10

The Intel® 64 and IA-32 Software Developer's Manual, Volume 2A, Section 3.1.1.1 mentions the notation ct to denote a 10-byte value following the opcode. I am however unable to find any instruction which is annotated with it. Am I missing something or are there no instructions taking a 10-byte immediate value?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Trillian
  • 6,207
  • 1
  • 26
  • 36
  • I'm not aware of one. There is no x86-64 [`jmp ptr16:64` encoding](http://felixcloutier.com/x86/JMP.html), only for 16 and 32-bit mode like `jmp ptr16:32`. x86-64 only has indirect far jmp with the seg:offset from memory. – Peter Cordes Jul 24 '18 at 13:51
  • EA and 9A in 64bit mode don't even "fail with 10byte imm" (that is, they can be 7 bytes before an inaccessible page and still fail with Illegal Instruction instead of Access Violation) – harold Jul 24 '18 at 13:54
  • t is the datatype for 80-bit floating point numbers. Perhaps this notation just exists for the sake of completeness? – fuz Jul 24 '18 at 14:15
  • 2
    @fuz: I was thinking about TBYTE as well, but here we aren't really talking about the usual datatypes on which the CPU operates as data, but about raw bytes sequences included in the instruction encoding - for example, there's even `cp` that is a 6-byte value; immediates use a different notation (`ib`, `iw`, `id`, `io`). BTW, even the `co` (8 byte sequence) value seem to be unused. I agree however that it probably is just for the sake of completeness. – Matteo Italia Jul 24 '18 at 14:23
  • @MatteoItalia co is used for `mov r,i64`, i.e. instructions like `48 b8 ef cd ab 89 67 45 23 01`. – fuz Jul 24 '18 at 15:05
  • 1
    @fuz: http://felixcloutier.com/x86/MOV.html uses `io`, not `co`, for `mov r64, imm64`. – Peter Cordes Jul 24 '18 at 15:13
  • Looking at my old manual PDFs, the **ct** opcode code was add to the manual sometime between 2004 (revision 14) and March 2006 (revision 19) during which time the 64-bit instructions were added. – Ross Ridge Jul 24 '18 at 15:36
  • @Matteo, good catch that `co` is also unused. That makes it more likely that the notation only exists for completeness' sake. – Trillian Jul 25 '18 at 05:24

1 Answers1

6

As far as I know, there is no such instruction.

There are no instructions that take floating-point immediates, especially not x87 10-byte long double, so it's definitely not a TBYTE FP operand.

32-bit has jmp ptr16:32 and call, absolute direct far jump with a 6-byte immediate destination (cp). But x86-64 doesn't have an encoding for call or jmp ptr16:64. (Only memory-indirect with a 10-byte seg:offset loaded from memory).

@Harold says the EA and 9A opcodes (direct far jmp/call) in 64-bit mode fault as an illegal instruction even if they're 7 bytes before an inaccessible page, rather than trying to read a 10-byte immediate an faulting with an Access Violation)

@Matteo notes that regular immediates use ib / iw / id / io. (For example, mov r64, imm64 REX.W + B8 + rd io.) Intel's manual for the moffs forms of MOV only lists the opcode, not the 8-byte immediate absolute address format.

Anyway cp is a 6-byte seg:ptr32 pair, used for jmp/call encodings. cd is a 4-byte seg:ptr16. x86 doesn't have an absolute direct near jump, so we can't see if co would be used for that.

It seems likely that ct was just added to the manual by someone who forgot that jmp ptr16:64 didn't exist, or in case they ever wanted to describe something like that outside of an instruction format. IDK if it gets used in the description of a data in memory in some other section of Intel's manual, but there are no instructions I'm aware of that have 10 bytes of immediate data.

The most is 8, for mov r64, imm64 or movabs [mem], al/ax/eax/rax (or the load form). Also many instructions can have an imm32 and a disp32, but that's two separate values.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
  • But how does that make it "complete"? One possibility is that there is an undocumented instruction that takes a 10-byte immediate. – Hadi Brais Jul 24 '18 at 15:22
  • 2
    @HadiBrais: reworded to what I meant to say. – Peter Cordes Jul 24 '18 at 15:25
  • 1
    Thanks! That is also my conclusion. We might never know whether it was originally intended to be used for an instruction that never made it to the official instruction set. – Trillian Jul 25 '18 at 05:21
  • @Trillian: happened to be looking at this Q&A again. Remember that AMD designed AMD64. When Intel was documenting IA-32e / Intel64 / whatever else they call it, they mostly weren't making up new instructions. Intel does of course make new extensions to the x86 ISA, and could have added a `jmp ptr16:64` opcode for 64-bit mode, or some other thing, when they were implementing x86-64. But it probably wouldn't get any use over something that works on all x86-64 CPUs including AMD's. – Peter Cordes Oct 26 '18 at 10:33