FLAGS register

Last updated February 18, 2024

The FLAGS register is the status register that contains the current state of an x86 CPU. The size and meanings of the flag bits are architecture dependent. It usually reflects the result of arithmetic operations as well as information about restrictions placed on the CPU operation at the current time. Some of those restrictions may include preventing some interrupts from triggering, prohibition of execution of a class of "privileged" instructions. Additional status flags may bypass memory mapping and define what action the CPU should take on arithmetic overflow.

FLAGS

Intel x86 FLAGS register^[1]
Bit #	Mask	Abbreviation	Description	Category	=1	=0
FLAGS
0	0x0001	CF	Carry flag	Status	CY(Carry)	NC(No Carry)
1	0x0002	—	Reserved, always 1 in EFLAGS^[2]^[3]	—
2	0x0004	PF	Parity flag	Status	PE(Parity Even)	PO(Parity Odd)
3	0x0008	—	Reserved^[3]	—
4	0x0010	AF	Auxiliary Carry flag ^[4]	Status	AC(Auxiliary Carry)	NA(No Auxiliary Carry)
5	0x0020	—	Reserved^[3]	—
6	0x0040	ZF	Zero flag	Status	ZR(Zero)	NZ(Not Zero)
7	0x0080	SF	Sign flag	Status	NG(Negative)	PL(Positive)
8	0x0100	TF	Trap flag (single step)	Control
9	0x0200	IF	Interrupt enable flag	Control	EI(Enable Interrupt)	DI(Disable Interrupt)
10	0x0400	DF	Direction flag	Control	DN(Down)	UP(Up)
11	0x0800	OF	Overflow flag	Status	OV(Overflow)	NV(Not Overflow)
12-13	0x3000	IOPL	I/O privilege level (286+ only), always all-1s on 8086 and 186	System
14	0x4000	NT	Nested task flag (286+ only), always 1 on 8086 and 186	System
15	0x8000	MD	Mode flag (NEC V-series only),^[5] reserved on all Intel CPUs. Always 1 on 8086/186, 0 on 286 and later.	Control	(NEC only) Native Mode (186 compatible)	(NEC only) Emulation Mode (8080 compatible)
EFLAGS
16	0x0001 0000	RF	Resume flag (386+ only)	System
17	0x0002 0000	VM	Virtual 8086 mode flag (386+ only)	System
18	0x0004 0000	AC	Alignment Check (486+, ring 3), SMAP Access Check (Broadwell+, ring 0-2)	System
19	0x0008 0000	VIF	Virtual interrupt flag (Pentium+)	System
20	0x0010 0000	VIP	Virtual interrupt pending (Pentium+)	System
21	0x0020 0000	ID	Able to use CPUID instruction (Pentium+)	System
22-29	0x3FC0 0000	—	Reserved	—
30	0x4000 0000	(none)	AES key schedule loaded flag^[6] (CPUs with VIA PadLock only)	System
31	0x8000 0000	AI	Alternate Instruction Set enabled (VIA C5XL processors only)^[7]	System
RFLAGS
32‑63	0xFFFF FFFF… …0000 0000	—	Reserved	—

Note: The mask column in the table is the AND bitmask (as hexadecimal value) to query the flag(s) within FLAGS register value.

Usage

All FLAGS registers contain the condition codes, flag bits that let the results of one machine-language instruction affect another instruction. Arithmetic and logical instructions set some or all of the flags, and conditional jump instructions take variable action based on the value of certain flags. For example, jz (Jump if Zero), jc (Jump if Carry), and jo (Jump if Overflow) depend on specific flags. Other conditional jumps test combinations of several flags.

FLAGS registers can be moved from or to the stack. This is part of the job of saving and restoring CPU context, against a routine such as an interrupt service routine whose changes to registers should not be seen by the calling code. Here are the relevant instructions:

The PUSHF and POPF instructions transfer the 16-bit FLAGS register.
PUSHFD/POPFD (introduced with the i386 architecture) transfer the 32-bit double register EFLAGS.
PUSHFQ/POPFQ (introduced with the x64 architecture) transfer the 64-bit quadword register RFLAGS.

In 64-bit mode, PUSHF/POPF and PUSHFQ/POPFQ are available but PUSHFD/POPFD are not.^[8]^{: 4–349, 4–432}

The lower 8 bits of the FLAGS register is also open to direct load/store manipulation by SAHF and LAHF (load/store AH into flags).

Example

The ability to push and pop FLAGS registers lets a program manipulate information in the FLAGS in ways for which machine-language instructions do not exist. For example, the cld and std instructions clear and set the direction flag (DF), respectively; but there is no instruction to complement DF. This can be achieved with the following assembly code:

; This is 8086 code, with 16-bit registers pushed onto the stack,; and the flags register is only 16 bits with this CPU.pushf; Use the stack to transfer the FLAGSpopax; … into the AX registerpushax; and copy them back onto the stack for storagexorax,400h; Toggle (invert, ‘complement’) the DF only; other bits are unchangedpushax; Use the stack again to move the modified valuepopf; … into the FLAGS register; Insert here the code that required the DF flag to be complementedpopf; Restore the original value of the FLAGS

By manipulating the FLAGS register, a program can determine the model of the installed processor. For example, the alignment flag can only be changed on the 486 and above. If the program tries to modify this flag and senses that the modification did not persist, the processor is earlier than the 486.

Starting with the Intel Pentium, the CPUID instruction reports the processor model. However, the above method remains useful to distinguish between earlier models.

Related Research Articles

IA-32 is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the 80386 microprocessor in 1985. IA-32 is the first incarnation of x86 that supports 32-bit computing; as a result, the "IA-32" term may be used as a metonym to refer to all x86 versions that support 32-bit computing.

The 8086 is a 16-bit microprocessor chip designed by Intel between early 1976 and June 8, 1978, when it was released. The Intel 8088, released July 1, 1979, is a slightly modified chip with an external 8-bit data bus, and is notable as the processor used in the original IBM PC design.

x86 is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introduced in 1978 as a fully 16-bit extension of Intel's 8-bit 8080 microprocessor, with memory segmentation as a solution for addressing more memory than can be covered by a plain 16-bit address. The term "x86" came into being because the names of several successors to Intel's 8086 processor end in "86", including the 80186, 80286, 80386 and 80486 processors. Colloquially, their names were "186", "286", "386" and "486".

In computer architecture, 64-bit integers, memory addresses, or other data units are those that are 64 bits wide. Also, 64-bit central processing units (CPU) and arithmetic logic units (ALU) are those that are based on processor registers, address buses, or data buses of that size. A computer that uses such a processor is a 64-bit computer.

x86 memory segmentation refers to the implementation of memory segmentation in the Intel x86 computer instruction set architecture. Segmentation was introduced on the Intel 8086 in 1978 as a way to allow programs to address more than 64 KB (65,536 bytes) of memory. The Intel 80286 introduced a second version of segmentation in 1982 that added support for virtual memory and memory protection. At this point the original mode was renamed to real mode, and the new version was named protected mode. The x86-64 architecture, introduced in 2003, has largely dropped support for segmentation in 64-bit mode.

In computing, protected mode, also called protected virtual address mode, is an operational mode of x86-compatible central processing units (CPUs). It allows system software to use features such as segmentation, virtual memory, paging and safe multi-tasking designed to increase an operating system's control over application software.

x86 assembly language is the name for the family of assembly languages which provide some level of backward compatibility with CPUs back to the Intel 8008 microprocessor, which was launched in April 1972. It is used to produce object code for the x86 class of processors.

x86-64 is a 64-bit version of the x86 instruction set, first announced in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mode.

SSE2 is one of the Intel SIMD processor supplementary instruction sets introduced by Intel with the initial version of the Pentium 4 in 2000. It extends the earlier SSE instruction set, and is intended to fully replace MMX. Intel extended SSE2 to create SSE3 in 2004. SSE2 added 144 new instructions to SSE, which has 70 instructions. Competing chip-maker AMD added support for SSE2 with the introduction of their Opteron and Athlon 64 ranges of AMD64 64-bit CPUs in 2003.

A processor register is a quickly accessible location available to a computer's processor. Registers usually consist of a small amount of fast storage, although some registers have specific hardware functions, and may be read-only or write-only. In computer architecture, registers are typically addressed by mechanisms other than main memory, but may in some cases be assigned a memory address e.g. DEC PDP-10, ICT 1900.

The x86 instruction set refers to the set of instructions that x86-compatible microprocessors support. The instructions are usually part of an executable program, often stored as a computer file and executed on the processor.

In the 80386 microprocessor and later, virtual 8086 mode allows the execution of real mode applications that are incapable of running directly in protected mode while the processor is running a protected mode operating system. It is a hardware virtualization technique that allowed multiple 8086 processors to be emulated by the 386 chip. It emerged from the painful experiences with the 80286 protected mode, which by itself was not suitable to run concurrent real-mode applications well. John Crawford developed the Virtual Mode bit at the register set, paving the way to this environment.

x87 is a floating-point-related subset of the x86 architecture instruction set. It originated as an extension of the 8086 instruction set in the form of optional floating-point coprocessors that work in tandem with corresponding x86 CPUs. These microchips have names ending in "87". This is also known as the NPX. Like other extensions to the basic instruction set, x87 instructions are not strictly needed to construct working programs, but provide hardware and microcode implementations of common numerical tasks, allowing these tasks to be performed much faster than corresponding machine code routines can. The x87 instruction set includes instructions for basic floating-point operations such as addition, subtraction and comparison, but also for more complex numerical operations, such as the computation of the tangent function and its inverse, for example.

In computing, the x86 memory models are a set of six different memory models of the x86 CPU operating in real mode which control how the segment registers are used and the default size of pointers.

In computer processors the parity flag indicates if the numbers of set bits is odd or even in the binary representation of the result of the last operation. It is normally a single bit in a processor status register.

A control register is a processor register that changes or controls the general behavior of a CPU or other digital device. Common tasks performed by control registers include interrupt control, switching the addressing mode, paging control, and coprocessor control.

A stack register is a computer central processor register whose purpose is to keep track of a call stack. On an accumulator-based architecture machine, this may be a dedicated register. On a machine with multiple general-purpose registers, it may be a register that is reserved by convention, such as on the IBM System/360 through z/Architecture architecture and RISC architectures, or it may be a register that procedure call and return instructions are hardwired to use, such as on the PDP-11, VAX, and Intel x86 architectures. Some designs such as the Data General Eclipse had no dedicated register, but used a reserved hardware memory address for this function.

The Interrupt flag (IF) is a flag bit in the CPU's FLAGS register, which determines whether or not the (CPU) will respond immediately to maskable hardware interrupts. If the flag is set to 1 maskable interrupts are enabled. If reset such interrupts will be disabled until interrupts are enabled. The Interrupt flag does not affect the handling of non-maskable interrupts (NMIs) or software interrupts generated by the INT instruction.

Supervisor Mode Access Prevention (SMAP) is a feature of some CPU implementations such as the Intel Broadwell microarchitecture that allows supervisor mode programs to optionally set user-space memory mappings so that access to those mappings from supervisor mode will cause a trap. This makes it harder for malicious programs to "trick" the kernel into using instructions or data from a user-space program.

A half-carry flag is a condition flag bit in the status register of many CPU families, such as the Intel 8080, Zilog Z80, the x86, and the Atmel AVR series, among others. It indicates when a carry or borrow has been generated out of the least significant four bits of the accumulator register following the execution of an arithmetic instruction. It is primarily used in decimal (BCD) arithmetic instructions.

References

↑ Intel 64 and IA-32 Architectures Software Developer's Manual (PDF). Vol. 1. May 2012. pp. 3–21.
↑ Intel 64 and IA-32 Architectures Software Developer’s Manual (PDF). Vol. 1. Dec 2016. p. 78.
1 2 3 "Silicon reverse engineering: The 8085's undocumented flags". www.righto.com. Retrieved 2018-10-21.
↑ Intel 64 and IA-32 Architectures Software Developer’s Manual, Vol. 1. Dec 2022. pp. 3–16.
↑ NEC, 16-bit V-Series User's Manual, document no. U11301E, sep 2000, p. 186
↑ VIA, PadLock Programming Guide, v1.66, Aug 4, 2005, pp. 7-8. Archived from the original on May 26, 2010.
↑ VIA, VIA C3 Processor Alternate Instruction Set Application Note, version 0.24, 2002 - see figure 2 on page 12 and chapter 4 on page 21 for details on the EFLAGS.AI flag.
↑ Intel 64 and IA-32 Architectures Software Developer’s Manual (PDF). Vol. 2B. May 2012.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Intel 64 and IA-32 Architectures Software Developer's Manual (PDF). Vol. 1. May 2012. pp. 3–21.

[2] Intel 64 and IA-32 Architectures Software Developer’s Manual (PDF). Vol. 1. Dec 2016. p. 78.

[r8085-3] 1 2 3 "Silicon reverse engineering: The 8085's undocumented flags". www.righto.com. Retrieved 2018-10-21.

[4] Intel 64 and IA-32 Architectures Software Developer’s Manual, Vol. 1. Dec 2022. pp. 3–16.

[5] NEC, 16-bit V-Series User's Manual, document no. U11301E, sep 2000, p. 186

[6] VIA, PadLock Programming Guide, v1.66, Aug 4, 2005, pp. 7-8. Archived from the original on May 26, 2010.

[7] VIA, VIA C3 Processor Alternate Instruction Set Application Note, version 0.24, 2002 - see figure 2 on page 12 and chapter 4 on page 21 for details on the EFLAGS.AI flag.

[8] Intel 64 and IA-32 Architectures Software Developer’s Manual (PDF). Vol. 2B. May 2012.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]