2

When the 8086 Trap Flag (TF) is set, a type 1 interrupt is generated automatically after nearly every instruction. I'm looking for a full list of the exceptions for an 8086/8088 emulator. Have I missed any from the list below or written anything that is wrong?

  1. REPxx, LOCK and code segment prefixes
  2. MOV to segment and POP segment register
  3. IRET and POPF if TF set after Flags popped but reset before

Notes

  1. No interrupts of any kind recognized immediately after a prefix
  2. Restricted to MOV SS,xxxx and POP SS on later processors
  3. Single-stepping begins at end of the next instruction
Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
TonyB
  • 31
  • 1
  • rep and lock are prefixes, not instructions. They're part of other instructions. Of course an interrupt can't fire mid instruction. – Peter Cordes Dec 22 '20 at 20:28
  • (That said, actual 8086/88 have what's essentially a bug: an interrupt during a resumable instructions like `rep cs movsb` will save the address of the *last* prefix, not first, so when it restarts the `rep` prefix won't be visible. Or worse, `cs` won't be visible if you put rep last. If you want to use `movsb` with rep *and* a segment override, you have to put it in a `test cx,cx` / `jnz` loop to make sure it finishes, with the rep prefix first. So a faithful emulator should probably emulate this design flaw (which later x86 CPUs fixed). – Peter Cordes Dec 22 '20 at 20:29
  • Source for that: @MichaelPetch's comment on [What's the purpose of PUSH CS / POP DS before a REP MOVSW?](https://stackoverflow.com/posts/comments/94075165). He also linked https://www.pcjs.org/pubs/pc/reference/intel/8086/ which collects up that and other 8086 quirks / errata. – Peter Cordes Dec 22 '20 at 20:32
  • Also take a look at https://retrocomputing.stackexchange.com/questions/12693/how-does-single-stepping-on-the-8086-interact-with-internal-and-external-interru/12694#12694 – Michael Karcher Dec 28 '20 at 10:04
  • @PeterCordes It's a kind of philosophical question whether REP and LOCK are "instructions" that put the processor in a transient modified state that affects execution of the subsequent (non-prefix) instruction, or whehter they are part of a single instruction. Intel's documentation calls the opcodes like 0F0h or 0F2h prefixes, whereas NEC in the V20 documentation describes the prefixes as stand-alone instructions. – Michael Karcher Dec 28 '20 at 10:20
  • @MichaelKarcher: An interrupt can in theory happen at any instruction boundary. And in practice at *most* instruction boundaries. The TF (single-step) flag also traps after executing one instruction. So the hardware can tell you what it thinks an instruction is, at a pure ISA level even without needing any uarch-specific stuff like performance counters. As I'm sure you know, an exception can never happen after a prefix but before the rest of the instruction. That mental model / philosophy might be based in the front-end decode process of ancient CPUs (1 prefix / clock), but it's faulty. – Peter Cordes Dec 28 '20 at 10:48
  • @MichaelKarcher: whether `rep movsb` is one big interruptible instruction, or multiple separate `movsb` instructions, is another matter: TF says it's multiple, stopping after every repeat, but IIRC hardware performance counters reflect the reality of the hardware (a microcode instruction that fires up the microcode sequencer) and counts it as one instruction. But it's definitely not a `rep` *instruction* (no such thing) and then a `movsb`, except in some make-believe mental model that conflicts with a bunch of observable behaviour. – Peter Cordes Dec 28 '20 at 10:50

0 Answers0