Editing JMP (x86 instruction)

{{Short description|Unconditional jump instruction in x86 assembly language}}
{{Multiple issues|
{{Out of date|date=February 2017}}
{{Notability|date=September 2022}}
}}
In the [[x86 assembly language]], the '''<code>JMP</code>''' [[instruction (computer science)|instruction]] performs an unconditional jump. Such an instruction transfers the flow of [[execution (computers)|execution]] by changing the [[program counter]]. There are a number of different [[opcode]]s that perform a jump; depending on whether the processor is in [[real mode]] or [[protected mode]], and an override instruction is used, the instructions may take [[16-bit]], [[32-bit]], or segment:offset [[pointer (computer programming)|pointers]].<ref>{{cite web |url=http://download.intel.com/design/PentiumII/manuals/24319102.PDF| title=Intel Architecture Software Developer's Manual, Volume 2: Instruction Set Reference Manual (6.5MB)|accessdate=2009-11-03|archive-url=https://web.archive.org/web/20090219101735/http://download.intel.com/design/PentiumII/manuals/24319102.PDF|archive-date=2009-02-19|url-status=dead}}</ref> {{Wiktionary|relative|absolute}}

There are many different forms of jumps: relative, [[conditional jump|conditional]], absolute and [[indirect branch|register-indirect jumps]].

The following examples illustrate:
# a relative jump with a 16-bit pointer;
# a long jump (inter-segment), a relative jump with a 32-bit pointer;
# and a register-indirect absolute jump using the [[EAX register]].
(Note that although the first and second jumps are relative, commonly the destination address is shown instead of the relative offset as encoded in the opcode.)

Example one: Load IP with the new value <code>0x89AB</code>, then load [[CS register|CS]] with <code>0xACDC</code> and IP with <code>0x5578</code>.
<syntaxhighlight lang="asm">
JMP 0x89AB
JMP 0xACDC:0x5578
</syntaxhighlight>

Example two: Load EIP with the value <code>0x56789AB1</code>, only in [[protected mode]] or [[unreal mode]].
<syntaxhighlight lang="asm">
JMP 0x56789AB1
</syntaxhighlight>

Example three: Jump to the value stored in the EAX register, only in protected mode.
<syntaxhighlight lang="asm">
JMP EAX
</syntaxhighlight>





The <code>JMP</code> (Jump) instruction transfers the program's control to a specified location in the code. Unlike function calls, it doesn’t save return information. Instead, it directs execution to a '''target address''', which can be:

* An '''immediate value''',
* A '''general-purpose register''', or
* A '''memory location'''.

== Types of Jumps ==
The <code>JMP</code> instruction supports four types of jumps:

# '''Short Jump'''
#* A jump within the range of '''-128 to +127 bytes''' relative to the current instruction pointer (<code>EIP</code>).
# '''Near Jump'''
#* A jump within the '''current code segment''' (pointed to by the <code>CS</code> register).
#* The target can be an '''absolute offset''' (address within the segment) or a '''relative offset''' (distance from the current <code>EIP</code>).
# '''Far Jump'''
#* A jump to a different code segment, but at the '''same privilege level'''.
#* Typically used in '''intersegment jumps'''.
# '''Task Switch'''
#* A jump to a different task, used in '''protected mode'''.
#* The <code>JMP</code> instruction can reference a '''task gate''' or directly specify a '''Task State Segment (TSS)'''.

----

== Short and Near Jumps ==

=== Short Jump ===

* The '''relative offset''' is an 8-bit signed value (<code>rel8</code>), specifying the distance from the current <code>EIP</code>.
* The <code>CS</code> register remains unchanged.

=== Near Jump ===

* The target is within the current code segment and can be:
** An '''absolute offset''' (loaded directly into <code>EIP</code>).
** A '''relative offset''' (<code>rel16</code> or <code>rel32</code>), calculated from the current <code>EIP</code>.

'''Operand Size'''

* For absolute offsets:
** '''16-bit mode''' clears the upper two bytes of <code>EIP</code>.
** '''32-bit mode''' allows the full offset range.
* For relative offsets, the size (<code>8, 16, or 32 bits</code>) depends on the instruction opcode and operand size attribute.

----

== Far Jumps ==

=== Real-Address or Virtual-8086 Mode ===

* The target address includes both:
** A '''segment selector''' (loaded into <code>CS</code>), and
** An '''offset''' (loaded into <code>EIP</code>).

The target can be specified:

# '''Directly''': Encoded as a pointer (<code>ptr16:16</code> or <code>ptr16:32</code>) in the instruction.
# '''Indirectly''': Stored in memory (<code>m16:16</code> or <code>m16:32</code>) and fetched by the instruction.

=== Protected Mode ===
In protected mode, far jumps can be used for:

# '''Switching Code Segments'''
#* A jump to a '''conforming''' or '''non-conforming code segment'''.
#* The <code>CS</code> register is updated with the target segment selector, and <code>EIP</code> is updated with the offset.
# '''Using a Call Gate'''
#* The target operand specifies a '''call gate descriptor''', which defines the segment and offset to jump to.
#* This approach allows indirect jumps and is preferred for transitions between '''16-bit''' and '''32-bit''' segments.
# '''Performing a Task Switch'''
#* The target specifies a '''task gate''' or directly references a '''TSS'''.
#* The task's segment selectors (code and stack) and the <code>EIP</code> are loaded from the TSS.

----

== Special Notes on Task Switching ==

* When using <code>JMP</code> for task switches:
** The '''Nested Task (NT)''' flag in the <code>EFLAGS</code> register is '''not set'''.
** The '''previous task link''' in the new TSS is '''not updated'''.
** As a result, you '''cannot return''' to the previous task using the <code>IRET</code> instruction.
** This differs from the <code>CALL</code> instruction, which enables task returns by setting the <code>NT</code> flag and saving task link information.

== References ==
{{reflist}}

== External links ==
* [https://thestarman.pcministry.com/asm/2bytejumps.htm Using SHORT (Two-byte) Relative Jump Instructions]

[[Category:X86 instructions]]