It's not a big secret that x86 (and x86_64) processors have not only the single-byte NOP instruction, but also various types of multi-byte NOP-like instructions.
These are the ones I've managed to find:
Recommended by AMD, ref. AMD Software Optimization Guide for AMD Family 15h Processors, document #47414, section 5.8 "Code Padding with Operand-Size Override and Multibyte NOP", page 94)
90 NOP1_OVERRIDE_NOP
6690 NOP2_OVERRIDE_NOP
0f1f00 NOP3_OVERRIDE_NOP
0f1f4000 NOP4_OVERRIDE_NOP
0f1f440000 NOP5_OVERRIDE_NOP
660f1f440000 NOP6_OVERRIDE_NOP
0f1f8000000000 NOP7_OVERRIDE_NOP
0f1f840000000000 NOP8_OVERRIDE_NOP
660f1f840000000000 NOP9_OVERRIDE_NOP
66660f1f840000000000 NOP10_OVERRIDE_NOP
6666660f1f840000000000 NOP11_OVERRIDE_NOP
Recommended by Intel, ref. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 2B: Instruction Set Reference, N-Z, section "NOP"
90 NOP
6690 66 NOP
0f1f00 NOP DWORD ptr [EAX]
0f1f4000 NOP DWORD ptr [EAX + 00H]
0f1f440000 NOP DWORD ptr [EAX + EAX*1 + 00H]
660f1f440000 66 NOP DWORD ptr [EAX + EAX*1 + 00H]
0f1f8000000000 NOP DWORD ptr [EAX + 00000000H]
0f1f840000000000 NOP DWORD ptr [EAX + EAX*1 + 00000000H]
660f1f840000000000 66 NOP DWORD ptr [EAX + EAX*1 + 00000000H]
GNU assembler (in binutils / gas) includes the following patterns:
f32 (older Intel-compatible CPUs up to Pentium):
90 nop
6690 xchg %ax,%ax
8d7600 leal 0(%esi),%esi
8d742600 leal 0(%esi,1),%esi
908d742600 nop; leal 0(%esi,1),%esi
8db600000000 leal 0L(%esi),%esi
8db42600000000 leal 0L(%esi,1),%esi
908db42600000000 nop; leal 0L(%esi,1),%esi
89f68dbc2700000000 movl %esi,%esi; leal 0L(%edi,1),%edi
8d76008dbc2700000000 leal 0(%esi),%esi; leal 0L(%edi,1),%edi
8d7426008dbc2700000000 leal 0(%esi,1),%esi; leal 0L(%edi,1),%edi
8db6000000008dbf00000000 leal 0L(%esi),%esi; leal 0L(%edi),%edi
8db6000000008dbc2700000000 leal 0L(%esi),%esi; leal 0L(%edi,1),%edi
8db426000000008dbc2700000000 leal 0L(%esi,1),%esi; leal 0L(%edi,1),%edi
alt (for modern CPUs, same for Intel & AMD):
0f1f00 nopl (%[re]ax)
0f1f4000 nopl 0(%[re]ax)
0f1f440000 nopl 0(%[re]ax,%[re]ax,1)
660f1f440000 nopw 0(%[re]ax,%[re]ax,1)
0f1f8000000000 nopl 0L(%[re]ax)
0f1f840000000000 nopl 0L(%[re]ax,%[re]ax,1)
660f1f840000000000 nopw 0L(%[re]ax,%[re]ax,1)
662e0f1f840000000000 nopw %cs:0L(%[re]ax,%[re]ax,1)
alt_short (for modern AMD family CPUs):
0f1f440000660f1f440000 nopl 0(%[re]ax,%[re]ax,1); nopw 0(%[re]ax,%[re]ax,1)
660f1f440000660f1f440000 nopw 0(%[re]ax,%[re]ax,1); nopw 0(%[re]ax,%[re]ax,1)
660f1f4400000f1f8000000000 nopw 0(%[re]ax,%[re]ax,1); nopl 0L(%[re]ax)
0f1f80000000000f1f8000000000 nopl 0L(%[re]ax); nopl 0L(%[re]ax)
0f1f80000000000f1f840000000000 nopl 0L(%[re]ax); nopl 0L(%[re]ax,%[re]ax,1)
alt_long (for modern Intel family CPUs):
66662e0f1f840000000000 data16; nopw %cs:0L(%[re]ax,%[re]ax,1)
6666662e0f1f840000000000 data16; data16; nopw %cs:0L(%[re]ax,%[re]ax,1)
666666662e0f1f840000000000 data16; data16; data16; nopw %cs:0L(%[re]ax,%[re]ax,1)
66666666662e0f1f840000000000 data16; data16; data16; data16; nopw %cs:0L(%[re]ax,%[re]ax,1)
6666666666662e0f1f840000000000 data16; data16; data16; data16; data16; nopw %cs:0L(%[re]ax,%[re]ax,1)
My question is the following: is there any widespread / common naming for all these byte sequences, as macros, pseudo-mnemonics, or anything like that? So far I've only found that:
- AMD recommends to name them
NOPx_OVERRIDE_NOP(x= byte length). - gas understands
nopw(as 2 byte nop) andnopl(as 4 byte nop)
How modern disassemblers tend to output these values?
Related, but not duplicate question: What does NOPL do in x86 system?
alignpads with 0s (and that's perfectly understandable - you won't want to pad with anything else in non-code section, for example). So far I've found only nasm feature request about proposedcaligndirective to do that, but as far as I can see it never seen the light of the day. – TyrontyroneGASall the alignment directives (.align,.p2align,.balign) work like this when used in code sections. As you said,nasmseems to be missing this feature. – AnastasioNOP1,NOP2, ..NOP9, see euroassembler.eu/eadoc/#InsEnhNOP – Leoine