Chapter 4

Processor


Topical Cross-reference for Processor Instructions................... 50

Interpreting Processor Instructions.............................. 53

Flags................................................. 53

Syntax................................................ 54

Examples.............................................. 54

Clock Speeds........................................... 54

Timings on the 8088 and 8086 Processors..................... 55

Timings on the 80286-80486 Processors...................... 56

Interpreting Encodings....................................... 56

Interpreting 80386–80486 Encoding Extensions...................... 59

16-bit Encoding.......................................... 60

32-bit Encoding.......................................... 60

Address-Size Prefix..................................... 60

Operand-Size Prefix.................................... 60

Encoding Differences for 32-Bit Operations.................... 60

Scaled Index Base Byte.................................. 61

Instructions............................................... 64

 

Topical Cross-reference for Processor Instructions

Arithmetic

ADC

ADD

DEC

DIV

IDIV

IMUL

INC

MUL

NEG

SBB

SUB

XADD#

 

BCD Conversion

AAA

AAD

AAM

AAS

DAA

DAS

 

Bit Operations

AND

BSF§

BSR§

BT§

BTC§

BTR§

BTS§

NOT

OR

RCL

RCR

ROL

ROR

SAR

SHL/SAL

SHLD§

SHR

SHRD§

XOR

 

Compare

BT§

BTC§

BTR§

BTS§

CMP

CMPS

CMPXCHG#

TEST

 

Conditional Set

SETA/SETNBE§

SETAE/SETNB§

SETB/SETNAE§

SETBE/SETNA§

SETC§

SETE/SETZ§

SETG/SETNLE§

SETGE/SETNL§

SETL/SETNGE§

SETLE/SETNG§

SETNC§

SETNE/SETNZ§

SETNO§

SETNP/SETPO§

SETNS§

SETO§

SETP/SETPE§

SETS§

 

* 80186–80486 only.              † 80286–80486 only.

§ 80386–80486 only.                                       # 80486 only.

 

Conditional Transfer

BOUND*

INTO

JA/JNBE

JAE/JNB

JB/JNAE

JBE/JNA

JC

JCXZ/JECXZ

JE/JZ

JG/JNLE

JGE/JNL

JL/JNGE

JLE/JNG

JNC

JNE/JNZ

JNO

JNP/JPO

JNS

JO

JP/JPE

JS

 

Data Transfer

BSWAP#

CMPXCHG#

LDS/LES

LEA

LFS/LGS/LSS§

LODS

MOV

MOVS

MOVSX§

MOVZX§

STOS

XADD#

XCHG

XLAT/XLATB

 

Flag

CLC

CLD

CLI

CMC

LAHF

POPF

PUSHF

SAHF

STC

STD

STI

 

Input/Output

IN

INS*

OUT

OUTS*

 

Loop

JCXZ/JECXZ

LOOP

LOOPE/LOOPZ

LOOPNE/LOOPNZ

 

* 80186–80486 only.              † 80286–80486 only.

§ 80386–80486 only.                                       # 80486 only.

 

Process Control

ARPL†

CLTS†

LAR†

LGDT/LIDT/LLDT†

LMSW†

LSL†

LTR†

SGDT/SIDT/SLDT†

SMSW†

STR†

VERR†

VERW†

MOV special§

INVD#

INVLPG#

WBINVD#

Processor Control

HLT

LOCK

NOP

WAIT

 

Stack

PUSH

PUSHF

PUSHA*

PUSHAD*

POP

POPF

POPA*

POPAD*

ENTER*

LEAVE*

 

String

MOVS

LODS

STOS

SCAS

CMPS

INS*

OUTS*

REP

REPE/REPZ

REPNE/REPNZ

 

Type Conversion

CBW

CWD

CWDE§

CDQ§

BSWAP#

 

 

Unconditional Transfer

CALL

INT

IRET

RET

RETN/RETF

JMP

 

* 80186–80486 only.              † 80286–80486 only.

§ 80386–80486 only.                                       # 80486 only.

 

Interpreting Processor Instructions

The following sections explain the format of instructions for the 8086, 8088, 80286, 80386, and 80486 processors. Those instructions begin on page 64.

 

Flags

Only the flags common to all processors are shown. If none of the flags is affected by the instruction, the flag line says No change. If flags can be affected, a two-line entry is shown. The first line shows flag abbreviations as follows:

Abbreviation

Flag

O

Overflow

D

Direction

I

Interrupt

T

Trap

S

Sign

Z

Zero

A

Auxiliary carry

P

Parity

C

Carry

 

The second line has codes indicating how the flag can be affected:

Code

Effect

1

Sets the flag

0

Clears the flag

?

May change the flag, but the value is not predictable

blank

No effect on the flag

±

Modifies according to the rules associated with the flag

 

 

Syntax

Each encoding variation may have different syntaxes corresponding to different addressing modes. The following abbreviations are used:

reg    A general-purpose register of any size.

segreg    One of the segment registers: DS, ES, SS, or CS (also FS or GS on the 80386–80486).

accum    An accumulator register of any size: AL or AX (also EAX on the 80386–80486).

mem    A direct or indirect memory operand of any size.

label    A labeled memory location in the code segment.

src,dest    A source or destination memory operand used in a string operation.

immed    A constant operand.

In some cases abbreviations have numeric suffixes to specify that the operand must be a particular size. For example, reg16 means that only a 16-bit (word) register is accepted.

Examples

One or more examples are shown for each syntax. Their position is not related to the clock speeds in the right column.

Clock Speeds

Column 3 shows the clock speeds for each processor. Sometimes an instruction may have more than one clock speed. Multiple speeds are separated by commas. If several speeds are part of an expression, they are enclosed in parentheses. The following abbreviations are used to specify variations:

EA    Effective address. This applies only to the 8088 and 8086 processors, as described in the next section.

b,w,d    Byte, word, or doubleword operands.

pm    Protected mode.

n    Iterations. Repeated instructions may have a base number of clocks plus a number of clocks for each iteration. For example, 8+4n means 8 clocks plus 4 clocks for each iteration. 

noj    No jump. For conditional jump instructions, noj indicates the speed if the condition is false and the jump is not taken.

 

m    Next instruction components. Some control transfer instructions take different times depending on the length of the next instruction executed. On the 8088 and 8086, m is never a factor. On the 80286, m is the number of bytes in the instruction. On the 80386–80486, m is the number of components. Each byte of encoding is a component, and the displacement and data are separate components.

W88,88    8088 exceptions. See “Timings on the 8088 and 8086 Processors,” following.

Clocks can be converted to nanoseconds by dividing 1 microsecond by the number of megahertz (MHz) at which the processor is running. For example, on a processor running at 8 MHz, 1 clock takes 125 nanoseconds (1000 MHz per nanosecond / 8 MHz).

The clock counts are for best-case timings. Actual timings vary depending on wait states, alignment of the instruction, the status of the prefetch queue, and other factors.

Timings on the 8088 and 8086 Processors

Because of its 8-bit data bus, the 8088 always requires two fetches to get a 16-bit operand. Therefore, instructions that work on 16-bit memory operands take longer on the 8088 than on the 8086. Separate 8088 timings are shown in parentheses following the main timing. For example, 9 (W88=13) means that the 8086 with any operands or the 8088 with byte operands take 9 clocks, but the 8088 with word operands takes 13 clocks. Similarly, 16 (88=24) means that the 8086 takes 16 clocks, but the 8088 takes 24 clocks.

On the 8088 and 8086, the effective address (EA) value must be added for instructions that operate on memory operands. A displacement is any direct memory or constant operand, or any combination of the two. The following shows the number of clocks to add for the effective address:

Components

EA Clocks

Examples

Displacement

6

mov  ax,stuff
mov  ax,stuff+2

Base or index

5

mov  ax,[bx]
mov  ax,[di]

Displacement
plus base or index

9

mov  ax,[bp+8]
mov  ax,stuff[di]

Base plus index (BP+DI, BX+SI)

7

mov  ax,[bx+si]
mov  ax,[bp+di]

 

Components

EA Clocks

Examples

Base plus index (BP+SI, BX+DI)

8

mov  ax,[bx+di]
mov  ax,[bp+si]

Base plus index plus displacement (BP+DI+disp, BX+SI+disp)

11

mov  ax,stuff[bx+si]
mov  ax,[bp+di+8]

Base plus index
plus displacement (BP+SI+disp, BX+DI+disp)

12

mov  ax,stuff[bx+di]
mov  ax,[bp+si+20]

Segment override

EA+2

mov  ax,es:stuff
mov  ax,ds:[bp+10]

 

Timings on the 80286–80486 Processors

On the 80286–80486 processors, the effective address calculation is handled by hardware and is therefore not a factor in clock calculations except in one case. If a memory operand includes all three possible elements a displacement, a base register, and an index register then add one clock. On the 80486, the extra clock is not always used. Examples are shown in the following.

mov     ax,[bx+di]

;No extra

mov     ax,array[bx+di]

;One extra

mov     ax,[bx+di+6]

;One extra

 

 

Note

80186 and 80188 timings are different from 8088, 8086, and 80286 timings. They are not shown in this manual. Timings are also not shown for protected-mode transfers through gates or for the virtual 8086 mode available on the 80386–80486 processors.

 

Interpreting Encodings

Encodings are shown for each variation of the instruction. This section describes encoding for all processors except the 80386–80486. The encodings take the form of boxes filled with 0s and 1s for bits that are constant for the instruction variation, and abbreviations (in italics) for the following variable bits or bitfields:

d    Direction bit. If set, do memory to register; the reg field is the destination. If clear, do register to memory or register to register; the reg field is the source.

a    Accumulator direction bit. If set, move accumulator register to memory. If clear, move memory to accumulator register.

w    Word/byte bit. If set, use 16-bit or 32-bit operands. If clear, use 8-bit operands.

 

s    Sign bit. If set, sign-extend 8-bit immediate data to 16 bits.

mod    Mode. This 2-bit field gives the register/memory mode with displacement. The possible values are shown below:

mod

Meaning

00

This value can have two meanings:
   If r/m is 110, a direct memory operand is used.
   If r/m is not 110, the displacement is 0 and an indirect memory operand is
   used. The operand must be based, indexed, or based indexed.

01

An indirect memory operand is used with an 8-bit displacement.

10

An indirect memory operand is used with a 16-bit displacement.

11

A two-register instruction is used; the reg field specifies the destination and the r/m field specifies the source.

 

reg    Register. This 3-bit field specifies one of the general-purpose registers:

reg

16/32-bit if w=1

8-bit if w=0

000

AX/EAX

AL

001

CX/ECX

CL

010

DX/EDX

DL

011

BX/EBX

BL

100

SP/ESP

AH

101

BP/EBP

CH

110

SI/ESI

DH

111

DI/EDI

BH

 

The reg field is sometimes used to specify encoding information rather than a register.

sreg    Segment register. This field specifies one of the segment registers:

sreg

Register

000

ES

001

CS

010

SS

011

DS

100

FS

101

GS

 

r/m    Register/memory. This 3-bit field specifies a register or memory r/m operand.

If the mod field is 11, r/m specifies the source register using the reg field codes. Otherwise, the field has one of the following values:

r/m

Operand Address

000

DS:[BX+SI+disp]

001

DS:[BX+DI+disp]

010

SS:[BP+SI+disp]

011

SS:[BP+DI+disp]

100

DS:[SI+disp]

101

DS:[DI+disp]

110

SS:[BP+disp]*

111

DS:[BX+disp]

* If mod is 00 and r/m is 110, then the operand is treated as a direct memory operand. This means that the operand [BP] is encoded as [BP+0] rather than having a short-form like other register indirect operands. Encoding [BX] takes one byte, but encoding [BP] takes two.

 

disp    Displacement. These bytes give the offset for memory operands. The possible lengths (in bytes) are shown in parentheses. 

data    Data. These bytes give the actual value for constant values. The possible lengths (in bytes) are shown in parentheses.

If a memory operand has a segment override, the entire instruction has one of the following bytes as a prefix:

Prefix

Segment

00101110 (2Eh)

CS

00111110 (3Eh)

DS

00100110 (26h)

ES

00110110 (36h)

SS

01100100 (64h)

FS

01100101 (65h)

GS

 

Example

As an example, assume you want to calculate the encoding for the following statement (where warray is a 16-bit variable):

        add     warray[bx+di], -3

 

First look up the encoding for the immediate-to-memory syntax of the ADD instruction:

100000sw  mod,000,r/m  disp (0, 1, or 2)  data (0, 1, or 2)

Since the destination is a word operand, the w bit is set. The 8-bit immediate data must be sign-extended to 16 bits to fit into the operand, so the s bit is also set. The first byte of the instruction is therefore 10000011 (83h).

Since the memory operand can be anywhere in the segment, it must have a 16-bit offset (displacement). Therefore the mod field is 10. The reg field is 000, as shown in the encoding. The r/m coding for [bx+di+disp] is 001. The second byte is 10000001 (81h).

The next two bytes are the offset of warray. The low byte of the offset is stored first and the high byte second. For this example, assume that warray is located at offset 10EFh.

The last byte of the instruction is used to store the 8-bit immediate value –3 (FDh). This value is encoded as 8 bits (but sign-extended to 16 bits by the processor).

The encoding is shown here in hexadecimal:

83 81 EF 10 FD

You can confirm this by assembling the instruction and looking at the resulting assembly listing.

Interpreting 80386–80486 Encoding Extensions

This book shows 80386–80486 encodings for instructions that are available only on the 80386–80486 processors. For other instructions, encodings are shown only for the 16-bit subset available on all processors. This section tells how to convert the 80286 encodings shown in the book to 80386–80486 encodings that use extensions such as 32-bit registers and memory operands.

The extended 80386–80486 encodings differ in that they can have additional prefix bytes, a Scaled Index Base (SIB) byte, and 32-bit displacement and immediate bytes. Use of these elements is closely tied to the segment word size. The use type of the code segment determines whether the instructions are processed in 32-bit mode (USE32) or 16-bit mode (USE16). Current versions of MS-DOS® and Microsoft® Windows use 16-bit mode only. Windows NT uses 32-bit mode.

The bytes that can appear in an instruction encoding are:

 

16-Bit Encoding

Opcode

mod-reg-r/m

disp

immed

(1-2)

(0-1)

(0-2)

(0-2)

 

32-Bit Encoding

Address-Size (67h)


Operand-Size (66h)



Opcode


mod-reg-r/m

Scaled Index Base



disp



immed

(0-1)

(0-1)

(1-2)

(0-1)

(0-1)

(0-4)

(0-4)

 

Additional bytes may be added for a segment prefix, a repeat prefix, or the LOCK prefix.

Address-Size Prefix

The address-size prefix determines the segment word size of the operation. It can override the default size for calculating the displacement of memory addresses. The address prefix byte is 67h. The assembler automatically inserts this byte where appropriate.

In 32-bit mode (USE32 or FLAT code segment), displacements are calculated as 32-bit addresses. The effective address-size prefix must be used for any instructions that must calculate addresses as 16-bit displacements. In 16-bit mode, the defaults are reversed. The prefix must be used to specify calculation of 32-bit displacements.

Operand-Size Prefix

The operand-size prefix determines the size of operands. It can override the default size of registers or memory operands. The operand-size prefix byte is 66h. The assembler automatically inserts this byte where appropriate.

In 32-bit mode, the default sizes for operands are 8 bits and 32 bits (depending on the w bit). For most instructions, the operand-size prefix must be used for any instructions that use 16-bit operands. In 16-bit mode, the default sizes are 8 bits and 16 bits. The prefix must be used for any instructions that use 32-bit operands. Some instructions use 16-bit operands, regardless of mode.

Encoding Differences for 32-Bit Operations

When 32-bit operations are performed, the meaning of certain bits or fields is different from their meaning in 16-bit operations. The changes may affect default operations in 32-bit mode, or 16-bit mode operations in which the address-size prefix or the operand-size prefix is used. The following fields may have a different meaning for 32-bit operations from their meaning as described in the “Interpreting Encodings” section:

w    Word/byte bit. If set, use 32-bit operands. If clear, use 8-bit operands.

s    Sign bit. If set, sign-extend 8-bit and 16-bit immediate data to 32 bits.

mod    Mode. This field indicates the register/memory mode. The value 11 still indicates a register-to-register operation with r/m containing the code for a 32-bit source register. However, other codes have different meanings as shown in the tables in the next section.

reg    Register. The codes for 16-bit registers are extended to 32-bit registers. For example, if the reg field is 000, EAX is used instead of AX. Use of 8-bit registers is unchanged.

sreg    Segment register. The 80386 has the following additional segment registers:

sreg

Register

100

FS

101

GS

 

r/m    Register/memory. If the r/m field is used for the source register, 32-bit registers are used as for the reg field. If the field is used for memory operands, the meaning is completely different from the meaning used for 16-bit operations, as shown in the tables in the next section.

disp    Displacement. This field is 4 bytes for 32-bit addresses.

data    Data. Immediate data can be up to 4 bytes.

Scaled Index Base Byte

Many 80386–80486 extended memory operands are too complex to be represented by a single mod-reg-r/m byte. For these operands, a value of 100 in the r/m field signals the presence of a second encoding byte called the Scaled Index Base (SIB) byte. The SIB byte is made up of the following fields:

ss  index  base

ss    Scaling Field. This two-bit field specifies one of the following scaling factors:

ss

Scale

00

1

01

2

10

4

11

8

 

index    Index Register. This three-bit field specifies one of the following index registers:

index

Register

000

EAX

001

ECX

010

EDX

011

EBX

100

no index

101

EBP

110

ESI

111

EDI

 

 

Note

ESP cannot be an index register. If the index field is 100, the ss field
must be 00.

 

base    Base Register. This 3-bit field combines with the mod field to specify the base register and the displacement. Note that the base field only specifies the base when the r/m field is 100. Otherwise, the r/m field specifies the base.

The possible combinations of the mod, r/m, scale, index, and base fields are as follows:

   

If a memory operand has a segment override, the entire instruction has one of the prefixes discussed in the preceding section, “Interpreting Encodings,” or one of the following prefixes for the segment registers available only on the 80386–80486:

Prefix

Segment

01100100    (64h)

FS

01100101    (65h)

GS

 

Example

Assume you want to calculate the encoding for the following statement (where warray is a 16-bit variable). Assume that the instruction is used in 16-bit mode.

        add     warray[eax+ecx*2], -3

First look up the encoding for the immediate-to-memory syntax of the ADD instruction:

100000sw  mod,000,r/m  disp (0, 1, or 2)    data (1 or 2)

This encoding must be expanded to account for 80386–80486 extensions. Note that the instruction operates on 16-bit data in a 16-bit mode program. Therefore, the operand-size prefix is not needed. However, the instruction does use 32-bit registers to calculate a 32-bit effective address. Thus the first byte of the encoding must be the effective address-size prefix, 01100111 (67h).

The opcode byte is the same (83h) as for the 80286 example described in the “Interpreting Encodings” section.

The mod-reg-r/m byte must specify a based indexed operand with a scaling factor of two. This operand cannot be specified with a single byte, so the encoding must also use the SIB byte. The value 100 in the r/m field specifies an SIB byte. The reg field is 000, as shown in the encoding. The mod field is 10 for operands that have base and scaled index registers and a 32-bit displacement. The combined mod, reg, and r/m fields for the second byte are 10000100 (84h).

The SIB byte is next. The scaling factor is 2, so the ss field is 01. The index register is ECX, so the index field is 001. The base register is EAX, so the base field is 000. The SIB byte is 01001000 (48h).

The next 4 bytes are the offset of warray. The low bytes are stored first. For this example, assume that warray is located at offset 10EFh. This offset only requires 2 bytes, but 4 must be supplied because of the addressing mode. A 32-bit address can be safely used in 16-bit mode as long as the upper word is 0.

The last byte of the instruction is used to store the 8-bit immediate value –3 (FDh). The encoding is shown here in hexadecimal:

67 83 84 48 00 00 EF 10 FD

Instructions

This section provides an alphabetical reference to the instructions for the 8086, 8088, 80286, 80386, and 80486 processors.

 

AAA    ASCII Adjust After Addition

Adjusts the result of an addition to a decimal digit (0–9). The previous addition instruction should place its 8-bit sum in AL. If the sum is greater than 9h, AH is incremented and the carry and auxiliary carry flags are set. Otherwise, the carry and auxiliary carry flags are cleared.

Flags

 O  D  I    T   S   Z   A   P   C
?                  ?   ?   ±   ?   ±

Encoding

00110111

Syntax

Examples

CPU

Clock Cycles

AAA

aaa

88/86
286
386
486

8
3
4
3

 

 

AAD    ASCII Adjust Before Division

Converts unpacked BCD digits in AH (most significant digit) and AL (least significant digit) to a binary number in AX. This instruction is often used to prepare an unpacked BCD number in AX for division by an unpacked BCD digit in an 8-bit register.

Flags

 O  D  I    T   S   Z   A   P   C
?                  ±   ±   ?   ±   ?

Encoding

11010101    00001010

Syntax

Examples

CPU

Clock Cycles

AAD

aad

88/86
286
386
486

60
14
19
14

 

 

AAM    ASCII Adjust After Multiply

Converts an 8-bit binary number less than 100 decimal in AL to an unpacked BCD number in AX. The most significant digit goes in AH and the least significant in AL. This instruction is often used to adjust the product after a MUL instruction that multiplies unpacked BCD digits in AH and AL. It is also used to adjust the quotient after a DIV instruction that divides a binary number less than 100 decimal in AX by an unpacked BCD number.

Flags

 O  D  I    T   S   Z   A   P   C
?                  ±   ±   ?   ±   ?

Encoding

11010100    00001010

 

Syntax

Examples

CPU

Clock Cycles

AAM

aam

88/86
286
386
486

83
16
17
15

 

 

AAS    ASCII Adjust After Subtraction

Adjusts the result of a subtraction to a decimal digit (0–9). The previous subtraction instruction should place its 8-bit result in AL. If the result is greater than 9h, AH is decremented and the carry and auxiliary carry flags are set. Otherwise, the carry and auxiliary carry flags are cleared.

Flags

 O  D  I    T   S   Z   A   P   C
?                  ?   ?   ±   ?   ±

Encoding

00111111

 

Syntax

Examples

CPU

Clock Cycles

AAS

aas

88/86
286
386
486

8
3
4
3

 

 

ADC    Add with Carry

Adds the source operand, the destination operand, and the value of the carry flag. The result is assigned to the destination operand. This instruction is used to add the more significant portions of numbers that must be added in multiple registers.

Flags

 O  D  I    T   S   Z   A   P   C
±                 ±   ±   ±   ±   ±

Encoding

000100dw    mod,reg,r/m    disp (0, 1, or 2)

 

Syntax

Examples

CPU

Clock Cycles

ADC  reg,reg

adc  dx,cx

88/86
286
386
486

3
2
2
1

ADC  mem,reg

adc  WORD PTR m32[2],dx

88/86
286
386
486

16+EA (W88=24+EA)
7
7
3

ADC  reg,mem

adc  dx,WORD PTR m32[2]

88/86
286
386
486

9+EA (W88=13+EA)
7
6
2

 

Encoding

100000sw    mod, 010,r/m    disp (0, 1, or 2)    data (1 or 2)

Syntax

Examples

CPU

Clock Cycles

ADC  reg,immed

adc  dx,12

88/86
286
386
486

4
3
2
1

ADC  mem,immed

adc  WORD PTR m32[2],16

88/86
286
386
486

17+EA (W88=23+EA)
7
7
3

 

Encoding

0001010w    data (1 or 2)

Syntax

Examples

CPU

Clock Cycles

ADC  accum,immed

adc  ax,5

88/86
286
386
486

4
3
2
1

 

 

ADD    Add

Adds the source and destination operands and puts the sum in the destination operand.

Flags

 O  D  I    T   S   Z   A   P   C
±                 ±   ±   ±   ±   ±

Encoding

000000dw    mod,reg,r/m    disp (0, 1, or 2)

Syntax

Examples

CPU

Clock Cycles

ADD  reg,reg

add  ax,bx

88/86
286
386
486

3
2
2
1

ADD  mem, reg

add  total, cx
add  array[bx+di], dx

88/86
286
386
486

16+EA (W88=24+EA)
7
7
3

ADD  reg,mem

add  cx,incr
add  dx,[bp+6]

88/86
286
386
486

9+EA (W88=13+EA)
7
6
2

 

Encoding

100000sw    mod, 000,r/m    disp (p,1, or2)    data (1or2)

Syntax

Examples

CPU

Clock Cycles

ADD  reg,immed

add  bx,6

88/86
286
386
486

4
3
2
1

ADD  mem,immed

add  amount,27
add  pointers[bx][si],6

88/86
286
386
486

17+EA (W88=23+EA)
7
7
3

 

Encoding

0000010w    data (1 or 2)

Syntax

Examples

CPU

Clock Cycles

ADD  accum,immed

add  ax,10

88/86
286
386
486

4
3
2
1

 

 

AND    Logical AND

Performs a bitwise AND operation on the source and destination operands and stores the result in the destination operand. For each bit position in the operands, if both bits are set, the corresponding bit of the result is set. Otherwise, the corresponding bit of the result is cleared.

Flags

 O  D  I    T   S   Z   A   P   C
0                 ±   ±   ?   ±   0

Encoding

001000dw    mod,reg,r/m    disp (0, 1, or 2)

Syntax

Examples

CPU

Clock Cycles

AND  reg,reg

and  dx,bx

88/86
286
386
486

3
2
2
1

AND  mem,reg

and  bitmask,bx
and  [bp+2],dx

88/86
286
386
486

16+EA (W88=24+EA)
7
7
3

AND  reg,mem

and  bx,masker
and  dx,marray[bx+di]

88/86
286
386
486

9+EA (W88=13+EA)
7
6
2

 

Encoding

100000sw    mod, 100, r/m    disp (0, 1, or 2)    data (1 or 2)

Syntax

Examples

CPU

Clock Cycles

AND  reg,immed

and  dx,0F7h

88/86
286
386
486

4
3
2
1

AND  mem,immed

and  masker, 100lb

88/86
286
386
486

17+EA(W88=24+EA)
7
7
3

 

Encoding

0010010w    data (1 or 2)

Syntax

Examples

CPU

Clock Cycles

AND  accum,immed

and  ax,0B6h

88/86
286
386
486

4
3
2
1

 

 

ARPL    Adjust Requested Privilege Level

80286–80486 Protected Only    Verifies that the destination Requested Privilege Level (RPL) field (bits 0 and 1 of a selector value) is less than the source RPL field. If it is not, ARPL adjusts the destination RPL to match the source RPL. The destination operand should be a 16-bit memory or register operand containing the value of a selector. The source operand should be a 16-bit register containing the test value. The zero flag is set if the destination is adjusted; otherwise, the flag is cleared. ARPL is useful only in 80286–80486 protected mode. See Intel documentation for details on selectors and privilege levels.

Flags

 O  D  I    T   S   Z   A   P   C
                        ±           

Encoding

01100011    mod,reg,r/m    disp (0, 1, or 2)

Syntax

Examples

CPU

Clock Cycles

ARPL  reg,reg

arpl  ax,cx

88/86
286
386
486


10
20
9

ARPL  mem,reg

arpl  selector,dx

88/86
286
386
486


11
21
9

 

 

BOUND    Check Array Bounds

80286–80486 Only    Verifies that a signed index value is within the bounds of an array. The destination operand can be any 16-bit register containing the index to be checked. The source operand must then be a 32-bit memory operand in which the low and high words contain the starting and ending values, respectively, of the array. (On the 80386–80486 processors, the destina–tion operand can be a 32-bit register; in this case, the source operand must be a 64-bit operand made up of 32-bit bounds.) If the source operand is less than the first bound or greater than the last bound, an interrupt 5 is generated. The instruction pointer pushed by the interrupt (and returned by IRET) points to the BOUND in–struction rather than to the next instruction.

Flags

No change

Encoding

01100010    mod,reg, r/m    disp (2)

Syntax

Examples

CPU

Clock Cycles

BOUND  reg16,mem32
BOUND  reg32,mem64*

bound  di,base-4

88/86
286
386
486


noj=13†
noj=10†
noj=7

 

* 80386–80486 only.

† See INT for timings if interrupt 5 is called.

 

BSF/BSR    Bit Scan

80386–80486 Only    Scans an operand to find the first set bit. If a set bit is found, the zero flag is cleared and the destination operand is loaded with the bit index of the first set bit encountered. If no set bit is found, the zero flag is set. BSF (Bit Scan Forward) scans from bit 0 to the most significant bit. BSR (Bit Scan Reverse) scans from the most significant bit of an operand to bit 0.

Flags

 O  D  I    T   S   Z   A   P   C
                        ±           

Encoding

00001111    10111100    mod, reg, r/m    disp (0, 1, 2, or 4)

Syntax

Examples

CPU

Clock Cycles

BSF  reg16,reg16
BSF  reg32,reg32

bsf  cx,bx

88/86
286
386
486



10+3n*
6–42†

BSF  reg16,mem16
BSF  reg32,mem32

bsf  ecx,bitmask

88/86
286
386
486



10+3n*
7–43§

 

 

Encoding

00001111    10111101    mod, reg, r/m    disp (0, 1, 2, or 4)

Syntax

Examples

CPU

Clock Cycles

BSR  reg16,reg16
BSR  reg32,reg32

bsr  cx,dx

88/86
286
386
486



10+3n*
103 – 3n#

BSR  reg16,mem16
BSR  reg32,mem32

bsr  eax,bitmask

88/86
286
386
486



10+3n*
104 – 3n#

 

* n = bit position from 0 to 31.
clocks = 6 if second operand equals 0.

† Clocks = 8 +
                4 for each byte scanned +
                3 for each nibble scanned +
                3 for each bit scanned in last nibble
                   or 6 if second operand equals 0.

§ Same as footnote above, but add 1 clock.

# n = bit position from 0 to 31.
clocks = 7 if second operand equals 0.

 

BSWAP    Byte Swap

80486 Only    Takes a single 32-bit register as operand and exchanges the first byte with the fourth, and the second byte with the third. This instruction does not alter any bit values within the bytes and is useful for quickly translating between 8086-family byte storage and storage schemes in which the high byte is stored first.

Flags

 No change

Encoding

00001111    11001 reg

Syntax

Examples

CPU

Clock Cycles

BSWAP reg32

bswap  eax
bswap  ebx

88/86
286
386
486




1

 

 

BT/BTC/BTR/BTS    Bit Tests

80386–80486 Only    Copies the value of a specified bit into the carry flag, where it can be tested by a JC or JNC instruction. The destination operand specifies the value in which the bit is located; the source operand specifies the bit position. BT simply copies the bit to the flag. BTC copies the bit and complements (toggles) it in the destination. BTR copies the bit and resets (clears) it in the destination. BTS copies the bit and sets it in the destination.

Flags

 O  D  I    T   S   Z   A   P   C
                                      ±

Encoding

00001111    10111010    mod, BBB*,r/m    disp (0, 1, 2, or 4)    data (1)

Syntax

Examples

CPU

Clock Cycles

BT  reg16,immed8

bt    ax,4

88/86
286
386
486



3
3

BTC  reg16,immed8
BTR  reg16,immed8
BTS  reg16,immed8

bts   ax,4
btr   bx,17
btc   edi,4

88/86
286
386
486



6
6

BT  mem16,immed8

btr   DWORD PTR [si],27
btc   color[di],4

88/86
286
386
486



6
3

BTC  mem16,immed8
BTR  mem16,immed8
BTS  mem16,immed8

btc   DWORD PTR [bx],27
btc   maskit,4
btr   color[di],4

88/86
286
386
486



8
8

 

Encoding

00001111    10BBB011*    mod, reg, r/m    disp (0, 1, 2, or 4)

Syntax

Examples

CPU

Clock Cycles

BT  reg16,reg16

bt   ax,bx

88/86
286
386
486



3
3

BTC  reg16,reg16
BTR  reg16,reg16
BTS  reg16,reg16

btc  eax,ebx
bts  bx,ax
btr  cx,di

88/86
286
386
486



6
6

 

Syntax

Examples

CPU

Clock Cycles

BT  mem16,reg16

bt   [bx],dx

88/86
286
386
486



12
8

BTC  mem16,reg16
BTR  mem16,reg16
BTS  mem16,reg16

bts  flags[bx],cx
btr  rotate,cx
btc  [bp+8],si

88/86
286
386
486



13
13

 

* BBB is 100 for BT, 111 for BTC, 110 for BTR, and 101 for BTS.

† Operands also can be 32 bits (reg32 and mem32).

 

CALL    Call Procedure

Calls a procedure. The instruction pushes the address of the next instruction onto the stack and jumps to the address specified by the operand. For NEAR calls, the offset (IP) is pushed and the new offset is loaded into IP.

For FAR calls, the segment (CS) is pushed and the new segment is loaded into CS. Then the offset (IP) is pushed and the new offset is loaded into IP. A subsequent RET instruction can pop the address so that execution continues with the instruction following the call.

Flags

 No change

Encoding

11101000    disp (2)

Syntax

Examples

CPU

Clock Cycles

CALL  label

call  upcase

88/86
286
386
486

19 (88=23)
7+m
7+m
3

 

Encoding

10011010    disp (4)

Syntax

Examples

CPU

Clock Cycles

CALL  label

call  FAR PTR job
call  distant

88/86
286
386
486

28 (88=36)
13+m,pm=26+m*
17+m,pm=34+m*
18,pm=20*

 

Encoding

11111111    mod,010,r/m

Syntax

Examples

CPU

Clock Cycles

CALL  reg

call  ax

88/86
286
386
486

16 (88=20)
7+m
7+m
5

CALL  mem16

call  pointer

88/86

21+EA (88=29+EA)

CALL  mem32

call  [bx]

286
386
486

11+m
10+m
5

 

Encoding

11111111    mod,011,r/m

Syntax

Examples

CPU

Clock Cycles

 

CALL  mem32

call  far_table[di]

88/86

37+EA (88=53+EA)

CALL  mem48

call  DWORD PTR [bx]

286
386
486

16+m,pm=29+m*
22+m,pm=38+m*
17,pm=20*

 

* Timings for calls through call and task gates are not shown, since they are used primarily in operating systems.

† 80386–80486 32-bit addressing mode only.

 

CBW    Convert Byte to Word

Converts a signed byte in AL to a signed word in AX by extending the sign bit of AL into all bits of AH.

Flags

 No change

Encoding

10011000*

Syntax

Examples

CPU

Clock Cycles

CBW

cbw

88/86
286
386
486

2
2
3
3

 

* CBW and CWDE have the same encoding with two exceptions: in 32-bit mode, CBW is preceded by the operand-size byte (66h) but CWDE is not; in 16-bit mode, CWDE is preceded by the operand-size byte but CBW is not.

 

CDQ    Convert Double to Quad

80386–80486 Only    Converts the signed doubleword in EAX to a signed quadword in the EDX:EAX register pair by extending the sign bit of EAX into all bits of EDX.

Flags

 No change

Encoding

10011001*

Syntax

Examples

CPU

Clock Cycles

CDQ

cdq

88/86
286
386
486



2
3

 

* CWD and CDQ have the same encoding with two exceptions: in 32-bit mode, CWD is preceded by the operand-size byte (66h) but CDQ is not; in 16-bit mode, CDQ is preceded by the operand-size byte but CWD is not.

 

CLC    Clear Carry Flag

Clears the carry flag.

Flags

 O  D  I    T   S   Z   A   P   C
                                      0

Encoding

11111000

Syntax

Examples

CPU

Clock Cycles

CLC

clc

88/86
286
386
486

2
2
2
2

 

 

CLD    Clear Direction Flag

Clears the direction flag. All subsequent string instructions will process up (from low addresses to high addresses) by increasing the appropriate index registers.

Flags

 O  D  I    T   S   Z   A   P   C
     0

Encoding

11111100

Syntax

Examples

CPU

Clock Cycles

CLD

cld

88/86
286
386
486

2
2
2
2

 

 

CLI    Clear Interrupt Flag

Clears the interrupt flag. When the interrupt flag is cleared, maskable interrupts are not recognized until the flag is set again with the STI instruction. In protected mode, CLI clears the flag only if the current task’s privilege level is less than or equal to the value of the IOPL flag. Otherwise, a general-protection fault occurs.

Flags

 O  D  I    T   S   Z   A   P   C
          0                          

Encoding

11111010

Syntax

Examples

CPU

Clock Cycles

CLI

cli

88/86
286
386
486

2
3
3
5

 

 

CLTS    Clear Task-Switched Flag

80286–80486 Privileged Only    Clears the task-switched flag in the Machine Status Word (MSW) of the 80286, or the CR0 register of the 80386–80486. This instruction can be used only in system software executing at privilege level 0. See Intel documentation for details on the task-switched flag and other privileged-mode concepts.

Flags

 No change

Encoding

00001111    00000110

Syntax

Examples

CPU

Clock Cycles

CLTS

clts

88/86
286
386
486


2
5
7

 

 

CMC    Complement Carry Flag

Complements (toggles) the carry flag.

Flags

 O  D  I    T   S   Z   A   P   C
                                      ±

Encoding

11110101

Syntax

Examples

CPU

Clock Cycles

CMC

cmc

88/86
286
386
486

2
2
2
2

 

 

CMP    Compare Two Operands

Compares two operands as a test for a subsequent conditional-jump or set instruction. CMP does this by subtracting the source operand from the destination operand and setting the flags according to the result. CMP is the same as the SUB instruction, except that the result is not stored.

Flags

 O  D  I    T   S   Z   A   P   C
±                 ±   ±   ±   ±   ±

Encoding

001110dw    mod, reg, r/m    disp (0, 1, or 2)

Syntax

Examples

CPU

Clock Cycles

CMP  reg,reg

cmp  di,bx
cmp  dl,cl

88/86
286
386
486

3
2
2
1

CMP  mem,reg

cmp  maximum,dx
cmp  array[si],bl

88/86
286
386
486

9+EA (W88=13+EA)
7
5
2

CMP  reg,mem

cmp  dx,minimum
cmp  bh,array[si]

88/86
286
386
486

9+EA (W88=13+EA)
6
6
2

 

Encoding

100000sw    mod, 111,r/m    disp (0, 1, or 2)    data (1 or 2)

Syntax

Examples

CPU

Clock Cycles

CMP  reg,immed

cmp  bx,24

88/86
286
386
486

4
3
2
1

CMP  mem,immed

cmp  WORD PTR [di],4
cmp  tester,4000

88/86
286
386
486

10+EA (W88=14+EA)
6
5
2

 

Encoding

0011110w    data (1 or 2)

Syntax

Examples

CPU

Clock Cycles

CMP  accum,immed

cmp  ax,1000

88/86
286
386
486

4
3
2
1

 

 

CMPS/CMPSB/CMPSW/CMPSD    Compare String

Compares two strings. DS:SI must point to the source string and ES:DI must point to the destination string (even if operands are given). For each comparison, the destination element is subtracted from the source element and the flags are updated to reflect the result (although the result is not stored). DI and SI are adjusted according to the size of the operands and the status of the direction flag. They are increased if the direction flag has been cleared with CLD, or decreased if the direction flag has been set with STD.

If the CMPS form of the instruction is used, operands must be provided to indicate the size of the data elements to be processed. A segment override can be given for the source (but not for the destination). If CMPSB (bytes), CMPSW (words), or CMPSD (doublewords on the 80386–80486 only) is used, the instruction determines the size of the data elements to be processed.

CMPS and its variations are normally used with repeat prefixes. REPNE (or REPNZ) is used to find the first match between two strings. REPE (or REPZ) is used to find the first mismatch. Before the comparison, CX should contain the maximum number of elements to compare. After a REPNE CMPS, the zero flag is clear if no match was found. After a REPE CMPS, the zero flag is set if no mismatch was found.

When the instruction finishes, ES:DI and DS:SI point to the element that follows (if the direction flag is clear) or precedes (if the direction flag is set) the match or mismatch. If CX decrements to 0, ES:DI and DS:SI point to the element that follows or precedes the last comparison. The zero flag is set or clear according to the result of the last comparison, not according to the value of CX.

Flags

 O  D  I    T   S   Z   A   P   C
±                 ±   ±   ±   ±   ±

Encoding

1010011w

Syntax

Examples

CPU

Clock Cycles

CMPS [[segreg:]] src, [[ES:]] dest
CMPSB [[[[segreg:[[ src, ]]ES:]] dest]]
CMPSW [[[[segreg:[[ src, ]]ES:]] dest]]
CMPSD [[[[segreg:[[ src, ]]ES:]] dest]]

cmps   source,es:dest
repne  cmpsw
repe   cmpsb
repne  cmpsd

88/86
286
386
486

22 (W88=30)
8
10
8

 

 

CMPXCHG    Compare and Exchange

80486 Only    Compares the destination operand to the accumulator (AL, AX, or EAX). If equal, the source operand is copied to the destination. Otherwise, the destination is copied to the accumulator. The instruction sets flags according to the result of the comparison.

Flags

 O  D  I    T   S   Z   A   P   C
±                 ±   ±   ±   ±   ±

Encoding

00001111    1011000b    mod, reg, r/m    disp (0, 1, or 2)

Syntax

Examples

CPU

Clock Cycles

CMPXCHG mem,reg

cmpxchg  warr[bx],cx
cmpxchg  string,bl

88/86
286
386
486




7–10

CMPXCHG reg,reg

cmpxchg  dl,cl
cmpxchg  bx,dx

88/86
286
386
486




6

 

 

CWD    Convert Word to Double

Converts the signed word in AX to a signed doubleword in the DX:AX register pair by extending the sign bit of AX into all bits of DX.

Flags

 O  D  I    T   S   Z   A   P   C
±                 ±   ±   ±   ±   ±

Encoding

10011001*

Syntax

Examples

CPU

Clock Cycles

CWD

cwd

88/86
286
386
486

5
2
2
3

 

* CWD and CDQ have the same encoding with two exceptions: in 32-bit mode, CWD is preceded by the operand-size byte (66h) but CDQ is not; in 16-bit mode, CDQ is preceded by the operand-size byte but CWD is not.

 

CWDE    Convert Word to Extended Double

80386–80486 Only    Converts a signed word in AX to a signed doubleword in EAX by extending the sign bit of AX into all bits of EAX.

Flags

 No change

Encoding

10011000*

Syntax

Examples

CPU

Clock Cycles

CWDE

cwde

88/86
286
386
486



3
3

 

* CBW and CWDE have the same encoding with two exceptions: in 32-bit mode, CBW is preceded by the operand-size byte (66h) but CWDE is not; in 16-bit mode, CWDE is preceded by the operand-size byte but CBW is not.

 

DAA    Decimal Adjust After Addition

Adjusts the result of an addition to a packed BCD number (less than 100 decimal). The previous addition instruction should place its 8-bit binary sum in AL. DAA converts this binary sum to packed BCD format with the least significant decimal digit in the lower four bits and the most significant digit in the upper four bits. If the sum is greater than 99h after adjustment, the carry and auxiliary carry flags are set. Otherwise, the carry and auxiliary carry flags are cleared.

Flags

 O  D  I    T   S   Z   A   P   C
?                  ±   ±   ±   ±   ±

Encoding

00100111

Syntax

Examples

CPU

Clock Cycles

DAA

daa

88/86
286
386
486

4
3
4
2

 

 

DAS    Decimal Adjust After Subtraction

Adjusts the result of a subtraction to a packed BCD number (less than 100 decimal). The previous subtraction instruction should place its 8-bit binary result in AL. DAS converts this binary sum to packed BCD format with the least significant decimal digit in the lower four bits and the most significant digit in the upper four bits. If the sum is greater than 99h after adjustment, the carry and auxiliary carry flags are set. Otherwise, the carry and auxiliary carry flags are cleared.

Flags

 O  D  I    T   S   Z   A   P   C
?                  ±   ±   ±   ±   ±

Encoding

00101111

Syntax

Examples

CPU

Clock Cycles

DAS

das

88/86
286
386
486

4
3
4
2

 

 

DEC    Decrement

Subtracts 1 from the destination operand. Because the operand is treated as an unsigned integer, the DEC instruction does not affect the carry flag. To detect any effects on the carry flag, use the SUB instruction.

Flags

 O  D  I    T   S   Z   A   P   C
±                 ±   ±   ±   ±

Encoding

1111111w    mod, 001,r/m    disp (0, 1, or 2)

Syntax

Examples

CPU

Clock Cycles

DEC  reg8

dec  cl

88/86
286
386
486

3
2
2
1

DEC  mem

dec  counter

88/86
286
386
486

15+EA (W88=23+EA)
7
6
3

 

Encoding

01001 reg

Syntax

Examples

CPU

Clock Cycles

DEC  reg16

dec  ax

88/86

3

DEC  reg32*

286
386
486

2
2
1

 

* 80386–80486 only.

 

DIV    Unsigned Divide

Divides an implied destination operand by a specified source operand. Both operands are treated as unsigned numbers. If the source (divisor) is 16 bits wide, the implied destination (dividend) is the DX:AX register pair. The quotient goes into AX and the remainder into DX. If the source is 8 bits wide, the implied destination operand is AX. The quotient goes into AL and the remainder into AH. On the 80386–80486, if the source is EAX, the quotient goes into EAX and the remainder into EDX.

Flags

 O  D  I    T   S   Z   A   P   C
?                  ?   ?   ?   ?   ?

Encoding

1111011w    mod, 110,r/m    disp (0, 1, or 2)

Syntax

Examples

CPU

Clock Cycles

DIV  reg

div  cx
div  dl

88/86
286
386
486

b=80–90,w=144–162
b=14,w=22
b=14,w=22,d=38
b=16,w=24,d=40

DIV  mem

div  [bx]
div  fsize

88/86

286
386
486

(b=86–96,w=150–168)+EA*
b=17,w=25
b=17,w=25,d=41
b=16,w=24,d=40

 

* Word memory operands on the 8088 take (158–176)+EA clocks.

 

ENTER    Make Stack Frame

80286-80486 Only    Creates a stack frame for a procedure that receives parameters passed on the stack. When immed16 is 0, ENTER is equivalent to push bp, followed by mov bp,sp. The first operand of the ENTER instruction specifies the number of bytes to reserve for local variables. The second operand specifies the nesting level for the procedure. The nesting level should be 0 for languages that do not allow access to local variables of higher-level procedures (such as C, Basic, and FORTRAN). See the complementary instruction LEAVE for a method of exiting from a procedure.

Flags

 No change

Encoding

11001000    data (2)    data (1)

Syntax

Examples

CPU

Clock Cycles

ENTER  immed16,0

enter 4,0

88/86
286
386
486


11
10
14

ENTER  immed16,1

enter 0,1

88/86
286
386
486


15
12
17

ENTER  immed16,immed8

enter 6,4

88/86
286
386
486


12+4(n – 1)
15+4(n – 1)
17+3n

 

 

HLT    Halt

Stops CPU execution until an interrupt restarts execution at the instruction following HLT. In protected mode, this instruction works only in privileged mode.

Flags

 No change

Encoding

11110100

Syntax

Examples

CPU

Clock Cycles

HLT

hlt

88/86
286
386
486

2
2
5
4

 

IDIV    Signed Divide

Divides an implied destination operand by a specified source operand. Both operands are treated as signed numbers. If the source (divisor) is 16 bits wide, the implied destination (dividend) is the DX:AX register pair. The quotient goes into AX and the remainder into DX. If the source is 8 bits wide, the implied destination is AX. The quotient goes into AL and the remainder into AH. On the 80386–80486, if the source is EAX, the quotient goes into EAX and the remainder into EDX.

Flags

 O  D  I    T   S   Z   A   P   C
?                  ?   ?   ?   ?   ?

Encoding

1111011w    mod, 111,r/m    disp (0, 1, or 2)

Syntax

Examples

CPU

Clock Cycles

IDIV  reg

idiv  bx
idiv  dl

88/86

286
386
486

b=101–112,w=
165–184
b=17,w=25
b=19,w=27,d=43
b=19,w=27,d=43

IDIV  mem

idiv  itemp

88/86

286
386
486

(b=107–118,w=171–
190)+EA*
b=20,w=28
b=22,w=30,d=46
b=20,w=28,d=44

 

* Word memory operands on the 8088 take (175–194)+EA clocks.

 

IMUL    Signed Multiply

Multiplies an implied destination operand by a specified source operand. Both operands are treated as signed numbers. If a single 16-bit operand is given, the implied destination is AX and the product goes into the DX:AX register pair. If a single 8-bit operand is given, the implied destination is AL and the product goes into AX. On the 80386–80486, if the operand is EAX, the product goes into the EDX:EAX register pair. The carry and overflow flags are set if the product is sign-extended into DX for 16-bit operands, into AH for 8-bit operands, or into EDX for 32-bit operands.

 

Two additional syntaxes are available on the 80186–80486 processors. In the two-operand form, a 16-bit register gives one of the factors and serves as the destination for the result; a source constant specifies the other factor. In the three-operand form, the first operand is a 16-bit register where the result will be stored, the second is a 16-bit register or memory operand containing one of the factors, and the third is a constant representing the other factor. With both variations, the overflow and carry flags are set if the result is too large to fit into the 16-bit destination register. Since the low 16 bits of the product are the same for both signed and unsigned multiplication, these syntaxes can be used for either signed or unsigned numbers. On the 80386–80486, the operands can be either 16 or 32 bits wide.

A fourth syntax is available on the 80386–80486. Both the source and destination operands can be given specifically. The source can be any 16- or 32-bit memory operand or general-purpose register. The destination can be any general-purpose register of the same size. The overflow and carry flags are set if the product does not fit in the destination.

Flags

 O  D  I    T   S   Z   A   P   C
±                 ?   ?   ?   ?   ±

Encoding

1111011w    mod, 101,r/m    disp (0, 1, or 2)

Syntax

Examples

CPU

Clock Cycles

IMUL  reg

imul  dx

88/86
286
386
486

b=80–98,w=128–154
b=13,w=21
b=9–14,w=9–22,d=9–38*
b=13–18,w=13–26,d=13–42

IMUL  mem

imul  factor

88/86
286
386
486

(b=86–104,w=134–160)+EA
b=16,w=24
b=12–17,w=12–25,d=12–41*
b=13–18,w=13–26, d=13–42

 

* The 80386–80486 processors have an early-out multiplication algorithm. Therefore, multiplying an
8-bit or 16-bit value in EAX takes the same time as multiplying the value in AL or AX.

† Word memory operands on the 8088 take (138–164)+EA clocks.

 

Encoding

011010s1    mod, reg, r/m    disp (0, 1, or 2)    data (1 or 2)

Syntax

Examples

CPU

Clock Cycles