Volume 2 System Programming (794096), страница 23
Текст из файла (страница 23)
3.13—July 2007AMD64 TechnologyAddress-Size Overrides. In 64-bit mode, the default-address size is 64 bits. The address size can beoverridden to 32 bits by using the address-size prefix (67h). 16-bit addresses are not supported in 64bit mode. In compatibility mode and legacy mode, address-size overrides function the same as in x86legacy architecture.Displacements and Immediates. Generally, displacement and immediate values in 64-bit mode arenot extended to 64 bits. They are still limited to 32 bits and are sign extended during effective-addresscalculations. In 64-bit mode, however, support is provided for some 64-bit displacement andimmediate forms of the MOV instruction.Zero Extending 16-Bit and 32-Bit Addresses. All 16-bit and 32-bit address calculations are zero-extended in long mode to form 64-bit addresses.
Address calculations are first truncated to theeffective-address size of the current mode (64-bit mode or compatibility mode), as overridden by anyaddress-size prefix. The result is then zero-extended to the full 64-bit address width.RIP-Relative Addressing. A new addressing form, RIP-relative (instruction-pointer relative)addressing, is implemented in 64-bit mode. The effective address is formed by adding thedisplacement to the 64-bit RIP of the next instruction.2.5.5 Instructions that Reference RSPWith the exception of far branches, all instructions that implicitly reference the 64-bit stack pointer,RSP, default to a 64-bit operand size in 64-bit mode (see Table 2-1 on page 31 for a listing).
Pushes andpops of 32-bit stack values are not possible in 64-bit mode with these instructions, but they can beoverridden to 16 bits.Table 2-1. Instructions That Reference RSPMnemonicENTERLEAVEPOP reg/memPOP regOpcode(hex)DescriptionC8Create Procedure Stack FrameC9Delete Procedure Stack Frame8F/0Pop Stack (register or memory)58-5FPop Stack (register)POP FS0F A1Pop Stack into FS Segment RegisterPOP GS0F A9Pop Stack into GS Segment RegisterPOPF, POPFD, POPFQ9DPop to rFLAGS Word, Doubleword, or QuadwordPUSH imm3268Push onto Stack (sign-extended doubleword)PUSH imm86APush onto Stack (sign-extended byte)PUSH reg/memFF/6Push onto Stack (register or memory)PUSH reg50-57Push onto Stack (register)PUSH FS0F A0Push FS Segment Register onto StackPUSH GS0F A8Push GS Segment Register onto StackPUSHF, PUSHFD, PUSHFQ9Cx86 and AMD64 Architecture DifferencesPush rFLAGS Word, Doubleword, or Quadword onto Stack31AMD64 Technology24593—Rev.
3.13—July 20072.5.6 BranchesThe AMD64 architecture expands two branching mechanisms to accommodate branches in the full 64bit virtual-address space:••In 64-bit mode, near-branch semantics are redefined.In both 64-bit and compatibility modes, a 64-bit call-gate descriptor is defined for far calls.In addition, enhancements are made to the legacy SYSCALL and SYSRET instructions.Near Branches. In 64-bit mode, the operand size for all near branches defaults to 64 bits (seeTable 2-2 for a listing). Therefore, these instructions update the full 64-bit RIP without the need for aREX operand-size prefix.
The following aspects of near branches default to 64 bits:••••Truncation of the instruction pointer.Size of a stack pop or stack push, resulting from a CALL or RET.Size of a stack-pointer increment or decrement, resulting from a CALL or RET.Size of operand fetched by indirect-branch operand size.The operand size for near branches can be overridden to 16 bits in 64-bit mode.Table 2-2.64-Bit Mode Near Branches, Default 64-Bit Operand SizeMnemonicCALLOpcode(hex)E8, FF/2JccmanyJMPE9, EB, FF/4LOOPE2DescriptionCall Procedure NearJump Conditional NearJump NearLoopLOOPccE0, E1Loop ConditionalRETC3, C2Return From Call (near)The address size of near branches is not forced in 64-bit mode.
Such addresses are 64 bits by default,but they can be overridden to 32 bits by a prefix.The size of the displacement field for relative branches is still limited to 32 bits.Far Branches Through Long-Mode Call Gates. Long mode redefines the 32-bit call-gatedescriptor type as a 64-bit call-gate descriptor and expands the call-gate descriptor size to hold a 64-bitoffset. The long-mode call-gate descriptor allows far branches to reference any location in thesupported virtual-address space. In long mode, the call-gate mechanism is changed as follows:••32In long mode, CALL and JMP instructions that reference call-gates must reference 64-bit callgates.A 64-bit call-gate descriptor must reference a 64-bit code-segment.x86 and AMD64 Architecture Differences24593—Rev. 3.13—July 2007•AMD64 TechnologyWhen a control transfer is made through a 64-bit call gate, the 64-bit target address is read from the64-bit call-gate descriptor.
The base address in the target code-segment descriptor is ignored.Stack Switching. Automatic stack switching is also modified when a control transfer occurs througha call gate in long mode:••••The target-stack pointer read from the TSS is a 64-bit RSP value.The SS register is loaded with a null selector. Setting the new SS selector to null allows nestedcontrol transfers in 64-bit mode to be handled properly. The SS.RPL value is updated to remainconsistent with the newly loaded CPL value.The size of pushes onto the new stack is modified to accommodate the 64-bit RIP and RSP values.Automatic parameter copying is not supported in long mode.Far Returns.
In long mode, far returns can load a null SS selector from the stack under the followingconditions:••The target operating mode is 64-bit mode.The target CPL<3.Allowing RET to load SS with a null selector under these conditions makes it possible for theprocessor to unnest far CALLs (and interrupts) in long mode.Task Gates. Control transfers through task gates are not supported in long mode.Branches to 64-Bit Offsets. Because immediate values are generally limited to 32 bits, the only waya full 64-bit absolute RIP can be specified in 64-bit mode is with an indirect branch.
For this reason,direct forms of far branches are eliminated from the instruction set in 64-bit mode.SYSCALL and SYSRET Instructions. The AMD64 architecture expands the function of the legacySYSCALL and SYSRET instructions in long mode. In addition, two new STAR registers, LSTAR andCSTAR, are provided to hold the 64-bit target RIP for the instructions when they are executed in longmode.
The legacy STAR register is not expanded in long mode. See “SYSCALL and SYSRET” onpage 148 for additional information.SWAPGS Instruction. The AMD64 architecture provides the SWAPGS instruction as a fast methodfor system software to load a pointer to system data-structures. SWAPGS is valid only in 64-bit mode.An undefined-opcode exception (#UD) occurs if software attempts to execute SWAPGS in legacymode or compatibility mode. See “SWAPGS Instruction” on page 150 for additional information.SYSENTER and SYSEXIT Instructions. The SYSENTER and SYSEXIT instructions are invalid inlong mode, and result in an invalid opcode exception (#UD) if software attempts to use them. Softwareshould use the SYSCALL and SYSRET instructions when running in long mode.
See “SYSENTERand SYSEXIT (Legacy Mode Only)” on page 150 for additional information.x86 and AMD64 Architecture Differences33AMD64 Technology24593—Rev. 3.13—July 20072.5.7 NOP InstructionThe legacy x86 architecture commonly uses opcode 90h as a one-byte NOP.
In 64-bit mode, theprocessor treats opcode 90h specially in order to preserve this NOP definition. This is necessarybecause opcode 90h is actually the XCHG EAX, EAX instruction in the legacy architecture. Withoutspecial handling in 64-bit mode, the instruction would not be a true no-operation. Therefore, in 64-bitmode the processor treats opcode 90h (the legacy XCHG EAX, EAX instruction) as a true NOP,regardless of a REX operand-size prefix.This special handling does not apply to the two-byte ModRM form of the XCHG instruction. Unless a64-bit operand size is specified using a REX prefix byte, using the two-byte form of XCHG toexchange a register with itself does not result in a no-operation, because the default operation size is 32bits in 64-bit mode.2.5.8 Single-Byte INC and DEC InstructionsIn 64-bit mode, the legacy encodings for the 16 single-byte INC and DEC instructions (one for each ofthe eight GPRs) are used to encode the REX prefix values.
The functionality of these INC and DECinstructions is still available, however, using the ModRM forms of those instructions (opcodes FF /0and FF /1). See “Single-Byte INC and DEC Instructions in 64-Bit Mode” in Volume 3 for additionalinformation.2.5.9 MOVSXD InstructionMOVSXD is a new instruction in 64-bit mode (the legacy ARPL instruction opcode, 63h, is reassignedas the MOVSXD opcode). It reads a fixed-size 32-bit source operand from a register or memory and (ifa REX prefix is used with the instruction) sign-extends the value to 64 bits.
MOVSXD is analogous tothe MOVSX instruction, which sign-extends a byte to a word or a word to a doubleword, depending onthe effective operand size. See “General-Purpose Instruction Reference” in Volume 3 for additionalinformation.2.5.10 Invalid InstructionsTable 2-3 on page 34 lists instructions that are illegal in 64-bit mode. Table 2-4 on page 35 listsinstructions that are invalid in long mode (both compatibility mode and 64-bit mode). Attempted useof these instructions causes an invalid-opcode exception (#UD) to occur.Table 2-3.Invalid Instructions in 64-Bit ModeMnemonic34Opcode(hex)DescriptionAAA37ASCII Adjust After AdditionAADD5ASCII Adjust Before DivisionAAMD4ASCII Adjust After MultiplyAAS3FASCII Adjust After SubtractionBOUND62Check Array Boundsx86 and AMD64 Architecture Differences24593—Rev.
3.13—July 2007Table 2-3.AMD64 TechnologyInvalid Instructions in 64-Bit Mode (continued)MnemonicOpcode(hex)DescriptionCALL (far)9AProcedure Call Far (absolute)DAA27Decimal Adjust after AdditionDAS2FDecimal Adjust after SubtractionINTOCEInterrupt to Overflow VectorJMP (far)EAJump Far (absolute)LDSC5Load DS Segment RegisterLESC4Load ES Segment RegisterPOP DS1FPop Stack into DS SegmentPOP ES07Pop Stack into ES SegmentPOP SS17Pop Stack into SS SegmentPOPA, POPAD61Pop All to GPR Words or DoublewordsPUSH CS0EPush CS Segment Selector onto StackPUSH DS1EPush DS Segment Selector onto StackPUSH ES06Push ES Segment Selector onto StackPUSH SS16Push SS Segment Selector onto StackPUSHA,PUSHAD60Push All GPR Words or Doublewords ontoStackRedundant Grp1(undocumented)82Redundant encoding of group1 Eb,IbopcodesSALC(undocumented)D6Set AL According to CFTable 2-4.Invalid Instructions in Long ModeMnemonicOpcode(hex)DescriptionSYSENTER0F 34System CallSYSEXIT0F 35System ReturnTable 2-5 on page 36 lists the instructions that are no longer valid in 64-bit mode because theiropcodes have been reassigned.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
