X86 Assembly/Control Flow
Almost all programming languages have the ability to change the order in which statements are evaluated, and assembly is no exception. The instruction pointer (EIP) register contains the address of the next instruction to be executed. To change the flow of control, the programmer must be able to modify the value of EIP. This is where control flow functions come in.
mov eip, label ; wrong jmp label ; right
Contents |
[edit] Comparison Instructions
| test arg1, arg2 | GAS Syntax |
| test arg2, arg1 | Intel syntax |
Performs a bit-wise AND on the two operands and sets the flags, but does not store a result.
| cmp arg1, arg2 | GAS Syntax |
| cmp arg2, arg1 | Intel syntax |
Performs a subtraction between the two operands and sets the flags, but does not store a result.
[edit] Jump Instructions
The jump instructions allow the programmer to (indirectly) set the value of the EIP register. The location passed as the argument is usually a label. The first instruction executed after the jump is the instruction immediately following the label. All of the jump instructions, with the exception of jmp, are conditional jumps, meaning that program flow is diverted only if a condition is true. These instructions are often used after a comparison instruction (see above), but since many other instructions set flags, this order is not required.
See X86_Assembly/X86_Architecture#EFLAGS_Register for more information about the flags and their meaning.
[edit] Unconditional Jumps
jmp loc
Loads EIP with the specified address (i.e. the next instruction executed will be the one specified by jmp).
[edit] Jump on Equality
je loc
ZF = 1
Loads EIP with the specified address, if operands of previous CMP instruction are equal. For example:
mov ecx, 5 mov edx, 5 cmp ecx, edx je equal ; if it did not jump to the label equal, then this means 5 and 5 are not equal. equal: ; if it jumped here, then this means 5 and 5 are equal
[edit] Jump on Inequality
jne loc
ZF = 0
Loads EIP with the specified address, if operands of previous CMP instruction are not equal.
[edit] Jump if Greater
jg loc
ZF = 0 and SF = OF
Loads EIP with the specified address, if first operand of previous CMP instruction is greater than the second (performs signed comparison).
jge loc
SF = OF
Loads EIP with the specified address, if first operand of previous CMP instruction is greater than or equal to the second (performs signed comparison).
ja loc
CF = 0 and ZF = 0
Loads EIP with the specified address, if first operand of previous CMP instruction is greater than the second. ja is the same as jg, except that it performs an unsigned comparison.
jae loc
CF = 0
Loads EIP with the specified address, if first operand of previous CMP instruction is greater than or equal to the second. jae is the same as jge, except that it performs an unsigned comparison.
[edit] Jump if Less
jl loc
SF != OF
Loads EIP with the specified address, if first operand of previous CMP instruction is less than the second (performs signed comparison).
jle loc
ZF = 1 or SF != OF
Loads EIP with the specified address, if first operand of previous CMP instruction is less than or equal to the second (performs signed comparison).
jb loc
CF = 1
Loads EIP with the specified address, if first operand of previous CMP instruction is less than the second. jb is the same as jl, except that it performs an unsigned comparison.
jbe loc
CF = 1 or ZF = 1
Loads EIP with the specified address, if first operand of previous CMP instruction is less than or equal to the second. jbe is the same as jle, except that it performs an unsigned comparison.
[edit] Jump on Overflow
jo loc
OF = 1
Loads EIP with the specified address, if the overflow bit is set on a previous arithmetic expression.
jno loc
OF = 0
Loads EIP with the specified address, if the overflow bit is not set on a previous arithmetic expression.
[edit] Jump on Zero
jz loc
ZF = 1
Loads EIP with the specified address, if the zero bit is set from a previous arithmetic expression. jz is identical to je.
jnz loc
ZF = 0
Loads EIP with the specified address, if the zero bit is not set from a previous arithmetic expression. jnz is identical to jne.
[edit] Function Calls
call proc
Pushes the address of the next opcode onto the top of the stack, and jumps to the specified location. This is used mostly for subroutines.
ret [val]
Loads the next value on the stack into EIP, and then pops the stack the specified number of times. If val is not supplied, the instruction will not pop any values off the stack after returning.
[edit] Loop Instructions
loop arg
The loop instruction decrements ECX and jumps to the address specified by arg unless decrementing ECX caused its value to become zero. For example:
mov ecx, 5 start_loop: ; the code here would be executed 5 times loop start_loop
loop does not set any flags.
loopx arg
These loop instructions decrement ECX and jump to the address specified by arg if their condition is satisfied (that is, a specific flag is set), unless decrementing ECX caused its value to become zero.
loopeloop if equalloopneloop if not equalloopnzloop if not zeroloopzloop if zero
[edit] Enter and Leave
enter arg
Creates a stack frame with the specified amount of space allocated on the stack.
leave
destroys the current stack frame, and restores the previous frame
[edit] Other Control Instructions
hlt
Halts the processor. Execution will be resumed after processing next hardware interrupt, unless IF is cleared.
nop
No operation. This instruction doesn't do anything, but wastes an instruction cycle in the processor. This instruction is often represented as an XCHG operation with the operands EAX and EAX.
lock
Asserts #LOCK prefix on next instruction.
wait
Waits for the FPU to finish its last calculation.
