Search code examples
assemblyx86-64nasmmasmcalling-convention

Which assembly instructions or scenarios explicitly require the use of the RCX, ECX, CX, or CL counter registers?

After reading this question Why is %cl the only register the sal-operation will accept as a parameter?, I'm curious about what other instructions require the count register?

Loop Control

The LOOP instructions assume that the CX, ECX, or RCX register contains the loop count.

loop
loopnz
loopne
loopz
loope

Jumps

Jump instructions that perform a jump if the CX, ECX, or RCX register is zero.

jcxz
jecxz
jrcxz

Repeat Prefixes

These repeat prefixes are used with string instructions and use the count register.

rep
repe
repz
repne
repnz

Bit Shifting

Logical, Shift, Rotate and Bit Instructions (omitted dword and qword variants such as shld, shlq, ...)

shl
shr
sal
sar
rol
ror
rcl
rcr

Fastcall Calling Convention

The first two DWORD or smaller arguments that are found in the argument list from left to right are passed in ECX and EDX registers; all other arguments are passed on the stack from right to left.

__attribute__((fastcall)) void printnums(int num1, int num2, int num3){
    printf("The numbers you sent are: %d %d %d", num1, num2, num3);
}

int main(){
    printnums(1, 2, 3);
    return 0;
}

Microsoft x64 calling convention

In the Microsoft x64 calling convention, the first four integer or pointer arguments are passed to a function in the RCX, RDX, R8, and R9 registers. If there are more than four arguments, the remaining arguments are passed on the stack.

System V AMD64 ABI

The first six integer or pointer arguments are passed in registers RDI, RSI, RDX, RCX, R8, R9.

Question

Are there other scenarios which require the use of the counter register?

Would the best place to check be the Combined Volume Set of Intel® 64 and IA-32 Architectures Software Developer’s Manuals?

Solution

  • Search for "CX" and "CL" in http://ref.x86asm.net/coder32.html / http://ref.x86asm.net/coder64.html since they have a column for implicit operands.

    The implicit uses or rCX you already mentioned:

    • variable count shifts/rotates / shrd/shld (other than BMI2 shlx etc.)
    • j*cxz / loop / loop[n]e
    • rep / rep[n]e string ops

    Other implicit uses or rCX:

    • cpuid - an input (EAX=leaf, ECX=sub leaf for some EAX values) as well as output
    • xgetbv / xsetbv (extended control register access, e.g. for checking of the OS enabled AVX)
    • SSE4.2 pcmpistri / pcmpestri - index of first match
    • monitor/mwait (power-management extensions)
    • rdmsr / wrmsr (MSR number)
    • rdtscp (Processor ID output)
    • non-64-bit-mode pusha/popa (along with all other legacy regs)
    • syscall (written with user-space RIP so the kernel can return)

    That search of the coder32 and coder64 tables missed the following because rCX is part of ...:

    • cmpxchg16b - part of the RCX:RBX input. (RDX:RAX is the other non-memory input). Same for cmpxchg8b with ECX.
    • Possibly others that I'm not thinking of.

    And what you already mentioned:

    • Standard calling conventions

    Related: Why are RBP and RSP called general-purpose registers? - there are implicit uses for almost every register, except for some of r8-r15.