Michal Ludvig
<
michal@logix.cz
>
Home Page
Humorník
Douglas Adams
Programming and development
Nagios and SNMP scripts
SMTP client
DDNS updater
YubiKey-LDAP
VIA PadLock
VIA VT-310DP pipeline configurator
OpenChrome for OpenSUSE
IPsec-tools
CryptoDev 4 Linux
libfaketime.so
FastCrypt driver
S/MIME decoder
HTML lowercaser
CygProfiler suite
AMD64 registers
CFI for GAS
NetShips
ptrace() demo
XFree86 support for GDB
Etc.
Publications and documents
Linux on AMD64
VIA PadLock - Wicked fast encryption
VIA PadLock - Ďábelsky rychlé šifrování
Jak funguje initramdisk
Linux a 64 bitů
Secure networking
Napište si debugger
AMD64 - AMD Opteron
IPv6 krok za krokem I
IPv6 krok za krokem II
IPv6 krok za krokem III
Sharp Zaurus
Mosix - počítejte rychleji! I
Mosix - počítejte rychleji! II
Mosix - počítejte rychleji! III
What's new in GDB 6.0
Prev:
Customer Support
Next:
Figures
Table of Contents
Intel 80386 Programmer's Reference Manual
About This Manual
Preface
Customer Support
Table of Contents
Figures
Tables
Chapter 1 Introduction to the 80386
1.1 Organization of This Manual
1.1.1 Part I -- Applications Programming
1.1.2 Part II -- Systems Programming
1.1.3 Part III -- Compatibility
1.1.4 Part IV -- Instruction Set
1.1.5 Appendices
1.2 Related Literature
1.3 Notational Conventions
1.3.1 Data-Structure Formats
1.3.2 Undefined Bits and Software Compatibility
1.3.3 Instruction Operands
1.3.4 Hexadecimal Numbers
1.3.5 Sub- and Super-Scripts
Chapter 2 Basic Programming Model
2.1 Memory Organization and Segmentation
2.1.1 The "Flat" Model
2.1.2 The Segmented Model
2.2 Data Types
2.3 Registers
2.3.1 General Registers
2.3.2 Segment Registers
2.3.3 Stack Implementation
2.3.4 Flags Register
2.3.4.1 Status Flags
2.3.4.2 Control Flag
2.3.4.3 Instruction Pointer
2.4 Instruction Format
2.5 Operand Selection
2.5.1 Immediate Operands
2.5.2 Register Operands
2.5.3 Memory Operands
2.5.3.1 Segment Selection
2.5.3.2 Effective-Address Computation
2.6 Interrupts and Exceptions
Chapter 3 Applications Instruction Set
3.1 Data Movement Instructions
3.1.1 General-Purpose Data Movement Instructions
3.1.2 Stack Manipulation Instructions
3.1.3 Type Conversion Instructions
3.2 Binary Arithmetic Instructions
3.2.1 Addition and Subtraction Instructions
3.2.2 Comparison and Sign Change Instruction
3.2.3 Multiplication Instructions
3.2.4 Division Instructions
3.3 Decimal Arithmetic Instructions
3.3.1 Packed BCD Adjustment Instructions
3.3.2 Unpacked BCD Adjustment Instructions
3.4 Logical Instructions
3.4.1 Boolean Operation Instructions
3.4.2 Bit Test and Modify Instructions
3.4.3 Bit Scan Instructions
3.4.4 Shift and Rotate Instructions
3.4.4.1 Shift Instructions
3.4.4.2 Double-Shift Instructions
3.4.4.3 Rotate Instructions
3.4.4.4 Fast "BIT BLT" Using Double Shift Instructions
3.4.4.5 Fast Bit-String Insert and Extract
3.4.5 Byte-Set-On-Condition Instructions
3.4.6 Test Instruction
3.5 Control Transfer Instructions
3.5.1 Unconditional Transfer Instructions
3.5.1.1 Jump Instruction
3.5.1.2 Call Instruction
3.5.1.3 Return and Return-From-Interrupt Instruction
3.5.2 Conditional Transfer Instructions
3.5.2.1 Conditional Jump Instructions
3.5.2.2 Loop Instructions
3.5.2.3 Executing a Loop or Repeat Zero Times
3.5.3 Software-Generated Interrupts
3.6 String and Character Translation Instructions
3.6.1 Repeat Prefixes
3.6.2 Indexing and Direction Flag Control
3.6.3 String Instructions
3.7 Instructions for Block-Structured Languages
3.8 Flag Control Instructions
3.8.1 Carry and Direction Flag Control Instructions
3.8.2 Flag Transfer Instructions
3.9 Coprocessor Interface Instructions
3.10 Segment Register Instructions
3.10.1 Segment-Register Transfer Instructions
3.10.2 Far Control Transfer Instructions
3.10.3 Data Pointer Instructions
3.11 Miscellaneous Instructions
3.11.1 Address Calculation Instruction
3.11.2 No-Operation Instruction
3.11.3 Translate Instruction
Chapter 4 Systems Architecture
4.1 Systems Registers
4.1.1 Systems Flags
4.1.2 Memory-Management Registers
4.1.3 Control Registers
4.1.4 Debug Register
4.1.5 Test Registers
4.2 Systems Instructions
Chapter 5 Memory Management
5.1 Segment Translation
5.1.1 Descriptors
5.1.2 Descriptor Tables
5.1.3 Selectors
5.1.4 Segment Registers
5.2 Page Translation
5.2.1 Page Frame
5.2.2 Linear Address
5.2.3 Page Tables
5.2.4 Page-Table Entries
5.2.4.1 Page Frame Address
5.2.4.2 Present Bit
5.2.4.3 Accessed and Dirty Bits
5.2.4.4 Read/Write and User/Supervisor Bits
5.2.5 Page Translation Cache
5.3 Combining Segment and Page Translation
5.3.1 "Flat" Architecture
5.3.2 Segments Spanning Several Pages
5.3.3 Pages Spanning Several Segments
5.3.4 Non-Aligned Page and Segment Boundaries
5.3.5 Aligned Page and Segment Boundaries
5.3.6 Page-Table per Segment
Chapter 6 Protection
6.1 Why Protection?
6.2 Overview of 80386 Protection Mechanisms
6.3 Segment-Level Protection
6.3.1 Descriptors Store Protection Parameters
6.3.1.1 Type Checking
6.3.1.2 Limit Checking
6.3.1.3 Privilege Levels
6.3.2 Restricting Access to Data
6.3.2.1 Accessing Data in Code Segments
6.3.3 Restricting Control Transfers
6.3.4 Gate Descriptors Guard Procedure Entry Points
6.3.4.1 Stack Switching
6.3.4.2 Returning from a Procedure
6.3.5 Some Instructions are Reserved for Operating System
6.3.5.1 Privileged Instructions
6.3.5.2 Sensitive Instructions
6.3.6 Instructions for Pointer Validation
6.3.6.1 Descriptor Validation
6.3.6.2 Pointer Integrity and RPL
6.4 Page-Level Protection
6.4.1 Page-Table Entries Hold Protection Parameters
6.4.1.1 Restricting Addressable Domain
6.4.1.2 Type Checking
6.4.2 Combining Protection of Both Levels of Page Tables
6.4.3 Overrides to Page Protection
6.5 Combining Page and Segment Protection
Chapter 7 Multitasking
7.1 Task State Segment
7.2 TSS Descriptor
7.3 Task Register
7.4 Task Gate Descriptor
7.5 Task Switching
7.6 Task Linking
7.6.1 Busy Bit Prevents Loops
7.6.2 Modifying Task Linkages
7.7 Task Address Space
7.7.1 Task Linear-to-Physical Space Mapping
7.7.2 Task Logical Address Space
Chapter 8 Input/Output
8.1 I/O Addressing
8.1.1 I/O Address Space
8.1.2 Memory-Mapped I/O
8.2 I/O Instructions
8.2.1 Register I/O Instructions
8.2.2 Block I/O Instructions
8.3 Protection and I/O
8.3.1 I/O Privilege Level
8.3.2 I/O Permission Bit Map
Chapter 9 Exceptions and Interrupts
9.1 Identifying Interrupts
9.2 Enabling and Disabling Interrupts
9.2.1 NMI Masks Further NMIs
9.2.2 IF Masks INTR
9.2.3 RF Masks Debug Faults
9.2.4 MOV or POP to SS Masks Some Interrupts and Exceptions
9.3 Priority Among Simultaneous Interrupts and Exceptions
9.4 Interrupt Descriptor Table
9.5 IDT Descriptors
9.6 Interrupt Tasks and Interrupt Procedures
9.6.1 Interrupt Procedures
9.6.1.1 Stack of Interrupt Procedure
9.6.1.2 Returning from an Interrupt Procedure
9.6.1.3 Flags Usage by Interrupt Procedure
9.6.1.4 Protection in Interrupt Procedures
9.6.2 Interrupt Tasks
9.7 Error Code
9.8 Exception Conditions
9.8.1 Interrupt 0 -- Divide Error
9.8.2 Interrupt 1 -- Debug Exceptions
9.8.3 Interrupt 3 -- Breakpoint
9.8.4 Interrupt 4 -- Overflow
9.8.5 Interrupt 5 -- Bounds Check
9.8.6 Interrupt 6 -- Invalid Opcode
9.8.7 Interrupt 7 -- Coprocessor Not Available
9.8.8 Interrupt 8 -- Double Fault
9.8.9 Interrupt 9 -- Coprocessor Segment Overrun
9.8.10 Interrupt 10 -- Invalid TSS
9.8.11 Interrupt 11 -- Segment Not Present
9.8.12 Interrupt 12 -- Stack Exception
9.8.13 Interrupt 13 -- General Protection Exception
9.8.14 Interrupt 14 -- Page Fault
9.8.14.1 Page Fault During Task Switch
9.8.14.2 Page Fault with Inconsistent Stack Pointer
9.8.15 Interrupt 16 -- Coprocessor Error
9.9 Exception Summary
9.10 Error Code Summary
Chapter 10 Initialization
10.1 Processor State After Reset
10.2 Software Initialization for Real-Address Mode
10.2.1 Stack
10.2.2 Interrupt Table
10.2.3 First Instructions
10.3 Switching to Protected Mode
10.4 Software Initialization for Protected Mode
10.4.1 Interrupt Descriptor Table
10.4.2 Stack
10.4.3 Global Descriptor Table
10.4.4 Page Tables
10.4.5 First Task
10.5 Initialization Example
10.6 TLB Testing
10.6.1 Structure of the TLB
10.6.2 Test Registers
10.6.3 Test Operations
Chapter 11 Coprocessing and Multiprocessing
11.1 Coprocessing
11.1.1 Coprocessor Identification
11.1.2 ESC and WAIT Instructions
11.1.3 EM and MP Flags
11.1.4 The Task-Switched Flag
11.1.5 Coprocessor Exceptions
11.1.5.1 Interrupt 7 -- Coprocessor Not Available
11.1.5.2 Interrupt 9 -- Coprocessor Segment Overrun
11.1.5.3 Interrupt 16 -- Coprocessor Error
11.2 General Multiprocessing
11.2.1 LOCK and the LOCK# Signal
11.2.2 Automatic Locking
11.2.3 Cache Considerations
Chapter 12 Debugging
12.1 Debugging Features of the Architecture
12.2 Debug Registers
12.2.1 Debug Address Registers (DR0-DR3)
12.2.2 Debug Control Register (DR7)
12.2.3 Debug Status Register (DR6)
12.2.4 Breakpoint Field Recognition
12.3 Debug Exceptions
12.3.1 Interrupt 1 -- Debug Exceptions
12.3.1.1 Instruction Addrees Breakpoint
12.3.1.2 Data Address Breakpoint
12.3.1.3 General Detect Fault
12.3.1.4 Single-Step Trap
12.3.1.5 Task Switch Breakpoint
12.3.2 Interrupt 3 -- Breakpoint Exception
Chapter 13 Executing 80286 Protected-Mode Code
13.1 80286 Code Executes as a Subset of the 80386
13.2 Two ways to Execute 80286 Tasks
13.3 Differences From 80286
13.3.1 Wraparound of 80286 24-Bit Physical Address Space
13.3.2 Reserved Word of Descriptor
13.3.3 New Descriptor Type Codes
13.3.4 Restricted Semantics of LOCK
13.3.5 Additional Exceptions
Chapter 14 80386 Real-Address Mode
14.1 Physical Address Formation
14.2 Registers and Instructions
14.3 Interrupt and Exception Handling
14.4 Entering and Leaving Real-Address Mode
14.4.1 Switching to Protected Mode
14.5 Switching Back to Real-Address Mode
14.6 Real-Address Mode Exceptions
14.7 Differences From 8086
14.8 Differences From 80286 Real-Address Mode
14.8.1 Bus Lock
14.8.2 Location of First Instruction
14.8.3 Initial Values of General Registers
14.8.4 MSW Initialization
Chapter 15 Virtual 8086 Mode
15.1 Executing 8086 Code
15.1.1 Registers and Instructions
15.1.2 Linear Address Formation
15.2 Structure of a V86 Task
15.2.1 Using Paging for V86 Tasks
15.2.2 Protection within a V86 Task
15.3 Entering and Leaving V86 Mode
15.3.1 Transitions Through Task Switches
15.3.2 Transitions Through Trap Gates and Interrupt Gates
15.4 Additional Sensitive Instructions
15.4.1 Emulating 8086 Operating System Calls
15.4.2 Virtualizing the Interrupt-Enable Flag
15.5 Virtual I/O
15.5.1 I/O-Mapped I/O
15.5.2 Memory-Mapped I/O
15.5.3 Special I/O Buffers
15.6 Differences From 8086
15.7 Differences From 80286 Real-Address Mode
Chapter 16 Mixing 16-Bit and 32 Bit Code
16.1 How the 80386 Implements 16-Bit and 32-Bit Features
16.2 Mixing 32-Bit and 16-Bit Operations
16.3 Sharing Data Segments Among Mixed Code Segments
16.4 Transferring Control Among Mixed Code Segments
16.4.1 Size of Code-Segment Pointer
16.4.2 Stack Management for Control Transfers
16.4.2.1 Controlling the Operand-Size for a Call
16.4.2.2 Changing Size of Call
16.4.3 Interrupt Control Transfers
16.4.4 Parameter Translation
16.4.5 The Interface Procedure
Chapter 17 80386 Instruction Set
17.1 Operand-Size and Address-Size Attributes
17.1.1 Default Segment Attribute
17.1.2 Operand-Size and Address-Size Instruction Prefixes
17.1.3 Address-Size Attribute for Stack
17.2 Instruction Format
17.2.1 ModR/M and SIB Bytes
17.2.2 How to Read the Instruction Set Pages
17.2.2.1 Opcode
17.2.2.2 Instruction
17.2.2.3 Clocks
17.2.2.4 Description
17.2.2.5 Operation
17.2.2.6 Description
17.2.2.7 Flags Affected
17.2.2.8 Protected Mode Exceptions
17.2.2.9 Real Address Mode Exceptions
17.2.2.10 Virtual-8086 Mode Exceptions
17.3 Instruction Set
17.3.A 'A' Instructions
AAA -- ASCII Adjust after Addition
AAD -- ASCII Adjust AX before Division
AAM -- ASCII Adjust AX after Multiply
AAS -- ASCII Adjust AL after Subtraction
ADC -- Add with Carry
ADD -- Add
AND -- Logical AND
ARPL -- Adjust RPL Field of Selector
17.3.B 'B' Instructions
BOUND -- Check Array Index Against Bounds
BSF -- Bit Scan Forward
BSR -- Bit Scan Reverse
BT -- Bit Test
BTC -- Bit Test and Complement
BTR -- Bit Test and Reset
BTS -- Bit Test and Set
17.3.C 'C' Instructions
CALL -- Call Procedure
CBW/CWDE -- Convert Byte to Word/Convert Word to Doubleword
CLC -- Clear Carry Flag
CLD -- Clear Direction Flag
CLI -- Clear Interrupt Flag
CLTS -- Clear Task-Switched Flag in CR0
CMC -- Complement Carry Flag
CMP -- Compare Two Operands
CMPS/CMPSB/CMPSW/CMPSD -- Compare String Operands
CWD/CDQ -- Convert Word to Doubleword/Convert Doubleword to
17.3.D 'D' Instructions
DAA -- Decimal Adjust AL after Addition
DAS -- Decimal Adjust AL after Subtraction
DEC -- Decrement by 1
DIV -- Unsigned Divide
17.3.E 'E' Instructions
ENTER -- Make Stack Frame for Procedure Parameters
17.3.H 'H' Instructions
HLT -- Halt
17.3.I 'I' Instructions
IDIV -- Signed Divide
IMUL -- Signed Multiply
IN -- Input from Port
INC -- Increment by 1
INS/INSB/INSW/INSD -- Input from Port to String
INT/INTO -- Call to Interrupt Procedure
IRET/IRETD -- Interrupt Return
17.3.J 'J' Instructions
Jcc -- Jump if Condition is Met
JMP -- Jump
17.3.L 'L' Instructions
LAHF -- Load Flags into AH Register
LAR -- Load Access Rights Byte
LEA -- Load Effective Address
LEAVE -- High Level Procedure Exit
LGDT/LIDT -- Load Global/Interrupt Descriptor Table Register
LGS/LSS/LDS/LES/LFS -- Load Full Pointer
LLDT -- Load Local Descriptor Table Register
LMSW -- Load Machine Status Word
LOCK -- Assert LOCK# Signal Prefix
LODS/LODSB/LODSW/LODSD -- Load String Operand
LOOP/LOOPcond -- Loop Control with CX Counter
LSL -- Load Segment Limit
LTR -- Load Task Register
17.3.M 'M' Instructions
MOV -- Move Data
MOV -- Move to/from Special Registers
MOVS/MOVSB/MOVSW/MOVSD -- Move Data from String to String
MOVSX -- Move with Sign-Extend
MOVZX -- Move with Zero-Extend
MUL -- Unsigned Multiplication of AL or AX
17.3.N 'N' Instructions
NEG -- Two's Complement Negation
NOP -- No Operation
NOT -- One's Complement Negation
17.3.O 'O' Instructions
OR -- Logical Inclusive OR
OUT -- Output to Port
OUTS/OUTSB/OUTSW/OUTSD -- Output String to Port
17.3.P 'P' Instructions
POP -- Pop a Word from the Stack
POPA/POPAD -- Pop all General Registers
POPF/POPFD -- Pop Stack into FLAGS or EFLAGS Register
PUSH -- Push Operand onto the Stack
PUSHA/PUSHAD -- Push all General Registers
PUSHF/PUSHFD -- Push Flags Register onto the Stack
17.3.R 'R' Instructions
RCL/RCR/ROL/ROR -- Rotate
REP/REPE/REPZ/REPNE/REPNZ -- Repeat Following String Operation
RET -- Return from Procedure
17.3.S 'S' Instructions
SAHF -- Store AH into Flags
SAL/SAR/SHL/SHR -- Shift Instructions
SBB -- Integer Subtraction with Borrow
SCAS/SCASB/SCASW/SCASD -- Compare String Data
SETcc -- Byte Set on Condition
SGDT/SIDT -- Store Global/Interrupt Descriptor Table Register
SHLD -- Double Precision Shift Left
SHRD -- Double Precision Shift Right
SLDT -- Store Local Descriptor Table Register
SMSW -- Store Machine Status Word
STC -- Set Carry Flag
STD -- Set Direction Flag
STI -- Set Interrupt Flag
STOS/STOSB/STOSW/STOSD -- Store String Data
STR -- Store Task Register
SUB -- Integer Subtraction
17.3.T 'T' Instructions
TEST -- Logical Compare
17.3.V 'V' Instructions
VERR, VERW -- Verify a Segment for Reading or Writing
17.3.W 'W' Instructions
WAIT -- Wait until BUSY# Pin is Inactive (HIGH)
17.3.X 'X' Instructions
XCHG -- Exchange Register/Memory with Register
XLAT/XLATB -- Table Look-up Translation
XOR -- Logical Exclusive OR
Appendix A Opcode Map
Appendix B Complete Flag Cross-Reference
Appendix C Status Flag Summary
Appendix D Condition Codes
Prev:
Customer Support
Next:
Figures