Which x86 instruction has a 10-byte immediate?

Question

The Intel® 64 and IA-32 Software Developer's Manual, Volume 2A, Section 3.1.1.1 mentions the notation ct to denote a 10-byte value following the opcode. I am however unable to find any instruction which is annotated with it. Am I missing something or are there no instructions taking a 10-byte immediate value?

Answer 1

As far as I know, there is no such instruction.

There are no instructions that take floating-point immediates, especially not x87 10-byte long double, so it's definitely not a TBYTE FP operand.

32-bit has jmp ptr16:32 and call, absolute direct far jump with a 6-byte immediate destination (cp). But x86-64 doesn't have an encoding for call or jmp ptr16:64. (Only memory-indirect with a 10-byte seg:offset loaded from memory).

@Harold says the EA and 9A opcodes (direct far jmp/call) in 64-bit mode fault as an illegal instruction even if they're 7 bytes before an inaccessible page, rather than trying to read a 10-byte immediate an faulting with an Access Violation)

---

@Matteo notes that regular immediates use ib / iw / id / io. (For example, mov r64, imm64 REX.W + B8 + rd io.) Intel's manual for the moffs forms of MOV only lists the opcode, not the 8-byte immediate absolute address format.

Anyway cp is a 6-byte seg:ptr32 pair, used for jmp/call encodings. cd is a 4-byte seg:ptr16. x86 doesn't have an absolute direct near jump, so we can't see if co would be used for that.

It seems likely that ct was just added to the manual by someone who forgot that jmp ptr16:64 didn't exist, or in case they ever wanted to describe something like that outside of an instruction format. IDK if it gets used in the description of a data in memory in some other section of Intel's manual, but there are no instructions I'm aware of that have 10 bytes of immediate data.

The most is 8, for mov r64, imm64 or movabs [mem], al/ax/eax/rax (or the load form). Also many instructions can have an imm32 and a disp32, but that's two separate values.