Unit 2 - 2
Unit 2 - 2
Unit 2 - 2
Section 1.2
System Instructions
System Instructions
If the 32-bit operand size is specified, the entire 32-bit value is loaded into
the 32-bit destination register. If the 16-bit operand size is specified, the
lower 16-bits of this value are stored in the 16-bit destination register.
All code and data segment descriptors are valid for LAR.
Pointer parameter verification
The LSL instruction loads a register with an unscrambled segment limit, and
sets ZF to 1, provided that the source selector is visible at the CPL
weakened by RPL, and that the descriptor is a type accepted by LSL.
Otherwise, ZF is cleared to 0, and the destination register is unchanged.
The segment limit is loaded as a byte granular value.
If the descriptor has a page granular segment limit, LSL will translate it to a
byte limit before loading it in the destination register (shift left 12 the 20-
bit "raw" limit from descriptor, then OR with 00000FFFH).
The 32-bit forms of this instruction store the 32-bit byte granular limit in the
16-bit destination register.
Code and data segment descriptors are valid for LSL.
Pointer parameter verification
SLDT stores the Local Descriptor Table Register (LDTR) in the two-
byte register or memory location indicated by the effective address
operand. This register is
• Protected Mode Exceptions : #GP(0) if the result is in a nonwritable
segment; #GP(0) for an illegal memory operand effective address in
the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address in
the SS segment; #PF(fault-code) for a page fault a selector that
points into the Global Descriptor Table.
Addressing Descriptor tables
• LGDT/LIDT -- Load Global/Interrupt Descriptor Table
Register
Opcode Instruction Clocks Description
0F 01 /2 LGDT m16&32 11 Load m into GDTR
0F 01 /3 LIDT m16&32 11 Load m into IDTR
Operation
IF instruction = LIDT
THEN
IF OperandSize = 16
THEN IDTR.Limit:Base := m16:24 (* 24 bits of base loaded *)
ELSE IDTR.Limit:Base := m16:32
FI;
ELSE (* instruction = LGDT *)
IF OperandSize = 16
THEN GDTR.Limit:Base := m16:24 (* 24 bits of base loaded *)
ELSE GDTR.Limit:Base := m16:32;
FI;
FI;
Addressing Descriptor tables
• The LGDT and LIDT instructions load a linear base address and limit value
from a six-byte data operand in memory into the GDTR or IDTR, respectively.
If a 16-bit operand is used with LGDT or LIDT, the register is loaded with a
16-bit limit and a 24-bit base, and the high-order eight bits of the six-byte data
operand are not used.
• If a 32-bit operand is used, a 16-bit limit and a 32-bit base is loaded; the
high-order eight bits of the six-byte operand are used as high-order base
address bits.
• The SGDT and SIDT instructions always store into all 48 bits of the six-byte
data operand. With the 80286, the upper eight bits are undefined after SGDT
or SIDT is executed.
• With the 80386, the upper eight bits are written with the high-order eight
address bits, for both a 16-bit operand and a 32-bit operand. If LGDT or LIDT
is used with a 16-bit operand to load the register stored by SGDT or SIDT, the
upper eight bits are stored as zeros.
Addressing Descriptor tables
• SGDT/SIDT -- Store Global/Interrupt Descriptor Table
Register
Opcode Instruction Clocks Description
0F 01 /0 SGDT m 9 Store GDTR to
m 0F 01 /1 SIDT m 9 Store IDTR
to m
Operation
DEST := 48-bit BASE/LIMIT register contents;
SGDT/SIDT copies the contents of the descriptor table register the six
bytes of memory indicated by the operand. The LIMIT field of the
register is assigned to the first word at the effective address. If the
operand-size attribute is 32 bits, the next three bytes are assigned the
BASE field of the register, and the fourth byte is written with zero. The
last byte is undefined. Otherwise, if the operand-size attribute is 16 bits,
the next four bytes are assigned the 32-bit BASE field of the register.
Multitasking
Description
LTR loads the task register from the source register or memory
location specified by the operand. The loaded task state segment is
marked busy. A task switch does not occur.
Multitasking
Operation
r/m := task register;
Description
The contents of the task register are copied to the two-byte register or
memory location indicated by the effective address operand. STR is
used only in operating system software. It is not used in application
programs.
Coprocessing and Multiprocessing
• CLTS -- Clear Task-Switched Flag in CR0
Opcode Instruction Clocks Description
OF 06 CLTS 5 Clear task-switched flag
Operation
TS Flag in CR0 := 0;
CLTS clears the task-switched (TS) flag in register CR0. This flag is set by
the 80386 every time a task switch occurs. The TS flag is used to
manage processor extensions as follows: Every execution of an ESC
instruction is trapped if the TS flag is set.
Execution of a WAIT instruction is trapped if the MP flag and the TS flag
are both set.
Thus, if a task switch was made after an ESC instruction was begun, the
processor extension's context may need to be saved before a new ESC
instruction can be issued. The fault handler saves the context and resets
the TS flag.
Coprocessing and Multiprocessing
Description
WAIT suspends execution of 80386 instructions until the BUSY# pin
is inactive (high). The BUSY# pin is driven by the 80287 numeric
processor extension.
Flags Affected
None
Coprocessing and Multiprocessing
Description
The LOCK prefix causes the LOCK# signal of the 80386 to be asserted
during execution of the instruction that follows it. In a
multiprocessor environment, this signal can be used to ensure that
the 80386 has exclusive use of any shared memory while LOCK# is
asserted. The read-modify-write sequence typically used to
implement test-and-set on the 80386 is the BTS instruction.
Coprocessing and Multiprocessing
• The LOCK prefix functions only with the following instructions:
BT, BTS, BTR, BTC mem, reg/imm
XCHG reg, mem
XCHG mem, reg
ADD, OR, ADC, SBB, AND, SUB, XOR mem, reg/imm
NOT, NEG, INC, DEC mem
An undefined opcode trap will be generated if a LOCK prefix is used with any instruction not
listed above. XCHG always asserts LOCK# regardless of the presence or absence of the
LOCK prefix. The integrity of the LOCK is not affected by the alignment of the memory
field. Memory locking is observed for arbitrarily misaligned fields.
Locked access is not assured if another 80386 processor is executing an instruction concurrently
that has one of the following characteristics:
• Is not preceded by a LOCK prefix
• Is not one of the instructions in the preceding list
• Specifies a memory operand that does not exactly overlap the destination operand. Locking is
not guaranteed for partial overlap, even if one memory operand is wholly contained within
another.
Input and Output
• IN -- Input from Port
Opcode Instruction Clocks Description
E4 ib IN AL,imm8 12,pm=6*/26** Input byte from
immediate port into AL
E5 ib IN AX,imm8 12,pm=6*/26** Input word from immediate port
into AX
E5 ib IN EAX,imm8 12,pm=6*/26** Input dword from immediate port
into EAX
EC IN AL,DX 13,pm=7*/27** Input byte
from port DX into AL
ED IN AX,DX 13,pm=7*/27** Input word from port
DX into AX
ED IN EAX,DX 13,pm=7*/27** Input dword from port
DX into EAX
Notes
*If CPL <= IOPL
**If CPL > IOPL or if in virtual 8086 mode
Input and Output
Operation
IF (PE = 1) AND ((VM = 1) OR (CPL > IOPL))
THEN (* Virtual 8086 mode, or protected mode with CPL > IOPL *)
IF NOT I-O-Permission (SRC, width(SRC))
THEN #GP(0);
FI;
FI;
DEST := [SRC]; (* Reads from I/O address space *)
IN transfers a data byte or data word from the port numbered by the
second operand into the register (AL, AX, or EAX) specified by the first
operand. Access any port from 0 to 65535 by placing the port number in
the DX register and using an IN instruction with DX as the second
parameter. These I/O instructions can be shortened by using an 8-bit
port I/O in the instruction. The upper eight bits of the port address will
be 0 when 8-bit port I/O is used.
Input and Output
• OUT -- Output to Port
Opcode Instruction Clocks Description
E6 ib OUT imm8,AL 10,pm=4*/24** Output byte AL to immediate port
number
E7 ib OUT imm8,AX 10,pm=4*/24** Output word AL to immediate port
number
E7 ib OUT imm8,EAX 10,pm=4*/24** Output dword AL to immediate port
number
EE OUT DX,AL 11,pm=5*/25** Output byte AL to port
number in DX
EF OUT DX,AX 11,pm=5*/25** Output word AL to port
number in DX
EF OUT DX,EAX 11,pm=5*/25** Output dword AL to port
number in DX
Notes
*If CPL <= IOPL
**If CPL > IOPL or if in virtual 8086 mode
Input and Output
Operation
IF (PE = 1) AND ((VM = 1) OR (CPL > IOPL))
THEN (* Virtual 8086 mode, or protected mode with CPL > IOPL *)
IF NOT I-O-Permission (DEST, width(DEST))
THEN #GP(0);
FI;
FI;
[DEST] := SRC; (* I/O address space used *)
OUT transfers a data byte or data word from the register (AL, AX, or EAX)
given as the second operand to the output port numbered by the first
operand. Output to any port from 0 to 65535 is performed by placing the
port number in the DX register and then using an OUT instruction with DX
as the first operand. If the instruction contains an eight-bit port ID, that
value is zero-extended to 16 bits.
Input and Output
• INS/INSB/INSW/INSD -- Input from Port to String
Opcode Instruction Clocks Description
6C INS r/m8,DX 15,pm=9*/29** Input byte from port DX
into ES:(E)DI
6D INS r/m16,DX 15,pm=9*/29** Input word from port DX
into ES:(E)DI
6D INS r/m32,DX 15,pm=9*/29** Input dword from port DX
into ES:(E)DI
6C INSB 15,pm=9*/29** Input byte from port DX
into ES:(E)DI
6D INSW 15,pm=9*/29** Input word from port DX
into ES:(E)DI
6D INSD 15,pm=9*/29** Input dword from port DX
into ES:(E)DI
Notes
*If CPL <= IOPL
**If CPL > IOPL or if in virtual 8086 mode
Input and Output
IF AddressSize = 16
THEN use DI for dest-index; IF OperandSize = 16
ELSE (* AddressSize = 32 *) THEN
use EDI for dest-index; ES:[dest-index] := [DX]; (* Reads
FI; word at DX from I/O address space *)
IF (PE = 1) AND ((VM = 1) OR (CPL > IOPL)) IF DF = 0 THEN IncDec := 2 ELSE
THEN (* Virtual 8086 mode, or protected mode IncDec := -2;
with CPL > IOPL *) FI;
IF NOT I-O-Permission (SRC, FI;
width(SRC)) IF OperandSize = 32
THEN #GP(0); THEN
FI; ES:[dest-index] := [DX]; (* Reads
FI; dword at DX from I/O address space *)
IF byte type of instruction IF DF = 0 THEN IncDec := 4 ELSE
THEN IncDec := -4;
ES:[dest-index] := [DX]; (* Reads FI;
byte at DX from I/O address space *) FI;
IF DF = 0 THEN IncDec := 1 ELSE dest-index := dest-index + IncDec;
IncDec := -1;
FI;
FI;
Input and Output
• INS transfers data from the input port numbered by the DX register to
the memory byte or word at ES:dest-index. The memory operand must
be addressable from ES; no segment override is possible. The
destination register is DI if the address-size attribute of the instruction
is 16 bits, or EDI if the address-size attribute is 32 bits. INS does not
allow the specification of the port number as an immediate value. The
port must be addressed through the DX register value. Load the correct
value into DX before executing the INS instruction.
• The destination address is determined by the contents of the
destination index register. Load the correct index into the destination
index register before executing INS.
• After the transfer is made, DI or EDI advances automatically. If the
direction flag is 0 (CLD was executed), DI or EDI increments; if the
direction flag is 1 (STD was executed), DI or EDI decrements. DI
increments or decrements by 1 if a byte is input, by 2 if a word is input,
or by 4 if a doubleword is input.
• INSB, INSW and INSD are synonyms of the byte, word, and
doubleword INS instructions. INS can be preceded by the REP prefix
for block input of CX bytes or words. Refer to the REP instruction for
details of this operation.
Input and Output
• OUTS/OUTSB/OUTSW/OUTSD -- Output String to Port
Opcode Instruction Clocks Description
6E OUTS DX,r/m8 14,pm=8*/28** Output byte [(E)SI] to
port in DX
6F OUTS DX,r/m16 14,pm=8*/28** Output word [(E)SI] to port in DX
6F OUTS DX,r/m32 14,pm=8*/28** Output dword [(E)SI] to port in DX
6E OUTSB 14,pm=8*/28** Output byte DS:[(E)SI] to
port in DX
6F OUTSW 14,pm=8*/28** Output word DS:[(E)SI] to port in
DX
6F OUTSD 14,pm=8*/28** Output dword DS:[(E)SI] to port in
DX
Notes
*If CPL <= IOPL
**If CPL > IOPL or if in virtual 8086 mode
Input and Output
• Operation
IF AddressSize = 16
THEN use SI for source-index;
ELSE (* AddressSize = 32 *)
use ESI for source-index; IF OperandSize = 16
FI; THEN
IF (PE = 1) AND ((VM = 1) OR (CPL > [DX] := [source-index]; (* Write word at
IOPL)) DX I/O address *)
THEN (* Virtual 8086 mode, or protected IF DF = 0 THEN IncDec := 2 ELSE
mode with CPL > IOPL *) IncDec := -2; FI;
IF NOT I-O-Permission (DEST, FI;
width(DEST)) IF OperandSize = 32
THEN #GP(0); THEN
FI; [DX] := [source-index]; (* Write dword
FI; at DX I/O address *)
IF byte type of instruction IF DF = 0 THEN IncDec := 4 ELSE
THEN IncDec := -4;FI;
[DX] := [source-index]; (* Write byte at FI;
DX I/O address *) FI;
IF DF = 0 THEN IncDec := 1 ELSE source-index := source-index + IncDec;
IncDec := -1; FI;
FI;
Input and Output
• OUTS transfers data from the memory byte, word, or doubleword at the source-
index register to the output port addressed by the DX register. If the address-size
attribute for this instruction is 16 bits, SI is used for the source-index register;
otherwise, the address-size attribute is 32 bits, and ESI is used for the source-index
register. OUTS does not allow specification of the port number as an immediate
value. The port must be addressed through the DX register value. Load the correct
value into DX before executing the OUTS instruction.
• The address of the source data is determined by the contents of source-index
register. Load the correct index value into SI or ESI before executing the OUTS
instruction.
• After the transfer, source-index register is advanced automatically. If the direction
flag is 0 (CLD was executed), the source-index register is incremented; if the
direction flag is 1 (STD was executed), it is decremented. The amount of the
increment or decrement is 1 if a byte is output, 2 if a word is output, or 4 if a
doubleword is output.
• OUTSB, OUTSW, and OUTSD are synonyms for the byte, word, and doubleword
OUTS instructions. OUTS can be preceded by the REP prefix for block output of
CX bytes or words. Refer to the REP instruction for details on this operation.
Interrupt control
Description
CLI clears the interrupt flag if the current privilege level is at least as
privileged as IOPL. No other flags are affected. External interrupts
are not recognized at the end of the CLI instruction or from that
point on until the interrupt flag is set.
Flags Affected
IF := 0
Interrupt control
• STI -- Set Interrupt Flag
Opcode Instruction Clocks Description
F13 STI 3 Set interrupt flag; interrupts enabled at
the end of the next instruction
Operation
IF := 1
Description
STI sets the interrupt flag to 1.
The 80386 then responds to external interrupts after executing the next
instruction if the next instruction allows the interrupt flag to remain
enabled. If external interrupts are disabled and you code STI, RET (such as
at the end of a subroutine), the RET is allowed to execute before external
interrupts are recognized. Also, if external interrupts are disabled and you
code STI, CLI, then external interrupts are not recognized because the CLI
instruction clears the interrupt flag during its execution.
Interrupt control
• LGDT/LIDT -- Load Global/Interrupt Descriptor Table
Register
Opcode Instruction Clocks Description
0F 01 /2 LGDT m16&32 11 Load m into GDTR
0F 01 /3 LIDT m16&32 11 Load m into IDTR
Operation
IF instruction = LIDT
THEN
IF OperandSize = 16
THEN IDTR.Limit:Base := m16:24 (* 24 bits of base loaded *)
ELSE IDTR.Limit:Base := m16:32
FI;
ELSE (* instruction = LGDT *)
IF OperandSize = 16
THEN GDTR.Limit:Base := m16:24 (* 24 bits of base loaded *)
ELSE GDTR.Limit:Base := m16:32;
FI;
FI;
Interrupt control
• The LGDT and LIDT instructions load a linear base address and limit value
from a six-byte data operand in memory into the GDTR or IDTR, respectively.
If a 16-bit operand is used with LGDT or LIDT, the register is loaded with a
16-bit limit and a 24-bit base, and the high-order eight bits of the six-byte data
operand are not used.
• If a 32-bit operand is used, a 16-bit limit and a 32-bit base is loaded; the
high-order eight bits of the six-byte operand are used as high-order base
address bits.
• The SGDT and SIDT instructions always store into all 48 bits of the six-byte
data operand. With the 80286, the upper eight bits are undefined after SGDT
or SIDT is executed.
• With the 80386, the upper eight bits are written with the high-order eight
address bits, for both a 16-bit operand and a 32-bit operand. If LGDT or LIDT
is used with a 16-bit operand to load the register stored by SGDT or SIDT, the
upper eight bits are stored as zeros.
Interrupt control
• SGDT/SIDT -- Store Global/Interrupt Descriptor Table
Register
Opcode Instruction Clocks Description
0F 01 /0 SGDT m 9 Store GDTR to
m 0F 01 /1 SIDT m 9 Store IDTR
to m
Operation
DEST := 48-bit BASE/LIMIT register contents;
SGDT/SIDT copies the contents of the descriptor table register the six
bytes of memory indicated by the operand. The LIMIT field of the
register is assigned to the first word at the effective address. If the
operand-size attribute is 32 bits, the next three bytes are assigned the
BASE field of the register, and the fourth byte is written with zero. The
last byte is undefined. Otherwise, if the operand-size attribute is 16 bits,
the next four bytes are assigned the 32-bit BASE field of the register.
System Control
Description
SMSW stores the machine status word (part of CR0) in the two-byte
register or memory location indicated by the effective address
operand.
Flags Affected
None
System Control
• LMSW -- Load Machine Status Word
Opcode Instruction Clocks Description
0F 01 /6 LMSW r/m16 10/13 Load r/m16 in machine status
word
Operation
MSW := r/m16; (* 16 bits is stored in the machine status word *)
Description
LMSW loads the machine status word (part of CR0) from the source
operand. This instruction can be used to switch to Protected Mode; if
so, it must be followed by an intrasegment jump to flush the instruction
queue. LMSW will not switch back to Real Address Mode. LMSW is
used only in operating system software. It is not used in application
programs.
Flags Affected
None
System Control
• HLT -- Halt
Opcode Instruction Clocks Description
F4 HLT 5 Halt
Operation
Enter Halt state;
Description
HALT stops instruction execution and places the 80386 in a HALT
state. An enabled interrupt, NMI, or a reset will resume execution. If
an interrupt (including NMI) is used to resume execution after HLT,
the saved CS:IP (or CS:EIP) value points to the instruction following
HLT.
Flags Affected
None
System Control
• MOV -- Move to/from Special Registers
Opcode Instruction Clocks Description
0F 20 /r MOV r32,CR0/CR2/CR3 6 Move (control register) to (register)
0F 22 /r MOV CR0/CR2/CR3,r32 10/4/5 Move (register) to (control register)
0F 21 /r MOV r32,DR0 – 3 22 Move (debug register) to (register)
0F 21 /r MOV r32,DR6/DR7 14 Move (debug register) to (register)
0F 23 /r MOV DR0 -- 3,r32 22 Move (register) to (debug register)
0F 23 /r MOV DR6/DR7,r32 16 Move (register) to (debug register)
0F 24 /r MOV r32,TR6/TR7 12 Move (test register) to (register)
0F 26 /r MOV TR6/TR7,r32 12 Move (register) to (test register)
Operation
• DEST := SRC;
System Control
• The above forms of MOV store or load the following special registers in or from a
general purpose register:
Control registers CR0, CR2, and CR3
Debug Registers DR0, DR1, DR2, DR3, DR6, and DR7
Test Registers TR6 and TR7
32-bit operands are always used with these instructions, regardless of the operand-size
attribute.
Flags Affected
OF, SF, ZF, AF, PF, and CF are undefined