sandpile.org -- x86 architecture -- exceptions

x86 architecture
exceptions

exceptions
#	ID	description	type ^#1		error code	source(s)
#	ID	description	rIP	B/C	error code	source(s)

00h	#DE	divide error	fault	C ^#2	no	AAM/DIV/IDIV divide by zero, DIV/IDIV result too large
01h	#DB	debug	fault	B	DR6	DR0...3 code BP, DR7.GD=1
01h	#DB	debug	trap	B	DR6	TSS.T=1, FLAGS.TF=1, INT1, DR0...3 data BP, DR0...3 I/O BP
02h	NMI	non-maskable interrupt	n/a	(B)	no	non-maskable interrupt
03h	#BP	breakpoint	trap	B	no	INT3
04h	#OF	overflow	trap	B	no	INTO if FLAGS.OF=1
05h	#BR	boundary range exceeded	fault	B	no	BOUND if range exceeded (BNDSTATUS=0 if MPX enabled) BNDCL/BNDCU/BNDCN (BNDSTATUS.EC=01b) BNDLDX/BNDSTX (BNDSTATUS.EC=10b)
06h	#UD	undefined opcode	fault	B	no	undefined opcode ^#6, illegal LOCK, RSM outside SMM, MOV from/to DR4...5 if CR4.DE=1, LLDT/SLDT/LTR/STR/LSL/LAR/VERR/VERW/ARPL outside PM MMX/SSE(x) if CR0.EM=1 (excludes SSE(x)-MEM) SSE(x) if CR4.OSFXSR=0 (excludes SSE(x)-MEM/MMX-SSE(x)) #XF if CR4.OSXMEX=0 CR4.OSXSAVE=0 and XSAVE/XSAVEOPT/XRSTOR CR4.OSXSAVE=0 and XGETBV/XSETBV VEX-encoded instructions in RM or VM VEX-encoded instructions with REPE, REPNE, 66h, or REX VEX-encoded instructions with unused vvvv not set to 1111b AVX(x)/F16C if CR4.OSXSAVE=0 or XCR0.YMM/XMM!=11b VSIB without SIB: A16, mod=11b, or r/m!=100b VSIB with dst=mask, dst=index, or index=mask REX with SSE5A instructions in the 0Fh,24h or 0Fh,25h range
07h	#NM	device not available	fault	B	no	WAIT if CR0.TS=1 and CR0.MP=1 FPU/FXSR if CR0.TS=1 or CR0.EM=1 ^#6 MMX/SSE(x)/AVX(n)/F16C if CR0.TS=1 (excludes SSE(x)-MEM)
08h	#DF	double fault	abort	^#3	0h	exceptions during exception handler invocation
09h	n/a	reserved	abort	n/a	no	was 80387 coprocessor segment overrun
0Ah	#TS	invalid TSS	fault	C	yes	implicit TSS accesses
0Bh	#NP	not present	fault	C	yes	segment register loads, explicit/implicit segment register accesses
0Ch	#SS	stack segment	fault	C	yes	SS loads, explicit/implicit SS accesses
0Ch	#SS	stack segment	fault	C	yes	explicit/implicit non-canonical address SS accesses
0Dh	#GP	general protection	fault	C	yes	various MEMORY_CTRL.UC_LK_DIS_GP_EN=1, UC lock (aka old-style)
0Dh	#GP	general protection	fault	C	yes	explicit/implicit non-canonical address accesses
0Eh	#PF	page fault	fault	^#4	CR2	not present page (PDPTE/PDE/PTE.P=0) supervisor page (CPL=3 read/write, PDE/PTE.US=0) read-only page (CPL=3 write, PDE/PTE.RW=0) write-protected page (CPL<3 write, CR0.WP=1, PDE/PTE.RW=0) reserved bit (CR4.PSE=1 or CR4.PAE=1, PDE/PTE.RSVD=1) NX page (CPL=0...3 fetch, EFER.NXE=1, PDE/PTE.NX=1) SMEP page (CPL<3 fetch, CR4.SMEP=1, PDE/PTE.US=1) SMAP page (CPL<3 r/w, CR4.SMAP=1, PDE/PTE.US=1, EFLAGS.AC=0) PKU page (CR4.PKE=1, CPL=3 read/write, PKRU.AD[PxE.PK]=1) PKU page (CR4.PKE=1, CPL=3 write, PKRU.WD[PxE.PK]=1) PKU page (CR4.PKE=1, CPL<3 write, CR0.WP=1, PKRU.WD[PxE.PK]=1)
0Fh	n/a	reserved	n/a	n/a	n/a	All spurious IRQs generate IRQ7, and can not be blocked by the PIC1's mask. The default base vector for PIC1 is set to 08h by the BIOS, so that spurious IRQs will invoke vector 0Fh. Hence it is not used for processor exceptions.
10h	#MF	math fault	fault	B	no	#IS for invalid stack or #IA for invalid arithmetic operation #D for denormalized operand #Z for divide by zero #O for numeric overflow #U for numeric underflow #P for inexact result (precision)
11h	#AC	alignment checking	fault	B ^#5	0h	CR0.AM=1, EFLAGS.AC=1, CPL=3, misaligned accesses P4: MISC_EN.SLD=1, lock accross cache line or page boundary MEMORY_CTRL.SPL_LK_DIS_AC_EN=1, lock across cache l. MEMORY_CTRL.UC_LK_DIS_AC_EN=1, UC lock (err code 4)
12h	#MC	machine check	abort	B	MSRs	internal error, bus error, or bus error detected by external agent
13h	#XF	extended math fault	fault	B	no	#I for invalid arithmetic operation #D for denormalized operand #Z for divide by zero #O for numeric overflow #U for numeric underflow #P for inexact result (precision) SIMD preference: 1) #I due to SNaN or NaN(min,max,cmp,cvt), 2) QNaN, 3) #I/#Z, 4) #D, 5) #O/#U possibly with #P, 6) #P
14h	#VE	virtualization exception	fault	^#4	no	EPT violations
15h	#CP	control protection exception	fault	B	yes	1 = near RET 2 = far RET or IRET 3 = missing ENDBRANCH at target of indirect CALL/JMP 4 = RSTORSSP token check failure 5 = SETSSBSY token check failure bit 15 = enclave execution (similar to #PF error code)
16h	n/a	reserved	n/a	n/a	n/a	reserved
17h	n/a	reserved	n/a	n/a	n/a	reserved
18h	n/a	reserved	n/a	n/a	n/a	reserved
19h	n/a	reserved	n/a	n/a	n/a	reserved
1Ah	n/a	reserved	n/a	n/a	n/a	reserved
1Bh	n/a	reserved	n/a	n/a	n/a	reserved
1Ch	#HV	HV injection exception	n/a	B	no	AMD SVM: restricted injection or alternate injection
1Dh	#VC	VMM comm. exception	fault	C	yes	n = AMD SVM NAE event (due to SEV-ES)
1Eh	#SX	security exception	fault	C	yes	1 = AMD SVM INIT redirection (due to VM_CR.R_INIT=1)
1Fh	n/a	reserved	n/a	n/a	n/a	reserved

notes	descriptions

#1	fault: before instruction, trap: after instruction, abort: imprecise, B=benign: can't cause #DF, C=contributory: can cause #DF
#2	The correct behavior for #DE is to be a benign exception, because #DE can not be caused by any handler invocation.
#3	Any further contributory exceptions during the #DF handler invocation cause the processor to enter the shutdown state.
#4	Any #PF/#VE during the invocation of the #PF/#VE handler causes the processor to generate a #DF.
#5	The correct behavior for #AC is to be a contributory exception, to avoid the possibility of endless #AC loops in CPL=3.
#6	The correct behavior for undefined opcodes in the FPU range (D8h,00h...DFh,FFh) while CR0.EM=1 or CR0.TS=1 is to cause #UD (like the Intel P4-core does) instead of causing #NM (like older processors do).