x86 Instruction Set Reference
LOOP/LOOPcc
Loop According to ECX Counter
-Loop 명령어를 만나게 되면 자ecx 값이 자동 감소 되고 ecx 값이 0 이 아니라면 해당 번지로 점프한다
0이면 점프 하지 않고 loop 다음 구문을 실행한다( c언어에서 for 문을 떠올리면 됨)
여기서 점프를 한다는건 일반적으로 반복 수행을 위해 loop 명령어 위쪽으로 점프한다는 것을 의미함
-ECX 외에 and 가 붙는 것들의 이해는 cmp 로 두개의 값을 비교하여 같으면 Z=1 이 세팅이 되는데 반복문의 조건문에 두개의 조건이 있다고 가정 할때 ECX 의 값과 어떤 값을 비교하는 연산이 and 로 있는 경우를 생각해 볼 수 있다
1.cmp 로 비교하여 z 값 세팅
2.이후 loopcc 로 점프할지 말지 결정
주의 loop 의 경우 점프 loop 다음 실행할 번지와 점프 뛸 곳까지의 명령어 1바이트를 벗어난 위치로 점프 할 수 없다
점프 하려면 jmp 로 그에 대한 내용은 http://codetronik.tistory.com/5 를 참고
| Opcode | Mnemonic | Description |
|---|
E2 cb | LOOP rel8 | Decrement count; jump short if count != 0. |
E1 cb | LOOPE rel8 | Decrement count; jump short if count != 0 and ZF=1. |
E1 cb | LOOPZ rel8 | Decrement count; jump short if count != 0 and ZF=1. |
E0 cb | LOOPNE rel8 | Decrement count; jump short if count != 0 and ZF=0. |
E0 cb | LOOPNZ rel8 | Decrement count; jump short if count != 0 and ZF=0. |
| Description |
|---|
Performs a loop operation using the ECX or CX register as a counter. Each time the LOOP instruction is executed, the count register is decremented, then checked for 0. If the count is 0, the loop is terminated and program execution continues with the instruction following the LOOP instruction. If the count is not zero, a near jump is performed to the destination (target) operand, which is presumably the instruction at the beginning of the loop. If the address-size attribute is 32 bits, the ECX register is used as the count register; otherwise the CX register is used. The target instruction is specified with a relative offset (a signed offset relative to the current value of the instruction pointer in the EIP register). This offset is generally specified as a label in assembly code, but at the machine code level, it is encoded as a signed, 8-bit immediate value, which is added to the instruction pointer. Offsets of -128 to +127 are allowed with this instruction. Some forms of the loop instruction (LOOPcc) also accept the ZF flag as a condition for terminating the loop before the count reaches zero. With these forms of the instruction, a condition code (cc) is associated with each instruction to indicate the condition being tested for. Here, the LOOPcc instruction itself does not affect the state of the ZF flag; the ZF flag is changed by other instructions in the loop. |
| Operation |
|---|
if(AddressSize == 32) Count = ECX;
else Count = CX;
Count = Count - 1;
switch(Instruction) {
case LOOPE:
case LOOPZ:
if(ZF == 1 && Count != 0) BranchCond = 1;
else BranchCond = 0;
break;
case LOOPNE:
case LOOPNZ:
if(ZF == 0 && Count != 0) BranchCond = 1;
else BranchCond = 0;
break;
default:
if(Count != 0) BranchCond = 1;
else BranchCond = 0;
break;
}
if(BranchCond == 1) {
EIP = EIP + SignExtend(Destination);
if(OperandSize == 16) EIP = EIP & 0xFFFF;
else if(EIP < CS.Base || EIP < CS.Limit) Exception(GP);
}
else ResumeExecution();
|
| Protected Mode Exceptions |
|---|
#GP(0) | If the offset being jumped to is beyond the limits of the CS segment. |
|
| Real-Address Mode Exceptions |
|---|
#GP | If the offset being jumped to is beyond the limits of the CS segment or is outside of the effective address space from 0 to FFFFH. This condition can occur if a 32-bit address size override prefix is used. |
|
| Virtual-8086 Mode Exceptions |
|---|
| Same exceptions as in Real Address Mode |
| Instruction | Latency | Throughput | Execution Unit |
|---|
CPUID | 0F3n/0F2n/069n | 0F3n/0F2n/069n | 0F2n |
LOOP | 8 | 1.5 | ALU |
