x86 architecture
exceptions




 
exceptions
 
# ID description type #1 error
code
source(s)
rIP B/C
00h #DE divide error fault C #2 no AAM/DIV/IDIV divide by zero, DIV/IDIV result too large
01h #DB debug fault B DR6 DR0...3 code BP, DR7.GD=1
trap TSS.T=1, FLAGS.TF=1, INT1, DR0...3 data BP, DR0...3 I/O BP
02h NMI non-maskable interrupt n/a (B) no non-maskable interrupt
03h #BP breakpoint trap B no INT3
04h #OF overflow trap B no INTO if FLAGS.OF=1
05h #BR boundary range exceeded fault B no BOUND if range exceeded (BNDSTATUS=0 if MPX enabled)
BNDCL/BNDCU/BNDCN (BNDSTATUS.EC=01b)
BNDLDX/BNDSTX (BNDSTATUS.EC=10b)
06h #UD undefined opcode fault B no undefined opcode #6, illegal LOCK, RSM outside SMM,
MOV from/to DR4...5 if CR4.DE=1,
LLDT/SLDT/LTR/STR/LSL/LAR/VERR/VERW/ARPL outside PM
MMX/SSE(x) if CR0.EM=1 (excludes SSE(x)-MEM)
SSE(x) if CR4.OSFXSR=0 (excludes SSE(x)-MEM/MMX-SSE(x))
#XF if CR4.OSXMEX=0
CR4.OSXSAVE=0 and XSAVE/XSAVEOPT/XRSTOR
CR4.OSXSAVE=0 and XGETBV/XSETBV
VEX-encoded instructions in RM or VM
VEX-encoded instructions with REPE, REPNE, 66h, or REX
VEX-encoded instructions with unused vvvv not set to 1111b
AVX(x)/F16C if CR4.OSXSAVE=0 or XCR0.YMM/XMM!=11b
VSIB without SIB: A16, mod=11b, or r/m!=100b
VSIB with dst=mask, dst=index, or index=mask
REX with SSE5A instructions in the 0Fh,24h or 0Fh,25h range
07h #NM device not available fault B no WAIT if CR0.TS=1 and CR0.MP=1
FPU/FXSR if CR0.TS=1 or CR0.EM=1 #6
MMX/SSE(x)/AVX(n)/F16C if CR0.TS=1 (excludes SSE(x)-MEM)
08h #DF double fault abort #3 0h exceptions during exception handler invocation
09h n/a reserved abort n/a no was 80387 coprocessor segment overrun
0Ah #TS invalid TSS fault C yes implicit TSS accesses
0Bh #NP not present fault C yes segment register loads, explicit/implicit segment register accesses
0Ch #SS stack segment fault C yes SS loads, explicit/implicit SS accesses
explicit/implicit non-canonical address SS accesses
0Dh #GP general protection fault C yes various
MEMORY_CTRL.UC_LK_DIS_GP_EN=1, UC lock (aka old-style)
explicit/implicit non-canonical address accesses
0Eh #PF page fault fault #4 CR2 not present page (PDPTE/PDE/PTE.P=0)
supervisor page (CPL=3 read/write, PDE/PTE.US=0)
read-only page (CPL=3 write, PDE/PTE.RW=0)
write-protected page (CPL<3 write, CR0.WP=1, PDE/PTE.RW=0)
reserved bit (CR4.PSE=1 or CR4.PAE=1, PDE/PTE.RSVD=1)
NX page (CPL=0...3 fetch, EFER.NXE=1, PDE/PTE.NX=1)
SMEP page (CPL<3 fetch, CR4.SMEP=1, PDE/PTE.US=1)
SMAP page (CPL<3 r/w, CR4.SMAP=1, PDE/PTE.US=1, EFLAGS.AC=0)
PKU page (CR4.PKE=1, CPL=3 read/write, PKRU.AD[PxE.PK]=1)
PKU page (CR4.PKE=1, CPL=3 write, PKRU.WD[PxE.PK]=1)
PKU page (CR4.PKE=1, CPL<3 write, CR0.WP=1, PKRU.WD[PxE.PK]=1)
0Fh n/a reserved n/a n/a n/a All spurious IRQs generate IRQ7, and can not be blocked by the PIC1's mask. The default base vector for PIC1 is set to 08h by the BIOS, so that spurious IRQs will invoke vector 0Fh. Hence it is not used for processor exceptions.
10h #MF math fault fault B no #IS for invalid stack or #IA for invalid arithmetic operation
#D for denormalized operand
#Z for divide by zero
#O for numeric overflow
#U for numeric underflow
#P for inexact result (precision)
11h #AC alignment checking fault B #5 0h CR0.AM=1, EFLAGS.AC=1, CPL=3, misaligned accesses
P4: MISC_EN.SLD=1, lock accross cache line or page boundary
MEMORY_CTRL.SPL_LK_DIS_AC_EN=1, split cache line lock
MEMORY_CTRL.UC_LK_DIS_AC_EN=1, UC lock (err code 4)
12h #MC machine check abort B MSRs internal error, bus error, or bus error detected by external agent
13h #XF extended math fault fault B no #I for invalid arithmetic operation
#D for denormalized operand
#Z for divide by zero
#O for numeric overflow
#U for numeric underflow
#P for inexact result (precision)
SIMD preference:
1) #I due to SNaN or NaN(min,max,cmp,cvt), 2) QNaN, 3) #I/#Z, 4) #D, 5) #O/#U possibly with #P, 6) #P
14h #VE virtualization exception fault #4 no EPT violations
15h #CP control protection exception fault B yes 1 = near RET
2 = far RET or IRET
3 = missing ENDBRANCH at target of indirect CALL/JMP
4 = RSTORSSP token check failure
5 = SETSSBSY token check failure
bit 15 = enclave execution (similar to #PF error code)
16h n/a reserved n/a n/a n/a reserved
17h n/a reserved n/a n/a n/a reserved
18h n/a reserved n/a n/a n/a reserved
19h n/a reserved n/a n/a n/a reserved
1Ah n/a reserved n/a n/a n/a reserved
1Bh n/a reserved n/a n/a n/a reserved
1Ch #HV HV injection exception n/a B no AMD SVM: restricted injection or alternate injection
1Dh #VC VMM comm. exception fault C yes n = AMD SVM NAE event (due to SEV-ES)
1Eh #SX security exception fault C yes 1 = AMD SVM INIT redirection (due to VM_CR.R_INIT=1)
1Fh n/a reserved n/a n/a n/a reserved
notes descriptions
#1 fault: before instruction, trap: after instruction, abort: imprecise, B=benign: can't cause #DF, C=contributory: can cause #DF
#2 The correct behavior for #DE is to be a benign exception, because #DE can not be caused by any handler invocation.
#3 Any further contributory exceptions during the #DF handler invocation cause the processor to enter the shutdown state.
#4 Any #PF/#VE during the invocation of the #PF/#VE handler causes the processor to generate a #DF.
#5 The correct behavior for #AC is to be a contributory exception, to avoid the possibility of endless #AC loops in CPL=3.
#6 The correct behavior for undefined opcodes in the FPU range (D8h,00h...DFh,FFh) while CR0.EM=1 or CR0.TS=1 is to
cause #UD (like the Intel P4-core does) instead of causing #NM (like older processors do).



main page

© 1996-2024 by Christian Ludloff. All rights reserved. Use at your own risk.