search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* remove "\r" nonsense
[mascara-docs.git] / i386 / i386.reference / CALL.htm
blob7e291ef2a9cbcdb9ae4e9b1d9a2988c8cc875bac
1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2 <HTML>
3 <HEAD>
4 <TITLE>80386 Programmer's Reference Manual -- Opcode CALL</TITLE>
5 </HEAD>
6 <BODY>
7 <B>up:</B> <A HREF="c17.htm">
8 Chapter 17 -- 80386 Instruction Set</A><BR>
9 <B>prev:</B><A HREF="BTS.htm"> BTS Bit Test and Set</A><BR>
10 <B>next:</B><A HREF="CBW.htm"> CBW/CWDE Convert Byte to Word/Convert Word to Doubleword</A>
11 <P>
12 <HR>
13 <P>
14 <H1>CALL -- Call Procedure</H1>
15
16 <PRE>
17 Opcode Instruction Clocks
18 Values of ts are given by the following table:
19
20 New Task
21 386 TSS 386 TSS 286 TSS
22 Old VM = 0 VM = 1
23 Task Via Task Gate?
24
25 N Y N Y N Y
26
27 386 300 309 217 226 273 282
28 TSS VM=0
29
30 286 298 307 217 226 273 282
31
32
33 TSS Description
34
35 E8 cw CALL rel16 7+m Call near, displacement relative
36 to next instruction
37 FF /2 CALL r/m16 7+m/10+m Call near, register
38 indirect/memory indirect
39 9A cd CALL ptr16:16 17+m,pm=34+m Call intersegment, to full
40 pointer given
41 9A cd CALL ptr16:16 pm=52+m Call gate, same privilege
42 9A cd CALL ptr16:16 pm=86+m Call gate, more privilege, no
43 parameters
44 9A cd CALL ptr16:16 pm=94+4x+m Call gate, more privilege, x
45 parameters
46 9A cd CALL ptr16:16 ts Call to task
47 FF /3 CALL m16:16 22+m,pm=38+m Call intersegment, address at
48 r/m dword
49 FF /3 CALL m16:16 pm=56+m Call gate, same privilege
50 FF /3 CALL m16:16 pm=90+m Call gate, more privilege, no
51 parameters
52 FF /3 CALL m16:16 pm=98+4x+m Call gate, more privilege, x
53 parameters
54 FF /3 CALL m16:16 5 + ts Call to task
55 E8 cd CALL rel32 7+m Call near, displacement relative
56 to next instruction
57 FF /2 CALL r/m32 7+m/10+m Call near, indirect
58 9A cp CALL ptr16:32 17+m,pm=34+m Call intersegment, to full
59 pointer given
60 9A cp CALL ptr16:32 pm=52+m Call gate, same privilege
61 9A cp CALL ptr16:32 pm=86+m Call gate, more privilege, no
62 parameters
63 9A cp CALL ptr32:32 pm=94+4x+m Call gate, more privilege, x
64 parameters
65 9A cp CALL ptr16:32 ts Call to task
66 FF /3 CALL m16:32 22+m,pm=38+m Call intersegment, address at
67 r/m dword
68 FF /3 CALL m16:32 pm=56+m Call gate, same privilege
69 FF /3 CALL m16:32 pm=90+m Call gate, more privilege, no
70 parameters
71 FF /3 CALL m16:32 pm=98+4x+m Call gate, more privilege, x
72 parameters
73 FF /3 CALL m16:32 5 + ts Call to task
74 </PRE>
75
76 <EM>
77 <H3>Note</H3>
78 Values of ts are given by the following table:
79
80 <PRE>
81 New Task
82 386 TSS 386 TSS 286 TSS
83 Old VM = 0 VM = 1
84 Task Via Task Gate?
85
86 N Y N Y N Y
87
88 386 300 309 217 226 273 282
89 TSS VM=0
90
91 286 298 307 217 226 273 282
92 TSS
93 </PRE>
94 </EM>
95
96 <H2>Operation</H2>
97
98 <PRE>
99 IF rel16 or rel32 type of call
100 THEN (* near relative call *)
101 IF OperandSize = 16
102 THEN
103 Push(IP);
104 EIP := (EIP + rel16) AND 0000FFFFH;
105 ELSE (* OperandSize = 32 *)
106 Push(EIP);
107 EIP := EIP + rel32;
108 FI;
109 FI;
110
111 IF r/m16 or r/m32 type of call
112 THEN (* near absolute call *)
113 IF OperandSize = 16
114 THEN
115 Push(IP);
116 EIP := [r/m16] AND 0000FFFFH;
117 ELSE (* OperandSize = 32 *)
118 Push(EIP);
119 EIP := [r/m32];
120 FI;
121 FI;
122
123 IF (PE = 0 OR (PE = 1 AND VM = 1))
124 (* real mode or virtual 8086 mode *)
125 AND instruction = far CALL
126 (* i.e., operand type is m16:16, m16:32, ptr16:16, ptr16:32 *)
127 THEN
128 IF OperandSize = 16
129 THEN
130 Push(CS);
131 Push(IP); (* address of next instruction; 16 bits *)
132 ELSE
133 Push(CS); (* padded with 16 high-order bits *)
134 Push(EIP); (* address of next instruction; 32 bits *)
135 FI;
136 IF operand type is m16:16 or m16:32
137 THEN (* indirect far call *)
138 IF OperandSize = 16
139 THEN
140 CS:IP := [m16:16];
141 EIP := EIP AND 0000FFFFH; (* clear upper 16 bits *)
142 ELSE (* OperandSize = 32 *)
143 CS:EIP := [m16:32];
144 FI;
145 FI;
146 IF operand type is ptr16:16 or ptr16:32
147 THEN (* direct far call *)
148 IF OperandSize = 16
149 THEN
150 CS:IP := ptr16:16;
151 EIP := EIP AND 0000FFFFH; (* clear upper 16 bits *)
152 ELSE (* OperandSize = 32 *)
153 CS:EIP := ptr16:32;
154 FI;
155 FI;
156 FI;
157
158 IF (PE = 1 AND VM = 0) (* Protected mode, not V86 mode *)
159 AND instruction = far CALL
160 THEN
161 If indirect, then check access of EA doubleword;
162 #GP(0) if limit violation;
163 New CS selector must not be null else #GP(0);
164 Check that new CS selector index is within its
165 descriptor table limits; else #GP(new CS selector);
166 Examine AR byte of selected descriptor for various legal values;
167 depending on value:
168 go to CONFORMING-CODE-SEGMENT;
169 go to NONCONFORMING-CODE-SEGMENT;
170 go to CALL-GATE;
171 go to TASK-GATE;
172 go to TASK-STATE-SEGMENT;
173 ELSE #GP(code segment selector);
174 FI;
175
176 CONFORMING-CODE-SEGMENT:
177 DPL must be <= CPL ELSE #GP(code segment selector);
178 Segment must be present ELSE #NP(code segment selector);
179 Stack must be big enough for return address ELSE #SS(0);
180 Instruction pointer must be in code segment limit ELSE #GP(0);
181 Load code segment descriptor into CS register;
182 Load CS with new code segment selector;
183 Load EIP with zero-extend(new offset);
184 IF OperandSize=16 THEN EIP := EIP AND 0000FFFFH; FI;
185
186 NONCONFORMING-CODE-SEGMENT:
187 RPL must be <= CPL ELSE #GP(code segment selector)
188 DPL must be = CPL ELSE #GP(code segment selector)
189 Segment must be present ELSE #NP(code segment selector)
190 Stack must be big enough for return address ELSE #SS(0)
191 Instruction pointer must be in code segment limit ELSE #GP(0)
192 Load code segment descriptor into CS register
193 Load CS with new code segment selector
194 Set RPL of CS to CPL
195 Load EIP with zero-extend(new offset);
196 IF OperandSize=16 THEN EIP := EIP AND 0000FFFFH; FI;
197
198 CALL-GATE:
199 Call gate DPL must be >= CPL ELSE #GP(call gate selector)
200 Call gate DPL must be >= RPL ELSE #GP(call gate selector)
201 Call gate must be present ELSE #NP(call gate selector)
202 Examine code segment selector in call gate descriptor:
203 Selector must not be null ELSE #GP(0)
204 Selector must be within its descriptor table
205 limits ELSE #GP(code segment selector)
206 AR byte of selected descriptor must indicate code
207 segment ELSE #GP(code segment selector)
208 DPL of selected descriptor must be <= CPL ELSE
209 #GP(code segment selector)
210 IF non-conforming code segment AND DPL < CPL
211 THEN go to MORE-PRIVILEGE
212 ELSE go to SAME-PRIVILEGE
213 FI;
214
215 MORE-PRIVILEGE:
216 Get new SS selector for new privilege level from TSS
217 Check selector and descriptor for new SS:
218 Selector must not be null ELSE #TS(0)
219 Selector index must be within its descriptor
220 table limits ELSE #TS(SS selector)
221 Selector's RPL must equal DPL of code segment
222 ELSE #TS(SS selector)
223 Stack segment DPL must equal DPL of code
224 segment ELSE #TS(SS selector)
225 Descriptor must indicate writable data segment
226 ELSE #TS(SS selector)
227 Segment present ELSE #SS(SS selector)
228 IF OperandSize=32
229 THEN
230 New stack must have room for parameters plus 16 bytes
231 ELSE #SS(0)
232 EIP must be in code segment limit ELSE #GP(0)
233 Load new SS:eSP value from TSS
234 Load new CS:EIP value from gate
235 ELSE
236 New stack must have room for parameters plus 8 bytes ELSE #SS(0)
237 IP must be in code segment limit ELSE #GP(0)
238 Load new SS:eSP value from TSS
239 Load new CS:IP value from gate
240 FI;
241 Load CS descriptor
242 Load SS descriptor
243 Push long pointer of old stack onto new stack
244 Get word count from call gate, mask to 5 bits
245 Copy parameters from old stack onto new stack
246 Push return address onto new stack
247 Set CPL to stack segment DPL
248 Set RPL of CS to CPL
249
250 SAME-PRIVILEGE:
251 IF OperandSize=32
252 THEN
253 Stack must have room for 6-byte return address (padded to 8 bytes)
254 ELSE #SS(0)
255 EIP must be within code segment limit ELSE #GP(0)
256 Load CS:EIP from gate
257 ELSE
258 Stack must have room for 4-byte return address ELSE #SS(0)
259 IP must be within code segment limit ELSE #GP(0)
260 Load CS:IP from gate
261 FI;
262 Push return address onto stack
263 Load code segment descriptor into CS register
264 Set RPL of CS to CPL
265
266 TASK-GATE:
267 Task gate DPL must be >= CPL ELSE #TS(gate selector)
268 Task gate DPL must be >= RPL ELSE #TS(gate selector)
269 Task Gate must be present ELSE #NP(gate selector)
270 Examine selector to TSS, given in Task Gate descriptor:
271 Must specify global in the local/global bit ELSE #TS(TSS selector)
272 Index must be within GDT limits ELSE #TS(TSS selector)
273 TSS descriptor AR byte must specify nonbusy TSS
274 ELSE #TS(TSS selector)
275 Task State Segment must be present ELSE #NP(TSS selector)
276 SWITCH-TASKS (with nesting) to TSS
277 IP must be in code segment limit ELSE #TS(0)
278
279 TASK-STATE-SEGMENT:
280 TSS DPL must be >= CPL else #TS(TSS selector)
281 TSS DPL must be >= RPL ELSE #TS(TSS selector)
282 TSS descriptor AR byte must specify available TSS
283 ELSE #TS(TSS selector)
284 Task State Segment must be present ELSE #NP(TSS selector)
285 SWITCH-TASKS (with nesting) to TSS
286 IP must be in code segment limit ELSE #TS(0)
287 </PRE>
288
289 <H2>Description</H2>
290
291 The CALL instruction causes the procedure named in the operand to be
292 executed. When the procedure is complete (a return instruction is executed
293 within the procedure), execution continues at the instruction that follows
294 the CALL instruction.
295 <P>
296 The action of the different forms of the instruction are described below.
297 <P>
298 <STRONG>Near calls</STRONG>
299 are those with destinations of type r/m16, r/m32, rel16, rel32;
300 changing or saving the segment register value is not necessary. The CALL
301 rel16 and CALL rel32 forms add a signed offset to the address of the
302 instruction following CALL to determine the destination. The rel16 form is
303 used when the instruction's operand-size attribute is 16 bits; rel32 is used
304 when the operand-size attribute is 32 bits. The result is stored in the
305 32-bit EIP register. With rel16, the upper 16 bits of EIP are cleared,
306 resulting in an offset whose value does not exceed 16 bits. CALL r/m16 and
307 CALL r/m32 specify a register or memory location from which the absolute
308 segment offset is fetched. The offset fetched from r/m is 32 bits for an
309 operand-size attribute of 32 (r/m32), or 16 bits for an operand-size of 16
310 (r/m16). The offset of the instruction following CALL is pushed onto the
311 stack. It will be popped by a near
312 <A HREF="RET.htm">RET</A> instruction within the procedure. The
313 CS register is not changed by this form of CALL.
314 <P>
315 The <STRONG>far calls</STRONG>,
316 CALL ptr16:16 and CALL ptr16:32, use a four-byte or six-byte
317 operand as a long pointer to the procedure called. The CALL m16:16 and
318 m16:32 forms fetch the long pointer from the memory location
319 specified (indirection). In Real Address Mode or Virtual 8086 Mode, the long
320 pointer provides 16 bits for the CS register and 16 or 32 bits for the EIP
321 register (depending on the operand-size attribute). These forms of the
322 instruction push both CS and IP or EIP as a return address.
323 <P>
324 In Protected Mode, both long pointer forms consult the AR byte in the
325 descriptor indexed by the selector part of the long pointer. Depending on
326 the value of the AR byte, the call will perform one of the following types
327 of control transfers:
328 <UL>
329 <LI> A far call to the same protection level
330 <LI> An inter-protection level far call
331 <LI> A task switch
332 </UL>
333
334 For more information on Protected Mode control transfers, refer to
335 <A HREF="c06.htm">Chapter 6</A> and <A HREF="c07.htm">Chapter 7</A>.
336
337 <H2>Flags Affected</H2>
338
339 All flags are affected if a task switch occurs; no flags are affected if a
340 task switch does not occur
341
342 <H2>Protected Mode Exceptions</H2>
343
344 For <STRONG>far calls</STRONG>:
345 #GP, #NP, #SS, and #TS, as indicated in the list above
346 <P>
347 For <STRONG>near direct calls</STRONG>:
348 #GP(0) if procedure location is beyond the code
349 segment limits; #SS(0) if pushing the return address exceeds the bounds of
350 the stack segment; #PF (fault-code) for a page fault
351
352 For a <STRONG>near indirect call</STRONG>:
353 #GP(0) for an illegal memory operand effective
354 address in the CS, DS, ES, FS, or GS segments; #SS(0) for an illegal address
355 in the SS segment; #GP(0) if the indirect offset obtained is beyond the code
356 segment limits; #PF(fault-code) for a page fault
357
358 <H2>Real Address Mode Exceptions</H2>
359
360 Interrupt 13 if any part of the operand would lie outside of the effective
361 address space from 0 to 0FFFFH
362
363 <H2>Virtual 8086 Mode Exceptions</H2>
364
365 Same exceptions as in Real Address Mode; #PF(fault-code) for a page fault
366
367 <H2>Notes</H2>
368
369 Any far call from a 32-bit code segment to 16-bit code segments should be
370 made from the first 64K bytes of the 32-bit code segment, since the
371 operand-size attribute of the instruction is set to 16, thus allowing only a
372 16-bit return address offset to be saved.
373
374
375 <P>
376 <HR>
377 <P>
378 <B>up:</B> <A HREF="c17.htm">
379 Chapter 17 -- 80386 Instruction Set</A><BR>
380 <B>prev:</B><A HREF="BTS.htm"> BTS Bit Test and Set</A><BR>
381 <B>next:</B><A HREF="CBW.htm"> CBW/CWDE Convert Byte to Word/Convert Word to Doubleword</A>
382 </BODY>