I recently stumbled across the following assembly instruction sequence:
rep stos dword ptr [edi]
Asked
Active
Viewed 6.1k times
2 Answers
86
For ecx repetitions, stores the contents of eax into where edi points to, incrementing or decrementing edi (depending on the direction flag) by 4 bytes each time. Normally, this is used for a memset-type operation.
Usually, that instruction is simply written rep stosd. Experienced assembly coders know all the details mentioned above just by seeing that. :-)
ETA for completeness (thanks PhiS): Each iteration, ecx is decremented by 1, and the loop stops when it reaches zero. For stos, the only thing you will observe is that ecx is cleared at the end. But, for scas or the like, where the repz/repnz prefixes are used, ecx can be greater than zero if the operation stopped before exhausting ecx bytes/words/whatevers.
Before you ask, scas is used for implementing strchr-type operations. :-P
C. K. Young
- 219,335
- 46
- 382
- 435
-
Can you give an example what it does? – COMer Sep 29 '10 at 06:16
-
8@COMer - It's already in the anwser: like memset - it fills a specified (ecx) amount of memory (at [edi]) with a given value (in eax). – PhiS Sep 29 '10 at 07:05
-
@Chris Jester-Young - for completeness' sake, I'd suggest you mention that it will also decrement ecx by one each iteration until ecx reaches 0. – PhiS Sep 29 '10 at 07:11
-
How to know whether it's ecx or other kinds of repetitions ? – COMer Sep 29 '10 at 09:49
-
@COMer: It always uses register 1 (`cx`/`ecx`/`rcx`). In your case, since you're using the 32-bit instruction, it will use the 32-bit version of that register, thus, `ecx`. – C. K. Young Sep 29 '10 at 11:54
-
@PhiS: I added something, though I don't know if it's comprehensive enough. :-P – C. K. Young Sep 29 '10 at 12:02
-
To clarify, is rep stosd similar to: `memset(edi, eax, ecx)` , where `edi`, `eax`, and `ecx` are the registers?...Except the 2nd parameter may be more than a single byte. – SW_user2953243 Oct 26 '14 at 07:59
-
1@SW_user2953243 It's like a 32-bit version of `memset`, where the thing to set to is a 32-bit quantity (unlike `memset`, where the thing to set is a `char`). `ecx` specifies the number of dwords (and not number of bytes) to set. – C. K. Young Oct 27 '14 at 16:19
-
@SW_user2953243 More like `memset(edi, eax, ecx * 4)` – Cole Tobin Apr 10 '15 at 03:10
-
2@ColeJohnson Close, except that with `stosd`, the individual bytes in the dword can have different contents. – C. K. Young Apr 10 '15 at 03:13
0
Empty array:
char buff[256] = { };
776 1c5: 48 8d 95 e0 fc ff ff lea -0x320(%rbp),%rdx
777 1cc: b8 00 00 00 00 mov $0x0,%eax
778 1d1: b9 20 00 00 00 mov $0x20,%ecx
779 1d6: 48 89 d7 mov %rdx,%rdi
780 1d9: f3 48 ab **rep stos %rax,%es:(%rdi)**
leesagacious
- 182
- 1
- 8
-
1That's `rep stosq`, but sure close enough. (disassembled with AT&T syntax). That looks like un-optimized gcc output; it will inline `rep stos` in some cases instead of calling `memset` even with optimization. Obviously optimized code wouldn't spend 2 separate instructions getting the pointer into RDI, and would zero RAX with `xor %eax,%eax`. (If it didn't optimize away the array entirely.) – Peter Cordes Jul 03 '19 at 07:59
-
-
4Writing EAX zero-extends into RAX, like GCC is doing here with `mov $0, %eax` to zero RAX without the xor-zero peephole optimization (which gcc only looks for at `-O2`, which enables `-fpeephole2`). Using an extra REX prefix would be strictly worse with XOR, like it would be with MOV. [What is the best way to set a register to zero in x86 assembly: xor, mov or and?](//stackoverflow.com/q/33666617) – Peter Cordes Jul 04 '19 at 05:24
-
Could you clarify your answer, e.g. by adding an explanation? It is not clear how that addresses the question ("What does `rep stos` do?"). – janw Apr 01 '22 at 19:18