xref: /openbsd/gnu/usr.bin/binutils-2.17/gas/doc/c-i386.texi (revision 771fbea0)

@c Copyright 1991, 1992, 1993, 1994, 1995, 1997, 1998, 1999, 2000,
@c 2001, 2003, 2004
@c Free Software Foundation, Inc.
@c This is part of the GAS manual.
@c For copying conditions, see the file as.texinfo.
@ifset GENERIC
@page
@node i386-Dependent
@chapter 80386 Dependent Features
@end ifset
@ifclear GENERIC
@node Machine Dependencies
@chapter 80386 Dependent Features
@end ifclear

@cindex i386 support
@cindex i80306 support
@cindex x86-64 support

The i386 version @code{@value{AS}} supports both the original Intel 386
architecture in both 16 and 32-bit mode as well as AMD x86-64 architecture
extending the Intel architecture to 64-bits.

@menu
* i386-Options::                Options
* i386-Syntax::                 AT&T Syntax versus Intel Syntax
* i386-Mnemonics::              Instruction Naming
* i386-Regs::                   Register Naming
* i386-Prefixes::               Instruction Prefixes
* i386-Memory::                 Memory References
* i386-Jumps::                  Handling of Jump Instructions
* i386-Float::                  Floating Point
* i386-SIMD::                   Intel's MMX and AMD's 3DNow! SIMD Operations
* i386-16bit::                  Writing 16-bit Code
* i386-Arch::                   Specifying an x86 CPU architecture
* i386-Bugs::                   AT&T Syntax bugs
* i386-Notes::                  Notes
@end menu

@node i386-Options
@section Options

@cindex options for i386
@cindex options for x86-64
@cindex i386 options
@cindex x86-64 options

The i386 version of @code{@value{AS}} has a few machine
dependent options:

@table @code
@cindex @samp{--32} option, i386
@cindex @samp{--32} option, x86-64
@cindex @samp{--64} option, i386
@cindex @samp{--64} option, x86-64
@item --32 | --64
Select the word size, either 32 bits or 64 bits. Selecting 32-bit
implies Intel i386 architecture, while 64-bit implies AMD x86-64
architecture.

These options are only available with the ELF object file format, and
require that the necessary BFD support has been included (on a 32-bit
platform you have to add --enable-64-bit-bfd to configure enable 64-bit
usage and use x86-64 as target platform).

@item -n
By default, x86 GAS replaces multiple nop instructions used for
alignment within code sections with multi-byte nop instructions such
as leal 0(%esi,1),%esi.  This switch disables the optimization.

@cindex @samp{--divide} option, i386
@item --divide
On SVR4-derived platforms, the character @samp{/} is treated as a comment
character, which means that it cannot be used in expressions.  The
@samp{--divide} option turns @samp{/} into a normal character.  This does
not disable @samp{/} at the beginning of a line starting a comment, or
affect using @samp{#} for starting a comment.

@end table

@node i386-Syntax
@section AT&T Syntax versus Intel Syntax

@cindex i386 intel_syntax pseudo op
@cindex intel_syntax pseudo op, i386
@cindex i386 att_syntax pseudo op
@cindex att_syntax pseudo op, i386
@cindex i386 syntax compatibility
@cindex syntax compatibility, i386
@cindex x86-64 intel_syntax pseudo op
@cindex intel_syntax pseudo op, x86-64
@cindex x86-64 att_syntax pseudo op
@cindex att_syntax pseudo op, x86-64
@cindex x86-64 syntax compatibility
@cindex syntax compatibility, x86-64

@code{@value{AS}} now supports assembly using Intel assembler syntax.
@code{.intel_syntax} selects Intel mode, and @code{.att_syntax} switches
back to the usual AT&T mode for compatibility with the output of
@code{@value{GCC}}.  Either of these directives may have an optional
argument, @code{prefix}, or @code{noprefix} specifying whether registers
require a @samp{%} prefix.  AT&T System V/386 assembler syntax is quite
different from Intel syntax.  We mention these differences because
almost all 80386 documents use Intel syntax.  Notable differences
between the two syntaxes are:

@cindex immediate operands, i386
@cindex i386 immediate operands
@cindex register operands, i386
@cindex i386 register operands
@cindex jump/call operands, i386
@cindex i386 jump/call operands
@cindex operand delimiters, i386

@cindex immediate operands, x86-64
@cindex x86-64 immediate operands
@cindex register operands, x86-64
@cindex x86-64 register operands
@cindex jump/call operands, x86-64
@cindex x86-64 jump/call operands
@cindex operand delimiters, x86-64
@itemize @bullet
@item
AT&T immediate operands are preceded by @samp{$}; Intel immediate
operands are undelimited (Intel @samp{push 4} is AT&T @samp{pushl $4}).
AT&T register operands are preceded by @samp{%}; Intel register operands
are undelimited.  AT&T absolute (as opposed to PC relative) jump/call
operands are prefixed by @samp{*}; they are undelimited in Intel syntax.

@cindex i386 source, destination operands
@cindex source, destination operands; i386
@cindex x86-64 source, destination operands
@cindex source, destination operands; x86-64
@item
AT&T and Intel syntax use the opposite order for source and destination
operands.  Intel @samp{add eax, 4} is @samp{addl $4, %eax}.  The
@samp{source, dest} convention is maintained for compatibility with
previous Unix assemblers.  Note that instructions with more than one
source operand, such as the @samp{enter} instruction, do @emph{not} have
reversed order.  @ref{i386-Bugs}.

@cindex mnemonic suffixes, i386
@cindex sizes operands, i386
@cindex i386 size suffixes
@cindex mnemonic suffixes, x86-64
@cindex sizes operands, x86-64
@cindex x86-64 size suffixes
@item
In AT&T syntax the size of memory operands is determined from the last
character of the instruction mnemonic.  Mnemonic suffixes of @samp{b},
@samp{w}, @samp{l} and @samp{q} specify byte (8-bit), word (16-bit), long
(32-bit) and quadruple word (64-bit) memory references.  Intel syntax accomplishes
this by prefixing memory operands (@emph{not} the instruction mnemonics) with
@samp{byte ptr}, @samp{word ptr}, @samp{dword ptr} and @samp{qword ptr}.  Thus,
Intel @samp{mov al, byte ptr @var{foo}} is @samp{movb @var{foo}, %al} in AT&T
syntax.

@cindex return instructions, i386
@cindex i386 jump, call, return
@cindex return instructions, x86-64
@cindex x86-64 jump, call, return
@item
Immediate form long jumps and calls are
@samp{lcall/ljmp $@var{section}, $@var{offset}} in AT&T syntax; the
Intel syntax is
@samp{call/jmp far @var{section}:@var{offset}}.  Also, the far return
instruction
is @samp{lret $@var{stack-adjust}} in AT&T syntax; Intel syntax is
@samp{ret far @var{stack-adjust}}.

@cindex sections, i386
@cindex i386 sections
@cindex sections, x86-64
@cindex x86-64 sections
@item
The AT&T assembler does not provide support for multiple section
programs.  Unix style systems expect all programs to be single sections.
@end itemize

@node i386-Mnemonics
@section Instruction Naming

@cindex i386 instruction naming
@cindex instruction naming, i386
@cindex x86-64 instruction naming
@cindex instruction naming, x86-64

Instruction mnemonics are suffixed with one character modifiers which
specify the size of operands.  The letters @samp{b}, @samp{w}, @samp{l}
and @samp{q} specify byte, word, long and quadruple word operands.  If
no suffix is specified by an instruction then @code{@value{AS}} tries to
fill in the missing suffix based on the destination register operand
(the last one by convention).  Thus, @samp{mov %ax, %bx} is equivalent
to @samp{movw %ax, %bx}; also, @samp{mov $1, %bx} is equivalent to
@samp{movw $1, bx}.  Note that this is incompatible with the AT&T Unix
assembler which assumes that a missing mnemonic suffix implies long
operand size.  (This incompatibility does not affect compiler output
since compilers always explicitly specify the mnemonic suffix.)

Almost all instructions have the same names in AT&T and Intel format.
There are a few exceptions.  The sign extend and zero extend
instructions need two sizes to specify them.  They need a size to
sign/zero extend @emph{from} and a size to zero extend @emph{to}.  This
is accomplished by using two instruction mnemonic suffixes in AT&T
syntax.  Base names for sign extend and zero extend are
@samp{movs@dots{}} and @samp{movz@dots{}} in AT&T syntax (@samp{movsx}
and @samp{movzx} in Intel syntax).  The instruction mnemonic suffixes
are tacked on to this base name, the @emph{from} suffix before the
@emph{to} suffix.  Thus, @samp{movsbl %al, %edx} is AT&T syntax for
``move sign extend @emph{from} %al @emph{to} %edx.''  Possible suffixes,
thus, are @samp{bl} (from byte to long), @samp{bw} (from byte to word),
@samp{wl} (from word to long), @samp{bq} (from byte to quadruple word),
@samp{wq} (from word to quadruple word), and @samp{lq} (from long to
quadruple word).

@cindex conversion instructions, i386
@cindex i386 conversion instructions
@cindex conversion instructions, x86-64
@cindex x86-64 conversion instructions
The Intel-syntax conversion instructions

@itemize @bullet
@item
@samp{cbw} --- sign-extend byte in @samp{%al} to word in @samp{%ax},

@item
@samp{cwde} --- sign-extend word in @samp{%ax} to long in @samp{%eax},

@item
@samp{cwd} --- sign-extend word in @samp{%ax} to long in @samp{%dx:%ax},

@item
@samp{cdq} --- sign-extend dword in @samp{%eax} to quad in @samp{%edx:%eax},

@item
@samp{cdqe} --- sign-extend dword in @samp{%eax} to quad in @samp{%rax}
(x86-64 only),

@item
@samp{cqo} --- sign-extend quad in @samp{%rax} to octuple in
@samp{%rdx:%rax} (x86-64 only),
@end itemize

@noindent
are called @samp{cbtw}, @samp{cwtl}, @samp{cwtd}, @samp{cltd}, @samp{cltq}, and
@samp{cqto} in AT&T naming.  @code{@value{AS}} accepts either naming for these
instructions.

@cindex jump instructions, i386
@cindex call instructions, i386
@cindex jump instructions, x86-64
@cindex call instructions, x86-64
Far call/jump instructions are @samp{lcall} and @samp{ljmp} in
AT&T syntax, but are @samp{call far} and @samp{jump far} in Intel
convention.

@node i386-Regs
@section Register Naming

@cindex i386 registers
@cindex registers, i386
@cindex x86-64 registers
@cindex registers, x86-64
Register operands are always prefixed with @samp{%}.  The 80386 registers
consist of

@itemize @bullet
@item
the 8 32-bit registers @samp{%eax} (the accumulator), @samp{%ebx},
@samp{%ecx}, @samp{%edx}, @samp{%edi}, @samp{%esi}, @samp{%ebp} (the
frame pointer), and @samp{%esp} (the stack pointer).

@item
the 8 16-bit low-ends of these: @samp{%ax}, @samp{%bx}, @samp{%cx},
@samp{%dx}, @samp{%di}, @samp{%si}, @samp{%bp}, and @samp{%sp}.

@item
the 8 8-bit registers: @samp{%ah}, @samp{%al}, @samp{%bh},
@samp{%bl}, @samp{%ch}, @samp{%cl}, @samp{%dh}, and @samp{%dl} (These
are the high-bytes and low-bytes of @samp{%ax}, @samp{%bx},
@samp{%cx}, and @samp{%dx})

@item
the 6 section registers @samp{%cs} (code section), @samp{%ds}
(data section), @samp{%ss} (stack section), @samp{%es}, @samp{%fs},
and @samp{%gs}.

@item
the 3 processor control registers @samp{%cr0}, @samp{%cr2}, and
@samp{%cr3}.

@item
the 6 debug registers @samp{%db0}, @samp{%db1}, @samp{%db2},
@samp{%db3}, @samp{%db6}, and @samp{%db7}.

@item
the 2 test registers @samp{%tr6} and @samp{%tr7}.

@item
the 8 floating point register stack @samp{%st} or equivalently
@samp{%st(0)}, @samp{%st(1)}, @samp{%st(2)}, @samp{%st(3)},
@samp{%st(4)}, @samp{%st(5)}, @samp{%st(6)}, and @samp{%st(7)}.
These registers are overloaded by 8 MMX registers @samp{%mm0},
@samp{%mm1}, @samp{%mm2}, @samp{%mm3}, @samp{%mm4}, @samp{%mm5},
@samp{%mm6} and @samp{%mm7}.

@item
the 8 SSE registers registers @samp{%xmm0}, @samp{%xmm1}, @samp{%xmm2},
@samp{%xmm3}, @samp{%xmm4}, @samp{%xmm5}, @samp{%xmm6} and @samp{%xmm7}.
@end itemize

The AMD x86-64 architecture extends the register set by:

@itemize @bullet
@item
enhancing the 8 32-bit registers to 64-bit: @samp{%rax} (the
accumulator), @samp{%rbx}, @samp{%rcx}, @samp{%rdx}, @samp{%rdi},
@samp{%rsi}, @samp{%rbp} (the frame pointer), @samp{%rsp} (the stack
pointer)

@item
the 8 extended registers @samp{%r8}--@samp{%r15}.

@item
the 8 32-bit low ends of the extended registers: @samp{%r8d}--@samp{%r15d}

@item
the 8 16-bit low ends of the extended registers: @samp{%r8w}--@samp{%r15w}

@item
the 8 8-bit low ends of the extended registers: @samp{%r8b}--@samp{%r15b}

@item
the 4 8-bit registers: @samp{%sil}, @samp{%dil}, @samp{%bpl}, @samp{%spl}.

@item
the 8 debug registers: @samp{%db8}--@samp{%db15}.

@item
the 8 SSE registers: @samp{%xmm8}--@samp{%xmm15}.
@end itemize

@node i386-Prefixes
@section Instruction Prefixes

@cindex i386 instruction prefixes
@cindex instruction prefixes, i386
@cindex prefixes, i386
Instruction prefixes are used to modify the following instruction.  They
are used to repeat string instructions, to provide section overrides, to
perform bus lock operations, and to change operand and address sizes.
(Most instructions that normally operate on 32-bit operands will use
16-bit operands if the instruction has an ``operand size'' prefix.)
Instruction prefixes are best written on the same line as the instruction
they act upon. For example, the @samp{scas} (scan string) instruction is
repeated with:

@smallexample
        repne scas %es:(%edi),%al
@end smallexample

You may also place prefixes on the lines immediately preceding the
instruction, but this circumvents checks that @code{@value{AS}} does
with prefixes, and will not work with all prefixes.

Here is a list of instruction prefixes:

@cindex section override prefixes, i386
@itemize @bullet
@item
Section override prefixes @samp{cs}, @samp{ds}, @samp{ss}, @samp{es},
@samp{fs}, @samp{gs}.  These are automatically added by specifying
using the @var{section}:@var{memory-operand} form for memory references.

@cindex size prefixes, i386
@item
Operand/Address size prefixes @samp{data16} and @samp{addr16}
change 32-bit operands/addresses into 16-bit operands/addresses,
while @samp{data32} and @samp{addr32} change 16-bit ones (in a
@code{.code16} section) into 32-bit operands/addresses.  These prefixes
@emph{must} appear on the same line of code as the instruction they
modify. For example, in a 16-bit @code{.code16} section, you might
write:

@smallexample
        addr32 jmpl *(%ebx)
@end smallexample

@cindex bus lock prefixes, i386
@cindex inhibiting interrupts, i386
@item
The bus lock prefix @samp{lock} inhibits interrupts during execution of
the instruction it precedes.  (This is only valid with certain
instructions; see a 80386 manual for details).

@cindex coprocessor wait, i386
@item
The wait for coprocessor prefix @samp{wait} waits for the coprocessor to
complete the current instruction.  This should never be needed for the
80386/80387 combination.

@cindex repeat prefixes, i386
@item
The @samp{rep}, @samp{repe}, and @samp{repne} prefixes are added
to string instructions to make them repeat @samp{%ecx} times (@samp{%cx}
times if the current address size is 16-bits).
@cindex REX prefixes, i386
@item
The @samp{rex} family of prefixes is used by x86-64 to encode
extensions to i386 instruction set.  The @samp{rex} prefix has four
bits --- an operand size overwrite (@code{64}) used to change operand size
from 32-bit to 64-bit and X, Y and Z extensions bits used to extend the
register set.

You may write the @samp{rex} prefixes directly. The @samp{rex64xyz}
instruction emits @samp{rex} prefix with all the bits set.  By omitting
the @code{64}, @code{x}, @code{y} or @code{z} you may write other
prefixes as well.  Normally, there is no need to write the prefixes
explicitly, since gas will automatically generate them based on the
instruction operands.
@end itemize

@node i386-Memory
@section Memory References

@cindex i386 memory references
@cindex memory references, i386
@cindex x86-64 memory references
@cindex memory references, x86-64
An Intel syntax indirect memory reference of the form

@smallexample
@var{section}:[@var{base} + @var{index}*@var{scale} + @var{disp}]
@end smallexample

@noindent
is translated into the AT&T syntax

@smallexample
@var{section}:@var{disp}(@var{base}, @var{index}, @var{scale})
@end smallexample

@noindent
where @var{base} and @var{index} are the optional 32-bit base and
index registers, @var{disp} is the optional displacement, and
@var{scale}, taking the values 1, 2, 4, and 8, multiplies @var{index}
to calculate the address of the operand.  If no @var{scale} is
specified, @var{scale} is taken to be 1.  @var{section} specifies the
optional section register for the memory operand, and may override the
default section register (see a 80386 manual for section register
defaults). Note that section overrides in AT&T syntax @emph{must}
be preceded by a @samp{%}.  If you specify a section override which
coincides with the default section register, @code{@value{AS}} does @emph{not}
output any section register override prefixes to assemble the given
instruction.  Thus, section overrides can be specified to emphasize which
section register is used for a given memory operand.

Here are some examples of Intel and AT&T style memory references:

@table @asis
@item AT&T: @samp{-4(%ebp)}, Intel:  @samp{[ebp - 4]}
@var{base} is @samp{%ebp}; @var{disp} is @samp{-4}. @var{section} is
missing, and the default section is used (@samp{%ss} for addressing with
@samp{%ebp} as the base register).  @var{index}, @var{scale} are both missing.

@item AT&T: @samp{foo(,%eax,4)}, Intel: @samp{[foo + eax*4]}
@var{index} is @samp{%eax} (scaled by a @var{scale} 4); @var{disp} is
@samp{foo}.  All other fields are missing.  The section register here
defaults to @samp{%ds}.

@item AT&T: @samp{foo(,1)}; Intel @samp{[foo]}
This uses the value pointed to by @samp{foo} as a memory operand.
Note that @var{base} and @var{index} are both missing, but there is only
@emph{one} @samp{,}.  This is a syntactic exception.

@item AT&T: @samp{%gs:foo}; Intel @samp{gs:foo}
This selects the contents of the variable @samp{foo} with section
register @var{section} being @samp{%gs}.
@end table

Absolute (as opposed to PC relative) call and jump operands must be
prefixed with @samp{*}.  If no @samp{*} is specified, @code{@value{AS}}
always chooses PC relative addressing for jump/call labels.

Any instruction that has a memory operand, but no register operand,
@emph{must} specify its size (byte, word, long, or quadruple) with an
instruction mnemonic suffix (@samp{b}, @samp{w}, @samp{l} or @samp{q},
respectively).

The x86-64 architecture adds an RIP (instruction pointer relative)
addressing.  This addressing mode is specified by using @samp{rip} as a
base register.  Only constant offsets are valid. For example:

@table @asis
@item AT&T: @samp{1234(%rip)}, Intel: @samp{[rip + 1234]}
Points to the address 1234 bytes past the end of the current
instruction.

@item AT&T: @samp{symbol(%rip)}, Intel: @samp{[rip + symbol]}
Points to the @code{symbol} in RIP relative way, this is shorter than
the default absolute addressing.
@end table

Other addressing modes remain unchanged in x86-64 architecture, except
registers used are 64-bit instead of 32-bit.

@node i386-Jumps
@section Handling of Jump Instructions

@cindex jump optimization, i386
@cindex i386 jump optimization
@cindex jump optimization, x86-64
@cindex x86-64 jump optimization
Jump instructions are always optimized to use the smallest possible
displacements.  This is accomplished by using byte (8-bit) displacement
jumps whenever the target is sufficiently close.  If a byte displacement
is insufficient a long displacement is used.  We do not support
word (16-bit) displacement jumps in 32-bit mode (i.e. prefixing the jump
instruction with the @samp{data16} instruction prefix), since the 80386
insists upon masking @samp{%eip} to 16 bits after the word displacement
is added. (See also @pxref{i386-Arch})

Note that the @samp{jcxz}, @samp{jecxz}, @samp{loop}, @samp{loopz},
@samp{loope}, @samp{loopnz} and @samp{loopne} instructions only come in byte
displacements, so that if you use these instructions (@code{@value{GCC}} does
not use them) you may get an error message (and incorrect code).  The AT&T
80386 assembler tries to get around this problem by expanding @samp{jcxz foo}
to

@smallexample
         jcxz cx_zero
         jmp cx_nonzero
cx_zero: jmp foo
cx_nonzero:
@end smallexample

@node i386-Float
@section Floating Point

@cindex i386 floating point
@cindex floating point, i386
@cindex x86-64 floating point
@cindex floating point, x86-64
All 80387 floating point types except packed BCD are supported.
(BCD support may be added without much difficulty).  These data
types are 16-, 32-, and 64- bit integers, and single (32-bit),
double (64-bit), and extended (80-bit) precision floating point.
Each supported type has an instruction mnemonic suffix and a constructor
associated with it.  Instruction mnemonic suffixes specify the operand's
data type.  Constructors build these data types into memory.

@cindex @code{float} directive, i386
@cindex @code{single} directive, i386
@cindex @code{double} directive, i386
@cindex @code{tfloat} directive, i386
@cindex @code{float} directive, x86-64
@cindex @code{single} directive, x86-64
@cindex @code{double} directive, x86-64
@cindex @code{tfloat} directive, x86-64
@itemize @bullet
@item
Floating point constructors are @samp{.float} or @samp{.single},
@samp{.double}, and @samp{.tfloat} for 32-, 64-, and 80-bit formats.
These correspond to instruction mnemonic suffixes @samp{s}, @samp{l},
and @samp{t}. @samp{t} stands for 80-bit (ten byte) real.  The 80387
only supports this format via the @samp{fldt} (load 80-bit real to stack
top) and @samp{fstpt} (store 80-bit real and pop stack) instructions.

@cindex @code{word} directive, i386
@cindex @code{long} directive, i386
@cindex @code{int} directive, i386
@cindex @code{quad} directive, i386
@cindex @code{word} directive, x86-64
@cindex @code{long} directive, x86-64
@cindex @code{int} directive, x86-64
@cindex @code{quad} directive, x86-64
@item
Integer constructors are @samp{.word}, @samp{.long} or @samp{.int}, and
@samp{.quad} for the 16-, 32-, and 64-bit integer formats.  The
corresponding instruction mnemonic suffixes are @samp{s} (single),
@samp{l} (long), and @samp{q} (quad).  As with the 80-bit real format,
the 64-bit @samp{q} format is only present in the @samp{fildq} (load
quad integer to stack top) and @samp{fistpq} (store quad integer and pop
stack) instructions.
@end itemize

Register to register operations should not use instruction mnemonic suffixes.
@samp{fstl %st, %st(1)} will give a warning, and be assembled as if you
wrote @samp{fst %st, %st(1)}, since all register to register operations
use 80-bit floating point operands. (Contrast this with @samp{fstl %st, mem},
which converts @samp{%st} from 80-bit to 64-bit floating point format,
then stores the result in the 4 byte location @samp{mem})

@node i386-SIMD
@section Intel's MMX and AMD's 3DNow! SIMD Operations

@cindex MMX, i386
@cindex 3DNow!, i386
@cindex SIMD, i386
@cindex MMX, x86-64
@cindex 3DNow!, x86-64
@cindex SIMD, x86-64

@code{@value{AS}} supports Intel's MMX instruction set (SIMD
instructions for integer data), available on Intel's Pentium MMX
processors and Pentium II processors, AMD's K6 and K6-2 processors,
Cyrix' M2 processor, and probably others.  It also supports AMD's 3DNow!
instruction set (SIMD instructions for 32-bit floating point data)
available on AMD's K6-2 processor and possibly others in the future.

Currently, @code{@value{AS}} does not support Intel's floating point
SIMD, Katmai (KNI).

The eight 64-bit MMX operands, also used by 3DNow!, are called @samp{%mm0},
@samp{%mm1}, ... @samp{%mm7}.  They contain eight 8-bit integers, four
16-bit integers, two 32-bit integers, one 64-bit integer, or two 32-bit
floating point values.  The MMX registers cannot be used at the same time
as the floating point stack.

See Intel and AMD documentation, keeping in mind that the operand order in
instructions is reversed from the Intel syntax.

@node i386-16bit
@section Writing 16-bit Code

@cindex i386 16-bit code
@cindex 16-bit code, i386
@cindex real-mode code, i386
@cindex @code{code16gcc} directive, i386
@cindex @code{code16} directive, i386
@cindex @code{code32} directive, i386
@cindex @code{code64} directive, i386
@cindex @code{code64} directive, x86-64
While @code{@value{AS}} normally writes only ``pure'' 32-bit i386 code
or 64-bit x86-64 code depending on the default configuration,
it also supports writing code to run in real mode or in 16-bit protected
mode code segments.  To do this, put a @samp{.code16} or
@samp{.code16gcc} directive before the assembly language instructions to
be run in 16-bit mode.  You can switch @code{@value{AS}} back to writing
normal 32-bit code with the @samp{.code32} directive.

@samp{.code16gcc} provides experimental support for generating 16-bit
code from gcc, and differs from @samp{.code16} in that @samp{call},
@samp{ret}, @samp{enter}, @samp{leave}, @samp{push}, @samp{pop},
@samp{pusha}, @samp{popa}, @samp{pushf}, and @samp{popf} instructions
default to 32-bit size.  This is so that the stack pointer is
manipulated in the same way over function calls, allowing access to
function parameters at the same stack offsets as in 32-bit mode.
@samp{.code16gcc} also automatically adds address size prefixes where
necessary to use the 32-bit addressing modes that gcc generates.

The code which @code{@value{AS}} generates in 16-bit mode will not
necessarily run on a 16-bit pre-80386 processor.  To write code that
runs on such a processor, you must refrain from using @emph{any} 32-bit
constructs which require @code{@value{AS}} to output address or operand
size prefixes.

Note that writing 16-bit code instructions by explicitly specifying a
prefix or an instruction mnemonic suffix within a 32-bit code section
generates different machine instructions than those generated for a
16-bit code segment.  In a 32-bit code section, the following code
generates the machine opcode bytes @samp{66 6a 04}, which pushes the
value @samp{4} onto the stack, decrementing @samp{%esp} by 2.

@smallexample
        pushw $4
@end smallexample

The same code in a 16-bit code section would generate the machine
opcode bytes @samp{6a 04} (ie. without the operand size prefix), which
is correct since the processor default operand size is assumed to be 16
bits in a 16-bit code section.

@node i386-Bugs
@section AT&T Syntax bugs

The UnixWare assembler, and probably other AT&T derived ix86 Unix
assemblers, generate floating point instructions with reversed source
and destination registers in certain cases.  Unfortunately, gcc and
possibly many other programs use this reversed syntax, so we're stuck
with it.

For example

@smallexample
        fsub %st,%st(3)
@end smallexample
@noindent
results in @samp{%st(3)} being updated to @samp{%st - %st(3)} rather
than the expected @samp{%st(3) - %st}.  This happens with all the
non-commutative arithmetic floating point operations with two register
operands where the source register is @samp{%st} and the destination
register is @samp{%st(i)}.

@node i386-Arch
@section Specifying CPU Architecture

@cindex arch directive, i386
@cindex i386 arch directive
@cindex arch directive, x86-64
@cindex x86-64 arch directive

@code{@value{AS}} may be told to assemble for a particular CPU
(sub-)architecture with the @code{.arch @var{cpu_type}} directive.  This
directive enables a warning when gas detects an instruction that is not
supported on the CPU specified.  The choices for @var{cpu_type} are:

@multitable @columnfractions .20 .20 .20 .20
@item @samp{i8086} @tab @samp{i186} @tab @samp{i286} @tab @samp{i386}
@item @samp{i486} @tab @samp{i586} @tab @samp{i686} @tab @samp{pentium}
@item @samp{pentiumpro} @tab @samp{pentiumii} @tab @samp{pentiumiii} @tab @samp{pentium4}
@item @samp{k6} @tab @samp{athlon} @samp{sledgehammer}
@item @samp{.mmx} @samp{.sse} @samp{.sse2} @samp{.sse3} @samp{.3dnow}
@end multitable

Apart from the warning, there are only two other effects on
@code{@value{AS}} operation;  Firstly, if you specify a CPU other than
@samp{i486}, then shift by one instructions such as @samp{sarl $1, %eax}
will automatically use a two byte opcode sequence.  The larger three
byte opcode sequence is used on the 486 (and when no architecture is
specified) because it executes faster on the 486.  Note that you can
explicitly request the two byte opcode by writing @samp{sarl %eax}.
Secondly, if you specify @samp{i8086}, @samp{i186}, or @samp{i286},
@emph{and} @samp{.code16} or @samp{.code16gcc} then byte offset
conditional jumps will be promoted when necessary to a two instruction
sequence consisting of a conditional jump of the opposite sense around
an unconditional jump to the target.

Following the CPU architecture (but not a sub-architecture, which are those
starting with a dot), you may specify @samp{jumps} or @samp{nojumps} to
control automatic promotion of conditional jumps. @samp{jumps} is the
default, and enables jump promotion;  All external jumps will be of the long
variety, and file-local jumps will be promoted as necessary.
(@pxref{i386-Jumps})  @samp{nojumps} leaves external conditional jumps as
byte offset jumps, and warns about file-local conditional jumps that
@code{@value{AS}} promotes.
Unconditional jumps are treated as for @samp{jumps}.

For example

@smallexample
 .arch i8086,nojumps
@end smallexample

@node i386-Notes
@section Notes

@cindex i386 @code{mul}, @code{imul} instructions
@cindex @code{mul} instruction, i386
@cindex @code{imul} instruction, i386
@cindex @code{mul} instruction, x86-64
@cindex @code{imul} instruction, x86-64
There is some trickery concerning the @samp{mul} and @samp{imul}
instructions that deserves mention.  The 16-, 32-, 64- and 128-bit expanding
multiplies (base opcode @samp{0xf6}; extension 4 for @samp{mul} and 5
for @samp{imul}) can be output only in the one operand form.  Thus,
@samp{imul %ebx, %eax} does @emph{not} select the expanding multiply;
the expanding multiply would clobber the @samp{%edx} register, and this
would confuse @code{@value{GCC}} output.  Use @samp{imul %ebx} to get the
64-bit product in @samp{%edx:%eax}.

We have added a two operand form of @samp{imul} when the first operand
is an immediate mode expression and the second operand is a register.
This is just a shorthand, so that, multiplying @samp{%eax} by 69, for
example, can be done with @samp{imul $69, %eax} rather than @samp{imul
$69, %eax, %eax}.