Dec 262017
Full Description of File
Documentation for the GNU gas assembler
for Intel processors (386,486,586). Gas
is used with GCC under Linux, OS/2, DGJPP
and so on. Gas uses AT&T syntax.
for Intel processors (386,486,586). Gas
is used with GCC under Linux, OS/2, DGJPP
and so on. Gas uses AT&T syntax.
| Documentation for the GNU gas assembler for Intel processors (386,486,586). Gas is used with GCC under Linux, OS/2, DGJPP and so on. Gas uses AT&T syntax. | |||
|---|---|---|---|
| File Name | File Size | Zip Size | Zip Type |
| FILE_ID.DIZ | 159 | 141 | deflated |
| GAS.DOC | 45679 | 12852 | deflated |
Download File GASDOC.ZIP Here
Contents of the GAS.DOC file
1. Purpose_of_this_Document
This document provides the third draft of the assembler
language definition for the 5.3/386 CCS. The goal of this
effort is to take the current 286 assembler andupgrade it
to a 386assembler in the minimum possible time. This docu-
ment describes the resulting product.
1.1 INVOKING_THE_ASSEMBLER
The assembler isinvokedby the command:
as [-o outfile] [-n] [-R] [-v] [-u] [-x]infile
The flags have the following meaning:
-o filename
Use filename as the outputfile. The output file name
is generated by the algorithm at the end of this sec-
tion.
-n
Noaddressoptimization.
-R
Remove (unlink) the input file after assembly is com-
pleted.
-V
Write the version number of the assembler on the stan-
dard erroroutput. This option does allowfor normale
assembly.
-u
Remove unreferenced debugging symbols fromthe symbol
table.
-x
Extended addressing (48-bit pointers) willbe used.
The input assembly language program is read frominfileand
the output object module is written to outfile. The assem-
bler only accepts one infile on a command line.If outfile
is notspecified, the name is created from infile bythe
following algorithm:
+ If the nameinfile ends with the two characters .s,the
name outfile is createdby replacing these lasttwo
characters with .o.
+ If the nameinfile does notend with the two characters
.sand is no more than 12 characters long, the name
outfile is created by appending .o to the name infile.
+ If the nameinfile does notend with the two characters
.sand is greater than 12 characters long, the name
outfile is created by appending .o to the first 12
charactersof infile. This satisfies theUNIX system
requirementthat a file name be no more than 14 charac-
ters long.
1.2 INPUT_FORMAT
The input to theassembler is a text file. This file must
consist of a sequence oflines ending with a newline charac-
ter (ASCII LF).Each line can contain one or more state-
ments. If several statements appear on a line, they must be
separated by semicolons(;). Each statement mustbe one of
the following:
+ An empty statement is one that contains nothing other
than spaces, tabs, and form-feed characters. Empty
statements have no meaning to the assembler. Theycan
be insertedfreely to improve the appearance of a list-
ing.
+ An assignment statement is one thatgives avalue to a
symbol. It consists of a symbol, followedby an equal
sign(=), followed by an expression. The expression is
evaluated and the result is assigned tothe symbol.
Assignment statements do not generate any code. They
are used only toassign assemblytime values to sym-
bols.
+ A pseudo operation statement is a directive tothe
assembler that does not necessarily generate any code.
It consistsof a pseudo operationcode, followed by
zero or more operands.Every pseudo operation code
begins witha period(.).
+ A machine operationstatement is a mnemonicrepresenta-
tion of an executable machine instruction that is
translated by the assembler. It consists of an opera-
tion code, followedby zeroor moreoperands.
In addition, each statement can be modified by one or more
of the following:
+ A label canbe placed at the begining of any statement.
This consists of a symbol followed by a colon(:). When
a label is encountered by the assembler, the value of
thelocation counter is assigned tothe label.
+ A comment can be inserted at the end of any statement
bypreceding thecommentwith a slash(/). The slash
causes the assembler to ignore anycharacters inthe
line after the slash. This facility isprovided to
allow insertion of internalprogramdocumentation into
thesource file fora program.
1.3 OUTPUT_FORMAT
The output of the assembler is an objectfile.The object
file produced bythe assembler contains at leastthe follow-
ing three sections:
.text This is an initialized section, normally it is
read only and contains the code from a program.
It mayalso contain read only tables.
.data This is an initialized section, normally it is
readable abdwritable. It containsinitialized
data.These can be scalers ortables.
.bss This is an uninitialized section. Space isnot
allocated for this segment in the cofffile.
An optional section, .comment may also be produced (Seethe
section "Pseudo Ops").
Every statement in the input assembly language program that
generates code or data generates it into one ofthese three
sections. The section into which the generated bytes are to
be written starts outas .text, and can be switched using
section control pseudo operations.
The assembler can produce objectmodules with any one of
four (4) different magic numbers. Each magic number indi-
cates that a different (incompatible) function linkagehas
been used.
The -x option must be specified to get an object file with
48-bit pointers. The default object file type (with no -x
option) is a 32-bit pointer object file.
The -x option does not change the outputcode - the handling
of 48-bit addresses must be done in the assembly code,byt
the programer. The -x option tells the assembler what type
of magicnumber to put into the coff file.
SYMBOLS AND EXPRESSIONS
2. SYMBOLS_and_EXPRESSIONS
2.1 Values
Values are represented in the assembler by 32 bit 2's com-
plimentvalues. All arithmetic is performed using 32 bits
of precision. Note thatthe values usedin a 386 instruc-
tion mayuse 8, 16, or 32 bits.
2.1.1 Types Every value is an instanceone of the follow-
ing types:
Undefined
Anundefined symbol is onewhose value has notyet
been defined. Examples of undefined symbols are for-
ward references and externals.
Absolute
Anabsolute type is one whose value doesnot change
with relocation. Examples of absolutesymbolsare
numeric constants and expressions whose operandsare
only numeric constants.
Text
A text type symbolis one whose value is relative to
the text segment.
Data
A data type symbolis one whose value is relative to
the data segment.
Bss
A bss typesymbol is one whose value is relative to
the bss segment.
Any of the abovesymbol types can be given the attribute
EXTERNAL.
2.2 Symbols
A symbolhas a value anda typeeach of which is either
specified explicitly by an assignment statement or from it's
context. Refer to section 2.3 (Expressions) forthe regular
expression definition ofa symbol.
2.2.1 Reserved_SymbolsThe following symbols are reserved
by the assembler.
. Commonly refered to as dot. This is the location
counter while assemblinga program. It takes onthe
current location in the text, data, or bsssection.
.text
This symbol is of type text. It is used to labelthe
beginningof a text section in the program being
assembled.
.data
This symbol is of type data. It is used to labelthe
beginningof a data section in the program being
assembled.
.bss
This symbol is of type bss. It isused to labelthe
beginning of a bsssectionin the program being assem-
bled.
2.3 Expressions
2.3.1 General The expressions accepted by the UNIX386
assembler can be described by their semantic and syntactic
rules.
The following are the operators supported by theassembler:
OPERATORACTION
---------------------------
+ addition
- subtraction
\* multiplication
\/ division
& bit wiselogicaland
| bit wiselogicalor
> right shift
< left shift
\% remainder operator
! bit wiselogicaland not
In the following syntactic rules the non-terminalsare
represented by lower case letters. The terminalsymbolsare
represented by upper case letters and the symbols enclosed
in double quotes("") are terminal symbols.
There isno precedence to the operators. Square brackets
must be used to establish precedence.
SYNTACTIC RULES FOR THE ASSEMBLER
expr : term
| expr "+" term
| expr "term
| expr "/" term
| expr "&" term
| expr "|" term
| expr ">" term
| expr "<" term
| expr "" term
| expr "!" term
| expr "-" term
;
term : id
| number
| "-" term
| "[" expr "]"
| "" term
| "" term
;
id : LABEL
;
number : DEC_VAL
| HEX_VAL
| OCT_VAL
| BIN_VAL
;
The Terminal nodes can be described by the following regular
expressions.
LABEL = [a-zA-Z_][a-zA-Z0-9_]*:
DEC_VAL = [1-9][0-9]*
HEX_VAL = 0[Xx][0-9a-fA-F][0-9a-fA-F]*
OCT_VAL = 0[0-7]*
BIN_VAL = 0[Bb][0-1][0-1]*
In the above regular expressions choices are enclosed in
square brackets,a rangeof letters or numbers are separated
by a dash (-), and the star (*) indicates zero (0) or more
instances of theprevious character.
Semantically theexpressions fall into two groups, theyare
absolute and relocatable. The following table showsthe
legal combinations of absolute and relocatable operands,for
the addition and subtraction operators. All other opera-
tions are only legal on absolutevalued expressions.
All numbers havethe absolute attribute. Symbols used to
reference storage, text or data, arerelocatable. In an
assignment statement Symbols on the lefthand side inherit
their relocationattributes fromthe right hand side.
In the table "a"is an absolute valued expression, and"r"
is a relocatable valued expression. The resulting type of
the operation isgiven to the right of the equalsign.
a + a = a
r + a = r
a - a = a
r - a = r
r - r = a
In the last example, the relocatable expressions must be
declaredbefore their differencecan be taken.
Following are some examples of valid expressions:
1. label"
2. $label"
3. [label + 0x100]"
4. [label1 -label2]"
5. $[label1 - label2]"
Following are some examples of invalid expressions:
1. [$label -$label]"
2. [label1 *5]"
3. (label + 0x20)"
PSEUDO OPERATIONS
.align val The align pseudo op causes the next data
generated tobe aligned modulo val.Val
must be an positiveintegervalue.
.bcd val The bcd pseudo op generates a packed
decimal (80-bit) value intothe current
section. This is not valid for the .bss
section. Val is a non-floating point
constant.
.bss The bss pseudo op changes the current
section to .bss
.bss tag, bytes Define symbol tag in the .bss section
andadd bytes to the value of dotfor
.bss. This does notchange the current
section to .bss. Tag is a symbol name.
Bytes must be an positive integer value.
.byte val [,val] The byte pseudo op generatesinitialized
bytes into the current section. This is
not valid for .bss.Each val must be
an 8-bit value.
.comm name, expr The comm pseudo op allocatesstorage in
the .datasection. Thestorage is
referenced by name, and hasa size in
bytes of expr. Name is a symbol. Expr
mustbe an positive integer. The name
can not be pre-defined.
.data The data pseudo op changes the current
section to .data.
.double val The double pseudo opgenerates an 80287
longreal (64-bit) into the current sec-
tion. Not valid the.bss section.Val
is afloating point constant.
.even The even pseudo op aligns the current
program counter, (.) to an even boun-
dary.
.float val The float pseudo opgenerates a 80287
short real(32 bit) intothe current
section. This is not valid in the .bss
section. Val is afloating point con-
stant.
.globl name Thispseudo op makesthe variable, name,
accessible to other programs.
.ident string The ident pseudo op creates an entry in
thecomment section containing string.
String is any sequence ofcharacters,
not including the double quote, '"'.
.lcomm name, expr The lcomm pseudo op allocates storage in
the .bss section. The storage is refer-
enced by name, and has a size of expr.
Name is a symbol. Expr must be of type
positive integer. Name can not be pre-
defined.
.long val The long pseudo op generates a long
integer (32-bit two's complement value)
intothe current section. This pseudo
op is not valid for the .bsssectionVal
is anon-floating point constant.
.noopt The noopt pseudo op
.optim The optim pseudo op
.set name, expr The set pseudo op sets the value of sym-
bol name to expr. This is equivalent to
an assignment.
.string str Thispseudo places the characters instr
into the object module atthe current
loc and terminates the string with a
null. Thestringmust beenclosed in
double quotes ("").This pseudo op is
not valid for the .bss section.
.text The text pseudo op defines the current
section as .text.
.value expr [,expr] The value pseudo op is used to generate
an initialized word (16-bit two's com-
plement value) into the current section.
This pseudoop is not validin the .bss
section. Each exprmust be a 16-bit
value.
.versionstring The version pseudo op puts the C com-
piler version into the comment section.
SDB PSEUDO OPS
.type expr The type pseudo op is usedwith in a
.def-.endef pair. It gives the namethe
C compiler type representation expr.
.val expr The val pseudo op isused with a .def-
.endef pair. It gives name the value of
expression.The type of expr determines
the section for name.
.tag str The tag pseudo op is used in relation
with a previouslydefined.def pseudo
op.If the name of a .def is a struc-
ture or a union, str shouldbe the name
of that structure orunion tag defined
in aprevious .def-.endef pair.
.size expr The size pseudo op is used with the .def
pseudo op. If name of .def is an object
suchas a structure or an array, this
gives it a totalsize ofexpr. Expr
mustbe a positive integer.
.scl expr The scl pseudo op isused with the .def
pseudo op. With in the .def it gives
namethe storage class ofexpr.The
typeof exprshould be positive.
.line expr The line pseudo op is used with the .def
pseudo op. It defines thesource line
number of the definition of symbol name
in the .def. Expr should yield an posi-
tivevalue.
.ln line[,addr] Thispseudoop provides the relative
source line number to the beginning of a
function. It is used to pass info
through to sdb.
.file name The file pseudo op is the source file
name. Only one is allowed per source
file. Name must bebetween 1 and 14
characters.This must be the first line
an assembly file.
.endef Theendef pseudo op is the ending
bracket for a .def.
.def name The def pseudo opstartsa symbolic
description for symbolname.See
.endef. Name is a symbol name.
.dim expr [,expr] The dim pseudo op isused with the .def
pseudo op.If the name of a .def is an
array, the expressions givethe dimen-
sions. Up to 4 dimensions are accepted.
The type of each expression should be
positive.
3. Machine_Instructions
3.1 Differencesbetweenthe UNIX 386 and the Intel 386
assemblers
This section describes the instructions that the assembler
accepts. The detailedspecification of how the particular
instructions operate arenot included. The operation of
particular instructions is described in the Intel documenta-
tion.
The following describes the differences between the Unix386
and Intel 386 assemblylanguages. This explanation covers
all aspects of translation from Intel assembler to Unix386
assembler.
This is a list of the differences between the Unix386
assemblylanguage and Intel's.
1. All register namesuse percent sign (%) asa prefix to
distinguish them from symbol names.
2. Instructions with two (2) operandsuse theleft asthe
source andthe right as the destination. This follows
the UNIX system'sassembler convention,and it is
reversed from Intel's notation.
3. Most instructions that canoperateon a byte, word, or
long mayhave "b", "w", or "l" appended to them. In
general when an opcode is specified with no type suf-
fix, it defaults to long. In general the UNIX386
assemblerderives its type information fromthe
opcode, where as the Intel 386 assembler can derive
its type information from the operand types. Wherethe
type information is derived, motivates theb, w, and l
suffixes used in the Unix 386 assembler.
3.2 Operands
Three kinds of operands are generally available tothe
instructions: register, memory, andimmediate operands.
Full descriptions of each type appear below. Indirect
operandsare available to jump and call instructions; but NO
other instructions can use memory indirect operands.
The assembler always assumes it is generating code for a 32
bit segment. So when 16 bit data is called for( i.e. movw
%ax, %bx) it will automaticallygenerate the 16 bit data
prefix byte.
Byte, Word, and Long registers are available on the 80386
processor. The code segment(%cs),instruction pointer
(%eip), and the flag register are not available as explicit
operandsto the instructions.
The names of thebyte, word, andlong registers available as
operandsand a brief descriptionappear below:
1. 8-bit (byte) general registers
%al low byte of %ax register
%ah high byte of %ax register
%cl low byte of %cx register
%ch high byte of %cx register
%dl low byte of %dx register
%dh high byte of %dx register
%bl low byte of %bx register
%bh high byte of %bx register
2. 16-bit general registers
%ax low 16-bits of %eax register
%cx low 16-bits of %ecx register
%dx low 16-bits of %edx register
%bx low 16-bits of %ebx register
%sp low 16-bits of the stack pointer (%esp)
%bp low 16-bits of the frame pointer (%ebp)
%si low 16-bits of the source index register (%esi)
%di low 16-bits of the destination index register
(%edi)
3. 32-bit General Registers
%eax 32-bit accumulator
%ecx 32-bit general register
%edx 32-bit general register
%ebx 32-bit general register
%esp 32-bit stack pointer
%ebp 32-bit frame pointer
%esi 32-bit sourceindex register
%edi 32-bit destination index register
4. Segment registers
%cs Code segmentregister, allreferences tothe
instruction space use this register.
%ds Data segment register,the default segment regis-
ter for most references to memory operands.
%ss Stack segment register, the default segment regis-
ter for memory operands in the stack. (i.e.
default segment register for%bp %sp %espand
%ebp).
%es General purpose segment register
Some string instructions use this extra segment as
their default segment.
%fs General purpose segment register
%gs General purpose segment register
3.3 Instruction_Descriptions
This section describes the Unix 5.3/386 instruction syntax.
Refer to section 3.13.13.1 forthe differencesbetweenthe
UNIX 386and theIntel 386 assemblers.
Since the assembler assumes it is alwaysgenerating codefor
a 32 bit segment it always assumes a 32bit address, and it
automatically predeeds word operations with a 16 bit data
prefix byte.
In this section the following notation is used:
1. The mnemonics are expressed in aregular expression
type syntax. Alternativesseparated by a verticalbar
(|) and enclosed with in square brackets, "[]", denote
one of them must be chosen. Alternatives enclosed
with in curly braces, "{}", denoteone or none ofthe
them may be used.The vertical bar (|) separates dif-
ferent suffixes for operators or operands. As an
example when an8, 16, or 32 bit immediate value is
permittedin an instructionwe would write:
imm[8|16|32].
2. imm[8|16|32|48] - any immediate value, as theyare
defined above. Immediate values are defined usingthe
regular expressionsyntaxpreviously defined. When
there is a choicebetweenoperandsizes the assembler
will choose the smallest representation.
3. reg[8|16|32] - anygeneral purpose register. Where
each number indicates one of the following:
32: %eax, %ecx, %edx, %ebx, %esi, %edi,%ebp, %esp.
16: %ax, %cx, %dx,%bx, %si, %di, %bp, %sp.
8:%al, %ah, %cl, %ch, %dl, %dh, %bl, %bh.
4. mem[8|16|32|48] - any memory operand. The8, 16,32,
and 48 suffixesrepresent byte, word, dword,and
inter-segment memory address quantities, respectively.
5. r/m[8|16|32] - anygeneralpurposeregister or memory
operand. The operand typeis determined from the suf-
fix. Theyare 8 =byte, 16 = word, and 32 = dword.
The registers for each operand size arethe same as
reg[8|16|32] above.
6. creg - anycontrolregister The control registers are:
%cr0, %cr2, or %cr3.
7. dreg - thedebug register. The debug registers are:
%db0, %db1, %db2, %db3, %db6, %db7.
8. sreg - anysegmentregister The segment registers are:
%cs, %ds, %ss, %es, %fs, %gs.
9. treg - thetest register. The test registers are:
%tr6 and %tr7
10. cc- condition codes. Thecondition codesare:
1. a - jmp above
2. ae - above or equal
3. b - below
4. be - below or equal
5. c - carry
6. e - equal
7. g - greater
8. ge - greater than or equal to
9. l - less than
10. le - less than or equalto
11. na - not above
12. nae - not above or equalto
13. nb - not below
14. nbe - not above or equalto
15. nc - nocarry
16. ne - not equal
17. ng - not greater than
18. nge - not greater than or equal to
19. nl - not less than
20. nle - not less than or equal to
21. no - not over flow
22. np - not parity
23. ns - not sign
24. nz - not zero
25. o - overflow
26. p - parity
27. pe - parity even
28. po - parity odd
29. s - sign
30. z - zero
11. disp[8|32]- the number ofbits used todefinethe
distance of a relative jump. Since the assembler only
supports a32 bit address space only 8 bit sign
extended, and 32 bit address are supported.
12. immPtr - When the immediate form of a longcall or a
long jumpis usedthe selector and offsetare encoded
asan immediate pointer (immPtr).
Addressing modes
Represented by: [sreg:][offset][([base][,index][,scale])].
Where all the items in the square brackets are optional,and
at least one isnecessary. If any of the itemsin sidethe
parenthesis are used theparenthesis aremandatory.
Sreg is a segment register over ride prefix. Itmay beany
segmentregister. If asegmentover ride prefix is present
it must be followed by acolon (:), before the offset com-
ponent of the address. Sreg does not represent an address
by itself. An address must contain an offset component.
Offset is a displacementfrom a segmentbase.It may be
absolute or relocatable. A label is an example of a relo-
catable offset.A number is an example of an absolute
offset.
Base andindex can be any 32 bitregister. Scale is a mul-
tiplication factor for the index register field. Please
refer tothe Intel documentationfor more details onthe
80386 addressingmodes.
Following are some examples of addresses:
movl var, %eax
Move the contents of memory location var into %eax.
movl %cs:var, %eax
Move the contents of the memory location, var inthe
code segment into %eax.
movl $var, %eax
Move the address of var into %eax.
movl array_base(%esi), %eax
Add the address ofmemory locationarray_base tothe
content of%esi toget an address in memory. Movethe
content ofthis address into %eax.
movl (%ebx, %esi, 4), %eax
Multiply the content of %esi by 4, add this tothe
content of %ebx, to produce a memory reference. Move
the content of this memorylocation into %eax.
movl struct_base(%ebx, %esi, 4),%eax
Multiply the content of %esi by 4, add this tothe
content of %ebx, add this to theaddress of
struct_base, to produce anaddress. Move the content
ofthis address into %eax.
A note about expressionsand immediate values. An immediate
value isan expression preceded by a dollar sign.
immediate: "$" expr
Immediate valuescarry the absolute orrelocatable attri-
butes of theirexpression component. Immediate valuescan
not be used in an expression.
Immediate valuesshould be considered as another form of
address. The immediate form of address.
3.3.1 Processor_Extension_InstructionsPlease refer tothe
chapter on floating point support.
3.3.1.1Control_and_Test_Register_Instructions
1. mov{l} creg, reg32
2. mov{l} dreg, reg32
3. mov{l} reg32, creg
4. mov{l} reg32, dreg
5. mov{l} treg, reg32
6. mov{l} reg32, treg
NOTE: The Unix assembleraccepts"mov" or "movl"as exactly
the same instruction for the control and test register
group.
3.3.1.2New_Condition_Code_Instructions
1. jcc disp32
2. setcc r/m8
3.3.1.3Bit_Instructions All the new bit instructionsare
only defined forword and long register or memory operands.
1. bt{wl} reg[16|32], r/m[16|32]
2. bt{wl} imm8, r/m[16|32]
3. bts{wl} imm8, r/m[16|32]
4. bts{wl} reg[16|32], r/m[16|32]
5. btr{wl} imm8, r/m[16|32]
6. btr{wl} reg[16|32], r/m[16|32]
7. btc{wl} imm8, r/m[16|32]
8. btc{wl} reg[16|32], r/m[16|32]
9. bsf{wl} reg[16|32], r/m[16|32]
10. bsr{wl} reg[16|32], r/m[16|32]
11. shld{wl} imm8, reg[16|32], r/m[16|32]
12. shld{wl} reg[16|32], r/m[16|32]
13. shrd{wl} imm8, reg[16|32], r/m[16|32]
14. shrd{wl} reg[16|32], r/m[16|32]
NOTE: All the bit operation mnemonics with out atype suffix
default to long.
3.3.1.4New_Arithmetic_Instruction
1. imul r/m[16|32], reg[16|32]
NOTE: This is the uncharacterized multiply. It has a 16 or
32 bit product, as opposed to a 32 or 64bit product.
3.3.1.5New_Move_with_Zero_or_Sign_Extension_Instructions
1. movzbw r/m8, reg16
2. movzbl r/m8, reg32
3. movzwl r/m16, reg32
4. movsbw r/m8, reg16
5. movsbl r/m8, reg32
6. movswl r/m16, reg32
3.3.2 Data_Movement_Instructions
1. clr{bwl} r/m[8|16|32]
2. lea{wl} mem32, reg[16|32]
3. mov{bwl} r/m[8|16|32], reg[8|16|32]
4. mov{bwl} reg[8|16|32], r/m[8|16|32]
5. mov{bwl} imm[8|16|32], r/m[8|16|32]
6. pop{wl} r/m[16|32]
7. popa{wl}
8. push{bwl} imm[8|16|32]
9. push{wl} r/m[16|32]
10. pusha{wl}
11. xchg{bwl} reg[8|16|32], r/m[8|16|32]
NOTE1: pushb sign extends the immediate byte to a long,and
pushes along (4bytes) onto thestack.
NOTE2: When a type suffix is notused with a data movement
mnemonicthe type defaults to long. TheUnix assembler does
not derive the type of the operands fromthe operands.
3.3.3 Segment_Register_Instructions
1. lds{wl} mem[32|48], reg[16|32]
2. les{wl} mem[32|48], reg[16|32]
3. lfs{wl} mem[32|48], reg[16|32]
4. lgs{wl} mem[32|48], reg[16|32]
5. lss{wl} mem[32|48], reg[16|32]
6. movw sreg[cs|ds|ss|es] , r/m16
7. movw r/m16, sreg[cs|ds|ss|es]
8. popw sreg[ds|ss|es|fs|gs]
9. pushw sreg[cs|ds|ss|es|fs|gs]
NOTE1: The pushwand popw push and pop 16 bitquantities.
This is done by using an data size over ride byte (OSP)
byte.
NOTE2: When the type suffix is not used with the lds, les,
lfs, lgs, and lss instructions a48 bit pointer is assumed.
NOTE3: Since theassembler assumes no type suffix means a
type of long, the typesuffix of "w" when working withthe
segment registers is mandatory.
3.3.4 I/O_Instructions
1. in{bwl} imm8
2. in{bwl} %dx
3. ins{bwl} %dx
4. out{bwl} imm8
5. out{bwl} %dx
6. outs{bwl} %dx
NOTE1: When the type suffix is left off the I/O instructions
they default tolong. So in = inl, out= outl,ins = insl,
and outs= outsl.
3.3.5 Flag_Instructions
1. lahf
2. sahf
3. popf{wl}
4. pushf{wl}
5. cmc
6. clc
7. stc
8. cli
9. sti
10. cld
11. std
NOTE: When the type suffix notused the pushf and popf
instructions default to long. Pushf= pushfl and popf =
popfl. A pushw or popw will push or popa 16 bit quantity.
This is done by using the OSP prefix byte
3.3.6 Arithmetic/Logical_Instructions
1. add{bwl} reg[8|16|32], r/m[8|16|32]
2. add{bwl} r/m[8|16|32], reg[8|16|32]
3. add{bwl} imm[8|16|32], r/m[8|16|32]
4. adc{bwl} reg[8|16|32], r/m[8|16|32]
5. adc{bwl} r/m[8|16|32], reg[8|16|32]
6. adc{bwl} imm[8|16|32], r/m[8|16|32]
7. sub{bwl} reg[8|16|32], r/m[8|16|32]
8. sub{bwl} r/m[8|16|32], reg[8|16|32]
9. sub{bwl} imm[8|16|32], r/m[8|16|32]
10. sbb{bwl} reg[8|16|32], r/m[8|16|32]
11. sbb{bwl} r/m[8|16|32], reg[8|16|32]
12. sbb{bwl} imm[8|16|32], r/m[8|16|32]
13. cmp{bwl} reg[8|16|32], r/m[8|16|32]
14. cmp{bwl} r/m[8|16|32], reg[8|16|32]
15. cmp{bwl} imm[8|16|32], r/m[8|16|32]
16. inc{bwl} r/m[8|16|32]
17. dec{bwl} r/m[8|16|32]
18. test{bwl} reg[8|16|32], r/m[8|16|32]
19. test{bwl} r/m[8|16|32], reg[8|16|32]
20. test{bwl} imm[8|16|32], r/m[8|16|32]
21. sal{bwl} imm8, r/m[8|16|32]
22. sal{bwl} %cl, r/m[8|16|32]
23. shl{bwl} imm8, r/m[8|16|32]
24. shl{bwl} %cl, r/m[8|16|32]
25. sar{bwl} imm8, r/m[8|16|32]
26. sar{bwl} %cl, r/m[8|16|32]
27. shr{bwl} imm8, r/m[8|16|32]
28. shr{bwl} %cl, r/m[8|16|32]
29. not{bwl} r/m[8|16|32]
30. neg{bwl} r/m[8|16|32]
31. bound{wl} reg[16|32], r/m[16|32]
32. and{bwl} reg[8|16|32], r/m[8|16|32]
33. and{bwl} r/m[8|16|32], reg[8|16|32]
34. and{bwl} imm[8|16|32], r/m[8|16|32]
35. or{bwl} reg[8|16|32], r/m[8|16|32]
36. or{bwl} r/m[8|16|32], reg[8|16|32]
37. or{bwl} imm[8|16|32], r/m[8|16|32]
38. xor{bwl} reg[8|16|32], r/m[8|16|32]
39. xor{bwl} r/m[8|16|32], reg[8|16|32]
40. xor{bwl} imm[8|16|32], r/m[8|16|32]
NOTE: When the type suffix is not included in an arithmetic
or logical instruction it defaults to a long.
3.3.7 Multiply_and_Divide
1. imul{wl} imm[16|32], r/m[16|32], reg[16|32]
2. mul{bwl} r/m[8|16|32]
3. div{bwl} r/m[8|16|32]
4. idiv{bwl} r/m[8|16|32]
NOTE: When the type suffix is not included in a multiply or
divide instruction it defaults to a long.
3.3.8 Conversion_Instructions
1. cbtw
2. cwtd
3. cwtl
4. cltd
NOTE: convert byte to word: %al -> %ax
convert word to double: %ax -> %dx:%ax
convert word to long: %ax -> %eax
convert long to double: %eax -> %edx:%eax
3.3.9 Decimal_Arithmetic_Instructions
1. daa
2. das
3. aaa
4. aas
5. aam
6. aad
3.3.10 _Coprocessor_Instructions
1. wait
2. esc
3.3.11 String_Instructions
1. movs[bwl]
2. movs - same as movsl
3. smov[bwl] same as movs[bwl]
4. smov - same as smovl
5. cmps[bwl]
6. cmps - same as cmpsl
7. scmp[bwl] same as cmps[bwl]
8. scmp - same as scmpl
9. stos[bwl]
10. stos - same as stosl
11. ssto[bwl] same as stos[bwl]
12. ssto - same as sstol
13. lods[bwl]
14. lods - same as lodsl
15. slod[bwl] same as lods[bwl]
16. slod - same as slodl
17. scas[bwl]
18. scas - same as scasl
19. ssca[bwl] same as scas[bwl]
20. ssca - same as sscal
21. xlat
22. rep
23. repnz
24. repz
NOTE: All Intel string op mnemonics default to longs.
3.3.12 _Procedure_Call_and_Return
1. lcall immPtr
2. lcall r/m48 (indirect)
3. lret
4. lret imm16
5. call disp32
6. call r/m32 (indirect)
7. ret
8. ret imm16
9. enter imm16, imm8
10. leave
3.3.13 Jump_Instructions
1. jcc disp[8|32]
2. jcxz disp[8|32]
3. loop disp[8|32]
4. loopnz disp[8|32]
5. loopz disp[8|32]
6. jmp disp[8|32]
7. ljmp immPtr
8. jmp r/m32 (indirect)
9. ljmp r/m48 (indirect)
NOTE: The UNIX 386 assembler optimizes for SDI's (Span
Dependent Instructions). So intra-segment jumps are optim-
ized to their short forms when possible.
3.3.14 Interrupt_Instructions
1. int 3
2. int imm8
3. into
4. iret
3.3.15 Protection_Model_Instructions
1. sldt r/m16
2. str r/m16
3. lldt r/m16
4. ltr r/m16
5. verr r/m16
6. verw r/m16
7. sgdt r/m32
8. sidt r/m32
9. lgdt r/m32
10. lidt r/m32
11. smsw r/m32
12. lmsw r/m32
13. lar r/m32, reg32
14. lsl r/m32, reg32
15. clts
3.3.16 Miscellaneous_Instructions
1. lock
2. nop
3. hlt
4. addr16
5. data16
TRANSLATION TABLES FOR UNIX TO INTELFLOAT MNEMONICS
The following tables show the relationship between the Unix
and Intel mnemonics. The mnemonics are organized intothe
same functional categories as the Intel mnemonics.The
Intel mnemonics appearin section two of the 80287 numeric
supplement.
The notational conventions used in the table are: When
lettersappearwith insquare brackets, "[]",exactlyone
of the letters are required. If letters appear with in
curly braces, "{}", then either one ornone ofthe letters
are required. When a a group oflettersis separated from
other letters by a bar, "|", with in squarebrackets or
curly braces then the group of letters between the bars or a
bar anda closing bracket or brace are considered an atomic
unit. As an example, "fld[lst] means: fldl, flds, or fldt.
Where fst{ls} means: fst, fstl, or fsts. And fild{l|ll}
means: fild, fildl, or fildll.
The Unixoperators are built from the Intel operators by
adding suffixes to them. The80287 deals with three data
types, integer, packed decimal, and reals. The Unix assem-
bler is not typed. So the operator has to carrywith itthe
type of data item it is operating on. If the operation is
on an integerthe following suffixes apply: lfor Intel's
short (32 bit), and ll for Intel's long (64 bits). Ifthe
operator applies to reals then: s is short (32bits), l is
long (64bits), and t istemporary real (80 bits).
Real Transfers
UNIX | INTEL Operation
=================================================
fld[lst] | fld load real
fst{ls} | fst store real
fstp{lst} | fstp store real and pop
fxch | fxch exchangeregisters
Integer Transfers
UNIX | INTEL Operation
=================================================
fild{l|ll} | fild integer load
fist{l} | fist integer store
fistp{l|ll} | fistp integer store and pop
PackedDecimalTransfers
UNIX | INTEL Operation
=================================================
fbld | fbld Packed decimal (BCD) load
fbstp | fbstp Packed decimal (BCD) store and pop
Addition
UNIX | INTEL Operation
=================================================
fadd{ls} | fadd real add
faddp | faddp real addand pop
fiadd{l} | fiadd integer add
Subtraction
UNIX | INTEL Operation
=================================================
fsub{ls} | fsub subtractreal
fsubp | fsubp subtractreal and pop
fsubr{ls} | fsubr subtractreal reversed
fsubrp | fsubrp subtractreal reversed and pop
fisub{l} | fisub integer subtract
fisubr{l} | fisubr integer subtractreverse
Multiplication
UNIX | INTEL Operation
=================================================
fmul{ls} | fmul multiplyreal
fmulp | fmulp multiplyreal and pop
fimul{l} | fimul integer multiply
Division
UNIX | INTEL Operation
=================================================
fdiv{ls} | fdiv divide real
fdivp | fdivp divide real and pop
fdivr{ls} | fdivr divide real reversed
fdivrp | fdivrp divide real reversed andpop
fidiv{l} | fidiv integer divide
fidivr{l} | fidivr integer divide reversed
Other Arithmetic Operations
UNIX | INTEL Operation
=================================================
fsqrt | fsqrt square root
fscale | fscale scale
fprem | fprem partial remainder
frndint | frndint round tointeger
fxtract | fxtract extract exponentand significand
fabs | fabs absolutevalue
fchs | fchs change sign
Comparison Instructions
UNIX | INTEL Operation
=================================================
fcom{ls} | fcom compare real
fcomp{ls} | fcomp compare real andpop
fcompp | fcompp compare real andpop twice
ficom{l} | ficom integer compare
ficomp{l} | ficomp integer compare and pop
ftst | ftst test
fxam | fxam examine
Transcendental Instructions
UNIX | INTEL Operation
=================================================
fptan | fptan partial tangent
fpatan | fpatan partial arctangent
f2xm1 | f2xm1 2^x - 1
fyl2x | fyl2x Y * log2X
fyl2xp1 | fyl2xp1 Y * log2(X+1)
Constant Instructions
UNIX | INTEL Operation
=================================================
fldl2e | fldl2e load logeE
fldl2t | fldl2t load log2 10
fldlg2 | fldlg2 load log2 2
fldln2 | fldln2 load loge2
fldpi | fldpi load pie
fldz | fldz load + 0
Processor Control Instructions
UNIX | INTEL Operation
=================================================
finit/fnint | finit/fnint initialize processor
fnop | fnop no operation
fsave/fnsave | fsave/fnsave save state
fstcw/fnstcw | fstcw/fnstcw store control word
fstenv/fnstenv | fstenv/fnstenv store environment
fstsw/fnstsw | fstsw/fnstsw store status word
frstor | frstor restore state
fsetpm | fsetpm set protected mode
fwait | fwait CPU wait
fclex/fnclex | fclex/fnclex clear exceptions
fdecstp | fdecstp decrement stack pointer
ffree | ffree free registers
fincstp | fincstp increment stack pointer
This document provides the third draft of the assembler
language definition for the 5.3/386 CCS. The goal of this
effort is to take the current 286 assembler andupgrade it
to a 386assembler in the minimum possible time. This docu-
ment describes the resulting product.
1.1 INVOKING_THE_ASSEMBLER
The assembler isinvokedby the command:
as [-o outfile] [-n] [-R] [-v] [-u] [-x]infile
The flags have the following meaning:
-o filename
Use filename as the outputfile. The output file name
is generated by the algorithm at the end of this sec-
tion.
-n
Noaddressoptimization.
-R
Remove (unlink) the input file after assembly is com-
pleted.
-V
Write the version number of the assembler on the stan-
dard erroroutput. This option does allowfor normale
assembly.
-u
Remove unreferenced debugging symbols fromthe symbol
table.
-x
Extended addressing (48-bit pointers) willbe used.
The input assembly language program is read frominfileand
the output object module is written to outfile. The assem-
bler only accepts one infile on a command line.If outfile
is notspecified, the name is created from infile bythe
following algorithm:
+ If the nameinfile ends with the two characters .s,the
name outfile is createdby replacing these lasttwo
characters with .o.
+ If the nameinfile does notend with the two characters
.sand is no more than 12 characters long, the name
outfile is created by appending .o to the name infile.
+ If the nameinfile does notend with the two characters
.sand is greater than 12 characters long, the name
outfile is created by appending .o to the first 12
charactersof infile. This satisfies theUNIX system
requirementthat a file name be no more than 14 charac-
ters long.
1.2 INPUT_FORMAT
The input to theassembler is a text file. This file must
consist of a sequence oflines ending with a newline charac-
ter (ASCII LF).Each line can contain one or more state-
ments. If several statements appear on a line, they must be
separated by semicolons(;). Each statement mustbe one of
the following:
+ An empty statement is one that contains nothing other
than spaces, tabs, and form-feed characters. Empty
statements have no meaning to the assembler. Theycan
be insertedfreely to improve the appearance of a list-
ing.
+ An assignment statement is one thatgives avalue to a
symbol. It consists of a symbol, followedby an equal
sign(=), followed by an expression. The expression is
evaluated and the result is assigned tothe symbol.
Assignment statements do not generate any code. They
are used only toassign assemblytime values to sym-
bols.
+ A pseudo operation statement is a directive tothe
assembler that does not necessarily generate any code.
It consistsof a pseudo operationcode, followed by
zero or more operands.Every pseudo operation code
begins witha period(.).
+ A machine operationstatement is a mnemonicrepresenta-
tion of an executable machine instruction that is
translated by the assembler. It consists of an opera-
tion code, followedby zeroor moreoperands.
In addition, each statement can be modified by one or more
of the following:
+ A label canbe placed at the begining of any statement.
This consists of a symbol followed by a colon(:). When
a label is encountered by the assembler, the value of
thelocation counter is assigned tothe label.
+ A comment can be inserted at the end of any statement
bypreceding thecommentwith a slash(/). The slash
causes the assembler to ignore anycharacters inthe
line after the slash. This facility isprovided to
allow insertion of internalprogramdocumentation into
thesource file fora program.
1.3 OUTPUT_FORMAT
The output of the assembler is an objectfile.The object
file produced bythe assembler contains at leastthe follow-
ing three sections:
.text This is an initialized section, normally it is
read only and contains the code from a program.
It mayalso contain read only tables.
.data This is an initialized section, normally it is
readable abdwritable. It containsinitialized
data.These can be scalers ortables.
.bss This is an uninitialized section. Space isnot
allocated for this segment in the cofffile.
An optional section, .comment may also be produced (Seethe
section "Pseudo Ops").
Every statement in the input assembly language program that
generates code or data generates it into one ofthese three
sections. The section into which the generated bytes are to
be written starts outas .text, and can be switched using
section control pseudo operations.
The assembler can produce objectmodules with any one of
four (4) different magic numbers. Each magic number indi-
cates that a different (incompatible) function linkagehas
been used.
The -x option must be specified to get an object file with
48-bit pointers. The default object file type (with no -x
option) is a 32-bit pointer object file.
The -x option does not change the outputcode - the handling
of 48-bit addresses must be done in the assembly code,byt
the programer. The -x option tells the assembler what type
of magicnumber to put into the coff file.
SYMBOLS AND EXPRESSIONS
2. SYMBOLS_and_EXPRESSIONS
2.1 Values
Values are represented in the assembler by 32 bit 2's com-
plimentvalues. All arithmetic is performed using 32 bits
of precision. Note thatthe values usedin a 386 instruc-
tion mayuse 8, 16, or 32 bits.
2.1.1 Types Every value is an instanceone of the follow-
ing types:
Undefined
Anundefined symbol is onewhose value has notyet
been defined. Examples of undefined symbols are for-
ward references and externals.
Absolute
Anabsolute type is one whose value doesnot change
with relocation. Examples of absolutesymbolsare
numeric constants and expressions whose operandsare
only numeric constants.
Text
A text type symbolis one whose value is relative to
the text segment.
Data
A data type symbolis one whose value is relative to
the data segment.
Bss
A bss typesymbol is one whose value is relative to
the bss segment.
Any of the abovesymbol types can be given the attribute
EXTERNAL.
2.2 Symbols
A symbolhas a value anda typeeach of which is either
specified explicitly by an assignment statement or from it's
context. Refer to section 2.3 (Expressions) forthe regular
expression definition ofa symbol.
2.2.1 Reserved_SymbolsThe following symbols are reserved
by the assembler.
. Commonly refered to as dot. This is the location
counter while assemblinga program. It takes onthe
current location in the text, data, or bsssection.
.text
This symbol is of type text. It is used to labelthe
beginningof a text section in the program being
assembled.
.data
This symbol is of type data. It is used to labelthe
beginningof a data section in the program being
assembled.
.bss
This symbol is of type bss. It isused to labelthe
beginning of a bsssectionin the program being assem-
bled.
2.3 Expressions
2.3.1 General The expressions accepted by the UNIX386
assembler can be described by their semantic and syntactic
rules.
The following are the operators supported by theassembler:
OPERATORACTION
---------------------------
+ addition
- subtraction
\* multiplication
\/ division
& bit wiselogicaland
| bit wiselogicalor
> right shift
< left shift
\% remainder operator
! bit wiselogicaland not
In the following syntactic rules the non-terminalsare
represented by lower case letters. The terminalsymbolsare
represented by upper case letters and the symbols enclosed
in double quotes("") are terminal symbols.
There isno precedence to the operators. Square brackets
must be used to establish precedence.
SYNTACTIC RULES FOR THE ASSEMBLER
expr : term
| expr "+" term
| expr "term
| expr "/" term
| expr "&" term
| expr "|" term
| expr ">" term
| expr "<" term
| expr "" term
| expr "!" term
| expr "-" term
;
term : id
| number
| "-" term
| "[" expr "]"
| "
| "
;
id : LABEL
;
number : DEC_VAL
| HEX_VAL
| OCT_VAL
| BIN_VAL
;
The Terminal nodes can be described by the following regular
expressions.
LABEL = [a-zA-Z_][a-zA-Z0-9_]*:
DEC_VAL = [1-9][0-9]*
HEX_VAL = 0[Xx][0-9a-fA-F][0-9a-fA-F]*
OCT_VAL = 0[0-7]*
BIN_VAL = 0[Bb][0-1][0-1]*
In the above regular expressions choices are enclosed in
square brackets,a rangeof letters or numbers are separated
by a dash (-), and the star (*) indicates zero (0) or more
instances of theprevious character.
Semantically theexpressions fall into two groups, theyare
absolute and relocatable. The following table showsthe
legal combinations of absolute and relocatable operands,for
the addition and subtraction operators. All other opera-
tions are only legal on absolutevalued expressions.
All numbers havethe absolute attribute. Symbols used to
reference storage, text or data, arerelocatable. In an
assignment statement Symbols on the lefthand side inherit
their relocationattributes fromthe right hand side.
In the table "a"is an absolute valued expression, and"r"
is a relocatable valued expression. The resulting type of
the operation isgiven to the right of the equalsign.
a + a = a
r + a = r
a - a = a
r - a = r
r - r = a
In the last example, the relocatable expressions must be
declaredbefore their differencecan be taken.
Following are some examples of valid expressions:
1. label"
2. $label"
3. [label + 0x100]"
4. [label1 -label2]"
5. $[label1 - label2]"
Following are some examples of invalid expressions:
1. [$label -$label]"
2. [label1 *5]"
3. (label + 0x20)"
PSEUDO OPERATIONS
.align val The align pseudo op causes the next data
generated tobe aligned modulo val.Val
must be an positiveintegervalue.
.bcd val The bcd pseudo op generates a packed
decimal (80-bit) value intothe current
section. This is not valid for the .bss
section. Val is a non-floating point
constant.
.bss The bss pseudo op changes the current
section to .bss
.bss tag, bytes Define symbol tag in the .bss section
andadd bytes to the value of dotfor
.bss. This does notchange the current
section to .bss. Tag is a symbol name.
Bytes must be an positive integer value.
.byte val [,val] The byte pseudo op generatesinitialized
bytes into the current section. This is
not valid for .bss.Each val must be
an 8-bit value.
.comm name, expr The comm pseudo op allocatesstorage in
the .datasection. Thestorage is
referenced by name, and hasa size in
bytes of expr. Name is a symbol. Expr
mustbe an positive integer. The name
can not be pre-defined.
.data The data pseudo op changes the current
section to .data.
.double val The double pseudo opgenerates an 80287
longreal (64-bit) into the current sec-
tion. Not valid the.bss section.Val
is afloating point constant.
.even The even pseudo op aligns the current
program counter, (.) to an even boun-
dary.
.float val The float pseudo opgenerates a 80287
short real(32 bit) intothe current
section. This is not valid in the .bss
section. Val is afloating point con-
stant.
.globl name Thispseudo op makesthe variable, name,
accessible to other programs.
.ident string The ident pseudo op creates an entry in
thecomment section containing string.
String is any sequence ofcharacters,
not including the double quote, '"'.
.lcomm name, expr The lcomm pseudo op allocates storage in
the .bss section. The storage is refer-
enced by name, and has a size of expr.
Name is a symbol. Expr must be of type
positive integer. Name can not be pre-
defined.
.long val The long pseudo op generates a long
integer (32-bit two's complement value)
intothe current section. This pseudo
op is not valid for the .bsssectionVal
is anon-floating point constant.
.noopt The noopt pseudo op
.optim The optim pseudo op
.set name, expr The set pseudo op sets the value of sym-
bol name to expr. This is equivalent to
an assignment.
.string str Thispseudo places the characters instr
into the object module atthe current
loc and terminates the string with a
null. Thestringmust beenclosed in
double quotes ("").This pseudo op is
not valid for the .bss section.
.text The text pseudo op defines the current
section as .text.
.value expr [,expr] The value pseudo op is used to generate
an initialized word (16-bit two's com-
plement value) into the current section.
This pseudoop is not validin the .bss
section. Each exprmust be a 16-bit
value.
.versionstring The version pseudo op puts the C com-
piler version into the comment section.
SDB PSEUDO OPS
.type expr The type pseudo op is usedwith in a
.def-.endef pair. It gives the namethe
C compiler type representation expr.
.val expr The val pseudo op isused with a .def-
.endef pair. It gives name the value of
expression.The type of expr determines
the section for name.
.tag str The tag pseudo op is used in relation
with a previouslydefined.def pseudo
op.If the name of a .def is a struc-
ture or a union, str shouldbe the name
of that structure orunion tag defined
in aprevious .def-.endef pair.
.size expr The size pseudo op is used with the .def
pseudo op. If name of .def is an object
suchas a structure or an array, this
gives it a totalsize ofexpr. Expr
mustbe a positive integer.
.scl expr The scl pseudo op isused with the .def
pseudo op. With in the .def it gives
namethe storage class ofexpr.The
typeof exprshould be positive.
.line expr The line pseudo op is used with the .def
pseudo op. It defines thesource line
number of the definition of symbol name
in the .def. Expr should yield an posi-
tivevalue.
.ln line[,addr] Thispseudoop provides the relative
source line number to the beginning of a
function. It is used to pass info
through to sdb.
.file name The file pseudo op is the source file
name. Only one is allowed per source
file. Name must bebetween 1 and 14
characters.This must be the first line
an assembly file.
.endef Theendef pseudo op is the ending
bracket for a .def.
.def name The def pseudo opstartsa symbolic
description for symbolname.See
.endef. Name is a symbol name.
.dim expr [,expr] The dim pseudo op isused with the .def
pseudo op.If the name of a .def is an
array, the expressions givethe dimen-
sions. Up to 4 dimensions are accepted.
The type of each expression should be
positive.
3. Machine_Instructions
3.1 Differencesbetweenthe UNIX 386 and the Intel 386
assemblers
This section describes the instructions that the assembler
accepts. The detailedspecification of how the particular
instructions operate arenot included. The operation of
particular instructions is described in the Intel documenta-
tion.
The following describes the differences between the Unix386
and Intel 386 assemblylanguages. This explanation covers
all aspects of translation from Intel assembler to Unix386
assembler.
This is a list of the differences between the Unix386
assemblylanguage and Intel's.
1. All register namesuse percent sign (%) asa prefix to
distinguish them from symbol names.
2. Instructions with two (2) operandsuse theleft asthe
source andthe right as the destination. This follows
the UNIX system'sassembler convention,and it is
reversed from Intel's notation.
3. Most instructions that canoperateon a byte, word, or
long mayhave "b", "w", or "l" appended to them. In
general when an opcode is specified with no type suf-
fix, it defaults to long. In general the UNIX386
assemblerderives its type information fromthe
opcode, where as the Intel 386 assembler can derive
its type information from the operand types. Wherethe
type information is derived, motivates theb, w, and l
suffixes used in the Unix 386 assembler.
3.2 Operands
Three kinds of operands are generally available tothe
instructions: register, memory, andimmediate operands.
Full descriptions of each type appear below. Indirect
operandsare available to jump and call instructions; but NO
other instructions can use memory indirect operands.
The assembler always assumes it is generating code for a 32
bit segment. So when 16 bit data is called for( i.e. movw
%ax, %bx) it will automaticallygenerate the 16 bit data
prefix byte.
Byte, Word, and Long registers are available on the 80386
processor. The code segment(%cs),instruction pointer
(%eip), and the flag register are not available as explicit
operandsto the instructions.
The names of thebyte, word, andlong registers available as
operandsand a brief descriptionappear below:
1. 8-bit (byte) general registers
%al low byte of %ax register
%ah high byte of %ax register
%cl low byte of %cx register
%ch high byte of %cx register
%dl low byte of %dx register
%dh high byte of %dx register
%bl low byte of %bx register
%bh high byte of %bx register
2. 16-bit general registers
%ax low 16-bits of %eax register
%cx low 16-bits of %ecx register
%dx low 16-bits of %edx register
%bx low 16-bits of %ebx register
%sp low 16-bits of the stack pointer (%esp)
%bp low 16-bits of the frame pointer (%ebp)
%si low 16-bits of the source index register (%esi)
%di low 16-bits of the destination index register
(%edi)
3. 32-bit General Registers
%eax 32-bit accumulator
%ecx 32-bit general register
%edx 32-bit general register
%ebx 32-bit general register
%esp 32-bit stack pointer
%ebp 32-bit frame pointer
%esi 32-bit sourceindex register
%edi 32-bit destination index register
4. Segment registers
%cs Code segmentregister, allreferences tothe
instruction space use this register.
%ds Data segment register,the default segment regis-
ter for most references to memory operands.
%ss Stack segment register, the default segment regis-
ter for memory operands in the stack. (i.e.
default segment register for%bp %sp %espand
%ebp).
%es General purpose segment register
Some string instructions use this extra segment as
their default segment.
%fs General purpose segment register
%gs General purpose segment register
3.3 Instruction_Descriptions
This section describes the Unix 5.3/386 instruction syntax.
Refer to section 3.13.13.1 forthe differencesbetweenthe
UNIX 386and theIntel 386 assemblers.
Since the assembler assumes it is alwaysgenerating codefor
a 32 bit segment it always assumes a 32bit address, and it
automatically predeeds word operations with a 16 bit data
prefix byte.
In this section the following notation is used:
1. The mnemonics are expressed in aregular expression
type syntax. Alternativesseparated by a verticalbar
(|) and enclosed with in square brackets, "[]", denote
one of them must be chosen. Alternatives enclosed
with in curly braces, "{}", denoteone or none ofthe
them may be used.The vertical bar (|) separates dif-
ferent suffixes for operators or operands. As an
example when an8, 16, or 32 bit immediate value is
permittedin an instructionwe would write:
imm[8|16|32].
2. imm[8|16|32|48] - any immediate value, as theyare
defined above. Immediate values are defined usingthe
regular expressionsyntaxpreviously defined. When
there is a choicebetweenoperandsizes the assembler
will choose the smallest representation.
3. reg[8|16|32] - anygeneral purpose register. Where
each number indicates one of the following:
32: %eax, %ecx, %edx, %ebx, %esi, %edi,%ebp, %esp.
16: %ax, %cx, %dx,%bx, %si, %di, %bp, %sp.
8:%al, %ah, %cl, %ch, %dl, %dh, %bl, %bh.
4. mem[8|16|32|48] - any memory operand. The8, 16,32,
and 48 suffixesrepresent byte, word, dword,and
inter-segment memory address quantities, respectively.
5. r/m[8|16|32] - anygeneralpurposeregister or memory
operand. The operand typeis determined from the suf-
fix. Theyare 8 =byte, 16 = word, and 32 = dword.
The registers for each operand size arethe same as
reg[8|16|32] above.
6. creg - anycontrolregister The control registers are:
%cr0, %cr2, or %cr3.
7. dreg - thedebug register. The debug registers are:
%db0, %db1, %db2, %db3, %db6, %db7.
8. sreg - anysegmentregister The segment registers are:
%cs, %ds, %ss, %es, %fs, %gs.
9. treg - thetest register. The test registers are:
%tr6 and %tr7
10. cc- condition codes. Thecondition codesare:
1. a - jmp above
2. ae - above or equal
3. b - below
4. be - below or equal
5. c - carry
6. e - equal
7. g - greater
8. ge - greater than or equal to
9. l - less than
10. le - less than or equalto
11. na - not above
12. nae - not above or equalto
13. nb - not below
14. nbe - not above or equalto
15. nc - nocarry
16. ne - not equal
17. ng - not greater than
18. nge - not greater than or equal to
19. nl - not less than
20. nle - not less than or equal to
21. no - not over flow
22. np - not parity
23. ns - not sign
24. nz - not zero
25. o - overflow
26. p - parity
27. pe - parity even
28. po - parity odd
29. s - sign
30. z - zero
11. disp[8|32]- the number ofbits used todefinethe
distance of a relative jump. Since the assembler only
supports a32 bit address space only 8 bit sign
extended, and 32 bit address are supported.
12. immPtr - When the immediate form of a longcall or a
long jumpis usedthe selector and offsetare encoded
asan immediate pointer (immPtr).
Addressing modes
Represented by: [sreg:][offset][([base][,index][,scale])].
Where all the items in the square brackets are optional,and
at least one isnecessary. If any of the itemsin sidethe
parenthesis are used theparenthesis aremandatory.
Sreg is a segment register over ride prefix. Itmay beany
segmentregister. If asegmentover ride prefix is present
it must be followed by acolon (:), before the offset com-
ponent of the address. Sreg does not represent an address
by itself. An address must contain an offset component.
Offset is a displacementfrom a segmentbase.It may be
absolute or relocatable. A label is an example of a relo-
catable offset.A number is an example of an absolute
offset.
Base andindex can be any 32 bitregister. Scale is a mul-
tiplication factor for the index register field. Please
refer tothe Intel documentationfor more details onthe
80386 addressingmodes.
Following are some examples of addresses:
movl var, %eax
Move the contents of memory location var into %eax.
movl %cs:var, %eax
Move the contents of the memory location, var inthe
code segment into %eax.
movl $var, %eax
Move the address of var into %eax.
movl array_base(%esi), %eax
Add the address ofmemory locationarray_base tothe
content of%esi toget an address in memory. Movethe
content ofthis address into %eax.
movl (%ebx, %esi, 4), %eax
Multiply the content of %esi by 4, add this tothe
content of %ebx, to produce a memory reference. Move
the content of this memorylocation into %eax.
movl struct_base(%ebx, %esi, 4),%eax
Multiply the content of %esi by 4, add this tothe
content of %ebx, add this to theaddress of
struct_base, to produce anaddress. Move the content
ofthis address into %eax.
A note about expressionsand immediate values. An immediate
value isan expression preceded by a dollar sign.
immediate: "$" expr
Immediate valuescarry the absolute orrelocatable attri-
butes of theirexpression component. Immediate valuescan
not be used in an expression.
Immediate valuesshould be considered as another form of
address. The immediate form of address.
3.3.1 Processor_Extension_InstructionsPlease refer tothe
chapter on floating point support.
3.3.1.1Control_and_Test_Register_Instructions
1. mov{l} creg, reg32
2. mov{l} dreg, reg32
3. mov{l} reg32, creg
4. mov{l} reg32, dreg
5. mov{l} treg, reg32
6. mov{l} reg32, treg
NOTE: The Unix assembleraccepts"mov" or "movl"as exactly
the same instruction for the control and test register
group.
3.3.1.2New_Condition_Code_Instructions
1. jcc disp32
2. setcc r/m8
3.3.1.3Bit_Instructions All the new bit instructionsare
only defined forword and long register or memory operands.
1. bt{wl} reg[16|32], r/m[16|32]
2. bt{wl} imm8, r/m[16|32]
3. bts{wl} imm8, r/m[16|32]
4. bts{wl} reg[16|32], r/m[16|32]
5. btr{wl} imm8, r/m[16|32]
6. btr{wl} reg[16|32], r/m[16|32]
7. btc{wl} imm8, r/m[16|32]
8. btc{wl} reg[16|32], r/m[16|32]
9. bsf{wl} reg[16|32], r/m[16|32]
10. bsr{wl} reg[16|32], r/m[16|32]
11. shld{wl} imm8, reg[16|32], r/m[16|32]
12. shld{wl} reg[16|32], r/m[16|32]
13. shrd{wl} imm8, reg[16|32], r/m[16|32]
14. shrd{wl} reg[16|32], r/m[16|32]
NOTE: All the bit operation mnemonics with out atype suffix
default to long.
3.3.1.4New_Arithmetic_Instruction
1. imul r/m[16|32], reg[16|32]
NOTE: This is the uncharacterized multiply. It has a 16 or
32 bit product, as opposed to a 32 or 64bit product.
3.3.1.5New_Move_with_Zero_or_Sign_Extension_Instructions
1. movzbw r/m8, reg16
2. movzbl r/m8, reg32
3. movzwl r/m16, reg32
4. movsbw r/m8, reg16
5. movsbl r/m8, reg32
6. movswl r/m16, reg32
3.3.2 Data_Movement_Instructions
1. clr{bwl} r/m[8|16|32]
2. lea{wl} mem32, reg[16|32]
3. mov{bwl} r/m[8|16|32], reg[8|16|32]
4. mov{bwl} reg[8|16|32], r/m[8|16|32]
5. mov{bwl} imm[8|16|32], r/m[8|16|32]
6. pop{wl} r/m[16|32]
7. popa{wl}
8. push{bwl} imm[8|16|32]
9. push{wl} r/m[16|32]
10. pusha{wl}
11. xchg{bwl} reg[8|16|32], r/m[8|16|32]
NOTE1: pushb sign extends the immediate byte to a long,and
pushes along (4bytes) onto thestack.
NOTE2: When a type suffix is notused with a data movement
mnemonicthe type defaults to long. TheUnix assembler does
not derive the type of the operands fromthe operands.
3.3.3 Segment_Register_Instructions
1. lds{wl} mem[32|48], reg[16|32]
2. les{wl} mem[32|48], reg[16|32]
3. lfs{wl} mem[32|48], reg[16|32]
4. lgs{wl} mem[32|48], reg[16|32]
5. lss{wl} mem[32|48], reg[16|32]
6. movw sreg[cs|ds|ss|es] , r/m16
7. movw r/m16, sreg[cs|ds|ss|es]
8. popw sreg[ds|ss|es|fs|gs]
9. pushw sreg[cs|ds|ss|es|fs|gs]
NOTE1: The pushwand popw push and pop 16 bitquantities.
This is done by using an data size over ride byte (OSP)
byte.
NOTE2: When the type suffix is not used with the lds, les,
lfs, lgs, and lss instructions a48 bit pointer is assumed.
NOTE3: Since theassembler assumes no type suffix means a
type of long, the typesuffix of "w" when working withthe
segment registers is mandatory.
3.3.4 I/O_Instructions
1. in{bwl} imm8
2. in{bwl} %dx
3. ins{bwl} %dx
4. out{bwl} imm8
5. out{bwl} %dx
6. outs{bwl} %dx
NOTE1: When the type suffix is left off the I/O instructions
they default tolong. So in = inl, out= outl,ins = insl,
and outs= outsl.
3.3.5 Flag_Instructions
1. lahf
2. sahf
3. popf{wl}
4. pushf{wl}
5. cmc
6. clc
7. stc
8. cli
9. sti
10. cld
11. std
NOTE: When the type suffix notused the pushf and popf
instructions default to long. Pushf= pushfl and popf =
popfl. A pushw or popw will push or popa 16 bit quantity.
This is done by using the OSP prefix byte
3.3.6 Arithmetic/Logical_Instructions
1. add{bwl} reg[8|16|32], r/m[8|16|32]
2. add{bwl} r/m[8|16|32], reg[8|16|32]
3. add{bwl} imm[8|16|32], r/m[8|16|32]
4. adc{bwl} reg[8|16|32], r/m[8|16|32]
5. adc{bwl} r/m[8|16|32], reg[8|16|32]
6. adc{bwl} imm[8|16|32], r/m[8|16|32]
7. sub{bwl} reg[8|16|32], r/m[8|16|32]
8. sub{bwl} r/m[8|16|32], reg[8|16|32]
9. sub{bwl} imm[8|16|32], r/m[8|16|32]
10. sbb{bwl} reg[8|16|32], r/m[8|16|32]
11. sbb{bwl} r/m[8|16|32], reg[8|16|32]
12. sbb{bwl} imm[8|16|32], r/m[8|16|32]
13. cmp{bwl} reg[8|16|32], r/m[8|16|32]
14. cmp{bwl} r/m[8|16|32], reg[8|16|32]
15. cmp{bwl} imm[8|16|32], r/m[8|16|32]
16. inc{bwl} r/m[8|16|32]
17. dec{bwl} r/m[8|16|32]
18. test{bwl} reg[8|16|32], r/m[8|16|32]
19. test{bwl} r/m[8|16|32], reg[8|16|32]
20. test{bwl} imm[8|16|32], r/m[8|16|32]
21. sal{bwl} imm8, r/m[8|16|32]
22. sal{bwl} %cl, r/m[8|16|32]
23. shl{bwl} imm8, r/m[8|16|32]
24. shl{bwl} %cl, r/m[8|16|32]
25. sar{bwl} imm8, r/m[8|16|32]
26. sar{bwl} %cl, r/m[8|16|32]
27. shr{bwl} imm8, r/m[8|16|32]
28. shr{bwl} %cl, r/m[8|16|32]
29. not{bwl} r/m[8|16|32]
30. neg{bwl} r/m[8|16|32]
31. bound{wl} reg[16|32], r/m[16|32]
32. and{bwl} reg[8|16|32], r/m[8|16|32]
33. and{bwl} r/m[8|16|32], reg[8|16|32]
34. and{bwl} imm[8|16|32], r/m[8|16|32]
35. or{bwl} reg[8|16|32], r/m[8|16|32]
36. or{bwl} r/m[8|16|32], reg[8|16|32]
37. or{bwl} imm[8|16|32], r/m[8|16|32]
38. xor{bwl} reg[8|16|32], r/m[8|16|32]
39. xor{bwl} r/m[8|16|32], reg[8|16|32]
40. xor{bwl} imm[8|16|32], r/m[8|16|32]
NOTE: When the type suffix is not included in an arithmetic
or logical instruction it defaults to a long.
3.3.7 Multiply_and_Divide
1. imul{wl} imm[16|32], r/m[16|32], reg[16|32]
2. mul{bwl} r/m[8|16|32]
3. div{bwl} r/m[8|16|32]
4. idiv{bwl} r/m[8|16|32]
NOTE: When the type suffix is not included in a multiply or
divide instruction it defaults to a long.
3.3.8 Conversion_Instructions
1. cbtw
2. cwtd
3. cwtl
4. cltd
NOTE: convert byte to word: %al -> %ax
convert word to double: %ax -> %dx:%ax
convert word to long: %ax -> %eax
convert long to double: %eax -> %edx:%eax
3.3.9 Decimal_Arithmetic_Instructions
1. daa
2. das
3. aaa
4. aas
5. aam
6. aad
3.3.10 _Coprocessor_Instructions
1. wait
2. esc
3.3.11 String_Instructions
1. movs[bwl]
2. movs - same as movsl
3. smov[bwl] same as movs[bwl]
4. smov - same as smovl
5. cmps[bwl]
6. cmps - same as cmpsl
7. scmp[bwl] same as cmps[bwl]
8. scmp - same as scmpl
9. stos[bwl]
10. stos - same as stosl
11. ssto[bwl] same as stos[bwl]
12. ssto - same as sstol
13. lods[bwl]
14. lods - same as lodsl
15. slod[bwl] same as lods[bwl]
16. slod - same as slodl
17. scas[bwl]
18. scas - same as scasl
19. ssca[bwl] same as scas[bwl]
20. ssca - same as sscal
21. xlat
22. rep
23. repnz
24. repz
NOTE: All Intel string op mnemonics default to longs.
3.3.12 _Procedure_Call_and_Return
1. lcall immPtr
2. lcall r/m48 (indirect)
3. lret
4. lret imm16
5. call disp32
6. call r/m32 (indirect)
7. ret
8. ret imm16
9. enter imm16, imm8
10. leave
3.3.13 Jump_Instructions
1. jcc disp[8|32]
2. jcxz disp[8|32]
3. loop disp[8|32]
4. loopnz disp[8|32]
5. loopz disp[8|32]
6. jmp disp[8|32]
7. ljmp immPtr
8. jmp r/m32 (indirect)
9. ljmp r/m48 (indirect)
NOTE: The UNIX 386 assembler optimizes for SDI's (Span
Dependent Instructions). So intra-segment jumps are optim-
ized to their short forms when possible.
3.3.14 Interrupt_Instructions
1. int 3
2. int imm8
3. into
4. iret
3.3.15 Protection_Model_Instructions
1. sldt r/m16
2. str r/m16
3. lldt r/m16
4. ltr r/m16
5. verr r/m16
6. verw r/m16
7. sgdt r/m32
8. sidt r/m32
9. lgdt r/m32
10. lidt r/m32
11. smsw r/m32
12. lmsw r/m32
13. lar r/m32, reg32
14. lsl r/m32, reg32
15. clts
3.3.16 Miscellaneous_Instructions
1. lock
2. nop
3. hlt
4. addr16
5. data16
TRANSLATION TABLES FOR UNIX TO INTELFLOAT MNEMONICS
The following tables show the relationship between the Unix
and Intel mnemonics. The mnemonics are organized intothe
same functional categories as the Intel mnemonics.The
Intel mnemonics appearin section two of the 80287 numeric
supplement.
The notational conventions used in the table are: When
lettersappearwith insquare brackets, "[]",exactlyone
of the letters are required. If letters appear with in
curly braces, "{}", then either one ornone ofthe letters
are required. When a a group oflettersis separated from
other letters by a bar, "|", with in squarebrackets or
curly braces then the group of letters between the bars or a
bar anda closing bracket or brace are considered an atomic
unit. As an example, "fld[lst] means: fldl, flds, or fldt.
Where fst{ls} means: fst, fstl, or fsts. And fild{l|ll}
means: fild, fildl, or fildll.
The Unixoperators are built from the Intel operators by
adding suffixes to them. The80287 deals with three data
types, integer, packed decimal, and reals. The Unix assem-
bler is not typed. So the operator has to carrywith itthe
type of data item it is operating on. If the operation is
on an integerthe following suffixes apply: lfor Intel's
short (32 bit), and ll for Intel's long (64 bits). Ifthe
operator applies to reals then: s is short (32bits), l is
long (64bits), and t istemporary real (80 bits).
Real Transfers
UNIX | INTEL Operation
=================================================
fld[lst] | fld load real
fst{ls} | fst store real
fstp{lst} | fstp store real and pop
fxch | fxch exchangeregisters
Integer Transfers
UNIX | INTEL Operation
=================================================
fild{l|ll} | fild integer load
fist{l} | fist integer store
fistp{l|ll} | fistp integer store and pop
PackedDecimalTransfers
UNIX | INTEL Operation
=================================================
fbld | fbld Packed decimal (BCD) load
fbstp | fbstp Packed decimal (BCD) store and pop
Addition
UNIX | INTEL Operation
=================================================
fadd{ls} | fadd real add
faddp | faddp real addand pop
fiadd{l} | fiadd integer add
Subtraction
UNIX | INTEL Operation
=================================================
fsub{ls} | fsub subtractreal
fsubp | fsubp subtractreal and pop
fsubr{ls} | fsubr subtractreal reversed
fsubrp | fsubrp subtractreal reversed and pop
fisub{l} | fisub integer subtract
fisubr{l} | fisubr integer subtractreverse
Multiplication
UNIX | INTEL Operation
=================================================
fmul{ls} | fmul multiplyreal
fmulp | fmulp multiplyreal and pop
fimul{l} | fimul integer multiply
Division
UNIX | INTEL Operation
=================================================
fdiv{ls} | fdiv divide real
fdivp | fdivp divide real and pop
fdivr{ls} | fdivr divide real reversed
fdivrp | fdivrp divide real reversed andpop
fidiv{l} | fidiv integer divide
fidivr{l} | fidivr integer divide reversed
Other Arithmetic Operations
UNIX | INTEL Operation
=================================================
fsqrt | fsqrt square root
fscale | fscale scale
fprem | fprem partial remainder
frndint | frndint round tointeger
fxtract | fxtract extract exponentand significand
fabs | fabs absolutevalue
fchs | fchs change sign
Comparison Instructions
UNIX | INTEL Operation
=================================================
fcom{ls} | fcom compare real
fcomp{ls} | fcomp compare real andpop
fcompp | fcompp compare real andpop twice
ficom{l} | ficom integer compare
ficomp{l} | ficomp integer compare and pop
ftst | ftst test
fxam | fxam examine
Transcendental Instructions
UNIX | INTEL Operation
=================================================
fptan | fptan partial tangent
fpatan | fpatan partial arctangent
f2xm1 | f2xm1 2^x - 1
fyl2x | fyl2x Y * log2X
fyl2xp1 | fyl2xp1 Y * log2(X+1)
Constant Instructions
UNIX | INTEL Operation
=================================================
fldl2e | fldl2e load logeE
fldl2t | fldl2t load log2 10
fldlg2 | fldlg2 load log2 2
fldln2 | fldln2 load loge2
fldpi | fldpi load pie
fldz | fldz load + 0
Processor Control Instructions
UNIX | INTEL Operation
=================================================
finit/fnint | finit/fnint initialize processor
fnop | fnop no operation
fsave/fnsave | fsave/fnsave save state
fstcw/fnstcw | fstcw/fnstcw store control word
fstenv/fnstenv | fstenv/fnstenv store environment
fstsw/fnstsw | fstsw/fnstsw store status word
frstor | frstor restore state
fsetpm | fsetpm set protected mode
fwait | fwait CPU wait
fclex/fnclex | fclex/fnclex clear exceptions
fdecstp | fdecstp decrement stack pointer
ffree | ffree free registers
fincstp | fincstp increment stack pointer
December 26, 2017
Add comments