[thirdparty/binutils-gdb.git] / gas / doc / c-i386.texi

@c Copyright (C) 1991-2023 Free Software Foundation, Inc.
@c This is part of the GAS manual.
@c For copying conditions, see the file as.texinfo.
@c man end

@ifset GENERIC
@page
@node i386-Dependent
@chapter 80386 Dependent Features
@end ifset
@ifclear GENERIC
@node Machine Dependencies
@chapter 80386 Dependent Features
@end ifclear

@cindex i386 support
@cindex i80386 support
@cindex x86-64 support

The i386 version @code{@value{AS}} supports both the original Intel 386
architecture in both 16 and 32-bit mode as well as AMD x86-64 architecture
extending the Intel architecture to 64-bits.

@menu
* i386-Options::                Options
* i386-Directives::             X86 specific directives
* i386-Syntax::                 Syntactical considerations
* i386-Mnemonics::              Instruction Naming
* i386-Regs::                   Register Naming
* i386-Prefixes::               Instruction Prefixes
* i386-Memory::                 Memory References
* i386-Jumps::                  Handling of Jump Instructions
* i386-Float::                  Floating Point
* i386-SIMD::                   Intel's MMX and AMD's 3DNow! SIMD Operations
* i386-LWP::                    AMD's Lightweight Profiling Instructions
* i386-BMI::                    Bit Manipulation Instruction
* i386-TBM::                    AMD's Trailing Bit Manipulation Instructions
* i386-16bit::                  Writing 16-bit Code
* i386-Arch::                   Specifying an x86 CPU architecture
* i386-ISA::                    AMD64 ISA vs. Intel64 ISA
* i386-Bugs::                   AT&T Syntax bugs
* i386-Notes::                  Notes
@end menu

@node i386-Options
@section Options

@cindex options for i386
@cindex options for x86-64
@cindex i386 options
@cindex x86-64 options

The i386 version of @code{@value{AS}} has a few machine
dependent options:

@c man begin OPTIONS
@table @gcctabopt
@cindex @samp{--32} option, i386
@cindex @samp{--32} option, x86-64
@cindex @samp{--x32} option, i386
@cindex @samp{--x32} option, x86-64
@cindex @samp{--64} option, i386
@cindex @samp{--64} option, x86-64
@item --32 | --x32 | --64
Select the word size, either 32 bits or 64 bits.  @samp{--32}
implies Intel i386 architecture, while @samp{--x32} and @samp{--64}
imply AMD x86-64 architecture with 32-bit or 64-bit word-size
respectively.

These options are only available with the ELF object file format, and
require that the necessary BFD support has been included (on a 32-bit
platform you have to add --enable-64-bit-bfd to configure enable 64-bit
usage and use x86-64 as target platform).

@item -n
By default, x86 GAS replaces multiple nop instructions used for
alignment within code sections with multi-byte nop instructions such
as leal 0(%esi,1),%esi.  This switch disables the optimization if a single
byte nop (0x90) is explicitly specified as the fill byte for alignment.

@cindex @samp{--divide} option, i386
@item --divide
On SVR4-derived platforms, the character @samp{/} is treated as a comment
character, which means that it cannot be used in expressions.  The
@samp{--divide} option turns @samp{/} into a normal character.  This does
not disable @samp{/} at the beginning of a line starting a comment, or
affect using @samp{#} for starting a comment.

@cindex @samp{-march=} option, i386
@cindex @samp{-march=} option, x86-64
@item -march=@var{CPU}[+@var{EXTENSION}@dots{}]
This option specifies the target processor.  The assembler will
issue an error message if an attempt is made to assemble an instruction
which will not execute on the target processor.  The following
processor names are recognized:
@code{i8086},
@code{i186},
@code{i286},
@code{i386},
@code{i486},
@code{i586},
@code{i686},
@code{pentium},
@code{pentiumpro},
@code{pentiumii},
@code{pentiumiii},
@code{pentium4},
@code{prescott},
@code{nocona},
@code{core},
@code{core2},
@code{corei7},
@code{iamcu},
@code{k6},
@code{k6_2},
@code{athlon},
@code{opteron},
@code{k8},
@code{amdfam10},
@code{bdver1},
@code{bdver2},
@code{bdver3},
@code{bdver4},
@code{znver1},
@code{znver2},
@code{znver3},
@code{znver4},
@code{btver1},
@code{btver2},
@code{generic32} and
@code{generic64}.

In addition to the basic instruction set, the assembler can be told to
accept various extension mnemonics.  For example,
@code{-march=i686+sse4+vmx} extends @var{i686} with @var{sse4} and
@var{vmx}.  The following extensions are currently supported:
@code{8087},
@code{287},
@code{387},
@code{687},
@code{cmov},
@code{fxsr},
@code{mmx},
@code{sse},
@code{sse2},
@code{sse3},
@code{sse4a},
@code{ssse3},
@code{sse4.1},
@code{sse4.2},
@code{sse4},
@code{avx},
@code{avx2},
@code{lahf_sahf},
@code{monitor},
@code{adx},
@code{rdseed},
@code{prfchw},
@code{smap},
@code{mpx},
@code{sha},
@code{rdpid},
@code{ptwrite},
@code{cet},
@code{gfni},
@code{vaes},
@code{vpclmulqdq},
@code{prefetchwt1},
@code{clflushopt},
@code{se1},
@code{clwb},
@code{movdiri},
@code{movdir64b},
@code{enqcmd},
@code{serialize},
@code{tsxldtrk},
@code{kl},
@code{widekl},
@code{hreset},
@code{avx512f},
@code{avx512cd},
@code{avx512er},
@code{avx512pf},
@code{avx512vl},
@code{avx512bw},
@code{avx512dq},
@code{avx512ifma},
@code{avx512vbmi},
@code{avx512_4fmaps},
@code{avx512_4vnniw},
@code{avx512_vpopcntdq},
@code{avx512_vbmi2},
@code{avx512_vnni},
@code{avx512_bitalg},
@code{avx512_vp2intersect},
@code{tdx},
@code{avx512_bf16},
@code{avx_vnni},
@code{avx512_fp16},
@code{prefetchi},
@code{avx_ifma},
@code{avx_vnni_int8},
@code{cmpccxadd},
@code{wrmsrns},
@code{msrlist},
@code{avx_ne_convert},
@code{rao_int},
@code{fred},
@code{lkgs},
@code{avx_vnni_int16},
@code{sha512},
@code{sm3},
@code{sm4},
@code{pbndkb},
@code{amx_int8},
@code{amx_bf16},
@code{amx_fp16},
@code{amx_complex},
@code{amx_tile},
@code{vmx},
@code{vmfunc},
@code{smx},
@code{xsave},
@code{xsaveopt},
@code{xsavec},
@code{xsaves},
@code{aes},
@code{pclmul},
@code{fsgsbase},
@code{rdrnd},
@code{f16c},
@code{bmi2},
@code{fma},
@code{movbe},
@code{ept},
@code{lzcnt},
@code{popcnt},
@code{hle},
@code{rtm},
@code{tsx},
@code{invpcid},
@code{clflush},
@code{mwaitx},
@code{clzero},
@code{wbnoinvd},
@code{pconfig},
@code{waitpkg},
@code{uintr},
@code{cldemote},
@code{rdpru},
@code{mcommit},
@code{sev_es},
@code{lwp},
@code{fma4},
@code{xop},
@code{cx16},
@code{syscall},
@code{rdtscp},
@code{3dnow},
@code{3dnowa},
@code{sse4a},
@code{sse5},
@code{snp},
@code{invlpgb},
@code{tlbsync},
@code{svme} and
@code{padlock}.
Note that these extension mnemonics can be prefixed with @code{no} to revoke
the respective (and any dependent) functionality.

When the @code{.arch} directive is used with @option{-march}, the
@code{.arch} directive will take precedent.

@cindex @samp{-mtune=} option, i386
@cindex @samp{-mtune=} option, x86-64
@item -mtune=@var{CPU}
This option specifies a processor to optimize for. When used in
conjunction with the @option{-march} option, only instructions
of the processor specified by the @option{-march} option will be
generated.

Valid @var{CPU} values are identical to the processor list of
@option{-march=@var{CPU}}.

@cindex @samp{-msse2avx} option, i386
@cindex @samp{-msse2avx} option, x86-64
@item -msse2avx
This option specifies that the assembler should encode SSE instructions
with VEX prefix.

@cindex @samp{-muse-unaligned-vector-move} option, i386
@cindex @samp{-muse-unaligned-vector-move} option, x86-64
@item -muse-unaligned-vector-move
This option specifies that the assembler should encode aligned vector
move as unaligned vector move.

@cindex @samp{-msse-check=} option, i386
@cindex @samp{-msse-check=} option, x86-64
@item -msse-check=@var{none}
@itemx -msse-check=@var{warning}
@itemx -msse-check=@var{error}
These options control if the assembler should check SSE instructions.
@option{-msse-check=@var{none}} will make the assembler not to check SSE
instructions,  which is the default.  @option{-msse-check=@var{warning}}
will make the assembler issue a warning for any SSE instruction.
@option{-msse-check=@var{error}} will make the assembler issue an error
for any SSE instruction.

@cindex @samp{-mavxscalar=} option, i386
@cindex @samp{-mavxscalar=} option, x86-64
@item -mavxscalar=@var{128}
@itemx -mavxscalar=@var{256}
These options control how the assembler should encode scalar AVX
instructions.  @option{-mavxscalar=@var{128}} will encode scalar
AVX instructions with 128bit vector length, which is the default.
@option{-mavxscalar=@var{256}} will encode scalar AVX instructions
with 256bit vector length.

WARNING: Don't use this for production code - due to CPU errata the
resulting code may not work on certain models.

@cindex @samp{-mvexwig=} option, i386
@cindex @samp{-mvexwig=} option, x86-64
@item -mvexwig=@var{0}
@itemx -mvexwig=@var{1}
These options control how the assembler should encode VEX.W-ignored (WIG)
VEX instructions.  @option{-mvexwig=@var{0}} will encode WIG VEX
instructions with vex.w = 0, which is the default.
@option{-mvexwig=@var{1}} will encode WIG EVEX instructions with
vex.w = 1.

WARNING: Don't use this for production code - due to CPU errata the
resulting code may not work on certain models.

@cindex @samp{-mevexlig=} option, i386
@cindex @samp{-mevexlig=} option, x86-64
@item -mevexlig=@var{128}
@itemx -mevexlig=@var{256}
@itemx -mevexlig=@var{512}
These options control how the assembler should encode length-ignored
(LIG) EVEX instructions.  @option{-mevexlig=@var{128}} will encode LIG
EVEX instructions with 128bit vector length, which is the default.
@option{-mevexlig=@var{256}} and @option{-mevexlig=@var{512}} will
encode LIG EVEX instructions with 256bit and 512bit vector length,
respectively.

@cindex @samp{-mevexwig=} option, i386
@cindex @samp{-mevexwig=} option, x86-64
@item -mevexwig=@var{0}
@itemx -mevexwig=@var{1}
These options control how the assembler should encode w-ignored (WIG)
EVEX instructions.  @option{-mevexwig=@var{0}} will encode WIG
EVEX instructions with evex.w = 0, which is the default.
@option{-mevexwig=@var{1}} will encode WIG EVEX instructions with
evex.w = 1.

@cindex @samp{-mmnemonic=} option, i386
@cindex @samp{-mmnemonic=} option, x86-64
@item -mmnemonic=@var{att}
@itemx -mmnemonic=@var{intel}
This option specifies instruction mnemonic for matching instructions.
The @code{.att_mnemonic} and @code{.intel_mnemonic} directives will
take precedent.

@cindex @samp{-msyntax=} option, i386
@cindex @samp{-msyntax=} option, x86-64
@item -msyntax=@var{att}
@itemx -msyntax=@var{intel}
This option specifies instruction syntax when processing instructions.
The @code{.att_syntax} and @code{.intel_syntax} directives will
take precedent.

@cindex @samp{-mnaked-reg} option, i386
@cindex @samp{-mnaked-reg} option, x86-64
@item -mnaked-reg
This option specifies that registers don't require a @samp{%} prefix.
The @code{.att_syntax} and @code{.intel_syntax} directives will take precedent.

@cindex @samp{-madd-bnd-prefix} option, i386
@cindex @samp{-madd-bnd-prefix} option, x86-64
@item -madd-bnd-prefix
This option forces the assembler to add BND prefix to all branches, even
if such prefix was not explicitly specified in the source code.

@cindex @samp{-mshared} option, i386
@cindex @samp{-mshared} option, x86-64
@item -mno-shared
On ELF target, the assembler normally optimizes out non-PLT relocations
against defined non-weak global branch targets with default visibility.
The @samp{-mshared} option tells the assembler to generate code which
may go into a shared library where all non-weak global branch targets
with default visibility can be preempted.  The resulting code is
slightly bigger.  This option only affects the handling of branch
instructions.

@cindex @samp{-mbig-obj} option, i386
@cindex @samp{-mbig-obj} option, x86-64
@item -mbig-obj
On PE/COFF target this option forces the use of big object file
format, which allows more than 32768 sections.

@cindex @samp{-momit-lock-prefix=} option, i386
@cindex @samp{-momit-lock-prefix=} option, x86-64
@item -momit-lock-prefix=@var{no}
@itemx -momit-lock-prefix=@var{yes}
These options control how the assembler should encode lock prefix.
This option is intended as a workaround for processors, that fail on
lock prefix. This option can only be safely used with single-core,
single-thread computers
@option{-momit-lock-prefix=@var{yes}} will omit all lock prefixes.
@option{-momit-lock-prefix=@var{no}} will encode lock prefix as usual,
which is the default.

@cindex @samp{-mfence-as-lock-add=} option, i386
@cindex @samp{-mfence-as-lock-add=} option, x86-64
@item -mfence-as-lock-add=@var{no}
@itemx -mfence-as-lock-add=@var{yes}
These options control how the assembler should encode lfence, mfence and
sfence.
@option{-mfence-as-lock-add=@var{yes}} will encode lfence, mfence and
sfence as @samp{lock addl $0x0, (%rsp)} in 64-bit mode and
@samp{lock addl $0x0, (%esp)} in 32-bit mode.
@option{-mfence-as-lock-add=@var{no}} will encode lfence, mfence and
sfence as usual, which is the default.

@cindex @samp{-mrelax-relocations=} option, i386
@cindex @samp{-mrelax-relocations=} option, x86-64
@item -mrelax-relocations=@var{no}
@itemx -mrelax-relocations=@var{yes}
These options control whether the assembler should generate relax
relocations, R_386_GOT32X, in 32-bit mode, or R_X86_64_GOTPCRELX and
R_X86_64_REX_GOTPCRELX, in 64-bit mode.
@option{-mrelax-relocations=@var{yes}} will generate relax relocations.
@option{-mrelax-relocations=@var{no}} will not generate relax
relocations.  The default can be controlled by a configure option
@option{--enable-x86-relax-relocations}.

@cindex @samp{-malign-branch-boundary=} option, i386
@cindex @samp{-malign-branch-boundary=} option, x86-64
@item -malign-branch-boundary=@var{NUM}
This option controls how the assembler should align branches with segment
prefixes or NOP.  @var{NUM} must be a power of 2.  It should be 0 or
no less than 16.  Branches will be aligned within @var{NUM} byte
boundary.  @option{-malign-branch-boundary=0}, which is the default,
doesn't align branches.

@cindex @samp{-malign-branch=} option, i386
@cindex @samp{-malign-branch=} option, x86-64
@item -malign-branch=@var{TYPE}[+@var{TYPE}...]
This option specifies types of branches to align. @var{TYPE} is
combination of @samp{jcc}, which aligns conditional jumps,
@samp{fused}, which aligns fused conditional jumps, @samp{jmp},
which aligns unconditional jumps, @samp{call} which aligns calls,
@samp{ret}, which aligns rets, @samp{indirect}, which aligns indirect
jumps and calls.  The default is @option{-malign-branch=jcc+fused+jmp}.

@cindex @samp{-malign-branch-prefix-size=} option, i386
@cindex @samp{-malign-branch-prefix-size=} option, x86-64
@item -malign-branch-prefix-size=@var{NUM}
This option specifies the maximum number of prefixes on an instruction
to align branches.  @var{NUM} should be between 0 and 5.  The default
@var{NUM} is 5.

@cindex @samp{-mbranches-within-32B-boundaries} option, i386
@cindex @samp{-mbranches-within-32B-boundaries} option, x86-64
@item -mbranches-within-32B-boundaries
This option aligns conditional jumps, fused conditional jumps and
unconditional jumps within 32 byte boundary with up to 5 segment prefixes
on an instruction.  It is equivalent to
@option{-malign-branch-boundary=32}
@option{-malign-branch=jcc+fused+jmp}
@option{-malign-branch-prefix-size=5}.
The default doesn't align branches.

@cindex @samp{-mlfence-after-load=} option, i386
@cindex @samp{-mlfence-after-load=} option, x86-64
@item -mlfence-after-load=@var{no}
@itemx -mlfence-after-load=@var{yes}
These options control whether the assembler should generate lfence
after load instructions.  @option{-mlfence-after-load=@var{yes}} will
generate lfence.  @option{-mlfence-after-load=@var{no}} will not generate
lfence, which is the default.

@cindex @samp{-mlfence-before-indirect-branch=} option, i386
@cindex @samp{-mlfence-before-indirect-branch=} option, x86-64
@item -mlfence-before-indirect-branch=@var{none}
@item -mlfence-before-indirect-branch=@var{all}
@item -mlfence-before-indirect-branch=@var{register}
@itemx -mlfence-before-indirect-branch=@var{memory}
These options control whether the assembler should generate lfence
before indirect near branch instructions.
@option{-mlfence-before-indirect-branch=@var{all}} will generate lfence
before indirect near branch via register and issue a warning before
indirect near branch via memory.
It also implicitly sets @option{-mlfence-before-ret=@var{shl}} when
there's no explicit @option{-mlfence-before-ret=}.
@option{-mlfence-before-indirect-branch=@var{register}} will generate
lfence before indirect near branch via register.
@option{-mlfence-before-indirect-branch=@var{memory}} will issue a
warning before indirect near branch via memory.
@option{-mlfence-before-indirect-branch=@var{none}} will not generate
lfence nor issue warning, which is the default.  Note that lfence won't
be generated before indirect near branch via register with
@option{-mlfence-after-load=@var{yes}} since lfence will be generated
after loading branch target register.

@cindex @samp{-mlfence-before-ret=} option, i386
@cindex @samp{-mlfence-before-ret=} option, x86-64
@item -mlfence-before-ret=@var{none}
@item -mlfence-before-ret=@var{shl}
@item -mlfence-before-ret=@var{or}
@item -mlfence-before-ret=@var{yes}
@itemx -mlfence-before-ret=@var{not}
These options control whether the assembler should generate lfence
before ret.  @option{-mlfence-before-ret=@var{or}} will generate
generate or instruction with lfence.
@option{-mlfence-before-ret=@var{shl/yes}} will generate shl instruction
with lfence. @option{-mlfence-before-ret=@var{not}} will generate not
instruction with lfence. @option{-mlfence-before-ret=@var{none}} will not
generate lfence, which is the default.

@cindex @samp{-mx86-used-note=} option, i386
@cindex @samp{-mx86-used-note=} option, x86-64
@item -mx86-used-note=@var{no}
@itemx -mx86-used-note=@var{yes}
These options control whether the assembler should generate
GNU_PROPERTY_X86_ISA_1_USED and GNU_PROPERTY_X86_FEATURE_2_USED
GNU property notes.  The default can be controlled by the
@option{--enable-x86-used-note} configure option.

@cindex @samp{-mevexrcig=} option, i386
@cindex @samp{-mevexrcig=} option, x86-64
@item -mevexrcig=@var{rne}
@itemx -mevexrcig=@var{rd}
@itemx -mevexrcig=@var{ru}
@itemx -mevexrcig=@var{rz}
These options control how the assembler should encode SAE-only
EVEX instructions.  @option{-mevexrcig=@var{rne}} will encode RC bits
of EVEX instruction with 00, which is the default.
@option{-mevexrcig=@var{rd}}, @option{-mevexrcig=@var{ru}}
and @option{-mevexrcig=@var{rz}} will encode SAE-only EVEX instructions
with 01, 10 and 11 RC bits, respectively.

@cindex @samp{-mamd64} option, x86-64
@cindex @samp{-mintel64} option, x86-64
@item -mamd64
@itemx -mintel64
This option specifies that the assembler should accept only AMD64 or
Intel64 ISA in 64-bit mode.  The default is to accept common, Intel64
only and AMD64 ISAs.

@cindex @samp{-O0} option, i386
@cindex @samp{-O0} option, x86-64
@cindex @samp{-O} option, i386
@cindex @samp{-O} option, x86-64
@cindex @samp{-O1} option, i386
@cindex @samp{-O1} option, x86-64
@cindex @samp{-O2} option, i386
@cindex @samp{-O2} option, x86-64
@cindex @samp{-Os} option, i386
@cindex @samp{-Os} option, x86-64
@item -O0 | -O | -O1 | -O2 | -Os
Optimize instruction encoding with smaller instruction size.  @samp{-O}
and @samp{-O1} encode 64-bit register load instructions with 64-bit
immediate as 32-bit register load instructions with 31-bit or 32-bits
immediates, encode 64-bit register clearing instructions with 32-bit
register clearing instructions, encode 256-bit/512-bit VEX/EVEX vector
register clearing instructions with 128-bit VEX vector register
clearing instructions, encode 128-bit/256-bit EVEX vector
register load/store instructions with VEX vector register load/store
instructions, and encode 128-bit/256-bit EVEX packed integer logical
instructions with 128-bit/256-bit VEX packed integer logical.

@samp{-O2} includes @samp{-O1} optimization plus encodes
256-bit/512-bit EVEX vector register clearing instructions with 128-bit
EVEX vector register clearing instructions.  In 64-bit mode VEX encoded
instructions with commutative source operands will also have their
source operands swapped if this allows using the 2-byte VEX prefix form
instead of the 3-byte one.  Certain forms of AND as well as OR with the
same (register) operand specified twice will also be changed to TEST.

@samp{-Os} includes @samp{-O2} optimization plus encodes 16-bit, 32-bit
and 64-bit register tests with immediate as 8-bit register test with
immediate.  @samp{-O0} turns off this optimization.

@end table
@c man end

@node i386-Directives
@section x86 specific Directives

@cindex machine directives, x86
@cindex x86 machine directives
@table @code

@cindex @code{lcomm} directive, COFF
@item .lcomm @var{symbol} , @var{length}[, @var{alignment}]
Reserve @var{length} (an absolute expression) bytes for a local common
denoted by @var{symbol}.  The section and value of @var{symbol} are
those of the new local common.  The addresses are allocated in the bss
section, so that at run-time the bytes start off zeroed.  Since
@var{symbol} is not declared global, it is normally not visible to
@code{@value{LD}}.  The optional third parameter, @var{alignment},
specifies the desired alignment of the symbol in the bss section.

This directive is only available for COFF based x86 targets.

@cindex @code{largecomm} directive, ELF
@item .largecomm @var{symbol} , @var{length}[, @var{alignment}]
This directive behaves in the same way as the @code{comm} directive
except that the data is placed into the @var{.lbss} section instead of
the @var{.bss} section @ref{Comm}.

The directive is intended to be used for data which requires a large
amount of space, and it is only available for ELF based x86_64
targets.

@cindex @code{value} directive
@item .value @var{expression} [, @var{expression}]
This directive behaves in the same way as the @code{.short} directive,
taking a series of comma separated expressions and storing them as
two-byte wide values into the current section.

@cindex @code{insn} directive
@item .insn [@var{prefix}[,...]] [@var{encoding}] @var{major-opcode}[@code{+r}|@code{/@var{extension}}] [,@var{operand}[,...]]
This directive allows composing instructions which @code{@value{AS}}
may not know about yet, or which it has no way of expressing (which
can be the case for certain alternative encodings).  It assumes certain
basic structure in how operands are encoded, and it also only
recognizes - with a few extensions as per below - operands otherwise
valid for instructions.  Therefore there is no guarantee that
everything can be expressed (e.g. the original Intel Xeon Phi's MVEX
encodings cannot be expressed).

@itemize @bullet
@item
@var{prefix} expresses one or more opcode prefixes in the usual way.
Legacy encoding prefixes altering meaning (0x66, 0xF2, 0xF3) may be
specified as high byte of <major-opcode> (perhaps already including an
encoding space prefix).  Note that there can only be one such prefix.
Segment overrides are better specified in the respective memory
operand, as long as there is one.

@item
@var{encoding} is used to specify VEX, XOP, or EVEX encodings. The
syntax tries to resemble that used in documentation:
@itemize @bullet
@item @code{VEX}[@code{.@var{len}}][@code{.@var{prefix}}][@code{.@var{space}}][@code{.@var{w}}]
@item @code{EVEX}[@code{.@var{len}}][@code{.@var{prefix}}][@code{.@var{space}}][@code{.@var{w}}]
@item @code{XOP}@var{space}[@code{.@var{len}}][@code{.@var{prefix}}][@code{.@var{w}}]
@end itemize

Here
@itemize @bullet
@item @var{len} can be @code{LIG}, @code{128}, @code{256}, or (EVEX
only) @code{512} as well as @code{L0} / @code{L1} for VEX / XOP and
@code{L0}...@code{L3} for EVEX
@item @var{prefix} can be @code{NP}, @code{66}, @code{F3}, or @code{F2}
@item @var{space} can be
@itemize @bullet
@item @code{0f}, @code{0f38}, @code{0f3a}, or @code{M0}...@code{M31}
for VEX
@item @code{08}...@code{1f} for XOP
@item @code{0f}, @code{0f38}, @code{0f3a}, or @code{M0}...@code{M15}
for EVEX
@end itemize
@item @var{w} can be @code{WIG}, @code{W0}, or @code{W1}
@end itemize

Defaults:
@itemize @bullet
@item Omitted @var{len} means "infer from operand size" if there is at
least one sized vector operand, or @code{LIG} otherwise. (Obviously
@var{len} has to be omitted when there's EVEX rounding control
specified later in the operands.)
@item Omitted @var{prefix} means @code{NP}.
@item Omitted @var{space} (VEX/EVEX only) implies encoding space is
taken from @var{major-opcode}.
@item Omitted @var{w} means "infer from GPR operand size" in 64-bit
code if there is at least one GPR(-like) operand, or @code{WIG}
otherwise.
@end itemize

@item
@var{major-opcode} is an absolute expression specifying the instruction
opcode.  Legacy encoding prefixes altering encoding space (0x0f,
0x0f38, 0x0f3a) have to be specified as high byte(s) here.
"Degenerate" ModR/M bytes, as present in e.g. certain FPU opcodes or
sub-spaces like that of major opcode 0x0f01, generally want encoding as
immediate operand (such opcodes wouldn't normally have non-immediate
operands); in some cases it may be possible to also encode these as low
byte of the major opcode, but there are potential ambiguities.  Also
note that after stripping encoding prefixes, the residual has to fit in
two bytes (16 bits).  @code{+r} can be suffixed to the major opcode
expression to specify register-only encoding forms not using a ModR/M
byte.  @code{/@var{extension}} can alternatively be suffixed to the
major opcode expression to specify an extension opcode, encoded in bits
3-5 of the ModR/M byte.

@item
@var{operand} is an instruction operand expressed the usual way.
Register operands are primarily used to express register numbers as
encoded in ModR/M byte and REX/VEX/XOP/EVEX prefixes.  In certain
cases the register type (really: size) is also used to derive other
encoding attributes, if these aren't specified explicitly.  Note that
there is no consistency checking among operands, so entirely bogus
mixes of operands are possible.  Note further that only operands
actually encoded in the instruction should be specified.  Operands like
@samp{%cl} in shift/rotate instructions have to be omitted, or else
they'll be encoded as an ordinary (register) operand.  Operand order
may also not match that of the actual instruction (see below).
@end itemize

Encoding of operands: While for a memory operand (of which there can be
only one) it is clear how to encode it in the resulting ModR/M byte,
register operands are encoded strictly in this order (operand counts do
not include immediate ones in the enumeration below, and if there was an
extension opcode specified it counts as a register operand; VEX.vvvv
is meant to cover XOP and EVEX as well):

@itemize @bullet
@item VEX.vvvv for 1-register-operand VEX/XOP/EVEX insns,
@item ModR/M.rm, ModR/M.reg for 2-operand insns,
@item ModR/M.rm, VEX.vvvv, ModR/M.reg for 3-operand insns, and
@item Imm@{4,5@}, ModR/M.rm, VEX.vvvv, ModR/M.reg for 4-operand insns,
@end itemize

obviously with the ModR/M.rm slot skipped when there is a memory
operand, and obviously with the ModR/M.reg slot skipped when there is
an extension opcode.  For Intel syntax of course the opposite order
applies.  With @code{+r} (and hence no ModR/M) there can only be a
single register operand for legacy encodings.  VEX and alike can have
two register operands, where the second (first in Intel syntax) would
go into VEX.vvvv.

Immediate operands (including immediate-like displacements, i.e. when
not part of ModR/M addressing) are emitted in the order specified,
regardless of AT&T or Intel syntax.  Since it may not be possible to
infer the size of such immediates, they can be suffixed by
@code{@{:s@var{n}@}} or @code{@{:u@var{n}@}}, representing signed /
unsigned immediates of the given number of bits respectively.  When
emitting such operands, the number of bits will be rounded up to the
smallest suitable of 8, 16, 32, or 64.  Immediates wider than 32 bits
are permitted in 64-bit code only.

For EVEX encoding memory operands with a displacement need to know
Disp8 scaling size in order to use an 8-bit displacement.  For many
instructions this can be inferred from the types of other operands
specified.  In Intel syntax @samp{DWORD PTR} and alike can be used to
specify the respective size.  In AT&T syntax the memory operands can
be suffixed by @code{@{:d@var{n}@}} to specify the size (in bytes).
This can be combined with an embedded broadcast specifier:
@samp{8(%eax)@{1to8:d8@}}.

@c FIXME: Document other x86 specific directives ?  Eg: .code16gcc,

@end table

@node i386-Syntax
@section i386 Syntactical Considerations
@menu
* i386-Variations::           AT&T Syntax versus Intel Syntax
* i386-Chars::                Special Characters
@end menu

@node i386-Variations
@subsection AT&T Syntax versus Intel Syntax

@cindex i386 intel_syntax pseudo op
@cindex intel_syntax pseudo op, i386
@cindex i386 att_syntax pseudo op
@cindex att_syntax pseudo op, i386
@cindex i386 syntax compatibility
@cindex syntax compatibility, i386
@cindex x86-64 intel_syntax pseudo op
@cindex intel_syntax pseudo op, x86-64
@cindex x86-64 att_syntax pseudo op
@cindex att_syntax pseudo op, x86-64
@cindex x86-64 syntax compatibility
@cindex syntax compatibility, x86-64

@code{@value{AS}} now supports assembly using Intel assembler syntax.
@code{.intel_syntax} selects Intel mode, and @code{.att_syntax} switches
back to the usual AT&T mode for compatibility with the output of
@code{@value{GCC}}.  Either of these directives may have an optional
argument, @code{prefix}, or @code{noprefix} specifying whether registers
require a @samp{%} prefix.  AT&T System V/386 assembler syntax is quite
different from Intel syntax.  We mention these differences because
almost all 80386 documents use Intel syntax.  Notable differences
between the two syntaxes are:

@cindex immediate operands, i386
@cindex i386 immediate operands
@cindex register operands, i386
@cindex i386 register operands
@cindex jump/call operands, i386
@cindex i386 jump/call operands
@cindex operand delimiters, i386

@cindex immediate operands, x86-64
@cindex x86-64 immediate operands
@cindex register operands, x86-64
@cindex x86-64 register operands
@cindex jump/call operands, x86-64
@cindex x86-64 jump/call operands
@cindex operand delimiters, x86-64
@itemize @bullet
@item
AT&T immediate operands are preceded by @samp{$}; Intel immediate
operands are undelimited (Intel @samp{push 4} is AT&T @samp{pushl $4}).
AT&T register operands are preceded by @samp{%}; Intel register operands
are undelimited.  AT&T absolute (as opposed to PC relative) jump/call
operands are prefixed by @samp{*}; they are undelimited in Intel syntax.

@cindex i386 source, destination operands
@cindex source, destination operands; i386
@cindex x86-64 source, destination operands
@cindex source, destination operands; x86-64
@item
AT&T and Intel syntax use the opposite order for source and destination
operands.  Intel @samp{add eax, 4} is @samp{addl $4, %eax}.  The
@samp{source, dest} convention is maintained for compatibility with
previous Unix assemblers.  Note that @samp{bound}, @samp{invlpga}, and
instructions with 2 immediate operands, such as the @samp{enter}
instruction, do @emph{not} have reversed order.  @ref{i386-Bugs}.

@cindex mnemonic suffixes, i386
@cindex sizes operands, i386
@cindex i386 size suffixes
@cindex mnemonic suffixes, x86-64
@cindex sizes operands, x86-64
@cindex x86-64 size suffixes
@item
In AT&T syntax the size of memory operands is determined from the last
character of the instruction mnemonic.  Mnemonic suffixes of @samp{b},
@samp{w}, @samp{l} and @samp{q} specify byte (8-bit), word (16-bit), long
(32-bit) and quadruple word (64-bit) memory references.  Mnemonic suffixes
of @samp{x}, @samp{y} and @samp{z} specify xmm (128-bit vector), ymm
(256-bit vector) and zmm (512-bit vector) memory references, only when there's
no other way to disambiguate an instruction.  Intel syntax accomplishes this by
prefixing memory operands (@emph{not} the instruction mnemonics) with
@samp{byte ptr}, @samp{word ptr}, @samp{dword ptr}, @samp{qword ptr},
@samp{xmmword ptr}, @samp{ymmword ptr} and @samp{zmmword ptr}.  Thus, Intel
syntax @samp{mov al, byte ptr @var{foo}} is @samp{movb @var{foo}, %al} in AT&T
syntax.  In Intel syntax, @samp{fword ptr}, @samp{tbyte ptr} and
@samp{oword ptr} specify 48-bit, 80-bit and 128-bit memory references.

In 64-bit code, @samp{movabs} can be used to encode the @samp{mov}
instruction with the 64-bit displacement or immediate operand.

@cindex return instructions, i386
@cindex i386 jump, call, return
@cindex return instructions, x86-64
@cindex x86-64 jump, call, return
@item
Immediate form long jumps and calls are
@samp{lcall/ljmp $@var{section}, $@var{offset}} in AT&T syntax; the
Intel syntax is
@samp{call/jmp far @var{section}:@var{offset}}.  Also, the far return
instruction
is @samp{lret $@var{stack-adjust}} in AT&T syntax; Intel syntax is
@samp{ret far @var{stack-adjust}}.

@cindex sections, i386
@cindex i386 sections
@cindex sections, x86-64
@cindex x86-64 sections
@item
The AT&T assembler does not provide support for multiple section
programs.  Unix style systems expect all programs to be single sections.
@end itemize

@node i386-Chars
@subsection Special Characters

@cindex line comment character, i386
@cindex i386 line comment character
The presence of a @samp{#} appearing anywhere on a line indicates the
start of a comment that extends to the end of that line.

If a @samp{#} appears as the first character of a line then the whole
line is treated as a comment, but in this case the line can also be a
logical line number directive (@pxref{Comments}) or a preprocessor
control command (@pxref{Preprocessing}).

If the @option{--divide} command-line option has not been specified
then the @samp{/} character appearing anywhere on a line also
introduces a line comment.

@cindex line separator, i386
@cindex statement separator, i386
@cindex i386 line separator
The @samp{;} character can be used to separate statements on the same
line.

@node i386-Mnemonics
@section i386-Mnemonics
@subsection Instruction Naming

@cindex i386 instruction naming
@cindex instruction naming, i386
@cindex x86-64 instruction naming
@cindex instruction naming, x86-64

Instruction mnemonics are suffixed with one character modifiers which
specify the size of operands.  The letters @samp{b}, @samp{w}, @samp{l}
and @samp{q} specify byte, word, long and quadruple word operands.  If
no suffix is specified by an instruction then @code{@value{AS}} tries to
fill in the missing suffix based on the destination register operand
(the last one by convention).  Thus, @samp{mov %ax, %bx} is equivalent
to @samp{movw %ax, %bx}; also, @samp{mov $1, %bx} is equivalent to
@samp{movw $1, bx}.  Note that this is incompatible with the AT&T Unix
assembler which assumes that a missing mnemonic suffix implies long
operand size.  (This incompatibility does not affect compiler output
since compilers always explicitly specify the mnemonic suffix.)

When there is no sizing suffix and no (suitable) register operands to
deduce the size of memory operands, with a few exceptions and where long
operand size is possible in the first place, operand size will default
to long in 32- and 64-bit modes.  Similarly it will default to short in
16-bit mode. Noteworthy exceptions are

@itemize @bullet
@item
Instructions with an implicit on-stack operand as well as branches,
which default to quad in 64-bit mode.

@item
Sign- and zero-extending moves, which default to byte size source
operands.

@item
Floating point insns with integer operands, which default to short (for
perhaps historical reasons).

@item
CRC32 with a 64-bit destination, which defaults to a quad source
operand.

@end itemize

@cindex encoding options, i386
@cindex encoding options, x86-64

Different encoding options can be specified via pseudo prefixes:

@itemize @bullet
@item
@samp{@{disp8@}} -- prefer 8-bit displacement.

@item
@samp{@{disp32@}} -- prefer 32-bit displacement.

@item
@samp{@{disp16@}} -- prefer 16-bit displacement.

@item
@samp{@{load@}} -- prefer load-form instruction.

@item
@samp{@{store@}} -- prefer store-form instruction.

@item
@samp{@{vex@}} --  encode with VEX prefix.

@item
@samp{@{vex3@}} -- encode with 3-byte VEX prefix.

@item
@samp{@{evex@}} --  encode with EVEX prefix.

@item
@samp{@{rex@}} -- prefer REX prefix for integer and legacy vector
instructions (x86-64 only).  Note that this differs from the @samp{rex}
prefix which generates REX prefix unconditionally.

@item
@samp{@{nooptimize@}} -- disable instruction size optimization.
@end itemize

Mnemonics of Intel VNNI/IFMA instructions are encoded with the EVEX prefix
by default.  The pseudo @samp{@{vex@}} prefix can be used to encode
mnemonics of Intel VNNI/IFMA instructions with the VEX prefix.

@cindex conversion instructions, i386
@cindex i386 conversion instructions
@cindex conversion instructions, x86-64
@cindex x86-64 conversion instructions
The Intel-syntax conversion instructions

@itemize @bullet
@item
@samp{cbw} --- sign-extend byte in @samp{%al} to word in @samp{%ax},

@item
@samp{cwde} --- sign-extend word in @samp{%ax} to long in @samp{%eax},

@item
@samp{cwd} --- sign-extend word in @samp{%ax} to long in @samp{%dx:%ax},

@item
@samp{cdq} --- sign-extend dword in @samp{%eax} to quad in @samp{%edx:%eax},

@item
@samp{cdqe} --- sign-extend dword in @samp{%eax} to quad in @samp{%rax}
(x86-64 only),

@item
@samp{cqo} --- sign-extend quad in @samp{%rax} to octuple in
@samp{%rdx:%rax} (x86-64 only),
@end itemize

@noindent
are called @samp{cbtw}, @samp{cwtl}, @samp{cwtd}, @samp{cltd}, @samp{cltq}, and
@samp{cqto} in AT&T naming.  @code{@value{AS}} accepts either naming for these
instructions.

@cindex extension instructions, i386
@cindex i386 extension instructions
@cindex extension instructions, x86-64
@cindex x86-64 extension instructions
The Intel-syntax extension instructions

@itemize @bullet
@item
@samp{movsx} --- sign-extend @samp{reg8/mem8} to @samp{reg16}.

@item
@samp{movsx} --- sign-extend @samp{reg8/mem8} to @samp{reg32}.

@item
@samp{movsx} --- sign-extend @samp{reg8/mem8} to @samp{reg64}
(x86-64 only).

@item
@samp{movsx} --- sign-extend @samp{reg16/mem16} to @samp{reg32}

@item
@samp{movsx} --- sign-extend @samp{reg16/mem16} to @samp{reg64}
(x86-64 only).

@item
@samp{movsxd} --- sign-extend @samp{reg32/mem32} to @samp{reg64}
(x86-64 only).

@item
@samp{movzx} --- zero-extend @samp{reg8/mem8} to @samp{reg16}.

@item
@samp{movzx} --- zero-extend @samp{reg8/mem8} to @samp{reg32}.

@item
@samp{movzx} --- zero-extend @samp{reg8/mem8} to @samp{reg64}
(x86-64 only).

@item
@samp{movzx} --- zero-extend @samp{reg16/mem16} to @samp{reg32}

@item
@samp{movzx} --- zero-extend @samp{reg16/mem16} to @samp{reg64}
(x86-64 only).
@end itemize

@noindent
are called @samp{movsbw/movsxb/movsx}, @samp{movsbl/movsxb/movsx},
@samp{movsbq/movsxb/movsx}, @samp{movswl/movsxw}, @samp{movswq/movsxw},
@samp{movslq/movsxl}, @samp{movzbw/movzxb/movzx},
@samp{movzbl/movzxb/movzx}, @samp{movzbq/movzxb/movzx},
@samp{movzwl/movzxw} and @samp{movzwq/movzxw} in AT&T syntax.

@cindex jump instructions, i386
@cindex call instructions, i386
@cindex jump instructions, x86-64
@cindex call instructions, x86-64
Far call/jump instructions are @samp{lcall} and @samp{ljmp} in
AT&T syntax, but are @samp{call far} and @samp{jump far} in Intel
convention.

@subsection AT&T Mnemonic versus Intel Mnemonic

@cindex i386 mnemonic compatibility
@cindex mnemonic compatibility, i386

@code{@value{AS}} supports assembly using Intel mnemonic.
@code{.intel_mnemonic} selects Intel mnemonic with Intel syntax, and
@code{.att_mnemonic} switches back to the usual AT&T mnemonic with AT&T
syntax for compatibility with the output of @code{@value{GCC}}.
Several x87 instructions, @samp{fadd}, @samp{fdiv}, @samp{fdivp},
@samp{fdivr}, @samp{fdivrp}, @samp{fmul}, @samp{fsub}, @samp{fsubp},
@samp{fsubr} and @samp{fsubrp},  are implemented in AT&T System V/386
assembler with different mnemonics from those in Intel IA32 specification.
@code{@value{GCC}} generates those instructions with AT&T mnemonic.

@itemize @bullet
@item @samp{movslq} with AT&T mnemonic only accepts 64-bit destination
register.  @samp{movsxd} should be used to encode 16-bit or 32-bit
destination register with both AT&T and Intel mnemonics.
@end itemize

@node i386-Regs
@section Register Naming

@cindex i386 registers
@cindex registers, i386
@cindex x86-64 registers
@cindex registers, x86-64
Register operands are always prefixed with @samp{%}.  The 80386 registers
consist of

@itemize @bullet
@item
the 8 32-bit registers @samp{%eax} (the accumulator), @samp{%ebx},
@samp{%ecx}, @samp{%edx}, @samp{%edi}, @samp{%esi}, @samp{%ebp} (the
frame pointer), and @samp{%esp} (the stack pointer).

@item
the 8 16-bit low-ends of these: @samp{%ax}, @samp{%bx}, @samp{%cx},
@samp{%dx}, @samp{%di}, @samp{%si}, @samp{%bp}, and @samp{%sp}.

@item
the 8 8-bit registers: @samp{%ah}, @samp{%al}, @samp{%bh},
@samp{%bl}, @samp{%ch}, @samp{%cl}, @samp{%dh}, and @samp{%dl} (These
are the high-bytes and low-bytes of @samp{%ax}, @samp{%bx},
@samp{%cx}, and @samp{%dx})

@item
the 6 section registers @samp{%cs} (code section), @samp{%ds}
(data section), @samp{%ss} (stack section), @samp{%es}, @samp{%fs},
and @samp{%gs}.

@item
the 5 processor control registers @samp{%cr0}, @samp{%cr2},
@samp{%cr3}, @samp{%cr4}, and @samp{%cr8}.

@item
the 6 debug registers @samp{%db0}, @samp{%db1}, @samp{%db2},
@samp{%db3}, @samp{%db6}, and @samp{%db7}.

@item
the 2 test registers @samp{%tr6} and @samp{%tr7}.

@item
the 8 floating point register stack @samp{%st} or equivalently
@samp{%st(0)}, @samp{%st(1)}, @samp{%st(2)}, @samp{%st(3)},
@samp{%st(4)}, @samp{%st(5)}, @samp{%st(6)}, and @samp{%st(7)}.
These registers are overloaded by 8 MMX registers @samp{%mm0},
@samp{%mm1}, @samp{%mm2}, @samp{%mm3}, @samp{%mm4}, @samp{%mm5},
@samp{%mm6} and @samp{%mm7}.

@item
the 8 128-bit SSE registers registers @samp{%xmm0}, @samp{%xmm1}, @samp{%xmm2},
@samp{%xmm3}, @samp{%xmm4}, @samp{%xmm5}, @samp{%xmm6} and @samp{%xmm7}.
@end itemize

The AMD x86-64 architecture extends the register set by:

@itemize @bullet
@item
enhancing the 8 32-bit registers to 64-bit: @samp{%rax} (the
accumulator), @samp{%rbx}, @samp{%rcx}, @samp{%rdx}, @samp{%rdi},
@samp{%rsi}, @samp{%rbp} (the frame pointer), @samp{%rsp} (the stack
pointer)

@item
the 8 extended registers @samp{%r8}--@samp{%r15}.

@item
the 8 32-bit low ends of the extended registers: @samp{%r8d}--@samp{%r15d}.

@item
the 8 16-bit low ends of the extended registers: @samp{%r8w}--@samp{%r15w}.

@item
the 8 8-bit low ends of the extended registers: @samp{%r8b}--@samp{%r15b}.

@item
the 4 8-bit registers: @samp{%sil}, @samp{%dil}, @samp{%bpl}, @samp{%spl}.

@item
the 8 debug registers: @samp{%db8}--@samp{%db15}.

@item
the 8 128-bit SSE registers: @samp{%xmm8}--@samp{%xmm15}.
@end itemize

With the AVX extensions more registers were made available:

@itemize @bullet

@item
the 16 256-bit SSE @samp{%ymm0}--@samp{%ymm15} (only the first 8
available in 32-bit mode).  The bottom 128 bits are overlaid with the
@samp{xmm0}--@samp{xmm15} registers.

@end itemize

The AVX512 extensions added the following registers:

@itemize @bullet

@item
the 32 512-bit registers @samp{%zmm0}--@samp{%zmm31} (only the first 8
available in 32-bit mode).  The bottom 128 bits are overlaid with the
@samp{%xmm0}--@samp{%xmm31} registers and the first 256 bits are
overlaid with the @samp{%ymm0}--@samp{%ymm31} registers.

@item
the 8 mask registers @samp{%k0}--@samp{%k7}.

@end itemize

@node i386-Prefixes
@section Instruction Prefixes

@cindex i386 instruction prefixes
@cindex instruction prefixes, i386
@cindex prefixes, i386
Instruction prefixes are used to modify the following instruction.  They
are used to repeat string instructions, to provide section overrides, to
perform bus lock operations, and to change operand and address sizes.
(Most instructions that normally operate on 32-bit operands will use
16-bit operands if the instruction has an ``operand size'' prefix.)
Instruction prefixes are best written on the same line as the instruction
they act upon. For example, the @samp{scas} (scan string) instruction is
repeated with:

@smallexample
        repne scas %es:(%edi),%al
@end smallexample

You may also place prefixes on the lines immediately preceding the
instruction, but this circumvents checks that @code{@value{AS}} does
with prefixes, and will not work with all prefixes.

Here is a list of instruction prefixes:

@cindex section override prefixes, i386
@itemize @bullet
@item
Section override prefixes @samp{cs}, @samp{ds}, @samp{ss}, @samp{es},
@samp{fs}, @samp{gs}.  These are automatically added by specifying
using the @var{section}:@var{memory-operand} form for memory references.

@cindex size prefixes, i386
@item
Operand/Address size prefixes @samp{data16} and @samp{addr16}
change 32-bit operands/addresses into 16-bit operands/addresses,
while @samp{data32} and @samp{addr32} change 16-bit ones (in a
@code{.code16} section) into 32-bit operands/addresses.  These prefixes
@emph{must} appear on the same line of code as the instruction they
modify. For example, in a 16-bit @code{.code16} section, you might
write:

@smallexample
        addr32 jmpl *(%ebx)
@end smallexample

@cindex bus lock prefixes, i386
@cindex inhibiting interrupts, i386
@item
The bus lock prefix @samp{lock} inhibits interrupts during execution of
the instruction it precedes.  (This is only valid with certain
instructions; see a 80386 manual for details).

@cindex coprocessor wait, i386
@item
The wait for coprocessor prefix @samp{wait} waits for the coprocessor to
complete the current instruction.  This should never be needed for the
80386/80387 combination.

@cindex repeat prefixes, i386
@item
The @samp{rep}, @samp{repe}, and @samp{repne} prefixes are added
to string instructions to make them repeat @samp{%ecx} times (@samp{%cx}
times if the current address size is 16-bits).
@cindex REX prefixes, i386
@item
The @samp{rex} family of prefixes is used by x86-64 to encode
extensions to i386 instruction set.  The @samp{rex} prefix has four
bits --- an operand size overwrite (@code{64}) used to change operand size
from 32-bit to 64-bit and X, Y and Z extensions bits used to extend the
register set.

You may write the @samp{rex} prefixes directly. The @samp{rex64xyz}
instruction emits @samp{rex} prefix with all the bits set.  By omitting
the @code{64}, @code{x}, @code{y} or @code{z} you may write other
prefixes as well.  Normally, there is no need to write the prefixes
explicitly, since gas will automatically generate them based on the
instruction operands.
@end itemize

@node i386-Memory
@section Memory References

@cindex i386 memory references
@cindex memory references, i386
@cindex x86-64 memory references
@cindex memory references, x86-64
An Intel syntax indirect memory reference of the form

@smallexample
@var{section}:[@var{base} + @var{index}*@var{scale} + @var{disp}]
@end smallexample

@noindent
is translated into the AT&T syntax

@smallexample
@var{section}:@var{disp}(@var{base}, @var{index}, @var{scale})
@end smallexample

@noindent
where @var{base} and @var{index} are the optional 32-bit base and
index registers, @var{disp} is the optional displacement, and
@var{scale}, taking the values 1, 2, 4, and 8, multiplies @var{index}
to calculate the address of the operand.  If no @var{scale} is
specified, @var{scale} is taken to be 1.  @var{section} specifies the
optional section register for the memory operand, and may override the
default section register (see a 80386 manual for section register
defaults). Note that section overrides in AT&T syntax @emph{must}
be preceded by a @samp{%}.  If you specify a section override which
coincides with the default section register, @code{@value{AS}} does @emph{not}
output any section register override prefixes to assemble the given
instruction.  Thus, section overrides can be specified to emphasize which
section register is used for a given memory operand.

Here are some examples of Intel and AT&T style memory references:

@table @asis
@item AT&T: @samp{-4(%ebp)}, Intel:  @samp{[ebp - 4]}
@var{base} is @samp{%ebp}; @var{disp} is @samp{-4}. @var{section} is
missing, and the default section is used (@samp{%ss} for addressing with
@samp{%ebp} as the base register).  @var{index}, @var{scale} are both missing.

@item AT&T: @samp{foo(,%eax,4)}, Intel: @samp{[foo + eax*4]}
@var{index} is @samp{%eax} (scaled by a @var{scale} 4); @var{disp} is
@samp{foo}.  All other fields are missing.  The section register here
defaults to @samp{%ds}.

@item AT&T: @samp{foo(,1)}; Intel @samp{[foo]}
This uses the value pointed to by @samp{foo} as a memory operand.
Note that @var{base} and @var{index} are both missing, but there is only
@emph{one} @samp{,}.  This is a syntactic exception.

@item AT&T: @samp{%gs:foo}; Intel @samp{gs:foo}
This selects the contents of the variable @samp{foo} with section
register @var{section} being @samp{%gs}.
@end table

Absolute (as opposed to PC relative) call and jump operands must be
prefixed with @samp{*}.  If no @samp{*} is specified, @code{@value{AS}}
always chooses PC relative addressing for jump/call labels.

Any instruction that has a memory operand, but no register operand,
@emph{must} specify its size (byte, word, long, or quadruple) with an
instruction mnemonic suffix (@samp{b}, @samp{w}, @samp{l} or @samp{q},
respectively).

The x86-64 architecture adds an RIP (instruction pointer relative)
addressing.  This addressing mode is specified by using @samp{rip} as a
base register.  Only constant offsets are valid. For example:

@table @asis
@item AT&T: @samp{1234(%rip)}, Intel: @samp{[rip + 1234]}
Points to the address 1234 bytes past the end of the current
instruction.

@item AT&T: @samp{symbol(%rip)}, Intel: @samp{[rip + symbol]}
Points to the @code{symbol} in RIP relative way, this is shorter than
the default absolute addressing.
@end table

Other addressing modes remain unchanged in x86-64 architecture, except
registers used are 64-bit instead of 32-bit.

@node i386-Jumps
@section Handling of Jump Instructions

@cindex jump optimization, i386
@cindex i386 jump optimization
@cindex jump optimization, x86-64
@cindex x86-64 jump optimization
Jump instructions are always optimized to use the smallest possible
displacements.  This is accomplished by using byte (8-bit) displacement
jumps whenever the target is sufficiently close.  If a byte displacement
is insufficient a long displacement is used.  We do not support
word (16-bit) displacement jumps in 32-bit mode (i.e. prefixing the jump
instruction with the @samp{data16} instruction prefix), since the 80386
insists upon masking @samp{%eip} to 16 bits after the word displacement
is added. (See also @pxref{i386-Arch})

Note that the @samp{jcxz}, @samp{jecxz}, @samp{loop}, @samp{loopz},
@samp{loope}, @samp{loopnz} and @samp{loopne} instructions only come in byte
displacements, so that if you use these instructions (@code{@value{GCC}} does
not use them) you may get an error message (and incorrect code).  The AT&T
80386 assembler tries to get around this problem by expanding @samp{jcxz foo}
to

@smallexample
         jcxz cx_zero
         jmp cx_nonzero
cx_zero: jmp foo
cx_nonzero:
@end smallexample

@node i386-Float
@section Floating Point

@cindex i386 floating point
@cindex floating point, i386
@cindex x86-64 floating point
@cindex floating point, x86-64
All 80387 floating point types except packed BCD are supported.
(BCD support may be added without much difficulty).  These data
types are 16-, 32-, and 64- bit integers, and single (32-bit),
double (64-bit), and extended (80-bit) precision floating point.
Each supported type has an instruction mnemonic suffix and a constructor
associated with it.  Instruction mnemonic suffixes specify the operand's
data type.  Constructors build these data types into memory.

@cindex @code{float} directive, i386
@cindex @code{single} directive, i386
@cindex @code{double} directive, i386
@cindex @code{tfloat} directive, i386
@cindex @code{hfloat} directive, i386
@cindex @code{bfloat16} directive, i386
@cindex @code{float} directive, x86-64
@cindex @code{single} directive, x86-64
@cindex @code{double} directive, x86-64
@cindex @code{tfloat} directive, x86-64
@cindex @code{hfloat} directive, x86-64
@cindex @code{bfloat16} directive, x86-64
@itemize @bullet
@item
Floating point constructors are @samp{.float} or @samp{.single},
@samp{.double}, @samp{.tfloat}, @samp{.hfloat}, and @samp{.bfloat16} for 32-,
64-, 80-, and 16-bit (two flavors) formats respectively.  The former three
correspond to instruction mnemonic suffixes @samp{s}, @samp{l}, and @samp{t}.
@samp{t} stands for 80-bit (ten byte) real.  The 80387 only supports this
format via the @samp{fldt} (load 80-bit real to stack top) and @samp{fstpt}
(store 80-bit real and pop stack) instructions.

@cindex @code{word} directive, i386
@cindex @code{long} directive, i386
@cindex @code{int} directive, i386
@cindex @code{quad} directive, i386
@cindex @code{word} directive, x86-64
@cindex @code{long} directive, x86-64
@cindex @code{int} directive, x86-64
@cindex @code{quad} directive, x86-64
@item
Integer constructors are @samp{.word}, @samp{.long} or @samp{.int}, and
@samp{.quad} for the 16-, 32-, and 64-bit integer formats.  The
corresponding instruction mnemonic suffixes are @samp{s} (short),
@samp{l} (long), and @samp{q} (quad).  As with the 80-bit real format,
the 64-bit @samp{q} format is only present in the @samp{fildq} (load
quad integer to stack top) and @samp{fistpq} (store quad integer and pop
stack) instructions.
@end itemize

Register to register operations should not use instruction mnemonic suffixes.
@samp{fstl %st, %st(1)} will give a warning, and be assembled as if you
wrote @samp{fst %st, %st(1)}, since all register to register operations
use 80-bit floating point operands. (Contrast this with @samp{fstl %st, mem},
which converts @samp{%st} from 80-bit to 64-bit floating point format,
then stores the result in the 4 byte location @samp{mem})

@node i386-SIMD
@section Intel's MMX and AMD's 3DNow! SIMD Operations

@cindex MMX, i386
@cindex 3DNow!, i386
@cindex SIMD, i386
@cindex MMX, x86-64
@cindex 3DNow!, x86-64
@cindex SIMD, x86-64

@code{@value{AS}} supports Intel's MMX instruction set (SIMD
instructions for integer data), available on Intel's Pentium MMX
processors and Pentium II processors, AMD's K6 and K6-2 processors,
Cyrix' M2 processor, and probably others.  It also supports AMD's 3DNow!@:
instruction set (SIMD instructions for 32-bit floating point data)
available on AMD's K6-2 processor and possibly others in the future.

Currently, @code{@value{AS}} does not support Intel's floating point
SIMD, Katmai (KNI).

The eight 64-bit MMX operands, also used by 3DNow!, are called @samp{%mm0},
@samp{%mm1}, ... @samp{%mm7}.  They contain eight 8-bit integers, four
16-bit integers, two 32-bit integers, one 64-bit integer, or two 32-bit
floating point values.  The MMX registers cannot be used at the same time
as the floating point stack.

See Intel and AMD documentation, keeping in mind that the operand order in
instructions is reversed from the Intel syntax.

@node i386-LWP
@section AMD's Lightweight Profiling Instructions

@cindex LWP, i386
@cindex LWP, x86-64

@code{@value{AS}} supports AMD's Lightweight Profiling (LWP)
instruction set, available on AMD's Family 15h (Orochi) processors.

LWP enables applications to collect and manage performance data, and
react to performance events.  The collection of performance data
requires no context switches.  LWP runs in the context of a thread and
so several counters can be used independently across multiple threads.
LWP can be used in both 64-bit and legacy 32-bit modes.

For detailed information on the LWP instruction set, see the
@cite{AMD Lightweight Profiling Specification} available at
@uref{http://developer.amd.com/cpu/LWP,Lightweight Profiling Specification}.

@node i386-BMI
@section Bit Manipulation Instructions

@cindex BMI, i386
@cindex BMI, x86-64

@code{@value{AS}} supports the Bit Manipulation (BMI) instruction set.

BMI instructions provide several instructions implementing individual
bit manipulation operations such as isolation, masking, setting, or
resetting.

@c Need to add a specification citation here when available.

@node i386-TBM
@section AMD's Trailing Bit Manipulation Instructions

@cindex TBM, i386
@cindex TBM, x86-64

@code{@value{AS}} supports AMD's Trailing Bit Manipulation (TBM)
instruction set, available on AMD's BDVER2 processors (Trinity and
Viperfish).

TBM instructions provide instructions implementing individual bit
manipulation operations such as isolating, masking, setting, resetting,
complementing, and operations on trailing zeros and ones.

@c Need to add a specification citation here when available.

@node i386-16bit
@section Writing 16-bit Code

@cindex i386 16-bit code
@cindex 16-bit code, i386
@cindex real-mode code, i386
@cindex @code{code16gcc} directive, i386
@cindex @code{code16} directive, i386
@cindex @code{code32} directive, i386
@cindex @code{code64} directive, i386
@cindex @code{code64} directive, x86-64
While @code{@value{AS}} normally writes only ``pure'' 32-bit i386 code
or 64-bit x86-64 code depending on the default configuration,
it also supports writing code to run in real mode or in 16-bit protected
mode code segments.  To do this, put a @samp{.code16} or
@samp{.code16gcc} directive before the assembly language instructions to
be run in 16-bit mode.  You can switch @code{@value{AS}} to writing
32-bit code with the @samp{.code32} directive or 64-bit code with the
@samp{.code64} directive.

@samp{.code16gcc} provides experimental support for generating 16-bit
code from gcc, and differs from @samp{.code16} in that @samp{call},
@samp{ret}, @samp{enter}, @samp{leave}, @samp{push}, @samp{pop},
@samp{pusha}, @samp{popa}, @samp{pushf}, and @samp{popf} instructions
default to 32-bit size.  This is so that the stack pointer is
manipulated in the same way over function calls, allowing access to
function parameters at the same stack offsets as in 32-bit mode.
@samp{.code16gcc} also automatically adds address size prefixes where
necessary to use the 32-bit addressing modes that gcc generates.

The code which @code{@value{AS}} generates in 16-bit mode will not
necessarily run on a 16-bit pre-80386 processor.  To write code that
runs on such a processor, you must refrain from using @emph{any} 32-bit
constructs which require @code{@value{AS}} to output address or operand
size prefixes.

Note that writing 16-bit code instructions by explicitly specifying a
prefix or an instruction mnemonic suffix within a 32-bit code section
generates different machine instructions than those generated for a
16-bit code segment.  In a 32-bit code section, the following code
generates the machine opcode bytes @samp{66 6a 04}, which pushes the
value @samp{4} onto the stack, decrementing @samp{%esp} by 2.

@smallexample
        pushw $4
@end smallexample

The same code in a 16-bit code section would generate the machine
opcode bytes @samp{6a 04} (i.e., without the operand size prefix), which
is correct since the processor default operand size is assumed to be 16
bits in a 16-bit code section.

@node i386-Arch
@section Specifying CPU Architecture

@cindex arch directive, i386
@cindex i386 arch directive
@cindex arch directive, x86-64
@cindex x86-64 arch directive

@code{@value{AS}} may be told to assemble for a particular CPU
(sub-)architecture with the @code{.arch @var{cpu_type}} directive.  This
directive enables a warning when gas detects an instruction that is not
supported on the CPU specified.  The choices for @var{cpu_type} are:

@multitable @columnfractions .20 .20 .20 .20
@item @samp{default} @tab @samp{push} @tab @samp{pop}
@item @samp{i8086} @tab @samp{i186} @tab @samp{i286} @tab @samp{i386}
@item @samp{i486} @tab @samp{i586} @tab @samp{i686} @tab @samp{pentium}
@item @samp{pentiumpro} @tab @samp{pentiumii} @tab @samp{pentiumiii} @tab @samp{pentium4}
@item @samp{prescott} @tab @samp{nocona} @tab @samp{core} @tab @samp{core2}
@item @samp{corei7} @tab @samp{iamcu}
@item @samp{k6} @tab @samp{k6_2} @tab @samp{athlon} @tab @samp{k8}
@item @samp{amdfam10} @tab @samp{bdver1} @tab @samp{bdver2} @tab @samp{bdver3}
@item @samp{bdver4} @tab @samp{znver1} @tab @samp{znver2} @tab @samp{znver3}
@item @samp{znver4} @tab @samp{btver1} @tab @samp{btver2} @tab @samp{generic32}
@item @samp{generic64} @tab @samp{.cmov} @tab @samp{.fxsr} @tab @samp{.mmx}
@item @samp{.sse} @tab @samp{.sse2} @tab @samp{.sse3} @tab @samp{.sse4a}
@item @samp{.ssse3} @tab @samp{.sse4.1} @tab @samp{.sse4.2} @tab @samp{.sse4}
@item @samp{.avx} @tab @samp{.vmx} @tab @samp{.smx} @tab @samp{.ept}
@item @samp{.clflush} @tab @samp{.movbe} @tab @samp{.xsave} @tab @samp{.xsaveopt}
@item @samp{.aes} @tab @samp{.pclmul} @tab @samp{.fma} @tab @samp{.fsgsbase}
@item @samp{.rdrnd} @tab @samp{.f16c} @tab @samp{.avx2} @tab @samp{.bmi2}
@item @samp{.lzcnt} @tab @samp{.popcnt} @tab @samp{.invpcid} @tab @samp{.vmfunc}
@item @samp{.monitor} @tab @samp{.hle} @tab @samp{.rtm} @tab @samp{.tsx}
@item @samp{.lahf_sahf} @tab @samp{.adx} @tab @samp{.rdseed} @tab @samp{.prfchw}
@item @samp{.smap} @tab @samp{.mpx} @tab @samp{.sha} @tab @samp{.prefetchwt1}
@item @samp{.clflushopt} @tab @samp{.xsavec} @tab @samp{.xsaves} @tab @samp{.se1}
@item @samp{.avx512f} @tab @samp{.avx512cd} @tab @samp{.avx512er} @tab @samp{.avx512pf}
@item @samp{.avx512vl} @tab @samp{.avx512bw} @tab @samp{.avx512dq} @tab @samp{.avx512ifma}
@item @samp{.avx512vbmi} @tab @samp{.avx512_4fmaps} @tab @samp{.avx512_4vnniw}
@item @samp{.avx512_vpopcntdq} @tab @samp{.avx512_vbmi2} @tab @samp{.avx512_vnni}
@item @samp{.avx512_bitalg} @tab @samp{.avx512_bf16} @tab @samp{.avx512_vp2intersect}
@item @samp{.tdx} @tab @samp{.avx_vnni}  @tab @samp{.avx512_fp16}
@item @samp{.clwb} @tab @samp{.rdpid} @tab @samp{.ptwrite} @tab @samp{.ibt}
@item @samp{.prefetchi} @tab @samp{.avx_ifma} @tab @samp{.avx_vnni_int8}
@item @samp{.cmpccxadd} @tab @samp{.wrmsrns} @tab @samp{.msrlist}
@item @samp{.avx_ne_convert} @tab @samp{.rao_int} @tab @samp{.fred} @tab @samp{.lkgs}
@item @samp{.avx_vnni_int16} @tab @samp{.sha512} @tab @samp{.sm3} @tab @samp{.sm4}
@item @samp{.pbndkb}
@item @samp{.wbnoinvd} @tab @samp{.pconfig} @tab @samp{.waitpkg} @tab @samp{.cldemote}
@item @samp{.shstk} @tab @samp{.gfni} @tab @samp{.vaes} @tab @samp{.vpclmulqdq}
@item @samp{.movdiri} @tab @samp{.movdir64b} @tab @samp{.enqcmd} @tab @samp{.tsxldtrk}
@item @samp{.amx_int8} @tab @samp{.amx_bf16} @tab @samp{.amx_fp16}
@item @samp{.amx_complex} @tab @samp{.amx_tile}
@item @samp{.kl} @tab @samp{.widekl} @tab @samp{.uintr} @tab @samp{.hreset}
@item @samp{.3dnow} @tab @samp{.3dnowa} @tab @samp{.sse4a} @tab @samp{.sse5}
@item @samp{.syscall} @tab @samp{.rdtscp} @tab @samp{.svme}
@item @samp{.lwp} @tab @samp{.fma4} @tab @samp{.xop} @tab @samp{.cx16}
@item @samp{.padlock} @tab @samp{.clzero} @tab @samp{.mwaitx} @tab @samp{.rdpru}
@item @samp{.mcommit} @tab @samp{.sev_es} @tab @samp{.snp} @tab @samp{.invlpgb}
@item @samp{.tlbsync}
@end multitable

Apart from the warning, there are only two other effects on
@code{@value{AS}} operation;  Firstly, if you specify a CPU other than
@samp{i486}, then shift by one instructions such as @samp{sarl $1, %eax}
will automatically use a two byte opcode sequence.  The larger three
byte opcode sequence is used on the 486 (and when no architecture is
specified) because it executes faster on the 486.  Note that you can
explicitly request the two byte opcode by writing @samp{sarl %eax}.
Secondly, if you specify @samp{i8086}, @samp{i186}, or @samp{i286},
@emph{and} @samp{.code16} or @samp{.code16gcc} then byte offset
conditional jumps will be promoted when necessary to a two instruction
sequence consisting of a conditional jump of the opposite sense around
an unconditional jump to the target.

Note that the sub-architecture specifiers (starting with a dot) can be prefixed
with @code{no} to revoke the respective (and any dependent) functionality.

Following the CPU architecture (but not a sub-architecture, which are those
starting with a dot), you may specify @samp{jumps} or @samp{nojumps} to
control automatic promotion of conditional jumps. @samp{jumps} is the
default, and enables jump promotion;  All external jumps will be of the long
variety, and file-local jumps will be promoted as necessary.
(@pxref{i386-Jumps})  @samp{nojumps} leaves external conditional jumps as
byte offset jumps, and warns about file-local conditional jumps that
@code{@value{AS}} promotes.
Unconditional jumps are treated as for @samp{jumps}.

For example

@smallexample
 .arch i8086,nojumps
@end smallexample

@node i386-ISA
@section AMD64 ISA vs. Intel64 ISA

There are some discrepancies between AMD64 and Intel64 ISAs.

@itemize @bullet
@item For @samp{movsxd} with 16-bit destination register, AMD64
supports 32-bit source operand and Intel64 supports 16-bit source
operand.

@item For far branches (with explicit memory operand), both ISAs support
32- and 16-bit operand size.  Intel64 additionally supports 64-bit
operand size, encoded as @samp{ljmpq} and @samp{lcallq} in AT&T syntax
and with an explicit @samp{tbyte ptr} operand size specifier in Intel
syntax.

@item @samp{lfs}, @samp{lgs}, and @samp{lss} similarly allow for 16-
and 32-bit operand size (32- and 48-bit memory operand) in both ISAs,
while Intel64 additionally supports 64-bit operand sise (80-bit memory
operands).

@end itemize

@node i386-Bugs
@section AT&T Syntax bugs

The UnixWare assembler, and probably other AT&T derived ix86 Unix
assemblers, generate floating point instructions with reversed source
and destination registers in certain cases.  Unfortunately, gcc and
possibly many other programs use this reversed syntax, so we're stuck
with it.

For example

@smallexample
        fsub %st,%st(3)
@end smallexample
@noindent
results in @samp{%st(3)} being updated to @samp{%st - %st(3)} rather
than the expected @samp{%st(3) - %st}.  This happens with all the
non-commutative arithmetic floating point operations with two register
operands where the source register is @samp{%st} and the destination
register is @samp{%st(i)}.

@node i386-Notes
@section Notes

@cindex i386 @code{mul}, @code{imul} instructions
@cindex @code{mul} instruction, i386
@cindex @code{imul} instruction, i386
@cindex @code{mul} instruction, x86-64
@cindex @code{imul} instruction, x86-64
There is some trickery concerning the @samp{mul} and @samp{imul}
instructions that deserves mention.  The 16-, 32-, 64- and 128-bit expanding
multiplies (base opcode @samp{0xf6}; extension 4 for @samp{mul} and 5
for @samp{imul}) can be output only in the one operand form.  Thus,
@samp{imul %ebx, %eax} does @emph{not} select the expanding multiply;
the expanding multiply would clobber the @samp{%edx} register, and this
would confuse @code{@value{GCC}} output.  Use @samp{imul %ebx} to get the
64-bit product in @samp{%edx:%eax}.

We have added a two operand form of @samp{imul} when the first operand
is an immediate mode expression and the second operand is a register.
This is just a shorthand, so that, multiplying @samp{%eax} by 69, for
example, can be done with @samp{imul $69, %eax} rather than @samp{imul
$69, %eax, %eax}.