Store Extended Bounds Using Address Translation

Opcode	Encoding	16 bit	32 bit	64 bit	`CPUID` Feature Flag(s)	Description
`NP 0F 1B mem/r+sib` `BNDSTX mib, bnd`	`mr`	Valid	Valid	Valid	`mpx`	Store the bound in bnd into a bound table entry (BTE) in mib.
Opcode: `NP 0F 1B mem/r+sib` Mnemonic: `BNDSTX mib, bnd` Encoding: `mr` Validity (16/32/64 bit): valid, valid, valid `CPUID` Feature Flag(s): `mpx` Store the bound in bnd into a bound table entry (BTE) in mib.

Encoding

Encoding	Operand 1	Operand 2
`mr`	`SIB.base + SIB.index`	`ModRM.reg[w]`

Description

The BNDSTX instruction stores the source operand at the address pointed to by the destination operand. This is conditional on the value contained in the register referenced in the SIB byte's index field matching the value stored in the bounds table entry.

The second source operand must be a memory operand encoded using an SIB byte. The base field of the SIB byte contains the address of the bounds table, and the index field containing the buffer' offset. The scale field is ignored. If a displacement is provided, it is added to the base value. At no time is memory directly referenced by the SIB byte accessed (the memory contained at the address referenced by the base is, however), and the flags are untouched.

Operation

public void BNDSTX_1632(Sib addr, Bound src)
{
    IntPtr @base = addr.Base + addr.Displacement;
    U32 ptr = GPR(addr.Index);

    U32 a_bde = (@base[12..31] << 2) + (BNDCFG[12..31] << 12);
    U32 a_bt = Mem32[a_bde];
    if (a_bt.Bit[0] == 0)
    {
        BNDSTATUS.Bde = a_bde;
        BNDSTATUS.EC = 2; // invalid BDE
        #BR;
    }

    U32 a_bte = (@base[2..11] << 4) + (a_bt[2..31] << 2);
    Mem32[a_bte] = src.Lower;
    Mem32[a_bte + 4] = src.Upper;
    Mem32[a_bte + 8] = ptr;
}

public void BNDLDX((Bound dest, Sib addr)
{
    IntPtr @base = addr.Base + addr.Displacement;
    U64 ptr = GPR(addr.Index);

    U64 a_bde = (@base[20..(48+MAWA-1)] << 3) + (BNDCFG[12..63] << 12); // see note 1
    U64 a_bt = Mem64[a_bde];
    if (a_bt.Bit[0] == 0)
    {
        BNDSTATUS.Bde = a_bde;
        BNDSTATUS.EC = 2; // invalid BDE
        #BR;
    }

    U64 a_bte = (@base[3..19] << 5) + (a_bt[3..63] << 3);
    Mem64[a_bte] = src.Lower;
    Mem64[a_bte + 8] = src.Upper;
    Mem64[a_bte + 16] = ptr;
}

If CPL is 3, the user MAWA (MAWAU) is used. It's value is enumerated in CPUID[EAX=07h]:ECX[bits 17:23 (MAWAU)]. Otherwise, the supervisor MAWA (MAWAS) is used, which is 0.

Flags Affected

None.

Intrinsics

None. Auto-generated by compiler.

Exceptions

Real-Address Mode

#BR

If the Bound Directory Entry is invalid.

#UD

If the LOCK prefix is used.
If 16 bit addressing is used, or 32 or 64 bit addressing is used, but without an SIB byte (rm is not 100b).
If a register operand encodes BND4 through BND7.

#GP(0)

If the effective address of the Bound Table Entry is outside the DS segment limit.

Virtual-8086 Mode

#BR

If the Bound Directory Entry is invalid.

#UD

If the LOCK prefix is used.
If 16 bit addressing is used, or 32 or 64 bit addressing is used, but without an SIB byte (rm is not 100b).
If a register operand encodes BND4 through BND7.

#GP(0)

If the effective address of the Bound Table Entry is outside the DS segment limit.

#PF(fc)

If a page fault occurs.

Protected Mode

#BR

If the Bound Directory Entry is invalid.

#UD

If the LOCK prefix is used.
If 16 bit addressing is used, or 32 or 64 bit addressing is used, but without an SIB byte (rm is not 100b).
If a register operand encodes BND4 through BND7.

#GP(0)

If the DS segment contains a NULL segment selector.
If the effective address of the Bound Table Entry is outside the DS segment limit.

#PF(fc)

If a page fault occurs.

Compatibility Mode

#BR

If the Bound Directory Entry is invalid.

#UD

If the LOCK prefix is used.
If 16 bit addressing is used, or 32 or 64 bit addressing is used, but without an SIB byte (rm is not 100b).
If a register operand encodes BND4 through BND7.

#GP(0)

If the DS segment contains a NULL segment selector.
If the effective address of the Bound Table Entry is outside the DS segment limit.

#PF(fc)

If a page fault occurs.

Long Mode

#BR

If the Bound Directory Entry is invalid.

#UD

If the LOCK prefix is used.
If 16 bit addressing is used, or 32 or 64 bit addressing is used, but without an SIB byte (rm is not 100b).
If a register operand encodes BND4 through BND7.

#GP(0)

If the DS segment contains a NULL segment selector.
If the effective address of the Bound Table Entry is outside the DS segment limit.
If the memory address (A_BDE or A_BTE) is in non-canonical form.

#PF(fc)

If a page fault occurs.