• Top
  • Documentation
  • Books
  • Boolean-reasoning
  • Projects
  • Debugging
  • Std
  • Proof-automation
  • Macro-libraries
  • ACL2
  • Interfacing-tools
  • Hardware-verification
    • Gl
    • Esim
    • Vl2014
    • Sv
    • Vwsim
    • Fgl
    • Vl
    • X86isa
      • Program-execution
      • Sdm-instruction-set-summary
      • Tlb
      • Booting-linux
      • Introduction
      • Asmtest
      • X86isa-build-instructions
      • Publications
      • Contributors
      • Machine
        • X86isa-state
        • Syscalls
        • Cpuid
        • Linear-memory
        • Rflag-specifications
        • Characterizing-undefined-behavior
        • Top-level-memory
        • App-view
        • X86-decoder
        • Physical-memory
        • Decoding-and-spec-utils
        • Instructions
          • Two-byte-opcodes
          • One-byte-opcodes
            • X86-sal/sar/shl/shr/rcl/rcr/rol/ror
            • X86-add/adc/sub/sbb/or/and/xor/cmp-test-e-i
            • X86-far-jmp-op/en-d
            • X86-add/xadd/adc/sub/sbb/or/and/xor/cmp/test-e-g
            • X86-add/adc/sub/sbb/or/and/xor/cmp-test-rax-i
            • X86-add/adc/sub/sbb/or/and/xor/cmp-g-e
            • X86-push-segment-register
            • X86-pusha
            • X86-shld/shrd
            • X86-mov-op/en-oi
            • X86-inc/dec-4x
            • X86-cmps
            • X86-xchg
            • X86-popa
            • X86-one-byte-jcc
            • X86-movs
            • X86-push-general-register
            • X86-idiv
            • X86-div
            • X86-pop-general-register
            • X86-ret
            • X86-push-i
            • X86-pop-ev
            • X86-imul-op/en-rmi
            • X86-push-ev
            • X86-mul
            • X86-imul-op/en-m
            • X86-stos
            • X86-not/neg-f6-f7
            • X86-call-ff/2-op/en-m
            • X86-iret
            • X86-inc/dec-fe-ff
            • X86-mov-op/en-rm
            • X86-mov-op/en-mr
            • X86-near-jmp-op/en-m
            • X86-mov-op/en-mi
            • X86-loop
            • X86-out
            • X86-call-e8-op/en-m
            • X86-movsxd
            • X86-mov-op/en-fd
            • X86-cmc/clc/stc/cld/std
            • X86-near-jmp-op/en-d
            • X86-mov-op/en-td
            • X86-popf
            • X86-lea
            • X86-jrcxz
            • X86-cbw/cwd/cdqe
            • X86-pushf
            • X86-leave
            • X86-lahf
            • X86-sahf
            • X86-cwd/cdq/cqo
            • X86-rdtsc
            • X86-sti
            • X86-int3
            • X86-hlt
            • X86-cli
          • Fp-opcodes
          • Instruction-semantic-functions
          • X86-illegal-instruction
          • Implemented-opcodes
          • Opcode-maps
          • X86-general-protection
          • X86-device-not-available
          • X86-step-unimplemented
          • Privileged-opcodes
          • Three-byte-opcodes
        • Register-readers-and-writers
        • X86-modes
        • Segmentation
        • Other-non-deterministic-computations
        • Environment
        • Paging
      • Implemented-opcodes
      • To-do
      • Proof-utilities
      • Peripherals
      • Model-validation
      • Modelcalls
      • Concrete-simulation-examples
      • Utils
      • Debugging-code-proofs
    • Svl
    • Rtl
  • Software-verification
  • Math
  • Testing-utilities

• One-byte-opcodes

X86-push-i

PUSH: 6A/68 ib/iw/id

Signature

(x86-push-i proc-mode start-rip temp-rip 
            prefixes rex-byte opcode modr/m sib x86) 
 
  → 
x86

Returns

x86 — Type (x86p x86), given (x86p x86).

Op/En: I

6A ib: PUSH imm8

68 iw: PUSH imm16

68 id: PUSH imm32

From the description of the PUSH instruction (Intel Manual, Vol. 2, Section 4.2):

If the source operand is an immediate of size less than the operand size, a sign-extended value is pushed on the stack.

PUSH doesn't have a separate instruction semantic function, unlike other opcodes like ADD, SUB, etc. The decoding is coupled the decoding with the execution in this case.

Definitions and Theorems

Function: x86-push-i

(defun x86-push-i
       (proc-mode start-rip temp-rip
                  prefixes rex-byte opcode modr/m sib x86)
 (declare (xargs :stobjs (x86)))
 (declare (type (integer 0 4) proc-mode)
          (type (signed-byte 48) start-rip)
          (type (signed-byte 48) temp-rip)
          (type (unsigned-byte 52) prefixes)
          (type (unsigned-byte 8) rex-byte)
          (type (unsigned-byte 8) opcode)
          (type (unsigned-byte 8) modr/m)
          (type (unsigned-byte 8) sib))
 (declare (ignorable proc-mode start-rip temp-rip
                     prefixes rex-byte opcode modr/m sib))
 (declare (xargs :guard (and (prefixes-p prefixes)
                             (modr/m-p modr/m)
                             (sib-p sib)
                             (rip-guard-okp proc-mode temp-rip))))
 (let ((__function__ 'x86-push-i))
  (declare (ignorable __function__))
  (b* ((?ctx 'x86-push-i))
    (b*
     ((byte-imm? (eql opcode 106))
      ((the (integer 1 8) imm-size)
       (select-operand-size proc-mode byte-imm?
                            rex-byte t prefixes nil nil nil x86))
      ((the (integer 1 8) operand-size)
       (select-operand-size proc-mode
                            nil rex-byte nil prefixes t t nil x86))
      (rsp (read-*sp proc-mode x86))
      ((mv flg new-rsp)
       (add-to-*sp proc-mode rsp (- operand-size)
                   x86))
      ((when flg)
       (!!fault-fresh :ss 0 :push flg))
      ((mv flg0 (the (signed-byte 32) imm) x86)
       (rime-size-opt proc-mode
                      imm-size temp-rip 1 :x nil x86))
      ((when flg0)
       (!!ms-fresh :imm-rime-size-error flg0))
      ((mv flg (the (signed-byte 48) temp-rip))
       (add-to-*ip proc-mode temp-rip imm-size x86))
      ((when flg)
       (!!fault-fresh :gp 0
                      :temp-rip-not-canonical temp-rip))
      (badlength? (check-instruction-length start-rip temp-rip 0))
      ((when badlength?)
       (!!fault-fresh :gp 0
                      :instruction-length badlength?))
      ((mv flg1 x86)
       (wme-size-opt proc-mode operand-size new-rsp 2
                     (mbe :logic (loghead (ash operand-size 3) imm)
                          :exec (logand (case operand-size
                                          (2 65535)
                                          (4 4294967295)
                                          (8 18446744073709551615))
                                        (the (signed-byte 32) imm)))
                     (alignment-checking-enabled-p x86)
                     x86
                     :mem-ptr? nil))
      ((when flg1)
       (!!ms-fresh :wme-size-opt flg))
      (x86 (write-*sp proc-mode new-rsp x86))
      (x86 (write-*ip proc-mode temp-rip x86)))
     x86))))

Theorem: x86p-of-x86-push-i

(defthm x86p-of-x86-push-i
  (implies
       (x86p x86)
       (b* ((x86 (x86-push-i proc-mode start-rip temp-rip prefixes
                             rex-byte opcode modr/m sib x86)))
         (x86p x86)))
  :rule-classes :rewrite)