Uses of test other than saving size on cmp $0

Question

I was wondering how cmp is used outside of saving a byte on doing a zero-check on a register, for example:

cmp $0, %eax

vs.

test %eax, %eax

I was doing some trial-and-error and it seems like this is its main usage (unless I'm missing something -- if any further usage can use the and instruction).

Are there other uses of the test instruction?

---

Somewhat related: In x86 what's difference between "test eax,eax" and "cmp eax,0".

---

Here are some samples I did:

   mov $1, %eax
   mov $2, %ebx
   test %eax, %ebx
   jg _start       # <-- doesn't jump
   jl _start       # <-- doesn't jump

   mov $1, %eax
   mov $1, %ebx
   test %eax, %ebx
   je _start       # <-- doesn't jump

   mov $0, %eax
   mov $1, %ebx
   test %eax, %ebx
   je _start       # <-- why is this the only one that works? 1 & 0 == 0 ?

Answer 1

Are there other uses of the test instruction?

Uses of the test instruction include:

• Checking if a value is zero. E.g. if(x == 0) -> test eax,eax

• Checking if a value is divisible by any power of 2. E.g. if(x % 8 == 0) -> test eax,7

• Checking specific bit/s. E.g. if(x & (S_IREAD | S_IWRITE) == 0) -> test eax,(S_IREAD | S_IWRITE). Note: This is probably the "main intended use".

• Various cases where 2 or more smaller values are packed together. E.g. if you have two signed 16-bit values packed into EAX then you could test eax,0x80008000 to determine if either of the 16-bit values are negative; if you're supposed to have four ASCII characters packed into EAX you could test eax,0x80808080 to determine if they're all valid ASCII; if you have three 10-bit numbers packed into EAX and want to check that they're all smaller than 512 you could test eax,(0x200 << 20) | (0x200 << 10) | 0x200 ; if you have six 5-bit values packed into EAX and want to check that the 2nd value is larger than 8 you could test eax, (0x18 << 6). Of course this can be extended to use more registers (e.g. pack sixteen 6-bit values into EDX:EBX:EAX and use three test instructions to ...) and/or augmented with other instructions (e.g. maybe not before the test). Note: These cases would work the same on single values, but there's better/simpler alternatives for single values (mostly cmp), and the main benefit is avoiding the need to unpack.

Here are some samples I did:

There's multiple flags (CF/carry, OF/overflow, SF/sign, ZF/zero, AF/auxiliary, PF/parity) and different "Jcc" conditional branches use different flags (e.g. jc uses CF, js uses SF, etc). All of the "bitwise" instructions (AND, OR, XOR, TEST) clear CF and OF and leave AF undefined, so any conditional branches that rely on those flags don't make sense (e.g. jl relies on SF and OF but OF is always cleared by test, so jl doesn't make sense after test).

Your second sample works but shouldn't jump (it's like "if(1 & 1 == 0) goto __start;" which does nothing). Your third sample works and should jump.