Subversion Repositories open8_urisc

@c Copyright 1991, 1992, 1993, 1994, 1995, 1997, 1998, 1999, 2000,

@c 2001, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2011

@c Free Software Foundation, Inc.

@c This is part of the GAS manual.

@c For copying conditions, see the file as.texinfo.

@c man end

@ifset GENERIC

@page

@node i386-Dependent

@chapter 80386 Dependent Features

@end ifset

@ifclear GENERIC

@node Machine Dependencies

@chapter 80386 Dependent Features

@end ifclear

@cindex i386 support

@cindex i80386 support

@cindex x86-64 support

The i386 version @code{@value{AS}} supports both the original Intel 386

architecture in both 16 and 32-bit mode as well as AMD x86-64 architecture

extending the Intel architecture to 64-bits.

@menu

* i386-Options::                Options

* i386-Directives::             X86 specific directives

* i386-Syntax::                 Syntactical considerations

* i386-Mnemonics::              Instruction Naming

* i386-Regs::                   Register Naming

* i386-Prefixes::               Instruction Prefixes

* i386-Memory::                 Memory References

* i386-Jumps::                  Handling of Jump Instructions

* i386-Float::                  Floating Point

* i386-SIMD::                   Intel's MMX and AMD's 3DNow! SIMD Operations

* i386-LWP::                    AMD's Lightweight Profiling Instructions

* i386-BMI::                    Bit Manipulation Instruction

* i386-TBM::                    AMD's Trailing Bit Manipulation Instructions

* i386-16bit::                  Writing 16-bit Code

* i386-Arch::                   Specifying an x86 CPU architecture

* i386-Bugs::                   AT&T Syntax bugs

* i386-Notes::                  Notes

@end menu

@node i386-Options

@section Options

@cindex options for i386

@cindex options for x86-64

@cindex i386 options

@cindex x86-64 options

The i386 version of @code{@value{AS}} has a few machine

dependent options:

@c man begin OPTIONS

@table @gcctabopt

@cindex @samp{--32} option, i386

@cindex @samp{--32} option, x86-64

@cindex @samp{--x32} option, i386

@cindex @samp{--x32} option, x86-64

@cindex @samp{--64} option, i386

@cindex @samp{--64} option, x86-64

@item --32 | --x32 | --64

Select the word size, either 32 bits or 64 bits.  @samp{--32}

implies Intel i386 architecture, while @samp{--x32} and @samp{--64}

imply AMD x86-64 architecture with 32-bit or 64-bit word-size

respectively.

These options are only available with the ELF object file format, and

require that the necessary BFD support has been included (on a 32-bit

platform you have to add --enable-64-bit-bfd to configure enable 64-bit

usage and use x86-64 as target platform).

@item -n

By default, x86 GAS replaces multiple nop instructions used for

alignment within code sections with multi-byte nop instructions such

as leal 0(%esi,1),%esi.  This switch disables the optimization.

@cindex @samp{--divide} option, i386

@item --divide

On SVR4-derived platforms, the character @samp{/} is treated as a comment

character, which means that it cannot be used in expressions.  The

@samp{--divide} option turns @samp{/} into a normal character.  This does

not disable @samp{/} at the beginning of a line starting a comment, or

affect using @samp{#} for starting a comment.

@cindex @samp{-march=} option, i386

@cindex @samp{-march=} option, x86-64

@item -march=@var{CPU}[+@var{EXTENSION}@dots{}]

This option specifies the target processor.  The assembler will

issue an error message if an attempt is made to assemble an instruction

which will not execute on the target processor.  The following

processor names are recognized:

@code{i8086},

@code{i186},

@code{i286},

@code{i386},

@code{i486},

@code{i586},

@code{i686},

@code{pentium},

@code{pentiumpro},

@code{pentiumii},

@code{pentiumiii},

@code{pentium4},

@code{prescott},

@code{nocona},

@code{core},

@code{core2},

@code{corei7},

@code{l1om},

@code{k6},

@code{k6_2},

@code{athlon},

@code{opteron},

@code{k8},

@code{amdfam10},

@code{bdver1},

@code{bdver2},

@code{generic32} and

@code{generic64}.

In addition to the basic instruction set, the assembler can be told to

accept various extension mnemonics.  For example,

@code{-march=i686+sse4+vmx} extends @var{i686} with @var{sse4} and

@var{vmx}.  The following extensions are currently supported:

@code{8087},

@code{287},

@code{387},

@code{no87},

@code{mmx},

@code{nommx},

@code{sse},

@code{sse2},

@code{sse3},

@code{ssse3},

@code{sse4.1},

@code{sse4.2},

@code{sse4},

@code{nosse},

@code{avx},

@code{noavx},

@code{vmx},

@code{smx},

@code{xsave},

@code{xsaveopt},

@code{aes},

@code{pclmul},

@code{fsgsbase},

@code{rdrnd},

@code{f16c},

@code{fma},

@code{movbe},

@code{ept},

@code{clflush},

@code{lwp},

@code{fma4},

@code{xop},

@code{syscall},

@code{rdtscp},

@code{3dnow},

@code{3dnowa},

@code{sse4a},

@code{sse5},

@code{svme},

@code{abm} and

@code{padlock}.

Note that rather than extending a basic instruction set, the extension

mnemonics starting with @code{no} revoke the respective functionality.

When the @code{.arch} directive is used with @option{-march}, the

@code{.arch} directive will take precedent.

@cindex @samp{-mtune=} option, i386

@cindex @samp{-mtune=} option, x86-64

@item -mtune=@var{CPU}

This option specifies a processor to optimize for. When used in

conjunction with the @option{-march} option, only instructions

of the processor specified by the @option{-march} option will be

generated.

Valid @var{CPU} values are identical to the processor list of

@option{-march=@var{CPU}}.

@cindex @samp{-msse2avx} option, i386

@cindex @samp{-msse2avx} option, x86-64

@item -msse2avx

This option specifies that the assembler should encode SSE instructions

with VEX prefix.

@cindex @samp{-msse-check=} option, i386

@cindex @samp{-msse-check=} option, x86-64

@item -msse-check=@var{none}

@itemx -msse-check=@var{warning}

@itemx -msse-check=@var{error}

These options control if the assembler should check SSE intructions.

@option{-msse-check=@var{none}} will make the assembler not to check SSE

instructions,  which is the default.  @option{-msse-check=@var{warning}}

will make the assembler issue a warning for any SSE intruction.

@option{-msse-check=@var{error}} will make the assembler issue an error

for any SSE intruction.

@cindex @samp{-mavxscalar=} option, i386

@cindex @samp{-mavxscalar=} option, x86-64

@item -mavxscalar=@var{128}

@itemx -mavxscalar=@var{256}

This options control how the assembler should encode scalar AVX

instructions.  @option{-mavxscalar=@var{128}} will encode scalar

AVX instructions with 128bit vector length, which is the default.

@option{-mavxscalar=@var{256}} will encode scalar AVX instructions

with 256bit vector length.

@cindex @samp{-mmnemonic=} option, i386

@cindex @samp{-mmnemonic=} option, x86-64

@item -mmnemonic=@var{att}

@itemx -mmnemonic=@var{intel}

This option specifies instruction mnemonic for matching instructions.

The @code{.att_mnemonic} and @code{.intel_mnemonic} directives will

take precedent.

@cindex @samp{-msyntax=} option, i386

@cindex @samp{-msyntax=} option, x86-64

@item -msyntax=@var{att}

@itemx -msyntax=@var{intel}

This option specifies instruction syntax when processing instructions.

The @code{.att_syntax} and @code{.intel_syntax} directives will

take precedent.

@cindex @samp{-mnaked-reg} option, i386

@cindex @samp{-mnaked-reg} option, x86-64

@item -mnaked-reg

This opetion specifies that registers don't require a @samp{%} prefix.

The @code{.att_syntax} and @code{.intel_syntax} directives will take precedent.

@end table

@c man end

@node i386-Directives

@section x86 specific Directives

@cindex machine directives, x86

@cindex x86 machine directives

@table @code

@cindex @code{lcomm} directive, COFF

@item .lcomm @var{symbol} , @var{length}[, @var{alignment}]

Reserve @var{length} (an absolute expression) bytes for a local common

denoted by @var{symbol}.  The section and value of @var{symbol} are

those of the new local common.  The addresses are allocated in the bss

section, so that at run-time the bytes start off zeroed.  Since

@var{symbol} is not declared global, it is normally not visible to

@code{@value{LD}}.  The optional third parameter, @var{alignment},

specifies the desired alignment of the symbol in the bss section.

This directive is only available for COFF based x86 targets.

@c FIXME: Document other x86 specific directives ?  Eg: .code16gcc,

@c .largecomm

@end table

@node i386-Syntax

@section i386 Syntactical Considerations

@menu

* i386-Variations::           AT&T Syntax versus Intel Syntax

* i386-Chars::                Special Characters

@end menu

@node i386-Variations

@subsection AT&T Syntax versus Intel Syntax

@cindex i386 intel_syntax pseudo op

@cindex intel_syntax pseudo op, i386

@cindex i386 att_syntax pseudo op

@cindex att_syntax pseudo op, i386

@cindex i386 syntax compatibility

@cindex syntax compatibility, i386

@cindex x86-64 intel_syntax pseudo op

@cindex intel_syntax pseudo op, x86-64

@cindex x86-64 att_syntax pseudo op

@cindex att_syntax pseudo op, x86-64

@cindex x86-64 syntax compatibility

@cindex syntax compatibility, x86-64

@code{@value{AS}} now supports assembly using Intel assembler syntax.

@code{.intel_syntax} selects Intel mode, and @code{.att_syntax} switches

back to the usual AT&T mode for compatibility with the output of

@code{@value{GCC}}.  Either of these directives may have an optional

argument, @code{prefix}, or @code{noprefix} specifying whether registers

require a @samp{%} prefix.  AT&T System V/386 assembler syntax is quite

different from Intel syntax.  We mention these differences because

almost all 80386 documents use Intel syntax.  Notable differences

between the two syntaxes are:

@cindex immediate operands, i386

@cindex i386 immediate operands

@cindex register operands, i386

@cindex i386 register operands

@cindex jump/call operands, i386

@cindex i386 jump/call operands

@cindex operand delimiters, i386

@cindex immediate operands, x86-64

@cindex x86-64 immediate operands

@cindex register operands, x86-64

@cindex x86-64 register operands

@cindex jump/call operands, x86-64

@cindex x86-64 jump/call operands

@cindex operand delimiters, x86-64

@itemize @bullet

@item

AT&T immediate operands are preceded by @samp{$}; Intel immediate

operands are undelimited (Intel @samp{push 4} is AT&T @samp{pushl $4}).

AT&T register operands are preceded by @samp{%}; Intel register operands

are undelimited.  AT&T absolute (as opposed to PC relative) jump/call

operands are prefixed by @samp{*}; they are undelimited in Intel syntax.

@cindex i386 source, destination operands

@cindex source, destination operands; i386

@cindex x86-64 source, destination operands

@cindex source, destination operands; x86-64

@item

AT&T and Intel syntax use the opposite order for source and destination

operands.  Intel @samp{add eax, 4} is @samp{addl $4, %eax}.  The

@samp{source, dest} convention is maintained for compatibility with

previous Unix assemblers.  Note that @samp{bound}, @samp{invlpga}, and

instructions with 2 immediate operands, such as the @samp{enter}

instruction, do @emph{not} have reversed order.  @ref{i386-Bugs}.

@cindex mnemonic suffixes, i386

@cindex sizes operands, i386

@cindex i386 size suffixes

@cindex mnemonic suffixes, x86-64

@cindex sizes operands, x86-64

@cindex x86-64 size suffixes

@item

In AT&T syntax the size of memory operands is determined from the last

character of the instruction mnemonic.  Mnemonic suffixes of @samp{b},

@samp{w}, @samp{l} and @samp{q} specify byte (8-bit), word (16-bit), long

(32-bit) and quadruple word (64-bit) memory references.  Intel syntax accomplishes

this by prefixing memory operands (@emph{not} the instruction mnemonics) with

@samp{byte ptr}, @samp{word ptr}, @samp{dword ptr} and @samp{qword ptr}.  Thus,

Intel @samp{mov al, byte ptr @var{foo}} is @samp{movb @var{foo}, %al} in AT&T

syntax.

In 64-bit code, @samp{movabs} can be used to encode the @samp{mov}

instruction with the 64-bit displacement or immediate operand.

@cindex return instructions, i386

@cindex i386 jump, call, return

@cindex return instructions, x86-64

@cindex x86-64 jump, call, return

@item

Immediate form long jumps and calls are

@samp{lcall/ljmp $@var{section}, $@var{offset}} in AT&T syntax; the

Intel syntax is

@samp{call/jmp far @var{section}:@var{offset}}.  Also, the far return

instruction

is @samp{lret $@var{stack-adjust}} in AT&T syntax; Intel syntax is

@samp{ret far @var{stack-adjust}}.

@cindex sections, i386

@cindex i386 sections

@cindex sections, x86-64

@cindex x86-64 sections

@item

The AT&T assembler does not provide support for multiple section

programs.  Unix style systems expect all programs to be single sections.

@end itemize

@node i386-Chars

@subsection Special Characters

@cindex line comment character, i386

@cindex i386 line comment character

The presence of a @samp{#} appearing anywhere on a line indicates the

start of a comment that extends to the end of that line.

If a @samp{#} appears as the first character of a line then the whole

line is treated as a comment, but in this case the line can also be a

logical line number directive (@pxref{Comments}) or a preprocessor

control command (@pxref{Preprocessing}).

If the @option{--divide} command line option has not been specified

then the @samp{/} character appearing anywhere on a line also

introduces a line comment.

@cindex line separator, i386

@cindex statement separator, i386

@cindex i386 line separator

The @samp{;} character can be used to separate statements on the same

line.

@node i386-Mnemonics

@section Instruction Naming

@cindex i386 instruction naming

@cindex instruction naming, i386

@cindex x86-64 instruction naming

@cindex instruction naming, x86-64

Instruction mnemonics are suffixed with one character modifiers which

specify the size of operands.  The letters @samp{b}, @samp{w}, @samp{l}

and @samp{q} specify byte, word, long and quadruple word operands.  If

no suffix is specified by an instruction then @code{@value{AS}} tries to

fill in the missing suffix based on the destination register operand

(the last one by convention).  Thus, @samp{mov %ax, %bx} is equivalent

to @samp{movw %ax, %bx}; also, @samp{mov $1, %bx} is equivalent to

@samp{movw $1, bx}.  Note that this is incompatible with the AT&T Unix

assembler which assumes that a missing mnemonic suffix implies long

operand size.  (This incompatibility does not affect compiler output

since compilers always explicitly specify the mnemonic suffix.)

Almost all instructions have the same names in AT&T and Intel format.

There are a few exceptions.  The sign extend and zero extend

instructions need two sizes to specify them.  They need a size to

sign/zero extend @emph{from} and a size to zero extend @emph{to}.  This

is accomplished by using two instruction mnemonic suffixes in AT&T

syntax.  Base names for sign extend and zero extend are

@samp{movs@dots{}} and @samp{movz@dots{}} in AT&T syntax (@samp{movsx}

and @samp{movzx} in Intel syntax).  The instruction mnemonic suffixes

are tacked on to this base name, the @emph{from} suffix before the

@emph{to} suffix.  Thus, @samp{movsbl %al, %edx} is AT&T syntax for

``move sign extend @emph{from} %al @emph{to} %edx.''  Possible suffixes,

thus, are @samp{bl} (from byte to long), @samp{bw} (from byte to word),

@samp{wl} (from word to long), @samp{bq} (from byte to quadruple word),

@samp{wq} (from word to quadruple word), and @samp{lq} (from long to

quadruple word).

@cindex encoding options, i386

@cindex encoding options, x86-64

Different encoding options can be specified via optional mnemonic

suffix.  @samp{.s} suffix swaps 2 register operands in encoding when

moving from one register to another.  @samp{.d32} suffix forces 32bit

displacement in encoding.

@cindex conversion instructions, i386

@cindex i386 conversion instructions

@cindex conversion instructions, x86-64

@cindex x86-64 conversion instructions

The Intel-syntax conversion instructions

@itemize @bullet

@item

@samp{cbw} --- sign-extend byte in @samp{%al} to word in @samp{%ax},

@item

@samp{cwde} --- sign-extend word in @samp{%ax} to long in @samp{%eax},

@item

@samp{cwd} --- sign-extend word in @samp{%ax} to long in @samp{%dx:%ax},

@item

@samp{cdq} --- sign-extend dword in @samp{%eax} to quad in @samp{%edx:%eax},

@item

@samp{cdqe} --- sign-extend dword in @samp{%eax} to quad in @samp{%rax}

(x86-64 only),

@item

@samp{cqo} --- sign-extend quad in @samp{%rax} to octuple in

@samp{%rdx:%rax} (x86-64 only),

@end itemize

@noindent

are called @samp{cbtw}, @samp{cwtl}, @samp{cwtd}, @samp{cltd}, @samp{cltq}, and

@samp{cqto} in AT&T naming.  @code{@value{AS}} accepts either naming for these

instructions.

@cindex jump instructions, i386

@cindex call instructions, i386

@cindex jump instructions, x86-64

@cindex call instructions, x86-64

Far call/jump instructions are @samp{lcall} and @samp{ljmp} in

AT&T syntax, but are @samp{call far} and @samp{jump far} in Intel

convention.

@section AT&T Mnemonic versus Intel Mnemonic

@cindex i386 mnemonic compatibility

@cindex mnemonic compatibility, i386

@code{@value{AS}} supports assembly using Intel mnemonic.

@code{.intel_mnemonic} selects Intel mnemonic with Intel syntax, and

@code{.att_mnemonic} switches back to the usual AT&T mnemonic with AT&T

syntax for compatibility with the output of @code{@value{GCC}}.

Several x87 instructions, @samp{fadd}, @samp{fdiv}, @samp{fdivp},

@samp{fdivr}, @samp{fdivrp}, @samp{fmul}, @samp{fsub}, @samp{fsubp},

@samp{fsubr} and @samp{fsubrp},  are implemented in AT&T System V/386

assembler with different mnemonics from those in Intel IA32 specification.

@code{@value{GCC}} generates those instructions with AT&T mnemonic.

@node i386-Regs

@section Register Naming

@cindex i386 registers

@cindex registers, i386

@cindex x86-64 registers

@cindex registers, x86-64

Register operands are always prefixed with @samp{%}.  The 80386 registers

consist of

@itemize @bullet

@item

the 8 32-bit registers @samp{%eax} (the accumulator), @samp{%ebx},

@samp{%ecx}, @samp{%edx}, @samp{%edi}, @samp{%esi}, @samp{%ebp} (the

frame pointer), and @samp{%esp} (the stack pointer).

@item

the 8 16-bit low-ends of these: @samp{%ax}, @samp{%bx}, @samp{%cx},

@samp{%dx}, @samp{%di}, @samp{%si}, @samp{%bp}, and @samp{%sp}.

@item

the 8 8-bit registers: @samp{%ah}, @samp{%al}, @samp{%bh},

@samp{%bl}, @samp{%ch}, @samp{%cl}, @samp{%dh}, and @samp{%dl} (These

are the high-bytes and low-bytes of @samp{%ax}, @samp{%bx},

@samp{%cx}, and @samp{%dx})

@item

the 6 section registers @samp{%cs} (code section), @samp{%ds}

(data section), @samp{%ss} (stack section), @samp{%es}, @samp{%fs},

and @samp{%gs}.

@item

the 3 processor control registers @samp{%cr0}, @samp{%cr2}, and

@samp{%cr3}.

@item

the 6 debug registers @samp{%db0}, @samp{%db1}, @samp{%db2},

@samp{%db3}, @samp{%db6}, and @samp{%db7}.

@item

the 2 test registers @samp{%tr6} and @samp{%tr7}.

@item

the 8 floating point register stack @samp{%st} or equivalently

@samp{%st(0)}, @samp{%st(1)}, @samp{%st(2)}, @samp{%st(3)},

@samp{%st(4)}, @samp{%st(5)}, @samp{%st(6)}, and @samp{%st(7)}.

These registers are overloaded by 8 MMX registers @samp{%mm0},

@samp{%mm1}, @samp{%mm2}, @samp{%mm3}, @samp{%mm4}, @samp{%mm5},

@samp{%mm6} and @samp{%mm7}.

@item

the 8 SSE registers registers @samp{%xmm0}, @samp{%xmm1}, @samp{%xmm2},

@samp{%xmm3}, @samp{%xmm4}, @samp{%xmm5}, @samp{%xmm6} and @samp{%xmm7}.

@end itemize

The AMD x86-64 architecture extends the register set by:

@itemize @bullet

@item

enhancing the 8 32-bit registers to 64-bit: @samp{%rax} (the

accumulator), @samp{%rbx}, @samp{%rcx}, @samp{%rdx}, @samp{%rdi},

@samp{%rsi}, @samp{%rbp} (the frame pointer), @samp{%rsp} (the stack

pointer)

@item

the 8 extended registers @samp{%r8}--@samp{%r15}.

@item

the 8 32-bit low ends of the extended registers: @samp{%r8d}--@samp{%r15d}

@item

the 8 16-bit low ends of the extended registers: @samp{%r8w}--@samp{%r15w}

@item

the 8 8-bit low ends of the extended registers: @samp{%r8b}--@samp{%r15b}

@item

the 4 8-bit registers: @samp{%sil}, @samp{%dil}, @samp{%bpl}, @samp{%spl}.

@item

the 8 debug registers: @samp{%db8}--@samp{%db15}.

@item

the 8 SSE registers: @samp{%xmm8}--@samp{%xmm15}.

@end itemize

@node i386-Prefixes

@section Instruction Prefixes

@cindex i386 instruction prefixes

@cindex instruction prefixes, i386

@cindex prefixes, i386

Instruction prefixes are used to modify the following instruction.  They

are used to repeat string instructions, to provide section overrides, to

perform bus lock operations, and to change operand and address sizes.

(Most instructions that normally operate on 32-bit operands will use

16-bit operands if the instruction has an ``operand size'' prefix.)

Instruction prefixes are best written on the same line as the instruction

they act upon. For example, the @samp{scas} (scan string) instruction is

repeated with:

@smallexample

        repne scas %es:(%edi),%al

@end smallexample

You may also place prefixes on the lines immediately preceding the

instruction, but this circumvents checks that @code{@value{AS}} does

with prefixes, and will not work with all prefixes.

Here is a list of instruction prefixes:

@cindex section override prefixes, i386

@itemize @bullet

@item

Section override prefixes @samp{cs}, @samp{ds}, @samp{ss}, @samp{es},

@samp{fs}, @samp{gs}.  These are automatically added by specifying

using the @var{section}:@var{memory-operand} form for memory references.

@cindex size prefixes, i386

@item

Operand/Address size prefixes @samp{data16} and @samp{addr16}

change 32-bit operands/addresses into 16-bit operands/addresses,

while @samp{data32} and @samp{addr32} change 16-bit ones (in a

@code{.code16} section) into 32-bit operands/addresses.  These prefixes

@emph{must} appear on the same line of code as the instruction they

modify. For example, in a 16-bit @code{.code16} section, you might

write:

@smallexample

        addr32 jmpl *(%ebx)

@end smallexample

@cindex bus lock prefixes, i386

@cindex inhibiting interrupts, i386

@item

The bus lock prefix @samp{lock} inhibits interrupts during execution of

the instruction it precedes.  (This is only valid with certain

instructions; see a 80386 manual for details).

@cindex coprocessor wait, i386

@item

The wait for coprocessor prefix @samp{wait} waits for the coprocessor to

complete the current instruction.  This should never be needed for the

80386/80387 combination.

@cindex repeat prefixes, i386

@item

The @samp{rep}, @samp{repe}, and @samp{repne} prefixes are added

to string instructions to make them repeat @samp{%ecx} times (@samp{%cx}

times if the current address size is 16-bits).

@cindex REX prefixes, i386

@item

The @samp{rex} family of prefixes is used by x86-64 to encode

extensions to i386 instruction set.  The @samp{rex} prefix has four

bits --- an operand size overwrite (@code{64}) used to change operand size

from 32-bit to 64-bit and X, Y and Z extensions bits used to extend the

register set.

You may write the @samp{rex} prefixes directly. The @samp{rex64xyz}

instruction emits @samp{rex} prefix with all the bits set.  By omitting

the @code{64}, @code{x}, @code{y} or @code{z} you may write other

prefixes as well.  Normally, there is no need to write the prefixes

explicitly, since gas will automatically generate them based on the

instruction operands.

@end itemize

@node i386-Memory

@section Memory References

@cindex i386 memory references

@cindex memory references, i386

@cindex x86-64 memory references

@cindex memory references, x86-64

An Intel syntax indirect memory reference of the form

@smallexample

@var{section}:[@var{base} + @var{index}*@var{scale} + @var{disp}]

@end smallexample

@noindent

is translated into the AT&T syntax

@smallexample

@var{section}:@var{disp}(@var{base}, @var{index}, @var{scale})

@end smallexample

@noindent

where @var{base} and @var{index} are the optional 32-bit base and

index registers, @var{disp} is the optional displacement, and

@var{scale}, taking the values 1, 2, 4, and 8, multiplies @var{index}

to calculate the address of the operand.  If no @var{scale} is

specified, @var{scale} is taken to be 1.  @var{section} specifies the

optional section register for the memory operand, and may override the

default section register (see a 80386 manual for section register

defaults). Note that section overrides in AT&T syntax @emph{must}

be preceded by a @samp{%}.  If you specify a section override which

coincides with the default section register, @code{@value{AS}} does @emph{not}

output any section register override prefixes to assemble the given

instruction.  Thus, section overrides can be specified to emphasize which

section register is used for a given memory operand.

Here are some examples of Intel and AT&T style memory references:

@table @asis

@item AT&T: @samp{-4(%ebp)}, Intel:  @samp{[ebp - 4]}

@var{base} is @samp{%ebp}; @var{disp} is @samp{-4}. @var{section} is

missing, and the default section is used (@samp{%ss} for addressing with

@samp{%ebp} as the base register).  @var{index}, @var{scale} are both missing.

@item AT&T: @samp{foo(,%eax,4)}, Intel: @samp{[foo + eax*4]}

@var{index} is @samp{%eax} (scaled by a @var{scale} 4); @var{disp} is

@samp{foo}.  All other fields are missing.  The section register here

defaults to @samp{%ds}.

@item AT&T: @samp{foo(,1)}; Intel @samp{[foo]}

This uses the value pointed to by @samp{foo} as a memory operand.

Note that @var{base} and @var{index} are both missing, but there is only

@emph{one} @samp{,}.  This is a syntactic exception.

@item AT&T: @samp{%gs:foo}; Intel @samp{gs:foo}

This selects the contents of the variable @samp{foo} with section

register @var{section} being @samp{%gs}.

@end table

Absolute (as opposed to PC relative) call and jump operands must be

prefixed with @samp{*}.  If no @samp{*} is specified, @code{@value{AS}}

always chooses PC relative addressing for jump/call labels.

Any instruction that has a memory operand, but no register operand,

@emph{must} specify its size (byte, word, long, or quadruple) with an

instruction mnemonic suffix (@samp{b}, @samp{w}, @samp{l} or @samp{q},

respectively).

The x86-64 architecture adds an RIP (instruction pointer relative)

addressing.  This addressing mode is specified by using @samp{rip} as a

base register.  Only constant offsets are valid. For example:

@table @asis

@item AT&T: @samp{1234(%rip)}, Intel: @samp{[rip + 1234]}

Points to the address 1234 bytes past the end of the current

instruction.

@item AT&T: @samp{symbol(%rip)}, Intel: @samp{[rip + symbol]}

Points to the @code{symbol} in RIP relative way, this is shorter than

the default absolute addressing.

@end table

Other addressing modes remain unchanged in x86-64 architecture, except

registers used are 64-bit instead of 32-bit.

@node i386-Jumps

@section Handling of Jump Instructions

@cindex jump optimization, i386

@cindex i386 jump optimization

@cindex jump optimization, x86-64

@cindex x86-64 jump optimization

Jump instructions are always optimized to use the smallest possible

displacements.  This is accomplished by using byte (8-bit) displacement

jumps whenever the target is sufficiently close.  If a byte displacement

is insufficient a long displacement is used.  We do not support

word (16-bit) displacement jumps in 32-bit mode (i.e. prefixing the jump

instruction with the @samp{data16} instruction prefix), since the 80386

insists upon masking @samp{%eip} to 16 bits after the word displacement

is added. (See also @pxref{i386-Arch})

Note that the @samp{jcxz}, @samp{jecxz}, @samp{loop}, @samp{loopz},

@samp{loope}, @samp{loopnz} and @samp{loopne} instructions only come in byte

displacements, so that if you use these instructions (@code{@value{GCC}} does

not use them) you may get an error message (and incorrect code).  The AT&T

80386 assembler tries to get around this problem by expanding @samp{jcxz foo}

to

@smallexample

         jcxz cx_zero

         jmp cx_nonzero

cx_zero: jmp foo

cx_nonzero:

@end smallexample

@node i386-Float

@section Floating Point

@cindex i386 floating point

@cindex floating point, i386

@cindex x86-64 floating point

@cindex floating point, x86-64

All 80387 floating point types except packed BCD are supported.

(BCD support may be added without much difficulty).  These data

types are 16-, 32-, and 64- bit integers, and single (32-bit),

double (64-bit), and extended (80-bit) precision floating point.

Each supported type has an instruction mnemonic suffix and a constructor

associated with it.  Instruction mnemonic suffixes specify the operand's

data type.  Constructors build these data types into memory.

@cindex @code{float} directive, i386

@cindex @code{single} directive, i386

@cindex @code{double} directive, i386

@cindex @code{tfloat} directive, i386

@cindex @code{float} directive, x86-64

@cindex @code{single} directive, x86-64

@cindex @code{double} directive, x86-64

@cindex @code{tfloat} directive, x86-64

@itemize @bullet

@item

Floating point constructors are @samp{.float} or @samp{.single},

@samp{.double}, and @samp{.tfloat} for 32-, 64-, and 80-bit formats.

These correspond to instruction mnemonic suffixes @samp{s}, @samp{l},

and @samp{t}. @samp{t} stands for 80-bit (ten byte) real.  The 80387

only supports this format via the @samp{fldt} (load 80-bit real to stack

top) and @samp{fstpt} (store 80-bit real and pop stack) instructions.

@cindex @code{word} directive, i386

@cindex @code{long} directive, i386

@cindex @code{int} directive, i386

@cindex @code{quad} directive, i386

@cindex @code{word} directive, x86-64

@cindex @code{long} directive, x86-64

@cindex @code{int} directive, x86-64

@cindex @code{quad} directive, x86-64

@item

Integer constructors are @samp{.word}, @samp{.long} or @samp{.int}, and

@samp{.quad} for the 16-, 32-, and 64-bit integer formats.  The

corresponding instruction mnemonic suffixes are @samp{s} (single),

@samp{l} (long), and @samp{q} (quad).  As with the 80-bit real format,

the 64-bit @samp{q} format is only present in the @samp{fildq} (load

quad integer to stack top) and @samp{fistpq} (store quad integer and pop

stack) instructions.

@end itemize

Register to register operations should not use instruction mnemonic suffixes.

@samp{fstl %st, %st(1)} will give a warning, and be assembled as if you

wrote @samp{fst %st, %st(1)}, since all register to register operations

use 80-bit floating point operands. (Contrast this with @samp{fstl %st, mem},

which converts @samp{%st} from 80-bit to 64-bit floating point format,

then stores the result in the 4 byte location @samp{mem})

@node i386-SIMD

@section Intel's MMX and AMD's 3DNow! SIMD Operations

@cindex MMX, i386

@cindex 3DNow!, i386

@cindex SIMD, i386

@cindex MMX, x86-64

@cindex 3DNow!, x86-64

@cindex SIMD, x86-64

@code{@value{AS}} supports Intel's MMX instruction set (SIMD

instructions for integer data), available on Intel's Pentium MMX

processors and Pentium II processors, AMD's K6 and K6-2 processors,

Cyrix' M2 processor, and probably others.  It also supports AMD's 3DNow!@:

instruction set (SIMD instructions for 32-bit floating point data)

available on AMD's K6-2 processor and possibly others in the future.

Currently, @code{@value{AS}} does not support Intel's floating point

SIMD, Katmai (KNI).

The eight 64-bit MMX operands, also used by 3DNow!, are called @samp{%mm0},

@samp{%mm1}, ... @samp{%mm7}.  They contain eight 8-bit integers, four

16-bit integers, two 32-bit integers, one 64-bit integer, or two 32-bit

floating point values.  The MMX registers cannot be used at the same time

as the floating point stack.

See Intel and AMD documentation, keeping in mind that the operand order in

instructions is reversed from the Intel syntax.

@node i386-LWP

@section AMD's Lightweight Profiling Instructions

@cindex LWP, i386

@cindex LWP, x86-64

@code{@value{AS}} supports AMD's Lightweight Profiling (LWP)

instruction set, available on AMD's Family 15h (Orochi) processors.

LWP enables applications to collect and manage performance data, and

react to performance events.  The collection of performance data

requires no context switches.  LWP runs in the context of a thread and

so several counters can be used independently across multiple threads.

LWP can be used in both 64-bit and legacy 32-bit modes.

For detailed information on the LWP instruction set, see the

@cite{AMD Lightweight Profiling Specification} available at

@uref{http://developer.amd.com/cpu/LWP,Lightweight Profiling Specification}.

@node i386-BMI

@section Bit Manipulation Instructions

@cindex BMI, i386

@cindex BMI, x86-64

@code{@value{AS}} supports the Bit Manipulation (BMI) instruction set.

BMI instructions provide several instructions implementing individual

bit manipulation operations such as isolation, masking, setting, or

resetting.

@c Need to add a specification citation here when available.

@node i386-TBM

@section AMD's Trailing Bit Manipulation Instructions

@cindex TBM, i386

@cindex TBM, x86-64

@code{@value{AS}} supports AMD's Trailing Bit Manipulation (TBM)

instruction set, available on AMD's BDVER2 processors (Trinity and

Viperfish).

TBM instructions provide instructions implementing individual bit

manipulation operations such as isolating, masking, setting, resetting,

complementing, and operations on trailing zeros and ones.

@c Need to add a specification citation here when available.

@node i386-16bit

@section Writing 16-bit Code

@cindex i386 16-bit code

@cindex 16-bit code, i386

@cindex real-mode code, i386

@cindex @code{code16gcc} directive, i386

@cindex @code{code16} directive, i386

@cindex @code{code32} directive, i386

@cindex @code{code64} directive, i386

@cindex @code{code64} directive, x86-64

While @code{@value{AS}} normally writes only ``pure'' 32-bit i386 code

or 64-bit x86-64 code depending on the default configuration,

it also supports writing code to run in real mode or in 16-bit protected

mode code segments.  To do this, put a @samp{.code16} or

@samp{.code16gcc} directive before the assembly language instructions to

be run in 16-bit mode.  You can switch @code{@value{AS}} to writing

32-bit code with the @samp{.code32} directive or 64-bit code with the

@samp{.code64} directive.

@samp{.code16gcc} provides experimental support for generating 16-bit

code from gcc, and differs from @samp{.code16} in that @samp{call},

@samp{ret}, @samp{enter}, @samp{leave}, @samp{push}, @samp{pop},

@samp{pusha}, @samp{popa}, @samp{pushf}, and @samp{popf} instructions

default to 32-bit size.  This is so that the stack pointer is

manipulated in the same way over function calls, allowing access to

function parameters at the same stack offsets as in 32-bit mode.