3-334
INSTRUCTION SET REFERENCE
JMPJump (Continued)
A relative offset (rel8, rel16, or rel32) is generally specified as a label in assembly code, but at
the machine code level, it is encoded as a signed 8-, 16-, or 32-bit immediate value. This value
is added to the value in the EIP register. (Here, the EIP register contains the address of the
instruction following the JMP instruction). When using relative offsets, the opcode (for short vs.
near jumps) and the operand-size attribute (for near relative jumps) determines the size of the
target operand (8, 16, or 32 bits).
Far Jumps in Real-Address or Virtual-8086 Mode.
When executing a far jump in real-
address or virtual-8086 mode, the processor jumps to the code segment and offset specified with
the target operand. Here the target operand specifies an absolute far address either directly with
a pointer (ptr16:16 or ptr16:32) or indirectly with a memory location (m16:16 or m16:32). With
the pointer method, the segment and address of the called procedure is encoded in the instruc-
tion, using a 4-byte (16-bit operand size) or 6-byte (32-bit operand size) far address immediate.
With the indirect method, the target operand specifies a memory location that contains a 4-byte
(16-bit operand size) or 6-byte (32-bit operand size) far address. The far address is loaded
directly into the CS and EIP registers. If the operand-size attribute is 16, the upper two bytes of
the EIP register are cleared to 0s.
Far Jumps in Protected Mode.
When the processor is operating in protected mode, the JMP
instruction can be used to perform the following three types of far jumps:
A far jump to a conforming or non-conforming code segment.
A far jump through a call gate.
A task switch.
(The JMP instruction cannot be used to perform interprivilege level far jumps.)
In protected mode, the processor always uses the segment selector part of the far address to
access the corresponding descriptor in the GDT or LDT. The descriptor type (code segment, call
gate, task gate, or TSS) and access rights determine the type of jump to be performed.
If the selected descriptor is for a code segment, a far jump to a code segment at the same privi-
lege level is performed. (If the selected code segment is at a different privilege level and the code
segment is non-conforming, a general-protection exception is generated.) A far jump to the same
privilege level in protected mode is very similar to one carried out in real-address or virtual-8086
mode. The target operand specifies an absolute far address either directly with a pointer
(ptr16:16 or ptr16:32) or indirectly with a memory location (m16:16 or m16:32). The operand-
size attribute determines the size of the offset (16 or 32 bits) in the far address. The new code
segment selector and its descriptor are loaded into CS register, and the offset from the instruction
is loaded into the EIP register. Note that a call gate (described in the next paragraph) can also be
used to perform far call to a code segment at the same privilege level. Using this mechanism
provides an extra level of indirection and is the preferred method of making jumps between 16-
bit and 32-bit code segments.
