80386 Instruction Set

Operand-Size and Address-Size Attributes The 80386 can address memory using either 16 or 32-bit addresses. Consequently, each instruction that uses memory addresses has associated with it an address-size attribute of either 16 or 32 bits. 16-bit addresses imply both the use of a 16-bit displacement in the instruction and the generation of a 16-bit address offset (segment relative address) as the result of the effective address calculation. 32-bit addresses imply the use of a 32-bit displacement and the generation of a 32-bit address offset. An instruction that accesses words (16 bits) or doublewords (32 bits) has an operand-size attribute of either 16 or 32 bits. 4/13/2019 SKNCOE

Data Movement Instructions These instructions provide convenient methods for moving bytes, words, or doublewords of data between memory and the registers of the base architecture. They fall into the following classes: General-purpose data movement instructions. Stack manipulation instructions. Type-conversion instructions. 4/13/2019 SKNCOE

General-Purpose Data Movement Instructions MOV (Move) transfers a byte, word, or doubleword from the source operand to the destination operand. The MOV instruction is useful for transferring data along any of these paths. To a Register from Memory To Memory from a Register Between General Registers Immediate Data to a Register Immediate Data to a Memory The MOV instruction cannot move from memory to memory or from segment register to segment register are not allowed. Memory-to-Memory moves can be performed, however, by the string move instruction MOVS. 4/13/2019 SKNCOE

General-Purpose Data Movement Instructions XCHG (Exchange) swaps the contents of two operands. XCHG is especially useful for implementing semaphores or similar data structures for process synchronization. The XCHG instruction can swap two byte operands, two word operands, or two doubleword operands. The operands for the XCHG instruction may be two register operands, or a register operand with a memory operand. 4/13/2019 SCOE/COMP/MA/MPW

Stack Manipulation Instructions - PUSH PUSH decrements the stack pointer (ESP), then transfers the source operand to the top of stack indicated by ESP. PUSH is often used to place parameters on the stack before calling a procedure. The PUSH instruction operates on memory operands, immediate operands, and register operands (including segment registers). 4/13/2019 SKNCOE

Stack Manipulation Instructions - PUSH PUSHAD (Push All Registers) saves the contents of the eight general registers on the stack. The processor pushes the general registers on the stack in the following order: EAX, ECX, EDX, EBX, the initial value of ESP before EAX was pushed, EBP, ESI, and EDI. 4/13/2019 SKNCOE

Stack Manipulation Instructions - POP POP (Pop) transfers the word or doubleword at the current top of stack (indicated by ESP) to the destination operand, and then increments ESP to point to the new top of stack. POP moves information from the stack to a general register, or to memory 4/13/2019 SKNCOE

Stack Manipulation Instructions - POPA POPAD (Pop All Registers) restores the registers saved on the stack by PUSHAD, except that it ignores the saved value of ESP. 4/13/2019 SKNCOE

Stack Manipulation Instructions - POPAD POPAD – instruction pops all eight 32-bit GP registers from the top of the stack. This is distinct from the POPA instruction, which pops 16-bit values. PUSHAD – instruction is the functional opposite of the POPAD inst. It causes all 32 bits of the eight GP registers to be pushed onto the stack. POPFD – instruction is equivalent to the POPF inst except that it pops all 32 bits of the EFLAGS register. PUSHFD – instruction pushes all 32 bits of the EFLAGS register onto the stack. 4/13/2019 SKNCOE

Type Conversion Instructions The type conversion instructions convert bytes into words, words into doublewords, and doublewords into 64-bit items (quad-words). These instructions are especially useful for converting signed integers, because they automatically fill the extra bits of the larger item with the value of the sign bit of the smaller item. This kind of conversion is called sign extension. 4/13/2019 SKNCOE

Type Conversion Instructions There are two classes of type conversion instructions: The forms CWD, CDQ, CBW, and CWDE which operate only on data in the EAX register. The forms MOVSX and MOVZX, which permit one operand to be in any general register while permitting the other operand to be in memory or in a register. 4/13/2019 SKNCOE

Type Conversion Instructions CWD (Convert Word to Doubleword) and CDQ (Convert Doubleword to Quad-Word) double the size of the source operand. CWD extends the sign of the word in register AX throughout register DX. CDQ extends the sign of the doubleword in EAX throughout EDX. CWD can be used to produce a doubleword dividend from a word before a word division, and CDQ can be used to produce a quad-word dividend from a doubleword before doubleword division. CBW (Convert Byte to Word) extends the sign of the byte in register AL throughout AX. 4/13/2019 SCOE/COMP/MA/MPW

Type Conversion Instructions CWDE (Convert Word to Doubleword Extended) extends the sign of the word in register AX throughout EAX. Example MOV AX, 1234h ;AX gets positive number CWDE MOVSX (Move with Sign Extension) sign-extends an 8-bit value to a 16-bit value and a 8- or 16-bit value to 32-bit value. MOVZX (Move with Zero Extension) extends an 8-bit value to a 16-bit value and an 8- or 16-bit value to 32-bit value by inserting high-order zeros. 4/13/2019 SCOE/COMP/MA/MPW

Addition and Subtraction Instructions ADD (Add Integers) replaces the destination operand with the sum of the source and destination operands. Sets CF if overflow. ADC (Add Integers with Carry) sums the operands, adds one if CF is set, and replaces the destination operand with the result. If CF is cleared, ADC performs the same operation as the ADD instruction. An ADD followed by multiple ADC instructions can be used to add numbers longer than 32 bits. INC (Increment) adds one to the destination operand. INC does not affect CF. Use ADD with an immediate value of 1 if an increment that updates carry (CF) is needed. 4/13/2019 SCOE/COMP/MA/MPW

Operand-Size and Address-Size Attributes SUB (Subtract Integers) subtracts the source operand from the destination operand and replaces the destination operand with the result. If a borrow is required, the CF is set. The operands may be signed or unsigned bytes, words, or doublewords. SBB (Subtract Integers with Borrow) subtracts the source operand from the destination operand, subtracts 1 if CF is set, and returns the result to the destination operand. DEC (Decrement) subtracts 1 from the destination operand. DEC does not update CF. Use SUB with an immediate value of 1 to perform a decrement that affects carry. 4/13/2019 SCOE/COMP/MA/MPW

Comparison and Sign Change Instruction CMP (Compare) subtracts the source operand from the destination operand. It updates OF, SF, ZF, AF, PF, and CF but does not alter the source and destination operands. A subsequent Jcc or SETcc instruction can test the appropriate flags. Example CMP AX, 4357h ; compare AX to constant JNE far_away ; jump if not equal NEG (Negate) subtracts a signed integer operand from zero. The effect of NEG is to reverse the sign of the operand from positive to negative or from negative to positive. 4/13/2019 SCOE/COMP/MA/MPW

Multiplication Instruction The 80386 has separate multiply instructions for unsigned and signed operands. MUL operates on unsigned numbers, while IMUL operates on signed integers as well as unsigned. Using IMUL it is possible to multiply any register by any other register or by a memory operand. Signed Multiplication Example MOV EBX, 12345678h MOV ESI, 87654321h IMUL EBX, ESI ;EBX = EBX*ESI 4/13/2019 SCOE/COMP/MA/MPW

Division Instruction DIV - The 80386 performs an unsigned division. The dividend is implicit; only the divisor is given as an operand. 4/13/2019 Size Dividend Divisor Quotient Remainder Byte AX r/m8 AL AH Word DX:AX r/m16 DX Dword EDX:EAX r/m32 EAX EDX SCOE/COMP/MA/MPW IDIV - The 80386 performs an signed division. The dividend is implicit; only the divisor is given as an operand.

Logical Instruction The group of logical instructions includes: The Boolean Operation Instructions Bit Test and Modify Instructions Bit Scan Instructions Rotate and Shift Instructions Byte Set on condition 4/13/2019 SCOE/COMP/MA/MPW

Bit Test and Modify Instruction This group of instructions operates on a single bit which can be in memory or in a general register. The location of the bit is specified as an offset from the low-order end of the operand. The value of the offset either may be given by an immediate byte in the instruction or may be contained in a general register. These instructions first assign the value of the selected bit to CF, the carry flag. Then a new value is assigned to the selected bit, as determined by the operation. OF, SF, ZF, AF, PF are left in an undefined state. 4/13/2019 SCOE/COMP/MA/MPW

Bit Manipulation Instruction 4/13/2019 SCOE/COMP/MA/MPW

Bit Test and Modify Instruction BT (Bit Test ) – reports the status of a bit in the operand by setting or clearing CF to match it. The operand under test may be either a register or a memory location. The second operand specifies which bit in the first operand to test. Example BT EAX, 5 ; test bit 5 of EAX JC foo : jump if bit 5 was set 4/13/2019 SCOE/COMP/MA/MPW

Bit Test and Modify Instruction BTC (Bit Test & Complement ) – It operates exactly like the BT, except that the bit being tested is inverted after the test is performed, and its condition is saved in CF. Example BTC EAX, 9 ; test & invert bit 9 JC foo : jump if bit used to be 1 4/13/2019 SCOE/COMP/MA/MPW

Bit Test and Modify Instruction BTR (Bit Test & Reset ) – the BTR instruction operates exactly like the BTC instruction, except that it always clears the bit being tested. Example BTR EAX , 0 ; test & clear bit 0 JC foo : jump if it was set 4/13/2019 SCOE/COMP/MA/MPW BTS (Bit Test & Set ) – The BTS instruction operates exactly like the BTC instruction, except that it always sets the bit being tested. Example BTR DWORD PTR DS:[840621], 3 ; test & set bit 3 JC foo : jump if it was set

Bit Test and Modify Instruction 4/13/2019 SCOE/COMP/MA/MPW

Bit Scan Instruction These instructions scan a word or doubleword for a one-bit and store the index of the first set bit into a register. The bit string being scanned may be either in a register or in memory. The ZF flag is set if the entire word is zero; ZF is cleared if a one-bit is found. If no set bit is found, the value of the destination register is undefined. BSF (Bit Scan Forward) scans from low-order to high-order (starting from bit index zero). BSR (Bit Scan Reverse) scans from high-order to low-order (starting from bit index 15 of a word or index 31 of a doubleword). 4/13/2019 SCOE/COMP/MA/MPW

Bit Scan Instruction BSF (Bit Scan Forward) finds first 1 bit in the source operand, starting from LSB to MSB. If the entire source operand has no 1 bits, that is, if it equals 0, ZF is set, and destination operand is undefined. Otherwise, ZF is cleared, and the destination operand gets the bit index of the first 1 bit Example MOV EAX, 03004000H ; LOAD CONSTANT INTO EAX BSF EBX, EAX ; EBX gets 14 JZ zero ; EAX= 0? 4/13/2019 SCOE/COMP/MA/MPW

Bit Scan Instruction BSR (Bit Scan Reverse)operates like BSF, except that it beings scanning from the MSB of the source operand and works to ward bit 0. Example MOV EAX, 00000F00H ; LOAD constant into EAX BSF EBX, EAX ; EBX gets 11 JZ zero ; EAX= 0? 4/13/2019 SCOE/COMP/MA/MPW

Bit Shift and Rotate Instructions 4/13/2019 SCOE/COMP/MA/MPW

Shift and Rotate Instruction 4/13/2019 SCOE/COMP/MA/MPW Shift Arithmetic Left / Shift Logical Left

Shift and Rotate Instruction 4/13/2019 SCOE/COMP/MA/MPW Shift Logical Right

Shift and Rotate Instruction 4/13/2019 SCOE/COMP/MA/MPW Shift Arithmetic Right

MOVE Instruction MOV MOVSX (Move with Sign Extend) instruction performs a MOV operation between two operands of dissimilar size. The source operand is sign-extended as it is copied into larger destination operand. Example MOV BL, 55h ; LOAD CONSTANT INTO EAX MOVSX ECX BL ; ECX = 00000055h 4/13/2019 SCOE/COMP/MA/MPW

MOVE Instruction MOV MOVZX (Move with Zero Extend) instruction operates just like a MOVSX instruction except that the source operand is zero-extended into the destination operand. If the source operand is positive this has the same effect as a MOVSX. Example MOV DH, 89h ; DH gets –ve number MOVZX EAX DH ; EAX = 00000089h 4/13/2019 SCOE/COMP/MA/MPW

Flag Operations LAHF: Load A register from Flags SAHF: Store A register in Flags PUSHF: Push flags onto stack POPF: Pop flags off stack PUSHFD :Push EFlags onto stack POPFD: Pop EFlags off stack CLC :Clear Carry Flag : set CF=0 CLD Clear Direction Flag: set DF=0 ,SI/DI incremented during string operation (MOVS,CMPS,SCANS) CMC Complement Carry Flag: If CF=0 then CF=1,If CF=1 then CF=0 STC Set Carry Flag: CF=1 STD Set Direction Flag : DF=0 4/13/2019 SCOE/COMP/MA/MPW

NOP : Performs no operation - causes the CPU to do nothing NO Operations NOP : Performs no operation - causes the CPU to do nothing - increment EIP to point to the next instruction. 4/13/2019 SCOE/COMP/MA/MPW

INTO : Interrupt if overflow IRET : Return from Interrupt/Task INTERRUPTS INT : Interrupt INTO : Interrupt if overflow IRET : Return from Interrupt/Task CLI: Clear interrupt Enable STI: Set Interrupt Enable 4/13/2019 SCOE/COMP/MA/MPW

High Level Language Instructions BOUND : Check Array Bounds(checks the value of index register against predefined range of indexes. e.g. Bound Index, Range ENTER :Setup Parameter Block for Entering Procedure(create a stack frame) e.g. Enter 4,0 ( op1:dynamic storage space in bytes,op2 :level of the new procedure being entered LEAVE : Leave Procedure 4/13/2019 SCOE/COMP/MA/MPW

Processor Control Instructions HLT : Halt Processing (stop fetching and executing instruction WAIT: Wait until BUSY# negated -causes processor to wait till an interrupt is recognized ESC : Escape to external processor LOCK: Lock Bus during next instruction :allows a microprocessor to make sure that another processor does not take a control of the system bus 4/13/2019 SCOE/COMP/MA/MPW

Privileged Instructions These instructions must be executed when CPL is 0; otherwise 80386 generates general protection exception 4/13/2019 Instruction Action HLT Halt the processor CLTS Clears task-switched flag LGDT, LIDT, LLDT Loads GDT, IDT, LDT registers LTR Loads task registers LMSW Loads machine status word MOV CR n, REG / MOV REG, CRn Moves to/from control reg. MOV DR n, REG / MOV REG, DRn Moves to/from debug reg. MOV TR n, REG / MOV REG, TRn Moves to/from test reg. SCOE/COMP/MA/MPW

Special Protection Mode Instruction SGDT Store Global Descriptor Table SIDT Store Interrupt Descriptor Table STR Store Task Register SLDT Store Local Descriptor Table LGDT Load Global Descriptor Table LIDT Load Interrupt Descriptor Table LDR Load Task Register LLDT Load Local Descriptor Table ARPL Adjust Requested Privilege Level LAR Load Access Rights LSL Load Segment Limit VERR/VERW Verify Segment for Reading or Writing LMSW Load Machine Status Word SMSW Store Machine Status Word 4/13/2019 SCOE/COMP/MA/MPW

Control Transfer Instruction The 80386 provides both conditional and unconditional control transfer instructions to direct the flow of execution. Conditional control transfers depend on the results of operations that affect the flag register. Unconditional control transfers are always executed. JMP (Jump) unconditionally transfers control to the target location. JMP is a one-way transfer of execution; it does not save a return address on the stack. 4/13/2019 SCOE/COMP/MA/MPW

Control Transfer Instruction CALL (Call Procedure) activates an out-of-line procedure, saving on the stack the address of the instruction following the CALL for later use by a RET (Return) instruction. CALL places the current value of EIP on the stack. The RET instruction in the called procedure uses this address to transfer control back to the calling program. 4/13/2019 SCOE/COMP/MA/MPW

Return & Return-From-Interrupt Instruction RET (Return From Procedure) terminates the execution of a procedure and transfers control through a back-link on the stack to the program that originally invoked the procedure. RET restores the value of EIP that was saved on the stack by the previous CALL instruction. IRET (Return From Interrupt) returns control to an interrupted procedure. IRET differs from RET in that it also pops the flags from the stack into the flags register. The flags are stored on the stack by the interrupt mechanism. 4/13/2019 SCOE/COMP/MA/MPW

Conditional Jump Instructions 4/13/2019 SCOE/COMP/MA/MPW

Conditional Jump Instructions 4/13/2019 SCOE/COMP/MA/MPW

Loop Instructions The loop instructions are conditional jumps that use a value placed in ECX to specify the number of repetitions of a software loop. All loop instructions automatically decrement ECX and terminate the loop when ECX=0. LOOP (Loop While ECX Not Zero) is a conditional transfer that automatically decrements the ECX register before testing ECX for the branch condition. If ECX is non-zero, the program branches to the target label specified in the instruction. The LOOP instruction causes the repetition of a code section until the operation of the LOOP instruction decrements ECX to a value of zero. 4/13/2019 SCOE/COMP/MA/MPW

Loop Instructions LOOPE (Loop While Equal) and LOOPZ (Loop While Zero) are synonyms for the same instruction. If ECX is non-zero and ZF=1, the program branches to the target label specified in the instruction. If LOOPE or LOOPZ finds that ECX=0 or ZF=0, control transfers to the instruction immediately following the LOOPE or LOOPZ instruction. LOOPNE (Loop While Not Equal) and LOOPNZ (Loop While Not Zero) are synonyms for the same instruction. If ECX is non-zero and ZF=0, the program branches to the target label specified in the instruction. 4/13/2019 SCOE/COMP/MA/MPW

Initialization & Transition to Protected Mode

Steps to Initialize Protected Mode Intel 386 DX begins executing in Real Mode immediately after RESET. The 80386 fetches its first instruction from physical address FFFFFFF0. it is customary to place an unconditional NEAR JMP instruction here. TO enter into protected mode, it is necessary to initialize the system tables and registers with the appropriate values. 4/13/2019 SCOE/COMP/MA/MPW

Steps to Initialize Protected Mode The GDT and IDT registers must refer to a valid GDT and IDT. The IDT should be at least 256 bytes long, and GDT must contain descriptors for the initial code, and data segments. The actual method of enabling Protected Mode is to load CR0 with the PE bit set, via the MOV CR0, R/M instruction. This puts the Intel386 DX in Protected Mode. After enabling Protected Mode, the next instruction should execute an intersegment JMP to load the CS register and flush the instruction decode queue. The final step is to load all of the data segment registers with the initial selector values. 4/13/2019 SCOE/COMP/MA/MPW

Steps to Initialize Protected Mode The steps accomplish the switch from real mode to protected mode. Prepare GDT with a null descriptor in the first GDT entry, one code segment descriptor, one stack segment descriptor and one data segment descriptor. Initialize the interrupt descriptor table so that it contains valid interrupt gates for at least the first 32 interrupt type numbers. The IDT may contain up to 256 8-byte interrupt gates defining all 256 interrupt types. Load the base address and limit of the GDT to GDTR register, using ‘LGDT’ instruction Set PE flag in CR0 register, using MOV CR0 Immediately, execute an intersegment jump to load the CS register and flush the instruction decode queue. 4/13/2019 SCOE/COMP/MA/MPW

Simple Protected System 4/13/2019 SCOE/COMP/MA/MPW

GDT Descriptor for Simple System 4/13/2019 SCOE/COMP/MA/MPW

Returning to Real Mode To return the processor to Real mode without turning off the power or resetting the system, you can simply clear PE in CR0 If paging is enabled, it should be disabled first. Reset PG in CR0. The next major step is to use segment descriptors that look as much like Real mode segments as possible. Load selector to descriptors with the attributes shown below. 4/13/2019 SCOE/COMP/MA/MPW Attribute Value Limit FFFF 64 K Granularity Byte granular Expansion Direction Expand up Writeable 1 Present Segment present

Returning to Real Mode A Set PG = 0 Set CR0 = 0 Initialize JMP to identity- mapped page 4/13/2019 Set PG = 0 Set CR0 = 0 SCOE/COMP/MA/MPW Initialize DS, ES, FS, GS, SS Initialize CS Set PE = 0 FAR JMP LIDT