Andy Ross provides much more fundamental arguments, but unfortunately is mistaken or at least confuses the technical details. It is true that the effective address only (%esp) cannot be encoded with the ModR / M byte only, and instead of being decoded as (%esp) , it is used to signal the inclusion of the SIB byte. However, the %eiz pseudo- %eiz not always used with the SIB byte to represent that the SIB byte was used.
The SIB byte (scale / index / base) has three elements: the index (register, for example %eax or %ecx to which the scale applies), scale (the power of two from 1-8, that the index register is multiplied by), and the base (another register that is added to the scaled index). This is what allows the use of commands such as add %al,(%ebx,%ecx,2) (machine code: 00 04 4b - operation code, modr / m, sib (pay attention to the% eiz case, even if used SIB byte)) (or in Intel syntax, "add BYTE PTR [ecx * 2 + ebx], al").
However, %esp cannot be used as an index register in the SIB byte. Instead of allowing this option, Intel instead adds the ability to use a base register that does not have scaling or indexing. Therefore, to eliminate the ambiguity between the case add %al,(%ecx) (machine code: 00 01 is the operation code, modr / m) and add %al,(%ecx) (machine code: 00 04 21 is the operation code, modr / m, sib), alternative syntax add %al,(%ecx,%eiz,1) (or for Intel syntax: add BYTE PTR [ecx+eiz*1],al ).
And as explained in the Sinan related article, this particular instruction ( lea 0x0(%esi,%eiz,1),%esi ) is just used as a multibyte nop (equivalent to esi = &*esi ), so only one nop should be executed -like instruction instead of several nop instructions.
user3196531 Jan 15 2018-11-14T00: 00Z
source share