# X86 Instructions and ARM Architecture

## Shift and Rotate Instructions

#### Logical Shift Instructions

In a **logical shift** instruction (also referred to as **unsigned shift**), the bits that slide off the end disappear (except for the last, which goes into the carry flag), and the spaces are always filled with zeros. Logical shifts are best used with unsigned numbers.

shr src, dest |
GAS Syntax |

shr dest, src |
Intel Syntax |

Logical shift `dest`

to the right by `src`

bits.

shl src, dest |
GAS Syntax |

shl dest, src |
Intel Syntax |

Logical shift `dest`

to the left by `src`

bits.

Examples (GAS Syntax):

movw $ff00,%ax # ax=1111.1111.0000.0000 (0xff00, unsigned 65280, signed -256) shrw $3,%ax # ax=0001.1111.1110.0000 (0x1fe0, signed and unsigned 8160) # (logical shifting unsigned numbers right by 3 # is like integer division by 8) shlw $1,%ax # ax=0011.1111.1100.0000 (0x3fc0, signed and unsigned 16320) # (logical shifting unsigned numbers left by 1 # is like multiplication by 2)

#### Arithmetic Shift Instructions

In an **arithmetic shift** (also referred to as **signed shift**), like a logical shift, the bits that slide off the end disappear (except for the last, which goes into the carry flag). But in an arithmetic shift, the spaces are filled in such a way to preserve the sign of the number being slid. For this reason, arithmetic shifts are better suited for signed numbers in two's complement format.

sar src, dest |
GAS Syntax |

sar dest, src |
Intel Syntax |

Arithmetic shift `dest`

to the right by `src`

bits. Spaces are filled with sign bit (to maintain sign of original value), which is the original highest bit.

sal src, dest |
GAS Syntax |

sal dest, src |
Intel Syntax |

Arithmetic shift `dest`

to the left by `src`

bits. The bottom bits do not affect the sign, so the bottom bits are filled with zeros. This instruction is synonymous with SHL.

Examples (GAS Syntax):

movw $ff00,%ax # ax=1111.1111.0000.0000 (0xff00, unsigned 65280, signed -256) salw $2,%ax # ax=1111.1100.0000.0000 (0xfc00, unsigned 64512, signed -1024) # (arithmetic shifting left by 2 is like multiplication by 4 for # negative numbers, but has an impact on positives with most # significant bit set (i.e. set bits shifted out)) sarw $5,%ax # ax=1111.1111.1110.0000 (0xffe0, unsigned 65504, signed -32) # (arithmetic shifting right by 5 is like integer division by 32 # for negative numbers)

#### Extended Shift Instructions

The names of the *double precision* shift operations are somewhat misleading, hence they are listed as *extended* shift instructions on this page.

They are available for use with 16- and 32-bit data entities (registers/memory locations). The `src`

operand is always a register, the `dest`

operand can be a register or memory location, the `cnt`

operand is an immediate byte value or the CL register. In 64-bit mode it is possible to address 64-bit data as well.

shld cnt, src, dest |
GAS Syntax |

shld dest, src, cnt |
Intel Syntax |

The operation performed by `shld`

is to shift the most significant `cnt`

bits out of `dest`

, but instead of filling up the least significant bits with zeros, they are filled with the most significant `cnt`

bits of `src`

.

shrd cnt, src, dest |
GAS Syntax |

shrd dest, src, cnt |
Intel Syntax |

Likewise, the `shrd`

operation shifts the least significant `cnt`

bits out of `dest`

, and fills up the most significant `cnt`

bits with the least significant bits of the `src`

operand.

Intel's nomenclature is misleading, in that the shift does not operate on double the basic operand size (i.e. specifying 32-bit operands doesn't make it a 64-bit shift): the `src`

operand always remains unchanged.

Also, Intel's manual^{[1]} states that the results are undefined when `cnt`

is greater than the operand size, but at least for 32- and 64-bit data sizes it has been observed that shift operations are performed by (`cnt mod n`

), with n being the data size.

Examples (GAS Syntax):

xorw %ax,%ax # ax=0000.0000.0000.0000 (0x0000) notw %ax # ax=1111.1111.1111.1111 (0xffff) movw $0x5500,%bx # bx=0101.0101.0000.0000 shrdw $4,%ax,%bx # bx=1111.0101.0101.0000 (0xf550), ax is still 0xffff shldw $8,%bx,%ax # ax=1111.1111.1111.0101 (0xfff5), bx is still 0xf550

Other examples (**decimal numbers are used instead of binary number to explain the concept**)

# ax = 1234 5678 # bx = 8765 4321 shrd $3, %ax, %bx # ax = 1234 5678 bx = 6788 7654

# ax = 1234 5678 # bx = 8765 4321 shld $3, %ax, %bx # bx = 5432 1123 ax = 1234 5678

#### Rotate Instructions

##### Rotate Right

In a rotate instruction, the bits that slide off the end of the register are fed back into the spaces.

ror offset, variable |
GAS Syntax |

ror variable, offset |
Intel Syntax |

Rotate ` variable` to the right by

`bits. Here is a graphical representation how this looks like:`

`offset`

╭─────────╮ %al old │ 0 1 1 1 │ │ │ │ │ ╰─╯ │ │ │ ╰─╮ ror 1, %al │ │ ╰─╮ │ │ ╰─╮ │ │ ╰─╮ │ │ │ %al new 1 0 1 1

The number of bits to rotate ` offset` is masked to the lower 5 bits (or 6 bits in 64-bit mode). This is equivalent to a operation, i. e. the remainder of integer division (note: ).

**Operands**

has to be a register or memory location.`Variable`

can be either`Offset`

- an immediate value (where the value
`1`

has a dedicated opcode), - or the
`cl`

register (that is the lower byte of`ecx`

).

**Modified Flags**

`ror`

only alters flags if the masked ` offset` is

*non*-zero. The

`CF`becomes the

`result`’s MSB, so the “sign”.

Furthermore, if the masked ` offset` = 1,

`OF`≔

`result`[MSB] ⊻

`result`[MSB−1], so the OF tells us, whether “the sign” has changed.

##### Rotate Left

rol src, dest |
GAS Syntax |

rol dest, src |
Intel Syntax |

Rotate `dest`

to the left by `src`

bits.

#### Rotate With Carry Instructions

Like with shifts, the rotate can use the carry bit as the "extra" bit that it shifts through.

rcr src, dest |
GAS Syntax |

rcr dest, src |
Intel Syntax |

Rotate `dest`

to the right by `src`

bits with carry.

rcl src, dest |
GAS Syntax |

rcl dest, src |
Intel Syntax |

Rotate `dest`

to the left by `src`

bits with carry.

##### Number of arguments

Unless stated, these instructions can take either one or two arguments. If only one is supplied, it is assumed to be a register or memory location and the number of bits to shift/rotate is one (this may be dependent on the assembler in use, however). `shrl $1, %eax `

is equivalent to `shrl %eax`

(GAS syntax).