X86 INSTRUCTIONS:::CONTROL FLOW:::: JUMP INSTRUCTIONS

The Jump Instructions allow the programmer to (indirectly) set the value of the EIP register. The location passed as the argument is usually a label. The first instruction executed after the jump is the instruction immediately following the label. All of the jump instructions, with the exception of jmp, are conditional jumps, meaning that program flow is diverted only if a condition is true. These instructions are often used after a comparison instruction, but since many other instructions set flags, this order is not required. Unconditional Jumps : Syntax : jmp loc Loads EIP with the specified address (i.e. the next instruction executed will be the one specified by jmp). Jump on Equality : Syntax : je loc ZF = 1 Loads EIP with the specified address, if operands of previous CMP instruction are equal. mov $5, ecx mov $5, edx cmp ecx, edx je equal ; if it did not jump to the label equal, then this means ecx and edx are not equal. equal: ; if it jumped here, then this means ecx and edx are equal Jump on Inequality : Syntax : jne loc ZF = 0 Loads EIP with the specified address, if operands of previous CMP instruction are not equal. Jump if Greater : Syntax 1 : jg loc ZF = 0 and SF = OF Loads EIP with the specified address, if first operand of previous CMP instruction is greater than the second (performs signed comparison). Syntax 2 : jge loc SF = OF Loads EIP with the specified address, if first operand of previous CMP instruction is greater than or equal to the second (performs signed comparison). Syntax 3 : ja loc CF = 0 and ZF = 0 Loads EIP with the specified address, if first operand of previous CMP instruction is greater than the second. ja is the same as jg, except that it performs an unsigned comparison. Syntax 4 : jae loc CF = 0 Loads EIP with the specified address, if first operand of previous CMP instruction is greater than or equal to the second. jae is the same as jge, except that it performs an unsigned comparison. Jump if Less : Syntax 1 : jl loc The criteria required for a JL is that SF <> OF, loads EIP with the specified address, if the criteria is meet. So either SF or OF can be set but not both in order to satisfy this criteria. If we take the SUB(which is basically what a CMP does) instruction as an example, we have: arg2 - arg1 With respect to SUB and CMP there are several cases that fulfill this criteria: arg2 < arg1 and the operation does not have overflow arg2 > arg1 and the operation has an overflow In case 1) SF will be set but not OF and in case 2) OF will be set but not SF since the overflow will reset the most significant bit to zero and thus preventing SF being set. The SF <> OF criteria avoids the cases where: arg2 > arg1 and the operation does not have overflow arg2 < arg1 and the operation has an overflow arg2 == arg1 In case 1) neither SF nor OF are set, in case 2) OF will be set and SF will be set since the overflow will reset the most significant bit to one and in case 3) neither SF nor OF will be set. The example code below runs the five cases outlined above and prints out whether SF and OF are equal or not: ; ; nasm -felf32 -g jlFlagsCheck.asm ; gcc -o jlFlagsCheck jlFlagsCheck.o ; global main extern printf section .data sfneofStr: db 'SF <> OF', 0xA, 0 sfeqofStr: db 'SF == OF', 0xA, 0 section .bss section .text main: ; ; Functions will follow the cdecl call convention ; ; ; arg2 < arg1 and no overflow ; mov eax, 1 cmp eax, 2 call checkSFNEOF ; ; arg2 < arg1 and overflow ; mov al, -2 cmp al, 127 call checkSFNEOF ; ; arg2 > arg1 and no overflow ; mov eax, 2 cmp eax, 1 call checkSFNEOF ; ; arg2 > arg1 and overflow ; mov al, 127 cmp al, -1 call checkSFNEOF ; ; arg2 == arg1 ; mov eax, 2 cmp eax, 2 call checkSFNEOF call exit ; ; Check if SF <> OF, which means the condition for jump less would be meet. ; checkSFNEOF: push ebp mov ebp, esp jl SFNEOF jmp SFEQOF SFNEOF: push dword sfneofStr call printf jmp checkSFNEOFDone SFEQOF: push dword sfeqofStr call printf checkSFNEOFDone: leave ret exit: ; ; Call exit(3) syscall ; void exit(int status) ; mov ebx, 0 ; Arg one: the status mov eax, 1 ; Syscall number: int 0x80 Output : SF <> OF SF <> OF SF == OF SF == OF SF == OF Syntax 2 : jb loc CF = 1 Loads EIP with the specified address, if first operand of previous CMP instruction is less than the second. jb is the same as jl, except that it performs an unsigned comparison. Syntax 3 : jbe loc CF = 1 or ZF = 1 Loads EIP with the specified address, if first operand of previous CMP instruction is less than or equal to the second. jbe is the same as jle, except that it performs an unsigned comparison. Jump on Overflow : Syntax 1 : jo loc OF = 1 Loads EIP with the specified address, if the overflow bit is set on a previous arithmetic expression. Syntax 2 : jno loc OF = 0 Loads EIP with the specified address, if the overflow bit is not set on a previous arithmetic expression. Jump on Zero : Syntax 1 : jz loc ZF = 1 Loads EIP with the specified address, if the zero bit is set from a previous arithmetic expression. jz is identical to je. Syntax 2 : jnz loc ZF = 0 Loads EIP with the specified address, if the zero bit is not set from a previous arithmetic expression. jnz is identical to jne. Jump on Sign : Syntax 1 : js loc SF = 1 Loads EIP with the specified address, if the sign bit is set from a previous arithmetic expression. Syntax 2 : jns loc SF = 0 Loads EIP with the specified address, if the sign bit is not set from a previous arithmetic expression.