| 1 | @c Copyright 1991, 1992, 1993, 1994, 1995, 1997, 1998, 1999, 2000, |
| 2 | @c 2001, 2003, 2004 |
| 3 | @c Free Software Foundation, Inc. |
| 4 | @c This is part of the GAS manual. |
| 5 | @c For copying conditions, see the file as.texinfo. |
| 6 | @ifset GENERIC |
| 7 | @page |
| 8 | @node i386-Dependent |
| 9 | @chapter 80386 Dependent Features |
| 10 | @end ifset |
| 11 | @ifclear GENERIC |
| 12 | @node Machine Dependencies |
| 13 | @chapter 80386 Dependent Features |
| 14 | @end ifclear |
| 15 | |
| 16 | @cindex i386 support |
| 17 | @cindex i80306 support |
| 18 | @cindex x86-64 support |
| 19 | |
| 20 | The i386 version @code{@value{AS}} supports both the original Intel 386 |
| 21 | architecture in both 16 and 32-bit mode as well as AMD x86-64 architecture |
| 22 | extending the Intel architecture to 64-bits. |
| 23 | |
| 24 | @menu |
| 25 | * i386-Options:: Options |
| 26 | * i386-Syntax:: AT&T Syntax versus Intel Syntax |
| 27 | * i386-Mnemonics:: Instruction Naming |
| 28 | * i386-Regs:: Register Naming |
| 29 | * i386-Prefixes:: Instruction Prefixes |
| 30 | * i386-Memory:: Memory References |
| 31 | * i386-Jumps:: Handling of Jump Instructions |
| 32 | * i386-Float:: Floating Point |
| 33 | * i386-SIMD:: Intel's MMX and AMD's 3DNow! SIMD Operations |
| 34 | * i386-16bit:: Writing 16-bit Code |
| 35 | * i386-Arch:: Specifying an x86 CPU architecture |
| 36 | * i386-Bugs:: AT&T Syntax bugs |
| 37 | * i386-Notes:: Notes |
| 38 | @end menu |
| 39 | |
| 40 | @node i386-Options |
| 41 | @section Options |
| 42 | |
| 43 | @cindex options for i386 |
| 44 | @cindex options for x86-64 |
| 45 | @cindex i386 options |
| 46 | @cindex x86-64 options |
| 47 | |
| 48 | The i386 version of @code{@value{AS}} has a few machine |
| 49 | dependent options: |
| 50 | |
| 51 | @table @code |
| 52 | @cindex @samp{--32} option, i386 |
| 53 | @cindex @samp{--32} option, x86-64 |
| 54 | @cindex @samp{--64} option, i386 |
| 55 | @cindex @samp{--64} option, x86-64 |
| 56 | @item --32 | --64 |
| 57 | Select the word size, either 32 bits or 64 bits. Selecting 32-bit |
| 58 | implies Intel i386 architecture, while 64-bit implies AMD x86-64 |
| 59 | architecture. |
| 60 | |
| 61 | These options are only available with the ELF object file format, and |
| 62 | require that the necessary BFD support has been included (on a 32-bit |
| 63 | platform you have to add --enable-64-bit-bfd to configure enable 64-bit |
| 64 | usage and use x86-64 as target platform). |
| 65 | |
| 66 | @item -n |
| 67 | By default, x86 GAS replaces multiple nop instructions used for |
| 68 | alignment within code sections with multi-byte nop instructions such |
| 69 | as leal 0(%esi,1),%esi. This switch disables the optimization. |
| 70 | |
| 71 | @cindex @samp{--divide} option, i386 |
| 72 | @item --divide |
| 73 | On SVR4-derived platforms, the character @samp{/} is treated as a comment |
| 74 | character, which means that it cannot be used in expressions. The |
| 75 | @samp{--divide} option turns @samp{/} into a normal character. This does |
| 76 | not disable @samp{/} at the beginning of a line starting a comment, or |
| 77 | affect using @samp{#} for starting a comment. |
| 78 | |
| 79 | @cindex @samp{-march=} option, i386 |
| 80 | @cindex @samp{-march=} option, x86-64 |
| 81 | @item -march=@var{CPU} |
| 82 | This option specifies an instruction set architecture for generating |
| 83 | instructions. The following architectures are recognized: |
| 84 | @code{i8086}, |
| 85 | @code{i186}, |
| 86 | @code{i286}, |
| 87 | @code{i386}, |
| 88 | @code{i486}, |
| 89 | @code{i586}, |
| 90 | @code{i686}, |
| 91 | @code{pentium}, |
| 92 | @code{pentiumpro}, |
| 93 | @code{pentiumii}, |
| 94 | @code{pentiumiii}, |
| 95 | @code{pentium4}, |
| 96 | @code{prescott}, |
| 97 | @code{nocona}, |
| 98 | @code{core}, |
| 99 | @code{core2}, |
| 100 | @code{k6}, |
| 101 | @code{k6_2}, |
| 102 | @code{athlon}, |
| 103 | @code{sledgehammer}, |
| 104 | @code{opteron}, |
| 105 | @code{k8}, |
| 106 | @code{generic32} and |
| 107 | @code{generic64}. |
| 108 | |
| 109 | This option only affects instructions generated by the assembler. The |
| 110 | @code{.arch} directive will take precedent. |
| 111 | |
| 112 | @cindex @samp{-mtune=} option, i386 |
| 113 | @cindex @samp{-mtune=} option, x86-64 |
| 114 | @item -mtune=@var{CPU} |
| 115 | This option specifies a processor to optimize for. When used in |
| 116 | conjunction with the @option{-march} option, only instructions |
| 117 | of the processor specified by the @option{-march} option will be |
| 118 | generated. |
| 119 | |
| 120 | Valid @var{CPU} values are identical to @option{-march=@var{CPU}}. |
| 121 | |
| 122 | @end table |
| 123 | |
| 124 | @node i386-Syntax |
| 125 | @section AT&T Syntax versus Intel Syntax |
| 126 | |
| 127 | @cindex i386 intel_syntax pseudo op |
| 128 | @cindex intel_syntax pseudo op, i386 |
| 129 | @cindex i386 att_syntax pseudo op |
| 130 | @cindex att_syntax pseudo op, i386 |
| 131 | @cindex i386 syntax compatibility |
| 132 | @cindex syntax compatibility, i386 |
| 133 | @cindex x86-64 intel_syntax pseudo op |
| 134 | @cindex intel_syntax pseudo op, x86-64 |
| 135 | @cindex x86-64 att_syntax pseudo op |
| 136 | @cindex att_syntax pseudo op, x86-64 |
| 137 | @cindex x86-64 syntax compatibility |
| 138 | @cindex syntax compatibility, x86-64 |
| 139 | |
| 140 | @code{@value{AS}} now supports assembly using Intel assembler syntax. |
| 141 | @code{.intel_syntax} selects Intel mode, and @code{.att_syntax} switches |
| 142 | back to the usual AT&T mode for compatibility with the output of |
| 143 | @code{@value{GCC}}. Either of these directives may have an optional |
| 144 | argument, @code{prefix}, or @code{noprefix} specifying whether registers |
| 145 | require a @samp{%} prefix. AT&T System V/386 assembler syntax is quite |
| 146 | different from Intel syntax. We mention these differences because |
| 147 | almost all 80386 documents use Intel syntax. Notable differences |
| 148 | between the two syntaxes are: |
| 149 | |
| 150 | @cindex immediate operands, i386 |
| 151 | @cindex i386 immediate operands |
| 152 | @cindex register operands, i386 |
| 153 | @cindex i386 register operands |
| 154 | @cindex jump/call operands, i386 |
| 155 | @cindex i386 jump/call operands |
| 156 | @cindex operand delimiters, i386 |
| 157 | |
| 158 | @cindex immediate operands, x86-64 |
| 159 | @cindex x86-64 immediate operands |
| 160 | @cindex register operands, x86-64 |
| 161 | @cindex x86-64 register operands |
| 162 | @cindex jump/call operands, x86-64 |
| 163 | @cindex x86-64 jump/call operands |
| 164 | @cindex operand delimiters, x86-64 |
| 165 | @itemize @bullet |
| 166 | @item |
| 167 | AT&T immediate operands are preceded by @samp{$}; Intel immediate |
| 168 | operands are undelimited (Intel @samp{push 4} is AT&T @samp{pushl $4}). |
| 169 | AT&T register operands are preceded by @samp{%}; Intel register operands |
| 170 | are undelimited. AT&T absolute (as opposed to PC relative) jump/call |
| 171 | operands are prefixed by @samp{*}; they are undelimited in Intel syntax. |
| 172 | |
| 173 | @cindex i386 source, destination operands |
| 174 | @cindex source, destination operands; i386 |
| 175 | @cindex x86-64 source, destination operands |
| 176 | @cindex source, destination operands; x86-64 |
| 177 | @item |
| 178 | AT&T and Intel syntax use the opposite order for source and destination |
| 179 | operands. Intel @samp{add eax, 4} is @samp{addl $4, %eax}. The |
| 180 | @samp{source, dest} convention is maintained for compatibility with |
| 181 | previous Unix assemblers. Note that @samp{bound}, @samp{invlpga}, and |
| 182 | instructions with 2 immediate operands, such as the @samp{enter} |
| 183 | instruction, do @emph{not} have reversed order. @ref{i386-Bugs}. |
| 184 | |
| 185 | @cindex mnemonic suffixes, i386 |
| 186 | @cindex sizes operands, i386 |
| 187 | @cindex i386 size suffixes |
| 188 | @cindex mnemonic suffixes, x86-64 |
| 189 | @cindex sizes operands, x86-64 |
| 190 | @cindex x86-64 size suffixes |
| 191 | @item |
| 192 | In AT&T syntax the size of memory operands is determined from the last |
| 193 | character of the instruction mnemonic. Mnemonic suffixes of @samp{b}, |
| 194 | @samp{w}, @samp{l} and @samp{q} specify byte (8-bit), word (16-bit), long |
| 195 | (32-bit) and quadruple word (64-bit) memory references. Intel syntax accomplishes |
| 196 | this by prefixing memory operands (@emph{not} the instruction mnemonics) with |
| 197 | @samp{byte ptr}, @samp{word ptr}, @samp{dword ptr} and @samp{qword ptr}. Thus, |
| 198 | Intel @samp{mov al, byte ptr @var{foo}} is @samp{movb @var{foo}, %al} in AT&T |
| 199 | syntax. |
| 200 | |
| 201 | @cindex return instructions, i386 |
| 202 | @cindex i386 jump, call, return |
| 203 | @cindex return instructions, x86-64 |
| 204 | @cindex x86-64 jump, call, return |
| 205 | @item |
| 206 | Immediate form long jumps and calls are |
| 207 | @samp{lcall/ljmp $@var{section}, $@var{offset}} in AT&T syntax; the |
| 208 | Intel syntax is |
| 209 | @samp{call/jmp far @var{section}:@var{offset}}. Also, the far return |
| 210 | instruction |
| 211 | is @samp{lret $@var{stack-adjust}} in AT&T syntax; Intel syntax is |
| 212 | @samp{ret far @var{stack-adjust}}. |
| 213 | |
| 214 | @cindex sections, i386 |
| 215 | @cindex i386 sections |
| 216 | @cindex sections, x86-64 |
| 217 | @cindex x86-64 sections |
| 218 | @item |
| 219 | The AT&T assembler does not provide support for multiple section |
| 220 | programs. Unix style systems expect all programs to be single sections. |
| 221 | @end itemize |
| 222 | |
| 223 | @node i386-Mnemonics |
| 224 | @section Instruction Naming |
| 225 | |
| 226 | @cindex i386 instruction naming |
| 227 | @cindex instruction naming, i386 |
| 228 | @cindex x86-64 instruction naming |
| 229 | @cindex instruction naming, x86-64 |
| 230 | |
| 231 | Instruction mnemonics are suffixed with one character modifiers which |
| 232 | specify the size of operands. The letters @samp{b}, @samp{w}, @samp{l} |
| 233 | and @samp{q} specify byte, word, long and quadruple word operands. If |
| 234 | no suffix is specified by an instruction then @code{@value{AS}} tries to |
| 235 | fill in the missing suffix based on the destination register operand |
| 236 | (the last one by convention). Thus, @samp{mov %ax, %bx} is equivalent |
| 237 | to @samp{movw %ax, %bx}; also, @samp{mov $1, %bx} is equivalent to |
| 238 | @samp{movw $1, bx}. Note that this is incompatible with the AT&T Unix |
| 239 | assembler which assumes that a missing mnemonic suffix implies long |
| 240 | operand size. (This incompatibility does not affect compiler output |
| 241 | since compilers always explicitly specify the mnemonic suffix.) |
| 242 | |
| 243 | Almost all instructions have the same names in AT&T and Intel format. |
| 244 | There are a few exceptions. The sign extend and zero extend |
| 245 | instructions need two sizes to specify them. They need a size to |
| 246 | sign/zero extend @emph{from} and a size to zero extend @emph{to}. This |
| 247 | is accomplished by using two instruction mnemonic suffixes in AT&T |
| 248 | syntax. Base names for sign extend and zero extend are |
| 249 | @samp{movs@dots{}} and @samp{movz@dots{}} in AT&T syntax (@samp{movsx} |
| 250 | and @samp{movzx} in Intel syntax). The instruction mnemonic suffixes |
| 251 | are tacked on to this base name, the @emph{from} suffix before the |
| 252 | @emph{to} suffix. Thus, @samp{movsbl %al, %edx} is AT&T syntax for |
| 253 | ``move sign extend @emph{from} %al @emph{to} %edx.'' Possible suffixes, |
| 254 | thus, are @samp{bl} (from byte to long), @samp{bw} (from byte to word), |
| 255 | @samp{wl} (from word to long), @samp{bq} (from byte to quadruple word), |
| 256 | @samp{wq} (from word to quadruple word), and @samp{lq} (from long to |
| 257 | quadruple word). |
| 258 | |
| 259 | @cindex conversion instructions, i386 |
| 260 | @cindex i386 conversion instructions |
| 261 | @cindex conversion instructions, x86-64 |
| 262 | @cindex x86-64 conversion instructions |
| 263 | The Intel-syntax conversion instructions |
| 264 | |
| 265 | @itemize @bullet |
| 266 | @item |
| 267 | @samp{cbw} --- sign-extend byte in @samp{%al} to word in @samp{%ax}, |
| 268 | |
| 269 | @item |
| 270 | @samp{cwde} --- sign-extend word in @samp{%ax} to long in @samp{%eax}, |
| 271 | |
| 272 | @item |
| 273 | @samp{cwd} --- sign-extend word in @samp{%ax} to long in @samp{%dx:%ax}, |
| 274 | |
| 275 | @item |
| 276 | @samp{cdq} --- sign-extend dword in @samp{%eax} to quad in @samp{%edx:%eax}, |
| 277 | |
| 278 | @item |
| 279 | @samp{cdqe} --- sign-extend dword in @samp{%eax} to quad in @samp{%rax} |
| 280 | (x86-64 only), |
| 281 | |
| 282 | @item |
| 283 | @samp{cqo} --- sign-extend quad in @samp{%rax} to octuple in |
| 284 | @samp{%rdx:%rax} (x86-64 only), |
| 285 | @end itemize |
| 286 | |
| 287 | @noindent |
| 288 | are called @samp{cbtw}, @samp{cwtl}, @samp{cwtd}, @samp{cltd}, @samp{cltq}, and |
| 289 | @samp{cqto} in AT&T naming. @code{@value{AS}} accepts either naming for these |
| 290 | instructions. |
| 291 | |
| 292 | @cindex jump instructions, i386 |
| 293 | @cindex call instructions, i386 |
| 294 | @cindex jump instructions, x86-64 |
| 295 | @cindex call instructions, x86-64 |
| 296 | Far call/jump instructions are @samp{lcall} and @samp{ljmp} in |
| 297 | AT&T syntax, but are @samp{call far} and @samp{jump far} in Intel |
| 298 | convention. |
| 299 | |
| 300 | @node i386-Regs |
| 301 | @section Register Naming |
| 302 | |
| 303 | @cindex i386 registers |
| 304 | @cindex registers, i386 |
| 305 | @cindex x86-64 registers |
| 306 | @cindex registers, x86-64 |
| 307 | Register operands are always prefixed with @samp{%}. The 80386 registers |
| 308 | consist of |
| 309 | |
| 310 | @itemize @bullet |
| 311 | @item |
| 312 | the 8 32-bit registers @samp{%eax} (the accumulator), @samp{%ebx}, |
| 313 | @samp{%ecx}, @samp{%edx}, @samp{%edi}, @samp{%esi}, @samp{%ebp} (the |
| 314 | frame pointer), and @samp{%esp} (the stack pointer). |
| 315 | |
| 316 | @item |
| 317 | the 8 16-bit low-ends of these: @samp{%ax}, @samp{%bx}, @samp{%cx}, |
| 318 | @samp{%dx}, @samp{%di}, @samp{%si}, @samp{%bp}, and @samp{%sp}. |
| 319 | |
| 320 | @item |
| 321 | the 8 8-bit registers: @samp{%ah}, @samp{%al}, @samp{%bh}, |
| 322 | @samp{%bl}, @samp{%ch}, @samp{%cl}, @samp{%dh}, and @samp{%dl} (These |
| 323 | are the high-bytes and low-bytes of @samp{%ax}, @samp{%bx}, |
| 324 | @samp{%cx}, and @samp{%dx}) |
| 325 | |
| 326 | @item |
| 327 | the 6 section registers @samp{%cs} (code section), @samp{%ds} |
| 328 | (data section), @samp{%ss} (stack section), @samp{%es}, @samp{%fs}, |
| 329 | and @samp{%gs}. |
| 330 | |
| 331 | @item |
| 332 | the 3 processor control registers @samp{%cr0}, @samp{%cr2}, and |
| 333 | @samp{%cr3}. |
| 334 | |
| 335 | @item |
| 336 | the 6 debug registers @samp{%db0}, @samp{%db1}, @samp{%db2}, |
| 337 | @samp{%db3}, @samp{%db6}, and @samp{%db7}. |
| 338 | |
| 339 | @item |
| 340 | the 2 test registers @samp{%tr6} and @samp{%tr7}. |
| 341 | |
| 342 | @item |
| 343 | the 8 floating point register stack @samp{%st} or equivalently |
| 344 | @samp{%st(0)}, @samp{%st(1)}, @samp{%st(2)}, @samp{%st(3)}, |
| 345 | @samp{%st(4)}, @samp{%st(5)}, @samp{%st(6)}, and @samp{%st(7)}. |
| 346 | These registers are overloaded by 8 MMX registers @samp{%mm0}, |
| 347 | @samp{%mm1}, @samp{%mm2}, @samp{%mm3}, @samp{%mm4}, @samp{%mm5}, |
| 348 | @samp{%mm6} and @samp{%mm7}. |
| 349 | |
| 350 | @item |
| 351 | the 8 SSE registers registers @samp{%xmm0}, @samp{%xmm1}, @samp{%xmm2}, |
| 352 | @samp{%xmm3}, @samp{%xmm4}, @samp{%xmm5}, @samp{%xmm6} and @samp{%xmm7}. |
| 353 | @end itemize |
| 354 | |
| 355 | The AMD x86-64 architecture extends the register set by: |
| 356 | |
| 357 | @itemize @bullet |
| 358 | @item |
| 359 | enhancing the 8 32-bit registers to 64-bit: @samp{%rax} (the |
| 360 | accumulator), @samp{%rbx}, @samp{%rcx}, @samp{%rdx}, @samp{%rdi}, |
| 361 | @samp{%rsi}, @samp{%rbp} (the frame pointer), @samp{%rsp} (the stack |
| 362 | pointer) |
| 363 | |
| 364 | @item |
| 365 | the 8 extended registers @samp{%r8}--@samp{%r15}. |
| 366 | |
| 367 | @item |
| 368 | the 8 32-bit low ends of the extended registers: @samp{%r8d}--@samp{%r15d} |
| 369 | |
| 370 | @item |
| 371 | the 8 16-bit low ends of the extended registers: @samp{%r8w}--@samp{%r15w} |
| 372 | |
| 373 | @item |
| 374 | the 8 8-bit low ends of the extended registers: @samp{%r8b}--@samp{%r15b} |
| 375 | |
| 376 | @item |
| 377 | the 4 8-bit registers: @samp{%sil}, @samp{%dil}, @samp{%bpl}, @samp{%spl}. |
| 378 | |
| 379 | @item |
| 380 | the 8 debug registers: @samp{%db8}--@samp{%db15}. |
| 381 | |
| 382 | @item |
| 383 | the 8 SSE registers: @samp{%xmm8}--@samp{%xmm15}. |
| 384 | @end itemize |
| 385 | |
| 386 | @node i386-Prefixes |
| 387 | @section Instruction Prefixes |
| 388 | |
| 389 | @cindex i386 instruction prefixes |
| 390 | @cindex instruction prefixes, i386 |
| 391 | @cindex prefixes, i386 |
| 392 | Instruction prefixes are used to modify the following instruction. They |
| 393 | are used to repeat string instructions, to provide section overrides, to |
| 394 | perform bus lock operations, and to change operand and address sizes. |
| 395 | (Most instructions that normally operate on 32-bit operands will use |
| 396 | 16-bit operands if the instruction has an ``operand size'' prefix.) |
| 397 | Instruction prefixes are best written on the same line as the instruction |
| 398 | they act upon. For example, the @samp{scas} (scan string) instruction is |
| 399 | repeated with: |
| 400 | |
| 401 | @smallexample |
| 402 | repne scas %es:(%edi),%al |
| 403 | @end smallexample |
| 404 | |
| 405 | You may also place prefixes on the lines immediately preceding the |
| 406 | instruction, but this circumvents checks that @code{@value{AS}} does |
| 407 | with prefixes, and will not work with all prefixes. |
| 408 | |
| 409 | Here is a list of instruction prefixes: |
| 410 | |
| 411 | @cindex section override prefixes, i386 |
| 412 | @itemize @bullet |
| 413 | @item |
| 414 | Section override prefixes @samp{cs}, @samp{ds}, @samp{ss}, @samp{es}, |
| 415 | @samp{fs}, @samp{gs}. These are automatically added by specifying |
| 416 | using the @var{section}:@var{memory-operand} form for memory references. |
| 417 | |
| 418 | @cindex size prefixes, i386 |
| 419 | @item |
| 420 | Operand/Address size prefixes @samp{data16} and @samp{addr16} |
| 421 | change 32-bit operands/addresses into 16-bit operands/addresses, |
| 422 | while @samp{data32} and @samp{addr32} change 16-bit ones (in a |
| 423 | @code{.code16} section) into 32-bit operands/addresses. These prefixes |
| 424 | @emph{must} appear on the same line of code as the instruction they |
| 425 | modify. For example, in a 16-bit @code{.code16} section, you might |
| 426 | write: |
| 427 | |
| 428 | @smallexample |
| 429 | addr32 jmpl *(%ebx) |
| 430 | @end smallexample |
| 431 | |
| 432 | @cindex bus lock prefixes, i386 |
| 433 | @cindex inhibiting interrupts, i386 |
| 434 | @item |
| 435 | The bus lock prefix @samp{lock} inhibits interrupts during execution of |
| 436 | the instruction it precedes. (This is only valid with certain |
| 437 | instructions; see a 80386 manual for details). |
| 438 | |
| 439 | @cindex coprocessor wait, i386 |
| 440 | @item |
| 441 | The wait for coprocessor prefix @samp{wait} waits for the coprocessor to |
| 442 | complete the current instruction. This should never be needed for the |
| 443 | 80386/80387 combination. |
| 444 | |
| 445 | @cindex repeat prefixes, i386 |
| 446 | @item |
| 447 | The @samp{rep}, @samp{repe}, and @samp{repne} prefixes are added |
| 448 | to string instructions to make them repeat @samp{%ecx} times (@samp{%cx} |
| 449 | times if the current address size is 16-bits). |
| 450 | @cindex REX prefixes, i386 |
| 451 | @item |
| 452 | The @samp{rex} family of prefixes is used by x86-64 to encode |
| 453 | extensions to i386 instruction set. The @samp{rex} prefix has four |
| 454 | bits --- an operand size overwrite (@code{64}) used to change operand size |
| 455 | from 32-bit to 64-bit and X, Y and Z extensions bits used to extend the |
| 456 | register set. |
| 457 | |
| 458 | You may write the @samp{rex} prefixes directly. The @samp{rex64xyz} |
| 459 | instruction emits @samp{rex} prefix with all the bits set. By omitting |
| 460 | the @code{64}, @code{x}, @code{y} or @code{z} you may write other |
| 461 | prefixes as well. Normally, there is no need to write the prefixes |
| 462 | explicitly, since gas will automatically generate them based on the |
| 463 | instruction operands. |
| 464 | @end itemize |
| 465 | |
| 466 | @node i386-Memory |
| 467 | @section Memory References |
| 468 | |
| 469 | @cindex i386 memory references |
| 470 | @cindex memory references, i386 |
| 471 | @cindex x86-64 memory references |
| 472 | @cindex memory references, x86-64 |
| 473 | An Intel syntax indirect memory reference of the form |
| 474 | |
| 475 | @smallexample |
| 476 | @var{section}:[@var{base} + @var{index}*@var{scale} + @var{disp}] |
| 477 | @end smallexample |
| 478 | |
| 479 | @noindent |
| 480 | is translated into the AT&T syntax |
| 481 | |
| 482 | @smallexample |
| 483 | @var{section}:@var{disp}(@var{base}, @var{index}, @var{scale}) |
| 484 | @end smallexample |
| 485 | |
| 486 | @noindent |
| 487 | where @var{base} and @var{index} are the optional 32-bit base and |
| 488 | index registers, @var{disp} is the optional displacement, and |
| 489 | @var{scale}, taking the values 1, 2, 4, and 8, multiplies @var{index} |
| 490 | to calculate the address of the operand. If no @var{scale} is |
| 491 | specified, @var{scale} is taken to be 1. @var{section} specifies the |
| 492 | optional section register for the memory operand, and may override the |
| 493 | default section register (see a 80386 manual for section register |
| 494 | defaults). Note that section overrides in AT&T syntax @emph{must} |
| 495 | be preceded by a @samp{%}. If you specify a section override which |
| 496 | coincides with the default section register, @code{@value{AS}} does @emph{not} |
| 497 | output any section register override prefixes to assemble the given |
| 498 | instruction. Thus, section overrides can be specified to emphasize which |
| 499 | section register is used for a given memory operand. |
| 500 | |
| 501 | Here are some examples of Intel and AT&T style memory references: |
| 502 | |
| 503 | @table @asis |
| 504 | @item AT&T: @samp{-4(%ebp)}, Intel: @samp{[ebp - 4]} |
| 505 | @var{base} is @samp{%ebp}; @var{disp} is @samp{-4}. @var{section} is |
| 506 | missing, and the default section is used (@samp{%ss} for addressing with |
| 507 | @samp{%ebp} as the base register). @var{index}, @var{scale} are both missing. |
| 508 | |
| 509 | @item AT&T: @samp{foo(,%eax,4)}, Intel: @samp{[foo + eax*4]} |
| 510 | @var{index} is @samp{%eax} (scaled by a @var{scale} 4); @var{disp} is |
| 511 | @samp{foo}. All other fields are missing. The section register here |
| 512 | defaults to @samp{%ds}. |
| 513 | |
| 514 | @item AT&T: @samp{foo(,1)}; Intel @samp{[foo]} |
| 515 | This uses the value pointed to by @samp{foo} as a memory operand. |
| 516 | Note that @var{base} and @var{index} are both missing, but there is only |
| 517 | @emph{one} @samp{,}. This is a syntactic exception. |
| 518 | |
| 519 | @item AT&T: @samp{%gs:foo}; Intel @samp{gs:foo} |
| 520 | This selects the contents of the variable @samp{foo} with section |
| 521 | register @var{section} being @samp{%gs}. |
| 522 | @end table |
| 523 | |
| 524 | Absolute (as opposed to PC relative) call and jump operands must be |
| 525 | prefixed with @samp{*}. If no @samp{*} is specified, @code{@value{AS}} |
| 526 | always chooses PC relative addressing for jump/call labels. |
| 527 | |
| 528 | Any instruction that has a memory operand, but no register operand, |
| 529 | @emph{must} specify its size (byte, word, long, or quadruple) with an |
| 530 | instruction mnemonic suffix (@samp{b}, @samp{w}, @samp{l} or @samp{q}, |
| 531 | respectively). |
| 532 | |
| 533 | The x86-64 architecture adds an RIP (instruction pointer relative) |
| 534 | addressing. This addressing mode is specified by using @samp{rip} as a |
| 535 | base register. Only constant offsets are valid. For example: |
| 536 | |
| 537 | @table @asis |
| 538 | @item AT&T: @samp{1234(%rip)}, Intel: @samp{[rip + 1234]} |
| 539 | Points to the address 1234 bytes past the end of the current |
| 540 | instruction. |
| 541 | |
| 542 | @item AT&T: @samp{symbol(%rip)}, Intel: @samp{[rip + symbol]} |
| 543 | Points to the @code{symbol} in RIP relative way, this is shorter than |
| 544 | the default absolute addressing. |
| 545 | @end table |
| 546 | |
| 547 | Other addressing modes remain unchanged in x86-64 architecture, except |
| 548 | registers used are 64-bit instead of 32-bit. |
| 549 | |
| 550 | @node i386-Jumps |
| 551 | @section Handling of Jump Instructions |
| 552 | |
| 553 | @cindex jump optimization, i386 |
| 554 | @cindex i386 jump optimization |
| 555 | @cindex jump optimization, x86-64 |
| 556 | @cindex x86-64 jump optimization |
| 557 | Jump instructions are always optimized to use the smallest possible |
| 558 | displacements. This is accomplished by using byte (8-bit) displacement |
| 559 | jumps whenever the target is sufficiently close. If a byte displacement |
| 560 | is insufficient a long displacement is used. We do not support |
| 561 | word (16-bit) displacement jumps in 32-bit mode (i.e. prefixing the jump |
| 562 | instruction with the @samp{data16} instruction prefix), since the 80386 |
| 563 | insists upon masking @samp{%eip} to 16 bits after the word displacement |
| 564 | is added. (See also @pxref{i386-Arch}) |
| 565 | |
| 566 | Note that the @samp{jcxz}, @samp{jecxz}, @samp{loop}, @samp{loopz}, |
| 567 | @samp{loope}, @samp{loopnz} and @samp{loopne} instructions only come in byte |
| 568 | displacements, so that if you use these instructions (@code{@value{GCC}} does |
| 569 | not use them) you may get an error message (and incorrect code). The AT&T |
| 570 | 80386 assembler tries to get around this problem by expanding @samp{jcxz foo} |
| 571 | to |
| 572 | |
| 573 | @smallexample |
| 574 | jcxz cx_zero |
| 575 | jmp cx_nonzero |
| 576 | cx_zero: jmp foo |
| 577 | cx_nonzero: |
| 578 | @end smallexample |
| 579 | |
| 580 | @node i386-Float |
| 581 | @section Floating Point |
| 582 | |
| 583 | @cindex i386 floating point |
| 584 | @cindex floating point, i386 |
| 585 | @cindex x86-64 floating point |
| 586 | @cindex floating point, x86-64 |
| 587 | All 80387 floating point types except packed BCD are supported. |
| 588 | (BCD support may be added without much difficulty). These data |
| 589 | types are 16-, 32-, and 64- bit integers, and single (32-bit), |
| 590 | double (64-bit), and extended (80-bit) precision floating point. |
| 591 | Each supported type has an instruction mnemonic suffix and a constructor |
| 592 | associated with it. Instruction mnemonic suffixes specify the operand's |
| 593 | data type. Constructors build these data types into memory. |
| 594 | |
| 595 | @cindex @code{float} directive, i386 |
| 596 | @cindex @code{single} directive, i386 |
| 597 | @cindex @code{double} directive, i386 |
| 598 | @cindex @code{tfloat} directive, i386 |
| 599 | @cindex @code{float} directive, x86-64 |
| 600 | @cindex @code{single} directive, x86-64 |
| 601 | @cindex @code{double} directive, x86-64 |
| 602 | @cindex @code{tfloat} directive, x86-64 |
| 603 | @itemize @bullet |
| 604 | @item |
| 605 | Floating point constructors are @samp{.float} or @samp{.single}, |
| 606 | @samp{.double}, and @samp{.tfloat} for 32-, 64-, and 80-bit formats. |
| 607 | These correspond to instruction mnemonic suffixes @samp{s}, @samp{l}, |
| 608 | and @samp{t}. @samp{t} stands for 80-bit (ten byte) real. The 80387 |
| 609 | only supports this format via the @samp{fldt} (load 80-bit real to stack |
| 610 | top) and @samp{fstpt} (store 80-bit real and pop stack) instructions. |
| 611 | |
| 612 | @cindex @code{word} directive, i386 |
| 613 | @cindex @code{long} directive, i386 |
| 614 | @cindex @code{int} directive, i386 |
| 615 | @cindex @code{quad} directive, i386 |
| 616 | @cindex @code{word} directive, x86-64 |
| 617 | @cindex @code{long} directive, x86-64 |
| 618 | @cindex @code{int} directive, x86-64 |
| 619 | @cindex @code{quad} directive, x86-64 |
| 620 | @item |
| 621 | Integer constructors are @samp{.word}, @samp{.long} or @samp{.int}, and |
| 622 | @samp{.quad} for the 16-, 32-, and 64-bit integer formats. The |
| 623 | corresponding instruction mnemonic suffixes are @samp{s} (single), |
| 624 | @samp{l} (long), and @samp{q} (quad). As with the 80-bit real format, |
| 625 | the 64-bit @samp{q} format is only present in the @samp{fildq} (load |
| 626 | quad integer to stack top) and @samp{fistpq} (store quad integer and pop |
| 627 | stack) instructions. |
| 628 | @end itemize |
| 629 | |
| 630 | Register to register operations should not use instruction mnemonic suffixes. |
| 631 | @samp{fstl %st, %st(1)} will give a warning, and be assembled as if you |
| 632 | wrote @samp{fst %st, %st(1)}, since all register to register operations |
| 633 | use 80-bit floating point operands. (Contrast this with @samp{fstl %st, mem}, |
| 634 | which converts @samp{%st} from 80-bit to 64-bit floating point format, |
| 635 | then stores the result in the 4 byte location @samp{mem}) |
| 636 | |
| 637 | @node i386-SIMD |
| 638 | @section Intel's MMX and AMD's 3DNow! SIMD Operations |
| 639 | |
| 640 | @cindex MMX, i386 |
| 641 | @cindex 3DNow!, i386 |
| 642 | @cindex SIMD, i386 |
| 643 | @cindex MMX, x86-64 |
| 644 | @cindex 3DNow!, x86-64 |
| 645 | @cindex SIMD, x86-64 |
| 646 | |
| 647 | @code{@value{AS}} supports Intel's MMX instruction set (SIMD |
| 648 | instructions for integer data), available on Intel's Pentium MMX |
| 649 | processors and Pentium II processors, AMD's K6 and K6-2 processors, |
| 650 | Cyrix' M2 processor, and probably others. It also supports AMD's 3DNow!@: |
| 651 | instruction set (SIMD instructions for 32-bit floating point data) |
| 652 | available on AMD's K6-2 processor and possibly others in the future. |
| 653 | |
| 654 | Currently, @code{@value{AS}} does not support Intel's floating point |
| 655 | SIMD, Katmai (KNI). |
| 656 | |
| 657 | The eight 64-bit MMX operands, also used by 3DNow!, are called @samp{%mm0}, |
| 658 | @samp{%mm1}, ... @samp{%mm7}. They contain eight 8-bit integers, four |
| 659 | 16-bit integers, two 32-bit integers, one 64-bit integer, or two 32-bit |
| 660 | floating point values. The MMX registers cannot be used at the same time |
| 661 | as the floating point stack. |
| 662 | |
| 663 | See Intel and AMD documentation, keeping in mind that the operand order in |
| 664 | instructions is reversed from the Intel syntax. |
| 665 | |
| 666 | @node i386-16bit |
| 667 | @section Writing 16-bit Code |
| 668 | |
| 669 | @cindex i386 16-bit code |
| 670 | @cindex 16-bit code, i386 |
| 671 | @cindex real-mode code, i386 |
| 672 | @cindex @code{code16gcc} directive, i386 |
| 673 | @cindex @code{code16} directive, i386 |
| 674 | @cindex @code{code32} directive, i386 |
| 675 | @cindex @code{code64} directive, i386 |
| 676 | @cindex @code{code64} directive, x86-64 |
| 677 | While @code{@value{AS}} normally writes only ``pure'' 32-bit i386 code |
| 678 | or 64-bit x86-64 code depending on the default configuration, |
| 679 | it also supports writing code to run in real mode or in 16-bit protected |
| 680 | mode code segments. To do this, put a @samp{.code16} or |
| 681 | @samp{.code16gcc} directive before the assembly language instructions to |
| 682 | be run in 16-bit mode. You can switch @code{@value{AS}} back to writing |
| 683 | normal 32-bit code with the @samp{.code32} directive. |
| 684 | |
| 685 | @samp{.code16gcc} provides experimental support for generating 16-bit |
| 686 | code from gcc, and differs from @samp{.code16} in that @samp{call}, |
| 687 | @samp{ret}, @samp{enter}, @samp{leave}, @samp{push}, @samp{pop}, |
| 688 | @samp{pusha}, @samp{popa}, @samp{pushf}, and @samp{popf} instructions |
| 689 | default to 32-bit size. This is so that the stack pointer is |
| 690 | manipulated in the same way over function calls, allowing access to |
| 691 | function parameters at the same stack offsets as in 32-bit mode. |
| 692 | @samp{.code16gcc} also automatically adds address size prefixes where |
| 693 | necessary to use the 32-bit addressing modes that gcc generates. |
| 694 | |
| 695 | The code which @code{@value{AS}} generates in 16-bit mode will not |
| 696 | necessarily run on a 16-bit pre-80386 processor. To write code that |
| 697 | runs on such a processor, you must refrain from using @emph{any} 32-bit |
| 698 | constructs which require @code{@value{AS}} to output address or operand |
| 699 | size prefixes. |
| 700 | |
| 701 | Note that writing 16-bit code instructions by explicitly specifying a |
| 702 | prefix or an instruction mnemonic suffix within a 32-bit code section |
| 703 | generates different machine instructions than those generated for a |
| 704 | 16-bit code segment. In a 32-bit code section, the following code |
| 705 | generates the machine opcode bytes @samp{66 6a 04}, which pushes the |
| 706 | value @samp{4} onto the stack, decrementing @samp{%esp} by 2. |
| 707 | |
| 708 | @smallexample |
| 709 | pushw $4 |
| 710 | @end smallexample |
| 711 | |
| 712 | The same code in a 16-bit code section would generate the machine |
| 713 | opcode bytes @samp{6a 04} (i.e., without the operand size prefix), which |
| 714 | is correct since the processor default operand size is assumed to be 16 |
| 715 | bits in a 16-bit code section. |
| 716 | |
| 717 | @node i386-Bugs |
| 718 | @section AT&T Syntax bugs |
| 719 | |
| 720 | The UnixWare assembler, and probably other AT&T derived ix86 Unix |
| 721 | assemblers, generate floating point instructions with reversed source |
| 722 | and destination registers in certain cases. Unfortunately, gcc and |
| 723 | possibly many other programs use this reversed syntax, so we're stuck |
| 724 | with it. |
| 725 | |
| 726 | For example |
| 727 | |
| 728 | @smallexample |
| 729 | fsub %st,%st(3) |
| 730 | @end smallexample |
| 731 | @noindent |
| 732 | results in @samp{%st(3)} being updated to @samp{%st - %st(3)} rather |
| 733 | than the expected @samp{%st(3) - %st}. This happens with all the |
| 734 | non-commutative arithmetic floating point operations with two register |
| 735 | operands where the source register is @samp{%st} and the destination |
| 736 | register is @samp{%st(i)}. |
| 737 | |
| 738 | @node i386-Arch |
| 739 | @section Specifying CPU Architecture |
| 740 | |
| 741 | @cindex arch directive, i386 |
| 742 | @cindex i386 arch directive |
| 743 | @cindex arch directive, x86-64 |
| 744 | @cindex x86-64 arch directive |
| 745 | |
| 746 | @code{@value{AS}} may be told to assemble for a particular CPU |
| 747 | (sub-)architecture with the @code{.arch @var{cpu_type}} directive. This |
| 748 | directive enables a warning when gas detects an instruction that is not |
| 749 | supported on the CPU specified. The choices for @var{cpu_type} are: |
| 750 | |
| 751 | @multitable @columnfractions .20 .20 .20 .20 |
| 752 | @item @samp{i8086} @tab @samp{i186} @tab @samp{i286} @tab @samp{i386} |
| 753 | @item @samp{i486} @tab @samp{i586} @tab @samp{i686} @tab @samp{pentium} |
| 754 | @item @samp{pentiumpro} @tab @samp{pentiumii} @tab @samp{pentiumiii} @tab @samp{pentium4} |
| 755 | @item @samp{prescott} @tab @samp{nocona} @tab @samp{core} @tab @samp{core2} |
| 756 | @item @samp{amdfam10} |
| 757 | @item @samp{k6} @tab @samp{athlon} @tab @samp{sledgehammer} @tab @samp{k8} |
| 758 | @item @samp{.mmx} @tab @samp{.sse} @tab @samp{.sse2} @tab @samp{.sse3} |
| 759 | @item @samp{.ssse3} @tab @samp{.sse4.1} @tab @samp{.sse4.2} @tab @samp{.sse4} |
| 760 | @item @samp{.sse4a} @tab @samp{.3dnow} @tab @samp{.3dnowa} @tab @samp{.padlock} |
| 761 | @item @samp{.pacifica} @tab @samp{.svme} @tab @samp{.abm} |
| 762 | @end multitable |
| 763 | |
| 764 | Apart from the warning, there are only two other effects on |
| 765 | @code{@value{AS}} operation; Firstly, if you specify a CPU other than |
| 766 | @samp{i486}, then shift by one instructions such as @samp{sarl $1, %eax} |
| 767 | will automatically use a two byte opcode sequence. The larger three |
| 768 | byte opcode sequence is used on the 486 (and when no architecture is |
| 769 | specified) because it executes faster on the 486. Note that you can |
| 770 | explicitly request the two byte opcode by writing @samp{sarl %eax}. |
| 771 | Secondly, if you specify @samp{i8086}, @samp{i186}, or @samp{i286}, |
| 772 | @emph{and} @samp{.code16} or @samp{.code16gcc} then byte offset |
| 773 | conditional jumps will be promoted when necessary to a two instruction |
| 774 | sequence consisting of a conditional jump of the opposite sense around |
| 775 | an unconditional jump to the target. |
| 776 | |
| 777 | Following the CPU architecture (but not a sub-architecture, which are those |
| 778 | starting with a dot), you may specify @samp{jumps} or @samp{nojumps} to |
| 779 | control automatic promotion of conditional jumps. @samp{jumps} is the |
| 780 | default, and enables jump promotion; All external jumps will be of the long |
| 781 | variety, and file-local jumps will be promoted as necessary. |
| 782 | (@pxref{i386-Jumps}) @samp{nojumps} leaves external conditional jumps as |
| 783 | byte offset jumps, and warns about file-local conditional jumps that |
| 784 | @code{@value{AS}} promotes. |
| 785 | Unconditional jumps are treated as for @samp{jumps}. |
| 786 | |
| 787 | For example |
| 788 | |
| 789 | @smallexample |
| 790 | .arch i8086,nojumps |
| 791 | @end smallexample |
| 792 | |
| 793 | @node i386-Notes |
| 794 | @section Notes |
| 795 | |
| 796 | @cindex i386 @code{mul}, @code{imul} instructions |
| 797 | @cindex @code{mul} instruction, i386 |
| 798 | @cindex @code{imul} instruction, i386 |
| 799 | @cindex @code{mul} instruction, x86-64 |
| 800 | @cindex @code{imul} instruction, x86-64 |
| 801 | There is some trickery concerning the @samp{mul} and @samp{imul} |
| 802 | instructions that deserves mention. The 16-, 32-, 64- and 128-bit expanding |
| 803 | multiplies (base opcode @samp{0xf6}; extension 4 for @samp{mul} and 5 |
| 804 | for @samp{imul}) can be output only in the one operand form. Thus, |
| 805 | @samp{imul %ebx, %eax} does @emph{not} select the expanding multiply; |
| 806 | the expanding multiply would clobber the @samp{%edx} register, and this |
| 807 | would confuse @code{@value{GCC}} output. Use @samp{imul %ebx} to get the |
| 808 | 64-bit product in @samp{%edx:%eax}. |
| 809 | |
| 810 | We have added a two operand form of @samp{imul} when the first operand |
| 811 | is an immediate mode expression and the second operand is a register. |
| 812 | This is just a shorthand, so that, multiplying @samp{%eax} by 69, for |
| 813 | example, can be done with @samp{imul $69, %eax} rather than @samp{imul |
| 814 | $69, %eax, %eax}. |
| 815 | |