5.2 KiB
Executable File
PUSH — Push Word, Doubleword or Quadword Onto the Stack
Description
Decrements the stack pointer and then stores the source operand on the top of the stack.
Instruction
| Opcode | Assembly | Op/En | Modern Mode | Legacy Mode | Description |
|---|---|---|---|---|---|
| FF /6 | PUSH r/m16 | M | Valid | Valid | Decrement stack pointer, push r/m16 onto top of stack. |
| FF /6 | PUSH r/m32 | M | N.E. | Valid | Decrement stack pointer, push r/m32 onto top of stack. |
| FF /6 | PUSH r/m64 | M | Valid | N.E. | Decrement stack pointer, push r/m64 onto top of stack. |
| 50+rw | PUSH r16 | O | Valid | Valid | Decrement stack pointer, push r16 onto top of stack. |
| 50+rd | PUSH r32 | O | N.E. | Valid | Decrement stack pointer, push r32 onto top of stack. |
| 50+rd | PUSH r64 | O | Valid | N.E. | Decrement stack pointer, push r64 onto top of stack. |
| 6A ib | PUSH imm8 | I | Valid | Valid | Decrement stack pointer, push imm8 onto top of stack. |
| 68 iw | PUSH imm16 | I | Valid | Valid | Decrement stack pointer, push imm16 onto top of stack. |
| 68 id | PUSH imm32 | I | Valid | Valid | Decrement stack pointer, push imm32 onto top of stack. |
| 0E | PUSH CS | NP | Invalid | Valid | Decrement stack pointer, push CS onto top of stack. |
| 16 | PUSH SS | NP | Invalid | Valid | Decrement stack pointer, push SS onto top of stack. |
| 1E | PUSH DS | NP | Invalid | Valid | Decrement stack pointer, push DS onto top of stack. |
| 06 | PUSH ES | NP | Invalid | Valid | Decrement stack pointer, push ES onto top of stack. |
| 0F A0 | PUSH FS | NP | Valid | Valid | Decrement stack pointer, push FS onto top of stack. |
| 0F A8 | PUSH GS | NP | Valid | Valid | Decrement stack pointer, push GS onto top of stack. |
Information
Address and operand sizes are determined and used as follows:
-
Address size: The D flag in the current code-segment descriptor determines the default address size; it may be overridden by an instruction prefix (67H). The address size is used only when referencing a source operand in memory.
-
Operand size: The D flag in the current code-segment descriptor determines the default operand size; it may be overridden by instruction prefixes (66H or REX.W). The operand size (16, 32, or 64 bits) determines the amount by which the stack pointer is decremented (2, 4 or 8). If the source operand is an immediate of size less than the operand size, a sign-extended value is pushed on the stack. If the source operand is a segment register (16 bits) and the operand size is 64-bits, a zero- extended value is pushed on the stack; if the operand size is 32-bits, either a zero-extended value is pushed on the stack or the segment selector is written on the stack using a 16-bit move. For the last case, all recent Core and Atom processors perform a 16-bit move, leaving the upper portion of the stack location unmodified.
-
Stack-address size: Outside of 64-bit mode, the B flag in the current stack-segment descriptor determines the size of the stack pointer (16 or 32 bits); in 64-bit mode, the size of the stack pointer is always 64 bits. The stack-address size determines the width of the stack pointer when writing to the stack in memory and when decrementing the stack pointer. (As stated above, the amount by which the stack pointer is decremented is determined by the operand size.) If the operand size is less than the stack-address size, the PUSH instruction may result in a misaligned stack pointer (a stack pointer that is not aligned on a doubleword or quadword boundary).
The PUSH ESP instruction pushes the value of the ESP register as it existed before the instruction was executed. If a PUSH instruction uses a memory operand in which the ESP register is used for computing the operand address, the address of the operand is computed before the ESP register is decremented.
If the ESP or SP register is 1 when the PUSH instruction is executed in real-address mode, a stack-fault exception (#SS) is generated (because the limit of the stack segment is violated). Its delivery encounters a second stack- fault exception (for the same reason), causing generation of a double-fault exception (#DF). Delivery of the double-fault exception encounters a third stack-fault exception, and the logical processor enters shutdown mode. See the discussion of the double-fault exception in Chapter 6 of the Intel® 64 and IA-32 Architectures Software Developer's Manual, Volume 3A.