80386

Instruction SET

Indira College of Engineering Management, Pune

• Prefix , opcode register specifier/addressing
mode specifier/SIB//displacement.
Applications Instruction Set
• Data Movement Instructions

1. General-purpose data movement instructions.

2. Stack manipulation instructions.
3. Type-conversion instructions.
General-Purpose Data Movement Instructions
• MOV (Move) transfers a byte, word, or doubleword from
the source operand to the destination operand.
• The MOV instruction is useful for transferring data along any
of these paths.
• There are also variants of MOV that operate on segment
registers.
• To a register from memory – MOV EAX,[1000H]
• To memory from a register – MOV [1000H],AX
• Between general registers- MOV EAX, EBX
• Immediate data to a register- MOV EAX,2000H
• Immediate data to a memory-MOV [EAX],2000H
• The MOV instruction cannot move from memory to memory or from
segment register to segment register are not allowed.

• MOV[1000H],[3230H] XXXXXXX
• XCHG (Exchange)
• swaps the contents of two operands.
• This instruction takes the place of three MOV instructions.
• It does not require a temporary location to save the contents of one operand while load
the other is being loaded.
• XCHG is especially useful for implementing semaphores or similar data structures for
process synchronization.
• The XCHG instruction can swap two byte operands,
two word operands, or two doubleword operands.

•
• Stack Manipulation Instructions

• PUSH (Push)
• decrements the stack pointer (ESP), then transfers the source
operand to the top of stack indicated by ESP.
• PUSH is often used to place parameters on the stack before
calling a procedure;
• It is also the basic means of storing temporary variables on the
stack.
• The PUSH instruction operates on memory operands,
immediate operands, and register operands (including segment
registers).
• PUSHA (Push All Registers) saves the contents of the eight
general registers on the stack.
•
• This instruction simplifies procedure calls by reducing the
number of instructions required to retain the contents of the
general registers for use in a procedure

• . The processor pushes the general registers on the stack in the

following order: EAX, ECX,EDX, EBX, the initial value of
ESP before EAX was pushed, EBP, ESI, and EDI.

• PUSHA is complemented by the POPA instruction.

• POP (Pop) transfers the word or doubleword at the current top
of stack (indicated by ESP) to the destination operand, and then
increments ESP to point to the new top of stack.
• POP moves information from the stack to a general register, or
to memory
• There are also a variant of POP that operates on segment
registers.

• POPA (Pop All Registers) restores the registers saved on the

stack by
• PUSHA, except that it ignores the saved value of ESP
• Type Conversion Instructions

• The type conversion instructions convert bytes into

words, words into doublewords, and doublewords into
64-bit items (quad-words).

• These instructions are especially useful for converting

signed integers, because they automatically fill the
extra bits of the larger item with the value of the sign
bit of the smaller item.
There are two classes of type conversion instructions:

1. The forms CWD, CDQ, CBW, and CWDE which

operate only on data in the EAX register.

2. The forms MOVSX and MOVZX, which permit one

operand to be in any general register while permitting
the other operand to be in memory or in a register.
• The cbw (convert byte to word) instruction sign extends the eight bit
value in al to ax.

• That is, it copies bit seven of AL throughout bits 8-15 of ax.

• This instruction is especially important before executing an eight bit

• This instruction requires no operands

Cbw AL – 8 BIT 16 BIT – AX

AL-1000 1010 CBW - AX- 1111 1111 1000 1010
• The cwd (convert word to double word)
• instruction sign extends the 16 bit value in ax to 32 bits and places the
result in dx:ax.
• It copies bit 15 of ax throughout the bits in dx.
• It is available on all 80x86 processors which explains why it doesn’t sign
extend the value into eax.
• Like the cbw instruction, this instruction is very important for division
operations.
• Cwd requires no operands
• AX – 0111 1111 1111 1111 CWD dx :0000 0000 0000 0000
• ax: 0111 1111 1111 1111
• The cwde instruction sign extends the 16 bit value in ax to 32 bits and
places the result in eax by copying bit 15 of ax throughout bits 16..31
of eax.
• This instruction is available only on the 80386 and later processors.
• As with cbw and cwd the instruction has no operands
• The cdq instruction sign extends the 32 bit value in
eax to 64 bits and places the result in edx:eax by
copying bit 31 of eax throughout bits 0..31 of edx.
• This instruction is available only on the 80386 and
later.
• You would normally use this instruction before a long
division operation.
• As with cbw, cwd, and cwde the instruction has no
operands
• The movsx instruction is a generalized form of the cbw, cwd, and cwde instructions.
• It will sign extend an eight bit value to a sixteen or thirty-two bits, or sign extend a
sixteen bit value to a thirty-two bits.
• This instruction uses a mod-reg-r/m byte to specify the two operands.
• The allowable forms for this instruction are
• movsx reg16, mem8-byte to word mov BX,[1000]- BYTE- BL BH- SIGN BIT
• movsx reg16, reg8
• movsx reg32, mem8
• movsx reg32, reg8
• movsx reg32, mem16
• movsx reg32, reg16
• Note that anything you can do with the cbw and cwde
instructions, you can do with a movsx instruction:
• movsx ax, al ;CBW
• movsx eax, ax ;CWDE
• movsx eax, al ;CBW followed by CWDE

• E.g. movsx EAX,BL

•
This copies the contents of BL register to EAX register. 7th
Bit of BL is copied to the MSB of the EAX register as well
as the AH register
• The movzx instruction works just like the movsx instruction, except it extends
unsigned values via zero extension rather than signed values through sign extension.

• The syntax is the same as for the movsx instructions except, of course, you use the
movzx mnemonic rather than movsx.

• MOVZX EAX,BL
• This copies the contents of BL register to EAX register. Zero is copied to the MSB of
the EAX register as well as the AH register.
Binary Arithmetic Instructions

• Addition
• Subtration
• Multiplication
• Division
• Comparision
• Change sign
• ADD (Add Integers) replaces the destination operand with the sum of the
source and destination operands. Sets CF if overflow.

• ADC (Add Integers with Carry) sums the operands, adds one if CF is set,
and replaces the destination operand with the result. If CF is cleared, ADC
performs the same operation as the ADD instruction. An ADD followed by
multiple ADC instructions can be used to add numbers longer than 32 bits.

• INC (Increment) adds one to the destination operand. INC does not affect
CF.
• ADD(Add byte or word or double word
• ADD distination,source
• Destination= destination+ source
• add reg, reg
• add reg, mem
• add mem, reg
• add reg, immediate data
• add mem, immediate data
• add eax/ax/al, immediate data
• Both operands i.e. source and destination cannot be memory locations.
• Flags: AF,CF,OF,PF,SF,ZF affected.
• ADC- Add with carry
ADC destination, source
Destination= destination+source+CF

INC(Increment destination by 1)
INC Destination
Destination=destination+1
e.g. INC CX
INC AL
INC EBX
Subtraction Instructions
SUB, SBB, DEC,
• They set the zero flag if the result is zero
• These instructions set the sign flag if the result is negative.
• These instructions set the overflow flag if signed
overflow/underflow occurs.
• They set the auxiliary carry flag as necessary for BCD/ASCII
arithmetic.
• They set the parity flag according to the number of one bits
appearing in the result value.
• The sub and sbb instructions set the carry flag if an unsigned
overflow occurs.
Note that the dec instruction does not affect the carry flag.
• SUB (Subtract Byte or word)
SUB destination, source
Destination=destination-source

• SBB(Subtract with borrow)

SBB destination, source
Destination=destination-source-CY
• DEC: ( Decrement Byte or Word or Double Word by 1)

DEC destination
destination= destination -1
• Multiplication Instructions

• MUL (Unsigned Integer Multiply) performs an

unsigned multiplication of the source operand and the
accumulator.

• IMUL (Signed Integer Multiply) performs a signed

multiplication operation.
• MUL: (Mmultiply Byter or word or DW unsigned).

• Note that when multiplying two n-bit values, the result

may require as many as 2*n bits.
• Therefore, if the operand is an eight bit quantity, the
result will require sixteen bits.
• Likewise, a 16 bit operand produces a 32 bit result
and a 32 bit operand requires 64 bits for the result.
• MUL source
• mul operand8
ax := al * operand

• dx:ax := ax * operand16

• edx:eax := eax * operand32

• IMUL (Signed Integer Multiply) performs a signed multiplication
operation.
• IMUL has three variations:
1. A one-operand form. The operand may be a byte, word, or double word
located in memory or in a general register. This instruction uses EAX and
EDX as implicit operands in the same way as the MUL instruction.

2. A two-operand form. One of the source operands may be in any general

register while the other may be either in memory or in a general register. The
product replaces the general-register operand.

3. A three-operand form; two are source and one is the destination operand.
• If magnitude of the product does not require all bits of
the destination the unused bits are filled with copies of
the sign bit.
• Division Instructions
• DIV, IDIV

1. DIV( Divide Byte or Word or Double word unsigned

DIV source
If the operand is an eight bit operand,
div divides the ax register by the operand leaving the
quotient in al and
the remainder in ah.
• If the operand is a 16 bit quantity,
• then the div instruction divides the 32 bit quantity in
dx:ax by the operand leaving the quotient in ax and
• the remainder in dx.

• With 32 bit div divides the 64 bit value in edx:eax

by the operand leaving the quotient in eax
• and the remainder in edx
• You cannot, simply divide one eight bit value by another.
• If the denominator is an eight bit value, the numerator must be
a sixteen bit value.
• If you need to divide one unsigned eight bit value by another,
you must zero extend the numerator to sixteen bits.
• You can accomplish this by loading the numerator into the al
register and then moving zero into the ah register.
• Then you can divide ax by the denominator operand to produce
the correct result
• IDIV(Divide Byte or word or double word on signed
data)

• NEG (Negate)
Perform 2’s complement negation of the destination
• CMP( Compare Two Operands)
CMP Destination, source

Destination- Source
Result is not stored in either of the dest or source only
flags are updated.
Both source and dest operands must be of same type
 cmp ax, bx
The flags are set as follows:

Z: The zero flag is set if and only if ax = bx. This is the only time ax-bx
produces a zero result.

S: The sign flag is set to one if the result is negative. i.e. source is greater than
destination

O: The overflow flag is set after a cmp operation if the difference of ax and bx
produced an overflow or underflow. As mentioned above, the sign flag and the
over- flow flag are both used when performing signed comparisons.

C: The carry flag is set after a cmp operation if subtracting bx from ax

requires a borrow. This occurs only when ax is less than bx where ax and bx
are both unsigned values.
• Decimal Arithmetic Instructions

1. Packet BCD adjustment Instructions

DAA (Decimal adjustment for addition)

DAS( Decimal adjustment for sub)
• DAA (Decimal adjustment for addition):
• If Lower nibble of AL>9 then AL=AL+06
• If AL>9F then AL=AL+60

• This instruction is used to make sure that the result of

adding two packed BCD numbers is adjusted to be a
valid BCD number.
• This is used after addition operation
• E.g. if AL=59H valid BCD
• BL=34H valid BCD
• Add AL,BL
• DAS( Decimal adjust after subtraction)
if lower nibble of AL>9 then AL=AL-06
if lower nibble of AL>9F then AL=AL-60

AL= 86
BH=57
SUB AL,BH
DAS
2. Unpacket BCD adjustment Instructions
AAA (ASCII adjust after addition)
AAS (ASCII adjust after subtraction)
AAM (ASCII adjust for Multiply)
AAD (ASCII adjust after Divide)
• AAA (ASCII adjust after addition)
If lower nibble of AL is greater than 9 then
AL=AL+6 and AH=AH+1
AF=1 , CF=1
Numerical data coming into a computer from a terminal through
keyboard is usually in ASCII code.
The numbers 0 to 9 are represented by ASCII codes 30H to 39H.
After addition AAA instruction is used to make sure that the
result is the correct unpacked BCD.
AAA works only on AL register and after an ADD instruction
• AAS: (ASCII adjust after subtraction)
If lower nibble of AL is greater than 9 then
AL=AL - 6
AH=AH-1
AF=1
CF=1
• AAM: This instruction divides ax by 10 and leaves the quotient in ah and
the remainder in al
This adjustment must be done after multiplication

e.g. Multiplication of 5 and 9

MOV AL,0000 0101
MOV BH,0000 1001
MUL BH
AAM
; This multiplication gives result in AX
Ax= 00000000 00101101
After AAM instruction the AX = 0000 0100 0000 0101
• AAD:
al := ah*10 + al
ah := 0
This adjustment must be done before dividing the two unpacked BCD digits
After division
AL= unpacked BCD quotient
AH= unpacked BCD remainder
e.g.
• Divide 67 by 9
• MOV AX, 0607H
• MOV CH, 09H
• AAD ;AX = 0043 = 43H = 67
• DIV CH ;Divide AX by unpacked BCD in CH, result: AL = 07 unpacked
BCD, AH = 04 unpacked BCD
 The Logical Instructions
• Boolean operation instruction: NOT AND OR XOR
• Bit test and modify instructions
BT BTC BTR BTS
• Bit scan Instruction
BSF, BSR
• Shift instruction
SHLD SHRD SHL SAL SHR SAR
• Rotate instruction
ROL ROR RCL RCl
• Byte Set instruction
SET
• Test Instruction
TEST
• and dest, source ;dest := dest and source
• or dest, source ;dest := dest or source
• xor dest, source ;dest := dest xor source
• not dest ; dest := not dest
Bit Test and Modify instructions

BT (Bit Test)

BTS (Bit Test and set)

BTR (Bit Test and reset)

BTC (Bit Test and complement)

• Bit Test
BT source, index

This instruction tests the status of the specified bit and

the status of that bit is coped to the carry flag.
e.g. BT EAX,05
Copes the bit 5 of the EAX to carry flag.
• BTS (Bit Test and set)
This tests the status of specified bit , status of that bit is
coped to the carry flag .Then specified bit is set. E.g.
BTS EAX,05

• BTR (Bit Test and reset)

This tests the status of specified bit , status of that bit is
coped to the carry flag .Then specified bit is reset.
• BTC (Bit Test and complement)
• Bit scan Instruction
BSF, BSR
1. BSF (Bit Scan Forward)
- Bsr locates the first set bit searching from the L.O. bit down to
the H.O. bit.

- If these instructions locate a one, they clear the zero flag and
store the bit index (0..31) into the destination operand.

- If the source operand is zero, these instructions set the zero

flag and store an indeterminate value into the destination operand
2. BSR (Bit Scan Reverse)
-Bsr locates the first set bit searching from the H.O. bit
down to the L.O. bit.
- If these instructions locate a one, they clear the zero
flag and store the bit index (0..31) into the destination
operand.

- If the source operand is zero, these instructions set the

zero flag and store an indeterminate value into the
destination operand
Shift Instructions
• SHL/SAL(Shift logical/arithmetic left byte or word or double word)
• Shr ( Shift logical right byte or word or double word)
• SAR ( Shift arithmetic right byte or word or Double word)
• SHLD( Shift left double precision)
• SHRD ( Shift right double precision)
 SHL/SAL(Shift logical/arithmetic left byte or word or double
word)
• SAL/SHL destination , count
• Shifts all bits left , the bit that goes off is set to CF.
• Zero bit is inserted in the right most position
• Flags affected: OF,CF,AF,PF,SF
• Shr ( Shift logical right byte or word or double word)
SHR destination,count
Shifts all bits right the bit that goes off is set to CF.
Zero bit is inserted to the left most Position.
All Flags affected.
• shr ax, 1 ;Equivalent to AX/2
• shr ax, 2 ;Equivalent to AX/4
• shr ax, 3 ;Equivalent to AX/8
• shr ax, 4 ;Equivalent to AX/16
• shr ax, 5 ;Equivlaent to AX/32
• shr ax, 6 ;Equivalent to AX/64
• shr ax, 7 ;Equivalent to AX/128
• shr ax, 8 ;Equivalent to AX/256
• SAR ( Arithmetic Right Byte or Word or DD)
SAR destination, count
Shifts all bits right the bit that goes off is set to CF. The sign bit
that is inserted to the leftmost position has the same value as
before shift.

• The sar instruction’s main purpose is to perform a signed

division by some power of two.
• sar ax, 1 ;Signed division by 2
• sar ax, 2 ;Signed division by 4
• sar ax, 3 ;Signed division by 8
• sar ax, 4 ;Signed division by 16
• sar ax, 5 ;Signed division by 32
• sar ax, 6 ;Signed division by 64
• sar ax, 7 ;Signed division by 128
• sar ax, 8 ;Signed division by 256
• SHLD( Shift left double precision)
SHLD destination,source,count
shld operand1, operand2, immediate
• The shld instruction shifts bits in operand1 to the left.
• The H.O. bit shifts into the carry flag and the H.O. bit
of operand2 shifts into the L.O. bit of operand1.
• This instruction does not modify the value of
operand2,
• SHRD ( Shift right double precision)
 Rotates
ROL(Rotate left)
ROR( Rotate right)
RCL ( Rotate through carry left)
RCR ( Rotate through carry right)
• ROL(Rotate left)
ROL destination,source
Shifts all bits left the bit goes off is set to CF and the
same bit is inserted to the right most position
• ROR( Rotate right)
• RCL ( Rotate through carry left)

• RCL destination, count

• RCR ( Rotate through carry right)
• RCR destination, count
Byte-Set-On-Condition Instructions
• This group of instructions sets a byte to zero or one depending on any of the
16 conditions defined by the status flags.

• The byte may be in memory or may be a one-byte general register. These

instructions are especially useful for implementing Boolean expressions in
high-level languages such as Pascal.

• SETcc (Set Byte on Condition cc) set a byte to one if condition cc is

true; sets the byte to zero otherwise.
• SET cc destination
If condition is true byte= FF
Else Byte =00H
Conditions
•O Overflow
• NO No overflow
•B Below
• NAE Neither above nor equal
• NB Not below
• AE Above or equal CF = 0
•E Equal
•Z Zero ZF = 1
• NE Not equal
• NZ Not zero ZF = 0
• BE Below or equal
• NA Not above (CF or ZF) = 1
• NBE Neither below nor equal
• NA Above (CF or ZF) = 0
•S Sign SF = 1
• NS No sign SF = 0
•P Parity
• PE Parity even PF = 1
• NP No parity
• PO Parity odd PF = 0
•L Less
• NGE Neither greater nor equal (SF xor OF) = 1
• NL Not less
• GE Greater or equal (SF xor OF) = 0
• LE Less or equal
• NG Not greater ((SF xor OF) or ZF) = 1
• NLE not less equal
Test Instruction
• TEST (Test) performs the logical "and" of the two operands, clears OF
and CF, leaves AF undefined, and updates SF, ZF, and PF.
• The flags can be tested by conditional control transfer instructions or
by the byte-set
• TEST destination, source

• Difference between Test and AND is that TEST does not alter the
destination operand
• Difference between Test an Bit Test is
• BT tests a single bit and
• TEST tests multiple bits in one operation.
Control Transfer Instructions
• The 80386 provides both conditional and unconditional control
transfer instructions to direct the flow of execution.

• Conditional control transfers depend on the results of operations that

affect the flag register.

• Unconditional control transfers are always executed.

Unconditional Transfer Instructions
• JMP, CALL, RET and IRET
• Jump Instruction: JMP (Jump) unconditionally transfers control to
the target location.
• JMP is a one-way transfer of execution; it does not save a return
address on the stack.
• The JMP instruction always performs the same basic function of
transferring control from the current location to a new location.
• Its implementation varies depending on whether the address is
specified directly within the instruction or indirectly through a register
or memory.
• A direct JMP instruction includes the destination address as part of
the instruction.
• An indirect JMP instruction obtains the destination address indirectly
through a register or a pointer variable.
• Direct near JMP. A direct JMP uses a relative displacement value
contained in the instruction.
• The displacement is signed and the size of the displacement may be a
byte, word, or doubleword.
• The processor forms an effective address by adding this relative
displacement to the address contained in EIP.
• When the additions have been performed, EIP refers to the next
instruction to be executed.
• Indirect near JMP. Indirect JMP instructions specify an absolute
address in one of several ways:

1. The program can JMP to a location specified by a general register (any of EAX,
EDX, ECX, EBX, EBP, ESI, or EDI). The processor moves this 32-bit value into
EIP and resumes execution.
2. The processor can obtain the destination address from a memory operand
specified in the instruction.
Call Instruction
• CALL (Call Procedure) activates an out-of-line procedure, saving on
the stack the address of the instruction following the CALL for later
use by a RET (Return) instruction.

• CALL places the current value of EIP on the stack.

• The RET instruction in the called procedure uses this address to

transfer control back to the calling program.
• Near CALL : Also called intrasegment call.
It stores content of IP on stack and program control is
transferred to the new procedure.

• FAR call : Intersegment call

It stores content of CS and IP onto stack then program
control Is transferred to the subroutine in the another segment.
• Return
• RET : RET (Return From Procedure) terminates the execution of a
procedure and transfers control through a back-link on the stack to the
program that originally invoked the procedure.

• RET restores the value of EIP that was saved on the stack by the
previous CALL instruction.

• IF RET specify an immediate operand then by adding this constant to

new top of stack pointer.
• RET2: SP will be incremented by additional 2 address after IP and CS
are popped off the stack.
• IRET (Return From Interrupt) returns control to an interrupted
procedure.
• IRET differs from RET in that it also pops the flags from the stack into
the flags register.
• The flags are stored on the stack by the interrupt mechanism.
Conditional Transfer Instructions
• The conditional transfer instructions are jumps that may or may not
transfer control, depending on the state of the CPU flags when the
Instruction executes.
• Conditional Jump Instructions
Conditional jump instructions contain a displacement which is added to
the EIP register if the condition is true.
The displacement may be a byte, a word, or a doubleword.
The displacement is signed; therefore, it can be used to jump forward or
backward.
Loop Instructions
• The loop instructions are conditional jumps that use a value placed in
ECX to specify the number of repetitions of a software loop.

• All loop instructions automatically decrement ECX and terminate the

loop when ECX=0.

• Four of the five loop instructions specify a condition involving ZF that

terminates the loop before ECX reaches zero.
• LOOP (Loop While ECX Not Zero) is a conditional transfer that
automatically decrements the ECX register before testing ECX for the
branch condition.
• If ECX is non-zero, the program branches to the target label specified
in the instruction.
• The LOOP instruction causes the repetition of a code section
• LOOP short_label
• If LOOP finds ECX=0, control transfers to the instruction immediately
following the LOOP instruction.

• If the value of ECX is initially zero, then the LOOP executes 232
times.
• LOOPE (Loop While Equal) and LOOPZ (Loop While
Zero) are synonyms for the same instruction.

• These instructions automatically decrement the ECX register before

testing ECX and ZF for the branch conditions.

• If ECX is non-zero and ZF=1, the program branches to the target label
specified in the instruction.

• If LOOPE or LOOPZ finds that ECX=0 or ZF=0, control transfers to

the instruction immediately following the LOOPE or LOOPZ
instruction.
• LOOPNE (Loop While Not Equal) and LOOPNZ (Loop While
Not Zero) are synonyms for the same instruction.

• These instructions automatically decrement the ECX register before

testing ECX and ZF for the branch conditions.

• If ECX is non-zero and ZF=0, the program branches to the target label
specified in the instruction.

• If LOOPNE or LOOPNZ finds that ECX=0 or ZF=1, control transfers

to the instruction immediately following the LOOPNE or LOOPNZ
instruction.
Executing a Loop or Repeat Zero Times

• JCXZ- (Jump if ECX Zero) JCXZ is useful in combination with the LOOP
instruction and with the string scan and compare instructions, all of which
decrement ECX.
• Sometimes, it is desirable to design a loop that executes zero times if the count
variable in ECX is initialized to zero.
• Because the LOOP instructions (and repeat prefixes) decrement ECX before they
test it, a loop will execute 232 times if the program enters the loop with a zero
value in ECX.
• A programmer may conveniently overcome this problem with JCXZ, which
enables the program to branch around the code within the loop if ECX is zero
when JCXZ executes.
Software-Generated Interrupts
• The INT n, INTO, and BOUND instructions allow the programmer to
specify a transfer to an interrupt service routine from within a
program.
• INT n (Software Interrupt 0-255) activates the interrupt service
routine that corresponds to the number coded within the instruction.
• The INT instruction may specify any interrupt type .
• Programmers may use this flexibility to implement multiple types of
internal interrupts or to test the operation of interrupt service routines.
(Interrupts 0-31 are reserved by Intel.)
• The interrupt service routine terminates with an IRET instruction that
returns control to the instruction that follows INT.
INTO (Interrupt on Overflow) invokes interrupt 4 if OF is set.
• Interrupt 4 is reserved for this purpose.
• OF is set by several arithmetic, logical, and string instructions.

BOUND (Detect Value Out of Range) verifies that the signed value
contained in the specified register lies within specified limits.
An interrupt (INT 5) occurs if the value contained in the register is less
than the lower bound or greater than the upper bound.
BOUND index,Range
Test the value of index register against predefined range of index if it is
out of range then INT 5 is generated.
String and Character Translation Instructions
• The instructions in this category operate on strings rather than on
logical or numeric values.
• The power of 80386 string operations derives from the following
features of the architecture:
1. A set of primitive string operations
MOVS ── Move String
CMPS ── Compare string
SCAS ── Scan string
LODS ── Load string
STOS ── Store string
2. Indirect, indexed addressing, with automatic incrementing or
decrementing of the indexes.
• Indexes:
ESI ── Source index register
EDI ── Destination index register
• Control flag:
DF ── Direction flag
• Control flag instructions:
CLD ── Clear direction flag instruction
STD ── Set direction flag instruction
3. Repeat prefixes
• REP ── Repeat while ECX not zero
• REPE/REPZ ── Repeat while equal or zero
• REPNE/REPNZ ── Repeat while not equal or not zero
MOVS (Move String) moves the string element pointed to by ESI to
the location pointed to by EDI.
• MOVSB operates on byte elements, MOVSW operates on word
elements, and MOVSD operates on double words.
• The destination segment register cannot be overridden by a segment
override prefix, but the source segment register can be overridden.
MOVS dest string, Source string.
It is assumed that source string resides in the current data segment (DS)
( one can change by seg override prefx)
Destination string must be in current Extra segment(ES).
ESI= index for source string
EDI= index for destination string.
• In case of byte
ES : [DI] = DS : [SI]
If DF=0 then SI=SI+1, DI=DI+1
If DF=1 then SI=SI-1 , DI=DI-1
• In case of Word
ES : [DI] = DS : [SI]
If DF=0 then SI=SI+2, DI=DI+2
If DF=1 then SI=SI-2 , DI=DI-2
• In Case of Double Word
• In case of byte
ES : [EDI] = DS : [ESI]
If DF=0 then ESI=ESI+4, EDI=EDI+4
If DF=1 then ESI=ESI-4 , EDI=EDI-4
CMPS: CMPS (Compare Strings) subtracts the destination string
element (at ES:EDI) from the source string element (at DS:ESI) and
updates the flags AF, SF, PF, CF and OF.
CMPS dest+string, source_string
If the string elements are equal, ZF=1; otherwise, ZF=0. If DF=0,the
processor increments the memory pointers (ESI and EDI) for the
twostrings.
CMPSB compares bytes, CMPSW compares words, and CMPSD
compares doublewords.
The segment register used for the source address can be changed with a
segment override prefix while the destination segment register cannot be
overridden.
• In case of byte
DS : [SI] - ES : [DI]
If DF=0 then SI=SI+1, DI=DI+1
If DF=1 then SI=SI-1 , DI=DI-1
• In case of Word
DS : [SI] - ES : [DI]
If DF=0 then SI=SI+2, DI=DI+2
If DF=1 then SI=SI-2 , DI=DI-2
• In Case of Double Word
• In case of byte
DS : [ESI] - ES : [EDI]
If DF=0 then ESI=ESI+4, EDI=EDI+4
If DF=1 then ESI=ESI-4 , EDI=EDI-4
SCAS (Scan String) subtracts the destination string element at ES:EDI
from EAX, AX, or AL and updates the flags AF, SF, ZF, PF, CF and OF.
If the values are equal, ZF=1; otherwise, ZF=0. If DF=0, the processor
increments the memory pointer (EDI) for the string.

SCASB scans bytes; SCASW scans words; SCASD scans doublewords.

The destination segment register (ES) cannot be overridden.

SCAS Destination_string
• LODS (Load String) places the source string element at ESI into EAX
for doubleword strings, into AX for word strings, or into AL for byte
strings.
• LODS increments or decrements ESI according to DF.
• LODS source_string.
• E.g. LODSB
• LODSW
• LODSD
 • In case of byte
AL=DS : [SI]
If DF=0 then SI=SI+1, DI=DI+1
If DF=1 then SI=SI-1 , DI=DI-1
• In case of Word
AX= DS : [SI]
If DF=0 then SI=SI+2, DI=DI+2
If DF=1 then SI=SI-2 , DI=DI-2
• In Case of Double Word
EAX=DS : [ESI]
If DF=0 then ESI=ESI+4, EDI=EDI+4
If DF=1 then ESI=ESI-4 , EDI=EDI-4
• STOS (Store String) places the source string element from EAX, AX,
or AL into the string at ES:DSI.

• STOS increments or decrements EDI according to DF.

• STOS destination_string
 • In case of byte
DS : [SI] =AL
If DF=0 then SI=SI+1, DI=DI+1
If DF=1 then SI=SI-1 , DI=DI-1
• In case of Word
DS : [SI] =AX
If DF=0 then SI=SI+2, DI=DI+2
If DF=1 then SI=SI-2 , DI=DI-2
• In Case of Double Word
DS : [ESI]=EAX
If DF=0 then ESI=ESI+4, EDI=EDI+4
If DF=1 then ESI=ESI-4 , EDI=EDI-4
Repeat (Prefix)
• REP/REPE/REPNE/REPNZ

• When a primitive string operation has a repeat prefix, the operation is

executed repeatedly, each time using a different element of the String.
• The repetition terminates when one of the conditions specified by the
prefix is satisfied.
• All three prefixes causes the hardware to automatically repeat the
associated string primitive until ECX=0.
• The differences among the repeat prefixes have to do with the second
termination condition.
Indexing and Direction Flag Control
• When ESI and EDI are used in string primitives, they are
automatically
incremented or decremented after to operation
• The direction flag determines whether they are incremented or
decremented.

CLD: Clear Direction flag- causes index register to increment

STD: Set Direction flag- causes index register to decrement.

Instructions for Block-Structured Languages
• The instructions in this section provide machine-language support for
functions normally found in high-level languages.
• These instructions include ENTER and LEAVE, which simplify the
programming of procedures.

ENTER (Enter Procedure):creates a stack frame that may be used to

implement the scope rules of block-structured high-level languages.
• A LEAVE instruction at the end of a procedure complements an
ENTER at the beginning of the procedure.
• The ENTER instruction includes two parameters.
• The first parameter specifies the number of bytes of dynamic storage
to be allocated on the stack for the routine being entered.
• The second parameter corresponds to the lexical nesting level (0-31)
of the routine.
• The specified lexical level determines how many sets of stack frame
pointers the CPU copies into the new stack frame from the preceding
frame.
Example: ENTER 2048,3
• Allocates 2048 bytes of dynamic storage on the stack and sets up
pointers to two previous stack frames in the stack frame that ENTER
creates for this procedure.
• After ENTER creates the new display for a procedure, it allocates the
dynamic storage space for that procedure by decrementing ESP by the number
of bytes specified in the first parameter. This new value of ESP serves as a
starting point for all PUSH and POP operations within that procedure.

• The ENTER instruction can be used in two ways: nested and non-nested.

• If the lexical level is 0, the non-nested form is used.

• A program operating at a higher lexical level calling a program at a lower
lexical level requires that the called procedure should have access to the
variables of the calling program.
• ENTER provides this access through a display that provides addressability to
the calling program's stack frame.
LEAVE (Leave Procedure) reverses the action of the previous
ENTER instruction.

The LEAVE instruction does not include any operands.

• LEAVE copies EBP to ESP to release all stack space allocated to the
procedure by the most recent ENTER instruction.

• Then LEAVE pops the old value of EBP from the stack.

• After leave a RET instruction is executed to transfer control back to

the calling program.
HLT ── Halt
• HALT stops instruction execution and places the 80386 in a HALT
state.
• An enabled interrupt, NMI, or a reset will resume execution.
• If an interrupt (including NMI) is used to resume execution after HLT,
the saved CS:IP (or CS:EIP) value points to the instruction following
HLT.
LOCK- Assert LOCK# Signal Prefix
• The LOCK prefix causes the LOCK# signal of the 80386 to be
asserted during execution of the instruction that follows it.
• In a multiprocessor environment, this signal can be used to
ensure that the 80386 has exclusive use of any shared memory
while LOCK# is asserted.
• The LOCK prefix functions only with the following
instructions:
• BT, BTS, BTR, BTC
• XCHG
• XCHG
• ADD, OR, ADC, SBB, AND, SUB, XOR
• NOT, NEG, INC, DEC
Flag Control Instructions
• The flag control instructions provide a method for directly changing
the state of bits in the flag register.

• Flag Control Instruction Effect

• STC (Set Carry Flag) CF ← 1
• CLC (Clear Carry Flag) CF ← 0
• CMC (Complement Carry Flag) CF ← NOT (CF)
• CLD (Clear Direction Flag) DF ← 0
• STD (Set Direction Flag) DF ← 1
Flag Transfer Instructions
• Though specific instructions exist to alter CF and DF, there is no direct
method of altering the other applications-oriented flags.

• The flag transfer instructions allow a program to alter the other flag
bits with the bit manipulation instructions after transferring these flags
to the stack or the AH register.

• The instructions LAHF and SAHF deal with five of the status flags,
which are used primarily by the arithmetic and logical instructions.
• LAHF LOADS FIVE FLAGS FROM THE FLAG REGISTER INTO
REGISTER AH.
• SAHF STORES THESE SAME FIVE FLAGS FROM AH INTO
THE FLAG REGISTER.
• THE BIT POSITION OF EACH FLAG IS THE SAME IN AH AS IT
IS IN THE FLAG REGISTER.
• THE REMAINING BITS (MARKED UU) ARE RESERVED; DO
NOT DEFINE.
• The PUSHF and POPF instructions are not only useful for storing the flags
in memory where they can be examined and modified but are also useful for
preserving the state of the flags register while executing a procedure.

• PUSHF (Push Flags) decrements ESP by two and then transfers the low-
order word of the flags register to the word at the top of stack pointed to by
ESP . The variant PUSHFD decrements ESP by four, then transfers both
words of the extended flags register to the top of the stack pointed to by
ESP (the VM and RF flags are not moved, however).

• POPF (Pop Flags) transfers specific bits from the word at the top of stack
into the low-order byte of the flag register, then increments ESP by two. The
variant POPFD transfers specific bits from thedoubleword at the top of the
stack into the extended flags register (the RF and VM flags are not changed,
however), then increments ESP by four.
Coprocessor Interface Instructions
• A numerics coprocessor (e.g., the 80387 or 80287) provides an extension to
the instruction set of the base architecture. The coprocessor extends the
instruction set of the base architecture to support high-precision integer and
floating-point calculations. This extended instruction set includes
arithmetic, comparison, transcendental, and data transfer instructions.
• The coprocessor also contains a set of useful constants to enhance the speed
of numeric calculations.
• A program contains instructions for the coprocessor in line with the
instructions for the CPU.
• The system executes these instructions in the same order as they appear in
the instruction stream.
• The coprocessor operates concurrently with the CPU to provide maximum
throughput for numeric calculations.
• ESC (Escape) is a 5-bit sequence that begins the opcodes that
identify floating point numeric instructions.
• The ESC pattern tells the 80386 to send the opcode and addresses of
operands to the numerics coprocessor.
• The numerics coprocessor uses the escape instructions to perform
high-performance, high-precision floating point arithmetic that
conforms to the IEEE floating point standard 754.
• WAIT (Wait) is an 80386 instruction that suspends program execution
until the 80386 CPU detects that the BUSY pin is inactive.
• This instruction causes the processor to wait till an interrupt is
recognized.
• This condition indicates that the coprocessor has completed its
processing task and that the CPU may obtain the results.
Segment Register Instructions
1. Segment-register transfer instructions.
• MOV SegReg, ... MOV ..., SegReg
• PUSH SegReg POP SegReg

2. Control transfers to another executable segment.

• JMP far ; direct and indirect CALL far
• RET far

3. Data pointer instructions.

• LDS LES
• LFS LGS
• LSS
• LDS (Load Pointer Using DS) LDS destination, source
• transfers a pointer variable from the source operand to DS and the
destination register.
• The source operand must be a memory operand, and the destination
operand must be a general register.
• DS receives the segment-selector of the pointer. The destination register
receives the offset part of the pointer, which points to a specific location
within the segment.
• Example: LDS ESI, STRING_X
• Loads DS with the selector identifying the segment pointed to by a
STRING_X, and loads the offset of STRING_X into ESI. Specifying ESI
as the destination operand is a convenient way to prepare for a string
operation on a source string that is not in the current data segment.
• LES (Load Pointer Using ES) operates identically to LDS except that
ES receives the segment selector rather than DS.
• Example: LES EDI, DESTINATION_X
• Loads ES with the selector identifying the segment pointed to by
DESTINATION_X, and loads the offset of DESTINATION_X into
EDI.
• This instruction provides a convenient way to select a destination for a
string operation if the desired location is not in the current extra
segment.
• LFS (Load Pointer Using FS) operates identically to LDS except that FS
receives the segment selector rather than DS.

• LGS (Load Pointer Using GS) operates identically to LDS except that
GS receives the segment selector rather than DS.

• LSS (Load Pointer Using SS) operates identically to LDS except that SS
receives the segment selector rather than DS.
 Miscellaneous Instructions
• Address Calculation Instruction
LEA (Load Effective Address) LEA register,source

transfers the offset of the source operand (rather than its value) to the destination
operand.
• The source operand must be a memory operand, and the destination operand must be
a general register.
• This instruction is especially useful for initializing registers before the execution of
the string primitives (ESI, EDI) or the XLAT instruction (EBX).
• The LEA can perform any indexing or scaling that may be needed.
• Example: LEA EBX, EBCDIC_TABLE
Causes the processor to place the address of the starting location of the table labeled
EBCDIC_TABLE into EBX.
• No-Operation Instruction
• NOP (No Operation) occupies a byte of storage but affects nothing but
the instruction pointer, EIP.
• This instruction uses three clock cycles and increments the instruction
pointer (EIP) to point to the next instruction.
• It can be used to increase the delay of a delay loop.
• Translate Instruction
• XLAT (Translate) replaced a byte in the AL register with a byte from a
user-coded translation table.
• When XLAT is executed, AL should have the unsigned index to the table
addressed by EBX.
• XLAT changes the contents of AL from table index to table entry. EBX is
unchanged.
• The XLAT instruction is useful for translating from one coding system to
another such as from ASCII to EBCDIC.
• The translate table may be up to 256 bytes long.
• The value placed in the AL register serves as an index to the location of
the corresponding translation value.
XLAT m8 Set AL to memory byte DS:[(E)BX +
unsigned AL]

• XLAT changes the AL register from the table index to the table entry.
• AL should be the unsigned index into a table addressed by DS:BX (for
an address-size attribute of 16 bits) or DS:EBX (for an address-size
attribute of 32 bits).
23 March 2023 Indira College of Engineering Management, Pune 131