Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is LEA the only instruction in x86 with a memory operand that doesn't access memory?

Tags:

x86

assembly

memory-access

instructions

I'm using libdis, the x86 disassembler library from the bastard, and I'm trying to find out which instructions access memory.

With reference to these two instructions:

mov eax, [ebx + 10]
lea eax, [ebx + 10]

In libdis, both are listed with instruction type insn_mov, and the address operands have the same flags in both cases. So the only way I can tell if memory is accessed is to look at the instruction mnemonic.

Hence my question: is LEA the only instruction using a memory operand that doesn't actually access memory? Any links to references would be nice.

like image 896
Daniel Hanrahan Avatar asked Dec 16 '13 23:12

Daniel Hanrahan

People also ask

What is Lea in assembly x86?

The lea instruction places the address specified by its first operand into the register specified by its second operand. Note, the contents of the memory location are not loaded, only the effective address is computed and placed into the register.

What is the purpose of LEA instruction?

The LEA (Load Effective Address) instruction is a way of obtaining the address which arises from any of the Intel processor's memory addressing modes. it moves the contents of the designated memory location into the target register.

Does Lea write to memory?

The lea instruction ("load effective address") takes the memory address of the first value and adds it to the second value - which may be multiplied. It then loads that memory address into a given register.

What is the purpose of LEA instruction in 8086?

LEA − Used to load the address of operand into the provided register. LES − Used to load ES register and other provided register from the memory.

2 Answers

The prefetch family of instructions (prefetcht1, prefetcht2, prefetcht3, prefetchnta) ask the processor to go and pull those memory lines into cache because they will be needed soon. But, Intel's documentation makes it clear that no faults can result from a bad address passed to prefetch. This is so that software can pass potentially out-of-bound addresses to prefetch without checking them first, so that the data can be in-flight while those checks are performed.

Prefetches also don't have an 'output', unlike LEA.

like image 52
SoapBox Avatar answered Sep 27 '22 18:09

SoapBox

Intel has a multi-byte "NOP" instruction with opcode 0F 1F /0 that takes memory addressing operands. From Intel's manual:

The multi-byte NOP instruction does not alter the content of a register and will not issue a memory operation

The discussion in comments is about putting the opcode byte of a nop at the end of an unmapped page, and code fetch faulting if it can't read a complete instruction including the ModR/M and displacement bytes. That's orthogonal to this question.

You can think of long-NOP as working as follows:

  • Instruction decoding hardware knows how to find the end of an instruction that takes a ModRM (which implies optional SIB and/or displacement).
  • Based on that opcode specifically being a NOP, the rest of the CPU doesn't do anything with the addressing mode encoded by the ModRM.

This makes it possible for software to encode multi-byte NOPs by using a variety of addressing modes and prefixes. The CPU can be designed to handle it without needing any special hardware beyond recognizing one more opcode as a nop. The overall instruction format is the same as most.

like image 44
Ira Baxter Avatar answered Sep 27 '22 19:09

Ira Baxter
Sign in to Comment

Related questions

Why do we need to compile for different platforms (e.g. Windows/Linux)?
How do i read single character input from keyboard using nasm (assembly) under ubuntu?
how to count cycles?
Removing the prologue of a function written in pure assembly
Calculate system time using rdtsc
Key concepts to learn in Assembly
Assembly fast division by 2
LOCK prefix of Intel instruction. What is the point?
Why is the dividend 64 bits in x86 assembly?
Why does gcc push %rbx at the beginning of main?
Goto a specific Address in C
Why can I access lower dword/word/byte in a register but not higher?
Reading an integer into a local variable in MIPS
What are some ways you can manage large-scale assembly language projects?
Is it possible to put assembly instructions into CUDA code?
Is x86 32-bit assembly code valid x86 64-bit assembly code?
What does the GCC error message, "Error: unsupported for `mov'", mean?
How can I view assembly code produced for C functions? [duplicate]
What's the difference between using int 0x20 and int 0x21 / ah=0x4C to exit a 16-bit assembly program?
How to access more than 4 arguments in an ARM assembly function?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!