mazegen / x86reference Goto Github PK

For example INCSSPD.
Search the manual for "CET_SS".

In the Table "32/64-bit ModR/M Byte", for Mod=00, R/M=001 the effective address is listed as "[RCX/EDX]+disp8". This is incorrect, it should be "[RCX/ECX]+disp8". (I.e. with 32-bit operands the base register remains ECX.)

This is verified both by the correct listing in the table below, "32-bit ModR/M Byte", as well as Intel's official manual.

It's a typo. Relevant link: http://ref.x86asm.net/coder64.html#modrm_byte_32_64

Reported by d0sboots.

Suggested by fuzxxl:

In early steppings of the 80386, opcodes 0f a6 (xbts) and 0f a7 (ibts) existed. These were removed later on.

Ralf Brown's interrupt list claims that they were present in early versions of the Intel manuals for 80386, googling yielded documentation
with timings and behaviour.

Add "system" instructions and prefixes

INVPCID		Invalidate Process-Context Identifier (ring 0)
PREFETCHW	Prefetch Data into Caches in Anticipation of a Write (note: all flags are affected)
PREFETCHWT1	Prefetch Vector Data Into Caches with Intent to Write and T1 Hint (note: all flags are affected)
RDFSBASE	Read FS Segment Base
RDGSBASE	Read GS Segment Base
WRFSBASE	Write FS Segment Base
WRGSBASE	Write GS Segment Base
RDRAND		Read Random Number (note: all flags are affected)
RDSEED		Read Random SEED (note: all flags are affected)
XACQUIRE	Hardware Lock Elision Prefix Hint
XRELEASE	Hardware Lock Elision Prefix Hint
XRSTORS		Restore Processor Extended States Supervisor (ring 0)
XRSTORS64
XSAVEC		Save Processor Extended States with Compaction
XSAVEC64
XSAVEOPT	Save Processor Extended States Optimized
XSAVEOPT64
XSAVES		Save Processor Extended States Supervisor
XSAVES64

HLE/RTM:

XBEGIN	Transactional Begin
XABORT	Transactional Abort
XEND	Transactional End

NP 0F 01 D6 XTEST   Test if in Transactional Execution

OSPKE:

RDPKRU	Read Protection Key Rights for User Pages
WRPKRU	Write Data to User Page Key Register

SGX1:

ENCLS	Execute an Enclave System Function of Specified Leaf Number
ENCLU	Execute an Enclave User Function of Specified Leaf Number

CLFLUSHOPT encoded as NFx 66 0F AE /7 CLFLUSHOPT m8 needs to be added. Comes with its own CPUID feature flag CLFLUSHOPT.

Also:

CLDEMOTE
CLWB

Reported by Kashio.

See:

• https://forum.vcfed.org/index.php?threads/i-found-the-saveall-opcode.71519/
• https://sandpile.org/x86/opc_2.htm

Search the manual for "GFNI" instructions like GF2P8MULB.

The proc 03 means 80387 in case of FPU instructions.

Discontinued instruction extension, low priority.

https://en.wikipedia.org/wiki/Intel_MPX
https://linasm.sourceforge.net/docs/instructions/mpx.php

List:

BNDMK	Create a LowerBound and a UpperBound in a register
BNDCL	Check the address of a memory reference against a LowerBound
BNDCU	Check the address of a memory reference against an UpperBound in 1’s compliment form
BNDCN	Check the address of a memory reference against an UpperBound not in 1’s compliment form
BNDMOV	Load from memory or store to memory of the LowerBound and UpperBound to a register or from a register
BNDLDX	Load bounds using address translation
BNDSTX	Store bounds using address translation

https://en.wikipedia.org/wiki/Intel_ADX

List:

ADCX   Unsigned Integer Addition of Two Operands with Carry Flag
ADOX   Unsigned Integer Addition of Two Operands with Overflow Flag

Work in progress. Not sure when it will be finished.

Correct the description of bs to "Byte, sign-extended to the size of the destination operand."

https://en.wikipedia.org/wiki/Advanced_Matrix_Extensions
https://en.wikichip.org/wiki/x86/amx

And search Intel manual for "AMX".

62h is no longer invalid on CPUs that support AVX-512, AVX10 or APX. Instead, it's the first byte of the EVEX prefix.

https://en.wikipedia.org/wiki/AES_instruction_set#x86_architecture_processors

List:

AESENC      Perform one round of an AES encryption flow
AESENCLAST      Perform the last round of an AES encryption flow
AESDEC      Perform one round of an AES decryption flow
AESDECLAST      Perform the last round of an AES decryption flow
AESKEYGENASSIST      Assist in AES round key generation

There are more of them. See the manual for all instructions that start with "AES".

There's another related group of instructions missing, AES Key Locker instructions. Search the manual for "AESKLE". The are:

AESDEC128KL
AESDEC256KL
AESDECWIDE128KL
AESDECWIDE256KL
AESENC128KL
AESENC256KL
AESENCWIDE128KL
AESENCWIDE256KL
ENCODEKEY128
ENCODEKEY256

(Reported by Kashio. His arguments are correct, the "processor family" codes comes from the past when the classification was simpler.)

The processor family which describes the instruction's introductory processor doesn't make sense.
The list of available families right now are:

00: 8086
01: 80186
02: 80286
03: 80386
04: 80486
P1 (05): Pentium (1)
PX (06): Pentium with MMX
PP (07): Pentium Pro
P2 (08): Pentium II
P3 (09): Pentium III
P4 (10): Pentium 4
C1 (11): Core (1)
C2 (12): Core 2
C7 (13): Core i7
IT (99): Itanium (only geek editions)

Let's take for example instruction CLFLUSHOPT which was introduced in:

Skylake (server)
Skylake (client)
Goldmont

According to https://en.wikichip.org/wiki/x86/persistent_memory_extensions

Now, these are the microarchitectures supporting this instruction, while there can be skylake i3, there could also be skylake i5 and i7 depending on the manufacture process of a cpu it can be downgraded to any of these and will have disabled cores.

So unless I'm missing something here on what how these codes relates to the instruction introductory process, I think it should be changed to a list of instruction introductory microarchitecture and the family could vary, but it doesn't depend on the family.

It might be correct for the very first instructions where the jump from 80286 -> 80386 just introduced more instructions (and other stuff) but I think this rule breaks down later on, so I think it needs to be revised.

Currently r/m16 operand is indicated (code w) but the manual indicates one more syntax:

    8E /r MOV Sreg,r/m16** RM Valid Valid Move r/m16 to segment register.

REX.W + 8E /r MOV Sreg,r/m64** RM Valid Valid Move lower 16 bits of r/m64 to segment register.

This needs to be fixed by introducing new type wqp: "Word, or quadword, promoted by REX.W in 64-bit mode".

And there's similar issue with 8C MOV Rvqp, Sw. It should be 8C MOV Rwqp, Sw.

Reported by Kashio.

See the "FSUB/FSUBP/FISUB—Subtract" entry in Intel manual. The operands are the same like in case of no-operand FSUBP.

Initially reported by bdwashbu.

Add new XML attribute rexw because there's no other way how to tell apart the *64 variants (the operand types are not suitable for that).

It will be similar to planned vexw and vexl attributes planned for VEX entries.

Original wrong idea: Reuse pref element with new REXW pseudoconstant. The REXW doesn't mean value 0x48 but only the W bit in REX, if REX is present.

Reported by Kashio.