit value in m2. Flags Affected None.

3-541

INSTRUCTION SET REFERENCE

PORBitwise Logical OR (Continued)

3-542

INSTRUCTION SET REFERENCE

PREFETCHPrefetch
Opcode 0F,18,/1 0F,18,/2 0F,18,/3 0F,18,/0 Instruction PREFETCHT0 m8 PREFETCHT1 m8 PREFETCHT2 m8 PREFETCHNTA m8 Description Move data specified by address closer to the processor using the t0 hint. Move data specified by address closer to the processor using the t1 hint. Move data specified by address closer to the processor using the t2 hint. Move data specified by address closer to the processor using the nta hint.

Description If there are no excepting conditions, the prefetch instruction fetches the line containing the addresses byte to a location in the cache hierarchy specified by a locality hint. If the line is already present in the cache hierarchy at a level closer to the processor, no data movement occurs. The bits 5:3 of the ModR/M byte specify locality hints as follows:

temporal data(t0) - prefetch data into all cache levels. temporal with respect to first level cache (t1) - prefetch data in all cache levels except 0th cache level temporal with respect to second level cache (t2) - prefetch data in all cache levels, except 0th and 1st cache levels. non temporal with respect to all cache levels (nta) - prefetch data into nontemporal cache structure.

The architectural implementation of this instruction in no way effects the function of a program. Locality hints are processor implementation-dependent, and can be overloaded or ignored by a processor implementation. The prefetch instruction does not cause any exceptions (except for code breakpoints), does not affect program behavior, and may be ignored by the processor implementation. The amount of data prefetched is processor implementation-dependent. It will, however, be a minimum of 32 bytes. Prefetches to uncacheable or WC memory (UC or WCF memory types) will be ignored. Additional ModRM encodings, besides those specified above, are defined to be reserved, and the use of reserved encodings risks future incompatibility. Use of any ModRM value other than the specified ones will lead to unpredictable behavior. Operation
FETCH (m8);

3-543

INSTRUCTION SET REFERENCE

PREFETCHPrefetch (Continued)
Intel C/C++ Compiler Intrinsic Equivalent
void_mm_prefetch(char *p, int i)

Loads one cache line of data from address p to a location "closer" to the processor. The value i specifies the type of prefetch operation. The value i specifies the type of prefetch operation: the constants _MM_HINT_T0, _MM_HINT_T1, _MM_HINT_T2, and _MM_HINT_NTA should be used, corresponding to the type of prefetch instruction. Numeric Exceptions None. Protected Mode Exceptions None. Real Address Mode Exceptions None. Virtual 8086 Mode Exceptions None. Comments This instruction is merely a hint. If executed, this instruction moves data closer to the processor in anticipation of future use. The performance of these instructions in application code can be implementation specific. To achieve maximum speedup, code tuning might be necessary for each implementation. The non temporal hint also minimizes pollution of useful cache data. PREFETCH instructions ignore the value of CR4.OSFXSR. Since they do not affect the new Streaming SIMD Extension state, they will not generate an invalid exception if CR4.OSFXSR = 0. If the PTE is not in the TLB, the prefetch is ignored. This behavior is specific to the Pentium III processor and may change with future processor implementations.

3-544

INSTRUCTION SET REFERENCE

PSADBWPacked Sum of Absolute Differences

Opcode 0F,F6, /r Instruction PSADBW mm1,mm2/m64 Description Absolute difference of packed unsigned bytes from MM2 /Mem and MM1; these differences are then summed to produce a word result.

Description The PSADBW instruction computes the absolute value of the difference of unsigned bytes for mm1 and mm2/m64. These differences are then summed to produce a word result in the lower 16-bit field; the upper three words are cleared. The destination operand is an MMX technology register. The source operand can either be an MMX technology register or a 64-bit memory operand.

PSADBW mm1, mm2/m64 mm1 59 46 40 87 187 55 221 27

mm2/ m64 mm1 24

101

207

111

Figure 3-75. Operation of the PSADBW Instruction

3-545

INSTRUCTION SET REFERENCE

PSADBWPacked Sum of Absolute Differences (Continued)

Operation
TEMP1 = abs(DEST[7-0] - SRC/m64[7-0]); TEMP2 = abs(DEST[15-8] - SRC/m64[15-8]); TEMP3 = abs(DEST[23-16] - SRC/m64[23-16]); TEMP4 = abs(DEST[31-24] - SRC/m64[31-24]); TEMP5 = abs(DEST[39-32] - SRC/m64[39-32]); TEMP6 = abs(DEST[47-40] - SRC/m64[47-40]); TEMP7 = abs(DEST[55-48] - SRC/m64[55-48]); TEMP8 = abs(DEST[63-56] - SRC/m64[63-56]); DEST[15:0] = TEMP1 + TEMP2 + TEMP3 + TEMP4 + TEMP5 + TEMP6 + TEMP7 + TEMP8; DEST[31:16] = 0X00000000; DEST[47:32] = 0X00000000; DEST[63:48] = 0X00000000;

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64_m_psadbw(__m64 a,__m64 b)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64_mm_sad_pu8(__m64 a,__m64 b)

Computes the sum of the absolute differences of the unsigned bytes in a and b, returning the value in the lower word. The upper three words are cleared. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3).

3-546

INSTRUCTION SET REFERENCE

PSADBWPacked Sum of Absolute Differences (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) For a page fault.

3-547

INSTRUCTION SET REFERENCE

PSHUFWPacked Shuffle Word

Opcode 0F,70,/r,ib Instruction PSHUFW mm1, mm2/m64, imm8 Description Shuffle the words in MM2/Mem based on the encoding in imm8 and store in MM1.

Description The PSHUF instruction uses the imm8 operand to select which of the four words in MM2/Mem will be placed in each of the words in MM1. Bits 1 and 0 of imm8 encode the source for destination word 0 (MM1[15-0]), bits 3 and 2 encode for word 1, bits 5 and 4 encode for word 2, and bits 7 and 6 encode for word 3 (MM1[63-48]). Similarly, the two-bit encoding represents which source word is to be used, e.g., a binary encoding of 10 indicates that source word 2 (MM2/Mem[47-32]) will be used.

mm1

mm2/ m64 mm1

Figure 3-76. Operation of the PSHUFW Instruction

Operation
DEST[15-0] = (SRC/m64 >> (imm8[1-0] * 16) )[15-0] DEST[31-16] = (SRC/m64 >> (imm8[3-2] * 16) )[15-0] DEST[47-32] = (SRC/m64 >> (imm8[5-4] * 16) )[15-0] DEST[63-48] = (SRC/m64 >> (imm8[7-6] * 16) )[15-0]

3-548

INSTRUCTION SET REFERENCE

PSHUFWPacked Shuffle Word (Continued)

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pshufw(__m64 a, int n)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_shuffle_pi16(__m64 a, int n)

Returns a combination of the four words of a. The selector n must be an immediate. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #MF #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If there is a pending FPU exception. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3).

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) #AC For a page fault. For unaligned memory reference if the current privilege level is 3.

3-549

INSTRUCTION SET REFERENCE

PSLLW/PSLLD/PSLLQPacked Shift Left Logical

Opcode 0F F1 /r 0F 71 /6, ib 0F F2 /r 0F 72 /6 ib 0F F3 /r 0F 73 /6 ib Instruction PSLLW mm, mm/m64 PSLLW mm, imm8 PSLLD mm, mm/m64 PSLLD mm, imm8 PSLLQ mm, mm/m64 PSLLQ mm, imm8 Description Shift words in mm left by amount specified in mm/m64, while shifting in zeroes. Shift words in mm left by imm8, while shifting in zeroes. Shift doublewords in mm left by amount specified in mm/m64, while shifting in zeroes. Shift doublewords in mm by imm8, while shifting in zeroes. Shift mm left by amount specified in mm/m64, while shifting in zeroes. Shift mm left by Imm8, while shifting in zeroes.

Description These instructions shift the bits in the data elements (words, doublewords, or quadword) in the destination operand (first operand) to the left by the number of bits specified in the unsigned count operand (second operand) (refer to Figure 3-77). The result of the shift operation is written to the destination operand. As the bits in the data elements are shifted left, the empty low-order bits are cleared (set to zero). If the value specified by the count operand is greater than 15 (for words), 31 (for doublewords), or 63 (for a quadword), then the destination operand is set to all zeroes. The destination operand must be an MMX technology register; the count operand can be either an MMX technology register, a 64-bit memory location, or an 8-bit immediate. The PSLLW instruction shifts each of the four words of the destination operand to the left by the number of bits specified in the count operand; the PSLLD instruction shifts each of the two doublewords of the destination operand; and the PSLLQ instruction shifts the 64-bit quadword in the destination operand. As the individual data elements are shifted left, the empty low-order bit positions are filled with zeroes.

PSLLW mm, 2 mm 1111111111111100 0001000111000111

shift left

1111111111110000 0100011100011100
3006026

Figure 3-77. Operation of the PSLLW Instruction

3-550

INSTRUCTION SET REFERENCE

PSLLW/PSLLD/PSLLQPacked Shift Left Logical (Continued)

Operation
IF instruction is PSLLW THEN DEST(15..0) DEST(15..0) << COUNT; DEST(31..16) DEST(31..16) << COUNT; DEST(47..32) DEST(47..32) << COUNT; DEST(63..48) DEST(63..48) << COUNT; ELSE IF instruction is PSLLD THEN { DEST(31..0) DEST(31..0) << COUNT; DEST(63..32) DEST(63..32) << COUNT; ELSE (* instruction is PSLLQ *) DEST DEST << COUNT; FI;

3-551

INSTRUCTION SET REFERENCE

PSLLW/PSLLD/PSLLQPacked Shift Left Logical (Continued)

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psllw (__m64 m, __m64 count)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_sll_pi16 (__m64 m, __m64 count)

Shifts four 16-bit values in m left the amount specified by count while shifting in zeroes. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psllwi (__m64 m, int count)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_slli_pi16 (__m64 m, int count)

Shifts four 16-bit values in m left the amount specified by count while shifting in zeroes. For the best performance, count should be a constant. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pslld (__m64 m, __m64 count)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_sll_pi32 (__m64 m, __m64 count)

Shifts two 32-bit values in m left the amount specified by count while shifting in zeroes. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pslldi (__m64 m, int count)

Shifts two 32-bit values in m left the amount specified by count while shifting in zeroes. For the best performance, count should be a constant. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psllq (__m64 m, __m64 count)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_sll_si64 (__m64 m, __m64 count)

INSTRUCTION SET REFERENCE

PSRAW/PSRADPacked Shift Right Arithmetic (Continued)

Operation
IF instruction is PSRAW THEN DEST(15..0) SignExtend (DEST(15..0) >> COUNT); DEST(31..16) SignExtend (DEST(31..16) >> COUNT); DEST(47..32) SignExtend (DEST(47..32) >> COUNT); DEST(63..48) SignExtend (DEST(63..48) >> COUNT); ELSE { (*instruction is PSRAD *) DEST(31..0) SignExtend (DEST(31..0) >> COUNT); DEST(63..32) SignExtend (DEST(63..32) >> COUNT); FI;

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psraw (__m64 m, __m64 count)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_sraw_pi16 (__m64 m, __m64 count)

Shifts four 16-bit values in m right the amount specified by count while shifting in the sign bit. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psrawi (__m64 m, int count)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_srai_pi16 (__m64 m, int count)

Shifts four 16-bit values in m right the amount specified by count while shifting in the sign bit. For the best performance, count should be a constant. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psrad (__m64 m, __m64 count)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_sra_pi32 (__m64 m, __m64 count)

Shifts two 32-bit values in m right the amount specified by count while shifting in the sign bit. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psradi (__m64 m, int count)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_srai_pi32 (__m64 m, int count)

Shifts two 32-bit values in m right the amount specified by count while shifting in the sign bit. For the best performance, count should be a constant.

3-556

INSTRUCTION SET REFERENCE

Description These instructions subtract the individual data elements (bytes, words, or doublewords) of the source operand (second operand) from the individual data elements of the destination operand (first operand) (refer to Figure 3-80). If the result of a subtraction exceeds the range for the specified data type (overflows), the result is wrapped around, meaning that the result is truncated so that only the lower (least significant) bits of the result are returned (that is, the carry is ignored). The destination operand must be an MMX technology register; the source operand can be either an MMX technology register or a quadword memory location.

PSUBW mm, mm/m64 mm 1000000000000000 0111111100111000

mm/m64 mm

0000000000000001 1110100011111001

0111111111111111 1001011000111111
3006028

Figure 3-80. Operation of the PSUBW Instruction

The PSUBB instruction subtracts the bytes of the source operand from the bytes of the destination operand and stores the results to the destination operand. When an individual result is too large to be represented in eight bits, the lower eight bits of the result are written to the destination operand and therefore the result wraps around. The PSUBW instruction subtracts the words of the source operand from the words of the destination operand and stores the results to the destination operand. When an individual result is too large to be represented in 16 bits, the lower 16 bits of the result are written to the destination operand and therefore the result wraps around.

3-563

INSTRUCTION SET REFERENCE

PSUBB/PSUBW/PSUBDPacked Subtract (Continued)

The PSUBD instruction subtracts the doublewords of the source operand from the doublewords of the destination operand and stores the results to the destination operand. When an individual result is too large to be represented in 32 bits, the lower 32 bits of the result are written to the destination operand and therefore the result wraps around. Note that like the integer SUB instruction, the PSUBB, PSUBW, and PSUBD instructions can operate on either unsigned or signed (twos complement notation) packed integers. Unlike the integer instructions, none of the MMX instructions affect the EFLAGS register. With MMX instructions, there are no carry or overflow flags to indicate when overflow has occurred, so the software must control the range of values or else use the with saturation MMX instructions. Operation
IF instruction is PSUBB THEN DEST(7..0) DEST(7..0) SRC(7..0); DEST(15..8) DEST(15..8) SRC(15..8); DEST(23..16) DEST(23..16) SRC(23..16); DEST(31..24) DEST(31..24) SRC(31..24); DEST(39..32) DEST(39..32) SRC(39..32); DEST(47..40) DEST(47..40) SRC(47..40); DEST(55..48) DEST(55..48) SRC(55..48); DEST(63..56) DEST(63..56) SRC(63..56); ELSEIF instruction is PSUBW THEN DEST(15..0) DEST(15..0) SRC(15..0); DEST(31..16) DEST(31..16) SRC(31..16); DEST(47..32) DEST(47..32) SRC(47..32); DEST(63..48) DEST(63..48) SRC(63..48); ELSE { (* instruction is PSUBD *) DEST(31..0) DEST(31..0) SRC(31..0); DEST(63..32) DEST(63..32) SRC(63..32); FI;

3-564

INSTRUCTION SET REFERENCE

PSUBB/PSUBW/PSUBDPacked Subtract (Continued)

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psubb(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_sub_pi8(__m64 m1, __m64 m2)

Subtract the eight 8-bit values in m2 from the eight 8-bit values in m1. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psubw(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_sub_pi16(__m64 m1, __m64 m2)

Subtract the four 16-bit values in m2 from the four 16-bit values in m1. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psubd(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_sub_pi32(__m64 m1, __m64 m2)

Subtract the two 32-bit values in m2 from the two 32-bit values in m1. Flags Affected None. Protected Mode Exceptions #GP(0) #SS(0) #UD #NM #MF #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-565

INSTRUCTION SET REFERENCE

PSUBB/PSUBW/PSUBDPacked Subtract (Continued)

3-566

INSTRUCTION SET REFERENCE

PSUBSB/PSUBSWPacked Subtract with Saturation

Opcode 0F E8 /r 0F E9 /r Instruction PSUBSB mm, mm/m64 PSUBSW mm, mm/m64 Description Subtract signed packed bytes in mm/m64 from signed packed bytes in mm and saturate. Subtract signed packed words in mm/m64 from signed packed words in mm and saturate.

Description These instructions subtract the individual signed data elements (bytes or words) of the source operand (second operand) from the individual signed data elements of the destination operand (first operand) (refer to Figure 3-81). If the result of a subtraction exceeds the range for the specified data type, the result is saturated. The destination operand must be an MMX technology register; the source operand can be either an MMX technology register or a quadword memory location.

PSUBSW mm, mm/m64 mm 1000000000000000 0111111100111000

mm/m64 mm

0000000000000001 1110100011111001

1000000000000000 0111111111111111
3006029

Figure 3-81. Operation of the PSUBSW Instruction

The PSUBSB instruction subtracts the signed bytes of the source operand from the signed bytes of the destination operand and stores the results to the destination operand. When an individual result is beyond the range of a signed byte (that is, greater than 7FH or less than 80H), the saturated byte value of 7FH or 80H, respectively, is written to the destination operand. The PSUBSW instruction subtracts the signed words of the source operand from the signed words of the destination operand and stores the results to the destination operand. When an individual result is beyond the range of a signed word (that is, greater than 7FFFH or less than 8000H), the saturated word value of 7FFFH or 8000H, respectively, is written to the destination operand.

3-567

INSTRUCTION SET REFERENCE

PSUBSB/PSUBSWPacked Subtract with Saturation (Continued)

Operation
IF instruction is PSUBSB THEN DEST(7..0) SaturateToSignedByte(DEST(7..0) SRC (7..0)); DEST(15..8) SaturateToSignedByte(DEST(15..8) SRC(15..8)); DEST(23..16) SaturateToSignedByte(DEST(23..16) SRC(23..16)); DEST(31..24) SaturateToSignedByte(DEST(31..24) SRC(31..24)); DEST(39..32) SaturateToSignedByte(DEST(39..32) SRC(39..32)); DEST(47..40) SaturateToSignedByte(DEST(47..40) SRC(47..40)); DEST(55..48) SaturateToSignedByte(DEST(55..48) SRC(55..48)); DEST(63..56) SaturateToSignedByte(DEST(63..56) SRC(63..56)) ELSE (* instruction is PSUBSW *) DEST(15..0) SaturateToSignedWord(DEST(15..0) SRC(15..0)); DEST(31..16) SaturateToSignedWord(DEST(31..16) SRC(31..16)); DEST(47..32) SaturateToSignedWord(DEST(47..32) SRC(47..32)); DEST(63..48) SaturateToSignedWord(DEST(63..48) SRC(63..48)); FI;

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psubsb(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_subs_pi8(__m64 m1, __m64 m2)

Subtract the eight signed 8-bit values in m2 from the eight signed 8-bit values in m1 and saturate. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psubsw(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_subs_pi16(__m64 m1, __m64 m2)

Subtract the four signed 16-bit values in m2 from the four signed 16-bit values in m1 and saturate. Flags Affected None.

Operation
IF instruction is PSUBUSB THEN DEST(7..0) SaturateToUnsignedByte (DEST(7..0 SRC (7..0) ); DEST(15..8) SaturateToUnsignedByte ( DEST(15..8) SRC(15..8) ); DEST(23..16) SaturateToUnsignedByte (DEST(23..16) SRC(23..16) ); DEST(31..24) SaturateToUnsignedByte (DEST(31..24) SRC(31..24) ); DEST(39..32) SaturateToUnsignedByte (DEST(39..32) SRC(39..32) ); DEST(47..40) SaturateToUnsignedByte (DEST(47..40) SRC(47..40) ); DEST(55..48) SaturateToUnsignedByte (DEST(55..48) SRC(55..48) ); DEST(63..56) SaturateToUnsignedByte (DEST(63..56) SRC(63..56) ); ELSE { (* instruction is PSUBUSW *) DEST(15..0) SaturateToUnsignedWord (DEST(15..0) SRC(15..0) ); DEST(31..16) SaturateToUnsignedWord (DEST(31..16) SRC(31..16) ); DEST(47..32) SaturateToUnsignedWord (DEST(47..32) SRC(47..32) ); DEST(63..48) SaturateToUnsignedWord (DEST(63..48) SRC(63..48) ); FI;

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psubusb(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_sub_pu8(__m64 m1, __m64 m2)

Subtract the eight unsigned 8-bit values in m2 from the eight unsigned 8-bit values in m1 and saturate. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_psubusw(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_sub_pu16(__m64 m1, __m64 m2)

Subtract the four unsigned 16-bit values in m2 from the four unsigned 16-bit values in m1 and saturate. Flags Affected None.

3-571

INSTRUCTION SET REFERENCE

PSUBUSB/PSUBUSWPacked Subtract Unsigned with Saturation (Continued)

3-572

INSTRUCTION SET REFERENCE

PUNPCKHBW/PUNPCKHWD/PUNPCKHDQUnpack High Packed Data

Opcode 0F 68 /r 0F 69 /r 0F 6A /r Instruction PUNPCKHBW mm, mm/m64 PUNPCKHWD mm, mm/m64 PUNPCKHDQ mm, mm/m64 Description Interleave high-order bytes from mm and mm/m64 into mm. Interleave high-order words from mm and mm/m64 into mm. Interleave high-order doublewords from mm and mm/m64 into mm.

Description These instructions unpack and interleave the high-order data elements (bytes, words, or doublewords) of the destination operand (first operand) and source operand (second operand) into the destination operand (refer to Figure 3-83). The low-order data elements are ignored. The destination operand must be an MMX technology register; the source operand may be either an MMX technology register or a 64-bit memory location. When the source data comes from a memory operand, the full 64-bit operand is accessed from memory, but the instruction uses only the high-order 32 bits.

PUNPCKHBW mm, mm/m64 mm/m64 27 26 25 24 23 22 21 20

mm 17 16 15 14 13 12 11 10

27 17 26 16 25 15 24 14 mm
3006031

Figure 3-83. High-Order Unpacking and Interleaving of Bytes With the PUNPCKHBW Instruction

The PUNPCKHBW instruction interleaves the four high-order bytes of the source operand and the four high-order bytes of the destination operand and writes them to the destination operand. The PUNPCKHWD instruction interleaves the two high-order words of the source operand and the two high-order words of the destination operand and writes them to the destination operand. The PUNPCKHDQ instruction interleaves the high-order doubleword of the source operand and the high-order doubleword of the destination operand and writes them to the destination operand.

3-573

INSTRUCTION SET REFERENCE

PUNPCKHBW/PUNPCKHWD/PUNPCKHDQUnpack High Packed Data (Continued)

If the source operand is all zeroes, the result (stored in the destination operand) contains zero extensions of the high-order data elements from the original value in the destination operand. With the PUNPCKHBW instruction the high-order bytes are zero extended (that is, unpacked into unsigned words), and with the PUNPCKHWD instruction, the high-order words are zero extended (unpacked into unsigned doublewords). Operation
IF instruction is PUNPCKHBW THEN DEST(7..0) DEST(39..32); DEST(15..8) SRC(39..32); DEST(23..16) DEST(47..40); DEST(31..24) SRC(47..40); DEST(39..32) DEST(55..48); DEST(47..40) SRC(55..48); DEST(55..48) DEST(63..56); DEST(63..56) SRC(63..56); ELSE IF instruction is PUNPCKHW THEN DEST(15..0) DEST(47..32); DEST(31..16) SRC(47..32); DEST(47..32) DEST(63..48); DEST(63..48) SRC(63..48); ELSE (* instruction is PUNPCKHDQ *) DEST(31..0) DEST(63..32) DEST(63..32) SRC(63..32); FI;

3-574

INSTRUCTION SET REFERENCE

PUNPCKHBW/PUNPCKHWD/PUNPCKHDQUnpack High Packed Data (Continued)

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_punpckhbw (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_unpckhi_pi8 (__m64 m1, __m64 m2)

Interleave the four 8-bit values from the high half of m1 with the four values from the high half of m2 and take the least significant element from m1. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_punpckhwd (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_unpckhi_pi16 (__m64 m1, __m64 m2)

Interleave the two 16-bit values from the high half of m1 with the two values from the high half of m2 and take the least significant element from m1. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_punpckhdq (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_unpckhi_pi32 (__m64 m1, __m64 m2)

Interleave the 32-bit value from the high half of m1 with the 32-bit value from the high half of m2 and take the least significant element from m1. Flags Affected None.

3-575

INSTRUCTION SET REFERENCE

PUNPCKHBW/PUNPCKHWD/PUNPCKHDQUnpack High Packed Data (Continued)

3-576

INSTRUCTION SET REFERENCE

PUNPCKLBW/PUNPCKLWD/PUNPCKLDQUnpack Low Packed Data

Opcode 0F 60 /r 0F 61 /r 0F 62 /r Instruction PUNPCKLBW mm, mm/m32 PUNPCKLWD mm, mm/m32 PUNPCKLDQ mm, mm/m32 Description Interleave low-order bytes from mm and mm/m64 into mm. Interleave low-order words from mm and mm/m64 into mm. Interleave low-order doublewords from mm and mm/m64 into mm.

Description These instructions unpack and interleave the low-order data elements (bytes, words, or doublewords) of the destination and source operands into the destination operand (refer to Figure 384). The destination operand must be an MMX technology register; the source operand may be either an MMX technology register or a memory location. When source data comes from an MMX technology register, the upper 32 bits of the register are ignored. When the source data comes from a memory, only 32-bits are accessed from memory.

PUNPCKLBW mm, mm/m32 mm/m32 2 3 2 2 21 20

mm 17 16 15 14 13 12 11 10

2 3 1 3 22 12 21 11 20 10 mm
3006032

Figure 3-84. Low-Order Unpacking and Interleaving of Bytes With the PUNPCKLBW Instruction

The PUNPCKLBW instruction interleaves the four low-order bytes of the source operand and the four low-order bytes of the destination operand and writes them to the destination operand. The PUNPCKLWD instruction interleaves the two low-order words of the source operand and the two low-order words of the destination operand and writes them to the destination operand. The PUNPCKLDQ instruction interleaves the low-order doubleword of the source operand and the low-order doubleword of the destination operand and writes them to the destination operand.

3-577

INSTRUCTION SET REFERENCE

PUNPCKLBW/PUNPCKLWD/PUNPCKLDQUnpack Low Packed Data (Continued)

If the source operand is all zeroes, the result (stored in the destination operand) contains zero extensions of the high-order data elements from the original value in the destination operand. With the PUNPCKLBW instruction the low-order bytes are zero extended (that is, unpacked into unsigned words), and with the PUNPCKLWD instruction, the low-order words are zero extended (unpacked into unsigned doublewords). Operation
IF instruction is PUNPCKLBW THEN DEST(63..56) SRC(31..24); DEST(55..48) DEST(31..24); DEST(47..40) SRC(23..16); DEST(39..32) DEST(23..16); DEST(31..24) SRC(15..8); DEST(23..16) DEST(15..8); DEST(15..8) SRC(7..0); DEST(7..0) DEST(7..0); ELSE IF instruction is PUNPCKLWD THEN DEST(63..48) SRC(31..16); DEST(47..32) DEST(31..16); DEST(31..16) SRC(15..0); DEST(15..0) DEST(15..0); ELSE (* instruction is PUNPCKLDQ *) DEST(63..32) SRC(31..0); DEST(31..0) DEST(31..0); FI;

3-578

INSTRUCTION SET REFERENCE

PUNPCKLBW/PUNPCKLWD/PUNPCKLDQUnpack Low Packed Data (Continued)

Intel C/C++ Compiler Intrinsic Equivalents Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_punpcklbw (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_unpcklo_pi8 (__m64 m1, __m64 m2)

Interleave the four 8-bit values from the low half of m1 with the four values from the low half of m2 and take the least significant element from m1. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_punpcklwd (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_unpcklo_pi16 (__m64 m1, __m64 m2)

Interleave the two 16-bit values from the low half of m1 with the two values from the low half of m2 and take the least significant element from m1. Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_punpckldq (__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_unpcklo_pi32 (__m64 m1, __m64 m2)

Interleave the 32-bit value from the low half of m1 with the 32-bit value from the low half of m2 and take the least significant element from m1. Protected Mode Exceptions #GP(0) #SS(0) #UD #NM #MF #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If EM in CR0 is set. If TS in CR0 is set. If there is a pending FPU exception. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

3-579

INSTRUCTION SET REFERENCE

PXOR mm, mm/m64 mm 1111111111111000000000000000010110110101100010000111011101110111

^
mm/m64 0001000011011001010100000011000100011110111011110001010110010101 mm

1110111100100001010100000011010010101011011001110110001011100010

3006033

Figure 3-85. Operation of the PXOR Instruction

Operation
DEST DEST XOR SRC;

Intel C/C++ Compiler Intrinsic Equivalent Pre-4.0 Intel C/C++ Compiler intrinsic:
__m64 _m_pxor(__m64 m1, __m64 m2)

Version 4.0 and later Intel C/C++ Compiler intrinsic:

__m64 _mm_xor_si64(__m64 m1, __m64 m2)

Perform a bitwise XOR of the 64-bit value in m1 with the 64-bit value in m2.

3-589

INSTRUCTION SET REFERENCE

PXORLogical Exclusive OR (Continued)

3-590

INSTRUCTION SET REFERENCE

RCL/RCR/ROL/ROR-Rotate
Opcode D0 /2 D2 /2 C0 /2 ib D1 /2 D3 /2 C1 /2 ib D1 /2 D3 /2 C1 /2 ib D0 /3 D2 /3 C0 /3 ib D1 /3 D3 /3 C1 /3 ib D1 /3 D3 /3 C1 /3 ib D0 /0 D2 /0 C0 /0 ib D1 /0 D3 /0 C1 /0 ib D1 /0 D3 /0 C1 /0 ib D0 /1 D2 /1 C0 /1 ib D1 /1 D3 /1 C1 /1 ib D1 /1 D3 /1 C1 /1 ib Instruction RCL r/m8,1 RCL r/m8,CL RCL r/m8,imm8 RCL r/m16,1 RCL r/m16,CL RCL r/m16,imm8 RCL r/m32,1 RCL r/m32,CL RCL r/m32,imm8 RCR r/m8,1 RCR r/m8,CL RCR r/m8,imm8 RCR r/m16,1 RCR r/m16,CL RCR r/m16,imm8 RCR r/m32,1 RCR r/m32,CL RCR r/m32,imm8 ROL r/m8,1 ROL r/m8,CL ROL r/m8,imm8 ROL r/m16,1 ROL r/m16,CL ROL r/m16,imm8 ROL r/m32,1 ROL r/m32,CL ROL r/m32,imm8 ROR r/m8,1 ROR r/m8,CL ROR r/m8,imm8 ROR r/m16,1 ROR r/m16,CL ROR r/m16,imm8 ROR r/m32,1 ROR r/m32,CL ROR r/m32,imm8 Description Rotate nine bits (CF,r/m8) left once Rotate nine bits (CF,r/m8) left CL times Rotate nine bits (CF,r/m8) left imm8 times Rotate 17 bits (CF,r/m16) left once Rotate 17 bits (CF,r/m16) left CL times Rotate 17 bits (CF,r/m16) left imm8 times Rotate 33 bits (CF,r/m32) left once Rotate 33 bits (CF,r/m32) left CL times Rotate 33 bits (CF,r/m32) left imm8 times Rotate nine bits (CF,r/m8) right once Rotate nine bits (CF,r/m8) right CL times Rotate nine bits (CF,r/m8) right imm8 times Rotate 17 bits (CF,r/m16) right once Rotate 17 bits (CF,r/m16) right CL times Rotate 17 bits (CF,r/m16) right imm8 times Rotate 33 bits (CF,r/m32) right once Rotate 33 bits (CF,r/m32) right CL times Rotate 33 bits (CF,r/m32) right imm8 times Rotate eight bits r/m8 left once Rotate eight bits r/m8 left CL times Rotate eight bits r/m8 left imm8 times Rotate 16 bits r/m16 left once Rotate 16 bits r/m16 left CL times Rotate 16 bits r/m16 left imm8 times Rotate 32 bits r/m32 left once Rotate 32 bits r/m32 left CL times Rotate 32 bits r/m32 left imm8 times Rotate eight bits r/m8 right once Rotate eight bits r/m8 right CL times Rotate eight bits r/m16 right imm8 times Rotate 16 bits r/m16 right once Rotate 16 bits r/m16 right CL times Rotate 16 bits r/m16 right imm8 times Rotate 32 bits r/m32 right once Rotate 32 bits r/m32 right CL times Rotate 32 bits r/m32 right imm8 times

3-591

INSTRUCTION SET REFERENCE

RCL/RCR/ROL/ROR-Rotate (Continued)
Description These instructions shift (rotate) the bits of the first operand (destination operand) the number of bit positions specified in the second operand (count operand) and stores the result in the destination operand. The destination operand can be a register or a memory location; the count operand is an unsigned integer that can be an immediate or a value in the CL register. The processor restricts the count to a number between 0 and 31 by masking all the bits in the count operand except the five least-significant bits. The rotate left (ROL) and rotate through carry left (RCL) instructions shift all the bits toward more-significant bit positions, except for the most-significant bit, which is rotated to the leastsignificant bit location. For more information, refer to Figure 6-10 in Chapter 6, Instruction Set Summary of the Intel Architecture Software Developers Manual, Volume 1. The rotate right (ROR) and rotate through carry right (RCR) instructions shift all the bits toward less significant bit positions, except for the least-significant bit, which is rotated to the most-significant bit location. The RCL and RCR instructions include the CF flag in the rotation. The RCL instruction shifts the CF flag into the least-significant bit and shifts the most-significant bit into the CF flag. For more information, refer to Figure 6-10 in Chapter 6, Instruction Set Summary of the Intel Architecture Software Developers Manual, Volume 1. The RCR instruction shifts the CF flag into the most-significant bit and shifts the least-significant bit into the CF flag. For the ROL and ROR instructions, the original value of the CF flag is not a part of the result, but the CF flag receives a copy of the bit that was shifted from one end to the other. The OF flag is defined only for the 1-bit rotates; it is undefined in all other cases (except that a zero-bit rotate does nothing, that is affects no flags). For left rotates, the OF flag is set to the exclusive OR of the CF bit (after the rotate) and the most-significant bit of the result. For right rotates, the OF flag is set to the exclusive OR of the two most-significant bits of the result. Intel Architecture Compatibility The 8086 does not mask the rotation count. However, all other Intel Architecture processors (starting with the Intel 286 processor) do mask the rotation count to five bits, resulting in a maximum count of 31. This masking is done in all operating modes (including the virtual-8086 mode) to reduce the maximum execution time of the instructions. Operation
(* RCL and RCR instructions *) SIZE OperandSize CASE (determine count) OF SIZE = 8: tempCOUNT (COUNT AND 1FH) MOD 9; SIZE = 16: tempCOUNT (COUNT AND 1FH) MOD 17; SIZE = 32: tempCOUNT COUNT AND 1FH; ESAC; (* RCL instruction operation *)

3-592

INSTRUCTION SET REFERENCE

RCL/RCR/ROL/ROR-Rotate (Continued)
WHILE (tempCOUNT 0) DO tempCF MSB(DEST); DEST (DEST 2) + CF; CF tempCF; tempCOUNT tempCOUNT 1; OD; ELIHW; IF COUNT = 1 THEN OF MSB(DEST) XOR CF; ELSE OF is undefined; FI; (* RCR instruction operation *) IF COUNT = 1 THEN OF MSB(DEST) XOR CF; ELSE OF is undefined; FI; WHILE (tempCOUNT 0) DO tempCF LSB(SRC); DEST (DEST / 2) + (CF * 2SIZE); CF tempCF; tempCOUNT tempCOUNT 1; OD; (* ROL and ROR instructions *) SIZE OperandSize CASE (determine count) OF SIZE = 8: tempCOUNT COUNT MOD 8; SIZE = 16: tempCOUNT COUNT MOD 16; SIZE = 32: tempCOUNT COUNT MOD 32; ESAC; (* ROL instruction operation *) WHILE (tempCOUNT 0) DO tempCF MSB(DEST); DEST (DEST 2) + tempCF; tempCOUNT tempCOUNT 1; OD; ELIHW; CF LSB(DEST); IF COUNT = 1 THEN OF MSB(DEST) XOR CF; ELSE OF is undefined; FI;

3-593

INSTRUCTION SET REFERENCE

RCL/RCR/ROL/ROR-Rotate (Continued)
(* ROR instruction operation *) WHILE (tempCOUNT 0) DO tempCF LSB(SRC); DEST (DEST / 2) + (tempCF 2SIZE); tempCOUNT tempCOUNT 1; OD; ELIHW; CF MSB(DEST); IF COUNT = 1 THEN OF MSB(DEST) XOR MSB 1(DEST); ELSE OF is undefined; FI;

Flags Affected The CF flag contains the value of the bit shifted into it. The OF flag is affected only for singlebit rotates (refer to Description above); it is undefined for multi-bit rotates. The SF, ZF, AF, and PF flags are not affected. Protected Mode Exceptions #GP(0) If the source operand is located in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-594

INSTRUCTION SET REFERENCE

RCL/RCR/ROL/ROR-Rotate (Continued)
Virtual-8086 Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made.

3-595

INSTRUCTION SET REFERENCE

RCPPSPacked Single-FP Reciprocal

Opcode 0F,53,/r Instruction RCPPS xmm1, xmm2/m128 Description Return a packed approximation of the reciprocal of XMM2/Mem.

Description RCPPS returns an approximation of the reciprocal of the SP FP numbers from xmm2/m128. The maximum error for this approximation is:
Error <=1.5x2-12

Xmm1 Xmm2/ m128 Xmm1

5.0

125.0

=
0.2

Figure 3-86. Operation of the RCPPS Instruction

Operation
DEST[31-0] = APPROX (1.0/(SRC/m128[31-0])); DEST[63-32] = APPROX (1.0/(SRC/m128[63-32])); DEST[95-64] = APPROX (1.0/(SRC/m128[95-64])); DEST[127-96] = APPROX (1.0/(SRC/m128[127-96]));

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_rcp_ps(__m128 a)

Computes the approximations of the reciprocals of the four SP FP values of a.

3-596

INSTRUCTION SET REFERENCE

RCPPSPacked Single-FP Reciprocal (Continued)

Exceptions General protection exception if not aligned on 16-byte boundary, regardless of segment. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set.

Real Address Mode Exceptions Interrupt 13 #UD #NM If any part of the operand would lie outside of the effective address space from 0 to 0FFFFH. If CR0.EM = 1. If TS bit in CR0 is set.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) Comments RCPPS is not affected by the rounding control in MXCSR. Denormal inputs are treated as zeroes (of the same sign) and underflow results are always flushed to zero, with the sign of the operand. For a page fault.

3-597

INSTRUCTION SET REFERENCE

RCPSSScalar Single-FP Reciprocal

Opcode F3,0F,53,/r Instruction RCPSS xmm1, xmm2/m32 Description Return an approximation of the reciprocal of the lower SP FP number in XMM2/Mem.

Description RCPSS returns an approximation of the reciprocal of the lower SP FP number from xmm2/m32; the upper three fields are passed through from xmm1. The maximum error for this approximation is:
|Error| <= 1.5x2-12

RCPSS xmm1,xmm2/m128 Xmm1

Xmm2/ m128 Xmm1

Figure 3-87. Operation of the RCPSS Instruction

Operation
DEST[31-0] = APPROX (1.0/(SRC/m32[31-0])); DEST[63-32] = DEST[63-32]; DEST[95-64] = DEST[95-64]; DEST[127-96] = DEST[127-96];

3-598

INSTRUCTION SET REFERENCE

RCPSSScalar Single-FP Reciprocal (Continued)

Intel C/C++ Compiler Intrinsic Equivalent
__m128 _mm_rcp_ss(__m128 a)

Computes the approximation of the reciprocal of the lower SP FP value of a; the upper three SP FP values are passed through. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #AC #NM For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. For unaligned memory reference if the current privilege level is 3. If TS bit in CR0 is set.

Real Address Mode Exceptions Interrupt 13 #UD #NM If any part of the operand would lie outside of the effective address space from 0 to 0FFFFH. If CR0.EM = 1. If TS bit in CR0 is set.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) Comments RCPSS is not affected by the rounding control in MXCSR. Denormal inputs are treated as zeroes (of the same sign) and underflow results are always flushed to zero, with the sign of the operand. For unaligned memory reference if the current privilege level is 3. For a page fault.

3-599

INSTRUCTION SET REFERENCE

RDMSRRead from Model Specific Register

Opcode 0F 32 Instruction RDMSR Description Load MSR specified by ECX into EDX:EAX

Flags Affected None. Protected Mode Exceptions #GP(0) If the current privilege level is not 0 and the PCE flag in the CR4 register is clear. If the value in the ECX register is not 0 or 1. Real-Address Mode Exceptions #GP If the PCE flag in the CR4 register is clear. If the value in the ECX register is not 0 or 1. Virtual-8086 Mode Exceptions #GP(0) If the PCE flag in the CR4 register is clear. If the value in the ECX register is not 0 or 1.

3-603

INSTRUCTION SET REFERENCE

RDTSCRead Time-Stamp Counter

Opcode 0F 31 Instruction RDTSC Description Read time-stamp counter into EDX:EAX

Description This instruction loads the current value of the processors time-stamp counter into the EDX:EAX registers. The time-stamp counter is contained in a 64-bit MSR. The high-order 32 bits of the MSR are loaded into the EDX register, and the low-order 32 bits are loaded into the EAX register. The processor increments the time-stamp counter MSR every clock cycle and resets it to 0 whenever the processor is reset. The time stamp disable (TSD) flag in register CR4 restricts the use of the RDTSC instruction. When the TSD flag is clear, the RDTSC instruction can be executed at any privilege level; when the flag is set, the instruction can only be executed at privilege level 0. The time-stamp counter can also be read with the RDMSR instruction, when executing at privilege level 0. The RDTSC instruction is not a serializing instruction. Thus, it does not necessarily wait until all previous instructions have been executed before reading the counter. Similarly, subsequent instructions may begin execution before the read operation is performed. This instruction was introduced into the Intel Architecture in the Pentium processor. Operation
IF (CR4.TSD = 0) OR ((CR4.TSD = 1) AND (CPL=0)) THEN EDX:EAX TimeStampCounter; ELSE (* CR4 is 1 and CPL is 1, 2, or 3 *) #GP(0) FI;

Flags Affected None. Protected Mode Exceptions #GP(0) If the TSD flag in register CR4 is set and the CPL is greater than 0.

Opcode C3 CB C2 iw CA iw Instruction RET RET RET imm16 RET imm16 Description Near return to calling procedure Far return to calling procedure Near return to calling procedure and pop imm16 bytes from stack Far return to calling procedure and pop imm16 bytes from stack

Description This instruction transfers program control to a return address located on the top of the stack. The address is usually placed on the stack by a CALL instruction, and the return is made to the instruction that follows the CALL instruction. The optional source operand specifies the number of stack bytes to be released after the return address is popped; the default is none. This operand can be used to release parameters from the stack that were passed to the called procedure and are no longer needed. It must be used when the CALL instruction used to switch to a new procedure uses a call gate with a non-zero word count to access the new procedure. Here, the source operand for the RET instruction must specify the same number of bytes as is specified in the word count field of the call gate. The RET instruction can be used to execute three different types of returns:

Near returnA return to a calling procedure within the current code segment (the segment currently pointed to by the CS register), sometimes referred to as an intrasegment return. Far returnA return to a calling procedure located in a different segment than the current code segment, sometimes referred to as an intersegment return. Inter-privilege-level far returnA far return to a different privilege level than that of the currently executing program or procedure.

ELSE (* OperandSize=16 *) EIP Pop(); EIP EIP AND 0000FFFFH; CS Pop(); (* 16-bit pop; segment descriptor information also loaded *) CS(RPL) CPL; ESP ESP + SRC; (* release parameters from called procedures stack *) tempESP Pop(); tempSS Pop(); (* 16-bit pop; segment descriptor information also loaded *) (* segment descriptor information also loaded *) ESP tempESP; SS tempSS; FI; FOR each of segment register (ES, FS, GS, and DS) DO; IF segment register points to data or non-conforming code segment AND CPL > segment descriptor DPL; (* DPL in hidden part of segment register *) THEN (* segment register invalid *) SegmentSelector 0; (* null segment selector *) FI; OD; For each of ES, FS, GS, and DS DO IF segment selector index is not within descriptor table limits OR segment descriptor indicates the segment is not a data or readable code segment OR if the segment is a data or non-conforming code segment and the segment descriptors DPL < CPL or RPL of code segments segment selector THEN segment selector register null selector; OD; ESP ESP + SRC; (* release parameters from calling procedures stack *)

Flags Affected None.

3-612

INSTRUCTION SET REFERENCE

RETReturn from Procedure (Continued)

Protected Mode Exceptions #GP(0) If the return code or stack segment selector null. If the return instruction pointer is not within the return code segment limit #GP(selector) If the RPL of the return code segment selector is less then the CPL. If the return code or stack segment selector index is not within its descriptor table limits. If the return code segment descriptor does not indicate a code segment. If the return code segment is non-conforming and the segment selectors DPL is not equal to the RPL of the code segments segment selector If the return code segment is conforming and the segment selectors DPL greater than the RPL of the code segments segment selector If the stack segment is not a writable data segment. If the stack segment selector RPL is not equal to the RPL of the return code segment selector. If the stack segment descriptor DPL is not equal to the RPL of the return code segment selector. #SS(0) If the top bytes of stack are not within stack limits. If the return stack segment is not present. #NP(selector) #PF(fault-code) #AC(0) If the return code segment is not present. If a page fault occurs. If an unaligned memory access occurs when the CPL is 3 and alignment checking is enabled.

Real-Address Mode Exceptions #GP #SS If the return instruction pointer is not within the return code segment limit If the top bytes of stack are not within stack limits.

3-613

INSTRUCTION SET REFERENCE

RETReturn from Procedure (Continued)

Virtual-8086 Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #AC(0) If the return instruction pointer is not within the return code segment limit If the top bytes of stack are not within stack limits. If a page fault occurs. If an unaligned memory access occurs when alignment checking is enabled.

3-614

INSTRUCTION SET REFERENCE

ROL/RORRotate
Refer to entry for RCL/RCR/ROL/RORRotate.

3-615

INSTRUCTION SET REFERENCE

RSMResume from System Management Mode

Opcode 0F AA Instruction RSM Description Resume operation of interrupted program

Description This instruction returns program control from system management mode (SMM) to the application program or operating-system procedure that was interrupted when the processor received an SSM interrupt. The processors state is restored from the dump created upon entering SMM. If the processor detects invalid state information during state restoration, it enters the shutdown state. The following invalid information can cause a shutdown:

Any reserved bit of CR4 is set to 1. Any illegal combination of bits in CR0, such as (PG=1 and PE=0) or (NW=1 and CD=0). (Intel Pentium and Intel486 processors only.) The value stored in the state dump base field is not a 32-KByte aligned address.

The contents of the model-specific registers are not affected by a return from SMM. Refer to Chapter 12, System Management Mode (SMM), in the Intel Architecture Software Developers Manual, Volume 3, for more information about SMM and the behavior of the RSM instruction. Operation
ReturnFromSSM; ProcessorState Restore(SSMDump);

Flags Affected All. Protected Mode Exceptions #UD If an attempt is made to execute this instruction when the processor is not in SMM.

Real-Address Mode Exceptions #UD If an attempt is made to execute this instruction when the processor is not in SMM.

Virtual-8086 Mode Exceptions #UD If an attempt is made to execute this instruction when the processor is not in SMM.

3-616

INSTRUCTION SET REFERENCE

RSQRTPSPacked Single-FP Square Root Reciprocal

Opcode 0F,52,/r Instruction RSQRTPS xmm1, xmm2/m128 Description Return a packed approximation of the square root of the reciprocal of XMM2/Mem.

Description RSQRTPS returns an approximation of the reciprocal of the square root of the SP FP numbers from xmm2/m128. The maximum error for this approximation is:
|Error| <= 1.5x2-12

RSQRTPS xmm1,xmm2/m128 Xmm1 Xmm2/ m128 Xmm1

0.0007716

0.0086553

=
36.0

Figure 3-88. Operation of the RSQRTPS Instruction

Operation
DEST[31-0] = APPROX (1.0/SQRT(SRC/m128[31-0])); DEST[63-32] = APPROX (1.0/SQRT(SRC/m128[63-32])); DEST[95-64] = APPROX (1.0/SQRT(SRC/m128[95-64])); DEST[127-96] = APPROX (1.0/SQRT(SRC/m128[127-96]));

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_rsqrt_ps(__m128 a)

Computes the approximations of the reciprocals of the square roots of the four SP FP values of a.

3-617

INSTRUCTION SET REFERENCE

RSQRTPSPacked Single-FP Square Root Reciprocal (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) Comments RSQRTPS is not affected by the rounding control in MXCSR. Denormal inputs are treated as zeroes (of the same sign) and underflow results are always flushed to zero, with the sign of the operand. For a page fault.

3-618

INSTRUCTION SET REFERENCE

RSQRTSSScalar Single-FP Square Root Reciprocal

Opcode F3,0F,52,/r Instruction RSQRTSS xmm1, xmm2/m32 Description Return an approximation of the square root of the reciprocal of the lowest SP FP number in XMM2/Mem.

Description RSQRTSS returns an approximation of the reciprocal of the square root of the lowest SP FP number from xmm2/m32; the upper three fields are passed through from xmm1. The maximum error for this approximation is:
|Error| <= 1.5x2-12

RSQRTSS xmm1, xmm2/m32 Xmm1

Xmm2/ m32 Xmm1

Figure 3-89. Operation of the RSQRTSS Instruction

Operation
DEST[31-0] = APPROX (1.0/SQRT(SRC/m32[31-0])); DEST[63-32] = DEST[63-32]; DEST[95-64] = DEST[95-64]; DEST[127-96] = DEST[127-96];

3-619

INSTRUCTION SET REFERENCE

RSQRTSSScalar Single-FP Square Root Reciprocal (Continued)

Intel C/C++ Compiler Intrinsic Equivalent
__m128 _mm_rsqrt_ss(__m128 a)

Computes the approximation of the reciprocal of the square root of the lower SP FP value of a; the upper three SP FP values are passed through. Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF (fault-code) #UD #NM #AC For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3)

Real Address Mode Exceptions Interrupt 13 #UD #NM If any part of the operand would lie outside of the effective address space from 0 to 0FFFFH. If CR0.EM = 1. If TS bit in CR0 is set.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) Comments RSQRTSS is not affected by the rounding control in MXCSR. Denormal inputs are treated as zeroes (of the same sign) and underflow results are always flushed to zero, with the sign of the operand. For unaligned memory reference if the current privilege level is 3. For a page fault.

3-620

INSTRUCTION SET REFERENCE

SAHFStore AH into Flags

Opcode 9E Instruction SAHF Clocks 2 Description Loads SF, ZF, AF, PF, and CF from AH into EFLAGS register

Description This instruction loads the SF, ZF, AF, PF, and CF flags of the EFLAGS register with values from the corresponding bits in the AH register (bits 7, 6, 4, 2, and 0, respectively). Bits 1, 3, and 5 of register AH are ignored; the corresponding reserved bits (1, 3, and 5) in the EFLAGS register remain as shown in the Operation section below. Operation
EFLAGS(SF:ZF:0:AF:0:PF:1:CF) AH;

Flags Affected The SF, ZF, AF, PF, and CF flags are loaded with values from the AH register. Bits 1, 3, and 5 of the EFLAGS register are unaffected, with the values remaining 1, 0, and 0, respectively. Exceptions (All Operating Modes) None.

3-621

INSTRUCTION SET REFERENCE

SAL/SAR/SHL/SHRShift
Opcode D0 /4 D2 /4 C0 /4 ib D1 /4 D3 /4 C1 /4 ib D1 /4 D3 /4 C1 /4 ib D0 /7 D2 /7 C0 /7 ib D1 /7 D3 /7 C1 /7 ib D1 /7 D3 /7 C1 /7 ib D0 /4 D2 /4 C0 /4 ib D1 /4 D3 /4 C1 /4 ib D1 /4 D3 /4 C1 /4 ib D0 /5 D2 /5 C0 /5 ib D1 /5 D3 /5 C1 /5 ib D1 /5 D3 /5 C1 /5 ib NOTE: * Not the same form of division as IDIV; rounding is toward negative infinity. Instruction SAL r/m8,1 SAL r/m8,CL SAL r/m8,imm8 SAL r/m16,1 SAL r/m16,CL SAL r/m16,imm8 SAL r/m32,1 SAL r/m32,CL SAL r/m32,imm8 SAR r/m8,1 SAR r/m8,CL SAR r/m8,imm8 SAR r/m16,1 SAR r/m16,CL SAR r/m16,imm8 SAR r/m32,1 SAR r/m32,CL SAR r/m32,imm8 SHL r/m8,1 SHL r/m8,CL SHL r/m8,imm8 SHL r/m16,1 SHL r/m16,CL SHL r/m16,imm8 SHL r/m32,1 SHL r/m32,CL SHL r/m32,imm8 SHR r/m8,1 SHR r/m8,CL SHR r/m8,imm8 SHR r/m16,1 SHR r/m16,CL SHR r/m16,imm8 SHR r/m32,1 SHR r/m32,CL SHR r/m32,imm8 Description Multiply r/m8 by 2, once Multiply r/m8 by 2, CL times Multiply r/m8 by 2, imm8 times Multiply r/m16 by 2, once Multiply r/m16 by 2, CL times Multiply r/m16 by 2, imm8 times Multiply r/m32 by 2, once Multiply r/m32 by 2, CL times Multiply r/m32 by 2, imm8 times Signed divide* r/m8 by 2, once Signed divide* r/m8 by 2, CL times Signed divide* r/m8 by 2, imm8 times Signed divide* r/m16 by 2, once Signed divide* r/m16 by 2, CL times Signed divide* r/m16 by 2, imm8 times Signed divide* r/m32 by 2, once Signed divide* r/m32 by 2, CL times Signed divide* r/m32 by 2, imm8 times Multiply r/m8 by 2, once Multiply r/m8 by 2, CL times Multiply r/m8 by 2, imm8 times Multiply r/m16 by 2, once Multiply r/m16 by 2, CL times Multiply r/m16 by 2, imm8 times Multiply r/m32 by 2, once Multiply r/m32 by 2, CL times Multiply r/m32 by 2, imm8 times Unsigned divide r/m8 by 2, once Unsigned divide r/m8 by 2, CL times Unsigned divide r/m8 by 2, imm8 times Unsigned divide r/m16 by 2, once Unsigned divide r/m16 by 2, CL times Unsigned divide r/m16 by 2, imm8 times Unsigned divide r/m32 by 2, once Unsigned divide r/m32 by 2, CL times Unsigned divide r/m32 by 2, imm8 times

3-622

INSTRUCTION SET REFERENCE

SAL/SAR/SHL/SHRShift (Continued)
Description These instructions shift the bits in the first operand (destination operand) to the left or right by the number of bits specified in the second operand (count operand). Bits shifted beyond the destination operand boundary are first shifted into the CF flag, then discarded. At the end of the shift operation, the CF flag contains the last bit shifted out of the destination operand. The destination operand can be a register or a memory location. The count operand can be an immediate value or register CL. The count is masked to five bits, which limits the count range to 0 to 31. A special opcode encoding is provided for a count of 1. The shift arithmetic left (SAL) and shift logical left (SHL) instructions perform the same operation; they shift the bits in the destination operand to the left (toward more significant bit locations). For each shift count, the most significant bit of the destination operand is shifted into the CF flag, and the least significant bit is cleared. Refer to Figure 6-6 in Chapter 6, Instruction Set Summary of the Intel Architecture Software Developers Manual, Volume 1. The shift arithmetic right (SAR) and shift logical right (SHR) instructions shift the bits of the destination operand to the right (toward less significant bit locations). For each shift count, the least significant bit of the destination operand is shifted into the CF flag, and the most significant bit is either set or cleared depending on the instruction type. The SHR instruction clears the most significant bit. For more information, refer to Figure 6-7 in Chapter 6, Instruction Set Summary of the Intel Architecture Software Developers Manual, Volume 1. The SAR instruction sets or clears the most significant bit to correspond to the sign (most significant bit) of the original value in the destination operand. In effect, the SAR instruction fills the empty bit positions shifted value with the sign of the unshifted value. For more information, refer to Figure 6-8 in Chapter 6, Instruction Set Summary of the Intel Architecture Software Developers Manual, Volume 1. The SAR and SHR instructions can be used to perform signed or unsigned division, respectively, of the destination operand by powers of 2. For example, using the SAR instruction to shift a signed integer one bit to the right divides the value by 2. Using the SAR instruction to perform a division operation does not produce the same result as the IDIV instruction. The quotient from the IDIV instruction is rounded toward zero, whereas the quotient of the SAR instruction is rounded toward negative infinity. This difference is apparent only for negative numbers. For example, when the IDIV instruction is used to divide -9 by 4, the result is -2 with a remainder of -1. If the SAR instruction is used to shift -9 right by two bits, the result is -3 and the remainder is +3; however, the SAR instruction stores only the most significant bit of the remainder (in the CF flag). The OF flag is affected only on 1-bit shifts. For left shifts, the OF flag is cleared to 0 if the mostsignificant bit of the result is the same as the CF flag (that is, the top two bits of the original operand were the same); otherwise, it is set to 1. For the SAR instruction, the OF flag is cleared for all 1-bit shifts. For the SHR instruction, the OF flag is set to the most-significant bit of the original operand.

3-623

INSTRUCTION SET REFERENCE

SAL/SAR/SHL/SHRShift (Continued)
Intel Architecture Compatibility The 8086 does not mask the shift count. However, all other Intel Architecture processors (starting with the Intel 286 processor) do mask the shift count to five bits, resulting in a maximum count of 31. This masking is done in all operating modes (including the virtual-8086 mode) to reduce the maximum execution time of the instructions. Operation
tempCOUNT (COUNT AND 1FH); tempDEST DEST; WHILE (tempCOUNT 0) DO IF instruction is SAL or SHL THEN CF MSB(DEST); ELSE (* instruction is SAR or SHR *) CF LSB(DEST); FI; IF instruction is SAL or SHL THEN DEST DEST 2; ELSE IF instruction is SAR THEN DEST DEST / 2 (*Signed divide, rounding toward negative infinity*); ELSE (* instruction is SHR *) DEST DEST / 2 ; (* Unsigned divide *); FI; FI; tempCOUNT tempCOUNT 1; OD; (* Determine overflow for the various instructions *) IF COUNT = 1 THEN IF instruction is SAL or SHL THEN OF MSB(DEST) XOR CF; ELSE IF instruction is SAR THEN OF 0; ELSE (* instruction is SHR *) OF MSB(tempDEST); FI; FI;

3-624

INSTRUCTION SET REFERENCE

SAL/SAR/SHL/SHRShift (Continued)
ELSE IF COUNT = 0 THEN All flags remain unchanged; ELSE (* COUNT neither 1 or 0 *) OF undefined; FI; FI;

Flags Affected The CF flag contains the value of the last bit shifted out of the destination operand; it is undefined for SHL and SHR instructions where the count is greater than or equal to the size (in bits) of the destination operand. The OF flag is affected only for 1-bit shifts (refer to Description above); otherwise, it is undefined. The SF, ZF, and PF flags are set according to the result. If the count is 0, the flags are not affected. For a non-zero count, the AF flag is undefined. Protected Mode Exceptions #GP(0) If the destination is located in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-625

INSTRUCTION SET REFERENCE

SAL/SAR/SHL/SHRShift (Continued)
Virtual-8086 Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made.

3-626

INSTRUCTION SET REFERENCE

SBBInteger Subtraction with Borrow

Opcode 1C ib 1D iw 1D id 80 /3 ib 81 /3 iw 81 /3 id 83 /3 ib 83 /3 ib 18 /r 19 /r 19 /r 1A /r 1B /r 1B /r Instruction SBB AL,imm8 SBB AX,imm16 SBB EAX,imm32 SBB r/m8,imm8 SBB r/m16,imm16 SBB r/m32,imm32 SBB r/m16,imm8 SBB r/m32,imm8 SBB r/m8,r8 SBB r/m16,r16 SBB r/m32,r32 SBB r8,r/m8 SBB r16,r/m16 SBB r32,r/m32 Description Subtract with borrow imm8 from AL Subtract with borrow imm16 from AX Subtract with borrow imm32 from EAX Subtract with borrow imm8 from r/m8 Subtract with borrow imm16 from r/m16 Subtract with borrow imm32 from r/m32 Subtract with borrow sign-extended imm8 from r/m16 Subtract with borrow sign-extended imm8 from r/m32 Subtract with borrow r8 from r/m8 Subtract with borrow r16 from r/m16 Subtract with borrow r32 from r/m32 Subtract with borrow r/m8 from r8 Subtract with borrow r/m16 from r16 Subtract with borrow r/m32 from r32

Description This instruction adds the source operand (second operand) and the carry (CF) flag, and subtracts the result from the destination operand (first operand). The result of the subtraction is stored in the destination operand. The destination operand can be a register or a memory location; the source operand can be an immediate, a register, or a memory location. (However, two memory operands cannot be used in one instruction.) The state of the CF flag represents a borrow from a previous subtraction. When an immediate value is used as an operand, it is sign-extended to the length of the destination operand format. The SBB instruction does not distinguish between signed or unsigned operands. Instead, the processor evaluates the result for both data types and sets the OF and CF flags to indicate a borrow in the signed or unsigned result, respectively. The SF flag indicates the sign of the signed result. The SBB instruction is usually executed as part of a multibyte or multiword subtraction in which a SUB instruction is followed by a SBB instruction. Operation
DEST DEST (SRC + CF);

SCAS/SCASB/SCASW/SCASDScan String (Continued)

Operation
IF (byte cmparison) THEN temp AL SRC; SetStatusFlags(temp); THEN IF DF = 0 THEN (E)DI (E)DI + 1; ELSE (E)DI (E)DI 1; FI; ELSE IF (word comparison) THEN temp AX SRC; SetStatusFlags(temp) THEN IF DF = 0 THEN (E)DI (E)DI + 2; ELSE (E)DI (E)DI 2; FI; ELSE (* doubleword comparison *) temp EAX SRC; SetStatusFlags(temp) THEN IF DF = 0 THEN (E)DI (E)DI + 4; ELSE (E)DI (E)DI 4; FI; FI; FI;

SETccSet Byte on Condition (Continued)

Many of the SETcc instruction opcodes have alternate mnemonics. For example, the SETG (set byte if greater) and SETNLE (set if not less or equal) both have the same opcode and test for the same condition: ZF equals 0 and SF equals OF. These alternate mnemonics are provided to make code more intelligible. Appendix B, EFLAGS Condition Codes, in the Intel Architecture Software Developers Manual, Volume 1, shows the alternate mnemonics for various test conditions. Some languages represent a logical one as an integer with all bits set. This representation can be obtained by choosing the logically opposite condition for the SETcc instruction, then decrementing the result. For example, to test for overflow, use the SETNO instruction, then decrement the result. Operation
IF condition THEN DEST 1 ELSE DEST 0; FI;

Flags Affected None. Protected Mode Exceptions #GP(0) If the destination is located in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #PF(fault-code) If a memory operand effective address is outside the SS segment limit. If a page fault occurs.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-633

INSTRUCTION SET REFERENCE

SFENCEStore Fence
Opcode 0F AE /7 Instruction SFENCE Description Guarantees that every store instruction that precedes in program order the store fence instruction is globally visible before any store instruction which follows the fence is globally visible.

Description Weakly ordered memory types can enable higher performance through such techniques as outof-order issue, write-combining, and write-collapsing. Memory ordering issues can arise between a producer and a consumer of data and there are a number of common usage models which may be affected by weakly ordered stores: 1. library functions, which use weakly ordered memory to write results 2. compiler-generated code, which also benefit from writing weakly-ordered results 3. hand-written code The degree to which a consumer of data knows that the data is weakly ordered can vary for these cases. As a result, the SFENCE instruction provides a performance-efficient way of ensuring ordering between routines that produce weakly-ordered results and routines that consume this data. The SFENCE is ordered with respect to stores and other SFENCE instructions. SFENCE uses the following ModRM encoding: Mod (7:6) = 11B Reg/Opcode (5:3) = 111B R/M (2:0) = 000B All other ModRM encodings are defined to be reserved, and use of these encodings risks incompatibility with future processors. Operation
WHILE (NOT(preceding_stores_globally_visible)) WAIT();

Intel C/C++ Compiler Intrinsic Equivalent

void_mm_sfence(void)

Guarantees that every preceding store is globally visible before any subsequent store. Numeric Exceptions None.

3-634

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-645

INSTRUCTION SET REFERENCE

SHUFPSShuffle Single-FP
Opcode 0F,C6,/r, ib Instruction SHUFPS xmm1, xmm2/m128, imm8 Description Shuffle Single.

Description The SHUFPS instruction is able to shuffle any of the four SP FP numbers from xmm1 to the lower two destination fields; the upper two destination fields are generated from a shuffle of any of the four SP FP numbers from xmm2/m128.
Example 3-1. SHUFPS Instruction

X4 xmm1 Y4 xmm2/m128 xmm1 {Y4 ... Y1}

{Y4 ... Y1}

{X4 ... X1}

By using the same register for both sources, SHUFPS can return any combination of the four SP FP numbers from this register. Bits 0 and 1 of the immediate field are used to select which of the four input SP FP numbers will be put in the first SP FP number of the result; bits 3 and 2 of the immediate field are used to select which of the four input SP FP will be put in the second SP FP number of the result; etc.

3-646

INSTRUCTION SET REFERENCE

SHUFPSShuffle Single-FP (Continued)

Xmm1

Xmm2/ m128 Xmm1

Figure 3-90. Operation of the SHUFPS Instruction

SHUFPSShuffle Single-FP (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) Comments The usage of Repeat Prefix (F3H) with SHUFPS is reserved. Different processor implementations may handle this prefix differently. Usage of this prefix with SHUFPS risks incompatibility with future processors. For a page fault.

3-650

INSTRUCTION SET REFERENCE

SIDTStore Interrupt Descriptor Table Register

Refer to entry for SGDT/SIDTStore Global/Interrupt Descriptor Table Register.

3-651

INSTRUCTION SET REFERENCE

SLDTStore Local Descriptor Table Register

Opcode 0F 00 /0 0F 00 /0 Instruction SLDT r/m16 SLDT r/m32 Description Stores segment selector from LDTR in r/m16 Store segment selector from LDTR in low-order 16 bits of r/m32

Opcode 0F,51,/r Instruction SQRTPS xmm1, xmm2/m128 Description Square Root of the packed SP FP numbers in XMM2/Mem.

Description The SQRTPS instruction returns the square root of the packed SP FP numbers from xmm2/m128.

SQRTPS xmm1, xmm2/m128 Xmm1 Xmm2/ m128 Xmm1

9.0

16.0

=
3.0

Figure 3-91. Operation of the SQRTPS Instruction

Operation
DEST[31-0] = SQRT (SRC/m128[31-0]); DEST[63-32] = SQRT (SRC/m128[63-32]); DEST[95-64] = SQRT (SRC/m128[95-64]); DEST[127-96] = SQRT (SRC/m128[127-96]);

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_sqrt_ps(__m128 a)

Computes the square roots of the four SP FP values of a.

Description The SQRTSS instructions return the square root of the lowest SP FP numbers of their operand.

SQRTSS xmm1, xmm2/m32 Xmm1 Xmm2/ m32

=
Xmm1

Figure 3-92. Operation of the SQRTSS Instruction

Operation
DEST[31-0] = SQRT (SRC/m32[31-0]); DEST[63-32] = DEST[63-32]; DEST[95-64] = DEST[95-64]; DEST[127-96] = DEST[127-96];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_sqrt_ss(__m128 a)

Opcode F9 Instruction STC Description Set CF flag

Description This instruction sets the CF flag in the EFLAGS register. Operation
CF 1;

Flags Affected The CF flag is set. The OF, ZF, SF, AF, and PF flags are unaffected. Exceptions (All Operating Modes) None.

3-662

INSTRUCTION SET REFERENCE

STDSet Direction Flag

Opcode FD Instruction STD Description Set DF flag

Opcode 0F,AE,/3 Instruction STMXCSR m32 Description Store Streaming SIMD Extension control/status word to m32.

Description The MXCSR control/status register is used to enable masked/unmasked exception handling, to set rounding modes, to set flush-to-zero mode, and to view exception status flags. Refer to LDMXCSR for a description of the format of MXCSR. The linear address corresponds to the address of the least-significant byte of the referenced memory data. The reserved bits in the MXCSR are stored as zeroes. Operation
m32 = MXCSR;

Intel C/C++ Compiler Intrinsic Equivalent

_mm_getcsr(void)

Returns the contents of the control register. Exceptions None. Numeric Exceptions None.

3-666

INSTRUCTION SET REFERENCE

STMXCSRStore Streaming SIMD Extension Control/Status (Continued)

Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM #AC #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For unaligned memory reference. To enable #AC exceptions, three conditions must be true(CR0.AM is set; EFLAGS.AC is set; current CPL is 3). If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) #AC Comments The usage of Repeat Prefix (F3H) with STMXCSR is reserved. Different processor implementations may handle this prefix differently. Usage of this prefix with STMXCSR risks incompatibility with future processors. For a page fault. For unaligned memory reference.

3-667

INSTRUCTION SET REFERENCE

STRStore Task Register (Continued)

Real-Address Mode Exceptions #UD The STR instruction is not recognized in real-address mode.

Virtual-8086 Mode Exceptions #UD The STR instruction is not recognized in virtual-8086 mode.

3-672

INSTRUCTION SET REFERENCE

SUBSubtract
Opcode 2C ib 2D iw 2D id 80 /5 ib 81 /5 iw 81 /5 id 83 /5 ib 83 /5 ib 28 /r 29 /r 29 /r 2A /r 2B /r 2B /r Instruction SUB AL,imm8 SUB AX,imm16 SUB EAX,imm32 SUB r/m8,imm8 SUB r/m16,imm16 SUB r/m32,imm32 SUB r/m16,imm8 SUB r/m32,imm8 SUB r/m8,r8 SUB r/m16,r16 SUB r/m32,r32 SUB r8,r/m8 SUB r16,r/m16 SUB r32,r/m32 Description Subtract imm8 from AL Subtract imm16 from AX Subtract imm32 from EAX Subtract imm8 from r/m8 Subtract imm16 from r/m16 Subtract imm32 from r/m32 Subtract sign-extended imm8 from r/m16 Subtract sign-extended imm8 from r/m32 Subtract r8 from r/m8 Subtract r16 from r/m16 Subtract r32 from r/m32 Subtract r/m8 from r8 Subtract r/m16 from r16 Subtract r/m32 from r32

Description This instruction subtracts the second operand (source operand) from the first operand (destination operand) and stores the result in the destination operand. The destination operand can be a register or a memory location; the source operand can be an immediate, register, or memory location. (However, two memory operands cannot be used in one instruction.) When an immediate value is used as an operand, it is sign-extended to the length of the destination operand format. The SUB instruction does not distinguish between signed or unsigned operands. Instead, the processor evaluates the result for both data types and sets the OF and CF flags to indicate a borrow in the signed or unsigned result, respectively. The SF flag indicates the sign of the signed result. Operation
DEST DEST SRC;

Flags Affected The OF, SF, ZF, AF, PF, and CF flags are set according to the result.

3-673

INSTRUCTION SET REFERENCE

SUBSubtract (Continued)
Protected Mode Exceptions #GP(0) If the destination is located in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-674

INSTRUCTION SET REFERENCE

SUBPSPacked Single-FP Subtract

Opcode 0F,5C,/r Instruction SUBPS xmm1 xmm2/m128 Description Subtract packed SP FP numbers in XMM2/Mem from XMM1.

Description The SUBPS instruction subtracts the packed SP FP numbers of both their operands.

Xmm1

Xmm2/ m128 Xmm1

Figure 3-93. Operation of the SUBPS Instruction

Operation
DEST[31-0] = DEST[31-0] - SRC/m128[31-0]; DEST[63-32] = DEST[63-32] - SRC/m128[63-32]; DEST[95-64] = DEST[95-64] - SRC/m128[95-64]; DEST[127-96] = DEST[127-96] - SRC/m128[127-96];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_sub_ps(__m128 a, __m128 b)

Subtracts the four SP FP values of a and b.

3-675

INSTRUCTION SET REFERENCE

SUBPSPacked Single-FP Subtract (Continued)

Exceptions General protection exception if not aligned on 16-byte boundary, regardless of segment. Numeric Exceptions Overflow, Underflow, Invalid, Precision, Denormal. Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM #XM #UD #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =1). For an unmasked Streaming SIMD Extension numeric exception (CR4.OSXMMEXCPT =0). If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

3-676

INSTRUCTION SET REFERENCE

SUBPSPacked Single-FP Subtract (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) For a page fault.

3-677

INSTRUCTION SET REFERENCE

SUBSSScalar Single-FP Subtract

Opcode F3,0F,5C, /r Instruction SUBSS xmm1, xmm2/m32 Description Subtract the lower SP FP numbers in XMM2/Mem from XMM1.

Description The SUBSS instruction subtracts the lower SP FP numbers of both their operands.

SUBSS xmm1, xmm2/m32 Xmm1

Xmm2/ m32

=
Xmm1

Figure 3-94. Operation of the SUBSS Instruction

Operation
DEST[31-0] = DEST[31-0] - SRC/m32[31-0]; DEST[63-32] = DEST[63-32]; DEST[95-64] = DEST[95-64]; DEST[127-96] = DEST[127-96];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_sub_ss(__m128 a, __m128 b)

Opcode 0F, 34 Instruction SYSENTER Description Transition to System Call Entry Point

Description The SYSENTER instruction is part of the "Fast System Call" facility introduced on the Pentium II processor. The SYSENTER instruction is optimized to provide the maximum performance for transitions to protection ring 0 (CPL = 0). The SYSENTER instruction sets the following registers according to values specified by the operating system in certain model-specific registers. CS register EIP register SS register ESP register set to the value of (SYSENTER_CS_MSR) set to the value of (SYSENTER_EIP_MSR) set to the sum of (8 plus the value in SYSENTER_CS_MSR) set to the value of (SYSENTER_ESP_MSR)

The processor does not save user stack or return address information, and does not save any registers. The SYSENTER and SYSEXIT instructions do not constitute a call/return pair; therefore, the system call "stub" routines executed by user code (typically in shared libraries or DLLs) must perform the required register state save to create a system call/return pair. The SYSENTER instruction always transfers to a flat protected mode kernel at CPL = 0. SYSENTER can be invoked from all modes except real mode. The instruction requires that the following conditions are met by the operating system:

The CS selector for the target ring 0 code segment is 32 bits, mapped as a flat 0-4 GB address space with execute and read permissions The SS selector for the target ring 0 stack segment is 32 bits, mapped as a flat 0-4 GB address space with read, write, and accessed permissions. This selector (Target Ring 0 SS Selector) is assigned the value of the new (CS selector + 8).

An operating system provides values for CS, EIP, SS, and ESP for the ring 0 entry point through use of model-specific registers within the processor. These registers can be read from and written to by using the RDMSR and WRMSR instructions. The register addresses are defined to remain fixed at the following addresses on future processors that provide support for this feature.
Name SYSENTER_CS_MSR SYSENTER_ESP_MSR SYSENTER_EIP_MSR Description Target Ring 0 CS Selector Target Ring 0 ESP Target Ring 0 Entry Point EIP Address 174h 175h 176h

3-681

INSTRUCTION SET REFERENCE

SYSENTERFast Transition to System Call Entry Point (Continued)

The Pentium Pro processor (Model = 1) returns a set SEP CPUID feature bit, but does not support the SYSENTER/SYSEXIT instructions.

3-682

INSTRUCTION SET REFERENCE

SYSENTERFast Transition to System Call Entry Point (Continued)

Operation
SYSENTER IF CR0.PE == 0 THEN #GP(0) IF SYSENTER_CS_MSR == 0 THEN #GP(0) EFLAGS.VM := 0 EFLAGS.IF := 0 CS.SEL := SYSENTER_CS_MSR // Set rest of CS to a fixed value CS.SEL.CPL := 0 CS.SEL.BASE := 0 CS.SEL.LIMIT := 0xFFFF CS.SEL.G := 1 CS.SEL.S := 1 CS.SEL.TYPE_xCRA := 1011 CS.SEL.D := 1 CS.SEL.DPL := 0 CS.SEL.RPL := 0 CS.SEL.P := 1 SS.SEL := CS.SEL+8 // Set rest of SS to a fixed value SS.SEL.BASE := 0 SS.SEL.LIMIT := 0xFFFF SS.SEL.G := 1 SS.SEL.S := 1 SS.SEL.TYPE_xCRA := 0011 SS.SEL.D := 1 SS.SEL.DPL := 0 SS.SEL.RPL := 0 SS.SEL.P := 1 ESP := SYSENTER_ESP_MSR EIP := SYSENTER_EIP_MSR // Prevent VM86 mode // Mask interrupts // Operating system provides CS

// CPL = 0 // Flat segment // 4G limit // 4 KB granularity // Execute + Read, Accessed // 32 bit code

// Flat segment // 4G limit // 4 KB granularity // Read/Write, Accessed // 32 bit stack

3-683

INSTRUCTION SET REFERENCE

SYSENTERFast Transition to System Call Entry Point (Continued)

Exceptions #GP(0) If SYSENTER_CS_MSR contains zero.

Numeric Exceptions None. Real Address Mode Exceptions #GP(0) If protected mode is not enabled.

3-684

INSTRUCTION SET REFERENCE

SYSEXITFast Transition from System Call Entry Point

Opcode 0F, 35 Instruction SYSEXIT Description Transition from System Call Entry Point

Description The SYSEXIT instruction is part of the "Fast System Call" facility introduced on the Pentium II processor. The SYSEXIT instruction is optimized to provide the maximum performance for transitions to protection ring 3 (CPL = 3) from protection ring 0 (CPL = 0). The SYSEXIT instruction sets the following registers according to values specified by the operating system in certain model-specific or general purpose registers. CS register EIP register SS register ESP register set to the sum of (16 plus the value in SYSENTER_CS_MSR) set to the value contained in the EDX register set to the sum of (24 plus the value in SYSENTER_CS_MSR) set to the value contained in the ECX register

The processor does not save kernel stack or return address information, and does not save any registers. The SYSENTER and SYSEXIT instructions do not constitute a call/return pair; therefore, the system call "stub" routines executed by user code (typically in shared libraries or DLLs) must perform the required register state restore to create a system call/return pair. The SYSEXIT instruction always transfers to a flat protected mode user at CPL = 3. SYSEXIT can be invoked only from protected mode and CPL = 0. The instruction requires that the following conditions are met by the operating system:

The CS selector for the target ring 3 code segment is 32 bits, mapped as a flat 0-4 GB address space with execute, read, and non-conforming permissions. The SS selector for the target ring 3 stack segment is 32 bits, mapped as a flat 0-4 GB address space with expand-up, read, and write permissions.

An operating system must set the following:

Name CS Selector SS Selector EIP ESP Description The Target Ring 3 CS Selector. This is assigned the sum of (16 + the value of SYSENTER_CS_MSR). The Target Ring 3 SS Selector. This is assigned the sum of (24 + the value of SYSENTER_CS_MSR). Target Ring 3 Return EIP. This is the target entry point, and is assigned the value contained in the EDX register. Target Ring 3 Return ESP. This is the target entry point, and is assigned the value contained in the ECX register.

3-685

INSTRUCTION SET REFERENCE

SYSEXITFast Transition from System Call Entry Point (Continued)

The presence of this facility is indicated by the SYSENTER Present (SEP) bit 11 of CPUID. An operating system that detects the presence of the SEP bit must also qualify the processor family and model to ensure that the SYSENTER/SYSEXIT instructions are actually present, as described for the SYSENTER instruction. The Pentium Pro processor (Model = 1) returns a set SEP CPUID feature bit, but does not support the SYSENTER/SYSEXIT instructions. Operation
SYSEXIT IF SYSENTER_CS_MSR == 0 THEN #GP(0) IF CR0.PE == 0 THEN #GP(0) IF CPL <> 0 THEN #GP(0) // Changing CS:EIP and SS:ESP is required CS.SEL := (SYSENTER_CS_MSR + 16) CS.SEL.RPL := 3 // Set rest of CS to a fixed value CS.SEL.BASE := 0 CS.SEL.LIMIT := 0xFFFF CS.SEL.G := 1 CS.SEL.S := 1 CS.SEL.TYPE_xCRA := 1011 CS.SEL.D := 1 CS.SEL.DPL := 3 CS.SEL.P := 1 SS.SEL := (SYSENTER_CS_MSR + 24) SS.SEL.RPL := 3 // Set rest of SS to a fixed value SS.SEL.BASE := 0 SS.SEL.LIMIT := 0xFFFF SS.SEL.G := 1 SS.SEL.S := 1 SS.SEL.TYPE_xCRA := 0011 SS.SEL.D := 1 SS.SEL.DPL := 3 SS.SEL.CPL := 3 SS.SEL.P := 1 ESP := ECX EIP := EDX // Selector for return CS

// Flat segment // 4G limit // 4 KB granularity // Execute, Read, Non-Conforming Code // 32 bit code

// Flat segment // 4G limit // 4 KB granularity // Expand Up, Read/Write, Data // 32 bit stack

3-686

INSTRUCTION SET REFERENCE

SYSEXITFast Transition from System Call Entry Point (Continued)

Exceptions #GP(0) If SYSENTER_CS_MSR contains zero.

Numeric Exceptions None. Protected Mode Exceptions #GP(0) If CPL is non-zero.

Real Address Mode Exceptions #GP(0) If protected mode is not enabled.

3-687

INSTRUCTION SET REFERENCE

TESTLogical Compare
Opcode A8 ib A9 iw A9 id F6 /0 ib F7 /0 iw F7 /0 id 84 /r 85 /r 85 /r Instruction TEST AL,imm8 TEST AX,imm16 TEST EAX,imm32 TEST r/m8,imm8 TEST r/m16,imm16 TEST r/m32,imm32 TEST r/m8,r8 TEST r/m16,r16 TEST r/m32,r32 Description AND imm8 with AL; set SF, ZF, PF according to result AND imm16 with AX; set SF, ZF, PF according to result AND imm32 with EAX; set SF, ZF, PF according to result AND imm8 with r/m8; set SF, ZF, PF according to result AND imm16 with r/m16; set SF, ZF, PF according to result AND imm32 with r/m32; set SF, ZF, PF according to result AND r8 with r/m8; set SF, ZF, PF according to result AND r16 with r/m16; set SF, ZF, PF according to result AND r32 with r/m32; set SF, ZF, PF according to result

Description This instruction computes the bit-wise logical AND of first operand (source 1 operand) and the second operand (source 2 operand) and sets the SF, ZF, and PF status flags according to the result. The result is then discarded. Operation
TEMP SRC1 AND SRC2; SF MSB(TEMP); IF TEMP = 0 THEN ZF 1; ELSE ZF 0; FI: PF BitwiseXNOR(TEMP[0:7]); CF 0; OF 0; (*AF is Undefined*)

Flags Affected The OF and CF flags are cleared to 0. The SF, ZF, and PF flags are set according to the result (refer to the Operation section above). The state of the AF flag is undefined.

3-688

INSTRUCTION SET REFERENCE

TESTLogical Compare (Continued)

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-689

INSTRUCTION SET REFERENCE

UCOMISSUnordered Scalar Single-FP compare and set EFLAGS

Opcode 0F,2E,/r Instruction UCOMISS xmm1, xmm2/m32 Description Compare lower SP FP number in XMM1 register with lower SP FP number in XMM2/Mem and set the status flags accordingly.

UCOMISSUnordered Scalar Single-FP compare and set EFLAGS (Continued)

Intel C/C++ Compiler Intrinsic Equivalent
_mm_ucomieq_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a equal to b. If a and b are equal, 1 is returned. Otherwise 0 is returned.
_mm_ucomilt_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a less than b. If a is less than b, 1 is returned. Otherwise 0 is returned.
_mm_ucomile_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a less than or equal to b. If a is less than or equal to b, 1 is returned. Otherwise 0 is returned.
_mm_ucomigt_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a greater than b. If a is greater than b are equal, 1 is returned. Otherwise 0 is returned.
_mm_ucomige_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a greater than or equal to b. If a is greater than or equal to b, 1 is returned. Otherwise 0 is returned.
_mm_ucomineq_ss(__m128 a, __m128 b)

Compares the lower SP FP value of a and b for a not equal to b. If a and b are not equal, 1 is returned. Otherwise 0 is returned. Exceptions None. Numeric Exceptions Invalid (if sNaN operands), Denormal. Integer EFLAGS values will not be updated in the presence of unmasked numeric exceptions.

3-694

INSTRUCTION SET REFERENCE

UCOMISSUnordered Scalar Single-FP compare and set EFLAGS (Continued)

3-695

INSTRUCTION SET REFERENCE

UCOMISSUnordered Scalar Single-FP compare and set EFLAGS (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #AC #PF (fault-code) Comments UCOMISS differs from COMISS in that it signals an invalid numeric exception when a source operand is an sNaN; COMISS signals invalid if a source operand is either a qNaN or an sNaN. The usage of Repeat (F2H, F3H) and Operand-size (66H) prefixes with UCOMISS is reserved. Different processor implementations may handle these prefixes differently. Usage of these prefixes with UCOMISS risks incompatibility with future processors. For unaligned memory reference if the current privilege level is 3. For a page fault.

3-696

INSTRUCTION SET REFERENCE

UD2Undefined Instruction
Opcode 0F 0B Instruction UD2 Description Raise invalid opcode exception

Description This instruction generates an invalid opcode. This instruction is provided for software testing to explicitly generate an invalid opcode. The opcode for this instruction is reserved for this purpose. Other than raising the invalid opcode exception, this instruction is the same as the NOP instruction. Operation
#UD (* Generates invalid opcode exception *);

Flags Affected None. Exceptions (All Operating Modes) #UD Instruction is guaranteed to raise an invalid opcode exception in all operating modes).

3-697

INSTRUCTION SET REFERENCE

UNPCKHPSUnpack High Packed Single-FP Data

Opcode 0F,15,/r Instruction UNPCKHPS xmm1, xmm2/m128 Description Interleaves SP FP numbers from the high halves of XMM1 and XMM2/Mem into XMM1 register.

Description The UNPCKHPS instruction performs an interleaved unpack of the high-order data elements of XMM1 and XMM2/Mem. It ignores the lower half of the sources.
Example 3-2. UNPCKHPS Instruction

X1 xmm1

Y1 xmm2/m128 xmm1

3-698

INSTRUCTION SET REFERENCE

UNPCKHPSUnpack High Packed Single-FP Data (Continued)

Xmm1

Xmm2/ m128 Xmm1

Figure 3-99. Operation of the UNPCKHPS Instruction

Operation
DEST[31-0] = DEST[95-64]; DEST[63-32] = SRC/m128[95-64]; DEST[95-64] = DEST[127-96]; DEST[127-96] = SRC/m128[127-96];

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_unpackhi_ps(__m128 a, __m128 b)

Selects and interleaves the upper two SP FP values from a and b. Exceptions General protection exception if not aligned on 16-byte boundary, regardless of segment. Numeric Exceptions None.

3-699

INSTRUCTION SET REFERENCE

UNPCKHPSUnpack High Packed Single-FP Data (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) Comments When unpacking from a memory operand, an implementation may decide to fetch only the appropriate 64 bits. Alignment to 16-byte boundary and normal segment checking will still be enforced. The usage of Repeat Prefix (F3H) with UNPCKHPS is reserved. Different processor implementations may handle this prefix differently. Usage of this prefix with UNPCKHPS risks incompatibility with future processors. For a page fault.

UNPCKLPSUnpack Low Packed Single-FP Data (Continued)

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) Comments When unpacking from a memory operand, an implementation may decide to fetch only the appropriate 64 bits. Alignment to 16-byte boundary and normal segment checking will still be enforced. The usage of Repeat Prefixes (F2H, F3H) with UNPCKLPS is reserved. Different processor implementations may handle this prefix differently. Usage of these prefixes with UNPCKLPS risks incompatibility with future processors. For a page fault.

3-703

INSTRUCTION SET REFERENCE

VERR/VERWVerify a Segment for Reading or Writing

Opcode 0F 00 /4 0F 00 /5 Instruction VERR r/m16 VERW r/m16 Description Set ZF=1 if segment specified with r/m16 can be read Set ZF=1 if segment specified with r/m16 can be written

Description These instructions verify whether the code or data segment specified with the source operand is readable (VERR) or writable (VERW) from the current privilege level (CPL). The source operand is a 16-bit register or a memory location that contains the segment selector for the segment to be verified. If the segment is accessible and readable (VERR) or writable (VERW), the ZF flag is set; otherwise, the ZF flag is cleared. Code segments are never verified as writable. This check cannot be performed on system segments. To set the ZF flag, the following conditions must be met:

Description These instructions cause the processor to check for and handle pending, unmasked, floatingpoint exceptions before proceeding. (FWAIT is an alternate mnemonic for the WAIT). This instruction is useful for synchronizing exceptions in critical sections of code. Coding a WAIT instruction after a floating-point instruction insures that any unmasked floating-point exceptions the instruction may raise are handled before the processor can modify the instructions results. Refer to Section 7.9., Floating-Point Exception Synchronization in Chapter 7, Floating-Point Unit of the Intel Architecture Software Developers Manual, Volume 1, for more information on using the WAIT/FWAIT instruction. Operation
CheckForPendingUnmaskedFloatingPointExceptions;

FPU Flags Affected The C0, C1, C2, and C3 flags are undefined. Floating-Point Exceptions None. Protected Mode Exceptions #NM MP and TS in CR0 is set.

Real-Address Mode Exceptions #NM MP and TS in CR0 is set.

Virtual-8086 Mode Exceptions #NM MP and TS in CR0 is set.

3-707

INSTRUCTION SET REFERENCE

WBINVDWrite Back and Invalidate Cache

Opcode 0F 09 Instruction WBINVD Description Write back and flush Internal caches; initiate writing-back and flushing of external caches.

Description This instruction writes back all modified cache lines in the processors internal cache to main memory and invalidates (flushes) the internal caches. The instruction then issues a special-function bus cycle that directs external caches to also write back modified data and another bus cycle to indicate that the external caches should be invalidated. After executing this instruction, the processor does not wait for the external caches to complete their write-back and flushing operations before proceeding with instruction execution. It is the responsibility of hardware to respond to the cache write-back and flush signals. The WDINVD instruction is a privileged instruction. When the processor is running in protected mode, the CPL of a program or procedure must be 0 to execute this instruction. This instruction is also a serializing instruction. For more information, refer to Section 7.4., Serializing Instructions in Chapter 7, Multiple-Processor Management of the Intel Architecture Software Developers Manual, Volume 3. In situations where cache coherency with main memory is not a concern, software can use the INVD instruction. Intel Architecture Compatibility The WBINVD instruction is implementation dependent, and its function may be implemented differently on future Intel Architecture processors. The instruction is not supported on Intel Architecture processors earlier than the Intel486 processor. Operation
WriteBack(InternalCaches); Flush(InternalCaches); SignalWriteBack(ExternalCaches); SignalFlush(ExternalCaches); Continue (* Continue execution);

Flags Affected None. Protected Mode Exceptions #GP(0) If the current privilege level is not 0.

3-708

INSTRUCTION SET REFERENCE

WBINVDWrite Back and Invalidate Cache (Continued)

Real-Address Mode Exceptions None. Virtual-8086 Mode Exceptions #GP(0) The WBINVD instruction cannot be executed at the virtual-8086 mode.

3-709

INSTRUCTION SET REFERENCE

WRMSRWrite to Model Specific Register

Opcode 0F 30 Instruction WRMSR Description Write the value in EDX:EAX to MSR specified by ECX

Description This instruction writes the contents of registers EDX:EAX into the 64-bit model specific register (MSR) specified in the ECX register. The high-order 32 bits are copied from EDX and the loworder 32 bits are copied from EAX. Always set the undefined or reserved bits in an MSR to the values previously read. This instruction must be executed at privilege level 0 or in real-address mode; otherwise, a general protection exception #GP(0) will be generated. Specifying a reserved or unimplemented MSR address in ECX will also cause a general protection exception. When the WRMSR instruction is used to write to an MTRR, the TLBs are invalidated, including the global entries. For more information, refer to Section 3.7., Translation Lookaside Buffers (TLBs) in Chapter 3, Protected-Mode Memory Management of the Intel Architecture Software Developers Manual, Volume 3. MTRRs are an implementation-specific feature of the Pentium Pro processor. The MSRs control functions for testability, execution tracing, performance monitoring and machine check errors. Appendix B, Model-Specific Registers, in the Intel Architecture Software Developers Manual, Volume 3, lists all the MSRs that can be written to with this instruction and their addresses. The WRMSR instruction is a serializing instruction. For more information, refer to Section 7.4., Serializing Instructions in Chapter 7, Multiple-Processor Management of the Intel Architecture Software Developers Manual, Volume 3. The CPUID instruction should be used to determine whether MSRs are supported (EDX[5]=1) before using this instruction. Intel Architecture Compatibility The MSRs and the ability to read them with the WRMSR instruction were introduced into the Intel Architecture with the Pentium processor. Execution of this instruction by an Intel Architecture processor earlier than the Pentium processor results in an invalid opcode exception #UD. Operation
MSR[ECX] EDX:EAX;

Flags Affected None.

3-710

INSTRUCTION SET REFERENCE

XCHGExchange Register/Memory with Register

Opcode 90+rw 90+rw 90+rd 90+rd 86 /r 86 /r 87 /r 87 /r 87 /r 87 /r Instruction XCHG AX,r16 XCHG r16,AX XCHG EAX,r32 XCHG r32,EAX XCHG r/m8,r8 XCHG r8,r/m8 XCHG r/m16,r16 XCHG r16,r/m16 XCHG r/m32,r32 XCHG r32,r/m32 Description Exchange r16 with AX Exchange AX with r16 Exchange r32 with EAX Exchange EAX with r32 Exchange r8 (byte register) with byte from r/m8 Exchange byte from r/m8 with r8 (byte register) Exchange r16 with word from r/m16 Exchange word from r/m16 with r16 Exchange r32 with doubleword from r/m32 Exchange doubleword from r/m32 with r32

Description This instruction exchanges the contents of the destination (first) and source (second) operands. The operands can be two general-purpose registers or a register and a memory location. If a memory operand is referenced, the processors locking protocol is automatically implemented for the duration of the exchange operation, regardless of the presence or absence of the LOCK prefix or of the value of the IOPL. Refer to the LOCK prefix description in this chapter for more information on the locking protocol. This instruction is useful for implementing semaphores or similar data structures for process synchronization. Refer to Section 7.1.2., Bus Locking in Chapter 7, Multiple-Processor Management of the Intel Architecture Software Developers Manual, Volume 3, for more information on bus locking. The XCHG instruction can also be used instead of the BSWAP instruction for 16-bit operands. Operation
TEMP DEST DEST SRC SRC TEMP

Flags Affected None.

3-714

INSTRUCTION SET REFERENCE

XCHGExchange Register/Memory with Register (Continued)

Protected Mode Exceptions #GP(0) If either operand is in a nonwritable segment. If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register contains a null segment selector. #SS(0) #PF(fault-code) #AC(0) If a memory operand effective address is outside the SS segment limit. If a page fault occurs. If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-715

INSTRUCTION SET REFERENCE

XLAT/XLATBTable Look-up Translation

Opcode D7 D7 Instruction XLAT m8 XLATB Description Set AL to memory byte DS:[(E)BX + unsigned AL] Set AL to memory byte DS:[(E)BX + unsigned AL]

Description This instruction locates a byte entry in a table in memory, using the contents of the AL register as a table index, then copies the contents of the table entry back into the AL register. The index in the AL register is treated as an unsigned integer. The XLAT and XLATB instructions get the base address of the table in memory from either the DS:EBX or the DS:BX registers (depending on the address-size attribute of the instruction, 32 or 16, respectively). The DS segment may be overridden with a segment override prefix. At the assembly-code level, two forms of this instruction are allowed: the explicit-operand form and the no-operand form. The explicit-operand form (specified with the XLAT mnemonic) allows the base address of the table to be specified explicitly with a symbol. This explicit-operands form is provided to allow documentation; however, note that the documentation provided by this form can be misleading. That is, the symbol does not have to specify the correct base address. The base address is always specified by the DS:(E)BX registers, which must be loaded correctly before the XLAT instruction is executed. The no-operands form (XLATB) provides a short form of the XLAT instructions. Here also the processor assumes that the DS:(E)BX registers contain the base address of the table. Operation
IF AddressSize = 16 THEN AL (DS:BX + ZeroExtend(AL)) ELSE (* AddressSize = 32 *) AL (DS:EBX + ZeroExtend(AL)); FI;

XORLogical Exclusive OR (Continued)

Real-Address Mode Exceptions #GP #SS If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If a memory operand effective address is outside the SS segment limit.

3-719

INSTRUCTION SET REFERENCE

XORPSBit-wise Logical Xor for Single-FP Data

Opcode 0F,57,/r Instruction XORPS xmm1, xmm2/m128 Description XOR 128 bits from XMM2/Mem to XMM1 register.

Description The XORPS instruction returns a bit-wise logical XOR between XMM1 and XMM2/Mem.

Xmm1

<
Xmm2/ m128 Xmm1

<
=

Figure 3-101. Operation of the XORPS Instruction

Operation
DEST[127-0] = DEST/m128[127-0] XOR SRC/m128[127-0]

Intel C/C++ Compiler Intrinsic Equivalent

__m128 _mm_xor_ps(__m128 a, __m128 b)

Computes bitwise EXOR (exclusive-or) of the four SP FP values of a and b. Exceptions General protection exception if not aligned on 16-byte boundary, regardless of segment.

3-720

INSTRUCTION SET REFERENCE

XORPSBit-wise Logical Xor for Single-FP Data (Continued)

Numeric Exceptions None. Protected Mode Exceptions #GP(0) #SS(0) #PF(fault-code) #UD #NM #UD #UD For an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. For an illegal address in the SS segment. For a page fault. If CR0.EM = 1. If TS bit in CR0 is set. If CR4.OSFXSR(bit 9) = 0. If CPUID.XMM(EDX bit 25) = 0.

Virtual 8086 Mode Exceptions Same exceptions as in Real Address Mode. #PF(fault-code) Comments The usage of Repeat Prefix (F3H) with XORPS is reserved. Different processor implementations may handle this prefix differently. Usage of this prefix with XORPS risks incompatibility. For a page fault.

3-721

INSTRUCTION SET REFERENCE

3-722

A
Opcode Map

APPENDIX A OPCODE MAP

The opcode tables in this chapter are provided to aid in interpreting Intel Architecture object code. The instructions are divided into three encoding groups: 1-byte opcode encodings, 2-byte opcode encodings, and escape (floating-point) encodings. The 1- and 2-byte opcode encodings are used to encode integer, system, MMX technology, and Streaming SIMD Extensions. The opcode maps for these instructions are given in Table A-2 through A-6. Section A.2.1., OneByte Opcode Instructions through Section A.2.5., Opcode Extensions For One- And Two-byte Opcodes give instructions for interpreting 1- and 2-byte opcode maps. The escape encodings are used to encode floating-point instructions. The opcode maps for these instructions are given in Table A-7 through A-22. Section A.2.6., Escape Opcode Instructions gives instructions for interpreting the escape opcode maps. The opcode tables in this section aid in interpreting Pentium processor object code. Use the four high-order bits of the opcode as an index to a row of the opcode table; use the four loworder bits as an index to a column of the table. If the opcode is 0FH, refer to the 2-byte opcode table and use the second byte of the opcode to index the rows and columns of that table. The escape (ESC) opcode tables for floating-point instructions identify the eight high-order bits of the opcode at the top of each page. If the accompanying ModR/M byte is in the range 00H through BFH, bits 3 through 5 identified along the top row of the third table on each page, along with the REG bits of the ModR/M, determine the opcode. ModR/M bytes outside the range 00H through BFH are mapped by the bottom two tables on each page. Refer to Chapter 2, Instruction Format for detailed information on the ModR/M byte, register values, and the various addressing forms.

A.1. KEY TO ABBREVIATIONS

Operands are identified by a two-character code of the form Zz. The first character, an uppercase letter, specifies the addressing method; the second character, a lowercase letter, specifies the type of operand.

A.1.1.
A

Codes for Addressing Method

Direct address. The instruction has no ModR/M byte; the address of the operand is encoded in the instruction; and no base register, index register, or scaling factor can be applied (for example, far JMP (EA)). The reg field of the ModR/M byte selects a control register (for example, MOV (0F20, 0F22)).

The following abbreviations are used for addressing methods:

A-1

OPCODE MAP

D E

The reg field of the ModR/M byte selects a debug register (for example, MOV (0F21,0F23)). A ModR/M byte follows the opcode and specifies the operand. The operand is either a general-purpose register or a memory address. If it is a memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, a displacement. EFLAGS Register. The reg field of the ModR/M byte selects a general register (for example, AX (000)). Immediate data. The operand value is encoded in subsequent bytes of the instruction. The instruction contains a relative offset to be added to the instruction pointer register (for example, JMP (0E9), LOOP). The ModR/M byte may refer only to memory (for example, BOUND, LES, LDS, LSS, LFS, LGS, CMPXCHG8B). The instruction has no ModR/M byte; the offset of the operand is coded as a word or double word (depending on address size attribute) in the instruction. No base register, index register, or scaling factor can be applied (for example, MOV (A0A3)). The reg field of the ModR/M byte selects a packed quadword MMX technology register. A ModR/M byte follows the opcode and specifies the operand. The operand is either an MMX technology register or a memory address. If it is a memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, and a displacement. The mod field of the ModR/M byte may refer only to a general register (for example, MOV (0F20-0F24, 0F26)). The reg field of the ModR/M byte selects a segment register (for example, MOV (8C,8E)). The reg field of the ModR/M byte selects a test register (for example, MOV (0F24,0F26)). The reg field of the ModR/M byte selects a packed SIMD floating-point register. An ModR/M byte follows the opcode and specifies the operand. The operand is either a SIMD floating-point register or a memory address. If it is a memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, and a displacement Memory addressed by the DS:SI register pair (for example, MOVS, CMPS, OUTS, or LODS). Memory addressed by the ES:DI register pair (for example, MOVS, CMPS, INS, STOS, or SCAS).

F G I J M O

P Q

R S T V W

X Y

A-2

OPCODE MAP

A.1.2.
a b c d dq p pi ps q s ss si v w

Codes for Operand Type

Two one-word operands in memory or two double-word operands in memory, depending on operand-size attribute (used only by the BOUND instruction). Byte, regardless of operand-size attribute. Byte or word, depending on operand-size attribute. Doubleword, regardless of operand-size attribute. Double-quadword, regardless of operand-size attribute. 32-bit or 48-bit pointer, depending on operand-size attribute. Quadword MMX technology register (e.g. mm0) 128-bit packed FP single-precision data. Quadword, regardless of operand-size attribute. 6-byte pseudo-descriptor. Scalar element of a 128-bit packed FP single-precision data. Doubleword integer register (e.g., eax) Word or doubleword, depending on operand-size attribute. Word, regardless of operand-size attribute.

The following abbreviations are used for operand types:

A.1.3.

When an operand is a specific register encoded in the opcode, the register is identified by its name (for example, AX, CL, or ESI). The name of the register indicates whether the register is 32, 16, or 8 bits wide. A register identifier of the form eXX is used when the width of the register depends on the operand-size attribute. For example, eAX indicates that the AX register is used when the operand-size attribute is 16, and the EAX register is used when the operand-size attribute is 32.

A.2. OPCODE LOOK-UP EXAMPLES

This section provides several examples to demonstrate how the following opcode maps are used. Refer to the introduction to Chapter 3, Instruction Set Reference, in the Intel Architecture Software Developers Manual, Volume 2 for detailed information on the ModR/M byte, register values, and the various addressing forms.

A-3

OPCODE MAP

A.2.1.

One-Byte Opcode Instructions

The opcode maps for 1-byte opcodes are shown in Table A-2 and A-3. Looking at the 1-byte opcode maps, the instruction and its operands can be determined from the hexadecimal opcode. For example:
Opcode: 030500000000H
LSB address 03 05 00 00 00 MSB address 00

Opcode 030500000000H for an ADD instruction can be interpreted from the 1-byte opcode map as follows. The first digit (0) of the opcode indicates the row, and the second digit (3) indicates the column in the opcode map tables. The first operand (type Gv) indicates a general register that is a word or doubleword depending on the operand-size attribute. The second operand (type Ev) indicates that a ModR/M byte follows that specifies whether the operand is a word or doubleword general-purpose register or a memory address. The ModR/M byte for this instruction is 05H, which indicates that a 32-bit displacement follows (00000000H). The reg/opcode portion of the ModR/M byte (bits 3 through 5) is 000, indicating the EAX register. Thus, it can be determined that the instruction for this opcode is ADD EAX, mem_op, and the offset of mem_op is 00000000H. Some 1- and 2-byte opcodes point to group numbers. These group numbers indicate that the instruction uses the reg/opcode bits in the ModR/M byte as an opcode extension (refer to Section A.2.5., Opcode Extensions For One- And Two-byte Opcodes).

A.2.2.

Two-Byte Opcode Instructions

Instructions that begin with 0FH can be found in the two-byte opcode maps given in Table A-4 and A-5. The second opcode byte is used to reference a particular row and column in the tables. For example, the opcode 0FA4050000000003H is located on the two-byte opcode map in row A, column 4. This opcode indicates a SHLD instruction with the operands Ev, Gv, and Ib. These operands are defined as follows: Ev Gv Ib The ModR/M byte follows the opcode to specify a word or doubleword operand The reg field of the ModR/M byte selects a general-purpose register Immediate data is encoded in the subsequent byte of the instruction.

The third byte is the ModR/M byte (05H). The mod and opcode/reg fields indicate that a 32-bit displacement follows, located in the EAX register, and is the source. The next part of the opcode is the 32-bit displacement for the destination memory operand (00000000H), and finally the immediate byte representing the count of the shift (03H). By this breakdown, it has been shown that this opcode represents the instruction:
SHLD DS:00000000H, EAX, 3

A-4

OPCODE MAP

The next part of the SHLD opcode is the 32-bit displacement for the destination memory operand (00000000H), which is followed by the immediate byte representing the count of the shift (03H). By this breakdown, it has been shown that the opcode 0FA4050000000003H represents the instruction:
SHLD DS:00000000H, EAX, 3.

Lower case is used in the following tables to highlight the mnemonics added by MMX technology and Streaming SIMD Extensions.

A.2.3.

Opcode Map Shading

Table A-2 contains notes on particular encodings. These notes are indicated in the following Opcode Maps (Table A-2 through A-6) by superscripts. For the One-byte Opcode Maps (Table A-2 through A-3), grey shading indicates instruction groupings.

A.2.4.

Opcode Map Notes

Table A-1 contains notes on particular encodings. These notes are indicated in the following Opcode Maps (Table A-2 through A-6) by superscripts.

Table A-1. Notes on Instruction Set Encoding Tables

Symbol 1A 1B Note Bits 5, 4, and 3 of ModR/M byte used as an opcode extension (refer to Section A.2.5., Opcode Extensions For One- And Two-byte Opcodes). These abbreviations are not actual mnemonics. When shifting by immediate shift counts, the PSHIMD mnemonic represents the PSLLD, PSRAD, and PSRLD instructions, PSHIMW represents the PSLLW, PSRAW, and PSRLW instructions, and PSHIMQ represents the PSLLQ and PSRLQ instructions. The instructions that shift by immediate counts are differentiated by ModR/M bytes (refer to Section A.2.5., Opcode Extensions For One- And Two-byte Opcodes). Use the 0F0B opcode (UD2 instruction) or the 0FB9H opcode when deliberately trying to generate an invalid opcode exception (#UD). Some instructions added in the Pentium III processor may use the same two-byte opcode. If the instruction has variations, or the opcode represents different instructions, the ModR/M byte will be used to differentiate the instruction. For the value of the ModR/M byte needed to completely decode the instruction, see Table A-6. (These instructions include SFENCE, STMXCSR, LDMXCSR, FXRSTOR, and FXSAVE, as well as PREFETCH and its variations.)

1C 1D

A-5

OPCODE MAP

Table A-2. One-byte Opcode Map (Left)

0 0 1 2 ADD Eb, Gb Ev, Gv Gb, Eb ADC Eb, Gb Ev, Gv Gb, Eb AND Eb, Gb Ev, Gv Gb, Eb XOR Eb, Gb Ev, Gv Gb, Eb Gb, Ev AL, Ib eAX, Iv Gv, Ev AL, Ib eAX, Iv Gv, Ev AL, Ib eAX, Iv Gv, Ev AL, Ib eAX, Iv 3 4 5 6 PUSH ES PUSH SS SEG=ES 7 POP ES POP SS DAA

SEG=SS

AAA

INC general register eAX eCX eDX eBX eSP eBP eSI eDI

5 6 7

PUSH general register eAX PUSHA/ PUSHAD eCX POPA/ POPAD eDX BOUND Gv, Ma eBX ARPL Ew, Gw eSP SEG=FS eBP SEG=GS eSI Opd Size eDI Addr Size

Jcc, Jb - Short-displacement jump on condition O NO B/NAE/C NB/AE/NC Z/E TEST Ev, Ib Eb, Gb Ev, Gv Eb, Gb NZ/NE BE/NA XCHG Ev, Gv NBE/A Immediate Grp 11A Eb, Ib NOP Ev, Iv Ev, Ib

XCHG word or double-word register with eAX eCX MOV eDX eBX eSP MOVS/ MOVSB Xb, Yb eBP MOVS/ MOVSW/ MOVSD Xv, Yv eSI CMPS/ CMPSB Xb, Yb eDI CMPS/ CMPSW/ CMPSD Xv, Yv

AL, Ob

eAX, Ov

Ob, AL

Ov, eAX

MOV immediate byte into byte register AL Shift Grp 21A Eb, Ib Ev, Ib CL DL RETN Iw BL RETN AH LES Gv, Mp AAM Ib IN AL, Ib HLT eAX, Ib CMC Ib, AL CH LDS Gv, Mp AAD Ib OUT Ib, eAX DH BH Grp 111A - MOV Eb, Ib Ev, Iv XLAT/ XLATB

Shift Grp 21A Eb, 1 LOOPNE/ LOOPNZ Jb LOCK Ev, 1 LOOPE/ LOOPZ Jb Eb, CL LOOP Jb REPNE Ev, CL JCXZ/ JECXZ Jb REP/ REPE

Unary Grp 31A Eb Ev

A-6

OPCODE MAP

Table A-3. One-byte Opcode Map (Right)

8 9 A OR Eb, Gb Eb, Gb Eb, Gb Eb, Gb eAX eAX PUSH Iv Ev, Gv Ev, Gv Ev, Gv Ev, Gv eCX eCX IMUL Gv, Ev, Iv Gb, Eb SBB Gb, Eb SUB Gb, Eb CMP Gb, Eb eDX eDX PUSH Ib Gv, Ev eBX eBX IMUL Gv, Ev, Ib AL, Ib eSP eSP INS/ INSB Yb, DX eAX, Iv eBP eBP INS/ INSW/ INSD Yv, DX NL/GE LEA Gv, M POPF/ POPFD Fv LODS/ LODSW/ LODSD eAX, Xv eBP INT Ib IN short Jb STI AL, DX CLD eAX, DX STD DX, AL INC/DEC Grp 41A DEC general register eSI eSI OUTS/ OUTSB DX, Xb eDI eDI OUTS/ OUTSW/ OUTSD DX, Xv NLE/G POP Ev LAHF SCAS/ SCASW/ SCASD eAX, Xv eDI IRET POP into general register Gv, Ev AL, Ib eAX, Iv Gv, Ev AL, Ib eAX, Iv Gv, Ev AL, Ib eAX, Iv B C D E PUSH CS PUSH DS SEG=CS SEG=DS F 2-byte escape 0

POP DS DAS AAS

1 2 3 4 5

Jcc, Jb- Short displacement jump on condition S Eb, Gb CBW/ CWDE TEST AL, Ib eAX, Iv NS MOV Ev, Gv CWD/ CDQ Gb, Eb CALLF Ap STOS/ STOSB Yb, AL Gv, Ev FWAIT/ WAIT STOS/ STOSW/ STOSD Yv, eAX eBX RETF P/PE NP/PO L/NGE MOV Ew, Sw PUSHF/ PUSHFD Fv LODS/ LODSB AL, Xb LE/NG MOV Sw, Ew SAHF SCAS/ SCASB AL, Yb

7 8

MOV immediate word or double into word or double register eAX ENTER Iw, Ib eCX LEAVE eDX RETF Iw JMP near JV STC far AP CLI eSP INT 3 eSI INTO

B C D

ESC (Escape to coprocessor instruction set) CALL Jv CLC OUT DX, eAX INC/DEC Grp 51A

GENERAL NOTE: All blanks in the opcode maps A-2 and A-3 are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A-7

OPCODE MAP

Table A-4. Two-byte Opcode Map (Left) (First Byte is OFH)

0 0 Grp 61A movups Vps, Wps movss (F3) Vss, Wss MOV Rd, Cd WRMSR 1 Grp 71A movups Wps, Vps movss (F3) Wss, Vss MOV Rd, Dd RDTSC 2 LAR Gv, Ew movlps Wq, Vq movhlps Vq, Vq MOV Cd, Rd RDMSR 3 LSL Gv, Ew movlps Vq, Wq unpcklps Vps, Wq unpckhps Vps, Wq 4 5 6 CLTS movhps Vq, Wq movlhps Vq, Vq 7

movhps Wq, Vq

2 3

MOV Dd, Rd RDPMC SYSENTER SYSEXIT

CMOVcc, (Gv, Ev) - Conditional Move O movmskps Ed, Vps NO sqrtps Vps, Wps sqrtss (F3) Vss, Wss punpcklwd Pq, Qd pshimw1B Pq, Qq (Grp 121A) B/C/NAE rsqrtps Vps, Wps rsqrtss (F3) Vss, Wss punpckldq Pq, Qd pshimd1B Pq, Qq (Grp 131A) AE/NB/NC rcpps Vps, Wps rcpss (F3) Vss, Wss packsswb Pq, Qq pshimq1B Pq, Qq (Grp 141A) E/Z andps Vps, Wps NE/NZ andnps Vps, Wps BE/NA orps Vps, Wps A/NBE xorps Vps, Wps

punpcklbw Pq, Qd

pcmpgtb Pq, Qq

pcmpgtw Pq, Qq

pcmpgtd Pq, Qq

packuswb Pq, Qq

pshufw Pq, Qq, Ib

pcmpeqb Pq, Qq

pcmpeqw Pq, Qq

pcmpeqd Pq, Qq

emms

Jcc, Jv - Long-displacement jump on condition O NO B/C/NAE AE/NB/NC E/Z NE/NZ BE/NA A/NBE

SETcc, Eb - Byte Set on condition O PUSH FS CMPXCHG Eb, Gb Ev, Gv NO POP FS B/C/NAE CPUID LSS Mp cmpps Vps, Wps, Ib cmpss (F3) Vss, Wss, Ib psrld Pq, Qq (Grp 131A) psrad Pq, Qq (Grp 131A) pslld Pq, Qq (Grp 131A) psrlq Pq, Qq (Grp 141A) pavgw Pq, Qq psllq Pq, Qq (Grp 141A) pmulhuw Pq, Qq AE/NB/NC BT Ev, Gv BTR Ev, Gv E/Z SHLD Ev, Gv, Ib LFS Mp pinsrw Pq, Ed, Ib NE/NZ SHLD Ev, Gv, CL LGS Mp pextrw Gd, Pq, Ib MOVZX Gv, Eb shufps Vps, Wps, Ib Gv, Ew BE/NA A/NBE

XADD Eb, Gb

XADD Ev, Gv

Grp 91A

D pavgb Pq, Qq

psrlw Pq, Qq (Grp 121A) psraw Pq, Qq (Grp 121A) psllw Pq, Qq (Grp 121A)

pmullw Pq, Qq pmulhw Pq, Qq pmaddwd Pq, Qq psadbw Pq, Qq

pmovmskb Gd, Pq movntq Wq, Vq maskmovq Ppi, Qpi

GENERAL NOTE: All blanks in the opcode maps A-4 and A-5 are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A-8

OPCODE MAP

Table A-5. Two-byte Opcode Map (Right) (First Byte is OFH)

8 INVD Prefetch (Grp 161A) movaps Vps, Wps
1D

9 WBINVD

B 2-byte Illegal Opcodes UD21C

F 0

1 cvtpi2ps Vps, Qq cvtsi2ss (F3) Vss, Ed cvttps2pi Qq, Wps cvttss2si (F3) Gd, Wss cvtps2pi Qq, Wps cvtss2si (F3) Gd, Wss

movaps Wps, Vps

movntps Wps, Vps

ucomiss Vss, Wss

comiss Vps, Wps

3 CMOVcc(Gv, Ev) - Conditional Move S addps Vps, Wps addss (F3) Vss, Wss punpckhbw Pq, Qd NS mulps Vps, Wps mulss (F3) Vss, Wss punpckhwd Pq, Qd punpckhdq Pq, Qd MMX UD packssdw Pq, Qd P/PE NP/PO L/NGE subps Vps, Wps subss (F3) Vss, Wss NL/GE minps Vps, Wps minss (F3) Vss, Wss LE/NG divps Vps, Wps divss (F3) Vss, Wss movd Pd, Ed movd Ed, Pd NLE/G maxps Vps, Wps maxss (F3) Vss, Wss movq Pq, Qq movq Qq, Pq 4

Jcc, Jv - Long-displacement jump on condition S NS P/PE NP/PO L/NGE NL/GE LE/NG NLE/G

SETcc, Eb - Byte Set on condition S PUSH GS NS POP GS Grp Invalid Opcode1C 101A P/PE RSM Grp 81A Ev, Ib NP/PO BTS Ev, Gv BTC Ev, Gv BSWAP EAX psubusb Pq, Qq psubsb Pq, Qq psubb Pq, Qq ECX psubusw Pq, Qq psubsw Pq, Qq psubw Pq, Qq EDX pminub Pq, Qq pminsw Pq, Qq psubd Pq, Qq EBX pand Pq, Qq por Pq, Qq ESP paddusb Pq, Qq paddsb Pq, Qq paddb Pq, Qq EBP paddusw Pq, Qq paddsw Pq, Qq paddw Pq, Qq ESI pmaxub Pq, Qq pmaxsw Pq, Qq paddd Pq, Qq EDI pandn Pq, Qq pxor Pq, Qq L/NGE SHRD Ev, Gv, Ib BSF Gv, Ev NL/GE SHRD Ev, Gv, CL BSR Gv, Ev LE/NG (Grp 151A)1D MOVSX Gv, Eb Gv, Ew NLE/G IMUL Gv, Ev

9 A

A-9

OPCODE MAP

A.2.5.

Opcode Extensions For One- And Two-byte Opcodes

Some of the 1-byte and 2-byte opcodes use bits 5, 4, and 3 of the ModR/M byte (the nnn field in Figure A-1) as an extension of the opcode. Those opcodes that have opcode extensions are indicated in Table A-6 with group numbers (Group 1, Group 2, etc.). The group numbers (ranging from 1 to A) provide an entry point into Table A-6 where the encoding of the opcode extension field can be found. For example, the ADD instruction with a 1-byte opcode of 80H is a Group 1 instruction. Table A-6 indicates that the opcode extension that must be encoded in the ModR/M byte for this instruction is 000B.
mod nnn R/M

Figure A-1. ModR/M Byte nnn Field (Bits 5, 4, and 3)

A-10

OPCODE MAP

Table A-6. Opcode Extensions for One- and Two-byte Opcodes by Group Number
Encoding of Bits 5,4,3 of the ModR/M Byte
Opcode
80-83 C0, C1 reg, imm D0, D1 reg, 1 D2, D3 reg, CL F6, F7 FE FF OF OO OF O1 OF BA

Group
1 2

Mod 7,6
mem11 mem11

000
ADD ROL

001
OR ROR

010
ADC RCL

011
SBB RCR

100
AND SHL/SAL

101
SUB SHR

110
XOR

111
CMP SAR

3 4 5 6 7 8

mem11 mem11 mem11 mem11 mem11 mem11 mem

TEST Ib/Iv INC Eb INC Ev SLDT Ew SGDT Ms DEC Eb DEC Ev STR Ew SIDT Ms

NOT

NEG

MUL AL/eAX

IMUL AL/eAX

DIV AL/eAX

IDIV AL/eAX

CALLN Ev LLDT Ew LGDT Ms

CALLF Ep LTR Ew LIDT Ms

JMPN Ev VERR Ew SMSW Ew BT

JMPF Ep VERW Ew

PUSH Ev

LMSW Ew BTS BTR

INVLPG Mb BTC

OF C7

9 11 mem

CMPXCH8 B Mq

OF B9

10 11

C6 11 C7

mem 11 mem

MOV Ev, Iv MOV Ev, Iv

OF 71

12 11 mem

psrlw Pq, Ib

psraw Pq, Ib

psllw Pq, Ib

OF 72

13 11 mem

psrld Pq, Ib

psrad Pq, Ib

pslld Pq, Ib

OF 73

14 11 mem fxsave fxrstor

psrlq Pq, Ib ldmxcsr stmxcsr

psllq Pq, Ib

OF AE

15 11 mem prefetch NTA prefetch T0 prefetch T1 prefetch T2 sfence

OF 18

16 11

GENERAL NOTE: All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A-11

OPCODE MAP

A.2.6.

Escape Opcode Instructions

The opcode maps for the escape instruction opcodes (floating-point instruction opcodes) are given in Table A-7 through A-22. These opcode maps are grouped by the first byte of the opcode from D8 through DF. Each of these opcodes has a ModR/M byte. If the ModR/M byte is within the range of 00H through BFH, bits 5, 4, and 3 of the ModR/M byte are used as an opcode extension, similar to the technique used for 1-and 2-byte opcodes (refer to Section A.2.5., Opcode Extensions For One- And Two-byte Opcodes). If the ModR/M byte is outside the range of 00H through BFH, the entire ModR/M byte is used as an opcode extension. A.2.6.1. OPCODES WITH MODR/M BYTES IN THE 00H THROUGH BFH RANGE

The opcode DD0504000000H can be interpreted as follows. The instruction encoded with this opcode can be located in Section A.2.6.8., Escape Opcodes with DD as First Byte. Since the ModR/M byte (05H) is within the 00H through BFH range, bits 3 through 5 (000) of this byte indicate the opcode to be for an FLD double-real instruction (refer to Table A-9). The doublereal value to be loaded is at 00000004H, which is the 32-bit displacement that follows and belongs to this opcode. A.2.6.2. OPCODES WITH MODR/M BYTES OUTSIDE THE 00H THROUGH BFH RANGE

The opcode D8C1H illustrates an opcode with a ModR/M byte outside the range of 00H through BFH. The instruction encoded here, can be located in Section A.2.5., Opcode Extensions For One- And Two-byte Opcodes. In Table A-8, the ModR/M byte C1H indicates row C, column 1, which is an FADD instruction using ST(0), ST(1) as the operands. A.2.6.3. ESCAPE OPCODES WITH D8 AS FIRST BYTE

Table A-7 and A-8 contain the opcodes maps for the escape instruction opcodes that begin with D8H. Table A-7 shows the opcode map if the accompanying ModR/M byte within the range of 00H through BFH. Here, the value of bits 5, 4, and 3 (the nnn field in Figure A-1) selects the instruction.
Table A-7. D8 Opcode Map When ModR/M Byte is Within 00H to BFH1
nnn Field of ModR/M Byte (refer to Figure A.2.5.) 000 FADD single-real 001 FMUL single-real 010 FCOM single-real 011 FCOMP single-real 100 FSUB single-real 101 FSUBR single-real 110 FDIV single-real 111 FDIVR single-real

A-12

OPCODE MAP

Table A-8 shows the opcode map if the accompanying ModR/M byte is outside the range of 00H to BFH. In this case the first digit of the ModR/M byte selects the row in the table and the second digit selects the column.
Table A-8. D8 Opcode Map When ModR/M Byte is Outside 00H to BFH1
0 C 1 2 3 FADD
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

D
ST(0),ST(0) ST(0),ST(1) ST(0),T(2)

FCOM
ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FSUB
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FDIV
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

8 C

B FMUL

ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

D
ST(0),ST(0) ST(0),ST(1) ST(0),T(2)

FCOMP
ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FSUBR
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FDIVR
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

A-13

OPCODE MAP

A.2.6.4.

ESCAPE OPCODES WITH D9 AS FIRST BYTE

Table A-9 and A-10 contain opcodes maps for escape instruction opcodes that begin with D9H. Table A-9 shows the opcode map if the accompanying ModR/M byte is within the range of 00H through BFH. Here, the value of bits 5, 4, and 3 (the Figure A-1 nnn field) selects the instruction.
Table A-9. D9 Opcode Map When ModR/M Byte is Within 00H to BFH1.
nnn Field of ModR/M Byte (refer to Figure A-1) 000 FLD single-real 001 010 FST single-real 011 100 101 FLDCW 2 bytes 110 FSTENV 14/28 bytes 111 FSTCW 2 bytes FSTP FLDENV single-real 14/28 bytes

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

Table A-10 shows the opcode map if the accompanying ModR/M byte is outside the range of 00H to BFH. In this case the first digit of the ModR/M byte selects the row in the table and the second digit selects the column.

A-14

OPCODE MAP

Table A-10. D9 Opcode Map When ModR/M Byte is Outside 00H to BFH1
0 C D E F FNOP FCHS F2XM1 FABS FYL2X FPTAN FPATAN FTST FXTRACT FXAM FPREM1 FDECSTP FINCSTP 1 2 3 FLD ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7) 4 5 6 7

8 C D E F FLD1 FPREM

B FXCH

ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FLDL2T FYL2XP1

FLDL2E FSQRT

FLDPI FSINCOS

FLDLG2 FRNDINT

FLDLN2 FSCALE

FLDZ FSIN FCOS

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A.2.6.5.

ESCAPE OPCODES WITH DA AS FIRST BYTE

Table A-11 and A-12 contain the opcodes maps for the escape instruction opcodes that begin with DAH. Table A-11 shows the opcode map if the accompanying ModR/M byte within the range of 00H through BFH. Here, the value of bits 5, 4, and 3 (the nnn field in Figure A-1) selects the instruction.
Table A-11. DA Opcode Map When ModR/M Byte is Within 00H to BFH1
nnn Field of ModR/M Byte (refer to Figure A-1) 000 001 010 011 100 101 110 111

FIADD FIMUL FICOM FICOMP FISUB FISUBR FIDIV FIDIVR dword-integer dword-integer dword-integer dword-integer dword-integer dword-integer dword-integer dword-integer

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A-15

OPCODE MAP

Table A-12 shows the opcode map if the accompanying ModR/M byte is outside the range of 00H to BFH. In this case the first digit of the ModR/M byte selects the row in the table and the second digit selects the column.
Table A-12. DA Opcode Map When ModR/M Byte is Outside 00H to BFH1
0 C 1 2 3 FCMOVB
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FCMOVBE
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

8 C

B FCMOVE

ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FCMOVU
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FUCOMPP

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A.2.6.6.

ESCAPE OPCODES WITH DB AS FIRST BYTE

Table A-13 and A-14 contain the opcodes maps for the escape instruction opcodes that begin with DBH. Table A-13 shows the opcode map if the accompanying ModR/M byte within the range of 00H through BFH. Here, the value of bits 5, 4, and 3 (the nnn field in Figure A-1) selects the instruction.

A-16

OPCODE MAP

Table A-13. DB Opcode Map When ModR/M Byte is Within 00H to BFH1
nnn Field of ModR/M Byte (refer to Figure A-1) 000
FILD dword-integer

001

010

011

100

101
FLD extended-real

110

111
FSTP extended-real

FIST FISTP dword-integer dword-integer

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

Table A-14 shows the opcode map if the accompanying ModR/M byte is outside the range of 00H to BFH. In this case the first digit of the ModR/M byte selects the row in the table and the second digit selects the column.
Table A-14. DB Opcode Map When ModR/M Byte is Outside 00H to BFH1
0 C 1 2 3 FCMOVNB
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FCMOVNBE
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FCLEX

FINIT

FCOMI
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

8 C

FCMOVNE
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FCMOVNU
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

FUCOMI
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A-17

OPCODE MAP

A.2.6.7.

ESCAPE OPCODES WITH DC AS FIRST BYTE

Table A-15 and A-16 contain the opcodes maps for the escape instruction opcodes that begin with DCH. Table A-15 shows the opcode map if the accompanying ModR/M byte within the range of 00H through BFH. Here, the value of bits 5, 4, and 3 (the nnn field in Figure A-1) selects the instruction.
Table A-15. DC Opcode Map When ModR/M Byte is Within 00H to BFH1
nnn Field of ModR/M Byte (refer to Figure A-1) 000
FADD double-real

001
FMUL double-real

010
FCOM double-real

011
FCOMP double-real

100
FSUB double-real

101
FSUBR double-real

110
FDIV double-real

111
FDIVR double-real

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

Table A-16 shows the opcode map if the accompanying ModR/M byte is outside the range of 00H to BFH. In this case the first digit of the ModR/M byte selects the row in the table and the second digit selects the column.

A-18

OPCODE MAP

Table A-16. DC Opcode Map When ModR/M Byte is Outside 00H to BFH4
0 C 1 2 3 FADD
ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

FSUBR
ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

FDIVR
ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

8 C

B FMUL

ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

FSUB
ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

FDIV
ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A.2.6.8.

ESCAPE OPCODES WITH DD AS FIRST BYTE

Table A-17 and A-18 contain the opcodes maps for the escape instruction opcodes that begin with DDH. Table A-17 shows the opcode map if the accompanying ModR/M byte within the range of 00H through BFH. Here, the value of bits 5, 4, and 3 (the nnn field in Figure A-1) selects the instruction.

A-19

OPCODE MAP

Table A-17. DD Opcode Map When ModR/M Byte is Within 00H to BFH1
nnn Field of ModR/M Byte (refer to Figure A-1) 000
FLD double-real

001

010
FST double-real

011
FSTP double-real

100
FRSTOR 98/108bytes

101

110
FSAVE 98/108bytes

111
FSTSW 2 bytes

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

Table A-18 shows the opcode map if the accompanying ModR/M byte is outside the range of 00H to BFH. In this case the first digit of the ModR/M byte selects the row in the table and the second digit selects the column.
Table A-18. DD Opcode Map When ModR/M Byte is Outside 00H to BFH1
0 C ST(0) D ST(0) E ST(1) ST(2) ST(3) ST(1) ST(2) 1 2 3 FFREE ST(3) FST ST(4) ST(5) ST(6) ST(7) ST(4) ST(5) ST(6) ST(7) 4 5 7

FUCOM
ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

8 C

D ST(0) E ST(0) F ST(1) ST(2) ST(1) ST(2) ST(3)

FSTP ST(4) ST(5) ST(6) ST(7)

FUCOMP ST(3) ST(4) ST(5) ST(6) ST(7)

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A-20

OPCODE MAP

A.2.6.9.

ESCAPE OPCODES WITH DE AS FIRST BYTE

Table A-19 and A-20 contain the opcodes maps for the escape instruction opcodes that begin with DEH. Table A-19 shows the opcode map if the accompanying ModR/M byte within the range of 00H through BFH. Here, the value of bits 5, 4, and 3 (the nnn field in Figure A-1) selects the instruction.
Table A-19. DE Opcode Map When ModR/M Byte is Within 00H to BFH1
nnn Field of ModR/M Byte (refer to Figure A-1) 000
FIADD word-integer

001

010

011

100

101

110

111
FIDIVR word-integer

FIMUL FICOM FICOMP FISUB FISUBR FIDIV word-integer word-integer word-integer word-integer word-integer word-integer

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

Table A-20 shows the opcode map if the accompanying ModR/M byte is outside the range of 00H to BFH. In this case the first digit of the ModR/M byte selects the row in the table and the second digit selects the column.

A-21

OPCODE MAP

Table A-20. DE Opcode Map When ModR/M Byte is Outside 00H to BFH1
0 C 1 2 3 FADDP
ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

FSUBRP
ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

FDIVRP ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

8 C

B FMULP

ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

FCOMPP

FSUBP
ST(0),ST(0) ST(1),ST(0) ST(2),ST(0) ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

FDIVP
ST(0),ST(0) ST(1),ST(0) ST(2),ST(0). ST(3),ST(0) ST(4),ST(0) ST(5),ST(0) ST(6),ST(0) ST(7),ST(0)

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A.2.6.10.

ESCAPE OPCODES WITH DF AS FIRST BYTE

Table A-21 and A-22 contain the opcodes maps for the escape instruction opcodes that begin with DFH. Table A-21 shows the opcode map if the accompanying ModR/M byte within the range of 00H through BFH. Here, the value of bits 5, 4, and 3 (the nnn field in Figure A-1) selects the instruction.

A-22

OPCODE MAP

Table A-21. DF Opcode Map When ModR/M Byte is Within 00H to BFH1
nnn Field of ModR/M Byte (refer to Figure A-1) 000
FILD word-integer

001

010

011

100

101

110

111

FIST FISTP FBLD FILD FBSTP FISTP word-integer word-integer packed-BCD qword-integer packed-BCD qword-integer

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

Table A-22 shows the opcode map if the accompanying ModR/M byte is outside the range of 00H to BFH. In this case the first digit of the ModR/M byte selects the row in the table and the second digit selects the column.
Table A-22. DF Opcode Map When ModR/M Byte is Outside 00H to BFH1
0 C 1 2 3 4 5 7

FSTSW AX FCOMIP
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

8 C

FUCOMIP
ST(0),ST(0) ST(0),ST(1) ST(0),ST(2) ST(0),ST(3) ST(0),ST(4) ST(0),ST(5) ST(0),ST(6) ST(0),ST(7)

NOTE: 1. All blanks in the opcode map are reserved and should not be used. Do not depend on the operation of these undefined opcodes.

A-23

OPCODE MAP

A-24

B
Instruction Formats and Encodings

APPENDIX B INSTRUCTION FORMATS AND ENCODINGS

This appendix shows the formats and encodings of the Intel Architecture instructions. The main format and encoding tables are Tables B-10, B-14, B-20, and B-23.

B.1. MACHINE INSTRUCTION FORMAT

All Intel Architecture instructions are encoded using subsets of the general machine instruction format shown in Figure B-1. Each instruction consists of an opcode, a register and/or address mode specifier (if required) consisting of the ModR/M byte and sometimes the scale-index-base (SIB) byte, a displacement (if required), and an immediate data field (if required).

76543210

7 6 5 4 3 2 1 0 7-6

5-3

2-0 7-6

5-3

2-0 d32 | 16 | 8 | None d32 | 16 | 8 | None

T T T T T T T T T T T T T T T T Mod Reg* R/M Scale Index Base

Opcode 1 or 2 Bytes (T Represents an Opcode Bit) * Reg Field is sometimes used as an opcode extension field (TTT).

ModR/M Byte

SIB Byte

Address Displacement Immediate Data (4, 2, 1 Bytes or None) (4,2,1 Bytes or None)

Register and/or Address Mode Specifier

Figure B-1. General Machine Instruction Format

The primary opcode for an instruction is encoded in one or two bytes of the instruction. Some instructions also use an opcode extension field encoded in bits 5, 4, and 3 of the ModR/M byte. Within the primary opcode, smaller encoding fields may be defined. These fields vary according to the class of operation being performed. The fields define such information as register encoding, conditional test performed, or sign extension of immediate byte. Almost all instructions that refer to a register and/or memory operand have a register and/or address mode byte following the opcode. This byte, the ModR/M byte, consists of the mod field, the reg field, and the R/M field. Certain encodings of the ModR/M byte indicate that a second address mode byte, the SIB byte, must be used. If the selected addressing mode specifies a displacement, the displacement value is placed immediately following the ModR/M byte or SIB byte. If a displacement is present, the possible sizes are 8, 16, or 32 bits. If the instruction specifies an immediate operand, the immediate value follows any displacement bytes. An immediate operand, if specified, is always the last field of the instruction.

B-1

INSTRUCTION FORMATS AND ENCODINGS

Table B-1 lists several smaller fields or bits that appear in certain instructions, sometimes within the opcode bytes themselves. The following tables describe these fields and bits and list the allowable values. All of these fields (except the d bit) are shown in the integer instruction formats given in Table B-10.
Table B-1. Special Fields Within Instruction Encodings
Field Name reg w s sreg2 sreg3 eee tttn d Description General-register specifier (refer to Table B-2 or B-3) Specifies if data is byte or full-sized, where full-sized is either 16 or 32 bits (refer to Table B-4) Specifies sign extension of an immediate data field (refer to Table B-5) Segment register specifier for CS, SS, DS, ES (refer to Table B-6) Segment register specifier for CS, SS, DS, ES, FS, GS (refer to Table B-6) Specifies a special-purpose (control or debug) register (refer to Table B-7) For conditional instructions, specifies a condition asserted or a condition negated (refer to Table B-8) Specifies direction of data operation (refer to Table B-9) Number of Bits 3 1 1 2 3 3 4 1

B.1.1.

Reg Field (reg)

The reg field in the ModR/M byte specifies a general-purpose register operand. The group of registers specified is modified by the presence of and state of the w bit in an encoding (refer to Table B-4). Table B-2 shows the encoding of the reg field when the w bit is not present in an encoding, and Table B-3 shows the encoding of the reg field when the w bit is present.
Table B-2. Encoding of reg Field When w Field is Not Present in Instruction
reg Field 000 001 010 011 100 101 110 111 Register Selected during 16-Bit Data Operations AX CX DX BX SP BP SI DI Register Selected during 32-Bit Data Operations EAX ECX EDX EBX ESP EBP ESI EDI

B-2

INSTRUCTION FORMATS AND ENCODINGS

Table B-3. Encoding of reg Field When w Field is Present in Instruction

Register Specified by reg Field during 16-Bit Data Operations Function of w Field reg 000 001 010 011 100 101 110 111 When w = 0 AL CL DL BL AH CH DH BH When w = 1 AX CX DX BX SP BP SI DI reg 000 001 010 011 100 101 110 111 Register Specified by reg Field during 32-Bit Data Operations Function of w Field When w = 0 AL CL DL BL AH CH DH BH When w = 1 EAX ECX EDX EBX ESP EBP ESI EDI

B.1.2.

Encoding of Operand Size Bit (w)

The current operand-size attribute determines whether the processor is performing 16-or 32-bit operations. Within the constraints of the current operand-size attribute, the operand-size bit (w) can be used to indicate operations on 8-bit operands or the full operand size specified with the operand-size attribute (16 bits or 32 bits). Table B-4 shows the encoding of the w bit depending on the current operand-size attribute.
Table B-4. Encoding of Operand Size (w) Bit
w Bit 0 1 Operand Size When Operand-Size Attribute is 16 bits 8 Bits 16 Bits Operand Size When Operand-Size Attribute is 32 bits 8 Bits 32 Bits

B.1.3.

Sign Extend (s) Bit

The sign-extend (s) bit occurs primarily in instructions with immediate data fields that are being extended from 8 bits to 16 or 32 bits. Table B-5 shows the encoding of the s bit.
Table B-5. Encoding of Sign-Extend (s) Bit
s 0 1 None Sign-extend to fill 16-bit or 32-bit destination Effect on 8-Bit Immediate Data None None Effect on 16- or 32-Bit Immediate Data

B-3

INSTRUCTION FORMATS AND ENCODINGS

B.1.4.

Segment Register Field (sreg)

When an instruction operates on a segment register, the reg field in the ModR/M byte is called the sreg field and is used to specify the segment register. Table B-6 shows the encoding of the sreg field. This field is sometimes a 2-bit field (sreg2) and other times a 3-bit field (sreg3).
Table B-6. Encoding of the Segment Register (sreg) Field
2-Bit sreg2 Field 00 01 10 11 Segment Register Selected ES CS SS DS 3-Bit sreg3 Field 000 001 010 011 100 101 110 111 * Do not use reserved encodings. Segment Register Selected ES CS SS DS FS GS Reserved* Reserved*

B.1.5.

Special-Purpose Register (eee) Field

When the control or debug registers are referenced in an instruction they are encoded in the eee field, which is located in bits 5, 4, and 3 of the ModR/M byte. Table B-7 shows the encoding of the eee field.
Table B-7. Encoding of Special-Purpose Register (eee) Field
eee 000 001 010 011 100 101 110 111 * Do not use reserved encodings. Control Register CR0 Reserved* CR2 CR3 CR4 Reserved* Reserved* Reserved* Debug Register DR0 DR1 DR2 DR3 Reserved* Reserved* DR6 DR7

B-4

INSTRUCTION FORMATS AND ENCODINGS

B.1.6.

Condition Test Field (tttn)

For conditional instructions (such as conditional jumps and set on condition), the condition test field (tttn) is encoded for the condition being tested for. The ttt part of the field gives the condition to test and the n part indicates whether to use the condition (n = 0) or its negation (n = 1). For 1-byte primary opcodes, the tttn field is located in bits 3,2,1, and 0 of the opcode byte; for 2-byte primary opcodes, the tttn field is located in bits 3,2,1, and 0 of the second opcode byte. Table B-8 shows the encoding of the tttn field.
Table B-8. Encoding of Conditional Test (tttn) Field
tttn 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 O NO B, NAE NB, AE E, Z NE, NZ BE, NA NBE, A S NS P, PE NP, PO L, NGE NL, GE LE, NG NLE, G Mnemonic Overflow No overflow Below, Not above or equal Not below, Above or equal Equal, Zero Not equal, Not zero Below or equal, Not above Not below or equal, Above Sign Not sign Parity, Parity Even Not parity, Parity Odd Less than, Not greater than or equal to Not less than, Greater than or equal to Less than or equal to, Not greater than Not less than or equal to, Greater than Condition

B.1.7.

Direction (d) Bit

In many two-operand instructions, a direction bit (d) indicates which operand is considered the source and which is the destination. Table B-9 shows the encoding of the d bit. When used for integer instructions, the d bit is located at bit 1 of a 1-byte primary opcode. This bit does not appear as the symbol d in Table B-10; instead, the actual encoding of the bit as 1 or 0 is given. When used for floating-point instructions (in Table B-23), the d bit is shown as bit 2 of the first byte of the primary opcode.

B-5

INSTRUCTION FORMATS AND ENCODINGS

Table B-9. Encoding of Operation Direction (d) Bit

d 0 1 reg Field ModR/M or SIB Byte Source Destination ModR/M or SIB Byte reg Field

B.2. INTEGER INSTRUCTION FORMATS AND ENCODINGS

Table B-10 shows the formats and encodings of the integer instructions.
Table B-10. Integer Instruction Formats and Encodings
Instruction and Format AAA ASCII Adjust after Addition AAD ASCII Adjust AX before Division AAM ASCII Adjust AX after Multiply AAS ASCII Adjust AL after Subtraction ADC ADD with Carry register1 to register2 register2 to register1 memory to register register to memory immediate to register immediate to AL, AX, or EAX immediate to memory ADD Add register1 to register2 register2 to register1 memory to register register to memory immediate to register immediate to AL, AX, or EAX immediate to memory 0000 000w : 11 reg1 reg2 0000 001w : 11 reg1 reg2 0000 001w : mod reg r/m 0000 000w : mod reg r/m 1000 00sw : 11 000 reg : immediate data 0000 010w : immediate data 1000 00sw : mod 000 r/m : immediate data 0001 000w : 11 reg1 reg2 0001 001w : 11 reg1 reg2 0001 001w : mod reg r/m 0001 000w : mod reg r/m 1000 00sw : 11 010 reg : immediate data 0001 010w : immediate data 1000 00sw : mod 010 r/m : immediate data 0011 0111 1101 0101 : 0000 1010 1101 0100 : 0000 1010 0011 1111 Encoding

B-6

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format AND Logical AND register1 to register2 register2 to register1 memory to register register to memory immediate to register immediate to AL, AX, or EAX immediate to memory ARPL Adjust RPL Field of Selector from register from memory BOUND Check Array Against Bounds BSF Bit Scan Forward
register1, register2

Encoding

0010 000w : 11 reg1 reg2 0010 001w : 11 reg1 reg2 0010 001w : mod reg r/m 0010 000w : mod reg r/m

0010 010w : immediate data 1000 00sw : mod 100 r/m : immediate data

0110 0011 : 11 reg1 reg2 0110 0011 : mod reg r/m 0110 0010 : mod reg r/m

0000 1111 : 1011 1100 : 11 reg2 reg1 0000 1111 : 1011 1100 : mod reg r/m

memory, register BSR Bit Scan Reverse register1, register2 memory, register BSWAP Byte Swap BT Bit Test register, immediate memory, immediate register1, register2 memory, reg BTC Bit Test and Complement register, immediate memory, immediate register1, register2 memory, reg BTR Bit Test and Reset register, immediate memory, immediate register1, register2 memory, reg

0000 1111 : 1011 1101 : 11 reg2 reg1 0000 1111 : 1011 1101 : mod reg r/m 0000 1111 : 1100 1 reg

0000 1111 : 1011 1010 : 11 100 reg: imm8 data 0000 1111 : 1011 1010 : mod 100 r/m : imm8 data 0000 1111 : 1010 0011 : 11 reg2 reg1 0000 1111 : 1010 0011 : mod reg r/m

0000 1111 : 1011 1010 : 11 111 reg: imm8 data 0000 1111 : 1011 1010 : mod 111 r/m : imm8 data 0000 1111 : 1011 1011 : 11 reg2 reg1 0000 1111 : 1011 1011 : mod reg r/m

0000 1111 : 1011 1010 : 11 110 reg: imm8 data 0000 1111 : 1011 1010 : mod 110 r/m : imm8 data 0000 1111 : 1011 0011 : 11 reg2 reg1 0000 1111 : 1011 0011 : mod reg r/m

B-7

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format BTS Bit Test and Set register, immediate memory, immediate register1, register2 memory, reg CALL Call Procedure (in same segment) direct register indirect memory indirect CALL Call Procedure (in other segment) direct indirect CBW Convert Byte to Word CDQ Convert Doubleword to Qword CLC Clear Carry Flag CLD Clear Direction Flag CLI Clear Interrupt Flag CLTS Clear Task-Switched Flag in CR0 CMC Complement Carry Flag CMOVcc Conditional Move register2 to register1 memory to register CMP Compare Two Operands register1 with register2 register2 with register1 memory with register register with memory immediate with register immediate with AL, AX, or EAX immediate with memory CMPS/CMPSB/CMPSW/CMPSD Compare String Operands CMPXCHG Compare and Exchange register1, register2 memory, register 0000 1111 : 1011 000w : 11 reg2 reg1 0000 1111 : 1011 000w : mod reg r/m 0011 100w : 11 reg1 reg2 0011 101w : 11 reg1 reg2 0011 100w : mod reg r/m 0011 101w : mod reg r/m 1000 00sw : 11 111 reg : immediate data 0011 110w : immediate data 1000 00sw : mod 111 r/m 1010 011w 0000 1111: 0100 tttn : 11 reg1 reg2 0000 1111: 0100 tttn : mod mem r/m 1001 1010 : unsigned full offset, selector 1111 1111 : mod 011 r/m 1001 1000 1001 1001 1111 1000 1111 1100 1111 1010 0000 1111 : 0000 0110 1111 0101 1110 1000 : full displacement 1111 1111 : 11 010 reg 1111 1111 : mod 010 r/m 0000 1111 : 1011 1010 : 11 101 reg: imm8 data 0000 1111 : 1011 1010 : mod 101 r/m : imm8 data 0000 1111 : 1010 1011 : 11 reg2 reg1 0000 1111 : 1010 1011 : mod reg r/m Encoding

B-8

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format CMPXCHG8B Compare and Exchange 8 Bytes memory, register CPUID CPU Identification CWD Convert Word to Doubleword CWDE Convert Word to Doubleword DAA Decimal Adjust AL after Addition DAS Decimal Adjust AL after Subtraction DEC Decrement by 1 register register (alternate encoding) memory DIV Unsigned Divide AL, AX, or EAX by register AL, AX, or EAX by memory ENTER Make Stack Frame for High Level Procedure HLT Halt IDIV Signed Divide AL, AX, or EAX by register AL, AX, or EAX by memory IMUL Signed Multiply AL, AX, or EAX with register AL, AX, or EAX with memory register1 with register2 register with memory register1 with immediate to register2 memory with immediate to register IN Input From Port fixed port variable port INC Increment by 1 reg reg (alternate encoding) memory INS Input from DX Port 1111 111w : 11 000 reg 0100 0 reg 1111 111w : mod 000 r/m 0110 110w 1110 010w : port number 1110 110w 1111 011w : 11 101 reg 1111 011w : mod 101 reg 0000 1111 : 1010 1111 : 11 : reg1 reg2 0000 1111 : 1010 1111 : mod reg r/m 0110 10s1 : 11 reg1 reg2 : immediate data 0110 10s1 : mod reg r/m : immediate data 1111 011w : 11 111 reg 1111 011w : mod 111 r/m 1111 011w : 11 110 reg 1111 011w : mod 110 r/m 1100 1000 : 16-bit displacement : 8-bit level (L) 1111 0100 1111 111w : 11 001 reg 0100 1 reg 1111 111w : mod 001 r/m 0000 1111 : 1100 0111 : mod reg r/m 0000 1111 : 1010 0010 1001 1001 1001 1000 0010 0111 0010 1111 Encoding

B-9

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format INT n Interrupt Type n INT Single-Step Interrupt 3 INTO Interrupt 4 on Overflow INVD Invalidate Cache INVLPG Invalidate TLB Entry IRET/IRETD Interrupt Return Jcc Jump if Condition is Met 8-bit displacement full displacement JCXZ/JECXZ Jump on CX/ECX Zero Address-size prefix differentiates JCXZ and JECXZ JMP Unconditional Jump (to same segment) short direct register indirect memory indirect JMP Unconditional Jump (to other segment) direct intersegment indirect intersegment LAHF Load Flags into AHRegister LAR Load Access Rights Byte from register from memory LDS Load Pointer to DS LEA Load Effective Address LEAVE High Level Procedure Exit LES Load Pointer to ES LFS Load Pointer to FS LGDT Load Global Descriptor Table Register LGS Load Pointer to GS LIDT Load Interrupt Descriptor Table Register LLDT Load Local Descriptor Table Register LDTR from register LDTR from memory 0000 1111 : 0000 0000 : 11 010 reg 0000 1111 : 0000 0000 : mod 010 r/m 0000 1111 : 0000 0010 : 11 reg1 reg2 0000 1111 : 0000 0010 : mod reg r/m 1100 0101 : mod reg r/m 1000 1101 : mod reg r/m 1100 1001 1100 0100 : mod reg r/m 0000 1111 : 1011 0100 : mod reg r/m 0000 1111 : 0000 0001 : mod 010 r/m 0000 1111 : 1011 0101 : mod reg r/m 1110 1010 : unsigned full offset, selector 1111 1111 : mod 101 r/m 1001 1111 1110 1011 : 8-bit displacement 1110 1001 : full displacement 1111 1111 : 11 100 reg 1111 1111 : mod 100 r/m 0111 tttn : 8-bit displacement 0000 1111 : 1000 tttn : full displacement 1110 0011 : 8-bit displacement 1100 1101 : type 1100 1100 1100 1110 0000 1111 : 0000 1000 0000 1111 : 0000 0001 : mod 111 r/m 1100 1111 Encoding

B-10

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format LMSW Load Machine Status Word from register from memory LOCK Assert LOCK# Signal Prefix LODS/LODSB/LODSW/LODSD Load String Operand LOOP Loop Count LOOPZ/LOOPE Loop Count while Zero/Equal LOOPNZ/LOOPNE Loop Count while not Zero/Equal LSL Load Segment Limit from register from memory LSS Load Pointer to SS LTR Load Task Register from register from memory MOV Move Data register1 to register2 register2 to register1 memory to reg reg to memory immediate to register immediate to register (alternate encoding) immediate to memory memory to AL, AX, or EAX AL, AX, or EAX to memory MOV Move to/from Control Registers CR0 from register CR2 from register CR3 from register CR4 from register register from CR0-CR4 0000 1111 : 0010 0010 : 11 000 reg 0000 1111 : 0010 0010 : 11 010reg 0000 1111 : 0010 0010 : 11 011 reg 0000 1111 : 0010 0010 : 11 100 reg 0000 1111 : 0010 0000 : 11 eee reg 1000 100w : 11 reg1 reg2 1000 101w : 11 reg1 reg2 1000 101w : mod reg r/m 1000 100w : mod reg r/m 1100 011w : 11 000 reg : immediate data 1011 w reg : immediate data 1100 011w : mod 000 r/m : immediate data 1010 000w : full displacement 1010 001w : full displacement 0000 1111 : 0000 0000 : 11 011 reg 0000 1111 : 0000 0000 : mod 011 r/m 0000 1111 : 0000 0011 : 11 reg1 reg2 0000 1111 : 0000 0011 : mod reg r/m 0000 1111 : 1011 0010 : mod reg r/m 0000 1111 : 0000 0001 : 11 110 reg 0000 1111 : 0000 0001 : mod 110 r/m 1111 0000 1010 110w 1110 0010 : 8-bit displacement 1110 0001 : 8-bit displacement 1110 0000 : 8-bit displacement Encoding

B-11

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format MOV Move to/from Debug Registers DR0-DR3 from register DR4-DR5 from register DR6-DR7 from register register from DR6-DR7 register from DR4-DR5 register from DR0-DR3 MOV Move to/from Segment Registers register to segment register register to SS memory to segment reg memory to SS segment register to register segment register to memory MOVS/MOVSB/MOVSW/MOVSD Move Data from String to String MOVSX Move with Sign-Extend register2 to register1 memory to reg MOVZX Move with Zero-Extend register2 to register1 memory to register MUL Unsigned Multiply AL, AX, or EAX with register AL, AX, or EAX with memory NEG Two's Complement Negation register memory NOP No Operation NOT One's Complement Negation register memory 1111 011w : 11 010 reg 1111 011w : mod 010 r/m 1111 011w : 11 011 reg 1111 011w : mod 011 r/m 1001 0000 1111 011w : 11 100 reg 1111 011w : mod 100 reg 0000 1111 : 1011 011w : 11 reg1 reg2 0000 1111 : 1011 011w : mod reg r/m 0000 1111 : 1011 111w : 11 reg1 reg2 0000 1111 : 1011 111w : mod reg r/m 1000 1110 : 11 sreg3 reg 1000 1110 : 11 sreg3 reg 1000 1110 : mod sreg3 r/m 1000 1110 : mod sreg3 r/m 1000 1100 : 11 sreg3 reg 1000 1100 : mod sreg3 r/m 1010 010w 0000 1111 : 0010 0011 : 11 eee reg 0000 1111 : 0010 0011 : 11 eee reg 0000 1111 : 0010 0011 : 11 eee reg 0000 1111 : 0010 0001 : 11 eee reg 0000 1111 : 0010 0001 : 11 eee reg 0000 1111 : 0010 0001 : 11 eee reg Encoding

B-12

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format OR Logical Inclusive OR register1 to register2 register2 to register1 memory to register register to memory immediate to register immediate to AL, AX, or EAX immediate to memory OUT Output to Port fixed port variable port OUTS Output to DX Port POP Pop a Word from the Stack register register (alternate encoding) memory POP Pop a Segment Register from the Stack segment register CS, DS, ES segment register SS segment register FS, GS POPA/POPAD Pop All General Registers POPF/POPFD Pop Stack into FLAGS or EFLAGS Register PUSH Push Operand onto the Stack register register (alternate encoding) memory immediate PUSH Push Segment Register onto the Stack segment register CS,DS,ES,SS segment register FS,GS PUSHA/PUSHAD Push All General Registers PUSHF/PUSHFD Push Flags Register onto the Stack 000 sreg2 110 0000 1111: 10 sreg3 000 0110 0000 1001 1100 1111 1111 : 11 110 reg 0101 0 reg 1111 1111 : mod 110 r/m 0110 10s0 : immediate data 000 sreg2 111 000 sreg2 111 0000 1111: 10 sreg3 001 0110 0001 1001 1101 1000 1111 : 11 000 reg 0101 1 reg 1000 1111 : mod 000 r/m 1110 011w : port number 1110 111w 0110 111w 0000 100w : 11 reg1 reg2 0000 101w : 11 reg1 reg2 0000 101w : mod reg r/m 0000 100w : mod reg r/m 1000 00sw : 11 001 reg : immediate data 0000 110w : immediate data 1000 00sw : mod 001 r/m : immediate data Encoding

B-13

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format RCL Rotate thru Carry Left register by 1 memory by 1 register by CL memory by CL register by immediate count memory by immediate count RCR Rotate thru Carry Right register by 1 memory by 1 register by CL memory by CL register by immediate count memory by immediate count RDMSR Read from Model-Specific Register RDPMC Read Performance Monitoring Counters RDTSC Read Time-Stamp Counter REP INS Input String REP LODS Load String REP MOVS Move String REP OUTS Output String REP STOS Store String REPE CMPS Compare String REPE SCAS Scan String REPNE CMPS Compare String REPNE SCAS Scan String RET Return from Procedure (to same segment) no argument adding immediate to SP RET Return from Procedure (to other segment) intersegment adding immediate to SP 1100 1011 1100 1010 : 16-bit displacement 1100 0011 1100 0010 : 16-bit displacement 1101 000w : 11 011 reg 1101 000w : mod 011 r/m 1101 001w : 11 011 reg 1101 001w : mod 011 r/m 1100 000w : 11 011 reg : imm8 data 1100 000w : mod 011 r/m : imm8 data 0000 1111 : 0011 0010 0000 1111 : 0011 0011 0000 1111 : 0011 0001 1111 0011 : 0110 110w 1111 0011 : 1010 110w 1111 0011 : 1010 010w 1111 0011 : 0110 111w 1111 0011 : 1010 101w 1111 0011 : 1010 011w 1111 0011 : 1010 111w 1111 0010 : 1010 011w 1111 0010 : 1010 111w 1101 000w : 11 010 reg 1101 000w : mod 010 r/m 1101 001w : 11 010 reg 1101 001w : mod 010 r/m 1100 000w : 11 010 reg : imm8 data 1100 000w : mod 010 r/m : imm8 data Encoding

B-14

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format ROL Rotate Left register by 1 memory by 1 register by CL memory by CL register by immediate count memory by immediate count ROR Rotate Right register by 1 memory by 1 register by CL memory by CL register by immediate count memory by immediate count RSM Resume from System Management Mode SAHF Store AH into Flags SAL Shift Arithmetic Left SAR Shift Arithmetic Right register by 1 memory by 1 register by CL memory by CL register by immediate count memory by immediate count SBB Integer Subtraction with Borrow register1 to register2 register2 to register1 memory to register register to memory immediate to register immediate to AL, AX, or EAX immediate to memory SCAS/SCASB/SCASW/SCASD Scan String 0001 100w : 11 reg1 reg2 0001 101w : 11 reg1 reg2 0001 101w : mod reg r/m 0001 100w : mod reg r/m 1000 00sw : 11 011 reg : immediate data 0001 110w : immediate data 1000 00sw : mod 011 r/m : immediate data 1101 111w 1101 000w : 11 111 reg 1101 000w : mod 111 r/m 1101 001w : 11 111 reg 1101 001w : mod 111 r/m 1100 000w : 11 111 reg : imm8 data 1100 000w : mod 111 r/m : imm8 data 1101 000w : 11 001 reg 1101 000w : mod 001 r/m 1101 001w : 11 001 reg 1101 001w : mod 001 r/m 1100 000w : 11 001 reg : imm8 data 1100 000w : mod 001 r/m : imm8 data 0000 1111 : 1010 1010 1001 1110 same instruction as SHL 1101 000w : 11 000 reg 1101 000w : mod 000 r/m 1101 001w : 11 000 reg 1101 001w : mod 000 r/m 1100 000w : 11 000 reg : imm8 data 1100 000w : mod 000 r/m : imm8 data Encoding

B-15

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format SETcc Byte Set on Condition register memory SGDT Store Global Descriptor Table Register SHL Shift Left register by 1 memory by 1 register by CL memory by CL register by immediate count memory by immediate count SHLD Double Precision Shift Left register by immediate count memory by immediate count register by CL memory by CL SHR Shift Right register by 1 memory by 1 register by CL memory by CL register by immediate count memory by immediate count SHRD Double Precision Shift Right register by immediate count memory by immediate count register by CL memory by CL SIDT Store Interrupt Descriptor Table Register SLDT Store Local Descriptor Table Register to register to memory 0000 1111 : 0000 0000 : 11 000 reg 0000 1111 : 0000 0000 : mod 000 r/m 0000 1111 : 1010 1100 : 11 reg2 reg1 : imm8 0000 1111 : 1010 1100 : mod reg r/m : imm8 0000 1111 : 1010 1101 : 11 reg2 reg1 0000 1111 : 1010 1101 : mod reg r/m 0000 1111 : 0000 0001 : mod 001 r/m 1101 000w : 11 101 reg 1101 000w : mod 101 r/m 1101 001w : 11 101 reg 1101 001w : mod 101 r/m 1100 000w : 11 101 reg : imm8 data 1100 000w : mod 101 r/m : imm8 data 0000 1111 : 1010 0100 : 11 reg2 reg1 : imm8 0000 1111 : 1010 0100 : mod reg r/m : imm8 0000 1111 : 1010 0101 : 11 reg2 reg1 0000 1111 : 1010 0101 : mod reg r/m 1101 000w : 11 100 reg 1101 000w : mod 100 r/m 1101 001w : 11 100 reg 1101 001w : mod 100 r/m 1100 000w : 11 100 reg : imm8 data 1100 000w : mod 100 r/m : imm8 data 0000 1111 : 1001 tttn : 11 000 reg 0000 1111 : 1001 tttn : mod 000 r/m 0000 1111 : 0000 0001 : mod 000 r/m Encoding

B-16

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format SMSW Store Machine Status Word to register to memory STC Set Carry Flag STD Set Direction Flag STI Set Interrupt Flag 0000 1111 : 0000 0001 : 11 100 reg 0000 1111 : 0000 0001 : mod 100 r/m 1111 1001 1111 1101 1111 1011 Encoding

STOS/STOSB/STOSW/STOSD Store String Data 1010 101w STR Store Task Register to register to memory SUB Integer Subtraction register1 to register2 register2 to register1 memory to register register to memory immediate to register immediate to AL, AX, or EAX immediate to memory TEST Logical Compare register1 and register2 memory and register immediate and register immediate and AL, AX, or EAX immediate and memory UD2 Undefined instruction VERR Verify a Segment for Reading register memory VERW Verify a Segment for Writing register memory WAIT Wait WBINVD Writeback and Invalidate Data Cache WRMSR Write to Model-Specific Register 0000 1111 : 0000 0000 : 11 101 reg 0000 1111 : 0000 0000 : mod 101 r/m 1001 1011 0000 1111 : 0000 1001 0000 1111 : 0011 0000 0000 1111 : 0000 0000 : 11 100 reg 0000 1111 : 0000 0000 : mod 100 r/m 1000 010w : 11 reg1 reg2 1000 010w : mod reg r/m 1111 011w : 11 000 reg : immediate data 1010 100w : immediate data 1111 011w : mod 000 r/m : immediate data 0000 FFFF : 0000 1011 0010 100w : 11 reg1 reg2 0010 101w : 11 reg1 reg2 0010 101w : mod reg r/m 0010 100w : mod reg r/m 1000 00sw : 11 101 reg : immediate data 0010 110w : immediate data 1000 00sw : mod 101 r/m : immediate data 0000 1111 : 0000 0000 : 11 001 reg 0000 1111 : 0000 0000 : mod 001 r/m

B-17

INSTRUCTION FORMATS AND ENCODINGS

Table B-10. Integer Instruction Formats and Encodings (Contd.)

Instruction and Format XADD Exchange and Add register1, register2 memory, reg XCHG Exchange Register/Memory with Register register1 with register2 AL, AX, or EAX with reg memory with reg XLAT/XLATB Table Look-up Translation XOR Logical Exclusive OR register1 to register2 register2 to register1 memory to register register to memory immediate to register immediate to AL, AX, or EAX immediate to memory Prefix Bytes address size LOCK operand size CS segment override DS segment override ES segment override FS segment override GS segment override SS segment override 0110 0111 1111 0000 0110 0110 0010 1110 0011 1110 0010 0110 0110 0100 0110 0101 0011 0110 0011 000w : 11 reg1 reg2 0011 001w : 11 reg1 reg2 0011 001w : mod reg r/m 0011 000w : mod reg r/m 1000 00sw : 11 110 reg : immediate data 0011 010w : immediate data 1000 00sw : mod 110 r/m : immediate data 1000 011w : 11 reg1 reg2 1001 0 reg 1000 011w : mod reg r/m 1101 0111 0000 1111 : 1100 000w : 11 reg2 reg1 0000 1111 : 1100 000w : mod reg r/m Encoding

B-18

INSTRUCTION FORMATS AND ENCODINGS

B.3. MMX INSTRUCTION FORMATS AND ENCODINGS

All MMX instructions, except the EMMS instruction, use the a format similar to the 2-byte Intel Architecture integer format. Details of subfield encodings within these formats are presented below. For information relating to the use of prefixes with MMX instructions, and the effects of these prefixes, see Section B.4.1. and Section 2.2., Instruction Prefixes in Chapter 2, Instruction Format.

B.3.1.

Granularity Field (gg)

The granularity field (gg) indicates the size of the packed operands that the instruction is operating on. When this field is used, it is located in bits 1 and 0 of the second opcode byte. Table B-11 shows the encoding of this gg field.
Table B-11. Encoding of Granularity of Data Field (gg)
gg 00 01 10 11 Granularity of Data Packed Bytes Packed Words Packed Doublewords Quadword

B.3.2.

MMX and General-Purpose Register Fields (mmxreg and reg)

When MMX technology registers (mmxreg) are used as operands, they are encoded in the ModR/M byte in the reg field (bits 5, 4, and 3) and/or the R/M field (bits 2, 1, and 0). Table B12 shows the 3-bit encodings used for mmxreg fields.
Table B-12. Encoding of the MMX Register Field (mmxreg)
mmxreg Field Encoding 000 001 010 011 100 101 110 111 MMX Register MM0 MM1 MM2 MM3 MM4 MM5 MM6 MM7

B-19

INSTRUCTION FORMATS AND ENCODINGS

If an MMX instruction operates on a general-purpose register (reg), the register is encoded in the R/M field of the ModR/M byte. Table B-13 shows the encoding of general-purpose registers when used in MMX instructions.
Table B-13. Encoding of the General-Purpose Register Field (reg) When Used in MMX Instructions.
reg Field Encoding 000 001 010 011 100 101 110 111 Register Selected EAX ECX EDX EBX ESP EBP ESI EDI

B.3.3.

MMX Instruction Formats and Encodings Table

Table B-14 shows the formats and encodings for MMX instructions for the data types supportedpacked byte (B), packed word (W), packed doubleword (D), and quadword (Q). Figure B-2 describes the nomenclature used in columns (3 through 6) of the table.
Code Y N O I n/a Meaning Supported Not supported Output Input Not Applicable

Figure B-2. Key to Codes for MMX Data Type Cross-Reference

B-20

INSTRUCTION FORMATS AND ENCODINGS

Table B-14. MMX Instruction Formats and Encodings

Instruction and Format EMMS - Empty MMX state MOVD - Move doubleword reg to mmreg reg from mmxreg mem to mmxreg mem from mmxreg MOVQ - Move quadword mmxreg2 to mmxreg1 mmxreg2 from mmxreg1 mem to mmxreg mem from mmxreg - Pack dword to word data (signed with saturation) mmxreg2 to mmxreg1 memory to mmxreg Pack word to byte data (signed with saturation) mmxreg2 to mmxreg1 memory to mmxreg PACKUSWB1 - Pack word to byte data (unsigned with saturation) mmxreg2 to mmxreg1 memory to mmxreg PADD - Add with wrap-around mmxreg2 to mmxreg1 memory to mmxreg PADDS - Add signed with saturation mmxreg2 to mmxreg1 memory to mmxreg 0000 1111: 111011gg: 11 mmxreg1 mmxreg2 0000 1111: 111011gg: mod mmxreg r/m 0000 1111: 111111gg: 11 mmxreg1 mmxreg2 0000 1111: 111111gg: mod mmxreg r/m Y Y N N 0000 1111:01100111: 11 mmxreg1 mmxreg2 0000 1111:01100111: mod mmxreg r/m Y Y Y N 0000 1111:01100011: 11 mmxreg1 mmxreg2 0000 1111:01100011: mod mmxreg r/m O I n/a n/a PACKSSWB1 0000 1111:01101011: 11 mmxreg1 mmxreg2 0000 1111:01101011: mod mmxreg r/m O I n/a n/a PACKSSDW1 0000 1111:01101111: 11 mmxreg1 mmxreg2 0000 1111:01111111: 11 mmxreg1 mmxreg2 0000 1111:01101111: mod mmxreg r/m 0000 1111:01111111: mod mmxreg r/m n/a O I n/a 0000 1111:01101110: 11 mmxreg reg 0000 1111:01111110: 11 mmxreg reg 0000 1111:01101110: mod mmxreg r/m 0000 1111:01111110: mod mmxreg r/m N N N Y Encoding 0000 1111:01110111 B n/a N W n/a N D n/a Y Q n/a N

B-21

INSTRUCTION FORMATS AND ENCODINGS

Table B-14. MMX Instruction Formats and Encodings (Contd.)

Instruction and Format PADDUS - Add unsigned with saturation mmxreg2 to mmxreg1 memory to mmxreg PAND - Bitwise And mmxreg2 to mmxreg1 memory to mmxreg PANDN - Bitwise AndNot mmxreg2 to mmxreg1 memory to mmxreg PCMPEQ - Packed compare for equality mmxreg1 with mmxreg2 mmxreg with memory PCMPGT - Packed compare greater (signed) mmxreg1 with mmxreg2 mmxreg with memory PMADD - Packed multiply add mmxreg2 to mmxreg1 memory to mmxreg PMULH - Packed multiplication mmxreg2 to mmxreg1 memory to mmxreg PMULL - Packed multiplication mmxreg2 to mmxreg1 memory to mmxreg POR - Bitwise Or mmxreg2 to mmxreg1 memory to mmxreg 0000 1111:11101011: 11 mmxreg1 mmxreg2 0000 1111:11101011: mod mmxreg r/m 0000 1111:11010101: 11 mmxreg1 mmxreg2 0000 1111:11010101: mod mmxreg r/m N N N Y 0000 1111:11100101: 11 mmxreg1 mmxreg2 0000 1111:11100101: mod mmxreg r/m N Y N N 0000 1111:11110101: 11 mmxreg1 mmxreg2 0000 1111:11110101: mod mmxreg r/m N Y N N 0000 1111:011001gg: 11 mmxreg1 mmxreg2 0000 1111:011001gg: mod mmxreg r/m n/a I O n/a 0000 1111:011101gg: 11 mmxreg1 mmxreg2 0000 1111:011101gg: mod mmxreg r/m Y Y Y N 0000 1111:11011111: 11 mmxreg1 mmxreg2 0000 1111:11011111: mod mmxreg r/m Y Y Y N 0000 1111:11011011: 11 mmxreg1 mmxreg2 0000 1111:11011011: mod mmxreg r/m N N N Y 0000 1111: 110111gg: 11 mmxreg1 mmxreg2 0000 1111: 110111gg: mod mmxreg r/m N N N Y Encoding B Y W Y D N Q N

B-22

INSTRUCTION FORMATS AND ENCODINGS

Table B-14. MMX Instruction Formats and Encodings (Contd.)

Instruction and Format PSLL - Packed shift left logical mmxreg1 by mmxreg2 mmxreg by memory mmxreg by immediate PSRA2 - Packed shift right arithmetic mmxreg1 by mmxreg2 mmxreg by memory mmxreg by immediate PSRL2 - Packed shift right logical mmxreg1 by mmxreg2 mmxreg by memory mmxreg by immediate PSUB - Subtract with wraparound mmxreg2 from mmxreg1 memory from mmxreg PSUBS - Subtract signed with saturation mmxreg2 from mmxreg1 memory from mmxreg PSUBUS - Subtract unsigned with saturation mmxreg2 from mmxreg1 memory from mmxreg PUNPCKH - Unpack high data to next larger type mmxreg2 to mmxreg1 memory to mmxreg 0000 1111:011010gg: 11 mmxreg1 mmxreg2 0000 1111:011010gg: mod mmxreg r/m 0000 1111:110110gg: 11 mmxreg1 mmxreg2 0000 1111:110110gg: mod mmxreg r/m Y Y Y N 0000 1111:111010gg: 11 mmxreg1 mmxreg2 0000 1111:111010gg: mod mmxreg r/m Y Y N N 0000 1111:111110gg: 11 mmxreg1 mmxreg2 0000 1111:111110gg: mod mmxreg r/m Y Y N N 0000 1111:110100gg: 11 mmxreg1 mmxreg2 0000 1111:110100gg: mod mmxreg r/m 0000 1111:011100gg: 11 010 mmxreg: imm8 data Y Y Y N 0000 1111:111000gg: 11 mmxreg1 mmxreg2 0000 1111:111000gg: mod mmxreg r/m 0000 1111:011100gg: 11 100 mmxreg: imm8 data N Y Y Y 0000 1111:111100gg: 11 mmxreg1 mmxreg2 0000 1111:111100gg: mod mmxreg r/m 0000 1111:011100gg: 11 110 mmxreg: imm8 data N Y Y N
2

Encoding

B N

W Y

D Y

Q Y

B-23

INSTRUCTION FORMATS AND ENCODINGS

Table B-14. MMX Instruction Formats and Encodings (Contd.)

Instruction and Format PUNPCKL - Unpack low data to next larger type mmxreg2 to mmxreg1 memory to mmxreg PXOR - Bitwise Xor mmxreg2 to mmxreg1 memory to mmxreg NOTES: 1. The pack instructions perform saturation from signed packed data of one type to signed or unsigned data of the next smaller type. 2. The format of the shift instructions has one additional format to support shifting by immediate shiftcounts. The shift operations are not supported equally for all data types. 0000 1111:11101111: 11 mmxreg1 mmxreg2 0000 1111:11101111: mod mmxreg r/m 0000 1111:011000gg: 11 mmxreg1 mmxreg2 0000 1111:011000gg: mod mmxreg r/m N N N Y Encoding B Y W Y D Y Q N

B.4. STREAMING SIMD EXTENSION FORMATS AND ENCODINGS TABLE

The nature of the Streaming SIMD Extensions allows the use of existing instruction formats. Instructions use the ModR/M format and are preceded by the 0F prefix byte. In general, operations are not duplicated to provide two directions (i.e., separate load and store variants).

B.4.1.

Instruction Prefixes

The Streaming SIMD Extensions use prefixes as specified in Table B-15, Table B-16, and Table B-17. The effect of redundant prefixes (more than one prefix from a group) is undefined and may vary from processor to processor. Applying a prefix, in a manner not defined in this document, is considered reserved behavior. For example, Table B-15 shows general behavior for most Streaming SIMD Extensions; however, the application of a prefix (Repeat, Repeat NE, Operand Size) is reserved for the following instructions: ANDPS, ANDNPS, COMISS, FXRSTOR, FXSAVE, ORPS, LDMXCSR, MOVAPS, MOVHPS, MOVLPS, MOVMSKPS, MOVNTPS, MOVUPS, SHUFPS, STMXCSR, UCOMISS, UNPCKHPS, UNPCKLPS, XORPS.

B-24

INSTRUCTION FORMATS AND ENCODINGS

Table B-15. Streaming SIMD Extensions Instruction Behavior with Prefixes

Prefix Type Address Size Prefix (67H) Operand Size (66H) Segment Override (2EH,36H,3EH,26H,64H,65H) Repeat Prefix (F3H) Repeat NE Prefix(F2H) Lock Prefix (0F0H) Effect on Streaming SIMD Extensions Affects Streaming SIMD Extensions with memory operand Ignored by Streaming SIMD Extensions without memory operand. Not supported and may result in undefined behavior. Affects Streaming SIMD Extensions with mem.operand Ignored by Streaming SIMD Extensions without mem operand Affects Streaming SIMD Extensions Not supported and may result in undefined behavior. Generates invalid opcode exception.

Table B-16. SIMD Integer Instructions - Behavior with Prefixes

Prefix Type Address Size Prefix (67H) Operand Size (66H) Segment Override (2EH,36H,3EH,26H,64H,65H) Repeat Prefix (F3H) Repeat NE Prefix(F2H) Lock Prefix (0F0H) Effect on MMX Instructions Affects MMX instructions with mem. operand Ignored by MMX instructions without mem. operand. Reserved and may result in unpredictable behavior. Affects MMX instructions with mem. operand Ignored by MMX instructions without mem operand Reserved and may result in unpredictable behavior. Reserved and may result in unpredictable behavior. Generates invalid opcode exception.

Table B-17. Cacheability Control Instruction Behavior with Prefixes

Prefix Type Address Size Prefix (67H) Operand Size (66H) Effect on Streaming SIMD Extensions Affects cacheability control instruction with a mem. operand Ignored by cacheability control instruction w/o a mem. operand. Ignored by PREFETCH and SFENCE. Not supported and may result in undefined behavior with MOVNTPS. Ignored by MOVNTQ and MASKMOVQ. Affects cacheability control instructions with mem. operand Ignored by cacheability control instruction without mem operand Ignored by PREFETCH and SFENCE instructions. Not supported and may result in undefined behavior with MOVNTPS. Ignored by MOVNTQ and MASKMOVQ. Ignored by PREFETCH and SFENCE instructions. Not supported and may result in undefined behavior with MOVNTPS. Ignored by MOVNTQ and MASKMOVQ. Generates an invalid opcode exception for all cacheability instructions.

Segment Override (2EH,36H,3EH,26H,64H,65H) Repeat Prefix(F3H)

Repeat NE Prefix(F2H)

Lock Prefix (0F0H)

B-25

INSTRUCTION FORMATS AND ENCODINGS

B.4.2.

Notations

Besides opcodes, two kinds of notations are found which both describe information found in the ModR/M byte: /digit: (digit between 0 and 7) Indicates that the instruction uses only the r/m (register and memory) operand. The reg field contains the digit that provides an extension to the instructions opcode. Indicates that the ModR/M byte of an instruction contains both a register operand and an r/m operand.

In addition, the following abbreviations are used: r32 xmm/m128 xmm/m64 xmm/m32 mm/m64 imm8 ib Intel Architecture 32-bit integer register Indicates a 128-bit multimedia register or a 128-bit memory location. Indicates a 128-bit multimedia register or a 64-bit memory location. Indicates a 128-bit multimedia register or a 32-bit memory location. Indicates a 64-bit multimedia register or a 64-bit memory location. Indicates an immediate 8-bit operand. Indicates that an immediate byte operand follows the opcode, ModR/M byte or scaled-indexing byte.

When there is ambiguity, xmm1 indicates the first source operand and xmm2 the second source operand. Table B-18 describes the naming conventions used in the Streaming SIMD Extensions mnemonics.

Table B-18. Key to Streaming SIMD Extensions Naming Convention

Mnemonic PI PS SI SS Description Packed integer qword (e.g., mm0) Packed single FP (e.g., xmm0) Scalar integer (e.g., eax) Scalar single-FP (e.g., low 32 bits of xmm0)

B-26

INSTRUCTION FORMATS AND ENCODINGS

B.4.3.

Formats and Encodings

The following three tables show the formats and encodings for Streaming SIMD Extensions for the data types supportedpacked byte (B), packed word (W), packed doubleword (D), quadword (Q), and double quadword (DQ). Table B-19, Table B-20, and Table B-21 correspond respectively to SIMD floating-point, SIMD-Integer, and Cacheability Register Fields. Figure B-3 describes the nomenclature used in columns (3 through 7) of the table.
Code Y N O I n/a Meaning Supported Not supported Output Input Not Applicable

Figure B-3. Key to Codes for Streaming SIMD Extensions Data Type CrossReference Table B-19. Encoding of the SIMD Floating-Point Register Field
Instruction and Format ADDPS - Packed SingleFP Add xmmreg to xmmreg mem to xmmreg ADDSS - Scalar SingleFP Add xmmreg to xmmreg mem to xmmreg ANDNPS - Bit-wise Logical And Not for Single-FP xmmreg to xmmreg mem to xmmreg ANDPS - Bit-wise Logical And for Single-FP xmmreg to xmmreg mem to xmmreg CMPPS - Packed SingleFP Compare xmmreg to xmmreg, imm8 mem to xmmreg, imm8 00001111:11000010:11 xmmreg1 xmmreg2: imm8 00001111:11000010: mod xmmreg r/m: imm8 00001111:01010100:11 xmmreg1 xmmreg2 00001111:01010100: mod xmmreg r/m n/a n/a n/a n/a Y 00001111:01010101:11 xmmreg1 xmmreg2 00001111:01010101: mod xmmreg r/m n/a n/a n/a n/a Y 11110011:00001111:01011000:11 xmmreg1 xmmreg2 11110011:00001111:01011000: mod xmmreg r/m n/a n/a n/a n/a Y 00001111:01011000:11 xmmreg1 xmmreg2 00001111:01011000: mod xmmreg r/m n/a n/a Y n/a n/a Encoding B n/a W n/a D n/a Q n/a DQ Y

B-27

INSTRUCTION FORMATS AND ENCODINGS

Table B-19. Encoding of the SIMD Floating-Point Register Field

Instruction and Format CMPSS - Scalar SingleFP Compare xmmreg to xmmreg, imm8 mem to xmmreg, imm8 COMISS - Scalar Ordered Single-FP compare and set EFLAGS xmmreg to xmmreg mem to xmmreg CVTPI2PS - Packed signed INT32 to Packed Single-FP conversion mmreg to xmmreg mem to xmmreg CVTPS2PI - Packed Single-FP to Packed INT32 conversion xmmreg to mmreg mem to mmreg CVTSI2SS - Scalar signed INT32 to SingleFP conversion r32 to xmmreg1 mem to xmmreg CVTSS2SI - Scalar Single-FP to signed INT32 conversion xmmreg to r32 mem to r32 CVTTPS2PI - Packed Single-FP to Packed INT32 Conversion (truncate) xmmreg to mmreg mem to mmreg 00001111:00101100:11 mmreg1 xmmreg1 00001111:00101100: mod mmreg r/m 11110011:00001111:00101101:11 r32 xmmreg 11110011:00001111:00101101: mod r32 r/m n/a n/a n/a n/a Y 11110011:00001111:00101010:11 xmmreg r32 11110011:00001111:00101010: mod xmmreg r/m n/a n/a Y n/a n/a 00001111:00101101:11 mmreg1 xmmreg1 00001111:00101101: mod mmreg r/m n/a n/a Y n/a n/a 00001111:00101010:11 xmmreg1 mmreg1 00001111:00101010: mod xmmreg r/m n/a n/a n/a n/a Y 00001111:00101111:11 xmmreg1 xmmreg2 00001111:00101111: mod xmmreg r/m n/a n/a n/a n/a Y 11110011:00001111:11000010:11 xmmreg1 xmmreg2: imm8 11110011:00001111:11000010: mod xmmreg r/m: imm8 n/a n/a Y n/a n/a Encoding B n/a W n/a D Y Q n/a DQ n/a

B-28

INSTRUCTION FORMATS AND ENCODINGS

Table B-19. Encoding of the SIMD Floating-Point Register Field

Instruction and Format CVTTSS2SI - Scalar Single-FP to signed INT32 conversion (truncate) xmmreg to r32 mem to r32 DIVPS - Packed SingleFP Divide xmmreg to xmmreg mem to xmmreg DIVSS - Scalar Single-FP Divide xmmreg to xmmreg mem to xmmreg FXRSTOR - Restore FP/MMX and Streaming SIMD Extensions state FXSAVE - Store FP/MMX and Streaming SIMD Extensions state LDMXCSR - Load Streaming SIMD Extensions Technology Control/Status Register m32 to MXCSR MAXPS - Packed SingleFP Maximum xmmreg to xmmreg mem to xmmreg MAXSS - Scalar SingleFP Maximum xmmreg to xmmreg mem to xmmreg MINPS - Packed SingleFP Minimum xmmreg to xmmreg mem to xmmreg 00001111:01011101:11 xmmreg1 xmmreg2 00001111:01011101: mod xmmreg r/m 11110011:00001111:01011111:11 xmmreg1 xmmreg2 11110011:00001111:01011111: mod xmmreg r/m n/a n/a n/a n/a Y 00001111:01011111:11 xmmreg1 xmmreg2 00001111:01011111: mod xmmreg r/m n/a n/a Y n/a n/a 00001111:10101110:10 m32 n/a n/a n/a n/a Y 11110011:00001111:01011110: mod xmmreg r/m 00001111:10101110:01 m512 n/a n/a n/a n/a n/a 00001111:01011110:11 xmmreg1 xmmreg2 00001111:01011110: mod xmmreg r/m 11110011:00001111:01011110:11 xmmreg1 xmmreg2 n/a n/a Y n/a n/a 11110011:00001111:00101100:11 r32 xmmreg1 11110011:00001111:00101100: mod r32 r/m n/a n/a n/a n/a Y Encoding B n/a W n/a D Y Q n/a DQ n/a

00001111:10101110:00 m512

n/a

B-29

INSTRUCTION FORMATS AND ENCODINGS

Table B-19. Encoding of the SIMD Floating-Point Register Field

Instruction and Format MINSS - Scalar Single-FP Minimum xmmreg to xmmreg mem to xmmreg MOVAPS - Move Aligned Four Packed Single-FP xmmreg2 to xmmreg1 mem to xmmreg1 xmmreg1 to xmmreg2 xmmreg1 to mem MOVHLPS - Move High to Low Packed Single-FP xmmreg to xmmreg MOVHPS - Move High Packed Single-FP mem to xmmreg xmmreg to mem MOVLHPS - Move Low to High Packed Single-FP xmmreg to xmmreg MOVLPS - Move Low Packed Single-FP mem to xmmreg xmmreg to mem MOVMSKPS - Move Mask To Integer xmmreg to r32 MOVSS - Move Scalar Single-FP xmmreg2 to xmmreg1 mem to xmmreg1 xmmreg1 to xmmreg2 xmmreg1 to mem 11110011:00001111:00010000:11 xmmreg2 xmmreg1 11110011:00001111:00010000: mod xmmreg r/m 11110011:00001111:00010000:11 xmmreg1 xmmreg2 11110011:00001111:00010000: mod xmmreg r/m 00001111:01010000:11 r32 xmmreg n/a n/a Y n/a n/a 00001111:00010010: mod xmmreg r/m 00001111:00010011: mod xmmreg r/m n/a n/a n/a n/a Y n/a n/a n/a Y n/a 00001111:00010110:11 xmmreg1 xmmreg2 00001111:00010110: mod xmmreg r/m 00001111:00010111: mod xmmreg r/m n/a n/a n/a Y n/a 00001111:00010010:11 xmmreg1 xmmreg2 n/a n/a n/a Y n/a 00001111:00101000:11 xmmreg2 xmmreg1 00001111:00101000: mod xmmreg r/m 00001111:00101001:11 xmmreg1 xmmreg2 00001111:00101001: mod xmmreg r/m n/a n/a n/a Y n/a 11110011:00001111:01011101:11 xmmreg1 xmmreg2 11110011:00001111:01011101: mod xmmreg r/m n/a n/a n/a n/a Y Encoding B n/a W n/a D Y Q n/a DQ n/a

B-30

INSTRUCTION FORMATS AND ENCODINGS

Table B-19. Encoding of the SIMD Floating-Point Register Field

Instruction and Format MOVUPS - Move Unaligned Four Packed Single-FP xmmreg2 to xmmreg1 mem to xmmreg1 xmmreg1 to xmmreg2 xmmreg1 to mem MULPS - Packed SingleFP Multiply xmmreg to xmmreg mem to xmmreg MULSS - Scalar SingleFP Multiply xmmreg to xmmreg mem to xmmreg ORPS: Bit-wise Logical OR for Single-FP Data xmmreg to xmmreg mem to xmmreg RCPPS - Packed SingleFP Reciprocal xmmreg to xmmreg mem to xmmreg RCPSS - Scalar SingleFP Reciprocal xmmreg to xmmreg mem to xmmreg RSQRTPS - Packed Single-FP Square Root Reciprocal xmmreg to xmmreg mem to xmmreg 00001111:01010010:11 xmmreg1 xmmreg2 00001111:01010010 mode xmmreg r/m 11110011:00001111:01010011:11 xmmreg1 xmmreg2 11110011:00001111:01010011: mod xmmreg r/m n/a n/a n/a n/a Y 00001111:01010011:11 xmmreg1 xmmreg2 00001111:01010011: mod xmmreg r/m n/a n/a Y n/a n/a 00001111:01010110:11 xmmreg1 xmmreg2 00001111:01010110 mod xmmreg r/m n/a n/a n/a n/a Y 11110011:00001111:010111001:11 xmmreg1 xmmreg2 11110011:00001111:010111001: mod xmmreg r/m n/a n/a n/a n/a Y 00001111:01011001:11 xmmreg1 xmmreg2 00001111:01011001: mod xmmreg rm n/a n/a Y n/a n/a 00001111:00010000:11 xmmreg2 xmmreg1 00001111:00010000: mod xmmreg r/m 00001111:00010001:11 xmmreg1 xmmreg2 00001111:00010001: mod xmmreg r/m n/a n/a n/a n/a Y Encoding B n/a W n/a D n/a Q n/a DQ Y

B-31

INSTRUCTION FORMATS AND ENCODINGS

Table B-19. Encoding of the SIMD Floating-Point Register Field

Instruction and Format RSQRTSS - Scalar Single-FP Square Root Reciprocal xmmreg to xmmreg mem to xmmreg SHUFPS - Shuffle SingleFP xmmreg to xmmreg, imm8 mem to xmmreg, imm8 SQRTPS - Packed Single-FP Square Root xmmreg to xmmreg mem to xmmreg SQRTSS - Scalar SingleFP Square Root xmmreg to xmmreg mem to xmmreg STMXCSR - Store Streaming SIMD Extensions Technology Control/Status Register MXCSR to mem SUBPS: Packed SingleFP Subtract xmmreg to xmmreg mem to xmmreg SUBSS: Scalar Single-FP Subtract xmmreg to xmmreg mem to xmmreg UCOMISS: Unordered Scalar Single-FP compare and set EFLAGS xmmreg to xmmreg mem to xmmreg 00001111:00101110:11 xmmreg1 xmmreg2 00001111:00101110 mod xmmreg r/m 11110011:00001111:01011100:11 xmmreg1 xmmreg2 11110011:00001111:01011100 mod xmmreg r/m n/a n/a Y n/a n/a 00001111:01011100:11 xmmreg1 xmmreg2 00001111:01011100 mod xmmreg r/m n/a n/a Y n/a n/a 00001111:10101110:11 m32 n/a n/a n/a n/a Y 01010011:00001111:01010001:11 xmmreg1 xmmreg 2 01010011:00001111:01010001 mod xmmreg r/m n/a n/a Y n/a n/a 00001111:01010001:11 xmmreg1 xmmreg 2 00001111:01010001 mod xmmreg r/m n/a n/a Y n/a n/a 00001111:11000110:11 xmmreg1 xmmreg2: imm8 00001111:11000110: mod xmmreg r/m: imm8 n/a n/a n/a n/a Y 11110011:00001111:01010010:11 xmmreg1 xmmreg2 11110011:00001111:01010010 mod xmmreg r/m n/a n/a n/a n/a Y Encoding B n/a W n/a D Y Q n/a DQ n/a

B-32

INSTRUCTION FORMATS AND ENCODINGS

Table B-19. Encoding of the SIMD Floating-Point Register Field

Instruction and Format UNPCKHPS: Unpack High Packed Single-FP Data xmmreg to xmmreg mem to xmmreg UNPCKLPS: Unpack Low Packed Single-FP Data xmmreg to xmmreg mem to xmmreg XORPS: Bit-wise Logical Xor for Single-FP Data xmmreg to xmmreg mem to xmmreg 00001111:01010111:11 xmmreg1 xmmreg2 00001111:01010111 mod xmmreg r/m 00001111:00010100:11 xmmreg1 xmmreg2 00001111:00010100 mod xmmreg r/m n/a n/a n/a n/a Y 00001111:00010101:11 xmmreg1 xmmreg2 00001111:00010101 mod xmmreg r/m n/a n/a n/a n/a Y Encoding B n/a W n/a D n/a Q n/a DQ Y

B-33

INSTRUCTION FORMATS AND ENCODINGS

Table B-20. Encoding of the SIMD-Integer Register Field

Instruction and Format PAVGB/PAVGW - Packed Average mmreg to mmreg 00001111:11100000:11 mmreg1 mmreg2 00001111:11100011:11 mmreg1 mmreg2 mem to mmreg 00001111:11100000 mod mmreg r/m 00001111:11100011 mod mmreg r/m PEXTRW - Extract Word mmreg to reg32, imm8 PINSRW - Insert Word reg32 to mmreg, imm8 m16 to mmreg, imm8 PMAXSW - Packed Signed Integer Word Maximum mmreg to mmreg mem to mmreg PMAXUB - Packed Unsigned Integer Byte Maximum mmreg to mmreg mem to mmreg PMINSW - Packed Signed Integer Word Minimum mmreg to mmreg mem to mmreg PMINUB - Packed Unsigned Integer Byte Minimum mmreg to mmreg mem to mmreg PMOVMSKB - Move Byte Mask To Integer mmreg to reg32 00001111:11010111:11 mmreg1 r32 00001111:11011010:11 mmreg1 mmreg2 00001111:11011010 mod mmreg r/m O n/a n/a I n/a 00001111:11101010:11 mmreg1 mmreg2 00001111:11101010 mod mmreg r/m Y n/a n/a n/a n/a 00001111:11011110:11 mmreg1 mmreg2 00001111:11011110 mod mmreg r/m n/a Y n/a n/a n/a 00001111:11101110:11 mmreg1 mmreg2 00001111:11101110 mod mmreg r/m Y n/a n/a n/a n/a 00001111:11000100:11 r32 mmreg1: imm8 00001111:11000100 mod mmreg r/m: imm8 n/a Y n/a n/a n/a 00001111:11000101:11 mmreg r32: imm8 n/a Y n/a n/a n/a n/a Y n/a n/a n/a Encoding B Y W Y D n/a Q n/a DQ n/a

B-34

INSTRUCTION FORMATS AND ENCODINGS

Table B-20. Encoding of the SIMD-Integer Register Field

Instruction and Format PMULHUW - Packed Multiply High Unsigned mmreg to mmreg mem to mmreg PSADBW - Packed Sum of Absolute Differences mmreg to mmreg mem to mmreg PSHUFW - Packed Shuffle Word mmreg to mmreg, imm8 mem to mmreg, imm8 00001111:01110000:11 mmreg1 mmreg2: imm8 00001111:01110000:11 mod mmreg r/m: imm8 00001111:11110110:11 mmreg1 mmreg2 00001111:11110110 mod mmreg r/m n/a Y n/a I n/a 00001111:11100100:11 mmreg1 mmreg2 00001111:11100100 mod mmreg r/m I O n/a Y n/a Encoding B n/a W O D n/a Q I DQ n/a

Table B-21. Encoding of the Streaming SIMD Extensions Cacheability Control Register Field
Instruction and Format MASKMOVQ - Byte Mask Write mmreg to mmreg MOVNTPS - Move Aligned Four Packed Single-FP Non Temporal xmmreg to mem MOVNTQ - Move 64 Bits Non Temporal mmreg to mem PREFETCHT0 - Prefetch to all cache levels PREFETCHT1 - Prefetch to all cache levels PREFETCHT2 - Prefetch to L2 cache PREFETCHNTA Prefetch to L1 cache SFENCE - Store Fence 00001111:11100111 mod mmreg r/m 00001111:00011000:01 mem 00001111:00011000:10 mem 00001111:00011000:11 mem 00001111:00011000:00 mem 00001111:10101110:11111000 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 00001111:00101011 mod xmmreg r/m n/a n/a n/a Y n/a 00001111:11110111:11 mmreg1 mmreg2 n/a n/a n/a n/a Y Encoding B n/a W n/a D n/a Q Y DQ n/a

B-35

INSTRUCTION FORMATS AND ENCODINGS

B.5. FLOATING-POINT INSTRUCTION FORMATS AND ENCODINGS

Table B-22 shows the five different formats used for floating-point instructions In all cases, instructions are at least two bytes long and begin with the bit pattern 11011.
Table B-22. General Floating-Point Instruction Formats
Instruction First Byte 1 2 3 4 5 11011 11011 11011 11011 11011 1511 d 0 0 10 OPA MF P 0 1 9 1 OPA OPA 1 1 8 1 1 1 7 mod mod 1 1 1 6 Second Byte 1 OPB OPB 1 1 5 4 3 R OP OP 2 1 0 OPB r/m r/m ST(i) Optional Fields s-i-b s-i-b disp disp

MF = Memory Format 00 32-bit real 01 32-bit integer 10 64-bit real 11 16-bit integer P = Pop 0 Do not pop stack 1 Pop stack after operation d = Destination 0 Destination is ST(0) 1 Destination is ST(i) R XOR d = 0 Destination OP Source R XOR d = 1 Source OP Destination ST(i) = Register stack element i 000 = Stack Top 001 = Second stack element 111 = Eighth stack element

The Mod and R/M fields of the ModR/M byte have the same interpretation as the corresponding fields of the integer instructions. The SIB byte and disp (displacement) are optionally present in instructions that have Mod and R/M fields. Their presence depends on the values of Mod and R/M, as for integer instructions. Table B-23 shows the formats and encodings of the floating-point instructions.

B-36

INSTRUCTION FORMATS AND ENCODINGS

Table B-23. Floating-Point Instruction Formats and Encodings

Instruction and Format F2XM1 Compute 2ST(0) 1 FABS Absolute Value FADD Add ST(0) ST(0) + 32-bit memory ST(0) ST(0) + 64-bit memory ST(d) ST(0) + ST(i) FADDP Add and Pop ST(0) ST(0) + ST(i) FBLD Load Binary Coded Decimal FBSTP Store Binary Coded Decimal and Pop FCHS Change Sign FCLEX Clear Exceptions FCMOVcc Conditional Move on EFLAG Register Condition Codes move if below (B) move if equal (E) move if below or equal (BE) move if unordered (U) move if not below (NB) move if not equal (NE) move if not below or equal (NBE) move if not unordered (NU) FCOM Compare Real 32-bit memory 64-bit memory ST(i) FCOMP Compare Real and Pop 32-bit memory 64-bit memory ST(i) FCOMPP Compare Real and Pop Twice FCOMI Compare Real and Set EFLAGS FCOMIP Compare Real, Set EFLAGS, and Pop FCOS Cosine of ST(0) FDECSTP Decrement Stack-Top Pointer FDIV Divide ST(0) ST(0) 32-bit memory ST(0) ST(0) 64-bit memory ST(d) ST(0) ST(i) FDIVP Divide and Pop ST(0) ST(0) ST(i) 11011 110 : 1111 1 ST(i) 11011 000 : mod 110 r/m 11011 100 : mod 110 r/m 11011 d00 : 1111 R ST(i) 11011 000 : mod 011 r/m 11011 100 : mod 011 r/m 11011 000 : 11 011 ST(i) 11011 110 : 11 011 001 11011 011 : 11 110 ST(i) 11011 111 : 11 110 ST(i) 11011 001 : 1111 1111 11011 001 : 1111 0110 11011 000 : mod 010 r/m 11011 100 : mod 010 r/m 11011 000 : 11 010 ST(i) 11011 010 : 11 000 ST(i) 11011 010 : 11 001 ST(i) 11011 010 : 11 010 ST(i) 11011 010 : 11 011 ST(i) 11011 011 : 11 000 ST(i) 11011 011 : 11 001 ST(i) 11011 011 : 11 010 ST(i) 11011 011 : 11 011 ST(i) 11011 110 : 11 000 ST(i) 11011 111 : mod 100 r/m 11011 111 : mod 110 r/m 11011 001 : 1110 0000 11011 011 : 1110 0010 11011 000 : mod 000 r/m 11011 100 : mod 000 r/m 11011 d00 : 11 000 ST(i) Encoding 11011 001 : 1111 0000 11011 001 : 1110 0001

B-37

INSTRUCTION FORMATS AND ENCODINGS

Table B-23. Floating-Point Instruction Formats and Encodings

Instruction and Format FDIVR Reverse Divide ST(0) 32-bit memory ST(0) ST(0) 64-bit memory ST(0) ST(d) ST(i) ST(0) FDIVRP Reverse Divide and Pop ST(0) ST(i) ST(0) FFREE Free ST(i) Register FIADD Add Integer ST(0) ST(0) + 16-bit memory ST(0) ST(0) + 32-bit memory FICOM Compare Integer 16-bit memory 32-bit memory FICOMP Compare Integer and Pop 16-bit memory 32-bit memory FIDIV ST(0) ST(0) + 16-bit memory ST(0) ST(0) + 32-bit memory FIDIVR ST(0) ST(0) + 16-bit memory ST(0) ST(0) + 32-bit memory FILD Load Integer 16-bit memory 32-bit memory 64-bit memory FIMUL ST(0) ST(0) + 16-bit memory ST(0) ST(0) + 32-bit memory FINCSTP Increment Stack Pointer FINIT Initialize Floating-Point Unit FIST Store Integer 16-bit memory 32-bit memory FISTP Store Integer and Pop 16-bit memory 32-bit memory 64-bit memory FISUB ST(0) ST(0) + 16-bit memory ST(0) ST(0) + 32-bit memory 11011 110 : mod 100 r/m 11011 010 : mod 100 r/m 11011 111 : mod 011 r/m 11011 011 : mod 011 r/m 11011 111 : mod 111 r/m 11011 111 : mod 010 r/m 11011 011 : mod 010 r/m 11011 110 : mod 001 r/m 11011 010 : mod 001 r/m 11011 001 : 1111 0111 11011 111 : mod 000 r/m 11011 011 : mod 000 r/m 11011 111 : mod 101 r/m 11011 110 : mod 111 r/m 11011 010 : mod 111 r/m 11011 110 : mod 110 r/m 11011 010 : mod 110 r/m 11011 110 : mod 011 r/m 11011 010 : mod 011 r/m 11011 110 : mod 010 r/m 11011 010 : mod 010 r/m 11011 110 : mod 000 r/m 11011 010 : mod 000 r/m 11011 110 : 1111 0 ST(i) 11011 101 : 1100 0 ST(i) 11011 000 : mod 111 r/m 11011 100 : mod 111 r/m 11011 d00 : 1111 R ST(i) Encoding

B-38

INSTRUCTION FORMATS AND ENCODINGS

Table B-23. Floating-Point Instruction Formats and Encodings

Instruction and Format FISUBR ST(0) ST(0) + 16-bit memory ST(0) ST(0) + 32-bit memory FLD Load Real 32-bit memory 64-bit memory 80-bit memory ST(i) FLD1 Load +1.0 into ST(0) FLDCW Load Control Word FLDENV Load FPU Environment FLDL2E Load log2() into ST(0) FLDL2T Load log2(10) into ST(0) FLDLG2 Load log10(2) into ST(0) FLDLN2 Load log(2) into ST(0) FLDPI Load into ST(0) FLDZ Load +0.0 into ST(0) FMUL Multiply ST(0) ST(0) 32-bit memory ST(0) ST(0) 64-bit memory ST(d) ST(0) ST(i) FMULP Multiply ST(0) ST(0) ST(i) FNOP No Operation FPATAN Partial Arctangent FPREM Partial Remainder FPREM1 Partial Remainder (IEEE) FPTAN Partial Tangent FRNDINT Round to Integer FRSTOR Restore FPU State FSAVE Store FPU State FSCALE Scale FSIN Sine FSINCOS Sine and Cosine FSQRT Square Root FST Store Real 32-bit memory 64-bit memory ST(i) FSTCW Store Control Word FSTENV Store FPU Environment 11011 001 : mod 010 r/m 11011 101 : mod 010 r/m 11011 101 : 11 010 ST(i) 11011 001 : mod 111 r/m 11011 001 : mod 110 r/m 11011 110 : 1100 1 ST(i) 11011 001 : 1101 0000 11011 001 : 1111 0011 11011 001 : 1111 1000 11011 001 : 1111 0101 11011 001 : 1111 0010 11011 001 : 1111 1100 11011 101 : mod 100 r/m 11011 101 : mod 110 r/m 11011 001 : 1111 1101 11011 001 : 1111 1110 11011 001 : 1111 1011 11011 001 : 1111 1010 11011 000 : mod 001 r/m 11011 100 : mod 001 r/m 11011 d00 : 1100 1 ST(i) 11011 001 : mod 000 r/m 11011 101 : mod 000 r/m 11011 011 : mod 101 r/m 11011 001 : 11 000 ST(i) 11011 001 : 1110 1000 11011 001 : mod 101 r/m 11011 001 : mod 100 r/m 11011 001 : 1110 1010 11011 001 : 1110 1001 11011 001 : 1110 1100 11011 001 : 1110 1101 11011 001 : 1110 1011 11011 001 : 1110 1110 11011 110 : mod 101 r/m 11011 010 : mod 101 r/m Encoding

B-39

INSTRUCTION FORMATS AND ENCODINGS

Table B-23. Floating-Point Instruction Formats and Encodings

Instruction and Format FSTP Store Real and Pop 32-bit memory 64-bit memory 80-bit memory ST(i) FSTSW Store Status Word into AX FSTSW Store Status Word into Memory FSUB Subtract ST(0) ST(0) 32-bit memory ST(0) ST(0) 64-bit memory ST(d) ST(0) ST(i) FSUBP Subtract and Pop ST(0) ST(0) ST(i) FSUBR Reverse Subtract ST(0) 32-bit memory ST(0) ST(0) 64-bit memory ST(0) ST(d) ST(i) ST(0) FSUBRP Reverse Subtract and Pop ST(i) ST(i) ST(0) FTST Test FUCOM Unordered Compare Real FUCOMP Unordered Compare Real and Pop FUCOMPP Unordered Compare Real and Pop Twice FUCOMI Unordered Compare Real and Set EFLAGS FUCOMIP Unordered Compare Real, Set EFLAGS, and Pop FXAM Examine FXCH Exchange ST(0) and ST(i) FXTRACT Extract Exponent and Significand FYL2X ST(1) log2(ST(0)) FYL2XP1 ST(1) log2(ST(0) + 1.0) FWAIT Wait until FPU Ready 11011 110 : 1110 0 ST(i) 11011 001 : 1110 0100 11011 101 : 1110 0 ST(i) 11011 101 : 1110 1 ST(i) 11011 010 : 1110 1001 11011 011 : 11 101 ST(i) 11011 111 : 11 101 ST(i) 11011 001 : 1110 0101 11011 001 : 1100 1 ST(i) 11011 001 : 1111 0100 11011 001 : 1111 0001 11011 001 : 1111 1001 1001 1011 11011 000 : mod 101 r/m 11011 100 : mod 101 r/m 11011 d00 : 1110 R ST(i) 11011 110 : 1110 1 ST(i) 11011 000 : mod 100 r/m 11011 100 : mod 100 r/m 11011 d00 : 1110 R ST(i) 11011 001 : mod 011 r/m 11011 101 : mod 011 r/m 11011 011 : mod 111 r/m 11011 101 : 11 011 ST(i) 11011 111 : 1110 0000 11011 101 : mod 111 r/m Encoding

B-40

C
Compiler Intrinsics and Functional Equivalents

APPENDIX C COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

The two tables in this chapter itemize the Intel C/C++ compiler intrinsics and functional equivalents for the MMX technology instructions and Streaming SIMD Extensions. There may be additional intrinsics that do not have an instruction equivalent. It is strongly recommended that the reader reference the compiler documentation for the complete list of supported intrinsics. Please refer to the Intel C/C++ Compiler Users Guide for Win32* Systems With Streaming SIMD Extension Support (Order Number 718195-00B). Appendix C catalogs use of these intrinsics. The Section 3.1.3., Intel C/C++ Compiler Intrinsics Equivalent of Chapter 3, Instruction Set Reference has more general supporting information for the following tables. Table C-1 presents simple intrinsics, and Table C-2 presents composite intrinsics. Some intrinsics are composites because they require more than one instruction to implement them. Most of the intrinsics that use __m64 operands have two different names. If two intrinsic names are shown for the same equivalent, the first name is the intrinsic for Intel C/C++ Compiler versions prior to 4.0 and the second name should be used with the Intel C/C++ Compiler version 4.0 and future versions. The Intel C/C++ Compiler version 4.0 will support the old intrinsic names. Programs written using pre-4.0 intrinsic names will compile with version 4.0. Version 4.0 intrinsic names will not compile on pre-4.0 compilers. Intel C/C++ Compiler version 4.0 names reflect the following naming conventions:

a "_mm" prefix, followed by a plain spelling of the operation or the actual instructions mnemonic, followed by a suffix indicating the operand type. Since there are many different types of integer data that can be contained within a __m64 data item, the following convention is used:

s - indicates scalar p - indicates packed i - indicates signed integer, or in some instructions where the sign does not matter, this is the default u - indicates an unsigned integer

8, 16, 32, or 64 - the bit size of the data elements. For example, _mm_add_pi8 indicates addition of packed, 8-bit integers; _mm_slli_pi32() is a logical left shift with an immediate shift count (the "i" after the name) of a packed, 32-bit integer.

C-1

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

C.1. SIMPLE INTRINSICS

Table C-1. Simple Intrinsics
Mnemonic
ADDPS ADDSS

Intrinsic
__m128 _mm_add_ps(__m128 a, __m128 b) __m128 _mm_add_ss(__m128 a, __m128 b)

Description
Adds the four SP FP values of a and b. Adds the lower SP FP (single-precision, floating-point) values of a and b; the upper three SP FP values are passed through from a. Computes the bitwise AND-NOT of the four SP FP values of a and b. Compare for equality. Compare for less-than. Compare for less-than-or-equal. Compare for greater-than. Compare for greater-than-or-equal. Compare for inequality. Compare for not-less-than. Compare for not-greater-than. Compare for not-greater-than-or-equal. Compare for ordered. Compare for unordered. Compare for not-less-than-or-equal. Compare for equality. Compare for less-than. Compare for less-than-or-equal. Compare for greater-than. Compare for greater-than-or-equal. Compare for inequality. Compare for not-less-than. Compare for not-greater-than. Compare for not-greater-than-or-equal. Compare for ordered. Compare for unordered. Compare for not-less-than-or-equal.

ANDPS CMPPS

__m128 _mm_andnot_ps(__m128 a, __m128 b) __m128 _mm_cmpeq_ps(__m128 a, __m128 b) __m128 _mm_cmplt_ps(__m128 a, __m128 b) __m128 _mm_cmple_ps(__m128 a, __m128 b) __m128 _mm_cmpgt_ps(__m128 a, __m128 b) __m128 _mm_cmpge_ps(__m128 a, __m128 b) __m128 _mm_cmpneq_ps(__m128 a, __m128 b) __m128 _mm_cmpnlt_ps(__m128 a, __m128 b) __m128 _mm_cmpngt_ps(__m128 a, __m128 b) __m128 _mm_cmpnge_ps(__m128 a, __m128 b) __m128 _mm_cmpord_ps(__m128 a, __m128 b) __m128 _mm_cmpunord_ps(__m128 a, __m128 b) __m128 _mm_cmpnle_ps(__m128 a, __m128 b)

CMPSS

__m128 _mm_cmpeq_ss(__m128 a, __m128 b) __m128 _mm_cmplt_ss(__m128 a, __m128 b) __m128 _mm_cmple_ss(__m128 a, __m128 b) __m128 _mm_cmpgt_ss(__m128 a, __m128 b) __m128 _mm_cmpge_ss(__m128 a, __m128 b) __m128 _mm_cmpneq_ss(__m128 a, __m128 b) __m128 _mm_cmpnlt_ss(__m128 a, __m128 b) __m128 _mm_cmpnle_ss(__m128 a, __m128 b) __m128 _mm_cmpngt_ss(__m128 a, __m128 b) __m128 _mm_cmpnge_ss(__m128 a, __m128 b) __m128 _mm_cmpord_ss(__m128 a, __m128 b) __m128 _mm_cmpunord_ss(__m128 a, __m128 b)

C-2

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

Table C-1. Simple Intrinsics

Mnemonic
COMISS

Intrinsic
int _mm_comieq_ss(__m128 a, __m128 b)

Description
Compares the lower SP FP value of a and b for a equal to b. If a and b are equal, 1 is returned. Otherwise 0 is returned. Compares the lower SP FP value of a and b for a less than b. If a is less than b, 1 is returned. Otherwise 0 is returned. Compares the lower SP FP value of a and b for a less than or equal to b. If a is less than or equal to b, 1 is returned. Otherwise 0 is returned. Compares the lower SP FP value of a and b for a greater than b. If a is greater than b are equal, 1 is returned. Otherwise 0 is returned. Compares the lower SP FP value of a and b for a greater than or equal to b. If a is greater than or equal to b, 1 is returned. Otherwise 0 is returned. Compares the lower SP FP value of a and b for a not equal to b. If a and b are not equal, 1 is returned. Otherwise 0 is returned. Convert the two 32-bit integer values in packed form in b to two SP FP values; the upper two SP FP values are passed through from a. Convert the two lower SP FP values of a to two 32-bit integers according to the current rounding mode, returning the integers in packed form. Convert the 32-bit integer value b to an SP FP value; the upper three SP FP values are passed through from a. Convert the lower SP FP value of a to a 32bit integer with truncation. Convert the two lower SP FP values of a to two 32-bit integer with truncation, returning the integers in packed form. Convert the lower SP FP value of a to a 32bit integer according to the current rounding mode. Convert the integer object i to a 64-bit __m64 object. The integer value is zero extended to 64 bits. Convert the lower 32 bits of the __m64 object m to an integer. Divides the four SP FP values of a and b. Divides the lower SP FP values of a and b; the upper three SP FP values are passed through from a. Clears the MMX technology state.

int _mm_comilt_ss(m128 a, m128 b)

int _mm_comile_ss(m128 a, m128 b)

int _mm_comigt_ss(m128 a, m128 b)

int _mm_comige_ss(m128 a, m128 b)

int _mm_comineq_ss(m128 a, m128 b)

CVTPI2PS

__m128 _mm_cvt_pi2ps(m128 a, m64 b) __m128 _mm_cvtpi32_ps(m128 a, m64b)

CVTPS2PI

__m64 _mm_cvt_ps2pi(m128 a) m64 _mm_cvtps_pi32(__m128 a)

CVTSI2SS

__m128 _mm_cvt_si2ss(__m128 a, int b) __m128 _mm_cvtsi32_ss(__m128a, int b) int _mm_cvt_ss2si(__m128 a) int _mm_cvtss_si32(__m128 a) __m64 _mm_cvtt_ps2pi(__m128 a) __m64 _mm_cvttps_pi32(__m128 a) int _mm_cvtt_ss2si(__m128 a) int _mm_cvttss_si32(__m128 a) __m64 _m_from_int(int i) __m64 _mm_cvtsi32_si64(int i) int _m_to_int(__m64 m) int _mm_cvtsi64_si32(__m64 m)

CVTSS2SI CVTTPS2PI

CVTTSS2SI

DIVPS DIVSS

__m128 _mm_div_ps(m128 a, m128 b) __m128 _mm_div_ss(m128 a, m128 b)

EMMS

void _m_empty() void _mm_empty()

C-3

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

Table C-1. Simple Intrinsics

Mnemonic
LDMXCSR MASKMOVQ

Intrinsic
_mm_setcsr(unsigned int i) void _m_maskmovq(__m64 d, __m64 n, char * p) void _mm_maskmove_si64(__m64 d, __m64 n, char *p)

Description
Sets the control register to the value specified. Conditionally store byte elements of d to address p. The high bit of each byte in the selector n determines whether the corresponding byte in d will be stored. Computes the maximums of the four SP FP values of a and b. Computes the maximum of the lower SP FP values of a and b; the upper three SP FP values are passed through from a. Computes the minimums of the four SP FP values of a and b. Computes the minimum of the lower SP FP values of a and b; the upper three SP FP values are passed through from a. Loads four SP FP values. The address must be 16-byte-aligned. Stores four SP FP values. The address must be 16-byte-aligned. Moves the upper 2 SP FP values of b to the lower 2 SP FP values of the result. The upper 2 SP FP values of a are passed through to the result. Sets the upper two SP FP values with 64 bits of data loaded from the address p; the lower two values are passed through from a. Stores the upper two SP FP values of a to the address p. Sets the lower two SP FP values with 64 bits of data loaded from the address p; the upper two values are passed through from a. Stores the lower two SP FP values of a to the address p. Moves the lower 2 SP FP values of b to the upper 2 SP FP values of the result. The lower 2 SP FP values of a are passed through to the result. Creates a 4-bit mask from the most significant bits of the four SP FP values. Stores the data in a to the address p without polluting the caches. The address must be 16-byte-aligned. Stores the data in a to the address p without polluting the caches.

MAXPS MAXSS

__m128 _mm_max_ps(m128 a, m128 b) __m128 _mm_max_ss(m128 a, m128 b)

MINPS MINSS

__m128 _mm_min_ps(m128 a, m128 b) __m128 _mm_min_ss(m128 a, m128 b)

MOVAPS

__m128 _mm_load_ps(float * p) void_mm_store_ps(float *p, __m128 a)

MOVHLPS

__m128 _mm_movehl_ps(m128 a, m128 b)

MOVHPS

__m128 _mm_loadh_pi(m128 a, m64 * p)

void_mm_storeh_pi(m64 * p, m128 a) MOVLPS __m128 _mm_loadl_pi(m128 a, m64 *p)

void_mm_storel_pi(m64 * p, m128 a) MOVLHPS __m128 _mm_movelh_ps(m128 a, m128 b)

MOVMSKPS MOVNTPS

int_mm_movemask_ps(__m128 a) void_mm_stream_ps(float * p, __m128 a)

MOVNTQ

void_mm_stream_pi(__m64 * p, __m64 a)

C-4

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

Table C-1. Simple Intrinsics

Mnemonic
MOVSS

Intrinsic
__m128 _mm_load_ss(float * p) void_mm_store_ss(float * p, __m128 a) __m128 _mm_move_ss(__m128 a, __m128 b)

Description
Loads an SP FP value into the low word and clears the upper three words. Stores the lower SP FP value. Sets the low word to the SP FP value of b. The upper 3 SP FP values are passed through from a. Loads four SP FP values. The address need not be 16-byte-aligned. Stores four SP FP values. The address need not be 16-byte-aligned. Multiplies the lower SP FP values of a and b; the upper three SP FP values are passed through from a. Computes the bitwise OR of the four SP FP values of a and b. Pack the four 16-bit values from m1 into the lower four 8-bit values of the result with signed saturation, and pack the four 16-bit values from m2 into the upper four 8-bit values of the result with signed saturation. Pack the two 32-bit values from m1 into the lower two 16-bit values of the result with signed saturation, and pack the two 32-bit values from m2 into the upper two 16-bit values of the result with signed saturation. Pack the four 16-bit values from m1 into the lower four 8-bit values of the result with unsigned saturation, and pack the four 16bit values from m2 into the upper four 8-bit values of the result with unsigned saturation. Add the eight 8-bit values in m1 to the eight 8-bit values in m2. Add the four 16-bit values in m1 to the four 16-bit values in m2. Add the two 32-bit values in m1 to the two 32-bit values in m2. Add the eight signed 8-bit values in m1 to the eight signed 8-bit values in m2 and saturate. Add the four signed 16-bit values in m1 to the four signed 16-bit values in m2 and saturate. Add the eight unsigned 8-bit values in m1 to the eight unsigned 8-bit values in m2 and saturate. Add the four unsigned 16-bit values in m1 to the four unsigned 16-bit values in m2 and saturate. Perform a bitwise AND of the 64-bit value in m1 with the 64-bit value in m2.

MOVUPS

__m128 _mm_loadu_ps(float * p) void_mm_storeu_ps(float *p, __m128 a)

MULSS

__m128 _mm_mul_ss(m128 a, m128 b)

ORPS PACKSSWB

__m128 _mm_or_ps(__m128 a, __m128 b) __m64 _m_packsswb (__m64 m1, __m64 m2) __m64 _mm_packs_pi16(__m64 m1, __m64 m2)

PACKSSDW

__m64 _m_packssdw (__m64 m1, __m64 m2) __m64 _mm_packs_pi32 (__m64 m1, __m64 m2)

PACKUSWB

__m64 _m_packuswb(__m64 m1, __m64 m2) __m64 _mm_packs_pu16(__m64 m1, __m64 m2)

PADDB PADDW PADDD PADDSB

__m64 _m_paddb(__m64 m1, __m64 m2) __m64 _mm_add_pi8(__m64 m1, __m64 m2) __m64 _m_paddw(__m64 m1, __m64 m2) __m64 _mm_addw_pi16__m64 m1, __m64 m2) __m64 _m_paddd(__m64 m1, __m64 m2) __m64 _mm_add_pi32(__m64 m1, __m64 m2) __m64 _m_paddsb(__m64 m1, __m64 m2) __m64 _mm_adds_pi8(__m64 m1, __m64 m2) __m64 _m_paddsw(__m64 m1, __m64 m2) __m64 _mm_adds_pi16(__m64 m1, __m64 m2) __m64 _m_paddusb(__m64 m1, __m64 m2) __m64 _mm_adds_pu8(__m64 m1, __m64 m2) __m64 _m_paddusw(__m64 m1, __m64 m2) __m64 _mm_adds_pu16(__m64 m1, __m64 m2) __m64 _m_pand(__m64 m1, __m64 m2) __m64 _mm_and_si64(__m64 m1, __m64 m2)

PADDSW

PADDUSB

PADDUSW

PAND

C-5

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

Table C-1. Simple Intrinsics

Mnemonic
PANDN

Intrinsic
__m64 _m_pandn(__m64 m1, __m64 m2) __m64 _mm_andnot_si64(__m64 m1, __m64 m2) __m64 _mm_pavgb(__m64 a, __m64 b) __m64 _mm_avg_pu8(__m64 a, __m64 b) __m64 _mm_pavgw(__m64 a, __m64 b) __m64 _mm_avg_pu16(__m64 a, __m64 b) __m64 _m_pcmpeqb (__m64 m1, __m64 m2) __m64 _mm_cmpeq_pi8(__m64 m1, __m64 m2)

Description
Perform a logical NOT on the 64-bit value in m1 and use the result in a bitwise AND with the 64-bit value in m2. Perform the packed average on the eight 8bit values of the two operands. Perform the packed average on the four 16-bit values of the two operands. If the respective 8-bit values in m1 are equal to the respective 8-bit values in m2 set the respective 8-bit resulting values to all ones, otherwise set them to all zeroes. If the respective 16-bit values in m1 are equal to the respective 16-bit values in m2 set the respective 16-bit resulting values to all ones, otherwise set them to all zeroes. If the respective 32-bit values in m1 are equal to the respective 32-bit values in m2 set the respective 32-bit resulting values to all ones, otherwise set them to all zeroes. If the respective 8-bit values in m1 are greater than the respective 8-bit values in m2 set the respective 8-bit resulting values to all ones, otherwise set them to all zeroes. If the respective 16-bit values in m1 are greater than the respective 16-bit values in m2 set the respective 16-bit resulting values to all ones, otherwise set them to all zeroes. If the respective 32-bit values in m1 are greater than the respective 32-bit values in m2 set the respective 32-bit resulting values to all ones, otherwise set them all to zeroes. Extracts one of the four words of a. The selector n must be an immediate. Inserts word d into one of four words of a. The selector n must be an immediate. Multiply four 16-bit values in m1 by four 16bit values in m2 producing four 32-bit intermediate results, which are then summed by pairs to produce two 32-bit results. Computes the element-wise maximum of the words in a and b. Computes the element-wise maximum of the unsigned bytes in a and b. Computes the element-wise minimum of the words in a and b. Computes the element-wise minimum of the unsigned bytes in a and b. Creates an 8-bit mask from the most significant bits of the bytes in a.

PAVGB PAVGW PCMPEQB

PCMPEQW

__m64 _m_pcmpeqw (__m64 m1, __m64 m2) __m64 _mm_cmpeq_pi16 (__m64 m1, __m64 m2)

PCMPEQD

__m64 _m_pcmpeqd (__m64 m1, __m64 m2) __m64 _mm_cmpeq_pi32(__m64 m1, __m64 m2)

PCMPGTB

__m64 _m_pcmpgtb (__m64 m1, __m64 m2) __m64 _mm_cmpgt_pi8 (__m64 m1, __m64 m2)

PCMPGTW

__m64 _m_pcmpgtw (__m64 m1, __m64 m2) __m64 _m_cmpgt_pi16 (__m64 m1, __m64 m2)

PCMPGTD

__m64 _m_pcmpgtd (__m64 m1, __m64 m2) __m64 _mm_cmpgt_pi32(__m64 m1, __m64 m2)

PEXTRW PINSRW PMADDWD

int _m_pextrw(__m64 a, int n) int _mm_extract_pi16(__m64 a, int n) __m64 _m_pinsrw(__m64 a, int d, int n) __m64 _mm_insert_pi16(__m64 a, int d, int n) __m64 _m_pmaddwd(__m64 m1, __m64 m2) __m64 _mm_madd_pi16(__m64 m1, __m64 m2)

PMAXSW PMAXUB PMINSW PMINUB PMOVMSKB

__m64 _m_pmaxsw(__m64 a, __m64 b) __m64 _mm_max_pi16(__m64 a, __m64 b) __m64 _m_pmaxub(__m64 a, __m64 b) __m64 _mm_max_pu8(__m64 a, __m64 b) __m64 _m_pminsw(__m64 a, __m64 b) __m64 _mm_min_pi16(__m64 a, __m64 b) __m64 _m_pminub(__m64 a, __m64 b) __m64 _m_min_pu8(__m64 a, __m64 b) int _m_pmovmskb(__m64 a) int _mm_movemask_pi8(__m64 a)

C-6

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

Table C-1. Simple Intrinsics

Mnemonic
PMULHUW

Intrinsic
__m64 _m_pmulhuw(__m64 a, __m64 b) __m64 _mm_mulhi_pu16(__m64 a, __m64 b) __m64 _m_pmulhw(__m64 m1, __m64 m2) __m64 _mm_mulhi_pi16(__m64 m1, __m64 m2) __m64 _m_pmullw(__m64 m1, __m64 m2) __m64 _mm_mullo_pi16(__m64 m1, __m64 m2) __m64 _m_por(__m64 m1, __m64 m2) __m64 _mm_or_si64(__m64 m1, __m64 m2) void _mm_prefetch(char *a, int sel)

Description
Multiplies the unsigned words in a and b, returning the upper 16 bits of the 32-bit intermediate results. Multiply four signed 16-bit values in m1 by four signed 16-bit values in m2 and produce the high 16 bits of the four results. Multiply four 16-bit values in m1 by four 16bit values in m2 and produce the low 16 bits of the four results. Perform a bitwise OR of the 64-bit value in m1 with the 64-bit value in m2. Loads one cache line of data from address p to a location "closer" to the processor. The value i specifies the type of prefetch operation. Returns a combination of the four words of a. The selector n must be an immediate. Shift four 16-bit values in m left the amount specified by count while shifting in zeroes. Shift four 16-bit values in m left the amount specified by count while shifting in zeroes. For the best performance, count should be a constant. Shift two 32-bit values in m left the amount specified by count while shifting in zeroes. Shift two 32-bit values in m left the amount specified by count while shifting in zeroes. For the best performance, count should be a constant. Shift the 64-bit value in m left the amount specified by count while shifting in zeroes. Shift the 64-bit value in m left the amount specified by count while shifting in zeroes. For the best performance, count should be a constant. Shift four 16-bit values in m right the amount specified by count while shifting in the sign bit. Shift four 16-bit values in m right the amount specified by count while shifting in the sign bit. For the best performance, count should be a constant. Shift two 32-bit values in m right the amount specified by count while shifting in the sign bit. Shift two 32-bit values in m right the amount specified by count while shifting in the sign bit. For the best performance, count should be a constant.

PMULHW

PMULLW

POR PREFETCH

PSHUFW PSLLW

__m64 _m_psadbw(__m64 a, __m64 b) __m64 _mm_sad_pu8(__m64 a, __m64 b) __m64 _m_pshufw(__m64 a, int n) __m64 _mm_shuffle_pi16(__m64 a, int n) __m64 _m_psllw(__m64 m, __m64 count) __m64 _mm_sll_pi16(__m64 m, __m64 count)

PSLLD

__m64 _m_psllwi (__m64 m, int count) __m64 _m_slli_pi16(__m64 m, int count) __m64 _m_pslld (__m64 m, __m64 count) __m64 _m_sll_pi32(__m64 m, __m64 count)

PSLLQ

__m64 _m_psllq (__m64 m, __m64 count) __m64 _mm_sll_si64(__m64 m, __m64 count) __m64 _m_psllqi (__m64 m, int count) __m64 _mm_slli_si64(__m64 m, int count)

PSRAW

__m64 _m_psraw (__m64 m, __m64 count) __m64 _mm_sra_pi16(__m64 m, __m64 count) __m64 _m_psrawi (__m64 m, int count) __m64 _mm_srai_pi16(__m64 m, int count)

PSRAD

__m64 _m_psrad (__m64 m, __m64 count) __m64 _mm_sra_pi32 (__m64 m, __m64 count) __m64 _m_psradi (__m64 m, int count) __m64 _mm_srai_pi32 (__m64 m, int count)

C-7

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

Table C-1. Simple Intrinsics

Mnemonic
PSRLW

Intrinsic
__m64 _m_psrlw (__m64 m, __m64 count) __m64 _mm_srl_pi16 (__m64 m, __m64 count) __m64 _m_psrlwi (__m64 m, int count) __m64 _mm_srli_pi16(__m64 m, int count)

Description
Shift four 16-bit values in m right the amount specified by count while shifting in zeroes. Shift four 16-bit values in m right the amount specified by count while shifting in zeroes. For the best performance, count should be a constant. Shift two 32-bit values in m right the amount specified by count while shifting in zeroes. Shift two 32-bit values in m right the amount specified by count while shifting in zeroes. For the best performance, count should be a constant. Shift the 64-bit value in m right the amount specified by count while shifting in zeroes. Shift the 64-bit value in m right the amount specified by count while shifting in zeroes. For the best performance, count should be a constant. Subtract the eight 8-bit values in m2 from the eight 8-bit values in m1. Subtract the four 16-bit values in m2 from the four 16-bit values in m1. Subtract the two 32-bit values in m2 from the two 32-bit values in m1. Subtract the eight signed 8-bit values in m2 from the eight signed 8-bit values in m1 and saturate. Subtract the four signed 16-bit values in m2 from the four signed 16-bit values in m1 and saturate. Subtract the eight unsigned 8-bit values in m2 from the eight unsigned 8-bit values in m1 and saturate. Subtract the four unsigned 16-bit values in m2 from the four unsigned 16-bit values in m1 and saturate. Interleave the four 8-bit values from the high half of m1 with the four values from the high half of m2 and take the least significant element from m1. Interleave the two 16-bit values from the high half of m1 with the two values from the high half of m2 and take the least significant element from m1. Interleave the 32-bit value from the high half of m1 with the 32-bit value from the high half of m2 and take the least significant element from m1. Interleave the four 8-bit values from the low half of m1 with the four values from the low half of m2 and take the least significant element from m1.

PSRLD

__m64 _m_psrld (__m64 m, __m64 count) __m64 _mm_srl_pi32 (__m64 m, __m64 count) __m64 _m_psrldi (__m64 m, int count) __m64 _mm_srli_pi32 (__m64 m, int count)

PSRLQ

__m64 _m_psrlq (__m64 m, __m64 count) __m64 _mm_srl_si64 (__m64 m, __m64 count) __m64 _m_psrlqi (__m64 m, int count) __m64 _mm_srli_si64 (__m64 m, int count)

PSUBB PSUBW PSUBD PSUBSB

__m64 _m_psubb(__m64 m1, __m64 m2) __m64 _mm_sub_pi8(__m64 m1, __m64 m2) __m64 _m_psubw(__m64 m1, __m64 m2) __m64 _mm_sub_pi16(__m64 m1, __m64 m2) __m64 _m_psubd(__m64 m1, __m64 m2) __m64 _mm_sub_pi32(__m64 m1, __m64 m2) __m64 _m_psubsb(__m64 m1, __m64 m2) __m64 _mm_subs_pi8(__m64 m1, __m64 m2) __m64 _m_psubsw(__m64 m1, __m64 m2) __m64 _mm_subs_pi16(__m64 m1, __m64 m2) __m64 _m_psubusb(__m64 m1, __m64 m2) __m64 _mm_sub_pu8(__m64 m1, __m64 m2) __m64 _m_psubusw(__m64 m1, __m64 m2) __m64 _mm_sub_pu16(__m64 m1, __m64 m2) __m64 _m_punpckhbw (__m64 m1, __m64 m2) __m64 _mm_unpackhi_pi8(__m64 m1, __m64 m2)

PSUBSW

PSUBUSB

PSUBUSW

PUNPCKHBW

PUNPCKHWD

__m64 _m_punpckhwd (__m64 m1, __m64 m2) __m64 _mm_unpackhi_pi16(__m64 m1,__m64 m2)

PUNPCKHDQ

__m64 _m_punpckhdq (__m64 m1, __m64 m2) __m64 _mm_unpackhi_pi32(__m64 m1, __m64 m2)

PUNPCKLBW

__m64 _m_punpcklbw (__m64 m1, __m64 m2) __m64 _mm_unpacklo_pi8 (__m64 m1, __m64 m2)

C-8

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

Table C-1. Simple Intrinsics

Mnemonic
PUNPCKLWD

Intrinsic
__m64 _m_punpcklwd (__m64 m1, __m64 m2) __m64 _mm_unpacklo_pi16(__m64 m1, __m64 m2)

Description
Interleave the two 16-bit values from the low half of m1 with the two values from the low half of m2 and take the least significant element from m1. Interleave the 32-bit value from the low half of m1 with the 32-bit value from the low half of m2 and take the least significant element from m1. Perform a bitwise XOR of the 64-bit value in m1 with the 64-bit value in m2. Computes the approximations of the reciprocals of the four SP FP values of a. Computes the approximation of the reciprocal of the lower SP FP value of a; the upper three SP FP values are passed through. Computes the approximations of the reciprocals of the square roots of the four SP FP values of a. Computes the approximation of the reciprocal of the square root of the lower SP FP value of a; the upper three SP FP values are passed through. Guarantees that every preceding store is globally visible before any subsequent store. Selects four specific SP FP values from a and b, based on the mask i. The mask must be an immediate. Computes the square roots of the four SP FP values of a. Computes the square root of the lower SP FP value of a; the upper three SP FP values are passed through. Returns the contents of the control register. Subtracts the four SP FP values of a and b. Subtracts the lower SP FP values of a and b. The upper three SP FP values are passed through from a.

PUNPCKLDQ

__m64 _m_punpckldq (__m64 m1, __m64 m2) __m64 _mm_unpacklo_pi32(__m64 m1, __m64 m2)

PXOR RCPPS RCPSS

__m64 _m_pxor(__m64 m1, __m64 m2) __m64 _mm_xor_si64(__m64 m1, __m64 m2) __m128 _mm_rcp_ps(__m128 a) __m128 _mm_rcp_ss(__m128 a)

RSQRTPS

__m128 _mm_rsqrt_ps(__m128 a)

RSQRTSS

__m128 _mm_rsqrt_ss(__m128 a)

SFENCE

void_mm_sfence(void)

SHUFPS

__m128 _mm_shuffle_ps(__m128 a, __m128 b, unsigned int imm8) __m128 _mm_sqrt_ps(__m128 a) __m128 _mm_sqrt_ss(__m128 a)

SQRTPS SQRTSS

STMXCSR SUBPS SUBSS

_mm_getcsr(void) __m128 _mm_sub_ps(m128 a, m128 b) __m128 _mm_sub_ss(m128 a, m128 b)

C-9

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

Table C-1. Simple Intrinsics

Mnemonic
UCOMISS

Intrinsic
_mm_ucomieq_ss(__m128 a, __m128 b)

_mm_ucomilt_ss(__m128 a, __m128 b)

_mm_ucomile_ss(__m128 a, __m128 b)

_mm_ucomigt_ss(__m128 a, __m128 b)

_mm_ucomige_ss(__m128 a, __m128 b)

_mm_ucomineq_ss(__m128 a, __m128 b)

UNPCKHPS UNPCKLPS XORPS

__m128 _mm_unpackhi_ps(m128 a, m128 b) __m128 _mm_unpacklo_ps(m128 a, m128 b) __m128 _mm_xor_ps(m128 a, m128 b)

C-10

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

C.2. COMPOSITE INTRINSICS

Table C-2. Composite Intrinsics
Mnemonic
(composite) (composite) (composite) (composite) MOVSS + shuffle MOVAPS + shuffle MOVSS + shuffle MOVAPS + shuffle

Intrinsic
__m128 _mm_set_ps1(float w) __m128_set1_ps(float w) __m128 _mm_set_ps(float z, float y, float x, float w) __m128 _mm_setr_ps(float z, float y, float x, float w) __m128 _mm_setzero_ps(void) __m128 _mm_load_ps1(float * p) __m128 _mm_load1_ps(float *p) __m128 _mm_loadr_ps(float * p) void _mm_store_ps1(float * p, __m128 a) void _mm_store1_ps(float *p, __m128 a) _mm_storer_ps(float * p, __m128 a)

Description
Sets the four SP FP values to w. Sets the four SP FP values to the four inputs. Sets the four SP FP values to the four inputs in reverse order. Clears the four SP FP values. Loads a single SP FP value, copying it into all four words. Loads four SP FP values in reverse order. The address must be 16-byte-aligned. Stores the lower SP FP value across four words. Stores four SP FP values in reverse order. The address must be 16-byte-aligned.

C-11

COMPILER INTRINSICS AND FUNCTIONAL EQUIVALENTS

C-12

Index

INDEX
Numerics
36-bit Page Size Extension flag, CPUID instruction. . . . . . . . . . . . . . . . . . . .3-115

C
Caches, invalidating (flushing) . . . . . .3-318, 3-708 Call gate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-337 CALL instruction . . . . . . . . . . . . . . . . . . . . . . . 3-53 Calls (see Procedure calls) CBW instruction . . . . . . . . . . . . . . . . . . . . . . . 3-64 CDQ instruction . . . . . . . . . . . . . . . . . . . . . . . 3-65 CF (carry) flag, EFLAGS register 3-21, 3-23, 3-45, 3-47, 3-49, 3-51, 3-66, 3-71, 3-146, 3-296, 3-301, 3-448, 3-592, 3-627, 3-640, 3-643, 3-662, 3-673 Classify floating-point value, FPU operation. 3-271 CLC instruction . . . . . . . . . . . . . . . . . . . . . . . . 3-66 CLD instruction . . . . . . . . . . . . . . . . . . . . . . . . 3-67 CLI instruction. . . . . . . . . . . . . . . . . . . . . . . . . 3-68 CLTS instruction . . . . . . . . . . . . . . . . . . . . . . . 3-70 CMC instruction . . . . . . . . . . . . . . . . . . . . . . . 3-71 CMOV flag, CPUID instruction . . . . . . . . . . . 3-115 CMOVcc instruction . . . . . . . . . . . . . . . . . . . . 3-72 CMOVcc instructions . . . . . . . . . . . . . .3-72, 3-115 CMP instruction . . . . . . . . . . . . . . . . . . . . . . . 3-76 CMPPS instruction . . . . . . . . . . . . . . . . . . . . . 3-78 CMPS instruction . . . . . . . . . . . . . . . . .3-87, 3-605 CMPSB instruction . . . . . . . . . . . . . . . . . . . . . 3-87 CMPSD instruction . . . . . . . . . . . . . . . . . . . . . 3-87 CMPSS instruction . . . . . . . . . . . . . . . . . . . . . 3-90 CMPSW instruction . . . . . . . . . . . . . . . . . . . . 3-87 CMPXCHG instruction . . . . . . . . . . . .3-100, 3-367 CMPXCHG8B instruction . . . . . . . . . . . . . . . 3-102 COMISS instruction . . . . . . . . . . . . . . . . . . . 3-104 Compatibility, software . . . . . . . . . . . . . . . . . . . 1-6 Compiler functional equivalents . . . . . . . . . . 1, C-1 Compiler intrinsics . . . . . . . . . . . . . . . . . . . . 1, C-1 composite . . . . . . . . . . . . . . . . . . . . . . . . . C-11 simple . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2 Condition code flags, EFLAGS register . . . . . 3-72 Condition code flags, FPU status word flags affected by instructions. . . . . . . . . . . 3-12 setting . . . . . . . . . . . . . . . . 3-265, 3-267, 3-271 Conditional jump. . . . . . . . . . . . . . . . . . . . . . 3-329 Conditional Move and Compare flag, CPUID instruction. . . . . . . . . . . . . 3-115 Conforming code segment . . . . . . . . .3-337, 3-342 Constants (floating point) loading . . . . . . . . . 3-210 Control registers, moving values to and from 3-407 Cosine, FPU operation . . . . . . . . . . . .3-186, 3-242 CPL. . . . . . . . . . . . . . . . . . . . . . . . . . . .3-68, 3-704 CPUID instruction . . . . . . . . . . . . . . . . . . . . . 3-111 CPUID instruction flags . . . . . . . . . . . . . . . . 3-114 CR0 control register . . . . . . . . . . . . . . . . . . . 3-654 CS register . . . . . . . . . .3-53, 3-306, 3-321, 3-333, 3-402, 3-531 CS segment override prefix . . . . . . . . . . . . . . . 2-2

A
AAA instruction. . . . . . . . . . . . . . . . . . . . . . . . .3-17 AAD instruction . . . . . . . . . . . . . . . . . . . . . . . .3-18 AAM instruction . . . . . . . . . . . . . . . . . . 3-19, 3-681 AAS instruction. . . . . . . . . . . . . . . . . . . 3-20, 3-685 Abbreviations, opcode key . . . . . . . . . . . . . . . . A-1 Access rights, segment descriptor . . . . . . . . .3-342 ADC instruction . . . . . . . . . . . . . . . . . . 3-21, 3-367 ADD instruction . . . . . . . 3-21, 3-23, 3-143, 3-367 ADDPS instruction . . . . . . . . . . . . . . . . . . . . . .3-25 Address size attribute override prefix. . . . . . . . .2-2 Address size override prefix. . . . . . . . . . . . . . . .2-2 Addressing methods codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 operand codes . . . . . . . . . . . . . . . . . . . . . . A-3 register codes . . . . . . . . . . . . . . . . . . . . . . . A-3 Addressing, segments . . . . . . . . . . . . . . . . . . . .1-7 ADDSS instruction . . . . . . . . . . . . . . . . . . . . . .3-27 Advanced Programmable Interrupt Controller (see APIC) AND instruction . . . . . . . . . . . . . . . . . . 3-30, 3-367 ANDNPS instruction. . . . . . . . . . . . . . . . . . . . .3-32 ANDPS instruction . . . . . . . . . . . . . . . . . . . . . .3-34 APIC CPUID instruction flag . . . . . . . . . . . . .3-114 Arctangent, FPU operation. . . . . . . . . . . . . . .3-221 ARPL instruction . . . . . . . . . . . . . . . . . . . . . . .3-36

B
B (default stack size) flag, segment descriptor . . . . . . . . . . . . . . 3-531, 3-581 Base (operand addressing) . . . . . . . . . . . . . . . .2-3 BCD integers packed . . . . . . . . . 3-143, 3-145, 3-169, 3-171 unpacked 3-17, 3-18, 3-19, 3-20, 3-681, 3-685 Binary numbers . . . . . . . . . . . . . . . . . . . . . . . . .1-7 Binary-coded decimal (see BCD) Bit order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5 BOUND instruction. . . . . . . . . . . . . . . . . . . . . .3-38 BOUND range exceeded exception (#BR). . . .3-38 BSF instruction. . . . . . . . . . . . . . . . . . . . . . . . .3-40 BSR instruction . . . . . . . . . . . . . . . . . . . . . . . .3-42 BSWAP instruction. . . . . . . . . . . . . . . . . . . . . .3-44 BT instruction . . . . . . . . . . . . . . . . . . . . . . . . . .3-45 BTC instruction. . . . . . . . . . . . . . . . . . . 3-47, 3-367 BTR instruction. . . . . . . . . . . . . . . . . . . 3-49, 3-367 BTS instruction. . . . . . . . . . . . . . . . . . . 3-51, 3-367 Byte order. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5

INDEX-1

INDEX

Current privilege level (see CPL) CVTPI2PS instruction . . . . . . . . . . . . . . . . . .3-119 CVTPS2PI instruction . . . . . . . . . . . . . . . . . .3-123 CVTSI2SS instruction . . . . . . . . . . . . . . . . . .3-127 CVTSS2SI instruction . . . . . . . . . . . . . . . . . .3-130 CVTTPS2PI instruction . . . . . . . . . . . . . . . . .3-133 CVTTSS2SI instruction . . . . . . . . . . . . . . . . .3-137 CWD instruction . . . . . . . . . . . . . . . . . . . . . . .3-141 CWDE instruction (see CBW instruction) CX8 flag, CPUID instruction. . . . . . . . . . . . . .3-114

D
D (default operation size) flag, segment descriptor 3-531, 3-536, 3-581 DAA instruction . . . . . . . . . . . . . . . . . . . . . . .3-143 DAS instruction . . . . . . . . . . . . . . . . . . . . . . .3-145 DE flag, CPUID instruction. . . . . . . . . . . . . . .3-114 Debug registers, moving value to and from . .3-409 Debugging Extensions flag, CPUID instruction . . . . . . . . . . . . .3-114 DEC instruction . . . . . . . . . . . . . . . . . 3-146, 3-367 Denormal number (see Denormalized finite number) Denormalized finite number . . . . . . . . . . . . . .3-271 DF (direction) flag, EFLAGS register . . 3-67, 3-88, 3-303, 3-369, 3-435, 3-465, 3-629, 3-663 Displacement (operand addressing) . . . . . . . . .2-3 DIV instruction . . . . . . . . . . . . . . . . . . . . . . . .3-148 Divide error exception (#DE) . . . . . . . . . . . . .3-148 DIVPS instruction . . . . . . . . . . . . . . . . . . . . . .3-151 DIVSS instruction . . . . . . . . . . . . . . . . . . . . . .3-154 DS register . . . . . 3-87, 3-349, 3-369, 3-435, 3-465 DS segment override prefix . . . . . . . . . . . . . . . .2-2

instruction prefixes, cacheability control instruction behavior . . . . . . . . . . . . . . . B-25 integer instruction . . . . . . . . . . . . . . . . . . . . B-6 MMX instructions. . . . . . . . . . . . . . . . . . . . B-19 MMX instructions, general-purpose register fields . . . . . . . . . . . . . . . . . . . . B-19 notations . . . . . . . . . . . . . . . . . . . . . . . . . . B-26 SIMD floating-point register field . . . . . . . . B-27 SIMD integer instruction behavior . . . . . . . B-25 SIMD-integer register field . . . . . . . . . . . . B-34 Streaming SIMD Extension formats and encodings table . . . . . . . . . . . . . . . . . . B-24 Streaming SIMD Extensions cacheability control register field . . . . . . . . . . . . . . . . . . . . . B-35 ENTER instruction . . . . . . . . . . . . . . . . . . . . 3-158 ES register . . . . 3-87, 3-349, 3-465, 3-629, 3-668 ES segment override prefix . . . . . . . . . . . . . . . 2-2 ESI register. . . . 3-87, 3-369, 3-435, 3-465, 3-663 ESP register . . . . . . . . . . . . . . . . . . . . .3-54, 3-532 Exceptions BOUND range exceeded (#BR) . . . . . . . . 3-38 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 overflow exception (#OF) . . . . . . . . . . . . 3-306 returning from . . . . . . . . . . . . . . . . . . . . . 3-321 Exponent extracting from floating-point number . . . 3-285 Extract exponent and significand, FPU operation . . . . . . . . . . . . . . . 3-285

F
F2XM1 instruction. . . . . . . . . . . . . . . .3-161, 3-285 FABS instruction. . . . . . . . . . . . . . . . . . . . . . 3-163 FADD instruction . . . . . . . . . . . . . . . . . . . . . 3-165 FADDP instruction . . . . . . . . . . . . . . . . . . . . 3-165 Far call, CALL instruction . . . . . . . . . . . . . . . . 3-53 Far pointer, loading. . . . . . . . . . . . . . . . . . . . 3-349 Far return, RET instruction . . . . . . . . . . . . . . 3-608 Fast FP/MMX Technology/Streaming SIMD Extensions save/restore CPUID flag, instruction 3-115 Fast System Call flag, CPUID instruction . . . 3-115 FBLD instruction . . . . . . . . . . . . . . . . . . . . . . 3-169 FBSTP instruction. . . . . . . . . . . . . . . . . . . . . 3-171 FCHS instruction . . . . . . . . . . . . . . . . . . . . . 3-174 FCLEX instruction. . . . . . . . . . . . . . . . . . . . . 3-176 FCMOVcc instructions . . . . . . . . . . . .3-115, 3-178 FCOM instruction . . . . . . . . . . . . . . . . . . . . . 3-180 FCOMI instruction. . . . . . . . . . . . . . . .3-115, 3-183 FCOMIP instruction . . . . . . . . . . . . . . . . . . . 3-183 FCOMP instruction . . . . . . . . . . . . . . . . . . . . 3-180 FCOMPP instruction. . . . . . . . . . . . . . . . . . . 3-180 FCOS instruction . . . . . . . . . . . . . . . . . . . . . 3-186 FDECSTP instruction . . . . . . . . . . . . . . . . . . 3-188 FDIV instruction . . . . . . . . . . . . . . . . . . . . . . 3-189 FDIVP instruction . . . . . . . . . . . . . . . . . . . . . 3-189 FDIVR instruction . . . . . . . . . . . . . . . . . . . . . 3-193

E
EDI register . . . . . . . . . 3-87, 3-629, 3-663, 3-668 Effective address . . . . . . . . . . . . . . . . . . . . . .3-353 EFLAGS register condition codes. . . . . . . . . . 3-73, 3-178, 3-183 flags affected by instructions . . . . . . . . . . .3-11 loading . . . . . . . . . . . . . . . . . . . . . . . . . . .3-341 popping . . . . . . . . . . . . . . . . . . . . . . . . . . .3-538 popping on return from interrupt . . . . . . . .3-321 pushing . . . . . . . . . . . . . . . . . . . . . . . . . . .3-587 pushing on interrupts . . . . . . . . . . . . . . . .3-306 saving . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-621 status flags . . . . . . . 3-76, 3-330, 3-632, 3-688 EIP register . . . . . . . . . 3-53, 3-306, 3-321, 3-333 EMMS instruction . . . . . . . . . . . . . . . . . . . . . .3-156 Encoding floating-point instruction formats. . . . . . . . B-36 formats and encodings . . . . . . . . . . . . . . . B-27 granularity field . . . . . . . . . . . . . . . . . . . . . B-19 instruction prefixes . . . . . . . . . . . . . . . . . . B-24

INDEX-2

INDEX

FDIVRP instruction. . . . . . . . . . . . . . . . . . . . .3-193 Feature information, processor . . . . . . . . . . .3-111 FFREE instruction . . . . . . . . . . . . . . . . . . . . .3-197 FIADD instruction . . . . . . . . . . . . . . . . . . . . . .3-165 FICOM instruction . . . . . . . . . . . . . . . . . . . . .3-198 FICOMP instruction . . . . . . . . . . . . . . . . . . . .3-198 FIDIV instruction. . . . . . . . . . . . . . . . . . . . . . .3-189 FIDIVR instruction . . . . . . . . . . . . . . . . . . . . .3-193 FILD instruction . . . . . . . . . . . . . . . . . . . . . . .3-200 FIMUL instruction . . . . . . . . . . . . . . . . . . . . . .3-216 FINCSTP instruction . . . . . . . . . . . . . . . . . . .3-202 FINIT instruction. . . . . . . . . . . . . . . . . 3-203, 3-235 FIST instruction . . . . . . . . . . . . . . . . . . . . . . .3-205 FISTP instruction . . . . . . . . . . . . . . . . . . . . . .3-205 FISUB instruction . . . . . . . . . . . . . . . . . . . . . .3-257 FISUBR instruction. . . . . . . . . . . . . . . . . . . . .3-261 FLD instruction . . . . . . . . . . . . . . . . . . . . . . . .3-208 FLD1 instruction . . . . . . . . . . . . . . . . . . . . . . .3-210 FLDCW instruction . . . . . . . . . . . . . . . . . . . . .3-212 FLDENV instruction . . . . . . . . . . . . . . . . . . . .3-214 FLDL2E instruction. . . . . . . . . . . . . . . . . . . . .3-210 FLDL2T instruction. . . . . . . . . . . . . . . . . . . . .3-210 FLDLG2 instruction . . . . . . . . . . . . . . . . . . . .3-210 FLDLN2 instruction . . . . . . . . . . . . . . . . . . . .3-210 FLDPI instruction . . . . . . . . . . . . . . . . . . . . . .3-210 FLDZ instruction. . . . . . . . . . . . . . . . . . . . . . .3-210 Floating-point exceptions . . . . . . . . . . . . . . . . .3-14 list, including mnemonics . . . . . . . . . . . . . .3-14 Streaming SIMD Extensions. . . . . . . . . . . .3-14 Flushing caches . . . . . . . . . . . . . . . . . . . . . 3-318, 3-708 TLB entry . . . . . . . . . . . . . . . . . . . . . . . . .3-320 FMUL instruction . . . . . . . . . . . . . . . . . . . . . .3-216 FMULP instruction . . . . . . . . . . . . . . . . . . . . .3-216 FNCLEX instruction . . . . . . . . . . . . . . . . . . . .3-176 FNINIT instruction . . . . . . . . . . . . . . . . . . . . .3-203 FNOP instruction . . . . . . . . . . . . . . . . . . . . . .3-220 FNSAVE instruction . . . . . . . . . . . . . . 3-232, 3-235 FNSTCW instruction . . . . . . . . . . . . . . . . . . .3-249 FNSTENV instruction . . . . . . . . . . . . . 3-214, 3-251 FNSTSW instruction. . . . . . . . . . . . . . . . . . . .3-254 Formats (see Encodings) FPATAN instruction . . . . . . . . . . . . . . . . . . . .3-221 FPREM instruction . . . . . . . . . . . . . . . . . . . . .3-223 FPREM1 instruction . . . . . . . . . . . . . . . . . . . .3-226 FPTAN instruction . . . . . . . . . . . . . . . . . . . . .3-229 FPU checking for pending FPU exceptions . . .3-707 constants . . . . . . . . . . . . . . . . . . . . . . . . .3-210 existence of. . . . . . . . . . . . . . . . . . . . . . . .3-114 initialization . . . . . . . . . . . . . . . . . . . . . . . .3-203 FPU control word loading . . . . . . . . . . . . . . . . . . . . . 3-212, 3-214 RC field . . . . . . . . . . . . . . . 3-206, 3-210, 3-246 restoring . . . . . . . . . . . . . . . . . . . . . . . . . .3-232 saving . . . . . . . . . . . . . . . . . . . . . . 3-235, 3-251 storing . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-249 FPU data pointer . . . . 3-214, 3-232, 3-235, 3-251

FPU flag, CPUID instruction . . . . . . . . . . . . . 3-114 FPU instruction pointer 3-214, 3-232, 3-235, 3-251 FPU last opcode . . . . . 3-214, 3-232, 3-235, 3-251 FPU status word condition code flags . . . . 3-180 , 3-198, 3-265, 3-267, 3-271 FPU flags affected by instructions. . . . . . . 3-12 loading. . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214 restoring . . . . . . . . . . . . . . . . . . . . . . . . . 3-232 saving . . . . . . . . . . . . . . . . 3-235, 3-251, 3-254 TOP field . . . . . . . . . . . . . . . . . . . . . . . . . 3-202 FPU tag word . . . . . . . 3-214, 3-232, 3-235, 3-251 FRNDINT instruction . . . . . . . . . . . . . . . . . . 3-231 FRSTOR instruction . . . . . . . . . . . . . . . . . . . 3-232 FS register . . . . . . . . . . . . . . . . . . . . . . . . . . 3-349 FS segment override prefix . . . . . . . . . . . . . . . 2-2 FSAVE instruction . . . . . . . . . . . . . . .3-232, 3-235 FSCALE instruction . . . . . . . . . . . . . . . . . . . 3-238 FSIN instruction . . . . . . . . . . . . . . . . . . . . . . 3-240 FSINCOS instruction . . . . . . . . . . . . . . . . . . 3-242 FSQRT instruction . . . . . . . . . . . . . . . . . . . . 3-244 FST instruction . . . . . . . . . . . . . . . . . . . . . . . 3-246 FSTCW instruction . . . . . . . . . . . . . . . . . . . . 3-249 FSTENV instruction . . . . . . . . . . . . . . . . . . . 3-251 FSTP instruction . . . . . . . . . . . . . . . . . . . . . . 3-246 FSTSW instruction . . . . . . . . . . . . . . . . . . . . 3-254 FSUB instruction. . . . . . . . . . . . . . . . . . . . . . 3-257 FSUBP instruction . . . . . . . . . . . . . . . . . . . . 3-257 FSUBR instruction . . . . . . . . . . . . . . . . . . . . 3-261 FSUBRP instruction . . . . . . . . . . . . . . . . . . . 3-261 FTST instruction . . . . . . . . . . . . . . . . . . . . . . 3-265 FUCOM instruction . . . . . . . . . . . . . . . . . . . . 3-267 FUCOMI instruction . . . . . . . . . . . . . . . . . . . 3-183 FUCOMIP instruction . . . . . . . . . . . . . . . . . . 3-183 FUCOMP instruction. . . . . . . . . . . . . . . . . . . 3-267 FUCOMPP instruction . . . . . . . . . . . . . . . . . 3-267 FWAIT instruction . . . . . . . . . . . . . . . .3-270, 3-707 FXAM instruction . . . . . . . . . . . . . . . . . . . . . 3-271 FXCH instruction . . . . . . . . . . . . . . . . . . . . . 3-273 FXRSTOR instruction . . . . . . . . . . . . . . . . . . 3-275 FXSAVE instruction . . . . . . . . . . . . . . . . . . . 3-279 FXSR flag, CPUID instruction. . . . . . . . . . . . 3-115 FXTRACT instruction . . . . . . . . . . . . .3-238, 3-285 FYL2X instruction . . . . . . . . . . . . . . . . . . . . . 3-287 FYL2XP1 instruction. . . . . . . . . . . . . . . . . . . 3-289

G
GDT (global descriptor table) . . . . . . .3-359, 3-362 GDTR (global descriptor table register) . . . . 3-359, 3-636 General-purpose registers MMX registers . . . . . . . . . . . . . . . . . . . . . . B-19 moving value to and from . . . . . . . . . . . . 3-402 popping all. . . . . . . . . . . . . . . . . . . . . . . . 3-536 pushing all . . . . . . . . . . . . . . . . . . . . . . . . 3-584 GS register . . . . . . . . . . . . . . . . . . . . . . . . . . 3-349 GS segment override prefix . . . . . . . . . . . . . . . 2-2

INDEX-3

INDEX

H
Hexadecimal numbers . . . . . . . . . . . . . . . . . . . .1-7 HLT instruction . . . . . . . . . . . . . . . . . . . . . . . .3-291

I
IDIV instruction. . . . . . . . . . . . . . . . . . . . . . . .3-292 IDT (interrupt descriptor table) . . . . . . 3-307, 3-359 IDTR (interrupt descriptor table register) . . . 3-359, 3-636 IF (interrupt enable) flag, EFLAGS register . . 3-68, 3-664 Immediate operands . . . . . . . . . . . . . . . . . . . . .2-3 IMUL instruction . . . . . . . . . . . . . . . . . . . . . . .3-295 IN instruction . . . . . . . . . . . . . . . . . . . . . . . . .3-299 INC instruction . . . . . . . . . . . . . . . . . . 3-301, 3-367 Index (operand addressing) . . . . . . . . . . . . . . . .2-3 Initialization FPU . . . . . . . . . . . . . . . . . . . . . .3-203 Input/output (see I/O) INS instruction . . . . . . . . . . . . . . . . . . 3-303, 3-605 INSB instruction . . . . . . . . . . . . . . . . . . . . . . .3-303 INSD instruction . . . . . . . . . . . . . . . . . . . . . . .3-303 Instruction format base field . . . . . . . . . . . . . . . . . . . . . . . . . . .2-3 description of reference information . . . . . . .3-1 displacement. . . . . . . . . . . . . . . . . . . . . . . . .2-3 illustration . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1 immediate . . . . . . . . . . . . . . . . . . . . . . . . . . .2-3 index field . . . . . . . . . . . . . . . . . . . . . . . . . . .2-3 Mod field . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2 ModR/M byte . . . . . . . . . . . . . . . . . . . . . . . .2-2 opcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2 prefixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1 reg/opcode field . . . . . . . . . . . . . . . . . . . . . .2-2 r/m field . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2 scale field . . . . . . . . . . . . . . . . . . . . . . . . . . .2-3 SIB byte . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2 Instruction formats and encodings . . . . . . . . . . B-1 Instruction operands. . . . . . . . . . . . . . . . . . . . . .1-7 Instruction prefixes (see Prefixes) Instruction reference, nomenclature. . . . . . . . . .3-1 Instruction set reference. . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1 string instructions . . 3-87, 3-303, 3-369, 3-435, 3-465, 3-668 INSW instruction . . . . . . . . . . . . . . . . . . . . . .3-303 INT 3 instruction . . . . . . . . . . . . . . . . . . . . . . .3-306 INT3 instruction . . . . . . . . . . . . . . . . . . . . . . .3-306 Integer instruction encodings . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 Integer storing, FPU data type . . . . . . . . . . . .3-205 Inter-privilege level call, CALL instruction . . . .3-53 Inter-privilege level return, RET instruction . .3-608 Interrupts interrupt vector 4. . . . . . . . . . . . . . . . . . . .3-306 returning from . . . . . . . . . . . . . . . . . . . . . .3-321 software . . . . . . . . . . . . . . . . . . . . . . . . . .3-306

INTn instruction . . . . . . . . . . . . . . . . . . . . . . 3-306 INTO instruction . . . . . . . . . . . . . . . . . . . . . . 3-306 Intrinsics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1, C-1 INVD instruction . . . . . . . . . . . . . . . . . . . . . . 3-318 INVLPG instruction . . . . . . . . . . . . . . . . . . . . 3-320 IOPL (I/O privilege level) field, EFLAGS register . . . 3-68, 3-587, 3-664 IRET instruction . . . . . . . . . . . . . . . . . . . . . . 3-321 IRETD instruction . . . . . . . . . . . . . . . . . . . . . 3-321 I/O privilege level (see IOPL)

J
Jcc instructions . . . . . . . . . . . . . . . . . . . . . . . 3-329 JMP instruction . . . . . . . . . . . . . . . . . . . . . . . 3-333 Jump operation. . . . . . . . . . . . . . . . . . . . . . . 3-333

L
LAHF instruction . . . . . . . . . . . . . . . . . . . . . . 3-341 LAR instruction . . . . . . . . . . . . . . . . . . . . . . . 3-342 LDMXCSR instruction. . . . . . . . . . . . . . . . . . 3-345 LDS instruction . . . . . . . . . . . . . . . . . . . . . . . 3-349 LDT (local descriptor table) . . . . . . . . . . . . . 3-362 LDTR (local descriptor table register).3-362, 3-652 LEA instruction . . . . . . . . . . . . . . . . . . . . . . . 3-353 LEAVE instruction. . . . . . . . . . . . . . . . . . . . . 3-355 LES instruction . . . . . . . . . . . . . . . . . .3-349, 3-357 LFS instruction . . . . . . . . . . . . . . . . . .3-349, 3-358 LGDT instruction. . . . . . . . . . . . . . . . . . . . . . 3-359 LGS instruction . . . . . . . . . . . . . . . . . .3-349, 3-361 LIDT instruction . . . . . . . . . . . . . . . . .3-359, 3-364 LLDT instruction . . . . . . . . . . . . . . . . . . . . . . 3-362 LMSW instruction . . . . . . . . . . . . . . . . . . . . . 3-365 Load effective address operation . . . . . . . . . 3-353 LOCK prefix2-1, 3-100, 3-102, 3-367, 3-712, 3-714 Locking operation . . . . . . . . . . . . . . . . . . . . . 3-367 LODS instruction . . . . . . . . . . . . . . . .3-369, 3-605 LODSB instruction . . . . . . . . . . . . . . . . . . . . 3-369 LODSD instruction . . . . . . . . . . . . . . . . . . . . 3-369 LODSW instruction . . . . . . . . . . . . . . . . . . . . 3-369 Log epsilon, FPU operation . . . . . . . . . . . . . 3-287 Log (base 2), FPU operation . . . . . . . . . . . . 3-289 LOOP instruction . . . . . . . . . . . . . . . . . . . . . 3-372 LOOPcc instructions. . . . . . . . . . . . . . . . . . . 3-372 LSL instruction . . . . . . . . . . . . . . . . . . . . . . . 3-375 LSS instruction . . . . . . . . . . . . . . . . . .3-349, 3-379 LTR instruction . . . . . . . . . . . . . . . . . . . . . . . 3-380

M
Machine Check Architecture flag, CPUID instruction. . . . . . . . . . . . . 3-115 Machine Check Exception) flag, CPUID instruction. . . . . . . . . . . . . 3-114 Machine instruction encoding and format condition test field . . . . . . . . . . . . . . . . . . . . B-5 direction bit . . . . . . . . . . . . . . . . . . . . . . . . . B-5

INDEX-4

INDEX

operand size bit . . . . . . . . . . . . . . . . . . . . . B-3 reg field . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2 segment register field . . . . . . . . . . . . . . . . . B-4 sign extend bit. . . . . . . . . . . . . . . . . . . . . . . B-3 Machine status word, CR0 register . . 3-365, 3-654 MASKMOVQ instruction. . . . . . . . . . . . . . . . .3-382 MAXPS instruction . . . . . . . . . . . . . . . . . . . . .3-386 MAXSS instruction . . . . . . . . . . . . . . . . . . . . .3-390 MCA flag, CPUID instruction . . . . . . . . . . . . .3-115 MCE flag, CPUID instruction . . . . . . . . . . . . .3-114 Memory Type Range Registers flag, CPUID instruction . . . . . . . . . . . . .3-115 MINPS instruction . . . . . . . . . . . . . . . . . . . . .3-394 MINSS instruction . . . . . . . . . . . . . . . . . . . . .3-398 MMX instruction formats and encodings . . . . . . . . . . . . . . . B-19 general-purpose register fields . . . . . . . . . B-19 granularity field . . . . . . . . . . . . . . . . . . . . . B-19 MMXtm Technology flag, CPUID instruction . . . . . . . . . . . . . . .3-115 Mod field, instruction format . . . . . . . . . . . . . . . .2-2 ModR/M byte 16-bit addressing forms . . . . . . . . . . . . . . . .2-5 32-bit addressing forms . . . . . . . . . . . . . . . .2-6 description . . . . . . . . . . . . . . . . . . . . . . . . . .2-2 format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1 MOV instruction . . . . . . . . . . . . . . . . . . . . . . .3-402 control registers . . . . . . . . . . . . . . . . . . . .3-407 debug registers . . . . . . . . . . . . . . . . . . . . .3-409 MOVAPS instruction . . . . . . . . . . . . . . . . . . .3-411 MOVD instruction . . . . . . . . . . . . . . . . . . . . . .3-414 MOVHLPS instruction . . . . . . . . . . . . . . . . . .3-417 MOVHPS instruction . . . . . . . . . . . . . . . . . . .3-419 MOVLHPS instruction . . . . . . . . . . . . . . . . . .3-422 MOVLPS instruction. . . . . . . . . . . . . . . . . . . .3-424 MOVMSKPS instruction . . . . . . . . . . . . . . . . .3-427 MOVNTPS instruction . . . . . . . . . . . . . . . . . .3-429 MOVNTQ instruction . . . . . . . . . . . . . . . . . . .3-431 MOVQ instruction. . . . . . . . . . . . . . . . . . . . . .3-433 MOVS instruction . . . . . . . . . . . . . . . . 3-435, 3-605 MOVSB instruction. . . . . . . . . . . . . . . . . . . . .3-435 MOVSD instruction. . . . . . . . . . . . . . . . . . . . .3-435 MOVSS instruction. . . . . . . . . . . . . . . . . . . . .3-438 MOVSW instruction . . . . . . . . . . . . . . . . . . . .3-435 MOVSX instruction. . . . . . . . . . . . . . . . . . . . .3-441 MOVUPS instruction . . . . . . . . . . . . . . . . . . .3-443 MOVZX instruction . . . . . . . . . . . . . . . . . . . . .3-446 MSR flag, CPUID instruction . . . . . . . . . . . . .3-114 MSRs (model specific registers) existence of. . . . . . . . . . . . . . . . . . . . . . . .3-114 reading . . . . . . . . . . . . . . . . . . . . . . . . . . .3-600 writing . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-710 MTRRs flag, CPUID instruction . . . . . . . . . . .3-115 MUL instruction . . . . . . . . . . . . . . . . . 3-448, 3-681 MULPS instruction . . . . . . . . . . . . . . . . . . . . .3-450 MULSS instruction . . . . . . . . . . . . . . . . . . . . .3-452

N
NaN testing for . . . . . . . . . . . . . . . . . . . . . . . . 3-265 Near call, CALL instruction . . . . . . . . . . . . . . . 3-53 Near return, RET instruction. . . . . . . . . . . . . 3-608 NEG instruction . . . . . . . . . . . . . . . . .3-367, 3-454 Nonconforming code segment . . . . . . . . . . . 3-337 NOP instruction . . . . . . . . . . . . . . . . . . . . . . 3-456 NOT instruction. . . . . . . . . . . . . . . . . .3-367, 3-457 Notation bit and byte order . . . . . . . . . . . . . . . . . . . . 1-5 exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 hexadecimal and binary numbers . . . . . . . . 1-7 instruction operands . . . . . . . . . . . . . . . . . . 1-7 reserved bits . . . . . . . . . . . . . . . . . . . . . . . . 1-6 segmented addressing . . . . . . . . . . . . . . . . 1-7 Notational conventions . . . . . . . . . . . . . . . . . . . 1-5 NT (nested task) flag, EFLAGS register . . . . 3-321 Numeric overflow exception . . . . . . . . . . . . . . 3-14 Numeric underflow exception . . . . . . . . . . . . . 3-14

O
OF (carry) flag, EFLAGS register . . . . . . . . . 3-296 OF (overflow) flag, EFLAGS register . . 3-21, 3-23, 3-306, 3-448, 3-627, 3-640, 3-643, 3-673 Opcode escape instructions . . . . . . . . . . . . . . . . . . A-12 format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Opcode extensions description. . . . . . . . . . . . . . . . . . . . . . . . . A-10 table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-11 Opcode integer instructions one-byte . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4 one-byte opcode map . . . . . . . . . . . . . A-6, A-7 two-byte. . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4 two-byte opcode map . . . . . . . . . . . . . A-8, A-9 Opcode key abbreviations . . . . . . . . . . . . . . . . A-1 Operand instruction . . . . . . . . . . . . . . . . . . . . . 1-7 Operand-size override prefix . . . . . . . . . . . . . . 2-2 OR instruction. . . . . . . . . . . . . . . . . . .3-367, 3-459 ORPS instruction . . . . . . . . . . . . . . . . . . . . . 3-461 OUT instruction. . . . . . . . . . . . . . . . . . . . . . . 3-463 OUTS instruction . . . . . . . . . . . . . . . .3-465, 3-605 OUTSB instruction . . . . . . . . . . . . . . . . . . . . 3-465 OUTSD instruction . . . . . . . . . . . . . . . . . . . . 3-465 OUTSW instruction. . . . . . . . . . . . . . . . . . . . 3-465 Overflow exception (#OF). . . . . . . . . . . . . . . 3-306 Overflow, FPU exception (see Numeric overflow exception)

P
PACKSSDW instruction . . . . . . . . . . . . . . . . 3-469 PACKSSWB instruction . . . . . . . . . . . . . . . . 3-469

INDEX-5

INDEX

PACKUSWB instruction . . . . . . . . . . . . . . . . .3-472 PADDB instruction . . . . . . . . . . . . . . . . . . . . .3-475 PADDD instruction . . . . . . . . . . . . . . . . . . . . .3-475 PADDSB instruction . . . . . . . . . . . . . . . . . . . .3-479 PADDSW instruction . . . . . . . . . . . . . . . . . . .3-479 PADDUSB instruction . . . . . . . . . . . . . . . . . .3-482 PADDUSW instruction . . . . . . . . . . . . . . . . . .3-482 PADDW instruction . . . . . . . . . . . . . . . . . . . .3-475 PAE flag, CPUID instruction. . . . . . . . . . . . . .3-114 Page Attribute Table flag, CPUID instruction .3-115 Page Size Extensions) flag, CPUID instruction . . . . . . . . . . . . .3-114 Page-table-entry global flag, CPUID instruction . . . . . . . . . . . . .3-115 PAND instruction . . . . . . . . . . . . . . . . . . . . . .3-485 PANDN instruction . . . . . . . . . . . . . . . . . . . . .3-487 PAT flag, CPUID instruction. . . . . . . . . . . . . .3-115 PAVGB instruction . . . . . . . . . . . . . . . . . . . . .3-489 PAVGW instruction . . . . . . . . . . . . . . . . . . . .3-489 PCMPEQB instruction . . . . . . . . . . . . . . . . . .3-493 PCMPEQD instruction . . . . . . . . . . . . . . . . . .3-493 PCMPEQW instruction. . . . . . . . . . . . . . . . . .3-493 PCMPGTB instruction . . . . . . . . . . . . . . . . . .3-497 PCMPGTD instruction . . . . . . . . . . . . . . . . . .3-497 PCMPGTW instruction . . . . . . . . . . . . . . . . . .3-497 PE flag, CR0 register . . . . . . . . . . . . . . . . . . .3-365 Performance-monitoring counters, reading . .3-602 PEXTRW instruction . . . . . . . . . . . . . . . . . . .3-501 PGE flag, CPUID instruction . . . . . . . . . . . . .3-115 Physical Address Extension flag, CPUID instruction . . . . . . . . . . . . .3-114 PINSRW instruction . . . . . . . . . . . . . . . . . . . .3-503 Pi,loading . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-210 PMADDWD instruction. . . . . . . . . . . . . . . . . .3-505 PMAXSW instruction . . . . . . . . . . . . . . . . . . .3-508 PMAXUB instruction. . . . . . . . . . . . . . . . . . . .3-511 PMINSW instruction . . . . . . . . . . . . . . . . . . . .3-514 PMINUB instruction . . . . . . . . . . . . . . . . . . . .3-517 PMOVMSKB instruction . . . . . . . . . . . . . . . . .3-520 PMULHUW instruction . . . . . . . . . . . . . . . . . .3-522 PMULHW instruction . . . . . . . . . . . . . . . . . . .3-525 PMULLW instruction . . . . . . . . . . . . . . . . . . .3-528 PN flag, CPUID instruction. . . . . . . . . . . . . . .3-115 POP instruction . . . . . . . . . . . . . . . . . . . . . . .3-531 POPA instruction . . . . . . . . . . . . . . . . . . . . . .3-536 POPAD instruction . . . . . . . . . . . . . . . . . . . . .3-536 POPF instruction . . . . . . . . . . . . . . . . . . . . . .3-538 POPFD instruction . . . . . . . . . . . . . . . . . . . . .3-538 POR instruction . . . . . . . . . . . . . . . . . . . . . . .3-541 PREFETCH instruction . . . . . . . . . . . . . . . . .3-543 Prefixes address size override . . . . . . . . . . . . . . . . . .2-2 instruction, description . . . . . . . . . . . . . . . . .2-1 LOCK . . . . . . . . . . . . . . . . . . . . . . . . 2-1, 3-367 operand-size override . . . . . . . . . . . . . . . . . .2-2 REP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-605 REPE . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-605 repeat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1

REPNE . . . . . . . . . . . . . . . . . . . . . . . . . . 3-605 REPNZ . . . . . . . . . . . . . . . . . . . . . . . . . . 3-605 REPZ. . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-605 segment override . . . . . . . . . . . . . . . . . . . . 2-2 Procedure stack, pushing values on. . . . . . . 3-581 Processor Number flag, CPUID instruction . 3-115 Protection Enable flag, CR0 register . . . . . . 3-365 PSADBW instruction. . . . . . . . . . . . . . . . . . . 3-545 PSE flag, CPUID instruction . . . . . . . . . . . . . 3-114 PSE-36 flag, CPUID instruction . . . . . . . . . . 3-115 PSHUFW instruction. . . . . . . . . . . . . . . . . . . 3-548 PSLLD instruction. . . . . . . . . . . . . . . . . . . . . 3-550 PSLLQ instruction. . . . . . . . . . . . . . . . . . . . . 3-550 PSLLW instruction . . . . . . . . . . . . . . . . . . . . 3-550 PSRAD instruction . . . . . . . . . . . . . . . . . . . . 3-555 PSRAW instruction . . . . . . . . . . . . . . . . . . . . 3-555 PSRLD instruction . . . . . . . . . . . . . . . . . . . . 3-558 PSRLQ instruction . . . . . . . . . . . . . . . . . . . . 3-558 PSRLW instruction . . . . . . . . . . . . . . . . . . . . 3-558 PSUBB instruction . . . . . . . . . . . . . . . . . . . . 3-563 PSUBD instruction . . . . . . . . . . . . . . . . . . . . 3-563 PSUBSB instruction . . . . . . . . . . . . . . . . . . . 3-567 PSUBSW instruction. . . . . . . . . . . . . . . . . . . 3-567 PSUBUSB instruction . . . . . . . . . . . . . . . . . . 3-570 PSUBUSW instruction . . . . . . . . . . . . . . . . . 3-570 PSUBW instruction . . . . . . . . . . . . . . . . . . . . 3-563 PUNPCKHBW instruction. . . . . . . . . . . . . . . 3-573 PUNPCKHDQ instruction . . . . . . . . . . . . . . . 3-573 PUNPCKHWD instruction. . . . . . . . . . . . . . . 3-573 PUNPCKLBW instruction . . . . . . . . . . . . . . . 3-577 PUNPCKLDQ instruction . . . . . . . . . . . . . . . 3-577 PUNPCKLWD instruction . . . . . . . . . . . . . . . 3-577 PUSH instruction . . . . . . . . . . . . . . . . . . . . . 3-581 PUSHA instruction . . . . . . . . . . . . . . . . . . . . 3-584 PUSHAD instruction . . . . . . . . . . . . . . . . . . . 3-584 PUSHF instruction . . . . . . . . . . . . . . . . . . . . 3-587 PUSHFD instruction . . . . . . . . . . . . . . . . . . . 3-587 PXOR instruction . . . . . . . . . . . . . . . . . . . . . 3-589

Q
QNaN . . . . . . . . . . . . . . . . . . . . . 3-82, 3-91, 3-171 Quiet NaN (see QNaN)

R
RC (rounding control) field, FPU control word . . 3-206, 3-210, 3-246 RCL instruction . . . . . . . . . . . . . . . . . . . . . . . 3-591 RCPPS instruction . . . . . . . . . . . . . . . . . . . . 3-596 RCPSS instruction . . . . . . . . . . . . . . . . . . . . 3-598 RCR instruction . . . . . . . . . . . . . . . . . . . . . . 3-591 RDMSR instruction . . . . . . . . . 3-114, 3-600, 3-604 RDPMC instruction . . . . . . . . . . . . . . . . . . . . 3-602 RDTSC instruction . . . . . . . . . . . . . . .3-114, 3-604 Reg/opcode field, instruction format . . . . . . . . . 2-2 Related Literature . . . . . . . . . . . . . . . . . . . . . . . 1-9

INDEX-6

INDEX

Remainder, FPU operation . . . . . . . . 3-223, 3-226 REP prefix . . . . . . . . . . . . . . . . . . . . . . 3-88, 3-605 REPE prefix . . . . . . . . . . . . . . . . . . . . . 3-88, 3-605 REPNE prefix . . . . . . . . . . . . . . . . . . . . 3-88, 3-605 REPNZ prefix . . . . . . . . . . . . . . . . . . . . 3-88, 3-605 REPZ prefix . . . . . . . . . . . . . . . . . . . . . 3-88, 3-605 REP/REPE/REPZ/REPNE/REPNZ prefixes . . . . . . . . . . . 2-1, 3-304, 3-466 Reserved bits . . . . . . . . . . . . . . . . . . . . . . . . . . .1-6 RET instruction. . . . . . . . . . . . . . . . . . . . . . . .3-608 ROL instruction . . . . . . . . . . . . . . . . . 3-591, 3-615 ROR instruction . . . . . . . . . . . . . . . . . 3-591, 3-615 Rotate operation. . . . . . . . . . . . . . . . . . . . . . .3-591 Round to integer, FPU operation . . . . . . . . . .3-231 RPL field. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-36 RSM instruction . . . . . . . . . . . . . . . . . . . . . . .3-616 RSQRTPS instruction . . . . . . . . . . . . . . . . . .3-617 RSQRTSS instruction . . . . . . . . . . . . . . . . . .3-619 R/m field, instruction format . . . . . . . . . . . . . . . .2-2

S
SAHF instruction . . . . . . . . . . . . . . . . . . . . . .3-621 SAL instruction . . . . . . . . . . . . . . . . . . . . . . . .3-622 SAR instruction . . . . . . . . . . . . . . . . . . . . . . .3-622 SBB instruction. . . . . . . . . . . . . . . . . . 3-367, 3-627 Scale (operand addressing) . . . . . . . . . . . . . . . .2-3 Scale, FPU operation . . . . . . . . . . . . . . . . . . .3-238 SCAS instruction . . . . . . . . . . . . . . . . 3-605, 3-629 SCASB instruction . . . . . . . . . . . . . . . . . . . . .3-629 SCASD instruction . . . . . . . . . . . . . . . . . . . . .3-629 SCASW instruction. . . . . . . . . . . . . . . . . . . . .3-629 Segment descriptor, segment limit. . . . . . . . .3-375 Segment limit . . . . . . . . . . . . . . . . . . . . . . . . .3-375 Segment override prefixes . . . . . . . . . . . . . . . . .2-2 Segment registers, moving values to and from. . . . . . . . . . . . . . . . . . .3-402 Segment selector, RPL field. . . . . . . . . . . . . . .3-36 Segmented addressing . . . . . . . . . . . . . . . . . . .1-7 SEP flag, CPUID instruction. . . . . . . . . . . . . .3-115 SETcc instructions . . . . . . . . . . . . . . . . . . . . .3-632 SF (sign) flag, EFLAGS register. . . . . . . 3-21, 3-23 SFENCE instruction . . . . . . . . . . . . . . . . . . . .3-634 SGDT instruction . . . . . . . . . . . . . . . . . . . . . .3-636 SHL instruction. . . . . . . . . . . . . . . . . . 3-622, 3-639 SHLD instruction . . . . . . . . . . . . . . . . . . . . . .3-640 SHR instruction . . . . . . . . . . . . . . . . . 3-622, 3-639 SHRD instruction . . . . . . . . . . . . . . . . . . . . . .3-643 SHUFPS instruction . . . . . . . . . . . . . . . . . . . .3-646 SIB byte 32-bit addressing forms . . . . . . . . . . . . . . . .2-7 description . . . . . . . . . . . . . . . . . . . . . . . . . .2-2 format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1 SIDT instruction . . . . . . . . . . . . . . . . . 3-636, 3-651 Signaling NaN (see SNaN) Significan, extracting . . . . . . . . . . . . . . . . . . .3-285 SIMD floating-point exceptions (See Floating-point exceptions) Sine, FPU operation. . . . . . . . . . . . . . 3-240, 3-242 SLDT instruction. . . . . . . . . . . . . . . . . . . . . . .3-652

SMSW instruction . . . . . . . . . . . . . . . . . . . . . 3-654 SNaN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-82 SQRTPS instruction . . . . . . . . . . . . . . . . . . . 3-656 SQRTSS instruction . . . . . . . . . . . . . . . . . . . 3-659 Square root, FPU operation . . . . . . . . . . . . . 3-244 SS register . . . . . . . . . . . . . . . 3-349, 3-403, 3-532 SS segment override prefix . . . . . . . . . . . . . . . 2-2 Stack (see Procedure stack) Status flags, EFLAGS register . 3-73, 3-76, 3-178, 3-183, 3-330, 3-632, 3-688 STC instruction . . . . . . . . . . . . . . . . . . . . . . . 3-662 STD instruction . . . . . . . . . . . . . . . . . . . . . . . 3-663 STI instruction. . . . . . . . . . . . . . . . . . . . . . . . 3-664 STMXCSR instruction. . . . . . . . . . . . . . . . . . 3-666 STOS instruction . . . . . . . . . . . . . . . .3-605, 3-668 STOSB instruction . . . . . . . . . . . . . . . . . . . . 3-668 STOSD instruction . . . . . . . . . . . . . . . . . . . . 3-668 STOSW instruction . . . . . . . . . . . . . . . . . . . . 3-668 STR instruction . . . . . . . . . . . . . . . . . . . . . . . 3-671 Streaming SIMD Extensions CPUID instruction flag. . . . . . . . . . . . . . . 3-115 encoding SIMD floating-point register field B-27 encoding SIMD-integer register field. . . . . B-34 encoding Streaming SIMD Extensions cacheability control register field . . . . . B-35 formats and encodings . . . . . . . . . . . . . . . B-27 formats and encodings table . . . . . . . . . . . B-24 instruction prefixes . . . . . . . . . . . . . B-24, B-25 instruction prefixes, cacheability control instruction behavior . . . . . . . . . . . . . . . B-25 notations . . . . . . . . . . . . . . . . . . . . . . . . . . B-26 SIMD integer instruction behavior . . . . . . . B-25 String operations . . . . . . . . . . 3-87, 3-303, 3-369, 3-435, 3-465, 3-668 SUB instruction. . . . . . 3-145, 3-367, 3-673, 3-685 SUBPS instruction . . . . . . . . . . . . . . . . . . . . 3-675 SUBSS instruction . . . . . . . . . . . . . . . . . . . . 3-678 SYSENTER instruction. . . . . . . . . . . . . . . . . 3-681 SYSEXIT instruction . . . . . . . . . . . . . . . . . . . 3-685

T
Tangent, FPU operation . . . . . . . . . . . . . . . . 3-229 Task gate . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-338 Task register loading. . . . . . . . . . . . . . . . . . . . . . . . . . . 3-380 storing . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-671 Task state segment (see TSS) Task switch return from nested task, IRET instruction 3-321 Task switch, CALL instruction . . . . . . . . . . . . 3-53 TEST instruction . . . . . . . . . . . . . . . . . . . . . . 3-688 Time Stamp Counter flag, CPUID instruction 3-114 Time-stamp counter, reading . . . . . . . . . . . . 3-604 TLB entry, invalidating (flushing) . . . . . . . . . 3-320 TS (task switched) flag, CR0 register . . . . . . . 3-70 TSC flag, CPUID instruction . . . . . . . . . . . . . 3-114 TSD flag, CR4 register . . . . . . . . . . . . . . . . . 3-604 TSS, relationship to task register . . . . . . . . . 3-671

INDEX-7

U
UCOMISS instruction . . . . . . . . . . . . . . . . . . .3-690 UD2 instruction. . . . . . . . . . . . . . . . . . . . . . . .3-697 Undefined format opcodes . . . . . . . . . . . . . . .3-265 Underflow, FPU exception (see Numeric underflow exception) Unordered values. . . . 3-180, 3-183, 3-265, 3-267 UNPCKHPS instruction . . . . . . . . . . . . . . . . .3-698 UNPCKLPS instruction . . . . . . . . . . . . . . . . .3-701

V
Vector (see Interrupt vector) Vector (see INTn instruction) VERR instruction . . . . . . . . . . . . . . . . . . . . . .3-704 Version information, processor . . . . . . . . . . .3-111 VERW instruction . . . . . . . . . . . . . . . . . . . . . .3-704 Virtual 8086 Mode Enhancements flag, CPUID instruction . . . . . . . . . . . . .3-114 Virtual 8086 Mode flag, EFLAGS register . . .3-321 VM flag, EFLAGS register . . . . . . . . . . . . . . .3-321 VME flag, CPUID instruction . . . . . . . . . . . . .3-114

W
WAIT instruction. . . . . . . . . . . . . . . . . . . . . . .3-707 WBINVD instruction . . . . . . . . . . . . . . . . . . . .3-708 Write-back and invalidate caches . . . . . . . . .3-708 WRMSR instruction . . . . . . . . . . . . . . 3-114, 3-710

X
XADD instruction . . . . . . . . . . . . . . . . 3-367, 3-712 XCHG instruction . . . . . . . . . . . . . . . . 3-367, 3-714 XLAT instruction. . . . . . . . . . . . . . . . . . . . . . .3-716 XLATB instruction . . . . . . . . . . . . . . . . . . . . .3-716 XMM flag, CPUID instruction . . . . . . . . . . . . .3-115 XOR instruction . . . . . . . . . . . . . . . . . 3-367, 3-718 XORPS instruction . . . . . . . . . . . . . . . . . . . . .3-720

Z
ZF (zero) flag, EFLAGS register . . . 3-100, 3-102, 3-342, 3-372, 3-375, 3-605, 3-704

THE LTSPICE XVII SIMULATOR: Commands and Applications
From Everand
THE LTSPICE XVII SIMULATOR: Commands and Applications
Gilles Brocard
5/5 (1)
CAN and FPGA Communication Engineering: Implementation of a CAN Bus based Measurement System on an FPGA Development Kit
From Everand
CAN and FPGA Communication Engineering: Implementation of a CAN Bus based Measurement System on an FPGA Development Kit
Yu Zhu
No ratings yet
Volume 2 - Instruction Set Reference
No ratings yet
Volume 2 - Instruction Set Reference
966 pages
Intel® 64 and IA-32 Architectures Software Developer's Manual
No ratings yet
Intel® 64 and IA-32 Architectures Software Developer's Manual
806 pages
253666
No ratings yet
253666
848 pages
Intel 64 Architecture 2
No ratings yet
Intel 64 Architecture 2
812 pages
IA32 Arch Vol A
No ratings yet
IA32 Arch Vol A
812 pages
Intel® 64 and IA-32 Architectures Software Developer's Manual
No ratings yet
Intel® 64 and IA-32 Architectures Software Developer's Manual
758 pages
Intel Architecture Software Developer's Manuals, Volume 1: Basic Architecture
100% (3)
Intel Architecture Software Developer's Manuals, Volume 1: Basic Architecture
369 pages
x86 Assembly
No ratings yet
x86 Assembly
100 pages
Assembly Wiki Book
No ratings yet
Assembly Wiki Book
100 pages
Intel 64 and IA-32 Architectures Software Developers Manual - Volume 2A - Instruction Set Reference A-M
No ratings yet
Intel 64 and IA-32 Architectures Software Developers Manual - Volume 2A - Instruction Set Reference A-M
814 pages
Intel Architecture Basics
No ratings yet
Intel Architecture Basics
283 pages
a
No ratings yet
a
2 pages
Assembly Language Programming. MASM & Intel Architecture Documents
100% (1)
Assembly Language Programming. MASM & Intel Architecture Documents
3,824 pages
tc1 6 Architecture Vol1
100% (1)
tc1 6 Architecture Vol1
225 pages
S12XCPUV2
No ratings yet
S12XCPUV2
497 pages
Intel Architecture Software Developer's Manuals, Volume 3: System Programming
No ratings yet
Intel Architecture Software Developer's Manuals, Volume 3: System Programming
658 pages
Book Eum
No ratings yet
Book Eum
452 pages
IA32 Devmanual 97 Vol.3 (24319201)
No ratings yet
IA32 Devmanual 97 Vol.3 (24319201)
584 pages
24547212
No ratings yet
24547212
798 pages
AMD64 Architecture Programmer's Manual Volume 3 General-Purpose and System Instructions
No ratings yet
AMD64 Architecture Programmer's Manual Volume 3 General-Purpose and System Instructions
474 pages
Assembly Book
No ratings yet
Assembly Book
512 pages
Guia Basica de Comandos para Micropeocesadores
No ratings yet
Guia Basica de Comandos para Micropeocesadores
502 pages
DSP65 C Cross-Compiler
No ratings yet
DSP65 C Cross-Compiler
475 pages
SG 246990
No ratings yet
SG 246990
164 pages
Reference Manual: M68HC12 and HCS12 Microcontrollers
No ratings yet
Reference Manual: M68HC12 and HCS12 Microcontrollers
414 pages
21264ev68cb Ev68dc HRM
100% (1)
21264ev68cb Ev68dc HRM
360 pages
Volume 1 - Basic Architecture
No ratings yet
Volume 1 - Basic Architecture
426 pages
pm0223 stm32 Cortexm0 Mcus Programming Manual Stmicroelectronics
No ratings yet
pm0223 stm32 Cortexm0 Mcus Programming Manual Stmicroelectronics
110 pages
Stm32f0xxx Cortexm0 Programming Manual Stmicroelectronics
No ratings yet
Stm32f0xxx Cortexm0 Programming Manual Stmicroelectronics
91 pages
Tasking C196 Manual
No ratings yet
Tasking C196 Manual
389 pages
21264ev6_hrm
No ratings yet
21264ev6_hrm
348 pages
Amd k10
No ratings yet
Amd k10
298 pages
System V Application Binary Interface: AMD64 Architecture Processor Supplement (With LP64 and ILP32 Programming Models)
No ratings yet
System V Application Binary Interface: AMD64 Architecture Processor Supplement (With LP64 and ILP32 Programming Models)
145 pages
Book
No ratings yet
Book
40 pages
Riscv P Ext Proposal Version 0.9.11 Draft 20211209
No ratings yet
Riscv P Ext Proposal Version 0.9.11 Draft 20211209
608 pages
Zilog Z8000 Reference Manual
No ratings yet
Zilog Z8000 Reference Manual
299 pages
dm00104451 Cortexm0 Programming Manual For stm32l0 stm32g0 stm32wl and stm32wb Series Stmicroelectronics PDF
No ratings yet
dm00104451 Cortexm0 Programming Manual For stm32l0 stm32g0 stm32wl and stm32wb Series Stmicroelectronics PDF
110 pages
Computer Architecture and Organization: Lecture Notes
No ratings yet
Computer Architecture and Organization: Lecture Notes
193 pages
ST 20 Programing
No ratings yet
ST 20 Programing
212 pages
TC Reference Guide v2.1
No ratings yet
TC Reference Guide v2.1
605 pages
Arm Book
No ratings yet
Arm Book
164 pages
ARMBook (1)
No ratings yet
ARMBook (1)
164 pages
Motorola PowerPC RISC CPU Reference Manual
No ratings yet
Motorola PowerPC RISC CPU Reference Manual
554 pages
Embedde, D Systems
No ratings yet
Embedde, D Systems
91 pages
HCS12 V1.5 Core User Guide: Original Release Date: 12 May 2000 Revised: 17 August 2000
No ratings yet
HCS12 V1.5 Core User Guide: Original Release Date: 12 May 2000 Revised: 17 August 2000
548 pages
AMD64 Architecture Programmer's Manual - Volume 3 - General-Purpose and System Instructions (24594, r3.25, Dec-2017)
No ratings yet
AMD64 Architecture Programmer's Manual - Volume 3 - General-Purpose and System Instructions (24594, r3.25, Dec-2017)
684 pages
sdccman
No ratings yet
sdccman
137 pages
Embedded Systems
No ratings yet
Embedded Systems
92 pages
Assembler.V2.Alntext V2.00
No ratings yet
Assembler.V2.Alntext V2.00
1,346 pages
SDCC Compiler User Guide
No ratings yet
SDCC Compiler User Guide
128 pages
Smart Card Applications: Design models for using and programming smart cards
From Everand
Smart Card Applications: Design models for using and programming smart cards
Wolfgang Rankl
No ratings yet
Basic Research and Technologies for Two-Stage-to-Orbit Vehicles: Final Report of the Collaborative Research Centres 253, 255 and 259
From Everand
Basic Research and Technologies for Two-Stage-to-Orbit Vehicles: Final Report of the Collaborative Research Centres 253, 255 and 259
Dieter Jacob
No ratings yet
Collapse analysis of externally prestressed structures
From Everand
Collapse analysis of externally prestressed structures
Jens Tandler
No ratings yet
Open Data Structures: An Introduction
From Everand
Open Data Structures: An Introduction
Pat Morin
4/5 (4)
DC/DC Converter Handbook: SMPS topologies from an EMC point of view
From Everand
DC/DC Converter Handbook: SMPS topologies from an EMC point of view
Andreas Nadler
No ratings yet
CNC Machining Handbook: Building, Programming, and Implementation
From Everand
CNC Machining Handbook: Building, Programming, and Implementation
Alan Overby
No ratings yet
Prediction of Burnout: An Artificial Neural Network Approach
From Everand
Prediction of Burnout: An Artificial Neural Network Approach
Felix Ladstätter
No ratings yet
Structural Health Monitoring
From Everand
Structural Health Monitoring
Daniel Balageas
No ratings yet