hw/i386.reference/JMP.htm

   1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   2 <HTML>
   3 <HEAD>
   4 <TITLE>80386 Programmer's Reference Manual -- Opcode JMP</TITLE>
   5 </HEAD>
   6 <BODY>
   7 <B>up:</B> <A HREF="c17.htm">
   8 Chapter 17 -- 80386 Instruction Set</A><BR>
   9 <B>prev:</B><A HREF="Jcc.htm"> Jcc Jump if Condition is Met</A><BR>
  10 <B>next:</B><A HREF="LAHF.htm"> LAHF Load Flags into AH Register</A>
  11 <P>
  12 <HR>
  13 <P>
  14 <H1>JMP -- Jump</H1>
  15
  16
  17 <PRE>
  18 Opcode    Instruction     Clocks          Description
  19
  20 EB  cb    JMP rel8        7+m             Jump short
  21 E9  cw    JMP rel16       7+m             Jump near, displacement relative
  22                                           to next instruction
  23 FF  /4    JMP r/m16       7+m/10+m        Jump near indirect
  24 EA  cd    JMP ptr16:16    12+m,pm=27+m    Jump intersegment, 4-byte
  25                                           immediate address
  26 EA  cd    JMP ptr16:16    pm=45+m         Jump to call gate, same
  27                                           privilege
  28 EA  cd    JMP ptr16:16    ts              Jump via task state segment
  29 EA  cd    JMP ptr16:16    ts              Jump via task gate
  30 FF  /5    JMP m16:16      43+m,pm=31+m    Jump r/m16:16 indirect and
  31                                           intersegment
  32 FF  /5    JMP m16:16      pm=49+m         Jump to call gate, same
  33                                           privilege
  34 FF  /5    JMP m16:16      5 + ts          Jump via task state segment
  35 FF  /5    JMP m16:16      5 + ts          Jump via task gate
  36 E9  cd    JMP rel32       7+m             Jump near, displacement relative
  37                                           to next instruction
  38 FF  /4    JMP r/m32       7+m,10+m        Jump near, indirect
  39 EA  cp    JMP ptr16:32    12+m,pm=27+m    Jump intersegment, 6-byte
  40                                           immediate address
  41 EA  cp    JMP ptr16:32    pm=45+m         Jump to call gate, same
  42                                           privilege
  43 EA  cp    JMP ptr16:32    ts              Jump via task state segment
  44 EA  cp    JMP ptr16:32    ts              Jump via task gate
  45 FF  /5    JMP m16:32      43+m,pm=31+m    Jump intersegment, address at
  46                                           r/m dword
  47 FF  /5    JMP m16:32      pm=49+m         Jump to call gate, same
  48                                           privilege
  49 FF  /5    JMP m16:32      5 + ts          Jump via task state segment
  50 FF  /5    JMP m16:32      5 + ts          Jump via task gate
  51 </PRE>
  52
  53 <EM>
  54 <H3>Note</H3>
  55 Values of ts are given by the following table:
  56
  57 <PRE>
  58                                New Task
  59
  60                 386 TSS       386 TASK       286 TSS
  61                 VM = 0        VM = 1
  62
  63 Old Task                   Via Task Gate?
  64
  65                 N     Y       N      Y       N     Y
  66 386
  67 TSS VM=0       303   312     220    229     276   285
  68
  69 286
  70 TSS            301   310     218    227     274   283
  71 </PRE>
  72 </EM>
  73
  74
  75 <H2>Operation</H2>
  76
  77 <PRE>
  78 IF instruction = relative JMP
  79    (* i.e. operand is rel8, rel16, or rel32 *)
  80 THEN
  81    EIP := EIP + rel8/16/32;
  82    IF OperandSize = 16
  83    THEN EIP := EIP AND 0000FFFFH;
  84    FI;
  85 FI;
  86 IF instruction = near indirect JMP
  87    (* i.e. operand is r/m16 or r/m32 *)
  88 THEN
  89    IF OperandSize = 16
  90    THEN
  91       EIP := [r/m16] AND 0000FFFFH;
  92    ELSE (* OperandSize = 32 *)
  93       EIP := [r/m32];
  94    FI;
  95 FI;
  96
  97 IF (PE = 0 OR (PE = 1 AND VM = 1)) (* real mode or V86 mode *)
  98    AND instruction = far JMP
  99    (* i.e., operand type is m16:16, m16:32, ptr16:16, ptr16:32 *)
 100 THEN GOTO REAL-OR-V86-MODE;
 101    IF operand type = m16:16 or m16:32
 102    THEN (* indirect *)
 103       IF OperandSize = 16
 104       THEN
 105          CS:IP := [m16:16];
 106          EIP := EIP AND 0000FFFFH; (* clear upper 16 bits *)
 107       ELSE (* OperandSize = 32 *)
 108          CS:EIP := [m16:32];
 109       FI;
 110    FI;
 111    IF operand type = ptr16:16 or ptr16:32
 112    THEN
 113       IF OperandSize = 16
 114       THEN
 115          CS:IP := ptr16:16;
 116          EIP := EIP AND 0000FFFFH; (* clear upper 16 bits *)
 117       ELSE (* OperandSize = 32 *)
 118          CS:EIP := ptr16:32;
 119       FI;
 120    FI;
 121 FI;
 122
 123 IF (PE = 1 AND VM = 0) (* Protected mode, not V86 mode *)
 124    AND instruction = far JMP
 125 THEN
 126    IF operand type = m16:16 or m16:32
 127    THEN (* indirect *)
 128       check access of EA dword;
 129       #GP(0) or #SS(0) IF limit violation;
 130    FI;
 131    Destination selector is not null ELSE #GP(0)
 132    Destination selector index is within its descriptor table limits ELSE
 133 #GP(selector)
 134    Depending on AR byte of destination descriptor:
 135       GOTO CONFORMING-CODE-SEGMENT;
 136       GOTO NONCONFORMING-CODE-SEGMENT;
 137       GOTO CALL-GATE;
 138       GOTO TASK-GATE;
 139       GOTO TASK-STATE-SEGMENT;
 140    ELSE #GP(selector); (* illegal AR byte in descriptor *)
 141 FI;
 142
 143 CONFORMING-CODE-SEGMENT:
 144    Descriptor DPL must be <= CPL ELSE #GP(selector);
 145    Segment must be present ELSE #NP(selector);
 146    Instruction pointer must be within code-segment limit ELSE #GP(0);
 147    IF OperandSize = 32
 148    THEN Load CS:EIP from destination pointer;
 149    ELSE Load CS:IP from destination pointer;
 150    FI;
 151    Load CS register with new segment descriptor;
 152
 153 NONCONFORMING-CODE-SEGMENT:
 154    RPL of destination selector must be <= CPL ELSE #GP(selector);
 155    Descriptor DPL must be = CPL ELSE #GP(selector);
 156    Segment must be present ELSE # NP(selector);
 157    Instruction pointer must be within code-segment limit ELSE #GP(0);
 158    IF OperandSize = 32
 159    THEN Load CS:EIP from destination pointer;
 160    ELSE Load CS:IP from destination pointer;
 161    FI;
 162    Load CS register with new segment descriptor;
 163    Set RPL field of CS register to CPL;
 164
 165 CALL-GATE:
 166    Descriptor DPL must be >= CPL ELSE #GP(gate selector);
 167    Descriptor DPL must be >= gate selector RPL ELSE #GP(gate selector);
 168    Gate must be present ELSE #NP(gate selector);
 169    Examine selector to code segment given in call gate descriptor:
 170       Selector must not be null ELSE #GP(0);
 171       Selector must be within its descriptor table limits ELSE
 172          #GP(CS selector);
 173       Descriptor AR byte must indicate code segment
 174          ELSE #GP(CS selector);
 175       IF non-conforming
 176       THEN code-segment descriptor, DPL must = CPL
 177       ELSE #GP(CS selector);
 178       FI;
 179       IF conforming
 180       THEN code-segment descriptor DPL must be <= CPL;
 181       ELSE #GP(CS selector);
 182       Code segment must be present ELSE #NP(CS selector);
 183       Instruction pointer must be within code-segment limit ELSE #GP(0);
 184       IF OperandSize = 32
 185       THEN Load CS:EIP from call gate;
 186       ELSE Load CS:IP from call gate;
 187       FI;
 188    Load CS register with new code-segment descriptor;
 189    Set RPL of CS to CPL
 190
 191 TASK-GATE:
 192    Gate descriptor DPL must be >= CPL ELSE #GP(gate selector);
 193    Gate descriptor DPL must be >= gate selector RPL ELSE #GP(gate
 194      selector);
 195    Task Gate must be present ELSE #NP(gate selector);
 196    Examine selector to TSS, given in Task Gate descriptor:
 197    Must specify global in the local/global bit ELSE #GP(TSS selector);
 198    Index must be within GDT limits ELSE #GP(TSS selector);
 199    Descriptor AR byte must specify available TSS (bottom bits 00001);
 200       ELSE #GP(TSS selector);
 201    Task State Segment must be present ELSE #NP(TSS selector);
 202 SWITCH-TASKS (without nesting) to TSS;
 203 Instruction pointer must be within code-segment limit ELSE #GP(0);
 204
 205 TASK-STATE-SEGMENT:
 206    TSS DPL must be >= CPL ELSE #GP(TSS selector);
 207    TSS DPL must be >= TSS selector RPL ELSE #GP(TSS selector);
 208    Descriptor AR byte must specify available TSS (bottom bits 00001)
 209       ELSE #GP(TSS selector);
 210    Task State Segment must be present ELSE #NP(TSS selector);
 211    SWITCH-TASKS (without nesting) to TSS;
 212    Instruction pointer must be within code-segment limit ELSE #GP(0);
 213 </PRE>
 214
 215 <H2>Description</H2>
 216
 217 The JMP instruction transfers control to a different point in the
 218 instruction stream without recording return information.
 219 <P>
 220 The action of the various forms of the instruction are shown below.
 221 <P>
 222 Jumps with destinations of type r/m16, r/m32, rel16, and rel32 are near
 223 jumps and do not involve changing the segment register value.
 224 <P>
 225 The JMP rel16 and JMP rel32 forms of the instruction add an offset to
 226 the address of the instruction following the JMP to determine the
 227 destination. The rel16 form is used when the instruction's operand-size
 228 attribute is 16 bits (segment size attribute 16 only); rel32 is used when
 229 the operand-size attribute is 32 bits (segment size attribute 32 only). The
 230 result is stored in the 32-bit EIP register. With rel16, the upper 16 bits
 231 of EIP are cleared, which results in an offset whose value does not exceed
 232 16 bits.
 233 <P>
 234 JMP r/m16 and JMP r/m32 specifies a register or memory location from which
 235 the absolute offset from the procedure is fetched. The offset fetched from
 236 r/m is 32 bits for an operand-size attribute of 32 bits (r/m32), or 16 bits
 237 for an operand-size attribute of 16 bits (r/m16).
 238 <P>
 239 The JMP ptr16:16 and ptr16:32 forms of the instruction use a four-byte
 240 or six-byte operand as a long pointer to the destination. The JMP
 241 and  forms fetch the long pointer from the memory location
 242 specified (indirection). In Real Address Mode or Virtual 8086 Mode,
 243 the long pointer provides 16 bits for the CS register and 16 or 32 bits
 244 for the EIP register (depending on the operand-size attribute). In
 245 Protected Mode, both long pointer forms consult the Access Rights (AR)
 246 byte in the descriptor indexed by the selector part of the long pointer.
 247 <P>
 248 Depending on the value of the AR byte, the jump will perform one of
 249 the following types of control transfers:
 250 <UL>
 251  <LI> A jump to a code segment at the same privilege level
 252  <LI> A task switch
 253 </UL>
 254
 255 For more information on protected mode control transfers, refer to
 256 <A HREF="c06.htm">Chapter 6</A> and <A HREF="c07.htm">Chapter 7</A>.
 257
 258 <H2>Flags Affected</H2>
 259
 260 All if a task switch takes place; none if no task switch occurs
 261
 262 <H2>Protected Mode Exceptions</H2>
 263
 264 Far jumps: #GP, #NP, #SS, and #TS, as indicated in the list above.
 265 <P>
 266 Near direct jumps: #GP(0) if procedure location is beyond the code
 267 segment limits.
 268 <P>
 269 Near indirect jumps: #GP(0) for an illegal memory operand effective
 270 address in the CS, DS, ES, FS, or GS segments: #SS(0) for an illegal
 271 address in the SS segment; #GP if the indirect offset obtained is beyond
 272 the code segment limits; #PF(fault-code) for a page fault.
 273
 274 <H2>Real Address Mode Exceptions</H2>
 275
 276 Interrupt 13 if any part of the operand would be outside of the effective
 277 address space from 0 to 0FFFFH
 278
 279 <H2>Virtual 8086 Mode Exceptions</H2>
 280
 281 Same exceptions as under Real Address Mode; #PF(fault-code) for a
 282 page fault
 283
 284
 285 <P>
 286 <HR>
 287 <P>
 288 <B>up:</B> <A HREF="c17.htm">
 289 Chapter 17 -- 80386 Instruction Set</A><BR>
 290 <B>prev:</B><A HREF="Jcc.htm"> Jcc Jump if Condition is Met</A><BR>
 291 <B>next:</B><A HREF="LAHF.htm"> LAHF Load Flags into AH Register</A>
 292 </BODY>