Upstream version 11.39.250.0

[platform/framework/web/crosswalk.git] / src / native_client / src / trusted / validator_ragel / instruction_definitions / general_purpose_instructions.def

# Copyright (c) 2012 The Native Client Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
################################################################################
# This file describes instructions from AMD64 Architecture Programmer's Manual
#                               Volume 3: General-Purpose and System Instruction
#                               Chapter 3: General-Purpose Instruction Reference
################################################################################
# File format: see def_format.py
######## ADC ###################################################################
# "adc" is not marked as nacl-amd64-zero-extends since borrows/carries should
# not be need when calculating an address.
adc I a, 0x14
adc I E, 0x80 /2, lock
adc Ib Ev, 0x83 /2, lock
adc G E, 0x10, lock
adc E G, 0x12
######## ADD ###################################################################
add I a, 0x04, nacl-amd64-zero-extends
add I E, 0x80 /0, lock nacl-amd64-zero-extends
add Ib Ev, 0x83 /0, lock nacl-amd64-zero-extends
add G E, 0x00, lock nacl-amd64-zero-extends
add E G, 0x02, nacl-amd64-zero-extends
######## AND ###################################################################
and I a, 0x24, nacl-amd64-zero-extends
and I E, 0x80 /4, lock nacl-amd64-zero-extends
and Ib Ev, 0x83 /4, lock nacl-amd64-zero-extends
and G E, 0x20, lock nacl-amd64-zero-extends
and E G, 0x22, nacl-amd64-zero-extends
######## ANDN ##################################################################
andn Ey By Gy, 0xc4 RXB.02 W.src1.0.00 0xf2, CPUFeature_BMI1
######## BEXTR #################################################################
bextr By Ey Gy, 0xc4 RXB.02 W.cntl.0.00 0xf7, CPUFeature_BMI1
bextr Id Ey Gy, 0x8f RXB.0A W.1111.0.00 0x10, CPUFeature_BMI1
######## BLCFILL ###############################################################
# "blcfill" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
blcfill Ey By, 0x8f RXB.09 W.dest.0.00 0x01 /1, CPUFeature_TBM
######## BLCI ##################################################################
# "blci" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
blci Ey By, 0x8f RXB.09 W.dest.0.00 0x02 /6, CPUFeature_TBM
######## BLCIC #################################################################
# "blcic" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
blcic Ey By, 0x8f RXB.09 W.dest.0.00 0x01 /5, CPUFeature_TBM
######## BLCMSK ################################################################
# "blcmsk" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
blcmsk Ey By, 0x8f RXB.09 W.dest.0.00 0x02 /1, CPUFeature_TBM
######## BLCS ##################################################################
# "blcs" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
blcs Ey By, 0x8f RXB.09 W.dest.0.00 0x01 /3, CPUFeature_TBM
######## BLSFILL ###############################################################
# "blsfill" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
blsfill Ey By, 0x8f RXB.09 W.dest.0.00 0x01 /2, CPUFeature_TBM
######## BLSI ##################################################################
# "blsi" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
blsi Ey By, 0xc4 RXB.02 W.dest.0.00 0xf3 /3, CPUFeature_BMI1
######## BLSIC #################################################################
# "blsic" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
blsic Ey By, 0x8f RXB.09 W.dest.0.00 0x01 /6, CPUFeature_TBM
######## BLSMSK ################################################################
# "blsmsk" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
blsmsk Ey By, 0xc4 RXB.02 W.dest.0.00 0xf3 /2, CPUFeature_BMI1
######## BLSR ##################################################################
# "blsr" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
blsr Ey By, 0xc4 RXB.02 W.dest.0.00 0xf3 /1, CPUFeature_BMI1
######## BSF ###################################################################
# Textbook definition of "bsf" as per AMD/Intel manuals looks like this:
#  bsf Ev Gv, 0x0f 0xbc
# For consistency with the production validators, drop support for the 16-bit
#  version of "bsf" in ia32 mode.
# Note that the former 32- and 64-bit validators treat "bsf" inconsistently:
#  http://code.google.com/p/nativeclient/issues/detail?id=2972
#
# "bsf" is not marked as nacl-amd64-zero-extends because it does not always
# writes to it's second operand:
#  http://code.google.com/p/nativeclient/issues/detail?id=2010
bsf Ew Gw, data16 0x0f 0xbc, norexw nacl-ia32-forbidden
bsf Ed Gd, 0x0f 0xbc, norexw
bsf Eq Gq, rexw 0x0f 0xbc, amd64
bsf Eq Gq, data16 rexw 0x0f 0xbc, amd64 nacl-forbidden
######## BSR ###################################################################
# Textbook definition of "bsr" as per AMD/Intel manuals looks like this:
#  bsr Ev Gv, 0x0f 0xbd
# For consistency with the production validators, drop support for the 16-bit
#  version of "bsr" in ia32 mode.
# Note that the former 32- and 64-bit validators treat "bsr" inconsistently:
#  http://code.google.com/p/nativeclient/issues/detail?id=2973
#
# "bsr" is not marked as nacl-amd64-zero-extends because it does not always
# writes to it's second operand:
#  http://code.google.com/p/nativeclient/issues/detail?id=2010
bsr Ew Gw, data16 0x0f 0xbd, norexw nacl-ia32-forbidden
bsr Ed Gd, 0x0f 0xbd, norexw
bsr Eq Gq, rexw 0x0f 0xbd, amd64
bsr Eq Gq, data16 rexw 0x0f 0xbd, amd64 nacl-forbidden
######## BSWAP #################################################################
# "bswap" is not marked as nacl-amd64-zero-extends because we don't really think
# that swapping the bottom bytes is a good thing to do to mask a memory
# reference.
bswap ry, 0x0f 0xc8
######## BT ####################################################################
#   bt <register>, <memory>
# is unsafe in 64-bit mode, because <register> could be
# 64-bit.
#   bt <immediate>, <whatever>
# only uses few least significant bits of <immediate>, so it's safe.
# Moreover, it's necessary to test higher bits of 64-bit operands
# (which can't be done with test instruction), so it's the only form that is
# allowed.
bt Gv =Ev, 0x0f 0xa3, nacl-forbidden
bt Ib =Ev, 0x0f 0xba /4, nacl-ia32-forbidden
######## BTC ###################################################################
# "btc" is not marked as nacl-amd64-zero-extends out of caution.  We assume that
# this instruction is used for bit manipulation rather than computing viable
# addresses.
# Also, see comment for bt.
btc Gv Ev, 0x0f 0xbb, lock nacl-forbidden
btc Ib Ev, 0x0f 0xba /7, lock nacl-ia32-forbidden
######## BTR ###################################################################
# "btr" is not marked as nacl-amd64-zero-extends out of caution.  We assume that
# this instruction is used for bit manipulation rather than computing viable
# addresses.
# Also, see comment for bt.
btr Gv Ev, 0x0f 0xb3, lock nacl-forbidden
btr Ib Ev, 0x0f 0xba /6, lock nacl-ia32-forbidden
######## BTS ###################################################################
# "bts" is not marked as nacl-amd64-zero-extends out of caution.  We assume that
# this instruction is used for bit manipulation rather than computing viable
# addresses.
# Also, see comment for bt.
bts Gv Ev, 0x0f 0xab, lock nacl-forbidden
bts Ib Ev, 0x0f 0xba /5, lock nacl-ia32-forbidden
######## CALL (Near) ###########################################################
call Jw, data16 0xe8, att-show-name-suffix-w nacl-forbidden
call Jd, 0xe8, ia32
call Jd, 0xe8, amd64 att-show-name-suffix-q nacl-amd64-modifiable
call Jd, data16 rexw 0xe8, amd64 att-show-name-suffix-q nacl-forbidden
# "call" does not require rex prefix and always uses 64bit addresses in x86-64
# mode unless data16 prefix is used.  We use simple solution: 16bit call is
# declared as common for 32bit/64bit mode and 32bit/64bit versions are described
# separately.
call Ew, data16 0xff /2, norexw att-show-name-suffix-w nacl-forbidden
call Ed, 0xff /2, ia32 nacl-forbidden
call Eq, 0xff /2, amd64 att-show-name-suffix-q nacl-forbidden
call Eq, data16 rexw 0xff /2, amd64 att-show-name-suffix-q nacl-forbidden
######## CALL (Far) ############################################################
# "lcall" does not require rex prefix and always uses 64bit addresses in x86-64
# mode unless data16 prefix is used.  We use simple solution: 16bit call is
# declared as common for 32bit/64bit mode and 32bit/64bit versions are described
# separately.
lcall Mp, data16 0xff /3, norexw att-show-name-suffix-w nacl-forbidden
lcall Mp, 0xff /3, ia32 nacl-forbidden
lcall Mp, 0xff /3, amd64 att-show-name-suffix-q nacl-forbidden
lcall Mp, data16 rexw 0xff /3, amd64 att-show-name-suffix-q nacl-forbidden
######## CBW/CWDE/CDQE #########################################################
cwtl, 0x98, norexw
cbtw, data16 0x98, norexw
cltq, data16 rexw 0x98, amd64 nacl-forbidden
cltq, rexw 0x98, amd64
######## CWD/CDQ/CQO ###########################################################
cltd, 0x99, norexw
cwtd, data16 0x99, norexw
cqto, data16 rexw 0x99, amd64 nacl-forbidden
cqto, rexw 0x99, amd64
######## CLC ###################################################################
clc, 0xf8
######## CLD ###################################################################
cld, 0xfc
######## CLFLUSH ###############################################################
# clflush disabled because it is unused and may potentially be unsafe.
# see: https://code.google.com/p/nativeclient/issues/detail?id=3944
clflush Mb, 0x0f 0xae /7, CPUFeature_CLFLUSH nacl-forbidden
######## CMC ###################################################################
cmc, 0xf5
######## CMOVCC ################################################################
# "cmovcc" instructions are not marked as nacl-amd64-zero-extends out of caution.
# AMD/Intel manual state that these instrucitons always zero extends 32 bit
# register results to 64 bits, and that this occurs even if the condition is
# false. However, we decided to be safe and omit these instructions anyway.
cmova Ev Gv, 0x0f 0x47, CPUFeature_CMOV
cmovae Ev Gv, 0x0f 0x43, CPUFeature_CMOV
cmovbe Ev Gv, 0x0f 0x46, CPUFeature_CMOV
cmovb Ev Gv, 0x0f 0x42, CPUFeature_CMOV
cmove Ev Gv, 0x0f 0x44, CPUFeature_CMOV
cmovg Ev Gv, 0x0f 0x4f, CPUFeature_CMOV
cmovge Ev Gv, 0x0f 0x4d, CPUFeature_CMOV
cmovle Ev Gv, 0x0f 0x4e, CPUFeature_CMOV
cmovl Ev Gv, 0x0f 0x4c, CPUFeature_CMOV
cmovne Ev Gv, 0x0f 0x45, CPUFeature_CMOV
cmovno Ev Gv, 0x0f 0x41, CPUFeature_CMOV
cmovnp Ev Gv, 0x0f 0x4b, CPUFeature_CMOV
cmovns Ev Gv, 0x0f 0x49, CPUFeature_CMOV
cmovo Ev Gv, 0x0f 0x40, CPUFeature_CMOV
cmovp Ev Gv, 0x0f 0x4a, CPUFeature_CMOV
cmovs Ev Gv, 0x0f 0x48, CPUFeature_CMOV
######## CMP ###################################################################
cmp I =a, 0x3c
cmp I =E, 0x80 /7
cmp Ib =Ev, 0x83 /7
cmp G =E, 0x38
cmp E =G, 0x3a
######## CMPS/CMPSB/CMPSW/CMPSD/CMPSQ ##########################################
cmps Y X, 0xa6, condrep nacl-amd64-forbidden
######## CMPXCHG ###############################################################
# Textbook definition of "cmpxchg" as per AMD/Intel manuals looks like this:
#  cmpxchg G E, 0x0f 0xb0, lock
# For consistency with the production validators:
#  * treat both explicit arguments as read-write
#  * drop support for the 16-bit version
# Note1: "cmpxchg" indeed writes to two arguments, but these areguments are
#  implicit %al/%ax/%eax/%rax and second explicit argument.  First explicit
#  argument is read-only.
# Note2: the former 32- and 64-bit validators treat "cmpxchg" inconsistently:
#  http://code.google.com/p/nativeclient/issues/detail?id=2974
#
# "cmpxchg" is not marked as nacl-amd64-zero-extends because it conditionally
# writes to different destinations.
cmpxchg &Gb Eb, 0x0f 0xb0, lock
cmpxchg &Gw Ew, data16 0x0f 0xb1, norexw lock nacl-ia32-forbidden
cmpxchg &Gd Ed, 0x0f 0xb1, norexw lock
cmpxchg &Gq Eq, rexw 0x0f 0xb1, amd64 lock
cmpxchg &Gq Eq, data16 rexw 0x0f 0xb1, amd64 lock nacl-forbidden
######## CMPXCHG8B/CMPXCHG16B ##################################################
cmpxchg8b Mq, 0x0f 0xc7 /1, norexw lock CPUFeature_CX8
cmpxchg16b Mo, rexw 0x0f 0xc7 /1, amd64 lock CPUFeature_CX16
######## CPUID #################################################################
# "cpuid" is not marked as nacl-amd64-zero-extends just because it shouldn't be.
cpuid, 0x0f 0xa2
######## CRC32 #################################################################
# In principle, this instruction can be defined as
#   crc32b E Gy, 0xf2 0x0f 0x38 0xf0, CPUFeature_SSE42
# but first, it's somewhat counterintuitive how splitting can produce the
# following five variations, so it's better to make it explicit, and second,
# rules to determine what suffix instruction name is followed with, special
# treatment would be required (for compatibility with objdump).
# Note: crc32 Ew Gd is disallowed for consistency with old validator, see
#  https://code.google.com/p/nativeclient/issues/detail?id=3356
crc32b Eb Gd, 0xf2 0x0f 0x38 0xf0, norexw CPUFeature_SSE42
crc32b Eb Gq, rexw 0xf2 0x0f 0x38 0xf0, amd64 CPUFeature_SSE42
crc32w Ew Gd, data16 0xf2 0x0f 0x38 0xf1, norexw CPUFeature_SSE42 nacl-forbidden
crc32l Ed Gd, 0xf2 0x0f 0x38 0xf1, norexw CPUFeature_SSE42
crc32q Eq Gq, rexw 0xf2 0x0f 0x38 0xf1, amd64 CPUFeature_SSE42
######## DEC ###################################################################
dec E, 0xfe /1, lock nacl-amd64-zero-extends
dec rz, 0x48, ia32
######## DIV ###################################################################
# "div" is not marked as nacl-amd64-zero-extends because we never allowed it.
div =E, 0xf6 /6
######## ENTER #################################################################
# Enter is safe in amd64 mode, but it's safety relies on minute details of
# implementation which can be changed in the future thus we prefer to disable
# it.  It's uncoditionally safe in ia32 mode as per the textbook definition in
# AMD/Intel manual but it does complex manipulations and is very rarely used
# (GCC, in particular, never uses it).  As a rule we don't allow complex and
# rarely used instructions such as "aaa" or "bound".  Disable it for now.
enter Iw =ib, 0xc8, ia32 nacl-forbidden
enter Iw =ib, 0xc8, amd64 att-show-name-suffix-q nacl-forbidden
######## IDIV ##################################################################
# "idiv" is not marked as nacl-amd64-zero-extends because we never allowed it.
idiv =E, 0xf6 /7
######## IMUL ##################################################################
imul =E, 0xf6 /5
imul Ev Gv, 0x0f 0xaf, nacl-amd64-zero-extends
imul Ib Ev Gv, 0x6b, nacl-amd64-zero-extends
imul Iz Ev Gv, 0x69, nacl-amd64-zero-extends
######## IN ####################################################################
# "in" is not marked as nacl-amd64-zero-extends just because it shouldn't be.
in Ib ab, 0xe4, nacl-forbidden
in Ib az, 0xe5, nacl-forbidden
in ob ab, 0xec, nacl-forbidden
in oz az, 0xed, nacl-forbidden
######## INC ###################################################################
inc E, 0xfe /0, lock nacl-amd64-zero-extends
inc rz, 0x40, ia32
######## INS/INSB/INSW/INSD ####################################################
ins ob Yb, 0x6c, rep att-show-name-suffix-b nacl-forbidden
ins ow Yw, data16 0x6d, rep att-show-name-suffix-w nacl-forbidden
ins od Yd, 0x6d, rep att-show-name-suffix-l nacl-forbidden
ins od Yd, rexw 0x6d, amd64 rep att-show-name-suffix-l nacl-forbidden
ins od Yd, data16 rexw 0x6d, amd64 rep att-show-name-suffix-l nacl-forbidden
######## INT ###################################################################
int =Ib, 0xcd, nacl-forbidden
######## JCXZ/JECXZ/JRCXZ ######################################################
jecxz Jb, 0xe3, ia32 branch_hint nacl-forbidden
jrcxz Jb, 0xe3, amd64 branch_hint
######## Jcc ###################################################################
ja Jb, 0x77, branch_hint
ja Jw, data16 0x0f 0x87, branch_hint nacl-forbidden
ja Jd, 0x0f 0x87, branch_hint
jae Jb, 0x73, branch_hint
jae Jw, data16 0x0f 0x83, branch_hint nacl-forbidden
jae Jd, 0x0f 0x83, branch_hint
jb Jb, 0x72, branch_hint
jb Jw, data16 0x0f 0x82, branch_hint nacl-forbidden
jb Jd, 0x0f 0x82, branch_hint
jbe Jb, 0x76, branch_hint
jbe Jw, data16 0x0f 0x86, branch_hint nacl-forbidden
jbe Jd, 0x0f 0x86, branch_hint
je Jb, 0x74, branch_hint
je Jw, data16 0x0f 0x84, branch_hint nacl-forbidden
je Jd, 0x0f 0x84, branch_hint
jg Jb, 0x7f, branch_hint
jg Jw, data16 0x0f 0x8f, branch_hint nacl-forbidden
jg Jd, 0x0f 0x8f, branch_hint
jge Jb, 0x7d, branch_hint
jge Jw, data16 0x0f 0x8d, branch_hint nacl-forbidden
jge Jd, 0x0f 0x8d, branch_hint
jl Jb, 0x7c, branch_hint
jl Jw, data16 0x0f 0x8c, branch_hint nacl-forbidden
jl Jd, 0x0f 0x8c, branch_hint
jle Jb, 0x7e, branch_hint
jle Jw, data16 0x0f 0x8e, branch_hint nacl-forbidden
jle Jd, 0x0f 0x8e, branch_hint
jne Jb, 0x75, branch_hint
jne Jw, data16 0x0f 0x85, branch_hint nacl-forbidden
jne Jd, 0x0f 0x85, branch_hint
jno Jb, 0x71, branch_hint
jno Jw, data16 0x0f 0x81, branch_hint nacl-forbidden
jno Jd, 0x0f 0x81, branch_hint
jnp Jb, 0x7b, branch_hint
jnp Jw, data16 0x0f 0x8b, branch_hint nacl-forbidden
jnp Jd, 0x0f 0x8b, branch_hint
jns Jb, 0x79, branch_hint
jns Jw, data16 0x0f 0x89, branch_hint nacl-forbidden
jns Jd, 0x0f 0x89, branch_hint
jo Jb, 0x70, branch_hint
jo Jw, data16 0x0f 0x80, branch_hint nacl-forbidden
jo Jd, 0x0f 0x80, branch_hint
jp Jb, 0x7a, branch_hint
jp Jw, data16 0x0f 0x8a, branch_hint nacl-forbidden
jp Jd, 0x0f 0x8a, branch_hint
js Jb, 0x78, branch_hint
js Jw, data16 0x0f 0x88, branch_hint nacl-forbidden
js Jd, 0x0f 0x88, branch_hint
######## JMP (Near) ############################################################
jmp Jb, 0xeb
jmp Jw, data16 0xe9, norexw att-show-name-suffix-w nacl-forbidden
jmp Jd, 0xe9, ia32
jmp Jd, 0xe9, amd64 att-show-name-suffix-q
jmp Jd, data16 rexw 0xe9, amd64 att-show-name-suffix-q nacl-forbidden
# "jmp" does not require rex prefix and always uses 64bit addresses in x86-64
# mode unless data16 prefix is used.  We use simple solution: 16bit jump is
# declared as common for 32bit/64bit mode and 32bit/64bit versions are described
# separately.
jmp Ew, data16 0xff /4, norexw att-show-name-suffix-w nacl-forbidden
jmp Ed, 0xff /4, ia32 nacl-forbidden
jmp Eq, 0xff /4, amd64 att-show-name-suffix-q nacl-forbidden
jmp Eq, data16 rexw 0xff /4, amd64 att-show-name-suffix-q nacl-forbidden
######## JMP (Far) #############################################################
# "ljmp" does not require rex prefix and always uses 64bit addresses in x86-64
# mode unless data16 prefix is used.  We use simple solution: 16bit jump is
# declared as common for 32bit/64bit mode and 32bit/64bit versions are described
# separately.
ljmp Mp, data16 0xff /5, norexw att-show-name-suffix-w nacl-forbidden
ljmp Mp, 0xff /5, ia32 nacl-forbidden
ljmp Mp, 0xff /5, amd64 att-show-name-suffix-q nacl-forbidden
ljmp Mp, data16 rexw 0xff /5, amd64 att-show-name-suffix-q nacl-forbidden
######## LAHF ##################################################################
# LAHF is always available in 16bit/32bit mode, but not always in 64bit mode
lahf, 0x9f, ia32
lahf, 0x9f, amd64 CPUFeature_LAHF
######## LDS/LES/LFS/LGS/LSS (AMD version) #####################################
# AMD manual says "executing LFS, LGS, or LSS with a 64-bit operand size only
# loads a 32-bit general purpose register and the specified segment register".
# lds Mp Gz, 0xc5, ia32 nacl-forbidden
# les Mp Gz, 0xc4, ia32 nacl-forbidden
# lfs Mp Gz, 0x0f 0xb4, nacl-forbidden
# lgs Mp Gz, 0x0f 0xb5, nacl-forbidden
# lss Mp Gz, 0x0f 0xb2, nacl-forbidden
######## LDS/LES/LFS/LGS/LSS (Intel version) ###################################
# Intel manual says: "Using a REX prefix in the form of REX.W promotes operation
# to specify a source operand referencing an 80-bit pointer (16-bit selector,
# 64-bit offset) in memory".
lds Mp Gv, 0xc5, ia32 nacl-forbidden
les Mp Gv, 0xc4, ia32 nacl-forbidden
# "lfs", "lgs", and "lss" are not marked as nacl-amd64-zero-extends because
# segment addresses shouldn't be used.
lfs Mp Gv, 0x0f 0xb4, nacl-forbidden
lgs Mp Gv, 0x0f 0xb5, nacl-forbidden
lss Mp Gv, 0x0f 0xb2, nacl-forbidden
######## LEA ###################################################################
lea 'Mv !Gv, 0x8d, no_memory_access nacl-amd64-zero-extends
######## LEAVE #################################################################
leave, 0xc9, ia32
leave, 0xc9, amd64 att-show-name-suffix-q nacl-forbidden
######## LFENCE ################################################################
lfence, 0x0f 0xae 0xe8, CPUFeature_SSE2
######## LLWPCB ################################################################
llwpcb =Ry, 0x8f RXB.09 W.1111.0.00 0x12 /0, CPUFeature_LWP
######## LODS/LODSB/LODSW/LODSD/LODSQ ##########################################
# Textbook definition of "lods[bwdq]" as per AMD/Intel manuals looks like this:
#  lods X a, 0xac, rep nacl-amd64-forbidden
# For consistency with the production validators, drop support for the "lods" in
#  ia32 mode.
# Note that the former 32- and 64-bit validators treat "lods" inconsistently:
#  http://code.google.com/p/nativeclient/issues/detail?id=2975
# It's "special" instruction in amd64 mode (and is accepted with "special"
#  sandboxing), but forbidden instruction in ia32 mode.
lods X a, 0xac, rep nacl-forbidden
######## LOOP/LOOPE/LOOPNE/LOOPNZ/LOOPZ ########################################
# Manual is quite vague WRT usability of branch prediction prefixes combined
# with "loop/loope/loopne" instructions. Old optimization manual (from P4) says
# about them the following: "These hints take the form of prefixes to any type
# of branch instruction.  Branch hints are not guaranteed to have any effect,
# and their function may vary across implementations. On the Pentium 4
# processor, branch hints are active only for relative conditional branches."
# And today's manual says:
#   - Branch hints:
#     * 2EH - Branch not taken (used only with Jcc instructions)
#     * 3EH - Branch taken (used only with Jcc instructions)
# Since they never had any effect on the code execution their usability is
# quite limited.  We disable them for now.
loop Jb, 0xe2, nacl-ia32-forbidden
loop Jb, 0xe2, branch_hint nacl-forbidden
loope Jb, 0xe1, nacl-ia32-forbidden
loope Jb, 0xe1, branch_hint nacl-forbidden
loopne Jb, 0xe0, nacl-ia32-forbidden
loopne Jb, 0xe0, branch_hint nacl-forbidden
######## LWPINS ################################################################
lwpins Id Ed =By, 0x8f RXB.0A W.src1.0.00 0x12 /0, CPUFeature_LWP
######## LWPVAL ################################################################
lwpval Id Ed =By, 0x8f RXB.0A W.src1.0.00 0x12 /1, CPUFeature_LWP
######## LZCNT #################################################################
# Textbook definition of "lzcnt" as per AMD/Intel manuals looks like this:
#   lzcnt Ev Gv, 0xf3 0x0f 0xbd, CPUFeature_LZCNT nacl-amd64-zero-extends
# "lzcnt" is not marked as nacl-amd64-zero-extends because it is unlikely to be
# useful for computing an address based on the number of leading zeros of a
# value.
# Also, since f3 opcode extension is counted as rep prefix, it is not allowed
# together with data16 prefix.
# See http://code.google.com/p/nativeclient/issues/detail?id=3076
lzcnt Ew Gw, data16 0xf3 0x0f 0xbd, norexw CPUFeature_LZCNT nacl-forbidden
lzcnt Ed Gd, 0xf3 0x0f 0xbd, norexw CPUFeature_LZCNT
lzcnt Eq Gq, rexw 0xf3 0x0f 0xbd, amd64 CPUFeature_LZCNT
lzcnt Eq Gq, data16 rexw 0xf3 0x0f 0xbd, amd64 CPUFeature_LZCNT nacl-forbidden
######## MFENCE ################################################################
mfence, 0x0f 0xae 0xf0, CPUFeature_SSE2
######## MOV ###################################################################
mov G !E, 0x88, nacl-amd64-modifiable nacl-amd64-zero-extends
mov E !G, 0x8a, nacl-amd64-modifiable nacl-amd64-zero-extends
mov Sw !Mw, 0x8c, nacl-forbidden
mov Sw !Rv, 0x8c, nacl-forbidden
mov Ew !Sw, 0x8e, nacl-forbidden
mov Ib !rb, 0xb0, nacl-amd64-modifiable nacl-amd64-zero-extends
mov Iv !rv, 0xb8, nacl-amd64-modifiable nacl-amd64-zero-extends
mov I !E, 0xc6 /0, nacl-amd64-modifiable nacl-amd64-zero-extends
mov O !a, 0xa0, ia32
mov a !O, 0xa2, ia32
movabs O !a, 0xa0, amd64 nacl-forbidden
movabs a !O, 0xa2, amd64 nacl-forbidden
######## MOVBE #################################################################
# Textbook definition of "movbe" as per AMD/Intel manuals looks like this:
#  movbe Mv Gv, 0x0f 0x38 0xf0, CPUFeature_MOVBE
#  movbe Gv Mv, 0x0f 0x38 0xf1, CPUFeature_MOVBE
# For consistency with the production validators, drop support for the 16-bit
#  version of "movbe" in ia32 mode.
# Note that the former 32- and 64-bit validators treat "movbe" inconsistently:
#  http://code.google.com/p/nativeclient/issues/detail?id=2976
movbe Mw Gw, data16 0x0f 0x38 0xf0, norexw CPUFeature_MOVBE nacl-ia32-forbidden
movbe Gw Mw, data16 0x0f 0x38 0xf1, norexw CPUFeature_MOVBE nacl-ia32-forbidden
movbe Md Gd, 0x0f 0x38 0xf0, norexw CPUFeature_MOVBE
movbe Gd Md, 0x0f 0x38 0xf1, norexw CPUFeature_MOVBE
movbe Mq Gq, rexw 0x0f 0x38 0xf0, amd64 CPUFeature_MOVBE
movbe Gq Mq, rexw 0x0f 0x38 0xf1, amd64 CPUFeature_MOVBE
movbe Mq Gq, data16 rexw 0x0f 0x38 0xf0, amd64 CPUFeature_MOVBE nacl-forbidden
movbe Gq Mq, data16 rexw 0x0f 0x38 0xf1, amd64 CPUFeature_MOVBE nacl-forbidden
######## MOVD ##################################################################
# Textbook definition of "movd" as per AMD/Intel manuals looks like this:
#  movd Ey Vy, 0x66 0x0f 0x6e, CPUFeature_SSE2
#  movd Vy Ey, 0x66 0x0f 0x7e, CPUFeature_SSE2
#  movd Ey Py, 0x0f 0x6e, CPUFeature_MMX
#  movd Py Ey, 0x0f 0x7e, CPUFeature_MMX
# Objdump names 64bit version not "movd" but movq".  We describe 32bit version
#  and 64bit version separately.
movd Ed Vq, 0x66 0x0f 0x6e, norexw CPUFeature_SSE2
movd Vq Ed, 0x66 0x0f 0x7e, norexw CPUFeature_SSE2 nacl-amd64-zero-extends
movd Ed Pq, 0x0f 0x6e, norexw CPUFeature_MMX
movd Pq Ed, 0x0f 0x7e, norexw CPUFeature_MMX nacl-amd64-zero-extends
movq Eq Vq, 0x66 rexw 0x0f 0x6e, amd64 CPUFeature_SSE2
movq Vq Eq, 0x66 rexw 0x0f 0x7e, amd64 CPUFeature_SSE2
movq Eq Pq, rexw 0x0f 0x6e, amd64 CPUFeature_MMX
movq Pq Eq, rexw 0x0f 0x7e, amd64 CPUFeature_MMX
######## MOVMSKPD ##############################################################
# Textbook definition of "movmskpd" as per AMD/Intel manuals looks like this:
#  movmskpd Upd Gd, 0x66 0x0f 0x50, CPUFeature_SSE2
# GNU as accepts this description, but objdump decodes last operand as "Gy".
# Technically it makes no difference: "movmskpd" clears everything except least
# significant two bits and this operation produces precisely idential output for
# "Gy" and "Gd" operands.  We use objdump's description.
movmskpd Upd Gy, 0x66 0x0f 0x50, CPUFeature_SSE2
######## MOVMSKPS ##############################################################
# Textbook definition of "movmskps" as per AMD/Intel manuals looks like this:
#  movmskps Ups Gd, 0x0f 0x50, CPUFeature_SSE2
# GNU as accepts this description, but objdump decodes last operand as "Gy".
# Technically it makes no difference: "movmskps" clears everything except least
# significant four bits and this operation produces precisely idential output
# for "Gy" and "Gd" operands.  We use objdump's description.
movmskps Ups Gy, 0x0f 0x50, CPUFeature_SSE
######## MOVNTI ################################################################
movnti Gy My, 0x0f 0xc3, CPUFeature_SSE2
######## MOVS/MOVSB/MOVSW/MOVSD/MOVSQ ##########################################
movs X Y, 0xa4, rep nacl-amd64-forbidden
######## MOVSX #################################################################
# Textbook definition of "movsx" as per AMD/Intel manuals looks like this:
#  movsx Eb Gv, 0x0f 0xbe
#  movsx Ew Gy, 0x0f 0xbf
# Objdump has different names for this instrustion: "movsbw", "movsbl", "movsbq",
# "movswl", "movswq" depending on operand size.  We describe 32bit versions and
# 64bit version separately.
movsbl Eb Gd, 0x0f 0xbe, norexw nacl-amd64-zero-extends
movsbq Eb Gq, rexw 0x0f 0xbe, amd64
movsbw Eb Gw, data16 0x0f 0xbe, norexw
movswl Ew Gd, 0x0f 0xbf, norexw nacl-amd64-zero-extends
movswq Ew Gq, rexw 0x0f 0xbf, amd64
movsww Ew Gw, data16 0x0f 0xbf, norexw
######## MOVSXD ################################################################
movslq Ed Gv, 0x63, amd64 nacl-amd64-zero-extends
######## MOVZX #################################################################
# Textbook definition of "movzx" as per AMD/Intel manuals looks like this:
#  movzx Eb Gv, 0x0f 0xb6
#  movzx Ew Gy, 0x0f 0xb7
# Objdump has different names for this instrustion: "movzbw", "movzbl", "movzbq",
# "movzwl", "movzwq" depending on operand size.  We describe 32bit versions and
# 64bit version separately.
movzbl Eb Gd, 0x0f 0xb6, norexw nacl-amd64-zero-extends
movzbq Eb Gq, rexw 0x0f 0xb6, amd64
movzbw Eb Gw, data16 0x0f 0xb6, norexw
movzwl Ew Gd, 0x0f 0xb7, norexw nacl-amd64-zero-extends
movzwq Ew Gq, rexw 0x0f 0xb7, amd64
movzww Ew Gw, data16 0x0f 0xb7, norexw
######## MUL ###################################################################
# "mul" is not marked as nacl-amd64-zero-extends because we never allowed it.
mul =E, 0xf6 /4
######## NEG ###################################################################
neg E, 0xf6 /3, lock nacl-amd64-zero-extends
######## NOP ###################################################################
nop, 0x90, norex
nop, 0x40 0x90, amd64 norex
"rex.W nop", 0x48 0x90, amd64 norex
# Textbook definition of "nop" as per AMD/Intel manuals looks like this:
#  nop 'Ev, 0x0f 0x1f /0, no_memory_access
# For consistency with the production validators, drop support for the 16-bit
#  version of "nop".
nop 'Rw, data16 0x0f 0x1f /0,
  no_memory_access nacl-forbidden
nop 'Mw, data16 0x0f 0x1f /0,
  no_memory_access att-show-name-suffix-w nacl-forbidden
nop 'Rd, 0x0f 0x1f /0,
  norexw no_memory_access
nop 'Md, 0x0f 0x1f /0,
  norexw att-show-name-suffix-l no_memory_access
nop 'Rq, rexw 0x0f 0x1f /0,
  amd64 no_memory_access
nop 'Mq, rexw 0x0f 0x1f /0,
  amd64 att-show-name-suffix-q no_memory_access
nop 'Rq, data16 rexw 0x0f 0x1f /0,
  amd64 no_memory_access nacl-forbidden
nop 'Mq, data16 rexw 0x0f 0x1f /0,
  amd64 no_memory_access att-show-name-suffix-q nacl-forbidden
######## NOT ###################################################################
not E, 0xf6 /2, lock nacl-amd64-zero-extends
######## OR ####################################################################
or I a, 0x0c, nacl-amd64-zero-extends
or I E, 0x80 /1, lock nacl-amd64-zero-extends
or Ib Ev, 0x83 /1, lock nacl-amd64-zero-extends
or G E, 0x08, lock nacl-amd64-zero-extends
or E G, 0x0a, nacl-amd64-zero-extends
######## OUT ###################################################################
out ab =Ib, 0xe6, nacl-forbidden
out az =Ib, 0xe7, nacl-forbidden
out ab =ob, 0xee, nacl-forbidden
out az =oz, 0xef, nacl-forbidden
######## OUTS/OUTSB/OUTSW/OUTSD ################################################
outs Xb =ob, 0x6e, rep att-show-name-suffix-b nacl-forbidden
outs Xw =ow, data16 0x6f, rep att-show-name-suffix-w nacl-forbidden
outs Xd =od, 0x6f, rep att-show-name-suffix-l nacl-forbidden
outs Xd =od, rexw 0x6f, amd64 rep att-show-name-suffix-l nacl-forbidden
outs Xd =od, data16 rexw 0x6f, amd64 rep att-show-name-suffix-l nacl-forbidden
######## PAUSE #################################################################
pause, 0xf3 0x90, norex
######## POP ###################################################################
# "pop" does not require rex prefix and always uses 64bit addresses in x86-64
# mode unless data16 prefix is used.  We use simple solution: 16bit call is
# declared as common for 32bit/64bit mode and 32bit/64bit versions are described
# separately.
pop Rw, data16 0x8f /0
pop Mw, data16 0x8f /0, att-show-name-suffix-w
pop Rr, 0x8f /0, ia32
pop Mr, 0x8f /0, ia32 att-show-name-suffix-l
pop Rr, 0x8f /0, amd64
pop Mr, 0x8f /0, amd64 att-show-name-suffix-q
pop rw, data16 0x58
pop rr, 0x58
"pop %es", 0x07, ia32 nacl-forbidden
"pop %ss", 0x17, ia32 nacl-forbidden
"pop %ds", 0x1f, ia32 nacl-forbidden
"pop %fs", 0x0f 0xa1, ia32 nacl-forbidden
"pop %gs", 0x0f 0xa9, ia32 nacl-forbidden
"popq %fs", 0x0f 0xa1, amd64 nacl-forbidden
"popq %gs", 0x0f 0xa9, amd64 nacl-forbidden
######## POPCNT ################################################################
# Textbook definition of "popcnt" as per AMD/Intel manuals looks like this:
#   popcnt Ev Gv, 0xf3 0x0f 0xb8, CPUFeature_POPCNT nacl-amd64-zero-extends
# "popcnt" is not marked as nacl-amd64-zero-extends because it is unlikely to be
# useful for computing an address based on the number of ones in a value.
# Also, since f3 opcode extension is counted as rep prefix, it is not allowed
# together with data16 prefix.
# See http://code.google.com/p/nativeclient/issues/detail?id=3076
popcnt Ew Gw, data16 0xf3 0x0f 0xb8, norexw CPUFeature_POPCNT nacl-forbidden
popcnt Ed Gd, 0xf3 0x0f 0xb8, norexw CPUFeature_POPCNT
popcnt Eq Gq, rexw 0xf3 0x0f 0xb8, amd64 CPUFeature_POPCNT
popcnt Eq Gq, data16 rexw 0xf3 0x0f 0xb8, amd64 CPUFeature_POPCNT nacl-forbidden
######## POPF/POPFD/POPFQ ######################################################
popf, data16 0x9d, norexw att-show-name-suffix-w nacl-forbidden
popf, 0x9d, ia32 nacl-forbidden
popf, 0x9d, norexw amd64 att-show-name-suffix-q nacl-forbidden
popf, data16 rexw 0x9d, amd64 att-show-name-suffix-q nacl-forbidden
######## PREFETCH/PREFETCHW ####################################################
prefetch Mb, 0x0f 0x0d /0, CPUFeature_3DPRFTCH no_memory_access
prefetchw Mb, 0x0f 0x0d /1, CPUFeature_3DPRFTCH no_memory_access
prefetch Mb, 0x0f 0x0d /2, CPUFeature_3DPRFTCH no_memory_access nacl-forbidden
# AMD manual desribes this opcode as "reserved" in one place (and clarifies that
# it's aliased to prefetch for the compatibility) and as "invalid" in another
# place.  It's textbook definition as per AMD manual looks like this:
#  prefetch Mb, 0x0f 0x0d /3, CPUFeature_3DPRFTCH no_memory_access
# For consistency with the production validators, drop support for this form of
# "prefetch" in ia32 mode but support in in amd64 mode.
# Note that the former 32- and 64-bit validators treat "prefetch" inconsistently:
#  http://code.google.com/p/nativeclient/issues/detail?id=2977
prefetch Mb, 0x0f 0x0d /3, CPUFeature_3DPRFTCH no_memory_access nacl-ia32-forbidden
prefetch Mb, 0x0f 0x0d /4, CPUFeature_3DPRFTCH no_memory_access nacl-forbidden
prefetch Mb, 0x0f 0x0d /5, CPUFeature_3DPRFTCH no_memory_access nacl-forbidden
prefetch Mb, 0x0f 0x0d /6, CPUFeature_3DPRFTCH no_memory_access nacl-forbidden
prefetch Mb, 0x0f 0x0d /7, CPUFeature_3DPRFTCH no_memory_access nacl-forbidden
######## PREFETCHlevel #########################################################
prefetchnta Mb, 0x0f 0x18 /0, CPUFeature_SSE no_memory_access
prefetcht0 Mb, 0x0f 0x18 /1, CPUFeature_SSE no_memory_access
prefetcht1 Mb, 0x0f 0x18 /2, CPUFeature_SSE no_memory_access
prefetcht2 Mb, 0x0f 0x18 /3, CPUFeature_SSE no_memory_access
# AMD manual claims this opcode is "nop".  Intel manual says it's "reserved".
# Real silicon accepts it and seemingly doing nothing.
"nop/reserved" Mb, 0x0f 0x18 /4, CPUFeature_SSE no_memory_access nacl-forbidden
"nop/reserved" Mb, 0x0f 0x18 /5, CPUFeature_SSE no_memory_access nacl-forbidden
"nop/reserved" Mb, 0x0f 0x18 /6, CPUFeature_SSE no_memory_access nacl-forbidden
"nop/reserved" Mb, 0x0f 0x18 /7, CPUFeature_SSE no_memory_access nacl-forbidden
######## PUSH ##################################################################
# "push" does not require rex prefix and always uses 64bit addresses in x86-64
# mode unless data16 prefix is used.  We use simple solution: 16bit call is
# declared as common for 32bit/64bit mode and 32bit/64bit versions are described
# separately.
push =Rw, data16 0xff /6
push =Mw, data16 0xff /6, att-show-name-suffix-w
push =Rr, 0xff /6, ia32
push =Mr, 0xff /6, ia32 att-show-name-suffix-l
push =Rr, 0xff /6, amd64
push =Mr, 0xff /6, amd64 att-show-name-suffix-q
push =rw, data16 0x50
push =rr, 0x50
push =Iw, data16 0x68, att-show-name-suffix-w
push =Id, 0x68, ia32
push =Id, 0x68, amd64 att-show-name-suffix-q
push =Id, data16 rexw 0x68, amd64 att-show-name-suffix-q nacl-forbidden
push =Ib, 0x6a, ia32
push =Ib, 0x6a, amd64 att-show-name-suffix-q
"push %es", 0x06, ia32 nacl-forbidden
"push %cs", 0x0e, ia32 nacl-forbidden
"push %ss", 0x16, ia32 nacl-forbidden
"push %ds", 0x1e, ia32 nacl-forbidden
"push %fs", 0x0f 0xa0, ia32 nacl-forbidden
"push %gs", 0x0f 0xa8, ia32 nacl-forbidden
"pushq %fs", 0x0f 0xa0, amd64 nacl-forbidden
"pushq %gs", 0x0f 0xa8, amd64 nacl-forbidden
######## PUSHF/PUSHFD/PUSHFQ ###################################################
pushf, data16 0x9c, norexw att-show-name-suffix-w nacl-forbidden
pushf, 0x9c, ia32 nacl-forbidden
pushf, 0x9c, norexw amd64 att-show-name-suffix-q nacl-forbidden
pushf, data16 rexw 0x9c, amd64 att-show-name-suffix-q nacl-forbidden
######## RCL ###################################################################
# "rcl" is not marked as nacl-amd64-zero-extends out of caution.  We assume that
# this instruction is used for bit manipulation rather than computing viable
# addresses.
rcl E, 0xd0 /2
rcl cb E, 0xd2 /2
rcl Ib E, 0xc0 /2
######## RCR ###################################################################
# "rcr" is not marked as nacl-amd64-zero-extends out of caution.  We assume that
# this instruction is used for bit manipulation rather than computing viable
# addresses.
rcr E, 0xd0 /3
rcr cb E, 0xd2 /3
rcr Ib E, 0xc0 /3
######## RET (Near) ############################################################
ret, 0xc3, rep ia32 nacl-forbidden
ret, 0xc3, rep amd64 att-show-name-suffix-q nacl-forbidden
ret =Iw, 0xc2, ia32 nacl-forbidden
ret =Iw, 0xc2, amd64 att-show-name-suffix-q nacl-forbidden
######## RET (Far) #############################################################
lret, 0xcb, norexw nacl-forbidden
lret =Iw, 0xca, norexw nacl-forbidden
lretq, rexw 0xcb, amd64 nacl-forbidden
lretq =Iw, rexw 0xca, amd64 nacl-forbidden
######## ROL ###################################################################
# "rol" is not marked as nacl-amd64-zero-extends out of caution.  We assume that
# this instruction is used for bit manipulation rather than computing viable
# addresses.
rol E, 0xd0 /0
rol cb E, 0xd2 /0
rol Ib E, 0xc0 /0
######## ROR ###################################################################
# "ror" is not marked as nacl-amd64-zero-extends out of caution.  We assume that
# this instruction is used for bit manipulation rather than computing viable
# addresses.
ror Ib E, 0xc0 /1
ror E, 0xd0 /1
ror cb E, 0xd2 /1
######## SAHF ##################################################################
# SAHF is always awailable in 16bit/32bit mode, but not always in 64bit mode
sahf, 0x9e, ia32
sahf, 0x9e, amd64 CPUFeature_LAHF
######## SAL ###################################################################
# AMD manual claims this opcode works identically to shl.  Intel manual
# says it's reserved.  Objdump does not like it.
# sal E, 0xd0 /6
# sal cb E, 0xd2 /6
# sal Ib E, 0xc0 /6
######## SAL/SHL ###############################################################
# "sal"/"shl" is not marked as nacl-amd64-zero-extends out of caution.  We
# assume that this instruction is used for bit manipulation rather than
# computing viable addresses.
shl E, 0xd0 /4
shl cb E, 0xd2 /4
shl Ib E, 0xc0 /4
######## SAR ###################################################################
# "sar" is not marked as nacl-amd64-zero-extends out of caution.  We assume that
# this instruction is used for bit manipulation rather than computing viable
# addresses.
sar Ib E, 0xc0 /7
sar E, 0xd0 /7
sar cb E, 0xd2 /7
######## SBB ###################################################################
# "sbb" is not marked as nacl-amd64-zero-extends since borrows/carries should
# not be need when calculating an address.
sbb I a, 0x1c
sbb I E, 0x80 /3, lock
sbb Ib Ev, 0x83 /3, lock
sbb G E, 0x18, lock
sbb E G, 0x1a
######## SCAS/SCASB/SCASW/SCASD/SCASQ ##########################################
scas Y a, 0xae, condrep nacl-amd64-forbidden
######## SETcc #################################################################
seta Eb, 0x0f 0x97, CPUFeature_CMOV
setae Eb, 0x0f 0x93, CPUFeature_CMOV
setbe Eb, 0x0f 0x96, CPUFeature_CMOV
setb Eb, 0x0f 0x92, CPUFeature_CMOV
sete Eb, 0x0f 0x94, CPUFeature_CMOV
setg Eb, 0x0f 0x9f, CPUFeature_CMOV
setge Eb, 0x0f 0x9d, CPUFeature_CMOV
setle Eb, 0x0f 0x9e, CPUFeature_CMOV
setl Eb, 0x0f 0x9c, CPUFeature_CMOV
setne Eb, 0x0f 0x95, CPUFeature_CMOV
setno Eb, 0x0f 0x91, CPUFeature_CMOV
setnp Eb, 0x0f 0x9b, CPUFeature_CMOV
setns Eb, 0x0f 0x99, CPUFeature_CMOV
seto Eb, 0x0f 0x90, CPUFeature_CMOV
setp Eb, 0x0f 0x9a, CPUFeature_CMOV
sets Eb, 0x0f 0x98, CPUFeature_CMOV
######## SFENCE ################################################################
sfence, 0x0f 0xae 0xf8, CPUFeature_EMMXSSE
######## SHLD ##################################################################
# Textbook definition of "shrd" as per AMD/Intel manuals looks like this:
#  shld Ib Gv Ev, 0x0f 0xa4
#  shld cb Gv Ev, 0x0f 0xa5
# For consistency with the production validators, drop support for the 16-bit
#  version of "shld" in ia32 mode.
# Note that the former 32- and 64-bit validators treat "shld" inconsistently:
#  http://code.google.com/p/nativeclient/issues/detail?id=2978
#
# "shld" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
shld Ib Gw Ew, data16 0x0f 0xa4, norexw nacl-ia32-forbidden
shld cb Gw Ew, data16 0x0f 0xa5, norexw nacl-ia32-forbidden
shld Ib Gd Ed, 0x0f 0xa4, norexw
shld cb Gd Ed, 0x0f 0xa5, norexw
shld Ib Gq Eq, rexw 0x0f 0xa4, amd64
shld cb Gq Eq, rexw 0x0f 0xa5, amd64
shld Ib Gq Eq, data16 rexw 0x0f 0xa4, amd64 nacl-forbidden
shld cb Gq Eq, data16 rexw 0x0f 0xa5, amd64 nacl-forbidden
######## SHR ###################################################################
# "shr" is not marked as nacl-amd64-zero-extends out of caution.  We assume that
# this instruction is used for bit manipulation rather than computing viable
# addresses.
shr E, 0xd0 /5
shr cb E, 0xd2 /5
shr Ib E, 0xc0 /5
######## SHRD ##################################################################
# Textbook definition of "shrd" as per AMD/Intel manuals looks like this:
#  shld Ib Gv Ev, 0x0f 0xa4
#  shld cb Gv Ev, 0x0f 0xa5
# For consistency with the production validators, drop support for the 16-bit
#  version of "shrd" in ia32 mode.
# Note that the former 32- and 64-bit validators treat "shrd" inconsistently:
#  http://code.google.com/p/nativeclient/issues/detail?id=2980
#
# "shrd" is not marked as nacl-amd64-zero-extends out of caution.  We assume
# that this instruction is used for bit manipulation rather than computing
# viable addresses.
shrd Ib Gw Ew, data16 0x0f 0xac, norexw nacl-ia32-forbidden
shrd cb Gw Ew, data16 0x0f 0xad, norexw nacl-ia32-forbidden
shrd Ib Gd Ed, 0x0f 0xac, norexw
shrd cb Gd Ed, 0x0f 0xad, norexw
shrd Ib Gq Eq, rexw 0x0f 0xac, amd64
shrd cb Gq Eq, rexw 0x0f 0xad, amd64
shrd Ib Gq Eq, data16 rexw 0x0f 0xac, amd64 nacl-forbidden
shrd cb Gq Eq, data16 rexw 0x0f 0xad, amd64 nacl-forbidden
######## SLWPCB ################################################################
slwpcb Ry, 0x8f RXB.09 W.1111.0.00 0x12 /1, CPUFeature_LWP
######## STC ###################################################################
stc, 0xf9
######## STD ###################################################################
std, 0xfd
######## STOS/STOSB/STOSW/STOSD/STOSQ ##########################################
stos a Y, 0xaa, rep nacl-amd64-forbidden
######## SUB ###################################################################
sub I a, 0x2c, nacl-amd64-zero-extends
sub I E, 0x80 /5, lock nacl-amd64-zero-extends
sub Ib Ev, 0x83 /5, lock nacl-amd64-zero-extends
sub G E, 0x28, lock nacl-amd64-zero-extends
sub E G, 0x2a, nacl-amd64-zero-extends
######## T1MSKC ################################################################
t1mskc Ey By, 0x8f RXB.09 W.dest.0.00 0x01 /7, CPUFeature_TBM
######## TEST ##################################################################
test I =a, 0xa8
test I =E, 0xf6 /0
# AMD manual claims this opcode works identically to "/0".  Intel manual
# says it's reserved.  Objdump does not like it.
# test I =E, 0xf6 /1
test G =E, 0x84
######## TZCNT #################################################################
# Textbook definition of "tzcnt" as per AMD/Intel manuals looks like this:
#   tzcnt Ev Gv, 0xf3 0x0f 0xbc, CPUFeature_TZCNT nacl-amd64-zero-extends
# "tzcnt" is not marked as nacl-amd64-zero-extends because it is unlikely to be
# useful for computing an address based on the number of trailing zeros of a
# value.
# We mark tzcnt specially to allow it independently from CPUID
# See http://code.google.com/p/nativeclient/issues/detail?id=2869
# Also, since f3 opcode extension is counted as rep prefix, it is not allowed
# together with data16 prefix.
# See http://code.google.com/p/nativeclient/issues/detail?id=3076
tzcnt Ew Gw, data16 0xf3 0x0f 0xbc, norexw CPUFeature_TZCNT nacl-forbidden
tzcnt Ed Gd, 0xf3 0x0f 0xbc, norexw CPUFeature_TZCNT
tzcnt Eq Gq, rexw 0xf3 0x0f 0xbc, amd64 CPUFeature_TZCNT
tzcnt Eq Gq, data16 rexw 0xf3 0x0f 0xbc, amd64 CPUFeature_TZCNT nacl-forbidden
######## TZMSK #################################################################
tzmsk Ey By, 0x8f RXB.09 W.dest.0.00 0x01 /4, CPUFeature_TBM
######## XADD ##################################################################
# Textbook definition of "xadd" as per AMD/Intel manuals looks like this:
#  xadd &G E, 0x0f 0xc0, lock nacl-amd64-zero-extends
# For consistency with the production validators, drop support for the 16-bit
#  version of "xadd" in ia32 mode.
# Also, don't consider xadd with memory zero-extending.
#  See http://code.google.com/p/nativeclient/issues/detail?id=3077
# Note that the former 32- and 64-bit validators treat "xadd" inconsistently:
#  http://code.google.com/p/nativeclient/issues/detail?id=2981
xadd &Gb Eb, 0x0f 0xc0, lock
xadd &Gw Ew, data16 0x0f 0xc1, norexw lock nacl-ia32-forbidden
xadd &Gd Rd, 0x0f 0xc1, norexw nacl-amd64-zero-extends
xadd &Gd Md, 0x0f 0xc1, norexw lock
xadd &Gq Eq, rexw 0x0f 0xc1, lock amd64
xadd &Gq Eq, data16 rexw 0x0f 0xc1, lock amd64 nacl-forbidden
######## XCHG ##################################################################
# For consistency with prod. validator, don't consider exchange with memory
# zero-extending.
# See http://code.google.com/p/nativeclient/issues/detail?id=3071
xchg &av rv, 0x90, nacl-amd64-zero-extends
xchg &G R, 0x86, nacl-amd64-zero-extends
xchg &G M, 0x86, lock
######## XLAT ##################################################################
xlat xb, 0xd7, nacl-forbidden
######## XOR ###################################################################
xor I a, 0x34, nacl-amd64-zero-extends
xor I E, 0x80 /6, lock nacl-amd64-zero-extends
xor Ib Ev, 0x83 /6, lock nacl-amd64-zero-extends
xor G E, 0x30, lock nacl-amd64-zero-extends
xor E G, 0x32, nacl-amd64-zero-extends
################################################################################