

# x86 Architecture Overview

*The IA-32 is the instruction set architecture (ISA) of Intel's most successful line of 32-bit processors, and the Intel 64 ISA is its extension into 64-bit processors. (Actually Intel 64 was invented by AMD, who called it x86-64). These notes summarize a few items of interest about these two ISAs. They in no way serve as a substitute for reading [Intel's manuals](#).*

## CONTENTS

IA-32 and x86-64 • x86-64 Architecture Diagram • Registers • Instruction Set • Addressing Memory • Flags Register • The System Developer's Manual

## IA-32 and x86-64

The two massively popular architectures IA-32 and x86-84 are so common, they are described in a [single set of manuals](#).

The following notes briefly summarize the latter architecture only.

## x86-64 Architecture Diagram

The basic architecture of the x86-64 is described in [Volume 1 of the System Developer's Manual](#). The following diagram is taken directly from Chapter 3 in this volume:



# Registers

Application Programmers generally use only the general purpose registers, floating point registers, XMM, and YMM registers.

## General Purpose Registers

These are 64 bits wide and used for integer arithmetic and logic, and to hold both data and pointers to memory. The registers are called R0...R15. Also:

- You can access the lower order 32-bits of each register using the names R0D...R15D. The “D” stands for “doubleword” because strangely, the word “word” on this platform refers to a 16-bit quantity. Why? Backward compatibility! The x86-64 grew out of a 16-bit processor family created in the 1970s.
- You can access the lower order 16-bits of each register using the names R0W...R15W.
- You can access the lower order 8-bits of each register using the names R0B...R15B.
- R0...R7 have aliases RAX, RCX, RBX, RDX, RSP, RBP, RSI, RDI, respectively.
- R0D...R7D have aliases EAX, ECX, EBX, EDX, ESP, EBP, ESI, EDI, respectively.
- R0W...R7W have aliases AX, CX, BX, DX, SP, BP, SI, DI, respectively.
- R0B...R7B have aliases AL, CL, BL, DL, SPL, BPL, SIL, DIL, respectively.

## RIP and RFLAGS

RIP is the instruction pointer and RFAGS is the flags register.

## Segment Registers

These are CS, DS, SS, ES, FS, and GS. I haven't used them in 64-bit programming.

## XMM Registers

These are 128-bits wide. They are named XMM0...XMM15. Use them for floating-point and integer arithmetic. You can do operations on 128-bit integers, but you can also take advantage of their ability to do operations in parallel:

- Two 64-bit integer operations in parallel

- Four 32-bit integer operations in parallel
- Eight 16-bit integer operations in parallel
- Sixteen 8-bit integer operations in parallel
- Two 64-bit floating-point operations in parallel
- Four 32-bit floating-point operations in parallel

## YMM Registers

These are 256-bits wide. They are named YMM0...YMM15. Use them for floating-point arithmetic. You can do:

- Four 64-bit floating-point operations in parallel
- Eight 32-bit floating-point operations in parallel

and some other crazy things.

## FPU Registers

There are eight registers used for computing with 80-bit floating point values. The registers don't have names because they are used in a stack-like fashion.

## Other Registers

Application programmers can remain oblivious of the rest of the registers:

- The 8 32-bit **processor control registers**: CR0, CR1, CR2, CR3, CR4, CR5, CR6, CR7. The lower 16 bits of CR0 is called the Machine Status Word (MSW).
- The 4 16-bit **table registers**: GDTR, IDTR, LDTR and TR.
- The 8 32-bit **debug registers**: DR0, DR1, DR2, DR3, DR4, DR5, DR6 and DR7.
- The 5 test registers: TR3, TR4, TR5, TR6 and TR7.
- The **memory type range registers**
- The **machine specific registers**
- The **machine check registers**

# Instruction Set

See the SDM Volume 1, Chapter 5 for a nice overview of **all** of the processor instructions and Volume 2 for complete information.

The following table shows most of the available instructions, using the instruction names as specified in the Intel syntax. Not every processor supports every instruction, of course.

The vertical bar means OR, the square brackets mean OPTIONAL, and parentheses are used for grouping. For example:

- SH(L|R)[D] stands for SHL , SHR , SHLD , SHRD .
- PUSH[A[D]] stands for PUSH , PUSHA , PUSHAD .

| INTEGER                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | FPU                                                                                                                                                                                                                                                                                                                                                                                                                     | SSE                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | SSE2                                                                                                                                                                                                                                                                                                                                                                     |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| MOV<br>CMOV[N]((L G A B)[E] E Z S C O P)<br>XCHG<br>BSWAP<br>XADD<br>CMPXCHG[8B]<br>PUSH[A[D]]   POP[A[D]]<br>IN   OUT<br>CBW   CWDE   CWD   CDQ<br>MOVSX   MOVZX<br><br>ADD   ADC<br>SUB   SBB<br>[I]MUL<br>[I]DIV<br>INC   DEC<br>NEG<br>CMP<br><br>DAA   DAS<br>AAA   AAS   AAM   AAD<br><br>AND   OR   XOR   NOT<br><br>SH(L R)[D]<br>SA(L R)<br>RO(L R)<br>RC(L R)<br><br>BT[S R C]<br>BS(F R)<br>SET[N]((L G A B)[E] E Z S C O P)<br>TEST<br><br>JMP<br>J[N]((L G A B)[E] E Z S C O P)<br>J[E]CXZ<br>LOOP[N][Z E]<br>CALL   RET<br>INT[O]   IRET<br>ENTER   LEAVE | F[I]LD<br>F[I]ST[P]<br>FBLD<br>FBSTP<br>FXCH<br>FCMOV[N](E B BE U)<br><br>FADD[P]<br>FIADD<br>FSUB[R][P]<br>FISUB[R]<br>FMUL[P]<br>FIMUL<br>FDIV[R][P]<br>FIDIV[R]<br>FPREM[1]<br>FABS<br>FCHS<br>FRNDINT<br>FSCALE<br>FSQRT<br>FXTRACT<br><br>F[U]COM[P][P]<br><br>FICOM[P]<br>F[U]COMI[P]<br>FTST<br>FXAM<br><br>FSIN<br>FCOS<br>FSINCOS<br>FPTAN<br>FPATAN<br>F2XM1<br>FYL2X<br>FYL2XP1<br><br>FLD1<br>FLDZ<br>FLDPI | MOV(A U)PS<br>MOV(H HL L LH)PS<br>MOVSS<br>MOVMSKPS<br><br>ADD(P S)S<br>SUB(P S)S<br>MUL(P S)S<br>DIV(P S)S<br>RCP(P S)S<br>SQRT(P S)S<br>RSQRT(P S)S<br>MAX(P S)S<br>MIN(P S)S<br><br>CMP(P S)S<br>[U]COMISS<br><br>ANDPS<br>ANDNPS<br>ORPS<br>XORPS<br><br>SHUFPS<br>UNPCK(H L)PS<br><br>CVT(PI DQ)2PD<br>CVT[T]PD2(PI DQ)<br><br>CVTPI2PS<br>CVT[T]PS2PI<br>CVTSI2SS<br>CVT[T]SS2SI<br><br>PAVG(B W)<br>PEXTRW<br>PINSRW<br>P(MIN MAX)(UB SW)<br>PMOVMSKB<br>PMULHUW<br>PSADBW<br>PSHUFW<br><br>LDMXCSR | MOV(A U)PD<br>MOV(H L)PD<br>MOVSD<br>MOVMSKPD<br><br>ADD(P S)D<br>SUB(P S)D<br>MUL(P S)D<br>DIV(P S)D<br>SQRT(P S)D<br>MAX(P S)D<br>MIN(P S)D<br><br>CMP(P S)D<br>[U]COMISD<br><br>ANDPD<br>ANDNPD<br>ORPD<br>XORPD<br><br>SHUFPD<br>UNPCK(H L)PD<br><br>CVT[T]PS2DQ<br>CVTSS2SD<br>CVTSD2SS<br><br>MOVDQ(A U)<br>MOVQ2DQ<br>MOVDQ2Q<br>PUNPCK(H L)QDQ<br>PADDQ<br>PSUBQ |

| BOUND<br><br>MOVS[B W D]<br>CMPS[B W D]<br>SCAS[B W D]<br>LODS[B W D]<br>STOS[B W D]<br>INS[B W D]<br>OUTS[B W D]<br>REP[N][Z E]<br><br>STC   CLC   CMC<br>STD   CLD<br>STI   CLI<br>LAHF   SAHF<br>PUSHF[D]   POPF[D]<br><br>LDS   LES   LFS   LGS   LSS<br><br>LEA<br>NOP<br>UD2<br>XLAT[B]<br>CPUID | FLDL2E<br>FLDLN2<br>FLDL2T<br>FLDLG2<br><br>FINCSTP<br>FDECSTP<br>FFREE<br>F[N]INIT<br>F[N]CLEX<br>F[N]STCW<br>FLDCW<br>F[N]STENV<br>FLDENV<br>F[N]SAVE<br>FRSTOR<br>F[N]STSWS<br>FWAIT   WAIT<br>FNOP<br><br>FXSAVE<br>FXRSTOR                                                   | STMCSR<br><br>MASKMOVQ<br>MOVNT(Q PS)<br>PREFETCHT(0 1 2)<br>PREFETCHNTA<br>SFENCE                                     | PMULUDQ<br>PSHUF(LW HW D)<br>PS(L R)LDQ<br><br>MASKMOVDQU<br>MOVNT(PD DQ I)<br>CLFLUSH<br>LFENCE<br>MFENCE<br>PAUSE                                                                                                                                                                                                                                                                     |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| SYSTEM                                                                                                                                                                                                                                                                                                 | MMX                                                                                                                                                                                                                                                                               | SSE3                                                                                                                   | SSE4                                                                                                                                                                                                                                                                                                                                                                                    |
| LGDT   SGDT<br>LLDT   SLDT<br>LTR   STR<br>LIDT   SIDT<br>MSW   SMSW<br>CLTS<br>ARPL<br>LAR<br>LSL<br>VERR   VERW<br>INVD   WBINVD<br>INVLPG<br>LOCK<br>HLT<br>RSM<br>RDMSR   WRMSR<br>RDPMC<br>RDTSC<br>SYSENTER<br>SYSEXIT                                                                           | MOVD<br>MOVQ<br><br>PACKSS(WB DW)<br>PACKUSWB<br>PUNPCK(H L)(BW WD DQ)<br><br>PADD(B W D)<br>PADD(S US)(B W)<br>PSUB(B W D)<br>PSUB(S US)(B W)<br>PMUL(H L)W<br>PMADDWD<br>PCMP(EQ GT)(B W D)<br><br>PAND<br>PANDN<br>POR<br>PXOR<br><br>PS(L R)L(W D Q)<br>PSRA(W D)<br><br>EMMS | FISTTP<br>LDDQU<br>ADDSUBP(S D)<br><br>HADDP(S D)<br>HSUBP(S D)<br><br>MOVS(H L)DUP<br>MOVDDUP<br><br>MONITOR<br>MWAIT | PMUL(LD DQ)<br>DPP(D S)<br><br>MOVNTDQA<br><br>BLEND[V](PD PS)<br>PBLEND(VB W)<br><br>PMIN(UW UD SB SD)<br>PMAX(UW UD SB SD)<br><br>ROUND(P S)(S D)<br><br>EXTRACTPS<br>INSERTPS<br>PINSR(B D Q)<br>PEXTR(B W D Q)<br>PMOV(S Z)X(BW BD WD BQ WQ DQ)<br><br>MPSADBW<br><br>PHMINPOSUW<br><br>PTEST<br><br>PCMPEQQ<br>PACKUSDW<br><br>PCMP(E I)STR(I M)<br>PCMPGTQ<br><br>CRC32<br>POPCNT |
| 64-BIT MODE                                                                                                                                                                                                                                                                                            | VIRTUAL MACHINE                                                                                                                                                                                                                                                                   | SSSE3                                                                                                                  | AESNI                                                                                                                                                                                                                                                                                                                                                                                   |
| CDQE<br>CMPSQ<br>CMPXCHG16B<br>LODSQ<br>MOVSQ<br>MOVZX<br>STOSQ<br>SWAPGS<br>SYSCALL                                                                                                                                                                                                                   | VMPTRLD<br>VPTIRST<br>VMCLEAR<br>VMREAD<br>VMWRITE<br>VMCALL<br>VMLAUNCH<br>VMRESUME<br>VMXOFF                                                                                                                                                                                    | PHADD(W SW D)<br>PHSUB(W SW D)<br>PABS(B W D)<br>PMADDUBSW<br>PMULHRSW<br>PSHUFB<br>PSIGN(B W D)<br>PALIGNR            | AESDEC[LAST]<br>AESENCP[LAST]<br>AESIMC<br>AESKEYGENASSIST<br>PCLMULQDQ                                                                                                                                                                                                                                                                                                                 |

|        |                            |  |  |
|--------|----------------------------|--|--|
| SYSRET | VMXON<br>INVEPT<br>INVVPID |  |  |
|--------|----------------------------|--|--|

# Addressing Memory

In protected mode, applications can choose a flat or segmented memory model (see the SDM Volume 1, Chapter 3 for details); in real mode only a 16-bit segmented model is available. Most programmers will only use protected mode and a flat-memory model, so that's all we'll discuss here.

A memory reference has four parts and is often written as

[SELECTOR : BASE + INDEX \* SCALE + OFFSET]

The selector is one of the six segment registers; the base is one of the eight general purpose registers; the index is any of the general purpose registers except ESP; the scale is 1, 2, 4, or 8; and the offset is any 32-bit number. (Example: [fs:ecx+esi\*8+93221].) The minimal reference consists of only a base register or only an offset; a scale can only appear if there is an index present.

Sometimes the memory reference is written like this:

```
selector  
offset(base,index,scale)
```

## Data Types

The data types are

| Type name  | Number of bits | Bit indices |
|------------|----------------|-------------|
| Byte       | 8              | 7..0        |
| Word       | 16             | 15..0       |
| Doubleword | 32             | 32..0       |
| Quadword   | 64             | 63..0       |

Doublequadword 128 127..0

# Little Endianness

The IA-32 is little endian, meaning the least significant bytes come first in memory. For example:

|   |    |
|---|----|
| 0 | 12 |
| 1 | 31 |
| 2 | CB |
| 3 | 74 |
| 4 | 67 |
| 5 | 45 |
| 6 | 0B |
| 7 | 23 |
| 8 | A4 |
| 9 | 1F |
| A | 36 |
| B | 06 |
| C | FE |
| D | 7A |
| E | 12 |

byte @ 9 = 1F  
word @ B = FE06  
word @ 6 = 230B  
word @ 1 = CB31  
dword @ A = 7AFE0636  
qword @ 6 = 7AFE06361FA4230B  
word @ 2 = 74CB  
qword @ 3 = 361FA4230B456774  
dword @ 9 = FE06361F

Note that if you draw memory with the lowest bytes at the bottom, then it is easier to read these values!

# Flags Register

Many instructions cause the flags register to be updated. For example if you execute an `add` instruction and the sum is too big to fit into the destination register, the `Overflow` flag is set.

3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0

The flags are described in Section 3.4.3 of Volume 1 of the SDM. To determine how each instruction affects the flags, see Appendix A of Volume 1 of the SDM.

# The System Developer's Manual

The System Developer's Manual contains vast amounts of important information and is required reading for all assembly language programmers and backend compiler writers. The manual is split into several volumes; links to all volumes are [here](#). Highlights from Volumes 1 and 2:

- **Volume 1:**
    - Chapter 1 - About this manual
    - Chapter 2 - History of the IA-32 and Intel 64 architectures, a description of many of the microarchitectures and processors and technologies
    - Chapter 3 - Basic execution environment
    - Chapter 4 - Data types
    - Chapter 5 - Instruction set summary. Lists all instructions and a brief (but not precise) description of each. Instructions are grouped into convenient categories.
    - Chapter 6 - Details on calls and returns, and exceptions
    - Chapter 7 - All about general purpose instructions
    - Chapter 8 - All about FPU instructions
    - Chapter 9 - All about MMX instructions
    - Chapter 10 - All about SSE instructions
    - Chapter 11 - All about SSE2 instructions
    - Chapter 12 - All about SSE3, SSSE3, SSE4 and AESNI instructions
    - Chapter 13 - XSAVE
    - Chapter 14 - All about AVX, FMA, and AVX2 instructions

- Chapter 15 - AVX-512
  - Chapter 16 - All about transactional synchronization instructions
  - Chapter 17 - Memory protection extensions
  - Chapter 18 - All about I/O instructions
  - Chapter 19 - How to determine what processor you have, and what its features are
  - Appendix A - Shows which instructions affect which flags
  - Appendix B - Condition codes
  - Appendix C - Floating-point exceptions
  - Appendix D - Guidelines for writing x87 exception handlers
  - Appendix E - Guidelines for writing SIMD exception handlers
- **Volume 2:**
    - Chapter 1 - About this manual
    - Chapter 2 - Instruction formats
    - Chapter 3-5 - Instruction set reference: full description, and encodings, of *every* instruction with names beginning with A — L
    - Chapter 6 - Safer Mode Extensions Reference
    - Appendix A - Opcode map
    - Appendix B - Encoding summary
    - Appendix C - Compiler intrinsics