PUSH Segment Register
(x86-push-segment-register proc-mode start-rip temp-rip prefixes rex-byte opcode modr/m sib x86) → x86
Note that PUSH CS/SS/DS/ES are invalid in 64-bit mode. Only PUSH FS/GS are valid in 64-bit mode.
0E: [PUSH CS]
16: [PUSH SS]
1E: [PUSH DS]
06: [PUSH ES]
0F A0: [PUSH FS]
0F A8: [PUSH GS]
If the source operand is a segment register (16 bits) and the operand size is 64-bits, a zero-extended value is pushed on the stack; if the operand size is 32-bits, either a zero-extended value is pushed on the stack or the segment selector is written on the stack using a 16-bit move. For the last case, all recent Core and Atom processors perform a 16-bit move, leaving the upper portion of the stack location unmodified.
For now, our model handles the last case described above by doing a 16-bit move. This should be how all modern processor work. In the future, we might parameterize the model on a flag that says how this case is handled (modern or legacy).
PUSH doesn't have a separate instruction semantic function, unlike other opcodes like ADD, SUB, etc. The decoding is coupled with the execution in this case.
Function:
(defun x86-push-segment-register (proc-mode start-rip temp-rip prefixes rex-byte opcode modr/m sib x86) (declare (xargs :stobjs (x86))) (declare (type (integer 0 4) proc-mode) (type (signed-byte 48) start-rip) (type (signed-byte 48) temp-rip) (type (unsigned-byte 52) prefixes) (type (unsigned-byte 8) rex-byte) (type (unsigned-byte 8) opcode) (type (unsigned-byte 8) modr/m) (type (unsigned-byte 8) sib)) (declare (ignorable proc-mode start-rip temp-rip prefixes rex-byte opcode modr/m sib)) (declare (xargs :guard (and (prefixes-p prefixes) (modr/m-p modr/m) (sib-p sib) (rip-guard-okp proc-mode temp-rip)))) (let ((__function__ 'x86-push-segment-register)) (declare (ignorable __function__)) (b* ((?ctx 'x86-push-segment-register)) (b* (((the (integer 1 8) operand-size) (select-operand-size proc-mode nil rex-byte nil prefixes t t nil x86)) (rsp (read-*sp proc-mode x86)) ((mv flg new-rsp) (add-to-*sp proc-mode rsp (- operand-size) x86)) ((when flg) (!!fault-fresh :ss 0 :push flg)) ((the (unsigned-byte 16) val) (seg-visiblei (case opcode (14 1) (22 2) (30 3) (6 0) (160 4) (t 5)) x86)) ((mv flg x86) (wme-size-opt proc-mode (if (= operand-size 4) 2 operand-size) (the (signed-byte 48) new-rsp) 2 val (alignment-checking-enabled-p x86) x86 :mem-ptr? nil)) ((when flg) (!!ms-fresh :wme-size-opt flg)) (x86 (write-*sp proc-mode new-rsp x86)) (x86 (write-*ip proc-mode temp-rip x86))) x86))))
Theorem:
(defthm x86p-of-x86-push-segment-register (implies (x86p x86) (b* ((x86 (x86-push-segment-register proc-mode start-rip temp-rip prefixes rex-byte opcode modr/m sib x86))) (x86p x86))) :rule-classes :rewrite)