Developer's manual: 0x66 0xF2 instruction prefixes

Developer's manual: 0x66 0xF2 instruction prefixes

I'm reading "Intel® 64 and IA-32 Architectures Software Developer’s Manual" but I have a doubt about some opcode sequences.

Suppose to have this opcode sequence: "66 F2 0F 38 29 1E". According to Intel manual the opcodes sequence should be valid and the correct disasmed instruction is "repne pcmpeqq xmm3, xmmword ptr [esi]". I have seen some disassemblers mark the sequence as an invalid instruction; is there a specific 3 byte opcode table (256 entries defined by the 3° opcode) where "66F20F38" initial sequence is always invalid except for the 0xF0 and 0xF1 cases?

Thank you in advance

5 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

>>...I have seen some disassemblers mark the sequence as an invalid instruction...

If an application, which uses that instruction, does not crash and a disassembler shows that instruction is invalid than the disassembler does not support it. By the way, you didn't specify what these some disassemblers are?

Hi Sergey,

"If an application, which uses that instruction, does not crash and..."

Well, I don't want to manually test all the possible opcodes combination... I was just looking for a general approach to the problem. One is my personal disassembler and the name of the others is not relevant for this purpose.

Best regards

 

>>...I was just looking for a general approach to the problem....

A light Relational In-memory Database normalized to the 4th Normal Form that has all the information about Intel / AMD instructions. I wouldn't try to bring all that stuff into source codes.

The instruction prefixes can occur in any order, therefore the instruction disassembler must accept any order.

Reading the Intel64 - IA32 Instruction Reference:

2.1.1 Instruction Prefixes

Instruction prefixes are divided into four groups, each with a set of allowable prefix codes. For each instruction, it
is only useful to include up to one prefix code from each of the four groups (Groups 1, 2, 3, 4). Groups 1 through 4
may be placed in any order relative to each other.

• Group 1 — Lock and repeat prefixes:

• LOCK prefix is encoded using F0H
• REPNE/REPNZ prefix is encoded using F2H. Repeat-Not-Zero prefix applies only to string and
input/output instructions. (F2H is also used as a mandatory prefix for some instructions)

• REP or REPE/REPZ is encoded using F3H. Repeat prefix applies only to string and input/output instructions.(
F3H is also used as a mandatory prefix for some instructions)

• Group 2 — Segment override prefixes:

• 2EH—CS segment override (use with any branch instruction is reserved)
• 36H—SS segment override prefix (use with any branch instruction is reserved)
• 3EH—DS segment override prefix (use with any branch instruction is reserved)
• 26H—ES segment override prefix (use with any branch instruction is reserved)
• 64H—FS segment override prefix (use with any branch instruction is reserved)
• 65H—GS segment override prefix (use with any branch instruction is reserved)

— Branch hints:

• 2EH—Branch not taken (used only with Jcc instructions)
• 3EH—Branch taken (used only with Jcc instructions)

• Group 3

• Operand-size override prefix is encoded using 66H (66H is also used as a mandatory prefix for some
instructions).

• Group 4

• 67H—Address-size override prefix

The LOCK prefix (F0H) forces an operation that ensures exclusive use of shared memory in a multiprocessor environment.
See “LOCK—Assert LOCK# Signal Prefix” in Chapter 3, “Instruction Set Reference, A-L,” for a description
of this prefix.

Repeat prefixes (F2H, F3H) cause an instruction to be repeated for each element of a string. Use these prefixes only
with string and I/O instructions (MOVS, CMPS, SCAS, LODS, STOS, INS, and OUTS). Use of repeat prefixes and/or
undefined opcodes with other Intel 64 or IA-32 instructions is reserved; such use may cause unpredictable
behavior.

Some instructions may use F2H,F3H as a mandatory prefix to express distinct functionality. A mandatory prefix
generally should be placed after other optional prefixes (exception to this is discussed in Section 2.2.1, “REX
Prefixes”)

Branch hint prefixes (2EH, 3EH) allow a program to give a hint to the processor about the most likely code path for
a branch. Use these prefixes only with conditional branch instructions (Jcc). Other use of branch hint prefixes
and/or other undefined opcodes with Intel 64 or IA-32 instructions is reserved; such use may cause unpredictable
behavior.

The operand-size override prefix allows a program to switch between 16- and 32-bit operand sizes. Either size can
be the default; use of the prefix selects the non-default size.

Some SSE2/SSE3/SSSE3/SSE4 instructions and instructions using a three-byte sequence of primary opcode bytes
may use 66H as a mandatory prefix to express distinct functionality. A mandatory prefix generally should be placed
after other optional prefixes (exception to this is discussed in Section 2.2.1, “REX Prefixes”)

Other use of the 66H prefix is reserved; such use may cause unpredictable behavior.

The address-size override prefix (67H) allows programs to switch between 16- and 32-bit addressing. Either size
can be the default; the prefix selects the non-default size. Using this prefix and/or other undefined opcodes when
operands for the instruction do not reside in memory is reserved; such use may cause unpredictable behavior.

 

*** in addition to the above, there is the VEX prefix, and the Haswell and later processors TSX and RTM prefix code sequence that would otherwise be meaningless REP?? sequences.

Jim Dempsey

Leave a Comment

Please sign in to add a comment. Not a member? Join today