Intel汇编指令集(Intel Assemble Instruction Set)
Intel 8086 Family Architecture
Instruction Clock Cycle Calculation
8088/8086 Effective Address (EA) Calculation
Task State Calculation
FLAGS - Intel 8086 Family Flags Register
MSW - Machine Status Word (286+ only)
8086/80186/80286/80386/80486 Instruction Set
AAA - Ascii Adjust for Addition
AAD - Ascii Adjust for Division
AAM - Ascii Adjust for Multiplication
AAS - Ascii Adjust for Subtraction
ADC - Add With Carry
ADD - Arithmetic Addition
AND - Logical And
ARPL - Adjusted Requested Privilege Level of Selector (286+ PM)
BOUND - Array Index Bound Check (80188+)
BSF - Bit Scan Forward (386+)
BSR - Bit Scan Reverse (386+)
BSWAP - Byte Swap (486+)
BT - Bit Test (386+)
BTC - Bit Test with Compliment (386+)
BTR - Bit Test with Reset (386+)
BTS - Bit Test and Set (386+)
CALL - Procedure Call
CBW - Convert Byte to Word
CDQ - Convert Double to Quad (386+)
CLC - Clear Carry
CLD - Clear Direction Flag
CLI - Clear Interrupt Flag (disable)
CLTS - Clear Task Switched Flag (286+ privileged)
CMC - Complement Carry Flag
CMP - Compare
CMPS - Compare String (Byte, Word or Doubleword)
CMPXCHG - Compare and Exchange
CWD - Convert Word to Doubleword
CWDE - Convert Word to Extended Doubleword (386+)
DAA - Decimal Adjust for Addition
DAS - Decimal Adjust for Subtraction
DEC - Decrement
DIV - Divide
ENTER - Make Stack Frame (80188+)
ESC - Escape
HLT - Halt CPU
IDIV - Signed Integer Division
IMUL - Signed Multiply
IN - Input Byte or Word From Port
INC - Increment
INS - Input String from Port (80188+)
INT - Interrupt
INTO - Interrupt on Overflow
INVD - Invalidate Cache (486+)
INVLPG - Invalidate Translation Look-Aside Buffer Entry (486+)
IRET/IRETD - Interrupt Return
Jxx - Jump Instructions Table
JCXZ/JECXZ - Jump if Register (E)CX is Zero
JMP - Unconditional Jump
LAHF - Load Register AH From Flags
LAR - Load Access Rights (286+ protected)
LDS - Load Pointer Using DS
LEA - Load Effective Address
LEAVE - Restore Stack for Procedure Exit (80188+)
LES - Load Pointer Using ES
LFS - Load Pointer Using FS (386+)
LGDT - Load Global Descriptor Table (286+ privileged)
LIDT - Load Interrupt Descriptor Table (286+ privileged)
LGS - Load Pointer Using GS (386+)
LLDT - Load Local Descriptor Table (286+ privileged)
LMSW - Load Machine Status Word (286+ privileged)
LOCK - Lock Bus
LODS - Load String (Byte, Word or Double)
LOOP - Decrement CX and Loop if CX Not Zero
LOOPE/LOOPZ - Loop While Equal / Loop While Zero
LOOPNZ/LOOPNE - Loop While Not Zero / Loop While Not Equal
LSL - Load Segment Limit (286+ protected)
LSS - Load Pointer Using SS (386+)
LTR - Load Task Register (286+ privileged)
MOV - Move Byte or Word
MOVS - Move String (Byte or Word)
MOVSX - Move with Sign Extend (386+)
MOVZX - Move with Zero Extend (386+)
MUL - Unsigned Multiply
NEG - Two's Complement Negation
NOP - No Operation (90h)
NOT - One's Compliment Negation (Logical NOT)
OR - Inclusive Logical OR
OUT - Output Data to Port
OUTS - Output String to Port (80188+)
POP - Pop Word off Stack
POPA/POPAD - Pop All Registers onto Stack (80188+)
POPF/POPFD - Pop Flags off Stack
PUSH - Push Word onto Stack
PUSHA/PUSHAD - Push All Registers onto Stack (80188+)
PUSHF/PUSHFD - Push Flags onto Stack
RCL - Rotate Through Carry Left
RCR - Rotate Through Carry Right
REP - Repeat String Operation
REPE/REPZ - Repeat Equal / Repeat Zero
REPNE/REPNZ - Repeat Not Equal / Repeat Not Zero
RET/RETF - Return From Procedure
ROL - Rotate Left
ROR - Rotate Right
SAHF - Store AH Register into FLAGS
SAL/SHL - Shift Arithmetic Left / Shift Logical Left
SAR - Shift Arithmetic Right
SBB - Subtract with Borrow/Carry
SCAS - Scan String (Byte, Word or Doubleword)
SETAE/SETNB - Set if Above or Equal / Set if Not Below (386+)
SETB/SETNAE - Set if Below / Set if Not Above or Equal (386+)
SETBE/SETNA - Set if Below or Equal / Set if Not Above (386+)
SETE/SETZ - Set if Equal / Set if Zero (386+)
SETNE/SETNZ - Set if Not Equal / Set if Not Zero (386+)
SETL/SETNGE - Set if Less / Set if Not Greater or Equal (386+)
SETGE/SETNL - Set if Greater or Equal / Set if Not Less (386+)
SETLE/SETNG - Set if Less or Equal / Set if Not greater or Equal (386+)
SETG/SETNLE - Set if Greater / Set if Not Less or Equal (386+)
SETS - Set if Signed (386+)
SETNS - Set if Not Signed (386+)
SETC - Set if Carry (386+)
SETNC - Set if Not Carry (386+)
SETO - Set if Overflow (386+)
SETNO - Set if Not Overflow (386+)
SETP/SETPE - Set if Parity / Set if Parity Even (386+)
SETNP/SETPO - Set if No Parity / Set if Parity Odd (386+)
SGDT - Store Global Descriptor Table (286+ privileged)
SIDT - Store Interrupt Descriptor Table (286+ privileged)
SHL - Shift Logical Left
SHR - Shift Logical Right
SHLD/SHRD - Double Precision Shift (386+)
SLDT - Store Local Descriptor Table (286+ privileged)
SMSW - Store Machine Status Word (286+ privileged)
STC - Set Carry
STD - Set Direction Flag
STI - Set Interrupt Flag (Enable Interrupts)
STOS - Store String (Byte, Word or Doubleword)
STR - Store Task Register (286+ privileged)
SUB - Subtract
TEST - Test For Bit Pattern
VERR - Verify Read (286+ protected)
VERW - Verify Write (286+ protected)
WAIT/FWAIT - Event Wait
WBINVD - Write-Back and Invalidate Cache (486+)
XCHG - Exchange
XLAT/XLATB - Translate
XOR - Exclusive OR
TEXT
Intel 8086 Family Architecture
General Purpose Registers Segment Registers
AH/AL AX (EAX) Accumulator CS Code Segment
BH/BL BX (EBX) Base DS Data Segment
CH/CL CX (ECX) Counter SS Stack Segment
DH/DL DX (EDX) Data ES Extra Segment
(FS) 386 and newer
(Exx) indicates 386+ 32 bit register (GS) 386 and newer
Pointer Registers Stack Registers
SI (ESI) Source Index SP (ESP) Stack Pointer
DI (EDI) Destination Index BP (EBP) Base Pointer
IP Instruction Pointer
Status Registers
FLAGS Status Flags (see FLAGS)
Special Registers (386+ only)
CR0 Control Register 0 DR0 Debug Register 0
CR2 Control Register 2 DR1 Debug Register 1
CR3 Control Register 3 DR2 Debug Register 2
DR3 Debug Register 3
TR4 Test Register 4 DR6 Debug Register 6
TR5 Test Register 5 DR7 Debug Register 7
TR6 Test Register 6
TR7 Test Register 7
Register Default Segment Valid Overrides
BP SS DS, ES, CS
SI or DI DS ES, SS, CS
DI strings ES None
SI strings DS ES, SS, CS
- see CPU DETECTING Instruction Timing
Instruction Clock Cycle Calculation
Some instructions require additional clock cycles due to a "Next
Instruction Component" identified by a "+m" in the instruction
clock cycle listings. This is due to the prefetch queue being
purge on a control transfers. Below is the general rule for
calculating "m":
88/86 not applicable
286 "m" is the number of bytes in the next instruction
386 "m" is the number of components in the next instruction
(the instruction coding (each byte), plus the data and
the displacement are all considered components)
8088/8086 Effective Address (EA) Calculation
Description Clock Cycles
Displacement 6
Base or Index (BX,BP,SI,DI) 5
Displacement+(Base or Index) 9
Base+Index (BP+DI,BX+SI) 7
Base+Index (BP+SI,BX+DI) 8
Base+Index+Displacement (BP+DI,BX+SI) 11
Base+Index+Displacement (BP+SI+disp,BX+DI+disp) 12
- add 4 cycles for word operands at odd addresses
- add 2 cycles for segment override
- 80188/80186 timings differ from those of the 8088/8086/80286
Task State Calculation
"TS" is defined as switching from VM/486 or 80286 TSS to one of
the following:
+---------------------------------------+
| New Task |
+-------+-------+-------+-------+-------+
+---------------+486 TSS|486 TSS|386 TSS|386 TSS|286 TSS|
| Old Task | (VM=0)| (VM=1)| (VM=0)| (VM=1)| |
+---------------+-------+-------+-------+-------+-------+
386 TSS (VM=0) | | | 309 | 226 | 282 |
+-------+-------+-------+-------+-------+
386 TSS (VM=1) | | | 314 | 231 | 287 |
+-------+-------+-------+-------+-------+
386 CPU/286 TSS | | | 307 | 224 | 280 |
+-------+-------+-------+-------+-------+
486 CPU/286 TSS | 199 | 177 | | | 180 |
+---------------------------------------+
Miscellaneous
- all timings are for best case and do not take into account wait
states, instruction alignment, the state of the prefetch queue,
DMA refresh cycles, cache hits/misses or exception processing.
- to convert clocks to nanoseconds divide one microsecond by the
processor speed in MegaHertz:
(1000MHz/(n MHz)) = X nanoseconds
- see 8086 Architecture
FLAGS - Intel 8086 Family Flags Register
|11|10|F|E|D|C|B|A|9|8|7|6|5|4|3|2|1|0|
| | | | | | | | | | | | | | | | | +--- CF Carry Flag
| | | | | | | | | | | | | | | | +--- 1
| | | | | | | | | | | | | | | +--- PF Parity Flag
| | | | | | | | | | | | | | +--- 0
| | | | | | | | | | | | | +--- AF Auxiliary Flag
| | | | | | | | | | | | +--- 0
| | | | | | | | | | | +--- ZF Zero Flag
| | | | | | | | | | +--- SF Sign Flag
| | | | | | | | | +--- TF Trap Flag (Single Step)
| | | | | | | | +--- IF Interrupt Flag
| | | | | | | +--- DF Direction Flag
| | | | | | +--- OF Overflow flag
| | | | +----- IOPL I/O Privilege Level (286+ only)
| | | +----- NT Nested Task Flag (286+ only)
| | +----- 0
| +----- RF Resume Flag (386+ only)
+------ VM Virtual Mode Flag (386+ only)
- see PUSHF POPF STI CLI STD CLD
MSW - Machine Status Word (286+ only)
|31|30-5|4|3|2|1|0| Machine Status Word
| | | | | | +---- Protection Enable (PE)
| | | | | +----- Math Present (MP)
| | | | +------ Emulation (EM)
| | | +------- Task Switched (TS)
| | +-------- Extension Type (ET)
| +---------- Reserved
+------------- Paging (PG)
Bit 0 PE Protection Enable, switches processor between
protected and real mode
Bit 1 MP Math Present, controls function of the WAIT
instruction
Bit 2 EM Emulation, indicates whether coprocessor functions
are to be emulated
Bit 3 TS Task Switched, set and interrogated by coprocessor
on task switches and when interpretting coprocessor
instructions
Bit 4 ET Extension Type, indicates type of coprocessor in
system
Bits 5-30 Reserved
bit 31 PG Paging, indicates whether the processor uses page
tables to translate linear addresses to physical
addresses
- see SMSW LMSW
8086/80186/80286/80386/80486 Instruction Set
AAA - Ascii Adjust for Addition
Usage: AAA
Modifies flags: AF CF (OF,PF,SF,ZF undefined)
Changes contents of AL to valid unpacked decimal. The high order
nibble is zeroed.
Clocks Size
Operands 808x 286 386 486 Bytes
none 8 3 4 3 1
AAD - Ascii Adjust for Division
Usage: AAD
Modifies flags: SF ZF PF (AF,CF,OF undefined)
Used before dividing unpacked decimal numbers. Multiplies AH by
10 and the adds result into AL. Sets AH to zero. This instruction
is also known to have an undocumented behavior.
AL := 10*AH+AL
AH := 0
Clocks Size
Operands 808x 286 386 486 Bytes
none 60 14 19 14 2
AAM - Ascii Adjust for Multiplication
Usage: AAM
Modifies flags: PF SF ZF (AF,CF,OF undefined)
AH := AL / 10
AL := AL mod 10
Used after multiplication of two unpacked decimal numbers, this
instruction adjusts an unpacked decimal number. The high order
nibble of each byte must be zeroed before using this instruction.
This instruction is also known to have an undocumented behavior.
Clocks Size
Operands 808x 286 386 486 Bytes
none 83 16 17 15 2
AAS - Ascii Adjust for Subtraction
Usage: AAS
Modifies flags: AF CF (OF,PF,SF,ZF undefined)
Corrects result of a previous unpacked decimal subtraction in AL.
High order nibble is zeroed.
Clocks Size
Operands 808x 286 386 486 Bytes
none 8 3 4 3 1
ADC - Add With Carry
Usage: ADC dest,src
Modifies flags: AF CF OF SF PF ZF
Sums two binary operands placing the result in the destination.
If CF is set, a 1 is added to the destination.
Clocks Size
Operands 808x 286 386 486 Bytes
reg,reg 3 2 2 1 2
mem,reg 16+EA 7 7 3 2-4 (W88=24+EA)
reg,mem 9+EA 7 6 2 2-4 (W88=13+EA)
reg,immed 4 3 2 1 3-4
mem,immed 17+EA 7 7 3 3-6 (W88=23+EA)
accum,immed 4 3 2 1 2-3
ADD - Arithmetic Addition
Usage: ADD dest,src
Modifies flags: AF CF OF PF SF ZF
Adds "src" to "dest" and replacing the original contents of "dest".
Both operands are binary.
Clocks Size
Operands 808x 286 386 486 Bytes
reg,reg 3 2 2 1 2
mem,reg 16+EA 7 7 3 2-4 (W88=24+EA)
reg,mem 9+EA 7 6 2 2-4 (W88=13+EA)
reg,immed 4 3 2 1 3-4
mem,immed 17+EA 7 7 3 3-6 (W88=23+EA)
accum,immed 4 3 2 1 2-3
AND - Logical And
Usage: AND dest,src
Modifies flags: CF OF PF SF ZF (AF undefined)
Performs a logical AND of the two operands replacing the destination
with the result.
Clocks Size
Operands 808x 286 386 486 Bytes
reg,reg 3 2 2 1 2
mem,reg 16+EA 7 7 3 2-4 (W88=24+EA)
reg,mem 9+EA 7 6 1 2-4 (W88=13+EA)
reg,immed 4 3 2 1 3-4
mem,immed 17+EA 7 7 3 3-6 (W88=23+EA)
accum,immed 4 3 2 1 2-3
ARPL - Adjusted Requested Privilege Level of Selector (286+ PM)
Usage: ARPL dest,src
(286+ protected mode)
Modifies flags: ZF
Compares the RPL bits of "dest" against "src". If the RPL bits
of "dest" are less than "src", the destination RPL bits are set
equal to the source RPL bits and the Zero Flag is set. Otherwise
the Zero Flag is cleared.
Clocks Size
Operands 808x 286 386 486 Bytes
reg,reg - 10 20 9 2
mem,reg - 11 21 9 4
BOUND - Array Index Bound Check (80188+)
Usage: BOUND src,limit
Modifies flags: None
Array index in source register is checked against upper and lower
bounds in memory source. The first word located at "limit" is
the lower boundary and the word at "limit+2" is the upper array bound.
Interrupt 5 occurs if the source value is less than or higher than
the source.
Clocks Size
Operands 808x 286 386 486 Bytes
reg16,mem32 - nj=13 nj=10 7 2
reg32,mem64 - nj=13 nj=10 7 2
- nj = no jump taken
BSF - Bit Scan Forward (386+)
Usage: BSF dest,src
Modifies flags: ZF
Scans source operand for first bit set. Sets ZF if a bit is found
set and loads the destination with an index to first set bit. Clears
ZF is no bits are found set. BSF scans forward across bit pattern
(0-n) while BSR scans in reverse (n-0).
Clocks Size
Operands 808x 286 386 486 Bytes
reg,reg - - 10+3n 6-42 3
reg,mem - - 10+3n 7-43 3-7
reg32,reg32 - - 10+3n 6-42 3-7
reg32,mem32 - - 10+3n 7-43 3-7