OPCODES LIST Release 55 Last change 28sep97 ------------------ OPCODE.LST ---------------------------- This is DOC 'bout undocument command and document command of any last processors. And 'bout some registers and Chips specific stuffs. ------------------------------------------------------------ (C) (P) Potemkin's Hackers Group 1994,1995,1996,1997 ------------------------------------------------------------ Revision 3.01 1 Oct 1997 ------------------------------------------------------------ All Your messages send to -> E-mail: avp@dvm.msk.ru [This is new mail entry, old is never exist now] ------------------------------------------------------------- [New In revision 3.01] o Some Bugfixed o Bit 11 of CPUID o Some New Stepping Info ------------------------------------------------------------- [New In revision 3.00] o New Stepping Info o New Insructions (6x86MX,K6) o New MSRs o New Info about Registers ... and more ------------------------------------------------------------- [New In revision 2.50] o Pefomance Monitoring in Pentium Pro. ------------------------------------------------------------- [New In Revision 2.00] o MMX instruction set o Undefined Instruction (UD,UD2) o Story About Undocument Flags o AMD Am5k86 MSRs o News in CPUID for AMD K5/Intel Pentium Pro o CR4 Update ... and more -------------------------------------------------------------- ----------O-AAA------------------------------------ OPCODE AAA - ASCII adjust AX after addition CPU: 8086+ Type of Instruction: User Instruction: AAA ; (no operands) Description: IF ((( AL and 0FH ) > 9 ) or (AF==1) THEN { IF CPU<286 THEN { AL <- AL+6 } ELSE { AX <- AX+6 } AH <- AH+1 CF <- 1 AF <- 1 } ELSE { CF <- 0 AF <- 0 } AL <- AL and 0Fh Note: This istruction incorrectly documented in Intel's materials. See description field. Flags Affected: AF,CF (modified) OF,SF,ZF,PF (undefined) Faults: RM PM V86 VME None CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form: COP (Code of Operation) : 37H Clocks: AAA 8086: 4 8088: 4 80186: 8 80286: 3 80386: 4 i486: 3 Pentium: 3 Cx486SLC: 4 Cx486DX: 4 IBM 486BL3X: 4 UMC U5S: 1 ----------O-AAD------------------------------------ OPCODE AAD - ASCII adjust AX before Division CPU: 8086+ Type of Instruction: User Instruction: AAD basen Description: AL <- (AH*basen) + AL AH <- 0 Flags Affected: SF,ZF,PF (modified) OF,AF,CF (undefined) Faults: RM PM V86 VME SMM None CPU mode: RM,PM,VM,SMM Note: AAD without operands means AAD with operand 0AH. Note: NECs understand only AAD 0AH form. +++++++++++++++++++++++ Physical Form: AAD imm8 COP (Code of Operation) : D5H imm8 Clocks: AAD 0AH 8086: 60 80186: 15 80286: 14 80386: 19 i486: 14 Pentium: 10 Cx486SLC: 4 Cx486DX: 4 IBM 486BL3X: 15 UMC U5S: 11 ----------O-AAM------------------------------------ OPCODE AAM - ASCII adjust AX after Multiply CPU: 8086+ Type of Instruction: User Instruction: AAM basen Description: AH <- AL / basen AL <- AL MOD basen Flags Affected: SF,ZF,PF (modified) OF,AF,CF (undefined) Faults: RM PM V86 VME SMM None CPU mode: RM,PM,VM,SMM Note: AAM without operands means AAM with operand 0AH. WARNING: NECs understand only AAM 0Ah form. +++++++++++++++++++++++ Physical Form: AAM imm8 COP (Code of Operation) : D4H imm8 Clocks: AAM 0AH 8086: 83 80186: 19 80286: 16 80386: 17 i486: 15 Pentium: 18 Cx486SLC: 16 Cx486DX: 16 IBM 486BL3X: 17 UMC U5S: 12 ----------O-ADD4S---------------------------------- OPCODE ADD4S - Addition for packed BCD strings CPU: all NECs V-series Type of Instruction: User Instruction: ADD4S Description: BCD STRING (ADDRESS=ES:DI,LENGTH=CL) <- BCD STRING (ADDRESS=DS:SI,LENGTH=CL) + BCD STRING (ADDRESS=ES:DI,LENGTH=CL); Note: si,di, other registers not changed Flags Affected: OF,CF,ZF ;; ZF set if both strings are zeros. ;; CF,OF set as result of operation with most ;; signification BCDs. CPU mode: RM +++++++++++++++++++++++ Physical Form: ADD4S COP (Code of Operation) : 0FH 20H Clocks: ADD4S NEC V20: ~19*(CL/2)+7 ----------O-BOUND---------------------------------- OPCODE BOUND - Chack Array Index Against Bounds CPU: 80186+,NECs Type of Instruction: User - HLL support Instruction: BOUND index,bound_array Description: IF (index < (opsize ptr [bound_array])) OR (index > (opsize ptr [bound_array+opsize])) THEN INT 5; Flags Affected: No Flags Affected CPU mode: RM,PM,VM,SMM Faults: RM PM V86 VME SMM #GP(0) if result is nonwritable seg. #GP(0) illegal memory operand in CS..GS (exc. SS) #SS(0) illegal memory operand in SS #PF #PF #UD #UD #UD if 2nd operand is register #13 if any part of operand lie outside of 0..FFFFh #AC #AC if CPL=3 and enable AC. Note: (186s&NECs) saved CS:IP BOUND interrupt as pointer to following instruction that self. (286+) saved as pointer to BOUND instruction. +++++++++++++++++++++++ Physical Form: BOUND reg16,mem32 BOUND reg32,mem64 COP (Code of Operation) : 62H Postbyte Note: for 32bit op. add Pfix 66h if in 16bit mode Clocks: BOUND reg16,mem16 In Range Out Range 80186: 33-35 80286: 13 int+13 80386: 10 i486: 7 Pentium: 8 int+32 Cx486SLC: 11 int+11 Cx486DX: 11 int+11 ----------O-BRKCS---------------------------------- OPCODE BRKCS - Break with Contex Switch CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: BRKCS bank Description: Perform a High-Speed Software Interrupt with contex-switch to register bank indicated by the lower 3-bits of 'bank'. Info: NEC V25/V35/V25 Plus/V35 Plus Bank System This Chips have 8 32bytes register banks, which placed in Internal chip RAM by addresses: xxE00h..xxE1Fh Bank 0 xxE20h..xxE3Fh Bank 1 ......... xxEC0h..xxEDFh Bank 6 xxEE0h..xxEFFh Bank 7 xxF00h..xxFFFh Special Functions Register Where xx is Value of IDB register. IBD is Byte Register contained Internal data area base IBD addresses is FFFFFh and xxFFFh where xx is data in IBD. Format of Bank: +0 Reserved +2 Vector PC +4 Save PSW +6 Save PC +8 DS0 ;DS +A SS ;SS +C PS ;CS +E DS1 ;ES +10 IY ;DI +11 IX ;SI +14 BP ;BP +16 SP ;SP +18 BW ;BX +1A DW ;DX +1C CW ;CX +1E AW ;AX Format of V25 etc. PSW (FLAGS): Bit Description 15 1 14 RB2 \ 13 RB1 > Current Bank Number 12 RB0 / 11 V ;OF 10 DIR ;DF 9 IE ;IF 8 BRK ;TF 7 S ;SF 6 Z ;ZF 5 F1 General Purpose user flag #1 (accessed by Flag Special Function Register) 4 AC ;AF 3 F0 General purpose user flag #0 (accessed by Flag Special Function Register) 2 P ;PF 1 BRKI I/O Trap Enable Flag 0 CY ;CF Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: BRKCS reg16 COP (Code of Operation) : 0Fh 2Dh <1111 1RRR> Clocks: 15 ----------O-BRKEM---------------------------------- OPCODE BRKEM - Break for Emulation CPU: NEC/Sony V20/V30/V40/V50 Type of Instruction: System Instruction: BRKEM intnum Description: PUSH FLAGS PUSH CS PUSH IP MOV CS,0:[intnum*4+2] MOV IP,0:[intnum*4] MD <- 0; // Enable 8080 emulation Note: BRKEM instruction do software interrupt and then New CS,IP loaded it switch to 8080 mode i.e. CPU will execute 8080 code. Mapping Table of Registers in 8080 Mode 8080 Md. A B C D E H L SP PC F native. AL CH CL DH DL BH BL BP IP FLAGS(low) For Return of 8080 mode use CALLN instruction. Note: I.e. 8080 addressing only 64KB then "Real Address" is CS*16+PC Flags Affected: MD CPU mode: RM +++++++++++++++++++++++ Physical Form: BRKEM imm8 COP (Code of Operation) : 0FH FFH imm8 Clocks: BRKEM imm8 NEC V20: 38 ----------O-BRKN----------------------------------- OPCODE BRKN - Break to Native Mode CPU: NEC (V25/V35) Software Guard only Type of Instruction: System Instruction: BRKN int_vector Description: [sp-1,sp-2] <- PSW ; PSW EQU FLAGS [sp-3,sp-4] <- PS ; PS EQU CS [sp-5,sp-6] <- PC ; PC EQU IP SP <- SP -6 IE <- 0 BRK <- 0 MD <- 1 PC <- [int_vector*4 +0,+1] PS <- [int_vector*4 +2,+3] Note: The BRKN instruction switches operations in Native Mode from Security Mode via Interrupt call. In Normal Mode Instruction executed as mPD70320/70322 (V25) operation mode. Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: BRKN imm8 COP (Code of Operation) : 63h imm8 Clocks: 56+10T [44+10T] ----------O-BRKS----------------------------------- OPCODE BRKS - Break to Security Mode CPU: NEC (V25/V35) Software Guard only Type of Instruction: System Instruction: BRKS int_vector Description: [sp-1,sp-2] <- PSW ; PSW EQU FLAGS [sp-3,sp-4] <- PS ; PS EQU CS [sp-5,sp-6] <- PC ; PC EQU IP SP <- SP -6 IE <- 0 BRK <- 0 MD <- 0 PC <- [int_vector*4 +0,+1] PS <- [int_vector*4 +2,+3] Note: The BRKS instruction switches operations in Security Mode via Interrupt call. In Security Mode the fetched operation code is executed after conversion in accordance with build-in translation table Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: BRKS imm8 COP (Code of Operation) : F1h imm8 Clocks: 56+10T [44+10T] ----------O-BRKXA---------------------------------- OPCODE BRKXA - Break to Expansion Address CPU: NEC V33/V53 only Type of Instruction: System Instruction: BRKXA int_vector Description: [sp-1,sp-2] <- PSW ; PSW EQU FLAGS [sp-3,sp-4] <- PS ; PS EQU CS [sp-5,sp-6] <- PC ; PC EQU IP SP <- SP -6 IE <- 0 BRK <- 0 MD <- 0 PC <- [int_vector*4 +0,+1] PS <- [int_vector*4 +2,+3] Enter Expansion Address Mode. Note: In NEC V53 Memory Space dividing into 1024 16K pages. The programming model is Same as in Normal mode. Mechanism is: 20 bit Logical Address: 19..14 Page Num 13..0 Offset page Num convertin by internal table to 23..14 Page Base tHE pHYSICAL ADDRESS is both Base and Offset. Address Expansion Registers: logical Address A19..A14 I/O Address 0 FF00h 1 FF02h ... ... 63 FF7Eh Register XAM aliased with port # FF80h indicated current mode of operation. Format of XAM register (READ ONLY): 15..1 reserved 0 XA Flag, if=1 then in XA mode. Format of V53 PSW: 15..12 1 11 V 10 DIR 9 IE 8 BRK 7 S 6 Z 5 0 4 AC 3 0 2 P 1 1 0 CY Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: BRKXA imm8 COP (Code of Operation) : 0Fh E0h imm8 Clocks: 12 ----------O-BSWAP---------------------------------- OPCODE BSWAP - Bytes Swap CPU: I486 + Type of Instruction: User Instruction: BSWAP dwordr Description: XCHG BYTE dwordr[31:24],dwordr[7:0] XCHG BYTE dwordr[23:16],dwordr[15:8] ; Need Good Picture to Show It Notes: This instruction used for converting big-endian (Intel) format to little-endian (Motorolla etc.) format. Flags Affected: None CPU mode: RM,PM,VM,SMM Physical Form: BSWAP r32 COP (Code of Operation): 0FH 11001rrr (For 32bit segment) Clocks: Cyrix Cx486SLC : 4 i486 : 1 Pentium : 1 Cyrix Cx486DX : 4 UMC U5S : 2 IBM 486BL3X : 9 ----------O-BTCLR---------------------------------- OPCODE BTCLR - Bit Test, If it True Clear and Branch CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: User Instruction: BTCLR var,bitnumber,Short_Label Description: IF BIT(bitnumber OF var) =1 THEN { PC <- PC + ext - disp8; BIT(bitnumber OF var) <-0 } Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: BTCLR reg/mem8,imm3, short_label COP (Code of Operation) : 0Fh 9Ch PostByte imm3 Short_Label (Total=5 bytes) Clocks: 29 ----------O-CALLN---------------------------------- OPCODE CALLN - Call Native Mode Routine CPU: NEC/Sony V20/V30 etc Type of Instruction: System Instruction: CALLN intnum Description: CALLN instruction call (interrupt service in Native Mode) from 8080 emulation mode: PUSH FLAGS PUSH CS PUSH IP IF <- 0 TF <- 0 MD <- 1 MOV CS,0:[intnum*4+2] MOV IP,0:[intnum*4] Flags Affected: IF,TF,MD CPU mode: 8080 Emulation +++++++++++++++++++++++ Physical Form: CALLN imm8 COP (Code of Operation) : EDH EDH imm8 Clocks: NEC V20/V30: 38-58 ----------O-CLEAR1--------------------------------- OPCODE CLEAR1 - Clear one bit CPU: NEC/Sony all V-series. Type of Instruction: User Instruction: CLEAR1 dest,bitnumb Description: BIT bitnumb OF dest <- 0; Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: CLEAR1 reg/mem8,CL COP (Code of Operation) : 0FH 12H Postbyte Physical Form: CLEAR1 reg/mem8,imm8 COP (Code of Operation) : 0FH 1AH Postbyte imm8 Physical Form: CLEAR1 reg/mem16,CL COP (Code of Operation) : 0FH 13H Postbyte Physical Form: CLEAR1 reg/mem16,imm8 COP (Code of Operation) : 0FH 1BH Postbyte imm8 Clocks: CLEAR1 r/m8,CL r/m8,i8 r/m16,CL r/m16,i8 NEC V20: 5/14 6/15 5/14 6/15 ----------O-CMOVcc--------------------------------- OPCODE CMOVcc - Conditional Move CPU: P6 Type of Instruction: User Instruction: CMOVcc dest,sorc Description: IF condition(cc) is true THEN dest <- sorc; Flags Affected: None CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form & COPs: CMOVO reg,reg/mem 0FH 40H Postbyte CMOVNO reg,reg/mem 0FH 41H Postbyte CMOVC reg,reg/mem 0FH 42H Postbyte CMOVNC reg,reg/mem 0FH 43H Postbyte CMOVZ reg,reg/mem 0FH 44H Postbyte CMOVNZ reg,reg/mem 0FH 45H Postbyte CMOVNA reg,reg/mem 0FH 46H Postbyte CMOVA reg,reg/mem 0FH 47H Postbyte CMOVS reg,reg/mem 0FH 48H Postbyte CMOVNS reg,reg/mem 0FH 49H Postbyte CMOVP reg,reg/mem 0FH 4AH Postbyte CMOVNP reg,reg/mem 0FH 4BH Postbyte CMOVL reg,reg/mem 0FH 4CH Postbyte CMOVNL reg,reg/mem 0FH 4DH Postbyte CMOVNG reg,reg/mem 0FH 4EH Postbyte CMOVG reg,reg/mem 0FH 4FH Postbyte Clocks: ~1 (~pairing with other instructions) ----------O-CMP4S---------------------------------- OPCODE CMP4S - Compare for packed BCD strings CPU: NEC/Sony all V-series Type of Instruction: User Instruction: CMP4S Description: SetFlaGS( BCD STRING (ADDRESS=ES:DI,LENGTH=CL) - BCD STRING (ADDRESS=DS:SI,LENGTH=CL) ); Note: si,di, other registers not changed Flags Affected: OF,CF,ZF ;; ZF set if RESULT of subtraction is zero. ;; CF,OF set as result of operation with most ;; signification BCDs. CPU mode: RM +++++++++++++++++++++++ Physical Form: CMP4S COP (Code of Operation) : 0FH 26H Clocks: CMP4S NEC V20: ~7+19*CL ----------O-CMPXCHG8B------------------------------ OPCODE CMPXCHG8B - Compare and exchange 8 bytes CPU: Pentium (tm), Pentium Pro(tm), AMD Am5k86 Type of Instruction: Operation Instruction: CMPXCHG8B dest Note: dest is memory operand: QWORD PTR [memory] Description: IF ( QWORD(EDX:EAX) = dest) THEN { ZF <- 1; dest <- QWORD(ECX:EBX); } ELSE { ZF <- 0; EDX:EAX <- dest } END Flags Affected: ZF CPU mode: RM,PM,VM,SMM Physical Form: CMPXCHG8B mem64 COP (Code of Operation) : 0FH C7H Postbyte Clocks: Pentium : 10 Note: Postbyte MMRRRMMM: MM<>11 if (==) then INT 6 ----------O-CMPXCHG-------------------------------- OPCODE CMPXCHG - Compare and exchange CPU: i486+ Type of Instruction: User Instruction: CMPXCHG dest,sorc Description: Acc = if OperationSize(8) -> AL OperationSize(16) -> AX OperationSize(32) -> EAX IF ( Acc = dest) THEN { ZF <- 1; dest <- sorc; } ELSE { ZF <- 0; Acc <- dest; } END Note: This instruction used to support semaphores Flags Affected: ZF ( see description) OF,SF,AF,PF,CF ( like CMP instruction ) ( see description) CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form: CMPXCHG r/m8,r8 COP (Code of Operation) : 0FH A6H Postbyte ; i486 (A-B0 step) : 0FH B0H Postbyte ; i486 (B1+ step clones ; and upgrades) Clocks: Intel i486 : 6/7 if compare OK : 6/10 if compare FAIL Cyrix Cx486SLC : 5/7 Pentium (tm) : 6 Penalty if cache miss : Intel i486 : 2 Cyrix Cx486SLC : 1 +++++++++++++++++++++ Physical Form: CMPXCHG r/m16,r16 CMPXCHG r/m32,r32 COP (Code of Operation) : 0FH A7H Postbyte ; i486 (A-B0 step) : 0FH B1H Postbyte ; i486 (B1+ step clones ; and upgrades) Clocks: Intel i486 : 6/7 if compare OK : 6/10 if compare FAIL Cyrix Cx486SLC : 5/7 Pentium (tm) : 6 Penalty if cache miss : Intel i486 : 2 Cyrix Cx486SLC : 1 ----------O-CPUID---------------------------------- OPCODE CPUID - CPU Identification CPU: Intel 486DX/SX/DX2 SL Enhanced and all later Intel processors include ( IntelDX4, IntelSX2, Pentium etc.), UMC microprocessors: U5S,U5SD,U5S-VL. Cyrix M1, AMD K5, Intel P6, and AMD Ehnanced Am486 CPU, such as A80486DX4-100SV8B. Note: i.e. 1993+ years processors produced by Intel Note: To know if your CPU support CPUID instruction try to set ID flag ( bit 21 of EFLAGS ) to 1, and if it sets this mean that CPUID support.(Soft). Or If Your CPU is Intel Look for '&E' signature on Top side of Chip.(Hard) Type of Instruction: Operation Instruction: CPUID Description: IF (EAX=0) THEN // All { EAX <- Maximum value of EAX to CALL CPUID instruction 1 for all processors (date 1 September 1994) may be >1 in future microprocessors ;; EBX,EDX and ECX contain a OEM name string ;; for Intel this string is 'GenuineIntel' EBX <- 756E6547H i.e. 'Genu' EDX <- 49656E69H i.e. 'ineI' ECX <- 6C65746EH i.e. 'ntel' ;; for UMC this string is 'UMC UMC UMC ' EBX <- 32434D55H i.e. 'UMC ' EDX <- 32434D55H i.e. 'UMC ' ECX <- 32434D55H i.e. 'UMC ' ;; for Cyrix this string is 'CyrixInstead' (Cx6x86,Cx5x86 steps B+) ;; for AMD this string is 'AuthenticAMD' (K6,K5,486 Enhanced CPUs) ;; for last NexGen is 'NexGenDriven' (Nx5x86 latest models) } ELSEIF (EAX=1) THEN // All { EAX[3:0] <- Stepping ID EAX[7:4] <- Model EAX[11:8] <- Family ; 3 - 386 family ; 4 - i486 family ; 5 - Pentium family ; 6 - Pentium Pro family EAX[15:12] <- Reserved ; 0 - Original OEM processor ; 1 - OverDrive ; 2 - Dual Processor Note: Pentium P54C have pin CPUTYPE which define is this CPU First or Second e.t.c in System. So, if this chip set in "First" socket it return for example 0425h, but THIS chip return 2425h if we insert it in "Second" socket. Note: Refer to Appendix B for more information. EAX[31:16] <- Reserved and set to 0s now EDX <- Compability flags ;; below all info if bit flag =1 EDX[0] <- FPU: FPU on Chip EDX[1] <- VME: Virtual Mode Extention present EDX[2] <- DE: Debbuging Extentions EDX[3] <- PSE: CPU support 4MB size pages EDX[4] <- TSC: TSC present (See RDTSC command) EDX[5] <- MSR: CPU have Pentium Compatible MSRs EDX[6] <- PAE: Physical Address Extension (Intel) EDX[6] <- PTE: Support PTE (Cyrix) When set in PTE TLB will not be flushed when CR3 is written. EDX[7] <- MCE: Machine Check exception EDX[8] <- CX8: Support CMPXCHG8B instruction EDX[9] <- APIC: Local APIC on Chip (Intel) PGE: Page Global Extension (K5) EDX[10]<- reserved EDX[11]<- SEP: Fast System Call feature (Pentium Pro) EDX[12]<- MTRR: CPU support Memory Type Range Register (MTRR) EDX[13]<- PGE: Page Global Feature support EDX[14]<- MCA: Machine Check Architecture EDX[15]<- CMOV: CPU support CMOV instruction EDX[22..16] <- Reserved EDX[23] <- MMX: CPU support IA MMX EDX[31:24] <- Reserved and set to 0s now } ELSEIF (EAX=2) { AL = 1 (Pentium Pro, Pentium II) remainder of EAX and EBX,ECX,EDX contain bytes which described cache architecture on this chip. Description of this bytes is: Value Description 00h None 01h Instruction TLB, 4K page, 4way, 64 entry 02h Instruction TLB, 4M page, 4way, 4 entry 03h Data TLB, 4K page, 4way, 64 entry 04h Data TLB, 4M page, 4way, 8 entry 06h Instruction Cache, 8K, 4 way, 32 byte per line 0Ah Data cache, 8K, 2 way, 32 byte per line 41h Unifed cache, 32 byte per line, 4 way, 128KB 42h Unifed cache, 32 byte per line, 4 way, 256KB 43h Unifed cache, 32 byte per line, 4 way, 512KB } ELSEIF (EAX = 80000000h) // AMD 5k86 (K5 not SSA/5) { EBX,ECX,EDX <- Undefined EAX <- Largest Extended function value recognized by CPUID. (Note: Extended CPUID functions started with 80000000h) (Example: For AMD 5k86 (K5) = 80000005h ) } ELSEIF (EAX = 80000001h) // AMD 5k86 (K5 not SSA/5) { EAX <- AMD Processor Signature 0000051Xh - for AMD 5k86 (K5 not SSA/5) 0000066Xh - for AMD 6k86 (K6) EBX,ECX <- Undefined EDX <- Extended Feature Flags EDX[0] <- FPU: FPU on Chip EDX[1] <- VME: Virtual Mode Extention present EDX[2] <- DE: Debbuging Extentions EDX[3] <- PSE: CPU support 4MB size pages EDX[4] <- TSC: TSC present (See RDTSC command) EDX[5] <- MSR: CPU have K5 Compatible MSRs EDX[6] <- 0 (Reserved) EDX[7] <- MCE: Machine Check exception EDX[8] <- CX8: Support CMPXCHG8B instruction EDX[9] <- Reserved EDX[10]<- Support SYSCALL and SYSRET instruction (!!!) EDX[11,12]<- reserved EDX[13]<- PGE: Page Global Feature support EDX[14]<- reserved EDX[15]<- CMOV: CPU support CMOV instruction EDX[16]<- FCMOV: CPU support FP. FCMOV (!!!) EDX[22..16] <- Reserved EDX[23] <- MMX: CPU support IA MMX EDX[31..24] <- Reserved ;Note: For AMD K5 = 000021BFh For AMD K6 = 008005BFh } ELSEIF (EAX = 80000002h,80000003h,80000004h) // AMD K5,K6 { EAX, EBX, ECX ,EDX = CPU Name // Note: for AMD K5 (Don't forget x86 is BIG-Endian!!) // CPUID(EAX) EAX EBX ECX EDX // 80000002h 2D444D41 7428354B 5020296D 65636F72 // AMD- K5(r m) P roce // 80000003h 726F7373 00000000 00000000 00000000 // ssor // 80000004h 00000000 00000000 00000000 00000000 } ELSEIF (EAX = 80000005h) // AMD K5,K6 { // TLB and Cache information EAX <- Reserved EBX <- TLB Information: EBX[31..24] <- Data TLB: Associativity (if Full assocuiativity = FFh) EBX[23..16] <- Data TLB: Number of Entryes EBX[15..8] <- Instruction TLB: Associativity (if Full assocuiativity = FFh) EBX[7..0] <- Instruction TLB: Number of Entryes ECX <- L1 Data Cache Information ECX[31..24] <- Size in KB ECX[23..16] <- Associativity (if full = FFh) ECX[15..8] <- Lines per Tag ECX[7..0] <- Line size in Bytes EDX <- L1 Instruction Cache Information ECX[31..24] <- Size in KB ECX[23..16] <- Associativity (if full = FFh) ECX[15..8] <- Lines per Tag ECX[7..0] <- Line size in Bytes // Note: after execution CPUID with EAX = 80000005h // reg AMD K5 AMD K6 // EBX 04800000 02800140 // ECX 08040120 20020220 // EDX 10040120 20020220 } ELSE THEN { EAX,EBX,ECX,EDX <- Undefined } END. Global Note: This file contain open i.e nonconfiderential information about CPUID information. If you want MORE try to contact Intel, may be (but I'm sure that not) Intelers give you "Yellow Pages" (i.e Supplement to Pentium(tm) Processor User's Manual) to read inside office. Refer to: Appendix B for more informations about CPU codes. Here is 3 examples of Information we can may get from CPUID instruction: 1) UMC U5S Note: All UMC Chips: U5S,U5SD, 3V chips never have FPU on-chip, and never support VME Maximum Available of CPUID info entrys:1 Vendor string is : "UMC UMC UMC " Model Info : Stepping ID is : 3 Model : 2 Family : 4 M field : 0 Compability Flags: FPU on Chip :- Virtual Mode Extensions present :- CPU support I/O breakpoints :- CPU support 4MB pages :- Time Stamp Counter Presents :- CPU have Pentium compatible MSRs :- Machine Check Exception Presents :- CMPXCHG8B instruction support :- APIC on Chip :- 2) Intel 486 Note: All SL Enhanced 486: { i486SX,i486DX,i486DX2 marked '&E' on chip surface }, IntelSX2,IntelDX4 support VME !!!! But: Sxs never have FPU on chip. Maximum Available of CPUID info entrys:1 Vendor string is : "GenuineIntel" Model Info : Stepping ID is : 0 Model : 8 Family : 4 M field : 0 Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :+ CPU support I/O breakpoints :- CPU support 4MB pages :- Time Stamp Counter Presents :- CPU have Pentium compatible MSRs :- Machine Check Exception Presents :- CMPXCHG8B instruction support :- APIC on Chip :- 3) Pentium Note: P54C may say that build-in APIC not present if it not supported by external hardware !!!!! (This data from P54C in single processor configuration) Maximum Available of CPUID info entrys:1 Vendor string is : "GenuineIntel" Model Info : Stepping ID is : 1 Model : 2 Family : 5 M field : 0 Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :+ CPU support I/O breakpoints :+ CPU support 4MB pages :+ Time Stamp Counter Presents :+ CPU have Pentium compatible MSRs :+ Machine Check Exception Presents :+ CMPXCHG8B instruction support :+ APIC on Chip :- 4) Pentium OverDrive Note: P24T never have Machine Check Exception Maximum Available of CPUID info entrys:1 Vendor string is : "GenuineIntel" Model Info : Stepping ID is : 1 Model : 3 Family : 5 M field : 1 Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :+ CPU support I/O breakpoints :+ CPU support 4MB pages :+ Time Stamp Counter Presents :+ CPU have Pentium compatible MSRs :+ Machine Check Exception Presents :- CMPXCHG8B instruction support :+ APIC on Chip :- 5) AMD Am5x86 (also AMD Enhanced 486). Maximum Available of CPUID info entrys:1 Vendor string is : "AuthenticAMD" Model Info : Stepping ID is : 4 Model : 15 Family : 4 M field : 0 Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :- CPU support I/O breakpoints :- CPU support 4MB pages :- Time Stamp Counter Presents :- CPU have Pentium compatible MSRs :- P6 Flag: n/a :- Machine Check Exception Presents :- CMPXCHG8B instruction support :- 6) Pentium Pro (P6) Maximum Available of CPUID info entrys:2 <<-------------- !!!! Vendor string is : "GenuineIntel" Model Info : Stepping ID is : 1 Model : 1 Family : 6 M field : 0 Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :+ CPU support I/O breakpoints :+ CPU support 4MB pages :+ Time Stamp Counter Presents :+ CPU have Pentium compatible MSRs :+ P6 Flag: n/a :+ Machine Check Exception Presents :+ CMPXCHG8B instruction support :+ APIC on Chip :+ Reserved :- ; bit 10 Fast System Call feature :+ Memory Type Range Regs. support :+ Page Global Feature support :+ Machine Check Architecture :+ CMOVxx instructions support :+ IA MMX support :+ 7) Maximum Available of CPUID info entrys:1 Vendor string is : "CyrixInstead" Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :- CPU support I/O breakpoints :+ CPU support 4MB pages :- Time Stamp Counter Presents :+ CPU have Pentium compatible MSRs :+ P6 Flag: n/a :+ Machine Check Exception Presents :- CMPXCHG8B instruction support :+ APIC on Chip :- Reserved :- Reserved :- Memory Type Range Regs. support :- Page Global Feature support :+ Machine Check Architecture :- CMOVxx instructions support :+ IA MMX support :+ Note: Some Last NexGen Nx586 support CPUID instruction, but never support ID flag in EFALGS, so check it with #UD hook. Note: On Cyrix CPUs need to Enable CPUID instruction, setting CPUIDEN bit in CCR4. Note: Cyrix Cx6x86 return on CPUID(1) in EAX next data: YYYYXXMMh - where YYYY - normally 0s. XX - value of control register 0FCh (usually 05h, may be changed to any other value by user). MM - Model Unical Revision (according to DIR0) Note: Cyrix 486s never support CPUID. Flags Affected: None CPU mode: RM,PM,VM,SMM Physical Form: CPUID COP (Code of Operation): 0FH A2H Clocks: 486s & Pentium (EAX=1) : 14 486s & Pentium (EAX=0 or EAX>1) : 9 ----------O-EMMS----------------------------------- OPCODE EMMS - Empty MMX State CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: EMMS Description: FloatPointTagWord <- FFFFh Note: The EMMS instruction sets the values of the floating-point (FP) tag word to empty (all ones). EMMS marks the registers as available, so they can subsequently be used by floating-point instructions. If a floating-point instruction loads into one of the registers before it has been reset by the EMMS instruction, a floating-point stack overflow can occur, which results in a FP exception or incorrect result. All other MMX instructions validate the entire FP tag word (all zeros). This instruction must be used to dear the MMX state at the end of all MMX routines, and before calling other routines that may execute floating-point instructions. Flags affected: None Exceptions: RM PM VM SMM Description #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception ++++++++++++++++++++++++++++++++++++++ COP & Times: EMMS 0FH 77H P55C: n/a future P6: n/a ----------O-ESC------------------------------------ OPCODE ESC - Escape Extrnal Cooprocessors CPU: 8086...80386, any Hybrid 486. Type of Instruction: User Instruction: ESC Number,R/M Description: This Instruction uses for Link with External Coprocessors Such as NPX. External Coprocessors look at command sequence at get ESC. CPU give Memory Operand sending to A-bus EA doing pseudo-read operation. { If 2nd Operand is Register then Do Nothing, If 2nd Operand is Memory then set EA (Effective Address) in Address Bus } First operand is Part of Command that Ext. coprocessors get. Flags Affected: None Example: ESC 0Fh,DX means FSQRT Note: ESC mnemonic was used for 8086 CPU, later all were used alternative mnemonic for cooprocessor instructions, such as FSQRT. CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form: COP (Code of Operation) : <1101 1xxx> Postbyte Clocks: ESC n,Reg ESC n,Mem8/Mem16 8088: 2 8/12+EA 286: 9-20 9-20 386: N/A N/A 486: N/A N/A ----------O-EXT------------------------------------ OPCODE EXT - Extract Bit Field CPU: NEC/Sony all V-series Type of Instruction: User Instruction: EXT start,len Description: AX <- BitField [ BASE = DS:SI START BIT OFFSET = start LENGTH = len ]; Note: si and start automatically UPDATE Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form : EXT reg8,reg8 COP (Code of Operation) : 0FH 33H PostByte Clocks: EXT reg8,reg8 NEC V20: 26-55 ----------O-F4X4----------------------------------- OPCODE F4X4 - FPU: Multiplicate vector on Matrix 4x4 FPU: IIT FPUs. Type of Instruction: FPU instruction Instruction: F4X4 Description: ; This Instruction Multiplicate vector on ; Matrix 4X4 _ _ _ _ _ _ | | | | | | | Xn | | A00 A01 A02 A03 | | X0 | | Yn | = | A10 A11 A12 A13 | X | Y0 | | Zn | | A20 A21 A22 A23 | | Z0 | | Wn | | A30 A31 A31 A33 | | W0 | |_ _| |_ _| |_ _| ; Data fetches/stores from/to FPU registers: # of F E T C H E S STORE Register Bank0 Bank1 Bank2 Bank0 ST X0 A33 A31 Xn ST(1) Y0 A23 A21 Yn ST(2) Z0 A13 A11 Zn ST(3) W0 A03 A01 Wn ST(4) A32 A30 ST(5) A22 A20 ST(6) A12 A10 ST(7) A02 A00 Note: See FSBP0,FSBP1,FSBP2 for more information FPU Flags Affected: S FPU mode: Any Physical Form: F4X4 COP (Code of Operation): DBH F1H Clocks: IIT 2c87 : 242 IIT 3c87 : 242 IIT 3c87SX : 242 ----------O-FCMOVcc-------------------------------- OPCODE FCMOVcc - Floating Point Conditional Move CPU: P6 Type of Instruction: User Instruction: FCMOVcc dest,sorc Description: IF condition(cc) is true THEN dest <- sorc; Flags Affected: Int: None Fp : None Note: Testing Integer flags: cc Meaning Test Flags Description B Below CF=1 < NB Not Below CF=0 >= E Equal ZF=1 = NE Not Equal ZF=0 != BE Below Equal (CF=1 .OR. ZF=1) <= NBE Not BelowEqual (CF=0 .AND. ZF=0) > U Unordered PF=1 NU Not Unordered PF!=1 CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form & COPs: FCMOVB ST,STi DA C0+i FCMOVE ST,STi DA C8+i FCMOVBE ST,STi DA D0+i FCMOVU ST,STi DA D8+i FCMOVNB ST,STi DB C0+i FCMOVNE ST,STi DB C8+i FCMOVNBE ST,STi DB D0+i FCMOVNU ST,STi DB D8+i Clocks: N/A ----------O-FCOMI---------------------------------- OPCODE FCOMI - Floating Point Compare setting Integer Flags CPU: P6 Type of Instruction: User Instruction: FuCOMIp ST0,STi Description: CASE ( result (compare(ST0,STi) ) OF { ; ZF PF CF Not Comparable: 1 1 1 ST0 > STi : 0 0 0 ST0 < STi : 0 0 1 ST0 = STi : 1 0 0 } CASE ( FP_stack_status ) OF { ; SF Overflow : 1 Underflow : 0 Otherwize : 0 } CASE ( instruction ) OF { FCOMI,FUCOMI : No FP stack adjustment; FCOMIP,FUCOMIP : POP ST; } Flags Affected: Int: CF,ZF,PF,SF Fp : None Note: In any case Sign of zero Ignored , so +0.0 = -0.0 CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form & COPs: FCOMI ST0,STi DB F0+i FCOMIP ST0,STi DF F0+i FUCOMI ST0,STi DB E8+i FUCOMIP ST0,STi DF E8+i Clocks: N/A ----------O-FINT----------------------------------- OPCODE FINT - Finished Interrupt CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: FINT Description: Inticate to Internal Interrupt controller that interrupt service Routine is completed. (EOI) Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: FINT COP (Code of Operation) : 0Fh 92h Clocks: 2 ----------O-FNSTDW--------------------------------- OPCODE FNSTDW - FPU Not wait Store Device Word register FPU: i387SL Mobile Type of Instruction: FPU instruction Instruction: FNSTDW dest Description: dest <- Device Word Format of Device word: bit(s) Description (Table ) 0-7 Reserved 8 S - Status bit: if S=1 then FP device is a static design and OS or APM Bios may set CLK slow to 0 Mhz without lost any data. 9-15 Reserved Note: Device word register valid only after FNINIT FPU Flags Affected: None CPU mode: Any Physical Form: FNSTDW AX COP (Code of Operation): DFH E1H Clocks: i387SL Mobile: 13 ----------O-FNSTSG--------------------------------- OPCODE FNSTSG - FPU Not wait Store Signature Word register FPU: i387SL Mobile Type of Instruction: FPU instruction Instruction: FNSTSG dest Description: dest <- Signature Word Format of Signature word: bit(s) Description (Table ) 3-0 Revision 7-4 Steppin 11-8 Family 15-12 Version Note: For i387(tm) SL Mobile Signature is: Version = 2 Family = 3 ; 387 Stepping = 1 ; Ax step Revision = 0 ; x0 step i.e i387(tm) SL is A0 step Note: This FPU is out of life Note: Signature word register valid only after FNINIT FPU Flags Affected: None CPU mode: Any Physical Form: FNSTSG AX COP (Code of Operation): DFH E2H Clocks: i387SL Mobile: 13 ----------O-FPO2----------------------------------- OPCODE FPO2 - Floating Point Operations 2nd Way CPU: NEC/Sony all V-series Type of Instruction: User Instruction: FPO2 fp_op,mem Description: This instruction was building for sending FP commands to NEC NPX which never be realized Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form : FPO2 imm4,reg/mem COP (Code of Operation) : If imm4 in range 0-7 then 66H mmFFFMMM there FFF is imm4. If imm4 in range 7-F then 67H mmFFFMMM there FFF is imm4. Clocks: FPO2 imm4,reg/mem NEC V20: 2/11 ----------O-FRICHOP-------------------------------- OPCODE FRICHOP - FPU: Round to Integer chop method FPU: Cyrix FPUs and 486s with FPU on chip Type of Instruction: FPU instruction Instruction: FRICHOP Description: ST <- ROUND ( ST,CHOP ) Note: This instruction calculate rounding ST toward zero i.e. ignoring part righter that decimal . Examples: 1.2 -> 1.0 -1.2 -> -1.0 3.0 -> 3.0 0.0 -> 0.0 1.5 -> 1.0 -2.0 -> -2.0 FPU Flags Affected: S,P,D,I,C1 FPU mode: Any Physical Form: FRICHOP COP (Code of Operation): DDH FCH Clocks: Cx83D87 : 15 Cx83S87 : 15 CxEMC87 : 15 Cx487DLC : ----------O-FRINEAR-------------------------------- OPCODE FRINEAR - FPU: Round to Integer Nearest method FPU: Cyrix FPUs and 486s with FPU on chip Type of Instruction: FPU instruction Instruction: FRINEAR Description: ST <- ROUND ( ST,NEAREST ) Note: This instruction calculate rounding ST toward nearest Examples: 1.2 -> 1.0 -1.2 -> -1.0 3.0 -> 3.0 0.0 -> 0.0 1.5 -> 1.0 1.8 -> 2.0 -2.0 -> -2.0 FPU Flags Affected: S,P,D,I,C1 FPU mode: Any Physical Form: FRINEAR COP (Code of Operation): DFH FCH Clocks: Cx83D87 : 15 Cx83S87 : 15 CxEMC87 : 15 Cx487DLC : ----------O-FRINT2--------------------------------- OPCODE FRINT2 - FPU: Round to Integer FPU: Cyrix FPUs and 486s with FPU on chip Type of Instruction: FPU instruction Instruction: FRINT2 Description: IF ( exact half ) THEN { ST <- SIGN(ST) * ROUND(ABS(ST)+0.5,NEAREST) } ELSE { ST <- ROUND ( ST,NEAREST ) } END Note: This instruction calculate rounding ST toward nearest, but if number is exact half then this instruction round it toward signed infinity. Sign of this infinity is same with sign of number. Examples: 1.2 -> 1.0 -1.2 -> -1.0 3.0 -> 3.0 0.0 -> 0.0 1.5 -> 2.0 1.8 -> 2.0 -2.0 -> -2.0 -1.5 -> -2.0 FPU Flags Affected: S,P,D,I,C1 FPU mode: Any Physical Form: FRINT2 COP (Code of Operation): DBH FCH Clocks: Cx83D87 : 15 Cx83S87 : 15 CxEMC87 : 15 Cx487DLC : ----------O-FRSTPM--------------------------------- OPCODE FRSTPM - FPU Reset Protected Mode FPU: i287XL i287XLT Type of Instruction: FPU instruction Instruction: FRSTPM Description: Reset Cooprocessor from Protected Mode to Real Address mode. FPU Flags Affected: None CPU mode:Any ??? Physical Form: FRSTPM COP (Code of Operation): DBH E5H Clocks: i287XL : 12 i287XLT : 12 ----------O-FSBP0---------------------------------- OPCODE FSBP0 - FPU: Set Bank pointer to Bank # 0 FPU: IIT FPUs. Type of Instruction: FPU instruction Instruction: FSBP0 Description: ; This Instruction set current bank pointer to ; Bank # 0. ; Each bank contain eight 80bit registers ; There are 3 banks (0,1,2) in Chip ; After initialization FPU select bank # 0. FPU Flags Affected: None FPU mode: Any Physical Form: FSBP0 COP (Code of Operation): DBH E8H Clocks: IIT 2c87 : 6 IIT 3c87 : 6 IIT 3c87SX : 6 ----------O-FSBP1---------------------------------- OPCODE FSBP1 - FPU: Set Bank pointer to Bank # 1 FPU: IIT FPUs. Type of Instruction: FPU instruction Instruction: FSBP1 Description: ; This Instruction set current bank pointer to ; Bank # 1. ; Each bank contain eight 80bit registers ; There are 3 banks (0,1,2) in Chip ; After initialization FPU select bank # 0. FPU Flags Affected: None FPU mode: Any Physical Form: FSBP1 COP (Code of Operation): DBH EBH Clocks: IIT 2c87 : 6 IIT 3c87 : 6 IIT 3c87SX : 6 ----------O-FSBP2---------------------------------- OPCODE FSBP2 - FPU: Set Bank pointer to Bank # 2 FPU: IIT FPUs. Type of Instruction: FPU instruction Instruction: FSBP2 Description: ; This Instruction set current bank pointer to ; Bank # 2. ; Each bank contain eight 80bit registers ; There are 3 banks (0,1,2) in Chip ; After initialization FPU select bank # 0. FPU Flags Affected: None FPU mode: Any Physical Form: FSBP2 COP (Code of Operation): DBH EAH Clocks: IIT 2c87 : 6 IIT 3c87 : 6 IIT 3c87SX : 6 ----------O-IBTS----------------------------------- OPCODE IBTS - Insert Bits String CPU: 80386 step A0-B0 only Type of Instruction: User Instruction: IBTS base,bitoffset,len,sorc Description: Write bit string length bits from [bits .. 0 ] (lowest bits) to bitfield, defined by and bitsoffset from this base to start of the field to write. String write from this start field bit to higher memory addresses or register bits. Flags Affected: None CPU mode: RM,PM,VM +++++++++++++++++++++++ Physical Form: IBTS r/m16,AX,CL,r16 IBTS r/m32,EAX,CL,r32 COP (Code of Operation) : 0FH A7H Postbyte Clocks: IBTS 80386: 12/19 ----------O-ICEBP---------------------------------- OPCODE ICEBP - PWI Mode BreakPoint, ICE address space CPU: IBM 486SLC2 Type of Instruction: System Instruction: ICEBP Description: IF (condition) THEN ; see condition below { SAVE STATUS OF EXECUTION TO ICE space; ENTER SMM; } ELSE { INT 1; } END Note: This condition can be set before execution this instruction: CPL=0 MSR1000H.EPCEA=1 MSR1000H.EPWI=1 Flags Affected: None CPU mode: RM,PM0 Physical Form: ICEBP COP (Code of Operation): F1H Clocks: IBM 486SLC2 : 460 ----------O-ICEBP---------------------------------- OPCODE ICEBP - In-Circuit Emulator Breakpoint CPU: some models of i486, i386, Pentium, Pentium Pro Type of Instruction: System Instruction: ICEBP Description: IF (condition) THEN ; see condition below { CHANGED TO THE ICE instruction mode; } ELSE { INT 1; } END Note: 386/486: Condition is DR7.bit12=1 (CPU must be supported ICE). Note: This instruction very usefull to debbuging as Single-Byte Interrupt but it generate never int 3, but int 1. Note: On Pentium Interrupt redirection initiately disabled on PMCR (Probe Mode Control Register), which is only accessable via debug port i.e. Need external hardware for enable normal ICEBP execution. Note: On Pentium Pro situation is the same. But in Pentium Pro Intel named this instruction INT01. Flags Affected: None CPU mode: RM,PM0 Physical Form: ICEBP COP (Code of Operation): F1H Clocks: : N/A ----------O-ICERET--------------------------------- OPCODE ICERET - Return from PWI mode, ICE space CPU: IBM 486SLC2 Type of Instruction: System Operation (Work only then CPL=0) Instruction: ICERET Description: Load All Registers (Include Shadow Registers) from Table Which Begin on place pointed ES:EDI, and return from PWI mode. Format of ICERET Table: (Table ) Offset Len Description 0H 4 CR0 4H 4 EFLAGS 8H 4 EIP CH 4 EDI 10H 4 ESI 14H 4 EBP 18H 4 ESP 1CH 4 EBX 20H 4 EDX 24H 4 ESX 28H 4 EAX 2CH 4 DR6 30H 4 DR7 34H 4 TR (16 bit, zero filled up) 38H 4 LDT --------- 3CH 4 GS --------- 40H 4 FS --------- 44H 4 DS --------- 48H 4 SS --------- 4CH 4 CS --------- 50H 4 ES --------- 54H 4 TSS.attrib 58H 4 TSS.base 5CH 4 TSS.limit 60H 4 Reserved 64H 4 IDT.base 68H 4 IDT.limit 6CH 4 REP OUTS overrun flag 70H 4 GDT.base 74H 4 GDT.limit 78H 4 LDT.attrib 7CH 4 LDT.base 80H 4 LDT.limit 84H 4 GS.attrib 88H 4 GS.base 8CH 4 GS.limit 90H 4 FS.attrib 94H 4 FS.base 98H 4 FS.limit 9CH 4 DS.attrib A0H 4 DS.base A4H 4 DS.limit A8H 4 SS.attrib ACH 4 SS.base B0H 4 SS.limit B4H 4 CS.attrib B8H 4 CS.base BCH 4 CS.limit C0H 4 ES.attrib C4H 4 ES.base C8H 4 ES.limit Unknown Unusable area ;; Temporary registers: 100H 4 TST 104H 4 IDX 108H 4 TMPH 10CH 4 TMPG 110H 4 TMPF 114H 4 TMPE 118H 4 TMPD 11CH 4 TMPC 120H 4 TMPB 124H 4 TMPA 128H 4 CR2 12CH 4 CR3 130H 4 MSR1001H (31-0) 134H 4 MSR1001H (63-32) 138H 4 MSR1000H (15-0) 13CH 4 DR0 140H 4 DR1 144H 4 DR2 148H 4 DR3 14CH 4 PEIP Length of table is 150H bytes. Note: For descriptor format refer to LOADALL and RES3 instructions. Flags Affected: All (FLAGS Register Reload) CPU mode: SMM Physical Form: ICERET COP (Code of Operation): 0FH 07H Note: Code is same with Intel's LOADALL Clocks: IBM 486SLC2 : 440 ----------O-INS------------------------------------ OPCODE INS - Insert Bit String CPU: NEC/Sony all V-series Type of Instruction: User Instruction: INS start,len Description: BitField [ BASE = ES:DI START BIT OFFSET = start LENGTH = len ] <- AX [ bits= (len-1)..0] Note: di and start automatically UPDATE Note: Alternative Name of this instruction is NECINS Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form : INS reg8,reg8 COP (Code of Operation) : 0FH 31H PostByte Clocks: INS reg8,reg8 NEC V20: 31-117 ----------O-INVD----------------------------------- OPCODE INVD - Invalidate Cache Buffer CPU: I486 + Type of Instruction: System Instruction: INVD Description: FLUSH INTERNAL CACHE ( It means that all lines of internal caches sets as invalid ) SIGNAL EXTERNAL CACHE TO FLUSH Notes: This instruction not work in Real Mode and in Protected mode work only in ring 0 ; Flags Affected: None CPU mode: PM0,SMM? Physical Form: INVD COP (Code of Operation): 0FH 08H Clocks: Cyrix Cx486SLC : 4 i486 : 4 Pentium : 15 ----------O-INVLPG--------------------------------- OPCODE INVLPG - Invalidate Page Entry In TLB CPU: I486 + Type of Instruction: System Instruction: INVLPG mem Description: IF found in data or code (if both) (or common if single) TLB entry with linear address (page part) same as memory operand then mark this entry as Invalid; Notes: This instruction not work in Real Mode and in Protected mode work only in ring 0 ; Flags Affected: None CPU mode: RM,PM,VM,SMM Physical Form: INVLPG mem COP (Code of Operation): 0FH 01H mm111mmm Clocks: Cyrix Cx486SLC : 4 i486 : 12 if hit : 11 if not hit Pentium : 25 ----------O-LOADALL-------------------------------- OPCODE LOADALL - Load All Registers CPU: Intel 386+ +all clones Type of Instruction: System (Work only then CPL=0) Instruction: LOADALL Description: Load All Registers (Include Shadow Registers) from Table Which Begin on place pointed ES:EDI Format of LOADALL Table: (Table ) Offset Len Description 0H 4 CR0 4H 4 EFLAGS 8H 4 EIP CH 4 EDI 10H 4 ESI 14H 4 EBP 18H 4 ESP 1CH 4 EBX 20H 4 EDX 24H 4 ESX 28H 4 EAX 2CH 4 DR6 30H 4 DR7 34H 4 TR (16 bit, zero filled up) 38H 4 LDT --------- 3CH 4 GS --------- 40H 4 FS --------- 44H 4 DS --------- 48H 4 SS --------- 4CH 4 CS --------- 50H 4 ES --------- 54H 4 TSS.attrib 58H 4 TSS.base 5CH 4 TSS.limit 60H 4 0s 64H 4 IDT.base 68H 4 IDT.limit 6CH 4 0s 70H 4 GDT.base 74H 4 GDT.limit 78H 4 LDT.attrib 7CH 4 LDT.base 80H 4 LDT.limit 84H 4 GS.attrib 88H 4 GS.base 8CH 4 GS.limit 90H 4 FS.attrib 94H 4 FS.base 98H 4 FS.limit 9CH 4 DS.attrib A0H 4 DS.base A4H 4 DS.limit A8H 4 SS.attrib ACH 4 SS.base B0H 4 SS.limit B4H 4 CS.attrib B8H 4 CS.base BCH 4 CS.limit C0H 4 ES.attrib C4H 4 ES.base C8H 4 ES.limit CCH 4 Length of table D0H 30h Unused,not loaded 100H 4 Temporary Register IST 104H 4 Temporary Register I 108H 4 Temporary Register H 10CH 4 Temporary Register G 110H 4 Temporary Register F 114H 4 Temporary Register E 118H 4 Temporary Register D 11CH 4 Temporary Register C 120H 4 Temporary Register B 124H 4 Temporary Register A Format of Attrib field: Byte Description 0 0s 1 AR (Access Right) byte in the Descriptor format Note: P bit is a valid bit if valid bit=0 then Shadow Register is invalid and INT 0DH - General Protection Fault call DPL of SS,CS det. CPL 2-3 0s Flags Affected: All (FLAGS Register Reload) CPU mode: RM,PM0 Physical Form: LOADALL COP (Code of Operation): 0FH 07H Clocks: i386XX : n/a i486XX : n/a Note: This operation used 102 data transfer cycles on 32bit bus Typical clocks: i386SX: ~350 i386DX: ~290 i486XX: ~220 ----------O-LOADALL-------------------------------- OPCODE LOADALL - Load All Registers From Table CPU: Intel 80286 and all its clones Type of Instruction: System (Work only then CPL=0) Instruction: LOADALL Description: Load All Registers (Include Shadow Registers) from Table Which Begin on 000800H Address, Len of this table is 66H Format of LOADALL Table: (Table ) Address Len Description 800H 6 None 806H 2 MSW 808H 14 None 816H 2 TR 818H 2 FLAGS 81AH 2 IP 81CH 2 LDTR 81EH 2 DS 820H 2 SS 822H 2 CS 824H 2 ES 826H 2 DI 828H 2 SI 82AH 2 BP 82CH 2 SP 82EH 2 BX 830H 2 DX 832H 2 CX 834H 2 AX 836H 6 ES Shadow Descriptor 83CH 6 CS Shadow Descriptor 842H 6 SS Shadow Descriptor 848H 6 DS Shadow Descriptor 84EH 6 GDTR 854H 6 LDT Shadow Descriptor 85AH 6 IDTR 860H 6 TSS Shadow Descriptor Format of Shadow Descriptor: Byte Description 0-2 24bit Phisical Address 3 AR (Access Right) byte 4-5 16bit Segment Limit Format of GDTR and IDTR: Byte Description 0-2 24bit Phisical Address 3 0s 4-5 16bit Segment Limit Note: Using this instruction we may turn on "Big Real Mode" i.e. mode then PG=1,PE=0,cpl=0. This mode very usefull,But Pentium never support this instruction. Flags Affected: All (FLAGS Register Reload) CPU mode: RM,PM0 Physical Form: LOADALL COP (Code of Operation): 0FH 05H Clocks: 80286 : 195 ----------O-MOVD----------------------------------- OPCODE MOVD - Move Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: MOVD dest,src Description: IF dest is MMi register THEN { dest[63..32] <- 0 dest[31..0] <- src } ELSE ; If dest is DWORD dest <- src [31..0] Note: This instruction moved DWORDs to/from MMX registers Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If result in Non-Writable segment #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception ++++++++++++++++++++++++++++++++++++++ COP & Times: MOVD mm,r/m32 0FH 6EH PostByte MOVD r/m32,mm 0Fh 7Eh PostByte mm,r/m32 r/m32,mm P55C: n/a (~1) (~1) future P6: n/a (~1) (~1) ----------O-MOVQ----------------------------------- OPCODE MOVQ - Move Qwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: MOVQ dest,src Description: dest <- src Note: This instruction moved QWORDs to/from MMX registers Of course, IA support Big-endian QWORDS. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If result in Non-Writable segment #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception ++++++++++++++++++++++++++++++++++++++ COP & Times: MOVQ mm,mm/m64 0FH 6FH PostByte MOVQ mm/m64,mm 0Fh 7Fh PostByte Note: In PostByte instead IU registers used MMX registers, 0Fh 6Fh C0h means MOVQ MM0,MM0 mm,r/m32 r/m32,mm P55C: n/a (~1) (~1) future P6: n/a (~1) (~1) ----------O-MOVSPA--------------------------------- OPCODE MOVSPA - Move Stack Pointer After Bank Switched CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: MOVSPA Description: This instruction transfer both SS and SP of the old register bank to new register bank after the bank has been switched by interrupt or BRKCS instruction. Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: MOVSPA COP (Code of Operation) : 0Fh 25h Clocks: 16 ----------O-MOVSPB--------------------------------- OPCODE MOVSPB - Move Stack Pointer Before Bamk Switching CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: MOVSPB Number_of_bank Description: The MOVSPB instruction transfers the current SP and SS before the bank switching to new register bank. Note: New Register Bank Number indicated by lower 3bit of Number_of_ _bank. Note: See BRKCS instruction for more info about banks. Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: MOVSPB reg16 COP (Code of Operation) : 0Fh 95h <1111 1RRR> Clocks: 11 ----------O-NOT1----------------------------------- OPCODE NOT1 - Invert a Specified bit CPU: NEC/Sony all V-series Type of Instruction: User Instruction: NOT1 dest,bitnumb Description: (BIT bitnumb OF dest) <- NOT (BIT bitnumb OF dest); Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: NOT1 reg/mem8,CL COP (Code of Operation) : 0FH 16H Postbyte Physical Form: NOT1 reg/mem8,imm8 COP (Code of Operation) : 0FH 1EH Postbyte imm8 Physical Form: NOT1 reg/mem16,CL COP (Code of Operation) : 0FH 17H Postbyte Physical Form: NOT1 reg/mem16,imm8 COP (Code of Operation) : 0FH 1FH Postbyte imm8 Clocks: NOT1 r/m8,CL r/m8,i8 r/m16,CL r/m16,i8 NEC V20: 4/18 5/19 4/18 5/19 ----------O-OIO----------------------------------- OPCODE OIO - Official Undefined Opcode CPU: Cyrix Cx6x86 (same code on AMD Am5k86) Logical Form: OIO Description: Caused #UD exception Flags Affected: No Flags Affected CPU Mode : RM,PM,VM,VME,SMM Exceptions : RM PM V86 VME SMM #UD #UD #UD #UD #UD Undefined Instruction No more Exceptions Note : This instruction caused #UD. AMD guaranteed that in future AMD's CPUs this instruction will caused #UD. Of course all previous CPUs (186+) caused #UD on this opcode. This instruction used by software writers for testing #UD exception servise routine. ++++++++++++++++++++++++++++++ Physical Form : UD COP (Code of Operation) : 0Fh FFh Clocks : UD 8088: Not supported NEC V20: Not supported 80186: ~int 80286: ~int 80386: ~int Cx486SLC: ~int i486: ~int Cx486DX: ~int Cx5x86: ~int Pentium: ~int Nx5x86: ~int Cx6x86: ~int Am5k86: ~int Pentium Pro: ~int ++++++++++++++++++++++++++++++ ----------O-PACKSSDW------------------------------- OPCODE PACKSSDW - Pack with Signed Saturation dword to word CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PACKSSDW dest,src Description: dest[15..0] <- SaturateSignedDWordToSignedWord dest[31..0] dest[31..16] <- SaturateSignedDWordToSignedWord dest[63..32] dest[47..32] <- SaturateSignedDWordToSignedWord src[31..0] dest[63..46] <- SaturateSignedDWordToSignedWord src[63..32] Note: This instruction packs and saturates signed data from src and dest to dest. If signed value of word larger or smaller that the range of signed byte value is saturated (in case of overflow to 7Fh, in underflow to 80h). Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception ++++++++++++++++++++++++++++++++++++++ COP & Times: PACKSSDW mm,mm/m64 0FH 6BH PostByte P55C: n/a future P6: n/a ----------O-PACKSSWB------------------------------- OPCODE PACKSSWB - Pack with Signed Saturation word to Byte CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PACKSSWB dest,src Description: dest[7..0] <- SaturateSignedWordToSignedByte dest[15..0] dest[15..8] <- SaturateSignedWordToSignedByte dest[31..16] dest[23..16] <- SaturateSignedWordToSignedByte dest[47..32] dest[31..24] <- SaturateSignedWordToSignedByte dest[63..48] dest[39..32] <- SaturateSignedWordToSignedByte src[15..0] dest[47..40] <- SaturateSignedWordToSignedByte src[31..16] dest[55..48] <- SaturateSignedWordToSignedByte src[47..32] dest[63..56] <- SaturateSignedWordToSignedByte src[63..48] Note: This instruction packs and saturates signed data from src and dest to dest Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception ++++++++++++++++++++++++++++++++++++++ COP & Times: PACKSSWB mm,mm/m64 0FH 63H PostByte P55C: n/a future P6: n/a ----------O-PACKUSWB------------------------------- OPCODE PACKUSWB - Pack with Unsigned Saturation word to Byte CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PACKUSWB dest,src Description: dest[7..0] <- SaturateSignedWordToUnSignedByte dest[15..0] dest[15..8] <- SaturateSignedWordToUnSignedByte dest[31..16] dest[23..16] <- SaturateSignedWordToUnSignedByte dest[47..32] dest[31..24] <- SaturateSignedWordToUnSignedByte dest[63..48] dest[39..32] <- SaturateSignedWordToUnSignedByte src[15..0] dest[47..40] <- SaturateSignedWordToUnSignedByte src[31..16] dest[55..48] <- SaturateSignedWordToUnSignedByte src[47..32] dest[63..56] <- SaturateSignedWordToUnSignedByte src[63..48] Note: If signed value of word larger or smaller that the range of unsigned byte, value is saturated (if overflow to FFh, if underflow to 0h). Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception ++++++++++++++++++++++++++++++++++++++ COP & Times: PACKUSWB mm,mm/m64 0FH 67H PostByte P55C: n/a future P6: n/a ----------O-PADDB---------------------------------- OPCODE PADDB - Packed Add Bytes CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PADDB dest,src Description: dest[7..0] <- dest[7..0] + src[7..0] dest[15..8] <- dest[15..8] + src[15..8] dest[23..16] <- dest[23..16] + src[23..16] dest[31..24] <- dest[31..24] + src[31..24] dest[39..32] <- dest[39..32] + src[39..32] dest[47..40] <- dest[47..40] + src[47..40] dest[55..48] <- dest[55..48] + src[55..48] dest[63..56] <- dest[63..56] + src[63..56] Note: This instruction adds the bytes of the source to the bytes of the destination and writes the results to the MMX register. When the result is too large to be represented in a packed byte (overflow), the result wraps around and the lower 8 bits are writen to the destination register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PADDB mm,mm/m64 0FH FCH PostByte P55C: n/a future P6: n/a ----------O-PADDD---------------------------------- OPCODE PADDD - Packed Add Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PADDD dest,src Description: dest[31..0] <- dest[31..0] + src[31..0] dest[63..32] <- dest[63..32] + src[63..32] Note: This instruction adds the dwords of the source to the dwords of the destination and writes the results to the MMX register. When the result is too large to be represented in a packed dword (overflow), the result wraps around and the lower 32 bits are writen to the destination register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PADDW mm,mm/m64 0FH FEH PostByte P55C: n/a future P6: n/a ----------O-PADDSB--------------------------------- OPCODE PADDSB - Packed Add with Saturation Bytes CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PADDSB dest,src Description: dest[7..0] <- SaturateToSignedByte(dest[7..0] + src[7..0]) dest[15..8] <- SaturateToSignedByte(dest[15..8] + src[15..8]) dest[23..16] <- SaturateToSignedByte(dest[23..16] + src[23..16]) dest[31..24] <- SaturateToSignedByte(dest[31..24] + src[31..24]) dest[39..32] <- SaturateToSignedByte(dest[39..32] + src[39..32]) dest[47..40] <- SaturateToSignedByte(dest[47..40] + src[47..40]) dest[55..48] <- SaturateToSignedByte(dest[55..48] + src[55..48]) dest[63..56] <- SaturateToSignedByte(dest[63..56] + src[63..56]) Note: This instruction adds the signed bytes of the source to the bytes of the destination and writes the results to the MMX register. If the result is larger or smaller than the range of a signed byte, the value is saturated (in the case of a overflow - to 7FH, and in the case of an underflow - to 80H). Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PADDSB mm,mm/m64 0FH ECH PostByte P55C: n/a future P6: n/a ----------O-PADDSW--------------------------------- OPCODE PADDSW - Packed Add with Saturation Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PADDSW dest,src Description: dest[15..0] <- SaturateToSignedWord(dest[15..0] + src[15..0]) dest[31..16] <- SaturateToSignedWord(dest[31..16] + src[31..16]) dest[47..32] <- SaturateToSignedWord(dest[47..32] + src[47..32]) dest[63..48] <- SaturateToSignedWord(dest[63..48] + src[63..48]) Note: This instruction adds the signed words of the source to the words of the destination and writes the results to the MMX register. If the result is larger or smaller than the range of a signed word, the value is saturated (in the case of a overflow - to 7FFFH, and in the case of an underflow - to 8000H). Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PADDSW mm,mm/m64 0FH EDH PostByte P55C: n/a future P6: n/a ----------O-PADDUSB-------------------------------- OPCODE PADDUSB - Packed Add Unsigned with Saturation Bytes CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PADDUSB dest,src Description: dest[7..0] <- SaturateToUnsignedByte(dest[7..0] + src[7..0]) dest[15..8] <- SaturateToUnsignedByte(dest[15..8] + src[15..8]) dest[23..16] <- SaturateToUnsignedByte(dest[23..16] + src[23..16]) dest[31..24] <- SaturateToUnsignedByte(dest[31..24] + src[31..24]) dest[39..32] <- SaturateToUnsignedByte(dest[39..32] + src[39..32]) dest[47..40] <- SaturateToUnsignedByte(dest[47..40] + src[47..40]) dest[55..48] <- SaturateToUnsignedByte(dest[55..48] + src[55..48]) dest[63..56] <- SaturateToUnsignedByte(dest[63..56] + src[63..56]) Note: This instruction adds the unsigned bytes of the source to the unsigned bytes of the destination operand and writes the results to the MMX register. When the result is larger than the range of an unsigned byte (overflow), the value is saturated to FFH. When the result is smaller than the range of an unsigned byte (underflow), the value is saturated to 00H. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PADDUSB mm,mm/m64 0FH DCH PostByte P55C: n/a future P6: n/a ----------O-PADDUSW-------------------------------- OPCODE PADDUSW - Packed Add Unsigned with Saturation Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PADDUSW dest,src Description: dest[15..0] <- SaturateToUnsignedWord(dest[15..0] + src[15..0]) dest[31..16] <- SaturateToUnsignedWord(dest[31..16] + src[31..16]) dest[47..32] <- SaturateToUnsignedWord(dest[47..32] + src[47..32]) dest[63..48] <- SaturateToUnsignedWord(dest[63..48] + src[63..48]) Note: This instruction adds the unsigned words of the source to the unsigned words of the destination operand and writes the results to the MMX register. When the result is larger than the range of an unsigned word (overflow), the value is saturated to FFFFH. When the result is smaller than the range of an unsigned byte (underflow), the value is saturated to 0000H. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PADDUSW mm,mm/m64 0FH DDH PostByte P55C: n/a future P6: n/a ----------O-PADDW---------------------------------- OPCODE PADDW - Packed Add Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PADDW dest,src Description: dest[15..0] <- dest[15..0] + src[15..0] dest[31..16] <- dest[31..16] + src[31..16] dest[47..32] <- dest[47..32] + src[47..32] dest[63..48] <- dest[63..48] + src[63..48] Note: This instruction adds the words of the source to the words of the destination and writes the results to the MMX register. When the result is too large to be represented in a packed word (overflow), the result wraps around and the lower 16 bits are writen to the destination register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PADDW mm,mm/m64 0FH FDH PostByte P55C: n/a future P6: n/a ----------O-PAND----------------------------------- OPCODE PAND - Bitwise Logical And CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PAND dest,src Description: dest <- dest AND src Note: AND 64 bits from MMXregister/memory to MMX register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PAND mm,mm/m64 0FH DBH PostByte P55C: n/a future P6: n/a ----------O-PANDN---------------------------------- OPCODE PANDN - Bitwise Logical And Not CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PANDN dest,src Description: dest <- (NOT dest) AND src Note: Invert the 64 bits in MMX register, AND inverted MMX register with MMXregister/memory. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PANDN mm,mm/m64 0FH DFH PostByte P55C: n/a future P6: n/a ----------O-PCMPEQB-------------------------------- OPCODE PCMPEQB - Packed Compare for Equal Bytes CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PCMPEQB dest,src Description: IF dest[7..0] = src[7..0] THEN dest[7..0] <- FFH ELSE dest[7..0] <- 00H IF dest[15..8] = src[15..8] THEN dest[15..8] <- FFH ELSE dest[15..8] <- 00H IF dest[23..16] = src[23..16] THEN dest[23..16] <- FFH ELSE dest[23..16] <- 00H IF dest[31..24] = src[31..24] THEN dest[31..24] <- FFH ELSE dest[31..24] <- 00H IF dest[39..32] = src[39..32] THEN dest[39..32] <- FFH ELSE dest[39..32] <- 00H IF dest[47..40] = src[47..40] THEN dest[47..40] <- FFH ELSE dest[47..40] <- 00H IF dest[55..48] = src[55..48] THEN dest[55..48] <- FFH ELSE dest[55..48] <- 00H IF dest[63..56] = src[63..56] THEN dest[63..56] <- FFH ELSE dest[63..56] <- 00H Note: Compare packed byte in MMXregister/memory with packed byte in MMX register for equality. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PCMPEQB mm,mm/m64 0FH 74H PostByte P55C: n/a future P6: n/a ----------O-PCMPEQD-------------------------------- OPCODE PCMPEQD - Packed Compare for Equal Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PCMPEQD dest,src Description: IF dest[31..0] = src[31..0] THEN dest[31..0] <- FFFFFFFFH ELSE dest[31..0] <- 00000000H IF dest[63..32] = src[63..32] THEN dest[63..32] <- FFFFFFFFH ELSE dest[63..32] <- 00000000H Note: Compare packed dword in MMXregister/memory with packed dword in MMX register for equality. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PCMPEQW mm,mm/m64 07H 76H PostByte P55C: n/a future P6: n/a ----------O-PCMPEQW-------------------------------- OPCODE PCMPEQW - Packed Compare for Equal Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PCMPEQW dest,src Description: IF dest[15..0] = src[15..0] THEN dest[15..0] <- FFFFH ELSE dest[15..0] <- 0000H IF dest[31..16] = src[31..16] THEN dest[31..16] <- FFFFH ELSE dest[31..16] <- 0000H IF dest[47..32] = src[47..32] THEN dest[47..32] <- FFFFH ELSE dest[47..32] <- 0000H IF dest[63..48] = src[63..48] THEN dest[63..48] <- FFFFH ELSE dest[63..48] <- 0000H Note: Compare packed word in MMXregister/memory with packed word in MMX register for equality. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PCMPEQW mm,mm/m64 07H 75H PostByte P55C: n/a future P6: n/a ----------O-PCMPGTB-------------------------------- OPCODE PCMPGTB - Packed Compare for Greater Than Bytes CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PCMPGTB dest,src Description: IF dest[7..0] > src[7..0] THEN dest[7..0] <- FFH ELSE dest[7..0] <- 00H IF dest[15..8] > src[15..8] THEN dest[15..8] <- FFH ELSE dest[15..8] <- 00H IF dest[23..16] > src[23..16] THEN dest[23..16] <- FFH ELSE dest[23..16] <- 00H IF dest[31..24] > src[31..24] THEN dest[31..24] <- FFH ELSE dest[31..24] <- 00H IF dest[39..32] > src[39..32] THEN dest[39..32] <- FFH ELSE dest[39..32] <- 00H IF dest[47..40] > src[47..40] THEN dest[47..40] <- FFH ELSE dest[47..40] <- 00H IF dest[55..48] > src[55..48] THEN dest[55..48] <- FFH ELSE dest[55..48] <- 00H IF dest[63..56] > src[63..56] THEN dest[63..56] <- FFH ELSE dest[63..56] <- 00H Note: Compare packed byte in MMX register with packed byte in MMXregister/ /memory for greater value. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PCMPGTB mm,mm/m64 0FH 64H PostByte P55C: n/a future P6: n/a ----------O-PCMPGTD-------------------------------- OPCODE PCMPGTD - Packed Compare for Greater Than Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PCMPGTD dest,src Description: IF dest[31..0] > src[31..0] THEN dest[31..0] <- FFFFFFFFH ELSE dest[31..0] <- 00000000H IF dest[63..32] > src[63..32] THEN dest[63..32] <- FFFFFFFFH ELSE dest[63..32] <- 00000000H Note: Compare packed dword in MMX register with packed dword in MMXregister/ /memory for greater value. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PCMPGTW mm,mm/m64 0FH 66H PostByte P55C: n/a future P6: n/a ----------O-PCMPGTW-------------------------------- OPCODE PCMPGTW - Packed Compare for Greater Than Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PCMPGTW dest,src Description: IF dest[15..0] > src[15..0] THEN dest[15..0] <- FFFFH ELSE dest[15..0] <- 0000H IF dest[31..16] > src[31..16] THEN dest[31..16] <- FFFFH ELSE dest[31..16] <- 0000H IF dest[47..32] > src[47..32] THEN dest[47..32] <- FFFFH ELSE dest[47..32] <- 0000H IF dest[63..48] > src[63..48] THEN dest[63..48] <- FFFFH ELSE dest[63..48] <- 0000H Note: Compare packed word in MMX register with packed word in MMXregister/ memory for greater value. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PCMPGTW mm,mm/m64 0FH 65H PostByte P55C: n/a future P6: n/a ----------O-PMADDWD-------------------------------- OPCODE PMADDWD - Packed Multiply and Add Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PMADDWD dest,src Description: dest[31..0] <- dest[15..0] * src[15..0] + dest[31..16] * src[31..16] dest[63..32] <- dest[47..32] * src[47..32] + dest[63..48] * src[63..48] Note: Multiply the packed word in MMX register by the packed word in MMXregister/memory. Add the 32-bit results pairwise and store in MMX register as dword. This instruction wraps around to 80000000H only when all four words of both the source and destination operands are 8000H. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PMADDWD mm,mm/m64 0FH F5H PostByte P55C: n/a future P6: n/a ----------O-PMULHW--------------------------------- OPCODE PMULHW - Packed Multiply High by Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PMULHW dest,src Description: dest[15..0] <- (dest[15..0] * src[15..0]) (31..16) dest[31..16] <- (dest[31..16] * src[31..16]) (31..16) dest[47..32] <- (dest[47..32] * src[47..32]) (31..16) dest[63..48] <- (dest[63..48] * src[63..48]) (31..16) Note: Multiply the signed packed word in MMX register with the signed packed word in MMXregister/memory, then store the high-order 16 bits of the results in MMX register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PMULHW mm,mm/m64 0FH E5H PostByte P55C: n/a future P6: n/a ----------O-PMULLW--------------------------------- OPCODE PMULLW - Packed Multiply Low by Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PMULLW dest,src Description: dest[15..0] <- (dest[15..0] * src[15..0]) (15..0) dest[31..16] <- (dest[31..16] * src[31..16]) (15..0) dest[47..32] <- (dest[47..32] * src[47..32]) (15..0) dest[63..48] <- (dest[63..48] * src[63..48]) (15..0) Note: Multiply the packed word in MMX register with the packed word in MMXregister/memory, then store the low-order 16 bits of the results in MMX register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PMULLW mm,mm/m64 0FH D5H PostByte P55C: n/a future P6: n/a ----------O-POR------------------------------------ OPCODE POR - Bitwise Logical Or CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: POR dest,src Description: dest <- dest OR src Note: OR 64 bits from MMXregister/memory with MMX register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: POR mm,mm/m64 0FH EBH PostByte P55C: n/a future P6: n/a ----------O-PSLLD---------------------------------- OPCODE PSLLD - Packed Shift Left Logical Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSLLD dest,src Description: temp <- src dest[31..0] <- dest[31..0] << temp dest[63..32] <- dest[63..32] << temp Note: Shift dwords in MMX register left by Imm8 or amount specified in MMX register/memory, while shifting in zeros. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSLLD mm,mm/m64 0FH F2H PostByte PSLLD mm,Imm8 0FH 72H/6 PostByte ImmData P55C: n/a future P6: n/a ----------O-PSLLQ---------------------------------- OPCODE PSLLQ - Packed Shift Left Logical Qwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSLLQ dest,src Description: temp <- src dest <- dest << temp Note: Shift MMX register left by Imm8 or amount specified in MMXregister/ /memory, while shifting in zeros. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSLLQ mm,mm/m64 0FH F3H PostByte PSLLQ mm,Imm8 0FH 73H/6 PostByte ImmData P55C: n/a future P6: n/a ----------O-PSLLW---------------------------------- OPCODE PSLLW - Packed Shift Left Logical Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSLLW dest,src Description: temp <- src dest[15..0] <- dest[15..0] << temp dest[31..16] <- dest[31..16] << temp dest[47..32] <- dest[47..32] << temp dest[63..48] <- dest[63..48] << temp Note: Shift words in MMX register left by Imm8 or amount specified in MMX register/memory, while shifting in zeros. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSLLW mm,mm/m64 0FH F1H PostByte PSLLW mm,Imm8 0FH 71H/6 PostByte ImmData P55C: n/a future P6: n/a ----------O-PSRAD---------------------------------- OPCODE PSRAD - Packed Shift Right Arithmetic Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSRAD dest,src Description: temp <- src dest[31..0] <- SignExtend(dest[31..0]) >> temp dest[63..32] <- SignExtend(dest[63..32]) >> temp Note: Shift dwords in MMX register right by Imm8 or amount specified in MMX register/memory, while shifting in sign bits. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSRAD mm,mm/m64 0FH E2H PostByte PSRAD mm,Imm8 0FH 72H/4 PostByte ImmData P55C: n/a future P6: n/a ----------O-PSRAW---------------------------------- OPCODE PSRAW - Packed Shift Right Arithmetic Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSRAW dest,src Description: temp <- src dest[15..0] <- SignExtend(dest[15..0]) >> temp dest[31..16] <- SignExtend(dest[31..16]) >> temp dest[47..32] <- SignExtend(dest[47..32]) >> temp dest[63..48] <- SignExtend(dest[63..48]) >> temp Note: Shift words in MMX register right by Imm8 or amount specified in MMX register/memory, while shifting in sign bits. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSRAW mm,mm/m64 0FH E1H PostByte PSRAW mm,Imm8 0FH 71H/4 PostByte ImmData P55C: n/a future P6: n/a ----------O-PSRLD---------------------------------- OPCODE PSRLD - Packed Shift Right Logical Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSRLD dest,src Description: temp <- src dest[31..0] <- dest[31..0] >> temp dest[63..32] <- dest[63..32] >> temp Note: Shift dwords in MMX register right by Imm8 or amount specified in MMX register/memory, while shifting in zeros. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSRLD mm,mm/m64 0FH D2H PostByte PSRLD mm,Imm8 0FH 72H/2 PostByte ImmData P55C: n/a future P6: n/a ----------O-PSRLQ---------------------------------- OPCODE PSRLQ - Packed Shift Right Logical Qwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSRLQ dest,src Description: temp <- src dest <- dest >> temp Note: Shift MMX register right by Imm8 or amount specified in MMXregister/ /memory, while shifting in zeros. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSRLQ mm,mm/m64 0FH D3H PostByte PSRLQ mm,Imm8 0FH 73H/2 PostByte ImmData P55C: n/a future P6: n/a ----------O-PSRLW---------------------------------- OPCODE PSRLW - Packed Shift Right Logical Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSRLW dest,src Description: temp <- src dest[15..0] <- dest[15..0] >> temp dest[31..16] <- dest[31..16] >> temp dest[47..32] <- dest[47..32] >> temp dest[63..48] <- dest[63..48] >> temp Note: Shift words in MMX register right by Imm8 or amount specified in MMX register/memory, while shifting in zeros. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSRLW mm,mm/m64 0FH D1H PostByte PSRLW mm,Imm8 0FH 71H/2 PostByte ImmData P55C: n/a future P6: n/a ----------O-PSUBB---------------------------------- OPCODE PSUBB - Packed Subtract Bytes CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSUBB dest,src Description: dest[7..0] <- dest[7..0] - src[7..0] dest[15..8] <- dest[15..8] - src[15..8] dest[23..16] <- dest[23..16] - src[23..16] dest[31..24] <- dest[31..24] - src[31..24] dest[39..32] <- dest[39..32] - src[39..32] dest[47..40] <- dest[47..40] - src[47..40] dest[55..48] <- dest[55..48] - src[55..48] dest[63..56] <- dest[63..56] - src[63..56] Note: This instruction subtract packed byte in MMXregister/memory from packed byte in MMX register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSUBB mm,mm/m64 0FH F8H PostByte P55C: n/a future P6: n/a ----------O-PSUBD---------------------------------- OPCODE PSUBD - Packed Subtract Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSUBD dest,src Description: dest[31..0] <- dest[31..0] - src[31..0] dest[63..32] <- dest[63..48] - src[63..32] Note: This instruction subtract packed dword in MMXregister/memory from packed dword in MMX register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSUBD mm,mm/m64 0FH FAH PostByte P55C: n/a future P6: n/a ----------O-PSUBSB--------------------------------- OPCODE PSUBSB - Packed Subtract with Saturation Bytes CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSUBSB dest,src Description: dest[7..0] <- SaturateToSignedByte(dest[7..0] - src[7..0]) dest[15..8] <- SaturateToSignedByte(dest[15..8] - src[15..8]) dest[23..16] <- SaturateToSignedByte(dest[23..16] - src[23..16]) dest[31..24] <- SaturateToSignedByte(dest[31..24] - src[31..24]) dest[39..32] <- SaturateToSignedByte(dest[39..32] - src[39..32]) dest[47..40] <- SaturateToSignedByte(dest[47..40] - src[47..40]) dest[55..48] <- SaturateToSignedByte(dest[55..48] - src[55..48]) dest[63..56] <- SaturateToSignedByte(dest[63..56] - src[63..56]) Note: This instruction subtract signed packed byte in MMXregister/memory from signed packed byte in MMX register and saturate. If the result is larger or smaller than the range of a signed byte, the value is saturated; in the case of an overflow - to 7FH, and the case of an underflow - to 80H Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSUBSB mm,mm/m64 0FH E8H PostByte P55C: n/a future P6: n/a ----------O-PSUBSW--------------------------------- OPCODE PSUBSW - Packed Subtract with Saturation Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSUBSW dest,src Description: dest[15..0] <- SaturateToSignedWord(dest[15..0] - src[15..0]) dest[31..16] <- SaturateToSignedWord(dest[31..16] - src[31..16]) dest[47..32] <- SaturateToSignedWord(dest[47..32] - src[47..32]) dest[63..48] <- SaturateToSignedWord(dest[63..48] - src[63..48]) Note: This instruction subtract signed packed word in MMXregister/memory from signed packed word in MMX register and saturate. If the result is larger or smaller than the range of a signed word, the value is saturated; in the case of an overflow - to 7FFFH, and the case of an underflow - to 8000H Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSUBSW mm,mm/m64 0FH E9H PostByte P55C: n/a future P6: n/a ----------O-PSUBUSB-------------------------------- OPCODE PSUBUSB - Packed Subtract Unsigned with Saturation Bytes CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSUBUSB dest,src Description: dest[7..0] <- SaturateToUnsignedByte(dest[7..0] - src[7..0]) dest[15..8] <- SaturateToUnsignedByte(dest[15..8] - src[15..8]) dest[23..16] <- SaturateToUnsignedByte(dest[23..16] - src[23..16]) dest[31..24] <- SaturateToUnsignedByte(dest[31..24] - src[31..24]) dest[39..32] <- SaturateToUnsignedByte(dest[39..32] - src[39..32]) dest[47..40] <- SaturateToUnsignedByte(dest[47..40] - src[47..40]) dest[55..48] <- SaturateToUnsignedByte(dest[55..48] - src[55..48]) dest[63..56] <- SaturateToUnsignedByte(dest[63..56] - src[63..56]) Note: This instruction subtract unsigned packed byte in MMXregister/memory from unsigned packed byte in MMX register and saturate. If the result element is less than zero (a negative value), it is saturated to 00H Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSUBUSB mm,mm/m64 0FH D8H PostByte P55C: n/a future P6: n/a ----------O-PSUBUSW-------------------------------- OPCODE PSUBUSW - Packed Subtract Unsigned with Saturation Bytes CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSUBUSW dest,src Description: dest[15..0] <- SaturateToUnsignedWord(dest[15..0] - src[15..0]) dest[31..16] <- SaturateToUnsignedWord(dest[31..16] - src[31..16]) dest[47..32] <- SaturateToUnsignedWord(dest[47..32] - src[47..32]) dest[63..48] <- SaturateToUnsignedWord(dest[63..48] - src[63..48]) Note: This instruction subtract unsigned packed word in MMXregister/memory from unsigned packed word in MMX register and saturate. If the result element is less than zero (a negative value), it is saturated to 0000H Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSUBUSW mm,mm/m64 0FH D9H PostByte P55C: n/a future P6: n/a ----------O-PSUBW---------------------------------- OPCODE PSUBW - Packed Subtract Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PSUBW dest,src Description: dest[15..0] <- dest[15..0] - src[15..0] dest[31..16] <- dest[31..16] - src[31..16] dest[47..32] <- dest[47..32] - src[47..32] dest[63..48] <- dest[63..48] - src[63..48] Note: This instruction subtract packed word in MMXregister/memory from packed word in MMX register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PSUBW mm,mm/m64 0FH F9H PostByte P55C: n/a future P6: n/a ----------O-PUNPCKHBW------------------------------ OPCODE PUNPCKHBW - Unpack High Bytes to Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PUNPCKHBW dest,src Description: dest[63..56] <- src[63..56] dest[55..48] <- dest[63..56] dest[47..40] <- src[55..48] dest[39..32] <- dest[55..48] dest[31..24] <- src[47..40] dest[23..16] <- dest[47..40] dest[15..8] <- src[39..32] dest[7..0] <- dest[39..32] Note: This instruction unpack and interleave the high-order data elements of the destination and source operands into the destination operand. The low-order data elements are ignored. When unpacking from a memory operand, the full 64-bit operand is accessed from memory. The instruction uses only the high-order 32 bits. If the source operand is all zeros, the result is a zero extension of the high-order elements of the destination operand. When using PUNPCKHBW instruction the bytes are zero extended, or unpacked into unsigned words. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PUNPCKHBW mm,mm/m64 0FH 68H PostByte P55C: n/a future P6: n/a ----------O-PUNPCKHDQ------------------------------ OPCODE PUNPCKHDQ - Unpack High Dwords to Qwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PUNPCKHDQ dest,src Description: dest[63..32] <- src[63..32] dest[31..0] <- dest[63..32] Note: This instruction unpack and interleave the high-order data elements of the destination and source operands into the destination operand. The low-order data elements are ignored. When unpacking from a memory operand, the full 64-bit operand is accessed from memory. The instruction uses only the high-order 32 bits. If the source operand is all zeros, the result is a zero extension of the high-order elements of the destination operand. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PUNPCKHDQ mm,mm/m64 0FH 6AH PostByte P55C: n/a future P6: n/a ----------O-PUNPCKHWD------------------------------ OPCODE PUNPCKHWD - Unpack High Words to Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PUNPCKHWD dest,src Description: dest[63..56] <- src[63..48] dest[47..32] <- dest[63..48] dest[31..16] <- src[47..32] dest[15..0] <- dest[47..32] Note: This instruction unpack and interleave the high-order data elements of the destination and source operands into the destination operand. The low-order data elements are ignored. When unpacking from a memory operand, the full 64-bit operand is accessed from memory. The instruction uses only the high-order 32 bits. If the source operand is all zeros, the result is a zero extension of the high-order elements of the destination operand. When using PUNPCKHWD instruction the words are zero extended, or unpacked into unsigned doublewords. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PUNPCKHWD mm,mm/m64 0FH 69H PostByte P55C: n/a future P6: n/a ----------O-PUNPCKLBW------------------------------ OPCODE PUNPCKLBW - Unpack Low Bytes to Words CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PUNPCKLBW dest,src Description: dest[63..56] <- src[31..24] dest[55..48] <- dest[31..24] dest[47..40] <- src[23..16] dest[39..32] <- dest[23..16] dest[31..24] <- src[15..8] dest[23..16] <- dest[15..8] dest[15..8] <- src[7..0] dest[7..0] <- dest[7..0] Note: This instruction unpack and interleave the low-order data elements of the destination and source operands into the destination operand. The high-order data elements are ignored. When the source data comes from 64-bit registers, the upper 32 bits are ignored. When unpacking from a memory operand, only 32 bits are accessed. The instruction uses all 32 bits. If the source operand is all zeros, the result is a zero extension of the low-order elements of the destination operand. When using PUNPCKLBW instruction the bytes are zero extended, or unpacked into unsigned words. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PUNPCKLBW mm,mm/m32 0FH 60H PostByte P55C: n/a future P6: n/a ----------O-PUNPCKLDQ------------------------------ OPCODE PUNPCKLDQ - Unpack Low Dwords to Qwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PUNPCKLDQ dest,src Description: dest[63..32] <- src[31..0] dest[31..0] <- dest[31..0] Note: This instruction unpack and interleave the low-order data elements of the destination and source operands into the destination operand. When the source data comes from 64-bit registers, the upper 32 bits are ignored. When unpacking from a memory operand, only 32 bits are accessed. The instruction uses all 32 bits. If the source operand is all zeros, the result is a zero extension of the low-order elements of the destination operand. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PUNPCKLDQ mm,mm/m32 0FH 62H PostByte P55C: n/a future P6: n/a ----------O-PUNPCKLWD------------------------------ OPCODE PUNPCKLWD - Unpack Low Words to Dwords CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PUNPCKLWD dest,src Description: dest[63..48] <- src[31..16] dest[47..32] <- dest[31..16] dest[31..16] <- src[15..0] dest[15..0] <- dest[15..0] Note: This instruction unpack and interleave the low-order data elements of the destination and source operands into the destination operand. When the source data comes from 64-bit registers, the upper 32 bits are ignored. When unpacking from a memory operand, only 32 bits are accessed. The instruction uses all 32 bits. If the source operand is all zeros, the result is a zero extension of the low-order elements of the destination operand. When using PUNPCKLWD instruction the words are zero extended, or unpacked into unsigned doublewords. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PUNPCKLWD mm,mm/m32 0FH 61H PostByte P55C: n/a future P6: n/a ----------O-PXOR----------------------------------- OPCODE PXOR - Bitwise Logical Exclusive OR CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) future models Type of Instruction: User Instruction: PXOR dest,src Description: dest <- dest XOR src Note: XOR 64 bits from MMXregister/memory to MMX register. Flags affected: None Exceptions: RM PM VM SMM Description #GP(0) If Illegal memory operand's EA in CS,DS,ES,FS,GS #SS(0) If illegal memory operand's EA in SS #PF(fcode) If page fault #AC #AC If unaligned memory reference then alignment check enabled and in ring 3. #UD #UD #UD #UD If CR0.EM = 1 #NM #NM #NM #NM If CR0.TS = 1 #MF #MF #MF #MF If pending FPU Exception #13 #13 If any part of the the operand lies outside of the EA space from 0 to FFFFH ++++++++++++++++++++++++++++++++++++++ COP & Times: PXOR mm,mm/m64 0FH EFH PostByte P55C: n/a future P6: n/a ----------O-RDMSR---------------------------------- OPCODE RDMSR - Read From Model Specified Register CPU: Pentium (tm), IBM 386SLC,486SLC,486SLC2 Type of Instruction: System Instruction: RDMSR Description: IF (ECX is valid number of MSR) and (CPL=0) THEN { EDX:EAX <- MSR [ECX]; } ELSE { General Protection Fault INT 0DH (0) } END Valid number Of MSR is: Pentium: 0-2,4-0Eh,10h-13h IBM 486SLC2: 1000H-1002H IBM 386SLC: 1000H-1001H IBM 486SLC: 1000H-1001H Flags Affected: None CPU mode: RM,PM0,SMM Physical Form: RDMSR COP (Code of Operation): 0FH 32H Clocks: Pentium : 20-24 Note: The MSR # 3,0fh and >13h are reserved on Pentium. Do not execute RDMSR/WRMSR with this values. Register Description MSR 0 is Machine check Exception Address register (Read only) (Pentium,Am5k86,Pentium Pro,Am5k86) bits Description 63..32 Reserved 31..0 Machine Check Phisical Address Note: Am6k86 (K6) not support machine check, it support only read/write in this register as in GPRs, and set this MSR after RESET to 0. MSR 1 is Machine Check Type register (Read Only) (Pentium,Am5k86,Pentium Pro,Am6k86) bits Description 63..5 Reserved 5 FERI (Fun Error Indicator) (Pentium OverDrive Only) initialazed after RESET as 0. If temperature of CHIP > ~75'C then set this bit to 1 and this bit still will 1 before Next RESET. This bit used FANMONIT.EXE utility shipped with PODP5V. 4 LOCK =1 if bus cycle called Machine Check was Locked =0 if --//-- not locked (normal) 3 M/IO# \ 2 D/C# State of output pins in bus cycle called 1 W/R# / Machine check 0 CHK (Check) =1 after last read MSR 1 was Machine Check Note: This bit Clearing on reading Note: Am6k86 (K6) not support machine check, it support only read/write in this register as in GPRs, and set this MSR after RESET to 0. Note: Pentium OverDrive difference 5 FERI (Fun Error Indicator) initialazed after RESET as 0. If temperature of CHIP > ~75'C then set this bit to 1 and this bit still will 1 before Next RESET. This bit used FANMONIT.EXE utility shipped with PODP5V. MSR 2h is Test Register 1 (Read/Write) (Pentium) Parity Reversal Register (PRR) bits Description 63..14 Reserved (should be zero) 13 MC (Microcode Parity Error) 12 DTD (data TLB data error) 11 DTT (data TLB tag error) 10 DD (data cache data) 9 DT (data cache tag) 8 ITD (instruction TLB data error) 7 ITT (instruction TLB tag error) 6 ID3 (data cache odd bits (255, ..., 129) error) 5 ID2 (data cache even bits (254,..., 128) error) 4 ID1 (data cache odd bits (127, ..., 1) error) 3 ID0 (data cache even bits (126, ..., 0) error) 2 IT (instruction cache TAG) 1 NS (No shutdown) If = 0 On parity errors set PRR.PES, assert IERR# and shutdown. If =1 On parity error set PRR.PES and assert IERR# 0 PES (Parity Error Summary) If =1 Parity Error If =0 Never Parity error Note: bits 13..2, if bit=1 it means that error joined with this bit present. MSR 3h is Reserved (Do not Accessed it) MSR 4h is Test Register 2 (TR 2) (Read/Write) (Pentium) (Instruction Cache End bits TR) bits Description 63..4 Reserved (should be zero) 3..0 End Bits Note: each bit of End bit correspond to one byte of instruction in TR3 during code testability access. I.c. line size = 32 bytes, 8 accesses are needed for read/write the end bits of cache line. Each of this bits indicated an instruction boundarues If given byte is last byte of instruction then bit joined with this byte =1. Then new line writting into cache all ends bits =1, when line decoding setting bits to 0, except last byte of instruction. MSR 5h is Test Register 3 (TR 3) (Read/Write) (Pentium) (Cache test Data) bits Description 63..32 Reserved (should be zero) 31..0 Data Reading/Writing from/to {code/data} cache MSR 6h is Test Register 4 (TR 4) (Read/Write) (Pentium) (Cache Test Tag) bits Description 63..32 Reserved (should be zero) 31..8 Cache Tag [35:12] 7..3 Reserved (should be zero) 2 LRU (Last Resently Used) Contain way joined with readed/writed cache line 1..0 VALID Contain Valid Status Information [Code Cache (TR5.CD=0)]: VALID[1] VALID[0] Description x 0 Code cache line is invalid x 1 Code cache line is valid [Data Cache (TR5.CD=1)]: VALID[1] VALID[0] Description 0 0 Data cache line is invalid 0 1 Data cache line is shared 1 0 Data cache line is exclusive 1 1 Data cache line is modified MSR 7h is Test Register 5 (TR 5) (Read/Write) (Pentium) (Cache Test Control) bits Description 63..15 Reserved (should be zero) 14 WB (Write-back) If = 0 Write-throught If = 1 Write-back see also TR5.CNTRL 13 CD (Code/Data) Select Code/Data cache for test operation If = 0 Code cache select If = 1 Data cache select 12 ENTRY Specify cache Way 11..5 SET Cache Set Number (for Write/then read) 4..2 BUFFER SELECT Select one of 8 (4byte) part of cache line 1..0 CNTRL (Control) CNTRL[1] CNTRL[0] Description 0 0 Normal Operation Mode 0 1 Testability Write 1 0 Testability Read 1 1 Flush Note: Flush actions depends on TR7.WB: TR7.CD TR7.WB Description 0 x Invalidate code cache line 1 0 Invalidate data cache line, no WB, if modified 1 1 Invalidate data cache line, WB, if modified MSR 8h is Test Register 6 (TR 6) (Read/Write) (Pentium) (TLB Command Test Register) bits Description 63..32 Reserved (should be zero) 31..12 LINEAR ADDRESS 11 V (Valid) If = 1 valid TLB entry If = 0 invalid TLB entry 10 D (Dirty) If = 1 page was write-accessed If = 0 page never was write-accessed 9 U (User Mode) If = 0 page may accessed at PL=0,1,2,3 If = 1 PL=0 access allowed 8 W (Writable) If = 0 Read only page If = 1 Read/Write page 7..3 Reserved (should be zero) 2 PS (Page Size) If = 0 4KB page If = 1 4MB page 1 CD (Code/Data TLB) If = 0 Code TLB If = 1 Data TLB 0 OP (Operation) If = 0 TLB Write If = 1 TLB Read MSR 9h is Test Register 7 (TR 7) (Read/Write) (Pentium) (TLB Test Physical Address) bits Description 63..32 Reserved (should be zero) 31..12 PHYSICAL ADDRESS 11 PCD (Page Cache Disable) 10 PWT (Page Write-Throught) 9..7 LRU (TLB LRU) 6..5 Reserved (should be zero) 4 H (Hit Indicator) If we want write into TLB, set this bit to 1. If read, then if linear address found in TLB this bit set to 1, otherwize to 0. 3..2 ENTRY One of 4 TLB ways where to write, or where found linear address if read. 1..0 Reserved (should be zero) MSR Ah is Reserved (Do not Accessed it) MSR Bh is Test Register 9 (TR 9) (Read/Write) (Pentium) (BTB Test Tag Register) bits Description 63..32 Reserved (should be zero) 31..8 TAG ADDRESS 7..2 Reserved (should be zero) 1..0 HISTORY History is state of current branch MSR Ch is Test Register 10 (TR 10) (Read/Write) (Pentium) (BTB Test Target Register) bits Description 63..32 Reserved (should be zero) 31..0 TARGET ADDRESS MSR Dh is Test Register 11 (TR 11) (Read/Write) (Pentium) bits Description 63..12 Reserved (should be zero) 11..8 BTB SET Select one of 64 set to access 7..4 Reserved (should be zero) 3..2 ENTRY select BTB way 1..0 CNTL Command to Test BTB CNTL[1] CNTL[0] Description 0 0 Normal Operating Mode 0 1 Testability Write 1 0 Testability Read 1 1 Flush MSR Eh is Test Register 12 (TR 12) (Read/Write) (Pentium,Am6k86) (New Feature Control) bits Description 63..3 Reserved (should be zero) 3 CI (Cache Inhibit) if =0 chip operated normally =1 then all cache line fill are inhibited, and bus cycles due to cache misses are run as single-transfer cycles 2 SE (Single-Pipe Execution) If =0 instruction executed in U and V pipes. =1 instruction executed only in U pipe 1 TR (Tracing Control) After reset clear to zero. This bit enable/disable special branch trace message cycle which generating when BTB hit. =0 disable =1 enable 0 NBP (No Branch prediction) If = 1 Disable Allocated entryes in BTB If = 0 Enable Note: Am6k86 support only CI bit. MSR Fh is Reserved (Not use it) MSR 10h is Time Stamp Counter (TSC) (Read/Write) (Pentium,Am5k86,Pentium Pro,Cx6x86MX,Am6k86) Time Stamp Counter (as all other MSRs) is clearing to 0 when RESET pin shutdown and unchanged when INIT pin shutdown. TSC is incremented every CPU core clock cycle. MSR 11h is Control/Event Select Register (CESR) (Read/Write) (Pentium) Init value after reset = 00000000000000000h bits Description 63..26 Reserved 25 PC1 (Pin Control, counter #1) If =0 counter # 1 has incremented If =1 counter # 1 has overflowed 24..22 CC1 (Counter #1 Control) CC[2] CC[1] CC[0] Description 0 0 0 Counting nothing 0 0 1 Counting events while in PL=0,1,2 0 1 0 Counting events while in PL =3 0 1 1 Counting events in any PL 1 0 0 Counting nothing 1 0 1 Counting clocks (like TSC) in PL=0..2 1 1 0 Counting clocks in PL=3 1 1 1 Counting clocks at any PL 21..16 ES1 (Event Select, counter # 1) (see below) 15..10 Reserved 9 PC0 (see PC1 for description) 8..6 CC0 (see CC1 for description 5..0 ES0 (Event select, counter # 0) Event Type for ES Value Event Type 00h Data Read 01h Data Write 02h Data TLB miss 03h Data Read Miss 04h Data Write miss 05h Write hit to Modified or Exclusive Cacheline 06h Data cache lines written back 07h Data cache snoops 08h Data cache snoops hit 09h Memory access in both pipes 0Ah Data bank access conflict 0Bh Misaligned data memory references 0Ch Code read 0Dh Code TLB miss 0Eh Code cache miss 0Fh Any segment register load 10h Segment descriptor cache accessed 11h Segment descriptor cache hit 12h Branches 13h BTB hit 14h Taken branch or BTB hit 15h Pipeline flushes 16h Instructions executed 17h Instruction executed in V pipes 18h Bus utilization 19h Pipeline stalled by write backups 1Ah Pipeline stalled by data memory read 1Bh Pipeline stalled by write to M or E line 1Ch Locked bus cycle 1Dh I/O cycle 1Eh Noncachable memory references 1Fh Pipeline stalled by AGI 20h-21h Reserved 22h FP operations 23h Breakpoint 0 match 24h Breakpoint 1 match 25h Breakpoint 2 match 26h Breakpoint 3 match 27h Hardware interrupt 28h Data read or data write 29h Data read/write miss 2Ah-3Fh Reserved MSR 11h is Counter/Event Select (Cyrix Cx6x86MX) bits Description 63..27 Reserved 26 TC1 (Event Type 1, high bit) 25 PC1 (Pin Control, counter #1) If =0 counter # 1 has incremented If =1 counter # 1 has overflowed 24..22 CC1 (Counter #1 Control) CC[2] CC[1] CC[0] Description 0 0 0 Counting nothing 0 0 1 Counting events while in PL=0,1,2 0 1 0 Counting events while in PL =3 0 1 1 Counting events in any PL 1 0 0 Counting nothing 1 0 1 Counting clocks (like TSC) in PL=0..2 1 1 0 Counting clocks in PL=3 1 1 1 Counting clocks at any PL 21..16 TC1 (Event Select, counter # 1) (see below) 15..11 Reserved 10 TC0 (Type of Event, high bit) 9 PC0 (see PC1 for description) 8..6 CC0 (see CC1 for description 5..0 TC0 (Event select, counter # 0) Event Type for ES Value Event Type 00h Data Read 01h Data Write 02h Data TLB miss 03h Data Read : Cache Miss 04h Data Write: Cache miss 05h Write hit to Modified or Exclusive Cacheline 06h Data cache lines written back 07h External Inquires 08h External Inquires what hit 09h Memory access in both pipes 0Ah Cache bank access conflict 0Bh Misaligned data memory references 0Ch Instruction Fetch Requests 0Dh L2 Code TLB miss 0Eh Cache miss: instruction fetch 0Fh Any segment register load 10h reserved 11h reserved 12h Any Branch 13h BTB hit 14h Taken branch or BTB hit 15h Pipeline flushes 16h Instructions executed in both pipes 17h Instruction executed in Y pipes 18h Clocks while bus cycles are in progress 19h Pipeline stalled by full write buffers 1Ah Pipeline stalled by data memory read 1Bh Pipeline stalled by write to !M or !E line 1Ch Locked bus cycle 1Dh I/O cycle 1Eh Noncachable memory references 1Fh Pipeline stalled by AGI 20h-21h Reserved 22h FP operations 23h Breakpoint 0 match 24h Breakpoint 1 match 25h Breakpoint 2 match 26h Breakpoint 3 match 27h Hardware interrupt 28h Data read or data write 29h Data read/write miss 2Bh MMX instruction executed in X pipe (counter 0) 2Bh MMX instruction executed in Y pipe (counter 1) 2Dh EMMS instruction executed (counter 0) 2Dh transition between EMMS and FP instruction (counter 1) 2Fh saturating MMX instruction Executed (counter 0) 2Fh saturation performed (counter 1) 31h MMX instruction data reads (counter 0) 32h Taken Branchs (counter 1) 37h Returns predict incorrectly (counter 0) 37h Returns predicted (corr+incorr) (counter 1) 38h MMX instruction Multiply Unit Interlock (cnt 0) 38h MOVD/MOVQ stall due to previous operation (cnt 1) 39h Returns (cnt 0) 39h RSB Overflows (cnt 1) 3Ah BTB false entries (cnt 0) 3Ah BTB miss prediction on a not-taken block (cnt 1) 3Bh Clks stalled due to Full Write Buffers While executing (cnt 0) 3Bh Stall on MMX instructions Write to E or M line (cnt 1) 40h L2 TLB Misses (Code or Data) 41h L1 TLB Data Misses 42h L1 TLB Code Misses 43h L1 TLB Miss (Code or Data) 44h TLB Flushes 45h TLB Page Invalidates 46h TLB page invalidates that hit 48h Instruction Decoded MSR 12h is Counter #0 (Read/Write) (Pentium,Cx6x86MX) bits Description 63..40 Reserved 39..0 Current counter value MSR 13h is Counter #1 (Read/Write) (Pentium,Cx6x86MX) bits Description 63..40 Reserved 39..0 Current counter value MSR 1Bh is APIC Base (Pentium Pro) bits Description 8 BSP (Boot Strap Processor Indicator Bit) 11 APIC (APIC Global Enable Bit - permanent till reset Enabled = 1, Disabled = 0. MSR 2Ah is EBL_CR_POWERON (Pentium Pro) bits Description 0 Data Bus error code policy 1 = ECC 0 = Parity 1 Data Error Checking Enable 0 = Disabled 1 = Enabled 2 Response Error Checking Enable 1 = Disabled 0 = Enabled 3 AERR# Drive Enable 1 = Disabled 0 = Enabled 4 BEER# Enable for Initiator bus requests 1 = Disable 0 = Enabled 6 BEER# Enable for initiator internal errors 1 = Disabled 0 = Enable 7 BINIT# Driver Enable 1 = Disabled 0 = Enabled 8 Output Tri-state enabled R 9 Execute BIST R 10 AEER# Observation enable R 12 BINIT# Observation enable R 13 IN Order Queue Depth R 14 1M Power on Reset Vector R 15 FRC Mode Enabled R 17:16 APIC Cluster ID R 21..20 Symmetric Arbitration ID R 24..22 Clock Frequency Ratio R 26 Low Power Enable R MSR 79h is BIOS_UPDT_TRIG (BIOS Update Trigger register) (Pentium Pro) MSR 82h is Array Access Register (AAR) (Am5k86) 63..32 Array pointer: 31..8 Pointer within array 7..0 Array will be accessed Array Description E0h Data cache: data E1h Data cache: Linear Tag E4h Code cache: Instruction E5h Code Cache: Linear Tag E6h Code Cache: Valid Bits E7h Code cache: Branch-prediction bits E8h 4K TLB: Page E9h 4K TLB: Linear Tag EAh 4M TLB: Page EBh 4M TLB: Linear Tag ECh Data cache: Physical tag EDh Code cache: Physical Tag 31..0 Array Data If array = E0h (Data cache: data) 31..0 Data If array = E1h (Data cache: Linear Tag) 31..26 Reserved (0s) 25 Dirty Bit 24 User/Supervisor 23 R/W 22 0 21 Linear Valid bit 20..0 Tag If array = E4h (Code cache: Instruction) 31..26 Reserved (0s) 25 Pfix1: Start bit 24 Pfix1: End bit 23 Pfix1: Opcode bit 22..21 Pfix1: Map (ROPs/MROM) 20..13 Byte1 12 Pfix0: Start bit 11 Pfix0: End bit 10 Pfix0: Opcode bit 9..8 Pfix0: Map (ROPs/MROM) 7..0 Byte0 If array = E5h (Code Cache: Linear Tag) 31..20 Reserved(0s) 19..0 linear address 31..12 If array = E6h (Code Cache: Valid Bits) 31..18 Reserved (0s) 17 Linear Tag Valid bit 16 User/Supervisor 15..0 Byte-Valid bits If array = E7h (Code cache: Branch-prediction bits) 31..19 Reserved (0s) 18 Predicted taken 17..14 Byte offset within block of last byte of predicted branch instruction 13..12 Column of predicted target 11..4 Index of Predicted Target 3..0 Target Byte If array = E8h (4K TLB: Page) 31..22 Reserved (0s) 21 PCD bit 20 PWT bit 19..0 Page frame address If array = E9h (4K TLB: Linear Tag) 31..20 Reserved (0s) 19 Global Valid Bit 18 Dirty 17 U/S 16 R/W 15 Valid 14..0 Tag (virtual address 31..17) If array = EAh (4M TLB: Page) 31..12 Reserved (0s) 11 PCD bit 10 PWT bit 9..0 Page frame Address If array = EBh (4M TLB: Linear Tag) 31..15 reserved (0s) 14 Global Valid Bit 13 Dirty Bit 12 U/S 11 R/W 10 Valid bit 9..0 Tag If array = ECh (Data cache: Physical tag) 31..23 Reserved (0s) 22..21 MESI status 00 = invalid 01 = shared 10 = modified 11 = exclusive 20..0 Tag (Physical Address 31..11) If array = EDh (Code cache: Physical Tag) 31..21 Reserved(0s) 20 Valid Bit 19..0 Tag (Physical Address 31..12) Note: READ DATA: mov ecx,82h mov edx,Array Pointer rdmsr ; in EAX - 32bit data WRITE DATA: mov ecx,82h mov edx,Array Pointer mov eax,data wrmsr MSR 83h is Hardware Configuration register (HWCR) (Am5k86) bits Description 63..8 Reserved 7 DDC (Disable Data Cache) 6 DIC (Disable Instruction Cache) 5 DBP (Disable Branch Prediction) 4 Reserved 3..1 Debug Control 000 Off 001 Enable branch trace 100 Enable Probe mode on debug trap 0 DSPC (Disable Stopping Processor Clock) MSR 85h is Write Allocate Top-of-Memory and Control Register (WATMCR) (Am5k86 model 1,2,3 with stepping >= 4) MSR 86h is Write Allocate Programmable Memory Range Register (WAPMRR) (Am5k86 model 1,2,3 with stepping >= 4) Note: For more information about MSRs 85h and 86h refer to "Implementation of Write Allocate in the K86(tm) Processors", application note, order# 21326, http://www.amd.com MSR 8Bh is BIOS_SIGN (BIOS Update Signature Register) (Pentium Pro) MSR C1h is PERFCTR0 (Perfomance Counter # 0) (Pentium Pro) (see MSRs 186h,187h) MSR C2h is PERFCTR1 (Perfomance Counter # 1) (Pentium Pro) (see MSRs 186h,187h) MSR FEh is MTRRcap (Pentium Pro) MSR 179h is MCG_CAP (Pentium Pro) MSR 17Ah is MCG_STATUS (Pentium Pro) MSR 17Bh is MCG_CTL (Pentium Pro) MSR 186h is EVNTSEL0 (Event Select # 0) (Pentium Pro) bits Description 7..0 Event number Value Description 02h SB_FORWARDS Number of store buffers forwards 03h LD_BLOCKS Number of store buffers blocks 05h MISALIGN_MEM_REF 06h SEGMENT_REG_LOADS number of segment registers loads 28h L2_IFETCH (L2 cache instruction fetch) 29h L2_LD (L2 load request) 2Ah L2_ST (L2 store request) 24h L2_LINES_IN (number of lines, allocated in L2 and removes) 2Eh L2_RQSTS (L2 all requests) 43h DATA_MEM_REFERENCE (cached and non-cached) 40h DCU_LD (L1 Data Cache unit load req.) 41h DCU_ST (L1 DCU store request) 42h DCU_LOCKS (L1 DCU locked requests) 43h DCU_RQSTS (all L1 request) 49h DTLB_MISS (L1 data TLB misses) 61h BUS_BNR_DRV (number of bus clocks that this CPU is driving correspodent fields). 79h CPU_CLK_UNHALTED (number of cycles for which processor is not halted) 7Ah BUS_HIT_DRV ----------- // -------------- (incl. cycles of snoop stall) 7Bh BUS_HITM_DRV ----------- // -------------- 7Eh BUS_SNOOP_STALL (bus clk. for which bus is snoop stalled). 87h ILD_STALL (number of cycles instruction length decoder stalled) 85h ITLB_MISS (Number of L1 Instruction TLB misses) C0h INST_RETIRED Number of instruction retired C1h FLOPS C2h UOPS_RETIRED Number of Uops retired C4h BR_INST_RETIRED Number of branch instr. retired C5h BR_MISS_PRED_RETIRED Number of Mispredicted branch instruction retired. C8h HW_INT_RX Hardware interrupts received D2h PARTIAL_PAT_STALLS Partial stalls E6h BACLEARS Number of time BACLEAR asserted 15..8 UMASK (Unit Mask) Contain event specific qualificator. 16 USR (User) if = 1 Count events in ring 1,2,3. 17 OS (Operation system mode) if =1 Count events in ring 0. 18 E (Edge Detect) Select Occurrence/Duration mode if = 0 Duration mode if = 1 Duration mode 19 PC (Pin Control) Enables signaling counters overflows via PMi pins. 20 INT (APIC Interrupt Enable) if =1 processor generated exception via local APIC, when counter overflow. 21 Reserved 22 EN (Enable Counters Flag) if =1 enable counting perfomance events in both counters, if = 0 disable in both. 23 INV (Invert Flag) if =1 reverse result of comparasion with counter mask. 31..24 Counter mask fields if <> 0 then CPU compares this value with count of event, if this count >= mask, counter incremented. (Need for calculate, for ex: two or more instruction retired.) if =0, counter incremented each event MSR 187h is EVNTSEL1 (Event Select # 1) (Pentium Pro) (see description in MSR 187h) bits Description 7..0 Event number 15..8 UMASK (Unit Mask) 16 USR (User) 17 OS (Operation system mode) 18 E (Edge Detect) 19 PC (Pin Control) 20 INT (APIC Interrupt Enable) 21..22 Reserved (bit 22 reseved !!!!) 23 INV (Invert Flag) 31..24 Counter mask fields MSR 1D9h is DEBUGCTLMSR (Debbuging Control MSR) 0 Enable/Disable Last Branch Record 1 Branch Trap Flag 5..2 Perfomance Monitoring/Break Point Pins (Pentium Pro) 6 Enable/Disable Execution Trace Messages 15..14 Enable/Disable Execution Trace Messages MSR 1DBh is LASTBRANCHFROMIP (Last Branch From IP) MSR 1DCh is LASTBRANCHTOIP (Last Branch To IP) MSR 1DDh is LASTINTFROMIP (Last INT From IP) MSR 1DEh is LASTINTTOIP (Last INT To IP) MSR 1E0h is ROB_CR_BKUPTMPDR6 2 Fast String Enable Bit If Enable REP MOVS move 64bit on 1 clk. Note: Pentium Pro contains also MSRs 200h..20Fh,400h..413h, 250h,258h,259h,268h..26Fh,2FFh. Note: Updating of this section in progress now. So full info will be in next version. Here ended Pentium MSRs and Starting IBM MSRs. MSR 1000H is Processor Operation Register (IBM only) (486SLC/486SLC2/386SLC) bits Description 63..19 Reserved 18 LWPLA (Low Power PLA) (reserved on IBM 386SLC) 17 BUSRD (Bus Read) (reserved on IBM 386SLC) 16 CPGE (Cache Parity Generate Error) (reserved on IBM 386SLC) 15 ECNPX (Enable cachebility of NPX operands) 14 EPWIA (Enable PWI ADS) 13 ELPWH (Enable Low Power Halt Mode) 12 XTOUT (Extend Out Instruction) 11 CRLD (Cache reload bit) 10 EIKEN (Enable internal KEN#) 9 DSCL (Disable cache Lock Mode) 8 Reserved 7 CE (Cache enable) 6 EDBS (Enable DBCS) 5 EPWI (Enable Power Interrupt) 4 EFSP (Enable Flush Snooping) 3 ENSP (Enable Snoop Input) 2 A20M (Address line 20 Mask) 1 CPCE (Cache Parity Checking Enable) 0 CPE (Cache Parity Error) MSR 1001H is Cache Region Control Register (IBM only) ( IBM 386SLC/486SLC/486SLC2) bits description 63..40 Reserved 39..32 Cache Memory Limit (CMLR) 31..16 1st MB Read Only (LMROR) 15..0 1st MB Cachable (LMCR) MSR 1002H is processor operation register (IBM only) (IBM 486SLC2 only) bits description 63..30 Reserved 29 EEDFS (Enable External Dynamic Frequency Shift) 28 DFSRY (Dynamic Frequency Shift Ready) 27 DFSMD (Dynamic Frequency Shift Mode) 26..24 CLKMD (Clock Mode) =000 x2 =011 x1 23..0 Reserved MSR C0000080h is EFER (Extended Feature Enable Register) (Am6k86) Bits Description 63..1 Reserved 0 SCE (System Call Extension) if = 1 System call extension enable (see SYSCALL and SYSRET instructions for more informations about system call). MSR C0000081h is STAR (SYSCALL Target Address Register) (Am6k86) Bits Description 63..48 Reserved 47..32 CS selector and SS selector base 31..0 Target IP address MSR C0000082h is WHCR (Write Handling Control Register) (Am6k86) Bits Description 63..9 Reserved 8 WCDE (Write Cachebility Detection Enable) Note: Triton does not support this hardware mechanism, so clear this bit to 0. 7..1 WAELIM (Write Allocate Enable Limit) This field multiplied on 4MB defines upper memory limit. All memory upper this limit will be acessed w/o write allocate. 0 WAE15M (Write Allocate Enable 15-to-16 Mbyte) if = 1 enable write allocation on region 15MB-16MB. for more info refer to "AMD-K6(tm) MMX(tm) Enhanced Processor Data Sheet", order# 20695, http://www.amd.com Note: IBM MSRs documented in "486SLC2 (tm) Microprocessor Data Sheet" (IBM Corp. 1993,Order number: VT05452) ----------O-RDPMC---------------------------------- OPCODE RDPMC - Read Perfomance Monitoring Counters CPU: Pentium (tm) Pro (P6) Type of Instruction: User Instruction: RDPMC Description: IF ((CPL<>0) AND (CR4.PCE==0)) THEN { INT D (0) ; GENERAL PROTECTION FAULT } ELSE { EDX:EAX <- PERFOMANCE_MONITORING_REGISTER[ECX] } Note: Valid ECX values is 0,1. Invalid ECX values call INT D(0) Note: CR4.PSE = bit 8 of CR4 Note: Perfomance Monitoring Registers (PMR) are aliases to some Perfomance Monitoring MSRs: MSR 12h is Counter #0 (Read/Write) (Perfomance Monitoring Counter # 0) bits Description 63..40 Reserved 39..0 Current counter value MSR 13h is Counter #1 (Read/Write) (Perfomance Monitoring Counter # 1) bits Description 63..40 Reserved 39..0 Current counter value ++++++++++++++++++++++++++++++++++++++ COP & Times: RDPMC 0FH 33H P6: n/a ----------O-RDSHR---------------------------------- OPCODE RDSHR - Read SMM Header Pointer Register CPU: Cyrix Cx6x86MX Type of Instruction: SMM mode only Instruction: RDSHR dest Description: dest <- SMHR (SMM Header pointer Register) Note: Format of SMHR: Bits Description 31..2 SMM Header pointer address 1 Reserved 0 (Valid) if =1, then address valid Note: SMHR pointed to phisical address SMM space area, where will be saved non-SMM contex when entered SMM. Format of SMM Header (for Cx6x86MX): Address Size Description (Relative (bit) to SMH pointer) +00 32 DR7 -04h 32 EFLAGS -08h 32 CR0 -0Ch 32 current EIP -10h 32 next EIP -14h 16 CS selector -16h 16 Reserved -18h 64 CS descriptor -20h 16 Context all reserved , but 22..21 CPL -22h 16 Context all reserved, but 15 N (Nested SMI indicator) if = 1, current SMI serviced from SMM. 13 IS (Internal SMI indicator) if = 1, current SMI is result of internal SMI event. if = 0, current SMI result of external event 4 H (SMI during CPU HALT state indicator) if = 1, CPU was in halt or shutdown state, before SMI. 3 S (Software SMM entry indicator) if = 1, SMM is result of SMINT instruction 2 P (REP INSx/REP OUTSx indicator) if = 1, current instruction have REP pfix. 1 I (IN,INSx,OUT,OUTx indicator) if = 1, current instruction perform I/O read/write 0 C (Code segment writable indicator) if = 1, current code segment is writable, if = 0, ---//---- is not writable. -24h 16 I/O Data Size -26h 16 I/O Write Address -28h 32 I/O Write Data -2Ch 32 ESI or EDI total size of SMM header = 30h Flags Affected: None CPU mode: SMM ++++++++++++++++ Physical Form: RDSHR reg/mem32 COP (Code of Operation) : 0FH 36H Postbyte Clocks Cx6x86MX: n/a ----------O-RDTSC---------------------------------- OPCODE RDTSC - Read From Time Stamp Counter CPU: Pentium (tm), Pentium Pro, AMD Am5k86 Type of Instruction: System/User Instruction: RDTSC Description: IF (CR4.TSD=0) or ((CR4.TSD=1) and (CPL=0)) THEN { EDX:EAX <- TSC; } ELSE { General Protection Fault INT 0DH (0) } END Note: TSC is one of MSR and after global hardware reset (not SRESET , but RESET ) it clear to 0000000000000000H. TSC is MSR index 10h. TSC may set using WRMSR instruction. TSC incremented every CPU core clock cycle. Flags Affected: None CPU mode: RM,PM0,SMM ; PM,VM if enable Physical Form: RDTSC COP (Code of Operation): 0FH 31H Clocks: Pentium : n/a [20-24] ----------O-REPC----------------------------------- OPCODE REPC - Repeat While Carry Flag CPU: NEC/Sony all V-series Type of Instruction: Prefix Instruction: REPC Description: DO CX=CX-1; SERVICE_PENDING_INTERRUPT; STRING_INSTRUCTION; LOOPWHILE ((CX<>0) AND (CF==1)); Flags Affected: None CPU Mode: RM 8086 Physical Form: REPC COP (Code of Operation): 65H Clocks: NEC V20 : 2 NEC V30 : 2 ----------O-REPNC---------------------------------- OPCODE REPNC - Repeat While Not Carry Flag CPU: NEC/Sony all V-series Type of Instruction: Prefix Instruction: REPNC Description: DO CX=CX-1; SERVICE_PENDING_INTERRUPT; STRING_INSTRUCTION; LOOPWHILE ((CX<>0) AND (CF<>1)); Flags Affected: None CPU mode: RM 8086 Physical Form: REPNC COP (Code of Operation): 64H Clocks: NEC V20 : 2 NEC V30 : 2 ----------O-RES3----------------------------------- OPCODE RES3 - Restore All CPU Registers CPU: AMD Am386SXLV, Am386DXLV Type of Instruction: System Operation (Work only then CPL=0) Instruction: RES3 Description: Load All Registers (Include Shadow Registers) from Table Which Begin on place pointed ES:EDI Note: This instruction is AMD analog Intel's LOADALL instruction but it's more i.c. return from SMM used this instruction. Then in SMM table is in SMRAM, then non SMM then table is in main memory. Format of RES3 Table: (Table ) Offset Len Description 0H 4 CR0 4H 4 EFLAGS 8H 4 EIP CH 4 EDI 10H 4 ESI 14H 4 EBP 18H 4 ESP 1CH 4 EBX 20H 4 EDX 24H 4 ESX 28H 4 EAX 2CH 4 DR6 30H 4 DR7 34H 4 TR (16 bit, zero filled up) 38H 4 LDT --------- 3CH 4 GS --------- 40H 4 FS --------- 44H 4 DS --------- 48H 4 SS --------- 4CH 4 CS --------- 50H 4 ES --------- 54H 4 TSS.attrib 58H 4 TSS.base 5CH 4 TSS.limit 60H 4 Reserved 64H 4 IDT.base 68H 4 IDT.limit 6CH 4 REP OUTS overrun flag 70H 4 GDT.base 74H 4 GDT.limit 78H 4 LDT.attrib 7CH 4 LDT.base 80H 4 LDT.limit 84H 4 GS.attrib 88H 4 GS.base 8CH 4 GS.limit 90H 4 FS.attrib 94H 4 FS.base 98H 4 FS.limit 9CH 4 DS.attrib A0H 4 DS.base A4H 4 DS.limit A8H 4 SS.attrib ACH 4 SS.base B0H 4 SS.limit B4H 4 CS.attrib B8H 4 CS.base BCH 4 CS.limit C0H 4 ES.attrib C4H 4 ES.base C8H 4 ES.limit Unknown Unusable area 100H 4 Temporary register 104H 4 ------------- 108H 4 ------------- 10CH 4 ------------- 110H 4 ------------- 114H 4 ------------- 118H 4 ------------- 11CH 4 ------------- 120H 4 ------------- 124H 4 Last EIP (Last instruction EIP for Restart) Format of Attrib field: Byte Description 0 0s 1 AR (Access Right) byte in the Descriptor format Note: P bit is a valid bit if valid bit=0 then Shadow Register is invalid and INT 0DH - General Protection Fault call DPL of SS,CS det. CPL 2-3 0s Flags Affected: All (FLAGS Register Reload) CPU mode: RM,PM0,SMM Physical Form: RES3 COP (Code of Operation): 0FH 07H Note: Code is same with Intel's LOADALL Clocks: Am386SXLV : 366 Am386DXLV : 291 ----------O-RES4----------------------------------- OPCODE RES4 - Restore All CPU Registers CPU: AMD Am486SXLV, Am486DXLV Type of Instruction: System Operation (Work only then CPL=0) Instruction: RES3 Description: Load All Registers (Include Shadow Registers) from Table Which Begin on place pointed ES:EDI Note: This instruction is AMD analog Intel's LOADALL instruction but it's more i.c. return from SMM used this instruction. Then in SMM table is in SMRAM, then non SMM then table is in main memory. Format of RES3 Table: (Table ) Offset Len Description 0H 4 CR0 4H 4 EFLAGS 8H 4 EIP CH 4 EDI 10H 4 ESI 14H 4 EBP 18H 4 ESP 1CH 4 EBX 20H 4 EDX 24H 4 ESX 28H 4 EAX 2CH 4 DR6 30H 4 DR7 34H 4 TR (16 bit, zero filled up) 38H 4 LDT --------- 3CH 4 GS --------- 40H 4 FS --------- 44H 4 DS --------- 48H 4 SS --------- 4CH 4 CS --------- 50H 4 ES --------- 54H 4 TSS.attrib 58H 4 TSS.base 5CH 4 TSS.limit 60H 4 Reserved 64H 4 IDT.base 68H 4 IDT.limit 6CH 4 REP OUTS overrun flag 70H 4 GDT.base 74H 4 GDT.limit 78H 4 LDT.attrib 7CH 4 LDT.base 80H 4 LDT.limit 84H 4 GS.attrib 88H 4 GS.base 8CH 4 GS.limit 90H 4 FS.attrib 94H 4 FS.base 98H 4 FS.limit 9CH 4 DS.attrib A0H 4 DS.base A4H 4 DS.limit A8H 4 SS.attrib ACH 4 SS.base B0H 4 SS.limit B4H 4 CS.attrib B8H 4 CS.base BCH 4 CS.limit C0H 4 ES.attrib C4H 4 ES.base C8H 4 ES.limit Unknown Unusable area 100H 4 Temporary register 104H 4 ------------- 108H 4 ------------- 10CH 4 ------------- 110H 4 ------------- 114H 4 ------------- 118H 4 ------------- 11CH 4 ------------- 120H 4 ------------- 124H 4 Last EIP (Last instruction EIP for Restart) 128H 4 PEIP - Previous SRAM space instruction pointer 12EH 36 Unused 150H 22 Floating Pointer Internal Registers (Am486DXLV) Format of Attrib field: Byte Description 0 0s 1 AR (Access Right) byte in the Descriptor format Note: P bit is a valid bit if valid bit=0 then Shadow Register is invalid and INT 0DH - General Protection Fault call DPL of SS,CS det. CPL 2-3 0s Flags Affected: All (FLAGS Register Reload) CPU mode: RM,PM0,SMM Physical Form: RES4 COP (Code of Operation): 0FH 07H Note: Code is same with Intel's LOADALL Clocks: Am486SXLV : N/A ----------O-RETRBI--------------------------------- OPCODE RETRBI - Return from Register Bank Context Switch Interrupt. CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: RETRBI Description: PC <- Save PC; PSW <- Save PSW; Flags Affected: All CPU mode: RM +++++++++++++++++++++++ Physical Form: RETRBI COP (Code of Operation) : 0Fh 91h Clocks: 12 ----------O-RETXA---------------------------------- OPCODE RETXA - Return from Expansion Address CPU: NEC V33/V53 only Type of Instruction: System Instruction: RETXA int_vector Description: [sp-1,sp-2] <- PSW ; PSW EQU FLAGS [sp-3,sp-4] <- PS ; PS EQU CS [sp-5,sp-6] <- PC ; PC EQU IP SP <- SP -6 IE <- 0 BRK <- 0 MD <- 0 PC <- [int_vector*4 +0,+1] PS <- [int_vector*4 +2,+3] Disable EA mode. Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: RETXA imm8 COP (Code of Operation) : 0Fh F0h imm8 Clocks: 12 ----------O-ROL4----------------------------------- OPCODE ROL4 - Rotate left 4 bits CPU: NEC/Sony all V-series Type of Instruction: User Instruction: ROL4 dest Description: AL dest bits 7 4 3 0 7 4 3 0 ------------- ------------- | | o <--------| <-|-o |<--\ ---------|---- ------------- | | | \---------------------------/ Note: This instruction Rotates (4bits) left out of dest through low 4bits of AL Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form : ROL4 reg/mem8 COP (Code of Operation) : 0FH 28H PostByte Clocks: ROL4 reg/mem8 NEC V20: 25/28 ----------O-ROR4----------------------------------- OPCODE ROR4 - Rotate right 4 bits CPU: NEC/Sony all V-series Type of Instruction: User Instruction: ROL4 dest Description: AL dest bits 7 4 3 0 7 4 3 0 ------------- ------------- | | o--|------>| o-|-> o-|--\ ---------^---- ------------- | | | \---------------------------/ Note: This instruction Rotates (4bits) right out of dest through low 4bits of AL Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form : ROR4 reg/mem8 COP (Code of Operation) : 0FH 2AH PostByte Clocks: ROR4 reg/mem8 NEC V20: 29/33 ----------O-RSDC----------------------------------- OPCODE RSDC - Restore Register and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: RSDC sreg,sorc Description: sreg [selector,shadow_descriptor] <- sorc ; sorc is register and descriptor structure (see below) ; Note: This instruction load segment register ; include shadow descriptor Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: RSDC sgeg,mem80 COP (Code of Operation) : 0FH 79H [mm sreg3 mmm] Clocks IBM BL486DX: 10 TI 486SXL : 14 Note: sreg3 is: 000 ES 001 CS 010 SS 011 DS 100 FS 101 GS ----------O-RSLDT---------------------------------- OPCODE RSLDT - Restore LDTR and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: RSLDT sorc Description: LDTR [selector,shadow_descriptor] <- sorc ; sorc is register and descriptor structure (see below) Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: RSLDT mem80 COP (Code of Operation) : 0FH 7BH [mm 000 mmm] Clocks IBM BL486DX: 10 TI 486SXL : 14 ----------O-RSM------------------------------------ OPCODE RSM - Resume from System Managment Mode CPU: I486 SL Enhanced+,i486SL,i386CX,i386EX Type of Instruction: System Instruction: RSM Description: Restore execution state from SMRAM and return to previous CPU mode CPU mode: SMM only ( INT 6 - Undefined Opcode in all other mode ) Flags Affected: All Note: CPU state restored from dump created entrance to SMM. The CPU leave SMM and return to previous mode. If CPU detect any invalid state it enters shutdown. This invalid states is: * The value stored in State Dump Base field is not 32K aligned address * Any Reserved bit of CR4 is set to 1 (Pentium only) * Any illegal Combination of CR0: ** (PG=1 and PE=0) ** (NW=1 and CD=0) Format of Execution State in SMRAM: Offset Register (Table ) 7FFCh CR0 7FF8h CR3 7FF4h EFLAGS 7FF0h EIP 7FECh EDI 7FE8h ESI 7FE4h EBP 7FE0h ESP 7FDCh EBX 7FD8h EDX 7FD4h ECX 7FD0h EAX 7FCCh DR7 7FC4h TR, upper 2 bytes reserved 7FC0h LDTR, upper 2 bytes reserved 7FBCh GS, upper 2 bytes reserved 7FB8h FS, upper 2 bytes reserved 7FB4h DS, upper 2 bytes reserved 7FB0h SS, upper 2 bytes reserved 7FACh CS, upper 2 bytes reserved 7FA8h ES, upper 2 bytes reserved 7F98h Reserved 7F94h IDT base (4 bytes) 7F8Ch Reserved 7F88h GDT base (4 bytes) 7F04h Reserved 7F02h Auto HALT Restart Slot (2 bytes) Bits 15..2 are reserved Bit 1 Bit 0 Description 0 0 Resume to next instruction in interrupted program 0 1 Unpredictable 1 0 Return to next instruction after HALT 1 1 Return to HALT state 7F00h I/O Restart Slot (2 bytes) When RSM execution if I/O restart slot = 0FFh then EIP modified to instruction immediate preceding the SMI# request i.e. CPU automatically reexecute I/O instruction which be trapped by SMI. 7EFCh SMM Revision Identificator (4 bytes) Bits Description 31..18 Reserved 17 If=1 Processor support SMBASE relocation else not support 16 If =1 Processor support I/O Instruction Restart 15..0 SMM Revision Identificator P5,486s = 0000h P54C when I/O Restarts enable = 0002h 7EF8h SMBASE Slot (4 bytes) SMBASE is 32KB aligned 32bit dword which contained a base address for SMRAM. Default value is 30000h Starting Address for for jump in SMM is: SMBASE+8000h Starting address for State Save area is SMBASE+[8000h+7FFFh] 7E00h Reserved Note: In fields marked Reserved saved and restores next registers: CR1,CR2,CR3, hidden descriptors for CS,DS,ES,FS,SS,GS. Never saved registers: DR5-DR0,TR7-TR3,all FPU registers. More Information Not available Yet. Physical Form: RSM COP (Code of Operation) : 0FH AAH Clocks: i386CX : 338 i486 SL Enhanced : ??? IntelDX4 : 452 ; SMBASE relocation : 456 ; AutoHALT restart : 465 ; I/O Trap restart Pentium : 83 ----------O-RSM------------------------------------ OPCODE RSM - Resume from SMM CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: RSM Description: RESTORE CPU STATE FROM SMM HEADER AT THE TOP OF SMM SPACE (defined by SMAR register); EXIT SMM; Format of SMM Header: Offset Length Description (Table ) -00h - Nothing (Top of SMM space) (Not accessable) -04h 32 DR7 -08h 32 EFLAGS -0Ch 32 CR0 -10h 32 Current EIP -14h 32 Next instruction EIP -16h 16 Reserved -18h 16 CS selector -1Ch 32 CS descriptor(63-32) -20h 32 CS descriptor(31-0) -24h 32 SMM Flags [ ALL BITS are Not available in Cx486S/S2/D/D2] Bit Description 1 I (IN/INSx/OUT/OUTx Indicator) If =0 current instruction performed I/O read =1 I/O write 2 P (REP INSx/OUTx Prefix) If =1 current instruction has REP pfix. =0 not has REP pfix 3 S (Software SMI) If =1 current SMM is result of execution SMINT instruction =0 current SMM is result of hardware SMI Note: TI 486SXL/SXL2 support only bits 1,2. -26h 16 I/O Write Data size [ Not available in Cx486S/S2/D/D2] [ Not available in TI486SXL/SXL2] [ Not available in TI486SLC/DLC/e] 1h = byte 3h = word fh = dword -28h 16 I/O Write Address [ Not avaliable in Cx486S/S2/D/D2] [ Not available in TI486SXL/SXL2] [ Not available in TI486SLC/DLC/e] -2Ch 32 I/O Write Data [ Not avaliable in Cx486S/S2/D/D2] [ Not available in TI486SXL/SXL2] [ Not available in TI486SLC/DLC/e] -30h 32 ESI or EDI This field saved value of source/destination for restart INSx/OUTSx instruction [ Not avaliable in Cx486S/S2/D/D2] Flags Affected: All CPU mode: SMM ++++++++++++++++ Physical Form: RSM COP (Code of Operation) : 0FH AAH Clocks IBM BL486DX: 76 TI 486SXL : 58 ----------O-RSTS----------------------------------- OPCODE RSTS - Restore TR and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC IBM BL486DX/DX2 Type of Instruction: System Instruction: RSTS sorc Description: TR [selector,shadow_descriptor] <- sorc ; sorc is register and descriptor structure (see below) Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: RSTS mem80 COP (Code of Operation) : 0FH 7DH [mm 000 mmm] Clocks IBM BL486DX: 10 TI 486SXL : 14 ----------O-SET1----------------------------------- OPCODE SET1 - Set a Specified Bit CPU: NEC/Sony V-series Type of Instruction: User Instruction: SET1 dest,bitnumb Description: BIT bitnumb OF dest <- 1; Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: SET1 reg/mem8,CL COP (Code of Operation) : 0FH 14H Postbyte Physical Form: SET1 reg/mem8,imm8 COP (Code of Operation) : 0FH 1CH Postbyte imm8 Physical Form: SET1 reg/mem16,CL COP (Code of Operation) : 0FH 15H Postbyte Physical Form: SET1 reg/mem16,imm8 COP (Code of Operation) : 0FH 1DH Postbyte imm8 Clocks: SET1 r/m8,CL r/m8,i8 r/m16,CL r/m16,i8 NEC V20: 4/13 5/14 4/13 5/14 ----------O-SETALC--------------------------------- OPCODE SETALC - Set AL to Carry Flag CPU: Intel 8086 and all its clones and upward compatibility chips. Type of Instruction: User Instruction: SETALC Description: IF (CF=0) THEN AL:=0 ELSE AL:=FFH; Flags Affected: None CPU mode: RM,PM,VM,SMM Physical Form: SETALC COP (Code of Operation): D6H Clocks: 80286 : n/a [3] 80386 : n/a [3] Cx486SLC : n/a [2] i486 : n/a [3] Pentium : n/a [3] Note: n/a is Time that Intel etc not say. [3] is real time it executed. ----------O-SMI------------------------------------ OPCODE SMI - System Managment Interrupt CPU: AMD Am386SXLV,Am386DXLV AMD 486s Type of Instruction: System Instruction: SMI Description: IF (SMIE=1) THEN { SAVE STATUS OF EXECUTION TO SMRAM; ENTER SMM; SMMS <- 1; } ELSE { INT 1; } END Notes: SMIE is (DR7.bit12) =1 Enable soft SMI =0 Disable soft SMI SMMS is (DR6.bit12) =1 SMM was entered =0 SMM status cleared Flags Affected: None CPU mode: RM?,PM0 Physical Form: SMI COP (Code of Operation): F1H Clocks: Am386SXLV : 357 Am386DXLV : 325 Am486xxxx : Don't know, do you? ----------O-SMINT---------------------------------- OPCODE SMINT - Software SMM Interrupt CPU: Cyrix Cx486DX/DX2/DX4 IBM BL486DX/DX2 Note: Never in Cx486S/S2/D/D2 Never in any TI's chips. Type of Instruction: System Instruction: SMINT Description: SAVE CPU STATE TO SMM HEADER AT THE TOP OF SMM SPACE (defined by SMAR register); ENTER SMM MODE; Format of SMM Header: Refer to Cyrix/IBM SMI Instruction (Table ) Flags Affected: None CPU mode: CPL=0, CCR1.bit1=1, SMAR size >= 30h. ++++++++++++++++ Physical Form: SMINT COP (Code of Operation) : 0FH 7EH Clocks IBM BL486DX: 24 ----------O-STOP----------------------------------- OPCODE STOP - Stop CPU CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: STOP Description: PowerDown instruction, Stop Oscillator, Halt CPU. Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: STOP COP (Code of Operation) : 0Fh BEh Clocks: N/A ----------O-SUB4S---------------------------------- OPCODE SUB4S - Subtraction of packed BCD strings CPU: NEC/Sony all V-series Type of Instruction: User Instruction: SUB4S Description: BCD STRING (ADDRESS=ES:DI,LENGTH=CL) <- BCD STRING (ADDRESS=DS:SI,LENGTH=CL) - BCD STRING (ADDRESS=ES:DI,LENGTH=CL); Length of BCD string in CL; Note: si,di,cl and other registers not changed Flags Affected: OF,CF,ZF ;; ZF set if result is zero. ;; CF,OF set as result of operation with most ;; signification BCDs. CPU mode: RM +++++++++++++++++++++++ Physical Form: SUB4S COP (Code of Operation) : 0FH 22H Clocks: SUB4S NEC V20: ~7+19*CL ----------O-SVDC----------------------------------- OPCODE SVDC - Save Register and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: SVDC dest,sreg Description: dest <- sreg [selector,shadow_descriptor] ; dest is register and descriptor structure (see below) Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: SVDC mem80,sreg COP (Code of Operation) : 0FH 78H [mm sreg3 mmm] Clocks IBM BL486DX: 18 TI 486SXL : 22 Note: sreg3 is: 000 ES 001 CS 010 SS 011 DS 100 FS 101 GS ----------O-SVLDT---------------------------------- OPCODE SVLDT - Save LDTR and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: SVLDT dest Description: dest <- LDTR [selector,shadow_descriptor] ; dest is register and descriptor structure (see below) Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: SVLDT mem80 COP (Code of Operation) : 0FH 7AH [mm 000 mmm] Clocks IBM BL486DX: 18 TI 486SXL : 22 ----------O-SVTS----------------------------------- OPCODE SVTS - Save TR and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: SVTS dest Description: dest <- TR [selector,shadow_descriptor] ; dest is register and descriptor structure (see below) Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: SVTS mem80 COP (Code of Operation) : 0FH 7CH [mm 000 mmm] Clocks IBM BL486DX: 18 TI 486SXL : 22 ----------O-SYSCALL-------------------------------- OPCODE SYSCALL - Call Operating System CPU: AMD Am6k86 (K6) Type of Instruction: User Instruction: SYSCALL Description: if EFER.SCE = 1 then { ECX <- EIP EIP <- STAR[31..0] IF <- 0 VM <- 0 CS.selector <- STAR[47..32] SS.selector <- (STAR[47..32]) + 8 CS.base <- 0 SS.base <- 0 CS.limit <- 4G SS.limit <- 4G CS.attr <- ReadOnly SS.attr <- R/W, Expand-Up CPL <- 0 } else #UD; Note: Passing control to fixed entry point for faster OS calls. see RDMSR for description of STAR (SYSCALL Target Address register) Note: Command opcode equal to 286 LOADALL undocument instruction. ++++++++++++++++++++++++++++++++++++++ COP & Times: SYSCALL 0FH 05H Am6k86: n/a ----------O-SYSRET--------------------------------- OPCODE SYSRET - Return from Operation System CPU: AMD Am6k86 (K6) Type of Instruction: Privelege (CPL =0) Instruction: SYSRET Description: if EFER.SCE == 1 { if CPL == 0 { EIP <- ECX IF <- 1 CS.selector <- STAR[47..32] OR 3H CS.base <- 0 CS.limit <- 4GB CS.attr <- ReadOnly SS <- (STAR[47..32]) + 16) OR 3H } else #GP(0); } else #UD; Note: Passing control from OS entry point back to ring 3 client. see RDMSR for description of STAR (SYSCALL Target Address register) Note: Command opcode equal to 386/486 LOADALL undocument instruction. ++++++++++++++++++++++++++++++++++++++ COP & Times: SYSCALL 0FH 07H Am6k86: n/a ----------O-TEST1---------------------------------- OPCODE TEST1 - Test a Specified bit CPU: NEC/Sony all V-series Type of Instruction: User Instruction: NOT1 dest,bitnumb Description: IF dest IS 8BIT THEN bitn <- bitnumb AND 7; IF dest IS 16BIT THEN bitn <- bitnumb AND Fh; IF (BIT bitn OF dest) = 0 THEN { ZF <- 1; } ELSE { ZF <- 0; } ENDIF Flags Affected: ZF CPU mode: RM +++++++++++++++++++++++ Physical Form: TEST1 reg/mem8,CL COP (Code of Operation) : 0FH 10H Postbyte Physical Form: TEST1 reg/mem8,imm8 COP (Code of Operation) : 0FH 18H Postbyte imm8 Physical Form: TEST1 reg/mem16,CL COP (Code of Operation) : 0FH 11H Postbyte Physical Form: TEST1 reg/mem16,imm8 COP (Code of Operation) : 0FH 19H Postbyte imm8 Clocks: TEST1 r/m8,CL r/m8,i8 r/m16,CL r/m16,i8 NEC V20: 3/12 4/13 3/12 4/13 ----------O-TSKSW---------------------------------- OPCODE TSKSW - Task Switch CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: TSKSW reg16 Description: Perform a High-Speed task switch to the register bank indicated by lower 3 bits of reg16. The PC and PSW are saved in the old banks. PC and PSW save Registers and the new PC and PSW values are retrived from the new register bank's save area. Note: See BRKCS instruction for more Info about banks. Flags Affected: All CPU mode: RM +++++++++++++++++++++++ Physical Form: TSCSW reg16 COP (Code of Operation) : 0Fh 94h <1111 1RRR> Clocks: 11 ----------O-UD------------------------------------ OPCODE UD - Undefined Instruction CPU: AMD Am5k86 (SSA/5, K5) Logical Form: UD Description: Caused #UD exception Flags Affected: No Flags Affected CPU Mode : RM,PM,VM,VME,SMM Exceptions : RM PM V86 VME SMM #UD #UD #UD #UD #UD Undefined Instruction No more Exceptions Note : This instruction caused #UD. AMD guaranteed that in future AMD's CPUs this instruction will caused #UD. Of course all previous CPUs (186+) caused #UD on this opcode. This instruction used by software writers for testing #UD exception servise routine. ++++++++++++++++++++++++++++++ Physical Form : UD COP (Code of Operation) : 0Fh FFh Clocks : UD 8088: Not supported NEC V20: Not supported 80186: ~int 80286: ~int 80386: ~int Cx486SLC: ~int i486: ~int Cx486DX: ~int Cx5x86: ~int Pentium: ~int Nx5x86: ~int Cx6x86: ~int Am5k86: ~int Pentium Pro: ~int ++++++++++++++++++++++++++++++ ----------O-UD2----------------------------------- OPCODE UD2 - Undefined Instruction CPU: Pentium Pro+ and all other Logical Form: UD2 Description: Caused #UD exception Flags Affected: No Flags Affected CPU Mode : RM,PM,VM,VME,SMM Exceptions : RM PM V86 VME SMM #UD #UD #UD #UD #UD Undefined Instruction No more Exceptions Note : This instruction caused #UD. Intel guaranteed that in future Intel's CPUs this instruction will caused #UD. Of course all previous CPUs (186+) caused #UD on this opcode. This instruction used by software writers for testing #UD exception servise routine. ++++++++++++++++++++++++++++++ Physical Form : UD2 COP (Code of Operation) : 0Fh 0Bh Clocks : UD2 8088: Not supported NEC V20: Not supported 80186: ~int 80286: ~int 80386: ~int Cx486SLC: ~int i486: ~int Cx486DX: ~int Cx5x86: ~int Pentium: ~int Nx5x86: ~int Cx6x86: ~int Am5k86: ~int Pentium Pro: ~int ++++++++++++++++++++++++++++++ ----------O-UMOV----------------------------------- OPCODE UMOV - Mov Data to Main (User) Memory CPU: AMD Am386SXLV,Am386DXLV AMD 486s IBM 486SLC2 Type of Instruction: Special System Instruction: UMOV dest,sorc Description: dest <- sorc; Note!!!!!: But all memory operands placed in Main memory only ! ( i.e. not in SMRAM then in SMM ) WARNING: UMC's CPUs hang on execution this instruction !!!!!! check that CPU is none UMC's before Note: On Cyrix's CPUs UMOV opcodes do nothing. This way used to determination of Cyrix Microprocessors. Note: Pentium P54C never support this instruction Flags Affected: None CPU mode: RM?,PM?,VM?,SMM +++++++++++++++++++++++ Physical Form: UMOV r/m8,r8 COP (Code of Operation) : 0FH 10H Postbyte Clocks: Am386SXLV or AM386DXLV: 2/2 IBM 486SLC2 : 4 +++++++++++++++++++++ Physical Form: UMOV r/m16,r16 UMOV r/m32,r32 COP (Code of Operation) : 0FH 11H Postbyte Clocks: Am386SXLV or AM386DXLV: 2/2 IBM 486SLC2 : 4 +++++++++++++++++++++++ Physical Form: UMOV r8,r/m8 COP (Code of Operation) : 0FH 12H Postbyte Clocks: Am386SXLV or AM386DXLV: 2/4 IBM 486SLC2 : 4 +++++++++++++++++++++ Physical Form: UMOV r16,r/m16 UMOV r32,r/m32 COP (Code of Operation) : 0FH 13H Postbyte Clocks: Am386SXLV or AM386DXLV: 2/4 IBM 486SLC2 : 4 ----------O-WBINVD--------------------------------- OPCODE WBINVD - Write Back and Invalidate Cache CPU: I486 + Type of Instruction: System Instruction: WBINVD Description: IF (internal cache is WB and in WB mode) THEN { Write Back Internal Cache; } Flush internal cache; Signal external cache to Write Back; Signal external cache to Flush; Notes: This instruction not work in Real Mode and in Protected mode work only in ring 0 ; Flags Affected: None CPU mode: PM0,SMM Physical Form: INVD COP (Code of Operation): 0FH 09H Clocks: Cyrix Cx486SLC : 4 i486 : 5 Pentium : 2000+ ----------O-WRMSR---------------------------------- OPCODE WRMSR - Write to From Model Specified Register CPU: Pentium (tm), IBM 486SLC2 Type of Instruction: System Instruction: WRMSR Description: IF (ECX is valid number of MSR) and (CPL=0) THEN { MSR [ECX] <- EDX:EAX; } ELSE { General Protection Fault INT 0DH (0) } END Flags Affected: None Note: Refer to RDMSR for more Info. CPU mode: RM,PM0,SMM Physical Form: WRMSR COP (Code of Operation): 0FH 30H Clocks: Pentium : 30-45 ----------O-WRSHR---------------------------------- OPCODE WRSHR - Write SMM Header Pointer Register CPU: Cyrix Cx6x86MX Type of Instruction: SMM mode only Instruction: WRSHR src Description: SMHR <- src Note: See RDSHR for more details Flags Affected: None CPU mode: SMM ++++++++++++++++ Physical Form: RDSHR reg/mem32 COP (Code of Operation) : 0FH 37H Postbyte Clocks Cx6x86MX: n/a ----------O-XADD----------------------------------- OPCODE XADD - Exchange and addition CPU: i486+ Type of Instruction: User Instruction: XADD dest,sorc Description: Temporary <- dest; dest <- dest + sorc; sorc <- Temporary; Flags Affected: ZF,OF,SF,AF,PF,CF ( like ADD instruction ) ( see description) CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form: XADD r/m8,r8 COP (Code of Operation) : 0FH C0H Postbyte Clocks: Intel i486 : 3/4 Cyrix Cx486SLC : 3/6 Pentium (tm) : 3/4 Penalty if cache miss : Intel i486 : 6/2 ; Unlocked/Locked Cyrix Cx486SLC : 0 ; N/A +++++++++++++++++++++ Physical Form: XADD r/m16,r16 XADD r/m32,r32 COP (Code of Operation) : 0FH C1H Postbyte Clocks: Intel i486 : 3/4 Cyrix Cx486SLC : 3/6 Pentium (tm) : 3/4 Penalty if cache miss : Intel i486 : 6/2 ; Unlocked/Locked Cyrix Cx486SLC : 1 ; N/A ----------O-XBTS----------------------------------- OPCODE XBTS - Extract Bits String CPU: 80386 step A0-B0 only Type of Instruction: User Instruction: XBTS dest,base,bitoffset,len Description: Write bit string length bits from bitfield, defined by and bitsoffset from this base to start of the field to read. String read from this start field bit to higher memory addresses or register bits. And after it string placed to operand, lowest bit of register or memory to bit 0 of . Note: Use SHLD/SHRD instructions for extract bits strings. On 80386 steps B1+ this opcode generation INT 6, and on some of 486 other instruction replace this instruction opcode. Flags Affected: None CPU mode: RM,PM,VM +++++++++++++++++++++++ Physical Form: XBTS r16,r/m16,AX,CL XBTS r32,r/m32,EAX,CL COP (Code of Operation) : 0FH A6H Postbyte Clocks: XBTS 80386: 6/13 ----------------------------------------------------- APPENDIX A0 Cyrix Cx486SLC/DLC configuration Registers for Cx486DLC: Register Full Register Name Index size(bits) CCR0 Configuration Control Register #0 C0H 8 CCR1 Configuration Control Register #1 C1H 8 NCR1 Non-cacheble Region #0 C4H-C6H 24 NCR2 Non-cachable Region #1 C7H-C9H 24 NCR3 Non-cacheble Region #2 CAH-CCH 24 NCR4 Non-cacheble Region #4 CDH-CFH 24 for Cx486SLC: Register Full Register Name Index size(bits) CCR0 Configuration Control Register #0 C0H 8 CCR1 Configuration Control Register #1 C1H 8 NCR1 Non-cacheble Region #0 C5H-C6H 16 NCR2 Non-cachable Region #1 C8H-C9H 16 NCR3 Non-cacheble Region #2 CBH-CCH 16 NCR4 Non-cacheble Region #4 CEH-CFH 16 For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR0 00H CCR1 xxxx xxx0B NCR1 000Fh NCR2 0 NCR3 0 NCR4 0 format of registers: CCR0: Bit Name Description 7 SUSPEND If =1 then enable SUSP# and SUSPA# pins, which used for put CPU in PowerSave mode. If =0 disable 6 CO (Cache Organisation) If =0 2ways set associative If =1 Dirrect Mapped 5 BARB If =1 then enable flushing internal cache when begining HOLD state. IF =0 disable. 4 FLUSH If =1 enable input pin FLUSH# if =0 disable 3 KEN If =1 enable input pin KEN# if =0 disable 2 A20M If =1 enable input pin A20M# if =0 disable 1 NC1 If=1 then 640KB-1MB area never caching If=0 caching (but see NCRi) 0 NC0 If=1 then first 64K of each 1MB bounds not caching, when in Real or Virtual8086 mode If =0 caching CCR1: Bit Name Description 7-1 Reserved 0 RPL If =1 then enable RPLSET,RPLVAL# pins If =0 this pins are disable and float. NCRi: Byte Bits Description 0 7-0 Address bits A31-A24 of non-cacheble region start (Reserved for Cx486SLC) 1 7-0 Address bits A23-A16 of non-cachable region start 2 7-4 Address bits A15-A12 of non-cacheble region start 2 3-0 Size of non-cacheble block: 0000 Disable NCRi 0001 4K 0010 8K 0011 16K 0100 32K 0101 64K 0110 128K 0111 256K 1000 512K 1001 1M 1010 2M 1011 4M 1100 8M 1101 16M 1110 32M 1111 4G NCRi bytes: Byte NCRi 0 1 2 NCR1 C4H C5H C6H NCR2 C7H C8H C9H NCR3 CAH CBH CCH NCR4 CDH CDH CEH --------------------------------------------------- APPENDIX A1 Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 configuration Registers Register Full Register Name Index size(bits) CCR1 Configuration Control Register #1 C1H 8 CCR2 Configuration Control Register #2 C2H 8 CCR3 Configuration Control Register #3 C3H 8 SMAR SMM Address Region CDH-CFH 24 DIR0 Device Identification register #0 FEH 8 DIR1 Device Identification register #1 FFH 8 For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH,FEH,FFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR1 00H CCR2 00H CCR3 00H SMAR 0 DIR0 see DIR0 description DIR1 see DIR1 description format of registers: CCR1: Bit Name Description 7..5 Reserved 4 NO_LOCK (Negate LOCK#) 3 MMAC (Main Memory Access) If =1 then all data access which occur within SMI routine (when SMAC=1) accessing main memory instead SMM space =0 No affects on access 2 SMAC (System Managment Memory Access) If =1 Any access within SMM memory space issued with SMAADS# output active, SMI# ignored =0 No affects on access 1 SMI (Enable SMM pins) If =1 then enable SMI# i/o pin and SMADS# output pin =0 Float it 0 RPL (Enable RPL pins) If=1 then enable output pins RPLSET(1-0) and RPLVAL# =0 Float it CCR2: Bit Name Description 7 SUSP (Enable Suspend pins) If =1 SUSP# input and SUSPA# output pins enabled =0 Float 6 BWRT (Enable Burst Write Cycle) If =1 enable use of 16byte burst WB cycle =0 disable 5 BARB (Enable cache coherency on Bus Arbitration) If =1 enable write back of all dirty cache data when HOLD is requered and prior to asserting HLDA. =0 isable 4 WT1 (Write-Through Region 1) If =1 Forces all writes to the 640KB-1MB region that hit in cache issued on the external bus 3 HALT (Suspend on HALT) If =1 CPU enters suspend mode following execution HLT instruction. 2 LOCK_NW (Lock NW bit) If =1 Prohibits changing the state of NW bit in CR0 1 WBAK (Enable WB Cache Interface pins) If =1 then enable INVAL,WM_RST and HITM# pins =0 float it 0 Reserved CCR3: Note: Cyrix Cx486S/D never have CCR3 register. Bit Name Description 7..2 Reserved 1 NMIEN (NMI Enable) If =1 then NMI enable during SMM If =0 NMI don't recognizing during SMM 0 SMI_LOCK (SMM Register Lock) If =1 the following SMM control bits can not be modified: CCR1: bits 1,2,3 CCR3: bit 1 But this bit may be changed in SMM. This bit (SMI_LOCK) clearing RESET only. SMAR: (Index CDh) Bit Description 7..0 A31..A24 bits of starting adress of SMM region (Index CEh) Bit Description 7..0 A23..A16 bits of starting adress of SMM region (Index CFh) Bit Description 7..4 A15..A12 bits of starting adress of SMM region 3..0 Size of SMM region: 0000 SMM region disabled 0001 4K 0010 8K 0011 16K 0100 32K 0101 64K 0110 128K 0111 256K 1000 512K 1001 1M 1010 2M 1011 4M 1100 8M 1101 16M 1110 32M 1111 4K DIR0: Bit Description 7..0 (Device Identification) for Cx486SLC/e = 00h for Cx486DLC = 01h for Cx486SLC2 = 02h for Cx486DLC2 = 03h for Cx486SRx = 04h for Cx486DRx = 05h for Cx486SRx2 = 06h for Cx486DRx2 = 07h for Cx486SRu = 08h for Cx486DRu = 09h for Cx486SRu2 = 0Ah for Cx486DRu2 = 0Bh for Cx486S (B step) = 10h for Cx486S2 = 11h for Cx486S/e = 12h = 14h = 16h for Cx486S2/e = 13h or 15h or 17h for Cx486DX/BL486DX = 1Ah for Cx486DX2/BL486DX2 = 1Bh for ST486DX2 = 1Bh for TI486DX2 = 1Bh for Cx486DX4 (x2 mode)= 1Bh (x2 mode) Note: DIR1 = 36h for DX4 1Fh (x3 mode) for Cx5x86 (M1sc) = 28h (x1,S) = 29h (x2,S) = 2Ah (x1,P) = 2Bh (x2,P) = 2Ch (x4,S) = 2Dh (x3,S) = 2Eh (x4,P) = 2Fh (x3,P) for Cyrix Cx6x86 (M1) = 20h,30h (1x,S) = 21h,31h (2x,S) = 22h,32h (1x,P) = 23h,33h (2x,P) = 24h,34h (4x,S) = 25h,35h (3x,S) = 26h,36h (4x,P) = 27h,37h (3x,P) for Cyrix CxG86 = 44h (4x,S) = 45h (3x,S) = 46h (4x,P) = 47h (3x,P) for Cyrix 6x86MX (M2) = 50h (1.5x,S) = 51h (2x,S) = 52h (2.5x,S) = 53h (3x,S) = 54h (3.5x,S) = 55h (4x,S) = 56h (4.5x,S) = 57h (5x,S) = 58h (1,5x,P) = 59h (2x,P) = 5Ah (2.5x,P) = 5Bh (3x,P) = 5Ch (3.5x,P) = 5Dh (4x,P) = 5Eh (4.5x,P) = 5Fh (5x,P) for TI486DX4 = 81h for Cyrix OverDrive = FDh for TI Potomac's = FFh ;; None connections Important Note: The original Cx486SLC never have DIRi registers. DIR1: Note: Cyrix Cx486S/D never have DIR1 register. Bit Name Description 7..4 SID Stepping Identificator 3..0 RID Revision Identification See Appendix A3 for more information CPU DIR0 DIR1 NOTE Cx486DX-40 1Ah 05h Cx486DX-50 1Ah 05h Cx486DX2-50 1Bh 08h Cx486DX2-50 1Bh 08h Marked 001 on pin side of chip ST486DX2-66 1Bh 0Bh ST486DX2-66 1Bh 0Bh Cx486DX2-v80 1Bh 31h 3 VOLT Cx486DX4-v100 1Fh 36h 3 VOLT Cx5x86-100 2Dh 13h 3 VOLT TI486DX2-66,80 1Bh 32h stepping eA0 TI486DX2-66,80 1Bh B2h stepping eB0 TI486DX4-100 81h 91h ----------------------------------------------------- APPENDIX A2 TI486SXLC/SXL configuration Registers for TI486SXL -------------- Register Full Register Name Index size(bits) CCR0 Configuration Control Register #0 C0H 8 CCR1 Configuration Control Register #1 C1H 8 ARR1 Address Region #1 C4H-C6H 24 ARR2 Address Region #2 C7H-C9H 24 ARR3 Address Region #3 CAH-CCH 24 ARR4 Address Region #4 CDH-CFH 24 for TI486SXLC -------------- Register Full Register Name Index size(bits) CCR0 Configuration Control Register #0 C0H 8 CCR1 Configuration Control Register #1 C1H 8 ARR1 Address Region #1 C5H-C6H 16 ARR2 Address Region #2 C8H-C9H 16 ARR3 Address Region #3 CBH-CCH 16 ARR4 Address Region #4 CEH-CFH 16 For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR0 00H CCR1 xxxx xxx0B ARR1 000Fh ; 4Gbyte Non-Caching Region ARR2 0 ARR3 0 ARR4 0 format of registers: CCR0: Bit Name Description 7 SUS If =1 then enable SUSP# and SUSPA# pins, which used for put CPU in PowerSave mode. If =0 disable 6 CKD (Clock Double) If =0 Disable Clock-double mode If =1 Enable Clock-Double mode 5 BARB If =1 then enable flushing internal cache when begining HOLD state. IF =0 disable. 4 FLUSH If =1 enable input pin FLUSH# if =0 disable 3 KEN If =1 enable input pin KEN# if =0 disable 2 A20M If =1 enable input pin A20M# if =0 disable 1 NC1 If=1 then 640KB-1MB area never caching If=0 caching (but see NCRi) 0 NC0 If=1 then first 64K of each 1MB bounds not caching, when in Real or Virtual8086 mode If =0 caching CCR1: Bit Name Description 7 SM4 Access Region 4 Control If=1 then Region 4 is non-cachable SMM Memory Space If=0 Region 4 is non-cachable. SMI# input ignored. 6 WP3 Access Region 3 Control If=1 then Region 3 is write-protected and cachable If=0 Region 3 is non-cachable. 5 WP2 Access Region 2 Control If=1 then Region 2 is write-protected and cachable If=0 Region 2 is non-cachable. 4 WP1 Access Region 1 Control If=1 then Region 1 is write-protected and cachable If=0 Region 1 is non-cachable. 3 NMAC Main Memory Access If=1 All data accesses which occur within SMI service routine (or then SMAC=1) will access main memory instead of SMM Memory space If=0 No changes in access 2 SMAC System Managment memory access If=1 Any access to addresses within SMM memory space cause external bus cycles to be issued with SMADS# output active. SMI# input is ignored. 1 SMI Enable SMM Pins If=1 SMI# input/output pin and SMADS# output pin are enabled If=0 Disabled 0 Reserved ARRi: Byte Bits Description 0 7-0 Address bits A31-A24 of non-cacheble region start (Reserved for TI486SXLC) 1 7-0 Address bits A23-A16 of non-cachable region start 2 7-4 Address bits A15-A12 of non-cacheble region start 2 3-0 Size of non-cacheble block: 0000 Disable NCRi 0001 4K 0010 8K 0011 16K 0100 32K 0101 64K 0110 128K 0111 256K 1000 512K 1001 1M 1010 2M 1011 4M 1100 8M 1101 16M 1110 32M 1111 4G ARRi bytes: Byte ARRi 0 1 2 ARR1 C4H C5H C6H ARR2 C7H C8H C9H ARR3 CAH CBH CCH ARR4 CDH CDH CEH --------------------------------------------------- APPENDIX A3 Texas Instruments TI486DX2,TI486DX4 configuration Registers Register Full Register Name Index size(bits) CCR1 Configuration Control Register #1 C1H 8 CCR2 Configuration Control Register #2 C2H 8 CCR3 Configuration Control Register #3 C3H 8 SMAR SMM Address Region CDH-CFH 24 DIR0 Device Identification register #0 FEH 8 DIR1 Device Identification register #1 FFH 8 For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH,FEH,FFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR1 00H CCR2 00H CCR3 00H SMAR 0 DIR0 see DIR0 description DIR1 see DIR1 description format of registers: CCR1: Bit Name Description 7..5 Reserved 4 NO_LOCK (Negate LOCK#) If =0 Usuall scheme If =1 previously noncachable locked cycles will be executed as unlocked, result is higher perfomanse. 3 MMAC (Main Memory Access) If =1 then all data access which occur within SMI routine (when SMAC=1) accessing main memory instead SMM space =0 No affects on access 2 SMAC (System Managment Memory Access) If =1 Any access within SMM memory space issued with SMAADS# output active, SMI# ignored =0 No affects on access 1 SMI (Enable SMM pins) If =1 then enable SMI# i/o pin and SMADS# output pin =0 Float it 0 RPL (Enable RPL pins) If=1 then enable output pins RPLSET(1-0) and RPLVAL# =0 Float it CCR2: Bit Name Description 7 SUSP (Enable Suspend pins) If =1 SUSP# input and SUSPA# output pins enabled =0 Float 6 BWRT (Enable Burst Write Cycle) If =1 enable use of 16byte burst WB cycle =0 disable 5 BARB (Enable cache coherency on Bus Arbitration) If =1 enable write back of all dirty cache data when HOLD is requered and prior to asserting HLDA. =0 isable 4 WT1 (Write-Through Region 1) If =1 Forces all writes to the 640KB-1MB region that hit in cache issued on the external bus 3 HALT (Suspend on HALT) If =1 CPU enters suspend mode following execution HLT instruction. 2 LOCK_NW (Lock NW bit) If =1 Prohibits changing the state of NW bit in CR0 1 WBAK (Enable WB Cache Interface pins) If =1 then enable INVAL,WM_RST and HITM# pins =0 float it 0 Reserved CCR3: Note: Cyrix Cx486S/D never have CCR3 register. Bit Name Description 7..4 Reserved 3 SM_MODE (SMM Mode Select) If =0 then Normal SMM mode (Cyrix style) If =1 then SL-compatible mode (but SMI_LOCK MUST BE 0) Note: For more info refer to "TI486DX2 Microprocessor SM Mode Programming Guide" // Texas Instruments 1995 (literature number SRZU019) 2 Reserved 1 NMIEN (NMI Enable) If =1 then NMI enable during SMM If =0 NMI don't recognizing during SMM 0 SMI_LOCK (SMM Register Lock) If =1 the following SMM control bits can not be modified: CCR1: bits 1,2,3 CCR3: bit 1 Any SMAR bits But this bit may be changed in SMM. This bit (SMI_LOCK) clearing RESET only. SMAR: (Index CDh) Bit Description 7..0 A31..A24 bits of starting adress of SMM region (Index CEh) Bit Description 7..0 A23..A16 bits of starting adress of SMM region (Index CFh) Bit Description 7..4 A15..A12 bits of starting adress of SMM region 3..0 Size of SMM region: 0000 SMM region disabled 0001 4K 0010 8K 0011 16K 0100 32K 0101 64K 0110 128K 0111 256K 1000 512K 1001 1M 1010 2M 1011 4M 1100 8M 1101 16M 1110 32M 1111 4K DIR0: Bit Description 7..0 (Device Identification) for TI486DX2 = 1Bh (compare with Cyrix's DIR0) for TI486DX4 = 81h DIR1: Bit Name Description 7 MID Manafacturer ID 0 = Cyrix 1 = Texas Instruments (support starting TI486DX2 eB0 steping) 6..4 SID Stepping Identificator 3..0 RID Revision Identification see Appendix A1 for more info about identification. --------------------------------------------------- APPENDIX A4 Cyrix Cx5x86, IBM 5x86 configuration Registers for access Register Full Register Name Index size(bits) MAPEN(3..0) PCR0 Perfomance Control register 20h 8 1 CCR1 Configuration Control Register #1 C1H 8 x CCR2 Configuration Control Register #2 C2H 8 x CCR3 Configuration Control Register #3 C3H 8 x CCR4 Configuration Control Register #4 E8h 8 1 SMAR SMM Address Region CDH-CFH 24 x PMR Power Managment register F0h 8 1 DIR0 Device Identification register #0 FEH 8 x DIR1 Device Identification register #1 FFH 8 x For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH,FEH,FFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR1 00H CCR2 00H CCR3 00H SMAR 0 DIR0 see DIR0 description DIR1 see DIR1 description format of registers: PCR0: Bit Name Description 7 LSSER If set, all memory reads/writes will occur in execution order 6..3 Reserved 2 LOOP_EN If set, enables faster support for loops. 1 BTB_EN If set, enables the Branch Target Buffer for branch prediction 0 RSTK_EN If se, enables call return stack CCR1: Bit Name Description 7..4 Reserved 3 MMAC (Main Memory Access) If =1 then all data access which occur within SMI routine (when SMAC=1) accessing main memory instead SMM space =0 No affects on access 2 SMAC (System Managment Memory Access) If =1 Any access within SMM memory space issued with SMAADS# output active, SMI# ignored =0 No affects on access 1 SMI (Enable SMM pins) If =1 then enable SMI# i/o pin and SMADS# output pin =0 Float it 0 Reserved CCR2: Bit Name Description 7 SUSP (Enable Suspend pins) If =1 SUSP# input and SUSPA# output pins enabled =0 Float 6 BWRT (Enable Burst Write Cycle) If =1 enable use of 16byte burst WB cycle =0 disable 5 Reserved 4 WT1 (Write-Through Region 1) If =1 Forces all writes to the 640KB-1MB region that hit in cache issued on the external bus 3 HALT (Suspend on HALT) If =1 CPU enters suspend mode following execution HLT instruction. 2 LOCK_NW (Lock NW bit) If =1 Prohibits changing the state of NW bit in CR0 1 WBAK (Enable WB Cache Interface pins) If =1 then enable INVAL,WM_RST and HITM# pins =0 float it 0 Reserved CCR3: Bit Name Description 7..4 MAPEN(3-0) (Register Mapping Enable) If set to 0001b all register accessible, else 0000h then accessed only (C0j-CFh,FEh,FFh) 3 SMM_MODE If =1, then CPU hardware interface pins are redefined to function like SMM hardware interface on SL Enhanced Intel's CPUs 2 LINBRST If =1, CPU will use linear address sequence when performing burst cycle, If =0 CPU will used 1+4 address sequence. 1 NMIEN (NMI Enable) If =1 then NMI enable during SMM If =0 NMI don't recognizing during SMM 0 SMI_LOCK (SMM Register Lock) If =1 the following SMM control bits can not be modified: CCR1: bits 1,2,3 CCR3: bit 1 But this bit may be changed in SMM. This bit (SMI_LOCK) clearing RESET only. SMAR: (Index CDh) Bit Description 7..0 A31..A24 bits of starting adress of SMM region (Index CEh) Bit Description 7..0 A23..A16 bits of starting adress of SMM region (Index CFh) Bit Description 7..4 A15..A12 bits of starting adress of SMM region 3..0 Size of SMM region: 0000 SMM region disabled 0001 4K 0010 8K 0011 16K 0100 32K 0101 64K 0110 128K 0111 256K 1000 512K 1001 1M 1010 2M 1011 4M 1100 8M 1101 16M 1110 32M 1111 4K CCR4: Bit Name Description 7 CPUIDEN (Enable CPUID instruction) If =1 bit 21 of EFLAGS (ID) may changed, and CPUID instruction enabled, else bit 21 of EFLAGS =0 forever and CPUID caused INT 6 - Invalid Opcode 6 Reserved 5 FP_FAST If =1, FPU execution reporting enabled 4 DTE If =1, Directory Table Entry cache is enabled 3 MEM_BYP If =1, Enabled memory read bypassing 2..0 IORT[2..0] Specify minimum number of bus clocks between two I/O accesses (I/O recovery time) 000 - No Delay 001 - 2 clk 010 - 4 clk 011 - 8 clk 100 - 16 clk 101 - 32 clk (Default Value) 110 - 64 clk 111 - 128 clk PMR: Bit Name Description 7..3 Reserved 2..0 CLK[2..0] Select Bus/Core Operation Frequency CLK2 CLK1 CLK0 Core/Bus 1 x x 1/2 0 0 0 1/1 0 0 1 2/1 0 1 0 3/1 0 1 1 reserved DIR0: Bit Description 7..0 (Device Identification) Value Description Core/Bus clk 29h or 2Bh Cx/IBM/ST 5x86 2/1 2Dh or 2Fh Cx/IBM/ST 5x86 3/1 DIR1: Bit Name Description 7..4 SID Stepping Identificator 3..0 RID Revision Identification Note: 5x86 Cyrix/IBM/ST Stepping Revision 0 0 EDX after reset = [15:8]=DIR1, [7:0]=DIR0 0 1 EDX after reset = [15:8]=DIR1, [7:0]=DIR0 0 2 EDX after reset = [15:8]=04h [7:0]=90h 0 5 1 3 see Appendix A1 for more info about identification. --------------------------------------------------- APPENDIX A5 Cyrix Cx6x86 (M1), IBM 6x86 configuration Registers for access Register Full Register Name Index size(bits) MAPEN(3..0) DBR0 30H 8 ? ??? 31H 8 ? ??? 32H 8 ? ??? 33H 8 ? ??? 34H 8 ? ??? 38H 8 ? ??? 3CH 8 ? CCR0 Configuration Control Register #0 C0H 8 x CCR1 Configuration Control Register #1 C1H 8 x CCR2 Configuration Control Register #2 C2H 8 x CCR3 Configuration Control Register #3 C3H 8 x ARR0 Address Region Register #0 C4H-C6H 24 x ARR1 Address Region Register #1 C7H-C9H 24 x ARR2 Address Region Register #2 CAH-CCH 24 x ARR3 Address Region Register #3 CDH-CFH 24 x ARR4 Address Region Register #4 D0H-D2H 24 1 ARR5 Address Region Register #5 D3H-D5H 24 1 ARR6 Address Region Register #6 D6H-D8H 24 1 ARR7 Address Region Register #7 D9H-DBH 24 1 RCR0 Region Configuration Register #0 DCh 8 1 RCR1 Region Configuration Register #1 DDh 8 1 RCR2 Region Configuration Register #2 DEh 8 1 RCR3 Region Configuration Register #3 DFh 8 1 RCR4 Region Configuration Register #4 E0h 8 1 RCR5 Region Configuration Register #5 E1h 8 1 RCR6 Region Configuration Register #6 E2h 8 1 RCR7 Region Configuration Register #7 E3h 8 1 CCR4 Configuration Control Register #4 E8h 8 1 CCR5 Configuration Control Register #5 E9h 8 1 DIR0 Device Identification register #0 FEH 8 x DIR1 Device Identification register #1 FFH 8 x For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH,FEH,FFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR1 00H CCR2 00H CCR3 00H SMAR 0 DIR0 see DIR0 description DIR1 see DIR1 description format of registers: DBR0: Note: This Register is Undocumented Bit Name Description 7 ? ???? 6 ? BTB TR access enabled if = 1 MOV to/from TR1/2 enabled 5 ? Data bypassing and forwarding Enable (default set to 1) 4-0 ? ??? Registers with Indexes 31h,32h,33h: Used for perfomance control or CPU pipeline debbuging. (Usually = 0). Registers with indexes 34h,38h,3Ch exist, but description ???? CCR0: Bit Name Description 7..2 Reserved 1 NC1 (Non-cachable 1MB) If =1 then area 640KM-1MB is non-cachable. CCR1: Bit Name Description 7 SM3 (System Managment Address Region 3) If =1 then ARR3 used as SMM address space region 6..5 Reserved 4 NO_LOCK (No Lock Cycles) If =1 all bus cycles are issued with LOCK# pin negated, except page tables access and INTA cycles. 3 Reserved 2 SMAC (System Managment Memory Access) If =1 Any access within SMM memory space issued with SMAADS# output active, SMI# ignored =0 No affects on access 1 SMI (Enable SMM pins) If =1 then enable SMI# i/o pin and SMADS# output pin =0 Float it 0 Reserved CCR2: Bit Name Description 7 SUSP (Enable Suspend pins) If =1 SUSP# input and SUSPA# output pins enabled =0 Float 6..5 Reserved 4 WPR1 (Write-Protected Region 1) If =1 then any cachable accesses in the 640KB-1MB region are Write-Protected 3 HALT (Suspend on HALT) If =1 CPU enters suspend mode following execution HLT instruction. 2 LOCK_NW (Lock NW bit) If =1 Prohibits changing the state of NW bit in CR0 1..0 Reserved CCR3: Bit Name Description 7..4 MAPEN(3-0) (Register Mapping Enable) If set to 0001b all register accessible, else 0000h then accessed only (C0h-CFh,FEh,FFh) 3 Reserved 2 LINBRST If =1, CPU will use linear address sequence when performing burst cycle, If =0 CPU will used 1+4 address sequence. 1 NMIEN (NMI Enable) If =1 then NMI enable during SMM If =0 NMI don't recognizing during SMM 0 SMI_LOCK (SMM Register Lock) If =1 the following SMM control bits can not be modified: CCR1: bits 1,2,3 CCR3: bit 1 ARR3: Starting address and Block size But this bit may be changed in SMM. This bit (SMI_LOCK) clearing RESET only. ARRi: -- Starting Address --- Region ARR # A31-A24 A23-A16 A15-A12 Block Size 7..0 7..0 7..4 3..0 (Bits) ARR0 C4h C5h C6h C6h (Index) ARR1 C7h C8h C9h C9h ARR2 CAh CBh CCh CCh ARR3 CDh CEh CFh CFh ARR4 D0h D1h D2h D2h ARR5 D3h D4h D5h D5h ARR6 D6h D7h D8h D8h ARR7 D9h DAh DBh DBh (ARRi^) (index) (Index ARRi+0) Bit Description 7..0 A31..A24 bits of starting adress of region #i (Index ARRi+1) Bit Description 7..0 A23..A16 bits of starting adress of region #i (Index ARRi+2) Bit Description 7..4 A15..A12 bits of starting adress of region #i 3..0 Size of region #i : Value ARR0-ARR6 ARR7 0000 **** region disabled **** 0001 4K 256K 0010 8K 512K 0011 16K 1M 0100 32K 2M 0101 64K 4M 0110 128K 8M 0111 256K 16M 1000 512K 32M 1001 1M 64M 1010 2M 128M 1011 4M 256M 1100 8M 512M 1101 16M 1G 1110 32M 2G 1111 4K 4G RCRi: Bit Name ARR# Description 7..6 any Reserved 5 NBL any If =1 LBA# pin is negated for corresponding region 4 WT any If =1 Write-Throught caching is enable for region 3 WG any If =1 Write Gathering enabled for region 2 WL any If =1 Weak Locking enable for region 1 WWO any If =1 weak write ordering enable for region 0 RCD 0..6 If =1 address region is non-cachable 0 RCE 7 If=1 region is cachable and implies thet address space outside of region is non-cachable. CCR4: Bit Name Description 7 CPUIDEN (Enable CPUID instruction) If =1 bit 21 of EFLAGS (ID) may changed, and CPUID instruction enabled, else bit 21 of EFLAGS =0 forever and CPUID caused INT 6 - Invalid Opcode 6..5 Reserved 4 DTE If =1, Directory Table Entry cache is enabled 3 Reserved 2..0 IORT[2..0] Specify minimum number of bus clocks between two I/O accesses (I/O recovery time) 000 - No Delay 001 - 2 clk 010 - 4 clk 011 - 8 clk 100 - 16 clk 101 - 32 clk (Default Value) 110 - 64 clk 111 - 128 clk CCR5: Bit Name Description 7 Reserved 6 VIPERM If = 1 then prevents any access to contol registers outside of range C0..CF if MAPEN in CCR3 has the other value that 1. Note: This is effect of Disable CPU identification via DIR0 and DIR1 (reads FFh while VIPERM=1 and MAPEN != 1). 5 ARREN (Address region registers Enable) If =1 then Enable all ARRs, If =0 all ARRs disable, but if SM3=1 then ARR3 enable. 4 LBR1 If =1 LBA# pin asserted for all accesses to the 640KB-1MB region 3..2 Reserved 1 SLOP (Slow Loop Instruction) Slow Loop instruction make CPU more compatible with Pentium for critical-timing rootining. 0 WT_ALLOC If =1 new cache lines allocated for both read misses and write misses, else only on read misses. DIR0: Bit Description 7..0 (Device Identification) Value Description Core/Bus clk Note 20h or 22h 6x86 (M1) 1/1 Early 6x86 21h or 23h 6x86 (M1) 2/1 25h or 27h 6x86 (M1) 4/1 24h or 26h 6x86 (M1) 3/1 30h or 32h 6x86 (M1) 1/1 Modern 6x86 31h or 33h 6x86 (M1) 2/1 35h or 37h 6x86 (M1) 4/1 34h or 36h 6x86 (M1) 3/1 DIR1: Bit Name Description 7..4 SID Stepping Identificator 3..0 RID Revision Identification Value Description 0xh - Old Cyrix Samplers of 6x86 ??? 1xh - Normal 6x86. 10h,11h,12h - Early 6x86s (with DIR0 = 2xh) 14h - v2.4 15h - v2.5 16h - v2.6 17h - v2.7 or 3.7 (first with no NT problems, with SLOP bit). 2xh - 6x86L (Dual Voltage,Lower Power) 20h,21h - Samplers 22h - v4.0 (no SLOP support) Note: Register with Index FCh contains CPU family. Initialized by 05h, but may be changed by USER, look CPUID instruction for more info. see Appendix A1 for more info about identification ----------------------------- Format of TR1,TR2 registers: (Table ) Note: Need to Enable MOV to/from TR1/2 using DBR0 register in processor control space. TR1: Bits Description 31..5? ????? 5..3 Index of register in BTB Control space. (Register will be accesable via TR2) 2..0 ???? TR2: Data, which will be written/reading from/to register Registers in BTB control space: Reg 4 - ??????? Reg 5: Bits Description 0 BTB Disable 1 Far BTB COF hits enable. If =1 enable BTB to predict intersegment jumps. 2 Return Stack Enable 3 ???? (used) 4..31 ????? --------------------------------------------------- APPENDIX A6 Cyrix Cx6x86MX (M2) for access Register Full Register Name Index size(bits) MAPEN(3..0) CCR0 Configuration Control Register #0 C0H 8 x CCR1 Configuration Control Register #1 C1H 8 x CCR2 Configuration Control Register #2 C2H 8 x CCR3 Configuration Control Register #3 C3H 8 x ARR0 Address Region Register #0 C4H-C6H 24 x ARR1 Address Region Register #1 C7H-C9H 24 x ARR2 Address Region Register #2 CAH-CCH 24 x ARR3 Address Region Register #3 CDH-CFH 24 x ARR4 Address Region Register #4 D0H-D2H 24 1 ARR5 Address Region Register #5 D3H-D5H 24 1 ARR6 Address Region Register #6 D6H-D8H 24 1 ARR7 Address Region Register #7 D9H-DBH 24 1 RCR0 Region Configuration Register #0 DCh 8 1 RCR1 Region Configuration Register #1 DDh 8 1 RCR2 Region Configuration Register #2 DEh 8 1 RCR3 Region Configuration Register #3 DFh 8 1 RCR4 Region Configuration Register #4 E0h 8 1 RCR5 Region Configuration Register #5 E1h 8 1 RCR6 Region Configuration Register #6 E2h 8 1 RCR7 Region Configuration Register #7 E3h 8 1 CCR4 Configuration Control Register #4 E8h 8 1 CCR5 Configuration Control Register #5 E9h 8 1 CCR6 Configuration Control Register #6 EAh 8 1 DIR0 Device Identification register #0 FEH 8 x DIR1 Device Identification register #1 FFH 8 x For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH,FEH,FFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR1 00H CCR2 00H CCR3 00H SMAR 0 DIR0 see DIR0 description DIR1 see DIR1 description format of registers: CCR0: Bit Name Description 7..2 Reserved 1 NC1 (Non-cachable 1MB) If =1 then area 640KM-1MB is non-cachable. CCR1: Bit Name Description 7 SM3 (System Managment Address Region 3) If =1 then ARR3 used as SMM address space region 6..5 Reserved 4 NO_LOCK (No Lock Cycles) If =1 all bus cycles are issued with LOCK# pin negated, except page tables access and INTA cycles. 3 Reserved 2 SMAC (System Managment Memory Access) If =1 Any access within SMM memory space issued with SMAADS# output active, SMI# ignored =0 No affects on access 1 SMI (Enable SMM pins) If =1 then enable SMI# i/o pin and SMADS# output pin =0 Float it 0 Reserved CCR2: Bit Name Description 7 SUSP (Enable Suspend pins) If =1 SUSP# input and SUSPA# output pins enabled =0 Float 6..5 Reserved 4 WPR1 (Write-Protected Region 1) If =1 then any cachable accesses in the 640KB-1MB region are Write-Protected 3 HALT (Suspend on HALT) If =1 CPU enters suspend mode following execution HLT instruction. 2 LOCK_NW (Lock NW bit) If =1 Prohibits changing the state of NW bit in CR0 1 SADS If =1 CPU insert an idle cyce following the BRDY# and idle cycle prior to asserting ADS# 0 Reserved CCR3: Bit Name Description 7..4 MAPEN(3-0) (Register Mapping Enable) If set to 0001b all register accessible, else 0000h then accessed only (C0h-CFh,FEh,FFh) 3 Reserved 2 LINBRST If =1, CPU will use linear address sequence when performing burst cycle, If =0 CPU will used 1+4 address sequence. 1 NMIEN (NMI Enable) If =1 then NMI enable during SMM If =0 NMI don't recognizing during SMM 0 SMI_LOCK (SMM Register Lock) If =1 the following SMM control bits can not be modified: CCR1: bits 1,2,3 CCR3: bit 1 CCR6: bits 6,1,0 ARR3: Starting address and Block size But this bit may be changed in SMM. This bit (SMI_LOCK) clearing RESET only. ARRi: -- Starting Address --- Region ARR # A31-A24 A23-A16 A15-A12 Block Size 7..0 7..0 7..4 3..0 (Bits) ARR0 C4h C5h C6h C6h (Index) ARR1 C7h C8h C9h C9h ARR2 CAh CBh CCh CCh ARR3 CDh CEh CFh CFh ARR4 D0h D1h D2h D2h ARR5 D3h D4h D5h D5h ARR6 D6h D7h D8h D8h ARR7 D9h DAh DBh DBh (ARRi^) (index) (Index ARRi+0) Bit Description 7..0 A31..A24 bits of starting adress of region #i (Index ARRi+1) Bit Description 7..0 A23..A16 bits of starting adress of region #i (Index ARRi+2) Bit Description 7..4 A15..A12 bits of starting adress of region #i 3..0 Size of region #i : Value ARR0-ARR6 ARR7 0000 **** region disabled **** 0001 4K 256K 0010 8K 512K 0011 16K 1M 0100 32K 2M 0101 64K 4M 0110 128K 8M 0111 256K 16M 1000 512K 32M 1001 1M 64M 1010 2M 128M 1011 4M 256M 1100 8M 512M 1101 16M 1G 1110 32M 2G 1111 4G 4G RCRi: Bit Name ARR# Description 7 any Reserved 6 INV_RGN 0..6 If =1, then all memory outside specific memory region treated as RCR flags for this region (Inversion) 5 any Reserved 4 WT any If =1 Write-Throught caching is enable for region 3 WG any If =1 Write Gathering enabled for region 2 WL any If =1 Weak Locking enable for region 1 any Reserved 0 CD any If =1 address region is non-cachable CCR4: Bit Name Description 7 CPUIDEN (Enable CPUID instruction) If =1 bit 21 of EFLAGS (ID) may changed, and CPUID instruction enabled, else bit 21 of EFLAGS =0 forever and CPUID caused INT 6 - Invalid Opcode 6..3 Reserved 2..0 IORT[2..0] Specify minimum number of bus clocks between two I/O accesses (I/O recovery time) 000 - 1 clk 001 - 2 clk 010 - 4 clk 011 - 8 clk 100 - 16 clk 101 - 32 clk (Default Value) 110 - 64 clk 111 - no delay Note: 6x86 (M1), 000 - no delay, 111 - 128 clk CCR5: Bit Name Description 7..6 Reserved 5 ARREN (Address region registers Enable) If =1 then Enable all ARRs, If =0 all ARRs disable, but if SM3=1 then ARR3 enable. 4..1 Reserved 0 WT_ALLOC If =1 new cache lines allocated for both read misses and write misses, else only on read misses. CCR6: Bit Name Description 7 Reserved 6 N (Nested SMI Enable bit) If =1 enable nesting of SMI If = 0 disabled. (This bit automatically cleared when entered every SMI routine) 5..2 Reserved 1 WP_ARR3 (Write Protected Memory Region # 3) if =1 Memory region defined by ARR3 is write-protected, when operating outside SMM mode 0 SMM_MODE (SMM Mode) if = 1 Enable Cyrix Enhanced SMM if = 0 Disable Cyrix Enhanced SMM DIR0: Bit Description 7..0 (Device Identification) Value Description Core/Bus clk 5xh 6x86MX (see APPENDIX B for more details) DIR1: Bit Name Description 7..4 SID Stepping Identificator 3..0 RID Revision Identification see Appendix A1 for more info about identification Note: Try to test some Undocument Registers from Cx6x86. ---------------------------------------------- APPENDIX B Codes which returned after Reset in EDX DH DL Type of CPU Steppin Model ID Revision ------------------------------------------------------------ i386DX A (00h) ??? :Early Models B0-B10 03h 03h 04h :??? D0 05h D1-D2 08h E0,E1,F0 08h ------------------------------------------------------------ Am386DX/DXL A 03h 05h B 08h ------------------------------------------------------------ i386SX A0 23h 04h B 05h C,D,E 08h ------------------------------------------------------------ Am386SX/SXL A1 23h 05h B 08h ------------------------------------------------------------ Intel386CXSA A 23h 09h ------------------------------------------------------------ Intel386CXSB A 23h 09h ------------------------------------------------------------ i386EX A 23h 09h ------------------------------------------------------------ Intel386SXSA ? 23h 09h ------------------------------------------------------------ i376 A0 33h 05h B 08h ------------------------------------------------------------ i386SL A0-A3 43h 0xh (05H) B0-B1 1xh ------------------------------------------------------------ RapidCAD (tm) A 03h 40h B 41h ------------------------------------------------------------ IBM 386SLC A A3h xxh ------------------------------------------------------------ Cx486SLC A 04h 10h ------------------------------------------------------------ TI486SLC/DLC/e A 04h 10h B 11h ------------------------------------------------------------ TI486SXL/SXLC A 04h 10h B 11h ------------------------------------------------------------ i486DX A0/A1 04h 00h B2-B6 01h C0 02h C1 03h D0 04h cA2,cA3 10h cB0,cB1 11h cC0 13h aA0,aA1 14h : SL Enhanced aB0 15h : SL Enhanced ------------------------------------------------------------ Am486DX any 04h 12h ------------------------------------------------------------ UMC U5SD any 04h 1xh ------------------------------------------------------------ i486SX A0 04h 20h B0 22h bBx 23h : SL Enhanced gAx 24h cA0 27h cB0 28h aA0,aA1 2Ah : SL Enhanced aB0,aC0 2Bh : SL Enhanced ------------------------------------------------------------ i487SX A0 04h 20h B0 21h ------------------------------------------------------------ UMC U5S any 04h 23h ------------------------------------------------------------ UMC U5SX 486-A any 04h 23h ------------------------------------------------------------ UMC U5SD 04h 23h ------------------------------------------------------------ Cx5x86 0,rev 1- 04h 29h : core/bus clk=2/1 +clones 2Bh : core/bus clk=2/1 +clones 2Dh : core/bus clk=3/1 +clones 2Fh : core/bus clk=3/1 +clones ------------------------------------------------------------ i486DX2 & A0-A2 04h 32h OverDrive (tm) B1 33h aA0,aA1 34h : SL Enhanced aB0,aC0 35h : SL Enhanced ------------------------------------------------------------ Am486DX2 any 04h 32h : 66 and 80 MHz ------------------------------------------------------------ Am486DXL2 any 04h 32h ------------------------------------------------------------ Am486DX4 any 04h 32h : Original any 04h 84h : Enhanced in WT mode 04h 94h : Enhanced in WB mode ------------------------------------------------------------ UMC U486DX2 any 04h 3xh : ??? ------------------------------------------------------------ UMC U486SX2 any 04h 5xh : ??? ------------------------------------------------------------ i486SL A 04h 40h ?? 41h ------------------------------------------------------------ i486SX2 aC0 04h 5Bh : SL Enhanced ------------------------------------------------------------ IntelSX2 (tm) A 04h 5xh OverDrive (tm) ------------------------------------------------------------ WB Enh IntelDX2 A 04h 70h : in WB mode (P24D) 36h : in WT mode ------------------------------------------------------------ IBM BL486DX2 A 04h 80h ------------------------------------------------------------ IntelDX4 (tm) A 04h 80h ------------------------------------------------------------ TI TI486DX2 any 04h 80h ------------------------------------------------------------ TI TI486DX4 any 04h 81h ------------------------------------------------------------ IntelDX4 (tm) A 14h 80h : DX4ODPR (5V IntelDX4) OverDrive (tm) ------------------------------------------------------------ Cx5x86 0,rev 2+ 04h 90h ------------------------------------------------------------ Write-Back Enh. A 04h 83h : WT Mode IntelDX4 (tm) 90h : WB mode ------------------------------------------------------------ AMD Am5x86 A 04h 84h : x3, WT mode 94h : x3, WB mode E4h : x4, WT mode F4h : x4, WB mode ------------------------------------------------------------ IBM 486SLC A A4h 0xh ------------------------------------------------------------ IBM 486SLC2 Ax A4h 1xh Bx 2xh ?? 3xh ------------------------------------------------------------ IBM 486BLX3 A 84h xxh ------------------------------------------------------------ Cyrix M5 all 00h 05h (Cx486S/D) ------------------------------------------------------------ Cyrix M6 all 00h 06h (Cx486DX) ------------------------------------------------------------ Cyrix M7 all 00h 07h (Cx486DX2) ------------------------------------------------------------ Cyrix M8 all 00h 08h (Cx486DX4) ------------------------------------------------------------ Am5k86 (SSA/5) all 05h 0xh E 05h 00h F 01h ------------------------------------------------------------ Am5k86 (K5) all 05h 1xh : (x1.5) 05h 2xh : (x1.75) 05h 3xh : (x2) ------------------------------------------------------------ Am6k86 (K6) all 05h 6xh 7xh 8xh 9xh ------------------------------------------------------------ Pentium (P5) Ax 05h 0xh : (FPU bug) B1 05h 13h : (FPU bug) B2 05h 14h : (FPU bug) C1 05h 15h : (FPU bug) D1 05h 17h ------------------------------------------------------------ Pentium (P54C) B1 05h 21h : (FPU bug) (P54CS) B3 05h 22h : (FPU bug) (P54CSQ) B5 05h 24h : (FPU bug) C1 05h 25h C2 25h E0 26h : 75,90,100,120 MHz cB1 2Bh : 120,133 MHz cC0 2Ch : 133,150,166,200 MHz ------------------------------------------------------------ Pentium mA1 05h 25h (P54LM) mcB1 2Bh (Mobile) mcC0 2Ch (Vcc=2.9V) mA4 70h ------------------------------------------------------------ Pentium Overdrive B1 15h 31h : PODP5V63, PODP5V83 (Vcc=5V)(P24T) B2 15h 31h : (Socket 3,6) C0 15h 32h ------------------------------------------------------------ Pentium OverDrive tA0 05h 1Ah : PODP5V120, PODP5V133 (P5T) : (Socket 4) ------------------------------------------------------------ Pentium OverDrive aC0 05h 2Ch : PODP3V125, PODP3V150 (P54T) : PODP3V166 : (Socket 5,7) ------------------------------------------------------------ NexGen Nx586 05h 0xh 04h : 120 MHz 06h : 133 MHz ------------------------------------------------------------ Cx6x86 05h 2xh : early models (M1) 30h : core/bus = 1/1 32h : core/bus = 1/1 31h : core/bus = 2/1 33h : core/bus = 2/1 34h : core/bus = 3/1 36h : core/bus = 3/1 35h : core/bus = 4/1 37h : core/bus = 4/1 ------------------------------------------------------------ Pentium w/MMX A1 05h 41h (P55C) A2 42h xB1/mxB1 43h xA3/mxA3 44h ------------------------------------------------------------ Pentium MMX oxA3 15h 44h OverDrive (P55CTP) ------------------------------------------------------------ CxGx86 05h 4xh ------------------------------------------------------------ Cx6x86MX 06h 51h : core/bus = 2/1 (M2) 06h 53h : core/bus = 3/1 06h 54h : core/bus = 3.5/1 06h 55h : core/bus = 2.5/1 06h 59h : core/bus = 2/1 06h 5Ah : core/bus = 2.5/1 06h 5Bh : core/bus = 3/1 06h 5Ch : core/bus = 3.5/1 ------------------------------------------------------------ Intel Pentium OverDrive 25h 2xh : will be Set as second CPU (P54M) ------------------------------------------------------------ Pentium Pro (P6) 06h 0xh ; Engineering Sample 133MHz 0.6mkm 06h 11h ; Engineering Sample 150MHz B0 06h 11h ; 133,150 MHz C0 06h 12h ; 150 MHz sA0 06h 16h ; 166,180,200 MHz sA1 06h 17h ; 166,180,200 MHz sB1 06h 19h ; 166,180,200 MHz ------------------------------------------------------------ Pentium II C0 06h 33h (P6L,Klamath) ------------------------------------------------------------ OverDrive for 16h 3xh Socket 8 (P6T) ------------------------------------------------------------ Note: For detection Cyrix's chips refer to APPENDIX A1. Note: Then Intel Pentium and higher chips, included APIC and setup as dual processor, wheys id code changed from 0xxxh to 2xxxh. -------------------------------------------- APPENDIX C0 iCOMP index for Intel's Microprocessors i386SX-20 32 i386SX-25 39 i386SL-25 41 i386DX-25 49 i386DX-33 68 i486SX-20 78 i486SX-25 100 ; Base model for test iCOMP=100 by define i486DX-25 122 i486SX-33 136 i486DX-33 166 i486DX2-20/40 166 IntelSX2-25/50 180 i486DX2-25/50 231 i486DX-50 249 IntelDX4-20/60 258 i486DX2-33/66 297 Pentium OverDrive-20/50 314 ; P24T IntelDX4-25/75 319 ; P24C IntelDX4-33/100 435 ; P24C Pentium OverDrive-25/63 443 ; P24T Pentium-(510\60) 510 ; P5 Pentium-(567\66) 567 ; P5 Pentium OverDrive-33/83 581 ; P24T Pentium-(610\75) 610 ; P54C,P54LM Pentium-(735\90) 735 ; P54C,P54LM Pentium-(815\100) 815 ; P54C Pentium-(1000\120) 1000 ; P54CSQ Pentium-(133) 1110 ; P54CSQ iCOMP index 2.0 for Intel Microprocessors Pentium-75 67 Pentium-90 81 Pentium-100 90 Pentium-120 100 ; Base Model iCOMP 2.0 = 100 Pentium-133 111 Pentium-150 114 Pentium-166 127 Pentium-200 142 Pentium Pro-150 168 Pentium Pro-180 197 Pentium Pro-200 220 ---------------------------------------------- APPENDIX C1 Cyrix Microprocessors Relative Perfomance Cyrix Inc. Used for declaration of perfomance of theys microprocessors tests based on PC Bench 8.0 and normalization. CPU Perfomance Scores Cx486SLC-25 36 Cx486SLC-33 39 Cx486SLC2-50 40 Cx486DLC-33 69 Cx486DLC-40 83 Cx486DX-33 100 ; <--- Base Point Cx486DX-40 118 Cx486DX2-50 139 Cx486DX-50 148 Cx486DX2-66 179 Cx486DX2-V80 209 ---------------------------------------------- APPENDIX C2 CPU's perfomance Note: Data was get on different M/B and configurations, so treat this tables like simple numbers, which said perfomance is xxx +-10%. CPUMark 32 CPUMark 16 P-rating AMD Am5k86-75 (SSA/5) 154 AMD Am5k86-90 (SSA/5) 187 AMD Am5k86-100 (SSA/5) 208 AMD Am5k86-133 (K5) 271 247 AMD Am5k86-166 (K5) 306 303 Pentium-75 174 168 Pentium-90 210 201 Pentium-100 233 223 Pentium-120 257 247 Pentium-133 283 278 Pentium-150 286 296 Pentium-166 321 326 Pentium-200 358 Cyrix Cx6x86-P120+ 235 247 Cyrix Cx6x86-P133+ 260 Cyrix Cx6x86-P150+ 283 298 Cyrix Cx6x86-P166+ 316 329 Cyrix Cx6x86-P200+ 350 340 Pentium w/MMX-166 378 380 Pentium w/MMX-200 425 429 Pentium Pro-150-256 420 Pentium Pro-180-256 493 Pentium Pro-200-256 540 358 Pentium Pro-200-512 610 AMD Am6k86-200 520 427 Pentium II-233 632 468 Pentium II-266 721 536 Pentium II-300 813 603 ------------------------------------------------ APPENDIX D0 Pentium P54C+ Build-in APIC (Advanced programmable Interrupt Controller) Base Address of Build-in APIC in memory location is 0FEE00000H. Map of APIC REgisters: Offset (hex) Description Read/Write state 0 Reserved 10 Reserved 20 Local APIC ID R/W 30 Local APIC Version R 40-70 Reserved 80 Task Priority Register R/W 90 Arbitration Priority Register R A0 Processor Priority Register R B0 EOI Register W C0 Remote read R D0 Logical Destination R/W E0 Destination Format Register 0..27 R 28..31 R/W F0 Spurious Interrupt Vector Reg. 0..3 R 4..9 R/W 100-170 ISR 0-255 R 180-1F0 TMR 0-255 R 200-270 IRR 0-255 R 280 Error Status Register R 290-2F0 Reserved 300 Interrupt Command Reg. (0-31) R/W 310 Interrupt Command Reg. (32-63) R/W 320 Local Vector Table (Timer) R/W 330-340 Reserved 350 Local Vector Table (LINT0) R/W 360 Local Vector Table (LINT1) R/W 370 Local Vector Table (ERROR) R/W 380 Initial Count Reg. for Timer R/W 390 Current Count of Timer R 3A0-3D0 Reserved 3E0 Timer Divide Configuration Reg. R/W 3F0 Reserved Note: Pentium-120MHz (Step C2) Never have APIC --------------------------------------------------- APPENDIX D1 INTEL 386/486SL REGISTERS Note: Intel Chipset for SL microprocessors (i386SL,i486SL) contain self CPU and 82360SL chip. [i386SL] Note: address of register in Normal I/O space Name of Register Address Default Value Where placed Size CPUPWRMODE 22h 0 CPU 16 CFGSTAT 23h 0 82360SL 8 CFGINDEX 24h 0 82360SL 16 CFGDATA 25h xxh 82360SL 16 EMSCNTLREG 28h 0 CPU 8 EMSINDEXREG 2Ah 0 CPU 16 EMSDPREG 2Ch xxh CPU 16 PORT92 92h 0 CPU 8 PORT102 102h 0 CPU 8 FAIL SAFE NMI CTRL 461h 0 CPU 8 The followed ports visible only when they enabled, Any writes to this ports caused the action it named. FAST CPU RESET EFh N/A 82360SL 8 FAST A20 GATE EEh N/A 82360SL 8 SLOW CPU F4h N/A CPU 8 FAST CPU F5h N/A CPU 8 SFS DISABLE F9h N/A CPU 8 SFS ENABLE FBh N/A CPU 8 Format of CPUPWRMODE register (i386SL): Bits Name Description (Table ) 15 DT If Unlock Status { // See bit 0 of this register if bit=0 then access to 82360SL if bit=1 then access to CPUPWRMODE register } If Lock Staus { // i.e.SB=1 (De-Turbo Select Bit) Selected clock speed If bit=0 then EFI/2 If bit=1 then EFI/4 } 14 0 Reserved 13..11 IMCPC (Idle MCP Clock) 13.12.11 Description 000 EFI 001 EFI/2 010 EFI/4 011 EFI/8 100 EFI/16 101 Reserved 110 Reserved 111 Stop Clock 10,9 SLC (Slow CPU clock) 10.9 Description 00 EFI 01 EFI/2 10 EFI/4 11 EFI?8 8 CPUCNFG If =1 CPU Lock. (Write Protect to CPUPMODE register) 7 FD (Flash Disk Enable) If bit=1 then phisical addresses D0000H - DFFFFh automatically never caching. 6 0 Reserved 5,4 FCC (Fast CPU clock) 5.4 Description 00 EFI 01 EFI/2 10 EFI/4 11 EFI/8 3,2 US (Unit Select) Select Unit of 82360SL which will be accessable through 23h-25h I/O Ports 3.2 Description 00 On-Board Memory Controller 01 Cache Unit 10 Internal Bus Unit 11 External Bus Unit 1 UE (Unit Enable) If =1 Enable to Access Units else enable to access System bus. 0 SB (Status Bit) If =0 Enable access to CPUPWRMODE register If =1 Disable Format of EMSCNTLREG: Bits Description (Table ) 7 (Global Enable) If =1 EMS enable 6 Valid bit 5 EMSDP Status Bit (Read Only) 4..2 Reserved 1..0 Active EMS Set (0-3) Format of EMSINDEXREG: Bits Description (Table ) 15..10 Reserved 9..8 EMS set (0-3) 7..6 Reserved 5..0 EMS Page Register Index (0-64) Format of EMSDPREG: Bits Description (Table ) 15 This EMS Page Enable (i.e. page indexed by EMSINDEXREG) 14 EMS Valid bit 13..11 reserved 10..0 Address lines A24..A14 for page selected by EMSINDEXREG Important Note: i386SL have SIGNATURE register have index 30Eh in On-Board Memory Controller Configuration Space. This Register contain Stepping Info of i386SL. Stepping Signature Register DX register after reset A0 4300h 4310h A1 4300h 4310h A2 4301h 4310h A3 4302h 4310h B0 4310h 4311h B1 4311h 4311h [i486SL] Note: address of register in Normal I/O space Name of Register Address Default Value Where placed Size CPUPWRMODE 22h 100H CPU 16 CFGSTAT 23h 0 82360SL 8 CFGINDEX 24h 0 82360SL 16 CFGDATA 25h xxh 82360SL 16 PORT92 92h 0 CPU 8 PORT102 102h 0 CPU 8 FAIL SAFE NMI CTRL 461h 0 CPU 8 The followed ports visible only when they enabled FAST CPU RESET EFh N/A 82360SL 8 FAST A20 GATE EEh N/A 82360SL 8 SLOW CPU F4h N/A CPU 8 FAST CPU F5h N/A CPU 8 SFS DISABLE F9h N/A CPU 8 SFS ENABLE FBh N/A CPU 8 Format of CPUPWRMODE register (i486SL): Bits Name Description (Table ) 15 DT If Unlock Status { // See bit 0 of this register if bit=0 then access to 82360SL if bit=1 then access to CPUPWRMODE register } If Lock Staus { // i.e.SB=1 (De-Turbo Select Bit) Selected clock speed If bit=0 then EFI/2 If bit=1 then EFI/4 } 14..13 0 Reserved 12 FPUERROR This bit controlled access to I/O port 0F0h, if =0 then access to internal F0h port, If =1 then access ISA bus. 11..9 0 Reserved 8 CPUCNFG If =1 CPU Lock. (Write Protect to CPUPMODE register) 7 0 RESERVED 6,5 FCC (Fast CPU clock) 5.4 Description 00 CPUCLK=definition=EFI/2 01 CPUCLK/2 10 CPUCLK/4 11 CPUCLK/8 4 0 Reserved 3,2 US (Unit Select) Select Unit of 82360SL which will be accessable through 23h-25h I/O Ports 3.2 Description 00 On-Board Memory Controller 01 Reserved 10 Internal Bus Unit 11 External Bus Unit 1 UE (Unit Enable) If =1 Enable to Access Units else enable to access System bus. 0 SB (Status Bit) If =0 Enable access to CPUPWRMODE register If =1 Disable Important Note: i486SL have SIGNATURE register have index 70Ah in On-Board Memory Controller Configuration Space. This Register contain Stepping Info of i486SL. Format Of this register provided below: Bits Description 15..12 Member of Family (4h - SL) 11..8 Family (4h - 486 family) 7..0 Revision Name (Not Same as in DX after reset) --------------------------------------------- APPENDIX E Pentium (tm) Processor Pairing Instruction Pentium (tm) is superscalar microprocessor i.e. it may execute >1 instruction per CLK cycle. It may execute maximum 2 instruction per cycle.It have two integer pipes to execute instruction. This pipes not same, and some instruction may pairing (i.e. execute together) (only if not link with this 2 instruction) only in U pipe, some other only in V pipe, other in any pipe,other absolutely not pairing and they executed on U pipe only. ------ Integer Part Note: PU - is pairable if issued to U pipe PV - is pairable if issued to V pipe UV - pairable in either pipe ADC Reg,Reg PU Reg,Mem PU Reg,Imm PU Mem,Reg PU Mem,Imm PU ADD Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV AND Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV CALL direct PV CMP Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV DEC Reg UV Mem UV INC Reg UV Mem UV Jcc any PV JMP Short PV Direct PV LEA Reg,Mem UV MOV Reg,Reg/Mem/Imm UV Mem,Reg UV NOP UV OR Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV POP Reg UV PUSH Reg UV Imm UV Rotates/Shifts: Reg,1 PU Mem,1 PU Reg,Imm PU Mem,Imm PU SUB Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV TEST Reg,Reg UV Mem,Reg UV Acc,Imm UV XOR Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV _____ Floating Part Note: FX - Pairing with FXCH (All other never pairing) FABS FX FADD FX FADDP FX FCHS FX FCOM FX FCOMP FX FDIV/R/P/RP FX FLD m32,m64,ST(i) FX Note: FLD m80 not pairing FMUL/P FX FSUB/P/R/RP FX FTST FX FUCOM/P/PP FX For more information refer to: 1) Optimization for Intel's 32-Bit Processors (Application Note AP-500) Gary CArleton) // Intel Corp. 1993 // Order Number 241799 2) Supplement to the Pentium (tm) Processor User's Manual // Intel Corp. 1993. ------------------------------------------------------------ APPENDIX F0 NON FP OPCODES Base Format of opcodes: Format of Postbyte: (Table ) MM RRR MMM MM - Memory addresing mode RRR - Register operand address MMM - Memory operand address RRR Register Names Fields 8bit 16bit 32bit 000 AL AX EAX 001 CL CX ECX 010 DL DX EDX 011 BL BX EBX 100 AH SP ESP 101 CH BP EBP 110 DH SI ESI 111 BH DI EDI 16bit memory (No 32 bit memory address prefix): MMM Default MM Field Field Sreg 00 01 10 11=MMM is reg 000 DS [BX+SI] [BX+SI+O8] [BX+SI+O16] 001 DS [BX+DI] [BX+DI+O8] [BX+SI+O16] 010 SS [BP+SI] [BP+SI+O8] [BP+SI+O16] 011 SS [BP+DI] [BP+DI+O8] [BP+DI+O16] 100 DS [SI] [SI+O8] [SI+O16] 101 DS [DI] [DI+O8] [DI+O16] 110 SS [O16] [BP+O8] [BP+O16] 111 DS [BX] [BX+O8] [BX+O16] Note: MMM=110,MM=00 Default Sreg is DS !!!! 32bit memory (Has 67h 32 bit memory address prefix): MMM Default MM Field Field Sreg 00 01 10 11=MMM is reg 000 DS [EAX] [EAX+O8] [EAX+O32] 001 DS [ECX] [ECX+O8] [ECX+O32] 010 DS [EDX] [EDX+O8] [EDX+O32] 011 DS [EBX] [EBX+O8] [EBX+O32] 100 see SIB [SIB] [SIB+O8] [SIB+O32] 101 SS [O32] [EBP+O8] [EBP+O32] 110 DS [ESI] [ESI+O8] [ESI+O32] 111 DS [EDI] [EDI+O8] [EDI+O32] Note: MMM=110,MM=00 Default Sreg is DS !!!! SIB is (Scale/Base/Index): SS BBB III Note: SIB address calculated as : =+*(2^(Scale)) Field Default Base BBB Sreg Register Note 000 DS EAX 001 DS ECX 010 DS EDX 011 DS EBX 100 SS ESP 101 DS O32 If MM=00 (Postbyte) SS EBP If MM<>00 (Postbyte) 110 DS ESI 111 DS EDI Field Index III register Note 000 EAX 001 ECX 010 EDX 011 EBX 100 Never Index SS can be 00 101 EBP 110 ESI 111 EDI Field Scale coefficient SS =2^(SS) 00 1 01 2 10 4 11 8 Note: this code are for 8086 and all other processors NECs : for NEC/Sony V20/V30/V40/V50 and all clones and upgrades 186+ : for 186/188 and higher 286+ : for 80286 and higher 386+ : for 80386 and higher 486+ : for i486 and higher Pentium : for Pentiym : specified Main Table [TABLE00]: 00 ADD mem8,reg8 01 ADD mem,reg 02 ADD reg8,mem8 03 ADD reg,mem 04 ADD AL,imm8 05 ADD AX,imm 06 PUSH ES 07 POP ES 08 OR mem8,reg8 09 OR mem,reg 0A OR reg8,mem8 0B OR reg,mem 0C OR AL,imm8 0D OR AX,imm 0E PUSH CS 0F POP CS ; 8088 non CMOS versions >>> TABLE 01 ; NECs & 286+ Invalid Opcode ; 186/188 10 ADC mem8,reg8 11 ADC mem,reg 12 ADC reg8,mem8 13 ADC reg,mem 14 ADC AL,imm8 15 ADC AX,imm 16 PUSH SS 17 POP SS 18 SBB mem8,reg8 19 SBB mem,reg 1A SBB reg8,mem8 1B SBB reg,mem 1C SBB AL,imm8 1D SBB AX,imm 1E PUSH DS 1F POP DS 20 AND mem8,reg8 21 AND mem,reg 22 AND reg8,mem8 23 AND reg,mem 24 AND AL,imm8 25 AND AX,imm 26 ES: segment prefix 27 DAA 28 SUB mem8,reg8 29 SUB mem,reg 2A SUB reg8,mem8 2B SUB reg,mem 2C SUB AL,imm8 2D SUB AX,imm 2E CS: segment prefix 2F DAS 30 XOR mem8,reg8 31 XOR mem,reg 32 XOR reg8,mem8 33 XOR reg,mem 34 XOR AL,imm8 35 XOR AX,imm 36 SS: segment prefix 37 AAA 38 CMP mem8,reg8 39 CMP mem,reg 3A CMP reg8,mem8 3B CMP reg,mem 3C CMP AL,imm8 3D CMP AX,imm 3E DS: segment prefix 3F AAS 40 INC AX 41 INC CX 42 INC DX 43 INC BX 44 INC SP 45 INC BP 46 INC SI 47 INC DI 48 DEC AX 49 DEC CX 4A DEC DX 4B DEC BX 4C DEC SP 4D DEC BP 4E DEC SI 4F DEC DI 50 PUSH AX 51 PUSH CX 52 PUSH DX 53 PUSH BX 54 PUSH SP 55 PUSH BP 56 PUSH SI 57 PUSH DI 58 POP AX 59 POP CX 5A POP DX 5B POP BX 5C POP SP 5D POP BP 5E POP SI 5F POP DI 60 PUSHA ;NECs & 186+ 61 POPA ;NECs & 186+ 62 BOUND reg,mem ;NECs & 186+ 63 ARPL reg,mem ;286+ PM 64 FS: segment prefix ;386+ 65 GS: segment prefix ;386+ 66 Memory access size prefix ;386+ 67 Operands size prefix ;386+ 68 PUSH imm ;NECs & 186+ 69 IMUL reg,imm,mem ;NECs & 186+ 6A PUSH imm8 ;NECs & 186+ 6B IMUL reg,imm8,mem ;NECs & 186+ 6C INSB ;186+ 6D INS ;186+ 6E OUTSB ;186+ 6F OUTS ;186+ 70 JO rel8 71 JNO rel8 72 JC rel8 73 JNC rel8 74 JZ rel8 75 JNZ rel8 76 JNA rel8 77 JA rel8 78 JS rel8 79 JNS rel8 7A JP rel8 7B JNP rel8 7C JL rel8 7D JNL rel8 7E JNG rel8 7F JG rel8 80 code extention [1] 81 code extention [2] 82 code extention [3] 83 code extention [4] 84 TEST mem8,reg8 85 TEST mem,reg 86 XCHG mem8,reg8 87 XCHG mem,reg 88 MOV mem8,reg8 89 MOV mem,reg 8A MOV reg8,mem8 8B MOV reg,mem 8C code extention [5] 8D LEA reg,mem 8E code extention [6] 8F code extention [7] 90 NOP 91 XCHG AX,CX 92 XCHG AX,DX 93 XCHG AX,BX 94 XCHG AX,SP 95 XCHG AX,BP 96 XCHG AX,SI 97 XCHG AX,DI 98 CBW 66 98 CWDE ;386+ 99 CWD 66 99 CDQ ;386+ 9A CALL FAR seg:offs 9B WAIT 9C PUSHF 66 9C PUSHFD ; 386+ 9D POPF 66 9D POPFD ; 386+ 9E SAHF 9F LAHF A0 MOV AL,[imm] A1 MOV AX,[imm] A2 MOV [imm],AL A3 MOV [imm],ax A4 MOVSB A5 MOVS A6 CMPSB A7 CMPS A8 TEST AL,imm8 A9 TEST AX,imm AA STOSB AB STOS AC LODSB AD LODS AE SCASB AF SCAS B0 MOV AL,imm8 B1 MOV CL,imm8 B2 MOV DL,imm8 B3 MOV BL,imm8 B4 MOV AH,imm8 B5 MOV CH,imm8 B6 MOV DH,imm8 B7 MOV BH,imm8 B8 MOV AX,imm B9 MOV CX,imm BA MOV DX,imm BB MOV BX,imm BC MOV SP,imm BD MOV BP,imm BE MOV SI,imm BF MOV DI,imm C0 code extention [8] C1 code extention [9] C2 RET NEAR imm C3 RET NEAR C4 LES reg,mem C5 LDS reg,mem C6 code extention [10] C7 code extention [11] C8 ENTER imm,imm8 ;NECs & 186+ C9 LEAVE ;NECs & 186+ CA RET FAR imm CB RET FAR CC INT 3 CD INT imm8 CE INTO CF IRET D0 code extention [12] D1 code extention [13] D2 code extention [14] D3 code extention [15] D4 AAM imm8 ; Note: NECs w/o imm8 but D4 0A only D5 AAD imm8 ; Note: NECs w/o imm8 but D4 0A only D6 SETALC ;286+ D7 XLAT D8-DF ESC imm6,mem ; Note: Refer to future part ; Cooprocessor commands. E0 LOOPNZ rel8 E1 LOOPZ rel8 E2 LOOP rel8 E3 JCXZ rel8 66 E3 JECXZ rel8 ; 386+ E4 IN AL,imm8 E5 IN AX,imm8 E6 OUT imm8,AL E7 OUT imm8,AX E8 CALL NEAR rel16 E9 JMP NEAR rel16 EA JMP FAR seg:offs EB JMP SHORT rel8 EC IN AL,DX ED IN AX,DX EE OUT DX,AL EF OUT DX,AX F0 LOCK prefix F1 SMI ; AMD Am386/486DXLV F2 REPNZ F3 REP/REPZ F4 HLT F5 CMC F6 code extention [16] F7 code extention [17] F8 CLC F9 STC FA CLI FB STI FC CLD FD STD FE code extention [18] FF code extention [19] [TABLE 01]: Note: First Byte of Operation is 0Fh 00 Extended Opcode 20 ; 286+ 01 Extended Opcode 21 ; 286+ 02 LAR reg,mem ; 286+ 03 LSL reg,mem ; 286+ 04 LOADALL ; Alternative 286 ; 286 only 05 LOADALL ; 286 ; 286 only 05 SYSCALL ; Am6k86 06 CLTS ; 286+ 07 LOADALL ; i386,486 ; 386-486, Never Pentium RES3 ; AMD Am386zXLV RES4 ; AMD Am486DXLV ICERET ; IBM 386SLC,486SLC,486SLC2 SYSRET ; Am6k86 08 INVD ; 486+ 09 WBINVD ; 486+ 0A Reserved, INT 6 0B UD2 ; all, but documented on Pentium Pro only 0C-0F Reserved, INT 6 10 UMOV mem8,reg8 ; Really different op. space ; 386-486,Never Pentium ; on AMD Amz86zXLV, never P6, Cx5x86+ TEST1 mem8,CL ; NEC V20+ 11 UMOV mem,reg ; see 0Fh,10h TEST1 mem,CL ; NEC V20+ 12 UMOV reg8,mem8 ; see 0Fh,10h CLEAR1 mem8,CL ; NEC V20+ 13 UMOV reg,mem ; see 0Fh,10h CLEAR1 mem,CL ; NEC V20+ 14 SET1 mem8,CL ; NEC V20+ 15 SET1 mem,CL ; NEC V20+ 16 NOT1 mem8,CL ; NEC V20+ 17 NOT1 mem,CL ; NEC V20+ 18 TEST1 mem8,imm8 ; NEC V20+ 19 TEST1 mem,imm8 ; NEC V20+ 1A CLEAR1 mem8,imm8 ; NEC V20+ 1B CLEAR1 mem,imm8 ; NEC V20+ 1C SET1 mem8,imm8 ; NEC V20+ 1D SET1 mem,imm8 ; NEC V20+ 1E NOT1 mem8,imm8 ; NEC V20+ 1F NOT1 mem,imm8 ; NEC V20+ 20 MOV reg32,CRn ; 386+ ADD4S ; NEC V20+ 21 MOV reg32,DRn ; 386+ 22 MOV CRn,reg32 ; 386+ SUB4S ; NEC V20+ 23 MOV DRn,reg32 ; 386+ 24 MOV reg32,TRn ; 386-486 only (Pentium never have TRs) 25 26 MOV TRn,reg32 ; 386-486 only CMPS4S ; NEC V20+ 27 reserved opcode 28 ROL4 mem8 ; NEC V20+ 29 reserved opcode 2A ROL4 mem8 ; NEC V20+ 2B-2F reserved opcodes 30 WRMSR ; Pentium, IBM 386SLC,486SLC/SLC2 31 RDTSC ; Pentium INS reg8,reg8 ; NEC V20+ ; Note: NECINS 32 RDMSR ; Pentium, IBM 386SLC,486SLC/SLC2 33 EXT reg8,reg8 ; NEC V20+ RDMPC ; P6 36 RDSHR reg/mem32 ; Cx6x86MX (SMM only) 37 WRSHR reg/mem32 ; Cx6x86MX (SMM only) 40 CMOVO reg,mem ; P6 41 CMOVNO reg,mem ; P6 42 CMOVC reg,mem ; P6 43 CMOVNC reg,mem ; P6 44 CMOVZ reg,mem ; P6 45 CMOVNZ reg,mem ; P6 46 CMOVA reg,mem ; P6 47 CMOVNA reg,mem ; P6 48 CMOVS reg,mem ; P6 49 CMOVNS reg,mem ; P6 4A CMOVP reg,mem ; P6 4B CMOVNP reg,mem ; P6 4C CMOVL reg,mem ; P6 4D CMOVNL reg,mem ; P6 4E CMOVNG reg,mem ; P6 4F CMOVG reg,mem ; P6 60 PUNPCKLBW mm,mm/m32 ; MMX 61 PUNPCKLWD mm,mm/m32 ; MMX 62 PUNPCKLDQ mm,mm/m32 ; MMX 63 PACKSSWB mm,mm/m64 ; MMX 64 PCMPGTB mm,mm/m64 ; MMX 65 PCMPGTW mm,mm/m64 ; MMX 66 PCMPGTD mm,mm/m64 ; MMX 67 PACKUSWB mm,mm/m64 ; MMX 68 PUNPCKHBW mm,mm/m64 ; MMX 69 PUNPCKHWD mm,mm/m64 ; MMX 6A PUNPCKHDQ mm,mm/m64 ; MMX 6B PACKSSDW mm,mm/m64 ; MMX 6C 6D 6E MOVD mm,r/m32 ; MMX 6F MOVD mm,mm/m64 ; MMX 70 71 code extention [24] ; MMX 72 code extention [25] ; MMX 73 code extention [26] ; MMX 74 PCMPEQB mm,mm/m64 ; MMX 75 PCMPEQW mm,mm/m64 ; MMX 76 PCMPEQD mm,mm/m64 ; MMX 77 EMMS ; MMX 78 SVDC mem,sreg ; Cyrix M5+ 79 RSDC sreg,mem ; Cyrix M5+ 7A SVLDT mem ; Cyrix M5+ 7B RSLDT mem ; Cyrix M5+ 7C SVTS mem ; Cyrix M5+ 7D RSTS mem ; Cyrix M5+ 7E SMINT ; Cyrix M6+ 7E MOVD r/m32,mm ; MMX 7F MOVD mm/m64,mm ; MMX 80 JO rel16 ; 386+ 81 JNO rel16 ; 386+ 82 JC rel16 ; 386+ 83 JNC rel16 ; 386+ 84 JZ rel16 ; 386+ 85 JNZ rel16 ; 386+ 86 JNA rel16 ; 386+ 87 JA rel16 ; 386+ 88 JS rel16 ; 386+ 89 JNS rel16 ; 386+ 8A JP rel16 ; 386+ 8B JNP rel16 ; 386+ 8C JL rel16 ; 386+ 8D JNL rel16 ; 386+ 8E JNG rel16 ; 386+ 8F JG rel16 ; 386+ 90 SETO mem8 ; 386+ 91 SETNO mem8 ; 386+ 92 SETC mem8 ; 386+ 93 SETNC mem8 ; 386+ 94 SETZ mem8 ; 386+ 95 SETNZ mem8 ; 386+ 96 SETNA mem8 ; 386+ 97 SETA mem8 ; 386+ 98 SETS mem8 ; 386+ 99 SETNS mem8 ; 386+ 9A SETP mem8 ; 386+ 9B SETNP mem8 ; 386+ 9C SETL mem8 ; 386+ 9D SETNL mem8 ; 386+ 9E SETNG mem8 ; 386+ 9F SETG mem8 ; 386+ A0 PUSH FS ; 386+ A1 POP FS ; 386+ A2 CPUID ; 486 SL enhanced,Pentium,UMC,i386CX,P6,M1,K5 A3 BT mem,reg ; 386+ A4 SHLD mem,reg,imm ;386+ A5 SHLD mem,reg,CL ;386+ A6 XBTS reg,mem,AX,CL ; Intel (!!!) 80386 steps A0-B0 CMPXCHG mem8,reg8 ; Intel (!!!) 80486 steps A0-B0 A7 IBTS mem,AX,CL,reg ; Intel (!!!) 80386 steps A0-B0 CMPXCHG mem,reg ; Intel (!!!) 80486 steps A0-B0 A8 PUSH GS ; 386+ A9 POP GS ; 386+ AA RSM ; i486 SL Enhanced, i386CX, Pentium etc AB BTS mem,reg ; 386+ AC SHRD mem,reg,imm ;386+ AD SHRD mem,reg,CL ;386+ AE AF IMUL reg,mem ; 386+ B0 CMPXCHG mem8,reg8 ; 486+ (Intel B1+ step only) B1 CMPXCHG mem,reg ; 486+ (Intel B1+ step only) B2 LSS reg,mem ; 386+ B3 BTR mem,reg ; 386+ B4 LFS reg,mem ; 386+ B5 LGS reg,mem ; 386+ B6 MOVZX reg,mem8 ; 386+ B7 MOVZX reg32,mem ; 386+ B8 B9 UD2 ; one more Undefined Opcode-2 BA code extention [22] BB BTC mem,reg ; 386+ BC BSF reg,mem ; 386+ BD BSR reg,mem ; 386+ BE MOVSX reg,mem8 ; 386+ BF MOVSX reg32,mem ; 386+ C0 XADD mem8,reg8 ; 486+ C1 XADD mem,reg ; 486+ C2-C6 reserved opcodes C7 code extention [23] C8 BSWAP EAX ; 486+ C9 BSWAP ECX ; 486+ CA BSWAP EDX ; 486+ CB BSWAP EBX ; 486+ CC BSWAP ESP ; 486+ CD BSWAP EBP ; 486+ CE BSWAP ESI ; 486+ CF BSWAP EDI ; 486+ D1 PSRLW mm,mm/m64 ; MMX D2 PSRLD mm,mm/m64 ; MMX D3 PSRLQ mm,mm/m64 ; MMX D4 D5 PMULLW mm,mm/m64 ; MMX ....... E1 PSRAW mm,mm/m64 ; MMX E2 PSRAD mm,mm/m64 ; MMX E5 PMULHW mm,mm/m64 ; MMX ...... F1 PSLLW mm,mm/m64 ; MMX F2 PSLLD mm,mm/m64 ; MMX F3 PSLLQ mm,mm/m64 ; MMX F5 PMULADDWD mm,mm/m64 ; MMX ...... D0-FE reserved opcodes FF UD ; AMD Am5k86+ and all other CPUs FF OIO ; Cyrix Cx6x86+ and all other CPUs FF BRKEM imm8 ; NEC V20+ ************************************************** CODE EXTENTIONS: First byte(s) look at TABLES#00,01 Next byte have format MMOOOMMM : MM is memory mode (see postbyte) OOO select operation in this extention code field MMM is memory field (see Postbyte) Code Extention # 1 (First byte(s) = 80h) Field OOO Operation 000 ADD mem8,imm8 001 OR mem8,imm8 010 ADC mem8,imm8 011 SBB mem8,imm8 100 AND mem8,imm8 101 SUB mem8,imm8 110 XOR mem8,imm8 111 CMP mem8,imm8 Code Extention # 2 (First byte(s) = 81h) Field OOO Operation 000 ADD mem,imm 001 OR mem,imm 010 ADC mem,imm 011 SBB mem,imm 100 AND mem,imm 101 SUB mem,imm 110 XOR mem,imm 111 CMP mem,imm Code Extention # 3 (First byte(s) = 82h) Note: On some models, undefined code do nothing, on any work as 83h None INT 6 at all. Field OOO Operation 000 ADD mem8,simm8 001 010 ADC mem8,simm8 011 SBB mem8,simm8 100 101 SUB mem8,simm8 110 111 CMP mem8,simm8 Code Extention # 4 (First byte(s) = 83h) Field OOO Operation 000 ADD mem,simm8 001 OR mem,simm8 ; 386+ 010 ADC mem,simm8 011 SBB mem,simm8 100 AND mem,simm8 ; 386+ 101 SUB mem,simm8 110 XOR mem,simm8 ; 388+ 111 CMP mem,simm8 Code Extention # 5 (First byte(s) = 8Ch) Field OOO Operation 000 MOV mem,ES 001 MOV mem,CS 010 MOV mem,SS 011 MOV mem,DS 100 MOV mem,FS ; 386+ 101 MOV mem,GS ; 386+ 110 111 Code Extention # 6 (First byte(s) = 8Eh) Field OOO Operation 000 MOV ES,mem 001 MOV CS,mem ; Non CMOS version of 8086/8088 only 010 MOV SS,mem 011 MOV DS,mem 100 MOV FS,mem ; 386+ 101 MOV GS,mem ; 386+ 110 111 Code Extention # 7 (First byte(s) = 8Fh) Note: i486 can eat any OOO. Field OOO Operation 000 POP mem 001 010 011 100 101 110 111 Code Extention # 8 (First byte(s) = C0h) Field OOO Operation 000 ROL mem8,imm8 ; 186+ 001 ROR mem8,imm8 ; 186+ 010 RCL mem8,imm8 ; 186+ 011 RCR mem8,imm8 ; 186+ 100 SHL mem8,imm8 ; 186+ 101 SHR mem8,imm8 ; 186+ 110 SAL mem8,imm8 ; 186+ 111 SAR mem8,imm8 ; 186+ Code Extention # 9 (First byte(s) = C1h) Field OOO Operation 000 ROL mem,imm8 ; 186+ 001 ROR mem,imm8 ; 186+ 010 RCL mem,imm8 ; 186+ 011 RCR mem,imm8 ; 186+ 100 SHL mem,imm8 ; 186+ 101 SHR mem,imm8 ; 186+ 110 SAL mem,imm8 ; 186+ 111 SAR mem,imm8 ; 186+ Code Extention # 10 (First byte(s) = C6h) Note: i486 can eat any OOO field. Field OOO Operation 000 MOV mem8,imm8 001 010 011 100 101 110 111 Code Extention # 11 (First byte(s) = C7h) Note: i486 can eat any OOO field Field OOO Operation 000 MOV mem,imm16 001 010 011 100 101 110 111 Code Extention # 12 (First byte(s) = D0h) Field OOO Operation 000 ROL mem8,1 001 ROR mem8,1 010 RCL mem8,1 011 RCR mem8,1 100 SHL mem8,1 101 SHR mem8,1 110 SAL mem8,1 111 SAR mem8,1 Code Extention # 13 (First byte(s) = D1h) Field OOO Operation 000 ROL mem,1 001 ROR mem,1 010 RCL mem,1 011 RCR mem,1 100 SHL mem,1 101 SHR mem,1 110 SAL mem,1 111 SAR mem,1 Code Extention # 14 (First byte(s) = D2h) Field OOO Operation 000 ROL mem8,CL 001 ROR mem8,CL 010 RCL mem8,CL 011 RCR mem8,CL 100 SHL mem8,CL 101 SHR mem8,CL 110 SAL mem8,CL 111 SAR mem8,CL Code Extention # 15 (First byte(s) = D3h) Field OOO Operation 000 ROL mem,CL 001 ROR mem,CL 010 RCL mem,CL 011 RCR mem,CL 100 SHL mem,CL 101 SHR mem,CL 110 SAL mem,CL 111 SAR mem,CL Code Extention # 16 (First byte(s) = F6h) Note: Usually 001 do same thing as 000, TEST mem8,imm8 Field OOO Operation 000 TEST mem8,imm8 001 010 NOT mem8 011 NEG mem8 100 MUL mem8 101 IMUL mem8 110 DIV mem8 111 IDIV mem8 Code Extention # 17 (First byte(s) = F7h) Note: Usually 001 do same thing as 000, TEST mem,imm16 Field OOO Operation 000 TEST mem,imm16 001 010 NOT mem 011 NEG mem 100 MUL mem 101 IMUL mem 110 DIV mem 111 IDIV mem Code Extention # 18 (First byte(s) = FEh) Field OOO Operation 000 INC mem8 001 DEC mem8 010 011 100 101 110 111 Code Extention # 19 (First byte(s) = FFh) Field OOO Operation 000 INC mem 001 DEC mem 010 CALL NEAR mem 011 CALL FAR mem 100 JMP NEAR mem 101 JMP FAR mem 110 PUSH mem 111 Code Extention # 20 (First byte(s) = 0FH,00H) Field OOO Operation 000 SLDT mem ; 286+ 001 STR mem ; 286+ 010 LLDT mem ; 286+ 011 LTR mem ; 286+ 100 VERR mem ; 286+ 101 VERW mem ; 286+ 110 111 Code Extention # 21 (First byte(s) = 0Fh,01h) Field OOO Operation 000 SGDT mem ; 286+ 001 SIDT mem ; 286+ 010 LGDT mem ; 286+ 011 LIDT mem ; 286+ 100 SMSW mem ; 286+ 101 110 LMSW mem ; 286+ 111 INVLPG mem ; 486+ Code Extention # 22 (First byte(s) = 0Fh,BAh) Field OOO Operation 000 001 010 011 100 BT mem,imm8 ; 386+ 101 BTS mem,imm8 ; 386+ 110 BTR mem,imm8 ; 386+ 111 BTC mem,imm8 ; 386+ Code Extention # 23 (First byte(s) = 0Fh,C7h) Field OOO Operation 000 001 CMPXCHG8B mem ; Pentium 010 011 100 101 110 111 ------------------------------------------------ APPENDIX F1 FLOATING POINT OPCODES ESC 0 (First byte = D8h) ========================== ESCAPE 000 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FADD mem32r FADD ST,ST(i) 001 FMUL mem32r FMUL ST,ST(i) 010 FCOM mem32r FCOM ST(i) 011 FCOMP mem32r FCOMP ST(i) 100 FSUB mem32r FSUB ST,ST(i) 101 FSUBR mem32r FSUBR ST,ST(i) 110 FDIV mem32r FDIV ST,ST(i) 111 FDIVR mem32r FDIVR ST,ST(i) ESC 1 (First byte = D9h) ========================== ESCAPE 001 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FLD mem32r FLD ST(i) 001 empty FXCH ST(i) 010 FST mem32r See Table marked ESC1-Extended codes 011 FSTP mem32r FSTP ST(i) 100 FLDENV mem See Table marked ESC1-Extended codes 101 FLDCW mem See Table marked ESC1-Extended codes 110 FSTENV mem See Table marked ESC1-Extended codes 111 FSTCW mem See Table marked ESC1-Extended codes ESC1-Extended codes: \ RRR MMM \ 010 100 101 110 111 000 FNOP FCHS FLD1 F2XM1 FPREM 001 FABS FLDL2T FYL2X FYL2XP1 010 FLDL2E FPTAN FSQRT 011 FLDPI FPATAN FSINCOS' 100 FTST FLDLG2 FXTRACT FRNDINT 101 FXAM FLDLN2 FPREM1 FSCALE 110 FLDZ FDECSTP FSIN' 111 FINCSTP FCOS' ' means 387+ (include 287XL/XLT, 187!!!) ESC 2 (First byte = DAh) ========================== ESCAPE 010 MMRRRMMM ========================== Operation RRR If MM<>11 000 FIADD mem32i 001 FIMUL mem32i 010 FICOM mem32i 011 FICOMP mem32i 100 FISUB mem32i 101 FISUBR mem32i 110 FIDIV mem32i 111 FIDIVR mem32i Note: P6 DA C0+i FCMOVB ST0,STi DA C8+i FCMOVE ST0,STi DA D0+i FCMOVBE ST0,STi DA D8+i FCMOVU ST0,STi ESC 3 (First byte = DBh) ========================== ESCAPE 011 MMRRRMMM ========================== Operation RRR If MM<>11 000 FILD mem32i 001 010 FIST mem32i 011 FISTP mem32i 100 101 FLD mem80r 110 111 FSTP mem80r So,If MM=11 we have next command (first byte = DBh) Mnemonic Second byte of code FNENI E0H (8087 only, others do nothing) FNDISI E1H (8087 only, others do nothing) FNCLEX E2H FNINIT E3H FSETPM E4H (287s only) FRSTPM E5H (287XL/XLT only) FSTB0 E8H (IIT) FSTB2 EAH (IIT) FSTB1 EBH (IIT) F4X4 F1H (IIT) FRINT2 FCH (Cyrix) FUCOMI ST0,STi E8H+i (P6) FCMOVNB ST0,STi C0H+i (P6) FCMOVNE ST0,STi C8H+i (P6) FCMOVNBE ST0,STi D0H+i (P6) FCMOVNU ST0,STi D8H+i (P6) FCOMPI ST0,STi F0H+i (P6) ESC 4 (First byte = DCh) ========================== ESCAPE 100 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FADD mem64r FADD ST(i),ST 001 FMUL mem64r FMUL ST(i),ST 010 FCOM mem64r FCOM ST(i) 011 FCOMP mem64r FCOMP ST(i) 100 FSUB mem64r FSUB ST(i),ST 101 FSUBR mem64r FSUBR ST(i),ST 110 FDIV mem64r FDIV ST(i),ST 111 FDIVR mem64r FDIVR ST(i),ST ESC 5 (First byte = DDh) ========================== ESCAPE 101 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FLD mem64r FFREE ST(i) 001 FXCH ST(i) 010 FST mem64r FST ST(i) 011 FSTP mem64r FSTP ST(i) 100 FNRSTOR mem 101 110 FNSAVE mem FUCOM ST(i) 111 FSTSW mem FUCOMP ST(i) Note: FRICHOP have opcode (DDh FCh) (Cyrix) ESC 6 (First byte = DEh) ========================== ESCAPE 110 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FIADD mem16i FADDP ST(i),ST 001 FIMUL mem16i FMULP ST(i),ST 010 FICOM mem16i FCOMP ST(i),ST 011 FICOMP mem16i 100 FISUB mem16i FSUBP ST(i),ST 101 FISUBR mem16i FSUBRP ST(i),ST 110 FIDIV mem16i FDIVP ST(i),ST 111 FIDIVR mem16i FDIVRP ST(i),ST Note: FCOMPP have opcode (DEh D9h) (Intel and all) ESC 7 (First byte = DFh) ========================== ESCAPE 111 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FILD mem16i FFREE ST(i) 001 FXCH ST(i) 010 FIST mem16i FST ST(i) 011 FISTP mem16i FSTP ST(i) 100 FBLD mem80b 101 FILD mem64i 110 FBSTP mem80b 111 FISTP mem64i Note: Next Instruction have opcodes: Mnemonic Opcode FNSTSW AX DFh E0h (287+) FNSTDW AX DFh E1h (387SL Mobile) FSTSG AX DFh E2h (387SL Mobile) FRINEAR DFh FCh (Cyrix) FUCOMIP ST0,STi DFH E8H+i (P6) FCOMIP ST0,STi DFH F0H+i (P6) ------------------------------------------ APPENDIX G BUGS & CPU IDENTIFICATION INFO 1) How to separate i386SX and i386DX (Cx486SLC and Cx486DLC) Note: With 386DX type CPU possible to used 287 class NPX, and bit 4 in CR0 ET - Extention Type on DX we may to clear to 0, but for SX and REAL 486 this bit always 1. Routine: mov eax,cr0 push eax and al,0efh mov cr0,eax mov eax,cr0 test al,10h pop eax mov cr0,eax jne SX/SLC jmp DX/DLC 2) How to separate i486SX and i487SX/i486DX/DX2 etc Routine: memory_location DW ? mov memory_location,0 fninit fstcw memory_location cmp memory_location,037Fh jz i486SX jmp i486DX/DX2etc/i487SX 3) How to separate Cyrix's CPUs and other Be sure that Your CPU no Pentium before UMOV executed on Intel and other in Non SM modes as MOV. But Cyrix executed this instruction as Double NOP, and never generate INT 6. So. Mem_Loc DW 1 xor ax,ax umov ax,Mem_Loc or ax,ax jz Cyrix jmp No_Cyrix 4) Standart Way: Part 1 (Intel recomended this way) pushf pop ax and ax,0fffh ; Clear bits 15..12 push ax popf and ax,0f000h ; Is bits 15..12=0 ? jz 286_CPU and ax,8000h ; Is bit 15=0 jz 386_and_Higher jmp 86_88and186_186etc 5) How separate 86/88, 186/188 and NECs mov ax,1 mov cl,33 shl ax,cl jnz 186_188 pusha ; Executed on 8086/8088 as JMP $+2 stc jc NECs jmp 86_88 6) Non CMOS 8086/88 execute command MOV CS,xxxx (Opcode 8Eh ...) CMOS 80C86/88 ignore it. 7) Then Invalid Opcode NEC/Sony V40/V50 do INT 6 NEC/Sony V20/V30 don't. 8) Remember POP CS on 8086/8088. 9) PUSH SP 286 placed in stack new value of SP 86/88 old. 10) Best way to Reset 286+ in Real Mode: xor sp,sp push smth 11) Maximal Length of Instructian 86: N/R 286: 10 byte 386+: 15 byte ------------------------------------------------ APPENDIX H Internal Names Of Processors (Intel) P9 i386SX P4 i486DX P4S i486SX P23S i487SX P23T OverDrive for PGA(169) P4T OverDrive for PGA(168) P24S i486DX2 P24T Pentium OverDrive for i486DX2 socket 3 (Vcc=5V,core=3V). P24CT Pentium OverDrive for Socket 3 (Vcc=3V) P5 Pentium-60,66 P5T Overdrive for P5 socket (120/133 MHz). P54C Pentium-90,100,75 x1.5 usually with APIC and Multiprocessing features P54CS Pentium-120,133 x2 with reduced APIC and multipr. features P55C Pentium w/MMX P54LM Pentium P54C with 2.9V (for Notebooks) P24C IntelDX4 P24D i486DX2 with WB cache (IntelDX2 (tm) WriteBack Enhanced) P54M Overdrive ( include to P54C but P54C work too) P6 Pentium Pro (no comments) P6T Pentium Pro OverDrive (for extended Pentium Sockets) P7 "Merced" (IA-64, VLIW command set "Tahoe") P54CSQ 3xCLK Pentiums P120 etc. P54CSLM P54CS with Low Power. P6L Pentium II "Klamath" (w/o L2 build-in cache, with IA MMX) "Katmai" (IA MMX2, 100MHz system bus) "Deschutes" (High-tech "Klamath") P68 "Willamette" (High-tech "Pentium Pro") (Cyrix) M5 Cx486S/S2 M6 Cx486D/D2 C6 Cx487D M7 Cx486DX/Cx486DX2 M8 Cx486DX4 M1 Cx6x86 M1SC Cx5x86 M1R Future M1 with reduced due size. M2 Cx6x86MX M3 (AMD) SSA/5 Am5k86 early series (K5 with big due size and with reduced some features, 'cos don't work). K5 Am5k86 K6 Am6k86 (IA MMX support) ------------------------------------------------- APPENDIX I FORMAT OF DEBUG CONTROL REGISTERS (DR6/DR7) +---------+ | DR6 | +---------+ [Am386xx/i386xx/i486xx/Am486xx] 3322222222221111 1 1 1 111 1098765432109876 5 4 3 210987654 3 2 1 0 ---------------------------------------- 0000000000000000 B B B 000000000 B B B B T S D 3 2 1 0 ---------------------------------------- [Intel Pentium] 3322222222221111 1 1 1 111 1098765432109876 5 4 3 210987654 3 2 1 0 ---------------------------------------- 1111111111111111 B B B 111111111 B B B B T S D 3 2 1 0 ---------------------------------------- [Cyrix Cx486DX,TI 486SXLC, TI 486SLC/e] 3322222222221111 1 1 1 111 1098765432109876 5 4 3 210987654 3 2 1 0 ---------------------------------------- 1111111111111111 B B 0 011111111 B B B B T S 3 2 1 0 ---------------------------------------- [TI 486SXL/Cx486SLC] 3322222222221111 1 1 1 111 1098765432109876 5 4 3 210987654 3 2 1 0 ---------------------------------------- 1111111111111111 B B 1 011111111 B B B B T S 3 2 1 0 ---------------------------------------- [IBM 486SLC2] 3322222222221111 1 1 1 1 11 1098765432109876 5 4 3 2 10987654 3 2 1 0 ----------------------------------------- 0000000000000000 B B B B 00000000 B B B B T S D K 3 2 1 0 ---------------------------------------- [AMD Am486SXLV/Am386DXLV/Am386SXLV] 3322222222221111 1 1 1 1 11 1098765432109876 5 4 3 2 10987654 3 2 1 0 ----------------------------------------- 0000000000000000 B B B S 00000000 B B B B T S D M 3 2 1 0 M S ---------------------------------------- [Cyrix Cx6x86] [Cx6x86MX] 3322222222221111 1 1 1 1 11 1098765432109876 5 4 3 2 10987654 3 2 1 0 ----------------------------------------- 0000000000000000 B B 0 0 11111111 B B B B T S 3 2 1 0 ---------------------------------------- BT - Debug Trap due to Task Switch BS - Debug Trap due to Single-Step BD - Debug Fault due to attemped registeracess when GD bit set BK - Debug Trap due to ICE This bit set if exception 1 will invoked due to occurence of ICEMD interrupt or ICEBP software breakpoint. SMMS - SMM Status if = 1 SMM is entered B3 - Debug fault/trap due to Breakpoint # 3 B2 - Debug fault/trap due to Breakpoint # 2 B1 - Debug fault/trap due to Breakpoint # 1 B0 - Debug fault/trap due to Breakpoint # 0 +--------+ | DR7 | +--------+ [Am386xx/i386xx/i486xx/Am486xx] [TI486SXL/Cx486SLC] 33 22 22 22 22 22 11 11 11 1 111 10 98 76 54 32 10 98 76 54 3 210 9 8 7 6 5 4 3 2 1 0 ---------------------------------------------------- LL RR LL RR LL RR LL RR 00 G 000 G L G L G L G L G L EE // EE // EE // EE // D E E 3 3 2 2 1 1 0 0 NN WW NN WW NN WW NN WW 33 33 22 22 11 11 00 00 ---------------------------------------------------- [Pentium/Cx486DX/Cx486DX2/Cx486DX4] [TI486SLC/e / TI486SXLC/Cx6x86] [Cx6x86MX] 33 22 22 22 22 22 11 11 11 1 111 10 98 76 54 32 10 98 76 54 3 210 9 8 7 6 5 4 3 2 1 0 ---------------------------------------------------- LL RR LL RR LL RR LL RR 00 G 001 G L G L G L G L G L EE // EE // EE // EE // D E E 3 3 2 2 1 1 0 0 NN WW NN WW NN WW NN WW 33 33 22 22 11 11 00 00 ---------------------------------------------------- [IBM486SLC2] 33 22 22 22 22 22 11 11 1 1 1 1 1 1 10 98 76 54 32 10 98 76 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 ------------------------------------------------------- LL RR LL RR LL RR LL RR T T G T G 0 G L G L G L G L G L EE // EE // EE // EE // T B D P M E E 3 3 2 2 1 1 0 0 NN WW NN WW NN WW NN WW 33 33 22 22 11 11 00 00 ------------------------------------------------------- [Am486SXLV/Am386DXLV/Am386SXLV] 33 22 22 22 22 22 11 11 111 1 11 10 98 76 54 32 10 98 76 543 2 10 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- LL RR LL RR LL RR LL RR 000 S 00 G L G L G L G L G L EE // EE // EE // EE // M E E 3 3 2 2 1 1 0 0 NN WW NN WW NN WW NN WW I 33 33 22 22 11 11 00 00 E ---------------------------------------------------- [Am486xx] 33 22 22 22 22 22 11 11 111111 10 98 76 54 32 10 98 76 543210 9 8 7 6 5 4 3 2 1 0 ---------------------------------------------------- LL RR LL RR LL RR LL RR 000000 G L G L G L G L G L EE // EE // EE // EE // E E 3 3 2 2 1 1 0 0 NN WW NN WW NN WW NN WW 33 33 22 22 11 11 00 00 ---------------------------------------------------- LENi - Length of Breakpoint 00 - byte 01 - word 10 - undefined 11 - dword R/Wi - Reaw/Write Instructions Enable 00 - Instruction Execute cause Debug Interrupt 01 - Data Writes only 10 - I/O Reads or Writes 11 - Data Reads or Writes GD - Global Debug Register Access Protect INT 1 will be caused if any instructions will be read/write DRs. This bit cleared when invoking Debug Exception. GE - Global Exact Any data breakpoint traps will be reported exactly after competition of the instruction that caused the operand transfer. LE - Local Exact (Cleared on Task Switches) Note: 486+ always does exact data breakpoint matches, regardless of GE/LE bits. But 386 not. G3 - Global Enable Breakpoint # 3 L3 - Local Enable Breakpoint # 3 (Cleared on Task Switches) G2 - Global Enable Breakpoint # 2 L2 - Local Enable Breakpoint # 2 (Cleared on Task Switches) G1 - Global Enable Breakpoint # 1 L1 - Local Enable Breakpoint # 1 (Cleared on Task Switches) G0 - Global Enable Breakpoint # 0 L0 - Local Enable Breakpoint # 0 (Cleared on Task Switches) TT - Enable Task Trace Messages (to External ICE hardware) TB - Enable Branch Trace Messages (to External ICE hardware) TP - Exception 1 Handler Entry Convention if TP=0 exception 1 will interrupt 1 in user address space if TP=1 exception 1 will enter ICE mode GM - Enable Global Mapping if =1 Enable Mapping user memory addresses into ICE space. (Paging Must be disabled) SMIE - Software SMI Enable if = 1 enable Note: DR7: Undocument features on Intel's CPUs. see IBM 486SLC2. All this bits in DR7 exist on Intel CPUs, but where thay are undocument. (bits 15,14,12). ------------------------------------------------- APPENDIX I FORMAT OF DEBUG DATA REGISTERS (except DR0-DR5) +---------+ +---------+ | DR4 | | DR5 | +---------+ +---------+ DR4 and DR5 physically not exist, but then You accessing it using MOV from/to DR, thay are aliasing to DR6,DR7. +---------+ | DR3 | +---------+ [386+] 3322222222221111111111 10987654321098765432109876543210 -------------------------------- BREAKPOINT_3_LINEAR_ADDRESS -------------------------------- +---------+ | DR2 | +---------+ [386+] 3322222222221111111111 10987654321098765432109876543210 -------------------------------- BREAKPOINT_2_LINEAR_ADDRESS -------------------------------- +---------+ | DR1 | +---------+ [386+] 3322222222221111111111 10987654321098765432109876543210 -------------------------------- BREAKPOINT_1_LINEAR_ADDRESS -------------------------------- +---------+ | DR0 | +---------+ [386+] 3322222222221111111111 10987654321098765432109876543210 -------------------------------- BREAKPOINT_0_LINEAR_ADDRESS -------------------------------- ------------------------------------------------- APPENDIX K FORMAT OF CACHE TEST REGISTER (TR4/TR5/TR3) +-------+ | TR4 | +-------+ [i486xx/Cx486xx] 332222222222111111111 1 109876543210987654321 0 987 6543 210 ------------------------------------- TTTTTTTTTTTTTTTTTTTTT V LLL VVVV %%% AAAAAAAAAAAAAAAAAAAAA RRR AAAA GGGGGGGGGGGGGGGGGGGGG UUU LLLL IIII DDDD -------------------------------------- [Cx486SXL/e] 3322222222221111111111 10987654321098765432109 8 7 6543 210 ------------------------------------- TTTTTTTTTTTTTTTTTTTTTTT % L VVVV 000 AAAAAAAAAAAAAAAAAAAAAAA R AAAA GGGGGGGGGGGGGGGGGGGGGGG U LLLL IIII DDDD ------------------------------------- [WB-Enhanced IntelDX2 WB-mode] 332222222222111111111 1 109876543210987654321 0 987 65432 1 0 -------------------------------------- TTTTTTTTTTTTTTTTTTTTT % LLL %%%%% V V AAAAAAAAAAAAAAAAAAAAA RRR H L GGGGGGGGGGGGGGGGGGGGG UUU -------------------------------------- [IntelDX4] 33222222222211111111 1 1 10987654321098765432 1 0 987 6543 210 -------------------------------------- TTTTTTTTTTTTTTTTTTTT % V LLL VVVV %%% AAAAAAAAAAAAAAAAAAAA RRR AAAA GGGGGGGGGGGGGGGGGGGG UUU LLLL IIII DDDD -------------------------------------- [WB-Enhanced IntelDX4 WB-mode] 33222222222211111111 11 10987654321098765432 10 987 65432 10 -------------------------------------- TTTTTTTTTTTTTTTTTTTT %% LLL %%%%% V V AAAAAAAAAAAAAAAAAAAA RRR H L GGGGGGGGGGGGGGGGGGGG UUU -------------------------------------- [TI486SXL] 3322222222221111111 111 1098765432109876543 21098 7 6543 2 10 -------------------------------------- TTTTTTTTTTTTTTTTTTT %%%%% L VVVV V 00 AAAAAAAAAAAAAAAAAAA R AAAA A GGGGGGGGGGGGGGGGGGG U LLLL L IIII I DDDD D B -------------------------------------- [AMD Enhanced 486 CPU with EXT=0] 33222222222211111111 1 1 10987654321098765432 1 0 987 6543 210 -------------------------------------- TTTTTTTTTTTTTTTTTTTT 0 V LLL VVVV %%% AAAAAAAAAAAAAAAAAAAA RRR AAAA GGGGGGGGGGGGGGGGGGGG UUU LLLL IIII DDDD -------------------------------------- [AMD Enhanced 486 CPU with EXT=1] 3 32 2 22 22 22 22 111111111 1 1 09 8 76 54 32 10 987654321 0 987 6543 210 -------------------------------------------- % SS % SS SS SS SS %%%%%%%%% V LLL VVVV %%% TT TT TT TT TT RRR AAAA nn 33 22 11 00 UUU LLLL IIII DDDD -------------------------------------------- [Cyrix Cx6x86] 33222222222211111111 11 10987654321098765432 1098 76 54 3210 -------------------------------------- TTTTTTTTTTTTTTTTTTTT %%%% MM MM MMMM AAAAAAAAAAAAAAAAAAAA EE EE RRRR GGGGGGGGGGGGGGGGGGGG SS SS UUUU II II UU LL -------------------------------------- [Cyrix Cx6x86MX] 3322222222221111111111 109876543210987654321098765432 10 --------------------------------- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA DDDDDDDDDDDDDDDDDDDDDDDDDDDDDD DDDDDDDDDDDDDDDDDDDDDDDDDDDDDD RRRRRRRRRRRRRRRRRRRRRRRRRRRRRR --------------------------------- VALUD - dwords (or other size units) of Cache Line which Valid LRU - LRU V - is cache line entry valid TAG - Tag of cache line VL,VH - Define MESI state of line VH VL State 1 1 M 0 1 E 1 0 S 0 0 I VALIDB - Valid of Cache Line STn - State of Cache Line (MESI) ST3 - State of 3rd dword of cache line (MESI) ST2 - State of 2nd dword of cache line (MESI) ST1 - State of 1st dword of cache line (MESI) ST0 - State of 0 dword of cache line (MESI) 00 - Invalid 01 - Exclusive 10 - Modified 11 - Shared MESIU - Upper Sector of Cache Line MESI state 00 - Modified 01 - Shared 10 - Exclusive 11 - Invalid MESIL - Lower Sector of Cache Line MESI state 00 - Modified 01 - Shared 10 - Exclusive 11 - Invalid MRU - Used for Determinate LRU line ADDR - Physical Address of Cache Line +--------+ | TR5 | +--------+ [i486xx/Am486xx/Cx486xx] 332222222222111111111 1 109876543210987654321 0987654 32 10 ------------------------------------- %%%%%%%%%%%%%%%%%%%%% SSSSSSS EE CC EEEEEEE NN TT TTTTTTT TT LL -------------------------------------- [TI486SXL/e] 33222222222211111111 11 10987654321098765432 10987654 3 2 10 -------------------------------------- %%%%%%%%%%%%%%%%%%%% SSSSSSSS % E CC EEEEEEEE N TT TTTTTTTT T LL -------------------------------------- [WB-Enhanced IndelDX2 WB-mode] 332222222222111111 1 11 1 109876543210987654 3 21 0987654 32 10 --------------------------------------- %%%%%%%%%%%%%%%%%% S %% SSSSSSS EE CC L EEEEEEE NN TT F TTTTTTT TT LL -------------------------------------- [IntelDX4] 33222222222211111111 11 10987654321098765432 10987654 32 10 ------------------------------------- %%%%%%%%%%%%%%%%%%%% SSSSSSSS EE CC EEEEEEEE NN TT TTTTTTTT TT LL -------------------------------------- [WB-Enhanced IntelDX4 WB-mode] 332222222222111111 1 1 11 109876543210987654 3 2 10987654 32 10 ------------------------------------- %%%%%%%%%%%%%%%%%% S % SSSSSSSS EE CC L EEEEEEEE NN TT F TTTTTTTT TT LL ------------------------------------- [TI486SXL] 3322222222221111111 1 11 1098765432109876543 2 10987654 32 10 ------------------------------------- %%%%%%%%%%%%%%%%%%% W SSSSSSSS EE CC A EEEEEEEE NN TT Y TTTTTTTT TT LL ------------------------------------- [AMD Enhanced 486 in WT-mode] 3322222222221111111 1 11 1098765432109876543 2 10987654 32 10 ------------------------------------- %%%%%%%%%%%%%%%%%%% ( SSSSSSSS EE CC S EEEEEEEE NN TT E TTTTTTTT TT LL T ) ------------------------------------- [AMD Enhanced 486 in WB-mode] 332222222222 1 11 1111 1 11 109876543210 9 87 6543 2 10987654 32 10 ------------------------------------- %%%%%%%%%%%% E SS %%%% ( SSSSSSSS EE CC X TT S EEEEEEEE NN TT T E TTTTTTTT TT LL T ) ------------------------------------- [Cx6x86] 332222222222111111 11 11 109876543210987654 32 1098765 432 10 ------------------------------------- %%%%%%%%%%%%%%%%%% WW SSSSSSS EEE CC AA EEEEEEE NNN TT YY TTTTTTT TTT LL ------------------------------------- [Cx6x86MX] 33222222 2 222 1 111 1111 11 10987654 3 210 9 876 5432 1098 76 54 32 10 ------------------------------------------ %%%%%%%% S %%% V MMM %%%% MMMM %% SS %% CC M EEE RRRR EE TT I SSS UUUU TT LL III ------------------------------------------ CTL - Control (Select operation) 00 - Enable (Fill Buffer Write/Read Buffer Read) 01 - Perform Cache Line Write 10 - Perform Cache Line Read 11 - Perform Cache Line Flush ENT - Select Entry for Operation SET - Select Set for Operation SLF - WAY - Select Way for Operation ST - State of set will be writing during write operation 00 - Invalid 01 - Exclusive 10 - Modified 11 - Shared EXT - Extension if EXT=0 bits 31..11 of TR4 contain TAG if EXT=1 bits 31..11 of TR4 contain STi SMI - SMI Address bit. Select separate/cachable SMI code/data space. V,MESI - Select Valid & MESI V MESI Description 1 000 Modified 1 001 Shared 1 010 Exclusive 0 011 Invalid 1 100 Locked Valid 0 111 Locked Invalid else Undefined MRU - Used for determinate LRU. +-------+ | TR3 | +-------+ [any,which support Cache Testing (all 486+)] 3322222222221111111111 10987654321098765432109876543210 -------------------------------- ___________CACHE_DATA___________ -------------------------------- CACHE_DATA - Data which will be reading/writing to/from cache line part. ------------------------------------------------- APPENDIX L FORMAT OF BTB TEST REGISTER (TR1/TR2) Note: This kind of registers present only on Cx6x86 and may be on Cx6x86MX. +-------+ | TR1 | +-------+ [Cx6x86] 3322222222221111111111 10987654321098765432109876 543 210 ---------------------------------- ?????????????????????????? III ??? DDD XXX ---------------------------------- IDX - Index of Register in BTB control space, which may be accessed via TR2. +-------+ | TR2 | +-------+ [Cx6x86] 3322222222221111111111 10987654321098765432109876543210 -------------------------------- _____________DATA_______________ -------------------------------- DATA - data which will be reading/writing from/to BTB control space registers. Note: Refer to Appendix A5 for more details. ------------------------------------------------- APPENDIX K FORMAT OF TLB TEST REGISTER (TR6/TR7) Note: Pentium and Higher Intel CPUs not support Test registers (TRs) at all. +-------+ | TR6 | +-------+ [i386xx] [i486xx] [TI486SXL] 33222222222211111111 1 1 10987654321098765432 1 0 9 8 7 6 5 4321 0 ----------------------------------------- LLLLLLLLLLLLLLLLLLLL V D D U U W W %%%% O AAAAAAAAAAAAAAAAAAAA # # # P DDDDDDDDDDDDDDDDDDDD DDDDDDDDDDDDDDDDDDDD RRRRRRRRRRRRRRRRRRRR ----------------------------------------- [Cx6x86] 33222222222211111111 1 1 10987654321098765432 1 0 9 8 7 6 5 4 3 210 ------------------------------------------ LLLLLLLLLLLLLLLLLLLL V D D U U W W A A CCC AAAAAAAAAAAAAAAAAAAA # # # # MMM DDDDDDDDDDDDDDDDDDDD DDD DDDDDDDDDDDDDDDDDDDD RRRRRRRRRRRRRRRRRRRR ------------------------------------------ [Cx6x86MX] 33222222222211111111 1 1 10987654321098765432 1 0 9 8 7 6 5 4 3 210 ------------------------------------------ LLLLLLLLLLLLLLLLLLLL V D P U 0 W 0 A 0 CCC AAAAAAAAAAAAAAAAAAAA G MMM DDDDDDDDDDDDDDDDDDDD DDD DDDDDDDDDDDDDDDDDDDD 222 RRRRRRRRRRRRRRRRRRRR ------------------------------------------ LADDR - Linear Address V - Valid bit for TLB entry D,D# - The Dirty Bit for/from TLB entry (Normal and Reverse) U,U# - The User/Supervisor bit for/from TLB Entry (Normal and Reverse) W,W# - The Read/Write bit for/from TLB entry (Normal and Reverse) OP - Operation 0 - TLB Write 1 - TLB LookUp A,A# - The Accessed Bit (Normal and Reverse) CMD - Array Command Select 000 - Direct Write to main TLB 001 - TLB lookup for an linear address in all arrays 100 - Write to variable page size mask only 110 - Write to variable page size, linear and physical addreses 101 - Read variable page size and linear address. 111 - Read variable page size cache physical and linear address PG - Page Global bit CMD2 - Array Command Select Value Description x00 - Write to L1 TLB x01 - Write to L2 TLB 010 - Read from L1 TLB X-port 011 - Read from L2 TLB X-port 110 - Read from L1 TLB Y-port 111 - Read from L2 TLB Y-port +-------+ | TR7 | +-------+ [i386xx] 33222222222211111111 11 10987654321098765432 1098765 4 32 10 ------------------------------------- PPPPPPPPPPPPPPPPPPPP %%%%%%% H RR %% HHHHHHHHHHHHHHHHHHHH T EE YYYYYYYYYYYYYYYYYYYY PP SSSSSSSSSSSSSSSSSSSS ------------------------------------- [i486xx] [TI486SXL] 33222222222211111111 1 1 10987654321098765432 1 0 987 65 4 32 10 --------------------------------------- PPPPPPPPPPPPPPPPPPPP P P LLL %% R RR %% HHHHHHHHHHHHHHHHHHHH C W RRR P PP YYYYYYYYYYYYYYYYYYYY D T UUU S // SSSSSSSSSSSSSSSSSSSS / HH H LL I --------------------------------------- [Cx6x86] 33222222222211111111 1 1 10987654321098765432 1 0 987 6 5 4 3 210 ---------------------------------------- PPPPPPPPPPPPPPPPPPPP P P BBB % H H H %%% HHHHHHHHHHHHHHHHHHHH C W III V D B YYYYYYYYYYYYYYYYYYYY D T SSSSSSSSSSSSSSSSSSSS ---------------------------------------- [Cx6x86MX] 33222222222211111111 1 1 10987654321098765432 1 0 987 6 5 4 3 210 ---------------------------------------- PPPPPPPPPPPPPPPPPPPP P P SSS % H H % HHH HHHHHHHHHHHHHHHHHHHH C W EEE 1 2 SSS YYYYYYYYYYYYYYYYYYYY D T TTT EEE SSSSSSSSSSSSSSSSSSSS TTT ---------------------------------------- PHYS - Physiacl Address HT - TLB Lookup Hit REP - Replacement Pointer PCD - Page Cache Disable PWT - Page Write Throught LRU - LRU RPS/HI - Replacement Pointer Select (writes)/Hit Indication (LookUp) RP/HL - Replacement Pointer (writes)/Hit Location (LookUp) BI - Cell Index for victim TLB and block cache operation. HV - Victim TLB Hit HD - Main TLB Hit HB - Variable-size Paging Mechanism Hit SET - L2 TLB Set Selection (0..5h) H1 - Hit in L1 TLB H2 - Hit in L2 TLB HSET - L2 set selection when L2 TLB hit occures (0h..5h) ---------------------------------------------------- APPENDIX N EFLAGS register format +---------+ | EFLAGS | +---------+ [Pentium P5] [Pentium P54C] [IntelDX4] [Am5k86] [Pentium Pro] [Pentium II] [Am6k86] [Pentium w/MMX (P55C)] 3322222222 2 2 1 1 1 1 1 1 11 1 1 1098765432 1 0 9 8 7 6 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- I V V A V R N IO O D I T S Z A P C 0000000000 D I I C M F 0 T PL F F F F F F 0 F 0 F 1 F P F ----------------------------------------------------- [i486 SL Enhanced SX,DX,DX2] [IntelSX2] [Cx5x86] [UMC] [Cx6x86] [Cx6x86MX] 3322222222 2 2 1 1 1 1 1 1 11 1 1 1098765432 1 0 9 8 7 6 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- I A V R N IO O D I T S Z A P C 0000000000 D 0 0 C M F 0 T PL F F F F F F 0 F 0 F 1 F ----------------------------------------------------- [i486 SX,DX,DX2] [OverDrive] [M5,M6,M7] [AMD Am486DX/DXL/DX2/DXL2 ] etc [IBM BL486DX/DX2] [Cx486SLC/DLC/SLC2/DLC2] [NexGen Nx586] 3322222222 2 2 1 1 1 1 1 1 11 1 1 1098765432 1 0 9 8 7 6 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- A V R N IO O D I T S Z A P C 0000000000 0 0 0 C M F 0 T PL F F F F F F 0 F 0 F 1 F ----------------------------------------------------- [i386 SX,DX,CX,EX] [AMD Am386 ] [C&T 38600 ] etc [IBM 486SLC2] 3322222222 2 2 1 1 1 1 1 1 11 1 1 1098765432 1 0 9 8 7 6 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- V R N IO O D I T S Z A P C 0000000000 0 0 0 0 M F 0 T PL F F F F F F 0 F 0 F 1 F ----------------------------------------------------- [i376] 3322222222 2 2 1 1 1 1 1 1 11 1 1 1098765432 1 0 9 8 7 6 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- R N IO O D I T S Z A P C 0000000000 0 0 0 0 0 F 0 T PL F F F F F F 0 F 0 F 1 F ----------------------------------------------------- [i286 and all clones] 1 1 11 1 1 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ------------------------------ N IO O D I T S Z A P C 0 T PL F F F F F F 0 F 0 F 1 F ------------------------------ [NEC/Sony V20/V30] 1 1 1 1 1 1 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 ------------------------------- M O D I T S Z A P C D 1 1 1 F F F F F F 0 F 0 F 1 F ------------------------------- [80x186 ,EA,EB,EC,XL] [8086/88 and all clones] 1 1 1 1 1 1 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 ------------------------------- O D I T S Z A P C 1 1 1 1 F F F F F F 0 F 0 F 1 F ------------------------------- Flags Summary: ID - Identification Flag VIP - Virtual Interrupt Pending VIF - Virtual Interrupt Flag AC - Align Check VM - Virtual 8086 Mode RF - Resume Flag MD - Mode Flag NT - Nested Task flag IOPL - Input/Output Privelege Level OF - Overflow Flag DF - Direction Flag IF - Interrupt Flag TF - Trap Flag SF - Sign Flag ZF - Zero Flag AF - Auxiliary Carry Flag PF - Parity Flag CF - Carry Flag --------------------------------------------------- APPENDIX O OLD CONTROL REGISTERS FORMAT (CR0-CR3) +---------+ | CR0 | +---------+ [Pentium P5] [Pentium P54C] [Pentium Pro] [Pentium II] [Pentium w/MMX] [Cx6x86MX] [Am6k86] [Am5k86] 3 3 2 2222222221 1 1 1 111111 1 0 9 8765432109 8 7 6 5432109876 5 4 3 2 1 0 --------------------------------------------- P C N A W N T E M P G D W 0000000000 M 0 P 0000000000 E 1 S M P E --------------------------------------------- [IntelDX4] [486DX/DX2, IntelDX4 ] 3 3 2 2222222221 1 1 1 111111 1 0 9 8765432109 8 7 6 5432109876 5 4 3 2 1 0 --------------------------------------------- P C N A W T M P G D W 0000000000 M 0 P 0000000000 * 1 S 1 P E --------------------------------------------- [Cx486SLC] 3 3 2 2222222221 1 1 1 111111 1 0 9 8765432109 8 7 6 5432109876 5 4 3 2 1 0 --------------------------------------------- P C A W T E M P G D 0 0000000000 M 0 P 0000000000 0 1 S M P E --------------------------------------------- [Cx486DLC] 3 3 2 2222222221 1 1 1 111111 1 0 9 8765432109 8 7 6 5432109876 5 4 3 2 1 0 --------------------------------------------- P C N A W E T E M P G D W 0000000000 M 0 P 0000000000 0 T S M P E --------------------------------------------- [Intel i486SX,SX2] 3 3 2 2222222221 1 1 1 111111 1 0 9 8765432109 8 7 6 5432109876 5 4 3 2 1 0 --------------------------------------------- P C N A W T E M P G D W 0000000000 M 0 P 0000000000 * 1 S M P E --------------------------------------------- [IBM 486SLC2] 3 32222222222111 1 111111 1 09876543210987 6 54321098765 4 3 2 1 0 --------------------------------------------- P W T E M P G 00000000000000 P 0000000000 1 S M P E --------------------------------------------- [Intel i386SX] 3 322222222221111111111 1 09876543210987654321098765 4 3 2 1 0 --------------------------------------------- P T E M P G 0000000000000000000000000 1 S M P E --------------------------------------------- [Intel i386DX] 3 322222222221111111111 1 09876543210987654321098765 4 3 2 1 0 --------------------------------------------- P E T E M P G 0000000000000000000000000 T S M P E --------------------------------------------- [80286] Note: None CR0, but MSW 111111 543210987654 3 2 1 0 --------------------- T E M P 000000000000 S M P E --------------------- PE - Protection Enable MP - Monitor Processor EM - Emulation TS - Task Switch ET - Extention Type NE - Numeric Exception WP - Write protect AM - Align Mode NW - No Write Throught CD - Cache Disable PG - Paging +--------+ | CR1 | +--------+ CR1 register not exist on x86 architecture. Usually aliased CR0. +--------+ | CR2 | +--------+ [386+] 3 322222222221111111111 1 0987654321098765432109876543210 --------------------------------- LAST_PAGE_FAULT_LINEAR_ADDRESS --------------------------------- +--------+ | CR3 | +--------+ [Intel i386xx] [Cyrix Cx486SLC] 33222222222211111111 11 10987654321098765432 109876543210 --------------------------------- PPPPPPPPPPPPPPPPPPPP %%%%%%%%%%%% DDDDDDDDDDDDDDDDDDDD BBBBBBBBBBBBBBBBBBBB RRRRRRRRRRRRRRRRRRRR --------------------------------- [Intel i486xx] [Cx6x86] [Cx6x86MX] [Pentium] [Pentium Pro] [Pentium II] [Pentium w/MMX] 33222222222211111111 11 10987654321098765432 1098765 4 3 210 ------------------------------------ PPPPPPPPPPPPPPPPPPPP %%%%%%% P P %%% DDDDDDDDDDDDDDDDDDDD C W BBBBBBBBBBBBBBBBBBBB D T RRRRRRRRRRRRRRRRRRRR ------------------------------------ PDBR - Page Directory Base Register PCD - Page Cache Disable PWT - Page Write Whrought --------------------------------------------------- APPENDIX P CR4 register format +-------+ | CR4 | +-------+ [Pentium Pro] [Pentium II] 3322222222221111111111 10987654321098765432109 8 7 6 5 4 3 2 1 0 ----------------------------------------- P P M P P D T P V 00000000000000000000000 C G C A S E S V M E E E E E D I E ---------------------------------------- [Cx6x86MX] 3322222222221111111111 10987654321098765432109 8 7 654 3 2 10 --------------------------------------- P P D T 00000000000000000000000 C G 000 E S 00 E E D --------------------------------------- [AMD Am5k86] [AMD Am6k86] 3322222222221111111111 109876543210987654321098 7 6 5 4 3 2 1 0 ---------------------------------------- P M P D T P V 000000000000000000000000 G C 0 S E S V M E E E D I E ---------------------------------------- [Pentium P5] [Pentium P54C] 3322222222221111111111 1098765432109876543210987 6 5 4 3 2 1 0 --------------------------------------- M P D T P V 0000000000000000000000000 C 0 S E S V M E E D I E ---------------------------------------- [IntelDX4] [486s SL Enhanced] 3322222222221111111111 109876543210987654321098765432 1 0 ---------------------------------- P V 000000000000000000000000000000 V M I E ---------------------------------- PCE - Perfomance Monitoring Counters Enabled PGE - Page Global Extension MCE - Machine Check Enable PAE - Physical Address Extention PSE - Page Size Extention DE - Debbuging Expection TSD - Time Stamp Disable PVI - Protected mode Virtual Interrupt VME - Virtual Mode Exception ------------------------------------------------------ APPENDIX Q TYPE OF INTEL'S SOCKETS Socket # Pins Vcc CPU OverDrive ---------------------------------------------- 1 169 5V i486SX IntelSX2 ODP i486DX IntelDX2 ODP ---------------------------------------------- 2 238 5V i486SX IntelSX2 ODP i486DX IntelDX2 ODP i486DX2 IntelDX4 ODP Pentium ODP (P24T) ---------------------------------------------- 3 237 3/5V i486SX IntelSX2 ODP i486DX IntelDX2 ODP i486DX2 IntelDX4 ODP i486SX2 Pentium ODP (P24T) IntelDX4 ---------------------------------------------- 4 273 5V Pentium (P5) Pentium ODP (P5T) ---------------------------------------------- 5 320 3V Pentium (P54C) Pentium ODP (P54T) ---------------------------------------------- 6 235 3V IntelDX4 Pentium ODP (P24T) ---------------------------------------------- 7 321 3V Pentium (P54C) Pentium ODP (P54T) Pentium (P55C) ---------------------------------------------- 8 387 12,5,3 Pentium Pro(P6) Pentium Pro ODP (P6T) ---------------------------------------------- ---------------------------------------------- Slot # Pins Vcc CPU Overdrive ---------------------------------------------- 1 Pentium II ---------------------------------------------- ------------------------------------------------------ APPENDIX R UNDEFINED FLAGS See CPUUTIL.ZIP for UFLAGS.COM !! Hey, Guys! Do You really think about set of 80x86 CPU cores and "That's mean UNDEFINED FLAGS?". --- Where black Wizardry trying to hide? ---- So, we look some deeper and again comes to 2nd principle of Thaumaturgy: "Once Together, Always Together". 1) Do You Ask Yourself: "How many 80x86 base cores are?" Let's discuss about definitions: What's mean "base core"? "Base core" mean: same core clock for instructions, same undefined features e.t.c., and was produced many CPUs this type. (so, i486DX2 and i486DX have same core), (but i486DX2 and IntelDX4 have differ (cos MUL time +etc.). (i486SX integer core is look like i486DX core without NPX and all things joined with it). So we have next list of Main Base Cores: 8086/8088 (186s skipped) 286 386 (have some differents on vendors) Cx486SLC/Cx486DX (and all clones like TI486SXL) i486 UMC U5S Cyrix Cx5x86 (M1sc) Pentium NexGen Nx5x86 Cyrix Cx6x86 (M1) AMD Am5k86 Pentium Pro Of course one Main Base Core have many CPUs which have differents between self, for example: TI486SXL have Cx486DLC Base Core. This Base Cores is relative, of course. (We may discuss Where to push C&T 38600DX etc., but it doesn't matter) 2) How many situation with Undefined Flags exists? Not too many, as You think: MUL DIV IMUL IDIV NEG (ZF) AND/OR/XOR/etc (AF) Shift/Rotates (OF) and some more. 3) What's To Do? Let's make next experiment: AH = 0 AH -> FLG PERFORM TEST SEQUENCE FLG -> AH GET RESULT # 1 AH = FF AH -> FLG PERFORM TEST SEQUENCE FLG -> AH GET RESULT # 2 ANALYSING RESULTS. (WHICH BIT PASSED, WHICH DRIVEN BY INSTRUCTION Main Test Sequences are: MUL: mov ax,0000h mov bx,1234h mul bx DIV: mov ax,1234h mov bl,22h div bl IMUL: mov ax,0092h mov bl,22h imul bl IDIV: mov ax,0ffeeh mov bl,22h idiv bl LOG: mov ax,0ff00h mov bx,0f0fh and ax,bx 4) Result: Here placed summary of Undefined flag analysis on CPUs. ------------------------------------------------------------------------ CPU ------------- Sequence ------------- CORE MUL DIV IMUL IDIV LOG Note ------------------------------------------------------------------------ 286 ALL ALL ALL ALL ALL as 386,i486 DRIVEN DRIVEN DRIVEN DRIVEN DRIVEN ------------------------------------------------------------------------ 386 ALL ALL ALL ALL ALL as 286,i486 DRIVEN DRIVEN DRIVEN DRIVEN DRIVEN ------------------------------------------------------------------------ i486 ALL ALL ALL ALL ALL as 286,386 DRIVEN DRIVEN DRIVEN DRIVEN DRIVEN ------------------------------------------------------------------------ Cx486SLC Z,S,P,A ALL Z,S,P,A ALL AF PASSED PASSED PASSED PASSSED PASSED ------------------------------------------------------------------------ UMC U5S Z,S,P,A ALL Z,S,P,A ALL ALL PASSED PASSED PASSED PASSED DRIVEN ------------------------------------------------------------------------ Cx5x86 P,A C,O,P,A P,A C,O,P,A ALL PASSED PASSED PASSED PASSED DRIVEN ------------------------------------------------------------------------ Pentium Z,S,P,A ALL Z,S,P,A ALL ALL as Pentium Pro PASSED DRIVEN PASSED DRIVEN DRIVEN ------------------------------------------------------------------------ Nx5x86 ???? ???? ???? ???? ???? Somebody who have ???? ???? ???? ???? ???? NexGen please contact Me. ------------------------------------------------------------------------- Cx6x86 ALL C,O ALL C,O ALL DRIVEN PASSED DRIVEN PASSED DRIVEN ------------------------------------------------------------------------ Am5k86 Z,S,P,A C,O Z,S,P,A C,O ALL PASSED PASSED PASSED PASSED DRIVEN ------------------------------------------------------------------------ Pentium Pro Z,S,P,A ALL Z,S,P,A ALL ALL as Pentium PASSED DRIVEN PASSED DRIVEN DRIVEN PASSED DRIVEN PASSED DRIVEN DRIVEN ------------------------------------------------------------------------ Really Interesting Story? It' just an simple Episode of CPU Life. Copyright (C) Potemkin's Hackers Group 1996. Absolutely No Warranty On Chips beheiveour. Note: See utilites, included to this OPCODE.LST for getting UNDEFINED FLAGS on Your processor. --------------------------------------------------- APPENDIX S FLOATING POINT REGISTERS FORMATS +-------+ | CW | +-------+ [8087] 1111 1 11 6543 2 10 98 7 6 5 4 3 2 1 0 ---------------------------- %%%% I RR PP I % P U O Z D I C CC CC E M M M M M M M ---------------------------- [80287] 1111 1 11 6543 2 10 98 76 5 4 3 2 1 0 --------------------------- %%%% I RR PP %% P U O Z D I C CC CC M M M M M M --------------------------- [287XL/XLT,387SX/DX and all build-in FPUs] 11111 11 65432 10 98 76 5 4 3 2 1 0 ---------------------------- %%%%% RR PP %% P U O Z D I CC CC M M M M M M ---------------------------- IC - Infinity Control if =0 Infinity is Projective if =1 Infinity is Affine RC - Round Control 00 - Round to nearest or soon 01 - Round down (toward -infinity) 10 - Round up (toward +infinity) 11 - Chop (Truncate toward 0) PC - Precension Control 00 - 24 bit 01 - Reserved 10 - 53 bit 11 - 64 bit IEM - Interrupt Mask Enable 0 - Interrupts Enable 1 - Interrupts Disable PM - Precension mask UM - Underflow mask OM - Overflow Mask ZM - Zero Maks DM - Denormalized operand mask IM - Invalid Operation Mask All other F.P registers: ST(i), TAGS, SW have same format on all FPUs. Present some different in FPU environment, but now is no time for describe it here. --------------------------------------------------------- --------------------------------------------------------- [Credits]: 1) THANX specially for/to Martin Malik and RealSoft. (malik@elf.stuba.sk) Cyrix's CPUs type data. Some Vendors strings for CPUID. P54M ID code Part of This Kind of Info (C) RealSoft. 2) THANX to Grzegorz Mazur for His Interest to CPU identification and to Cyrix-Vendor CPUs. 3) THANX to Bas van Sisseren He always looks this doc for 'ERORRS'. 4) THANX to all people from Intel, AMD, TI, Cyrix, UMC, who helped with information and CPU samples. 5) THANX to all, who send notes, testing CPUs with PHG tools ---------------------------------------------------------- [2 person]: -> Craig Hart and Australian Hackers. Did You found IAL yet? -> Raul Mate Galan (Spain): What's about cachemeter? -> Martin Malik: What's they implemented in next CPUID EAX ?!!? (with AMD).!!! ----------------------------------------------------------- Q&A: Q. - How to find latest version of OPCODE.LST ? A. - You may find it within Ralf's INTERxx.ZIP. Q. - Did PHG have WWW page, where placed OPCODE.LST ? A. - Unfortunetly, No. But may be You want to create this page? Mail us. ----------------------------------------------------------- [2 All] If You found some errors or incorrections in this text please send info 'bout it. ----------------------------------------------------------- [Internal] Thanx for Urri, Stas, Afo, Kernel.3,Den96 and all other numbers of Potemkin's Hackers Group. - - - - - - - - - - - - - - Special Thanks for AX (MISA). ------------------------------------------------------------ Sorry, But EOF