The Intel® 64 and IA-32 Software Developer's Manual, Volume 2A, Section 3.1.1.1 mentions the notation ct to denote a 10-byte value following the opcode. I am however unable to find any instruction which is annotated with it. Am I missing something or are there no instructions taking a 10-byte immediate value?
Which x86 instruction has a 10-byte immediate?
Asked Answered
As far as I know, there is no such instruction.
There are no instructions that take floating-point immediates, especially not x87 10-byte long double, so it's definitely not a TBYTE FP operand.
32-bit has jmp ptr16:32 and call, absolute direct far jump with a 6-byte immediate destination (cp). But x86-64 doesn't have an encoding for call or jmp ptr16:64. (Only memory-indirect with a 10-byte seg:offset loaded from memory).
@Harold says the EA and 9A opcodes (direct far jmp/call) in 64-bit mode fault as an illegal instruction even if they're 7 bytes before an inaccessible page, rather than trying to read a 10-byte immediate an faulting with an Access Violation)
@Matteo notes that regular immediates use ib / iw / id / io. (For example, mov r64, imm64 REX.W + B8 + rd io.) Intel's manual for the moffs forms of MOV only lists the opcode, not the 8-byte immediate absolute address format.
Anyway cp is a 6-byte seg:ptr32 pair, used for jmp/call encodings. cd is a 4-byte seg:ptr16. x86 doesn't have an absolute direct near jump, so we can't see if co would be used for that.
It seems likely that ct was just added to the manual by someone who forgot that jmp ptr16:64 didn't exist, or in case they ever wanted to describe something like that outside of an instruction format. IDK if it gets used in the description of a data in memory in some other section of Intel's manual, but there are no instructions I'm aware of that have 10 bytes of immediate data.
The most is 8, for mov r64, imm64 or movabs [mem], al/ax/eax/rax (or the load form). Also many instructions can have an imm32 and a disp32, but that's two separate values.
But how does that make it "complete"? One possibility is that there is an undocumented instruction that takes a 10-byte immediate. –
Epicarp
@HadiBrais: reworded to what I meant to say. –
Boulevard
Thanks! That is also my conclusion. We might never know whether it was originally intended to be used for an instruction that never made it to the official instruction set. –
Newsstand
@Trillian: happened to be looking at this Q&A again. Remember that AMD designed AMD64. When Intel was documenting IA-32e / Intel64 / whatever else they call it, they mostly weren't making up new instructions. Intel does of course make new extensions to the x86 ISA, and could have added a
jmp ptr16:64 opcode for 64-bit mode, or some other thing, when they were implementing x86-64. But it probably wouldn't get any use over something that works on all x86-64 CPUs including AMD's. –
Boulevard © 2022 - 2024 — McMap. All rights reserved.
jmp ptr16:64encoding, only for 16 and 32-bit mode likejmp ptr16:32. x86-64 only has indirect far jmp with the seg:offset from memory. – Boulevardcpthat is a 6-byte value; immediates use a different notation (ib,iw,id,io). BTW, even theco(8 byte sequence) value seem to be unused. I agree however that it probably is just for the sake of completeness. – Huertasmov r,i64, i.e. instructions like48 b8 ef cd ab 89 67 45 23 01. – Mantineaio, notco, formov r64, imm64. – Boulevardcois also unused. That makes it more likely that the notation only exists for completeness' sake. – Newsstand