What does NOPL do in x86 system?

Asked 24/9, 2012 at 5:47 Answered 13/10, 2013 at 5:8

what is the function of NOPL in x86 machine? It feels like it doesn't do anything, but why is it always in the assembly code?

Toxin answered 24/9, 2012 at 5:47 Comment(4)

You ask "why is it always in the assembly code?" - normally you don't find lots of NOPs in assembly code. Does some specific code you're looking at have lots of NOPs? – Mockingbird 24/9, 2012 at 5:57

Man, I wish I could "feel" what code does! – Laborer 24/9, 2012 at 9:59

stackoverflow.com/questions/6776385/… – Norton 25/9, 2012 at 12:8

nopw: stackoverflow.com/questions/4798356/… – Kastner 2/12, 2018 at 20:6

NOP is a one-byte "do nothing" operation, quite literally "no operation". NOPW, NOPL, etc.. are the equivalent do-nothings, but take up word and long-sized bytes.

e.g.

NOP // 1byte opcode
NOP // 1byte opcode

is equivalent to doing

NOPW // 2byte opcode.

They're very handy for padding things out so a code sequence begins on a particular memory boundary, by taking up a few bytes of instruction space, yet not actually doing anything.

NOP's sole effect on the CPU is to increment IP/EIP by 1. The NOPx equivalents will do so by 2, 4, etc...

Ramentum answered 24/9, 2012 at 5:49 Comment(9)

I never heard about the operation NOPW and NOPL in the instruction set of an x86.. nor they appear in the Intel Instruction Set Reference :) Maybe you're mixing up different architectures – Servia 24/9, 2012 at 8:20

@Servia smells like AT&T syntax to me – Viyella 24/9, 2012 at 9:31

@Viyella Don't know.. gcc complains if I use nopw/nopl instead of nop – Servia 24/9, 2012 at 10:0

@Servia did you give it an operand? – Viyella 24/9, 2012 at 10:24

@JaggedO'Neill ok that's weird, and unfortunately I don't really have a clue where it's documented (if anywhere..) – Viyella 25/9, 2012 at 9:39

@Jack: On the X86, NOP is merely an alias for "XCHG AX,AX" since that's a single-cycle instruction with no effect beyond incrementing IP. There are a number of two-byte instructions that could serve that purpose, including those that would move a register to itself (the opcode which represents MOV AX,AX in some contexts would represent MOV EAX,EAX in others, but in either case the sole effect would be to IP by two). – Inborn 30/7, 2015 at 18:33

Be aware that you can't "just" pick an apparently idempotent operation. XCHG AX,AX and XCHG BX,BX are not identical. The first is the official NOP and does not cause a data dependency. – Crocker 17/5, 2016 at 15:8

U would need these instructions not only for padding stuff. When u need to implement a timer value that waits EXACTLY 1 second f.e. you will need to consider clockspeed and lenghts of the opearations that form your "shell"(usually a loop of some kind), and then fill the rest with operations that exactly add up to reach to 1 second (that is without interupts ofc). The nop operations comes in handy here – Viscount 17/9, 2019 at 20:3

@Servia "Intel did not document the NOPL instruction for the i686, yet all their 686 processors happened to implement it" – Bangkok 15/6, 2021 at 23:26

According to John Fremlin's blog: Operands to NOP on AMD64, nopw, nopl etc. are gas syntax, not AT&T syntax.

Below are instruction encodings generated by gas for different nop's from gas source for instruction lengths from 3 to 15 bytes. Note that some are the same as Intel's recommended nop forms (see below), but not all. In particular, in longer nop's gas uses multiple (up to 5) consecutive 0x66 operand prefixes in different nop forms, whereas Intel's recommended nop forms never use more than one 0x66 operand prefix in any single recommended nop instruction.

nop encodings from the source code for gas 2.30 (reformatted for readability):

/* nopl (%[re]ax) */
static const unsigned char alt_3[] = {0x0f,0x1f,0x00};
/* nopl 0(%[re]ax) */
static const unsigned char alt_4[] = {0x0f,0x1f,0x40,0x00};
/* nopl 0(%[re]ax,%[re]ax,1) */
static const unsigned char alt_5[] = {0x0f,0x1f,0x44,0x00,0x00};
/* nopw 0(%[re]ax,%[re]ax,1) */
static const unsigned char alt_6[] = {0x66,0x0f,0x1f,0x44,0x00,0x00};
/* nopl 0L(%[re]ax) */
static const unsigned char alt_7[] = {0x0f,0x1f,0x80,0x00,0x00,0x00,0x00};
/* nopl 0L(%[re]ax,%[re]ax,1) */
static const unsigned char alt_8[] = {0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00};
/* nopw 0L(%[re]ax,%[re]ax,1) */
static const unsigned char alt_9[] =
  {0x66,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00};
/* nopw %cs:0L(%[re]ax,%[re]ax,1) */
static const unsigned char alt_10[] =
  {0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00};
static const unsigned char *const alt_patt[] = {
  f32_1, f32_2, alt_3, alt_4, alt_5, alt_6, alt_7, alt_8,
  alt_9, alt_10
};

Intel uses different syntax, and there are nop's available for all instruction lengths from 1 to 9 bytes. There are several different nop's, as all nop's longer than two bytes accept 1 operand. One-byte nop (0x90) is synonymous with xchg (e)ax,(e)ax.

Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 2 (2A, 2B & 2C): Instruction Set Reference, A-Z, CHAPTER 4: INSTRUCTION SET REFERENCE, M-Z lists recommended nop forms for different instructions lengths:

Table 4-12. Recommended Multi-Byte Sequence of NOP Instruction

Length   Assembly                                   Byte Sequence
2 bytes  66 NOP                                     66 90H
3 bytes  NOP DWORD ptr [EAX]                        0F 1F 00H
4 bytes  NOP DWORD ptr [EAX + 00H]                  0F 1F 40 00H
5 bytes  NOP DWORD ptr [EAX + EAX*1 + 00H]          0F 1F 44 00 00H
6 bytes  66 NOP DWORD ptr [EAX + EAX*1 + 00H]       66 0F 1F 44 00 00H
7 bytes  NOP DWORD ptr [EAX + 00000000H]            0F 1F 80 00 00 00 00H
8 bytes  NOP DWORD ptr [EAX + EAX*1 + 00000000H]    0F 1F 84 00 00 00 00 00H
9 bytes  66 NOP DWORD ptr [EAX + EAX*1 + 00000000H] 66 0F 1F 84 00 00 00 00 00H

So in addition to these nop's recommended by Intel, there are many other nop's too. In addition to aligning an instruction to a specific memory boundary, as Marc B mentions in his answer, nop's are also very useful in self-modifying code, debugging and reverse-engineering.

Lachman answered 24/9, 2012 at 11:23 Comment(2)

Notice that on amd64, nop is no longer synonymous with xchg eax,eax. nop does not zero out the top 32 bits of eax, but xchg eax,eax does. – Kinder 4/1, 2015 at 16:40

Indeed, if you assemble xchg eax,eax for x86-64, it has to use the 2-byte opcode+modrm encoding (87 C0), because 0x90 doesn't have the side-effect on RAX. But xchg eax, ecx can still assemble to 0x91 - only 0x90 specifically is taken over by nop felixcloutier.com/x86/nop. But xchg rax,rax and xchg ax,ax can still use REX.W or 66 90 because they have no architectural effect. godbolt.org/z/xn5nKnWT6 – Keyes 17/5, 2021 at 18:27

Actually, NOP will be used in the assembly code when the code need to be patched.

Because the size of the new instructions may be different to that of the old ones, padding is needed.

The padding instruction should act as the same as NOP, although it may occupy several bytes.

The reason that we insert a more complex instruction, like 66 90, instead of several NOPs, is one instruction generally executes more quickly than several NOPs.

Hutchings answered 13/10, 2013 at 5:8 Comment(1)

I do not know how many people patch their code in this way, even in 2013... That was really old school, like 1980s or so. Today, it's really just for patching so things are aligned. – Leucomaine 5/3, 2023 at 20:17

Recommended topics

Hot tags