The x86 instruction set is the collection of commands that x86-compatible computer chips can follow. These commands are part of a program that runs on a computer, usually saved as a file and used by the computer's processor.

Over time, the x86 instruction set has been updated many times. These updates added larger memory areas, different types of data, and new features to the system.

x86 integer instructions

Below is the complete instruction set for the Intel 8086/8088 processors (81 instructions total). These instructions are also used in 32-bit mode, where they work with 32-bit registers (like eax, ebx, etc.) and values instead of their 16-bit versions (ax, bx, etc.). The updated instruction set is organized by architecture (i186, i286, i386, i486, i586/i686) and is called (32-bit) x86 and (64-bit) x86-64 (also known as AMD64).

This is the original instruction set. In the "Notes" column, "r" means a register, "m" means a memory address, and "imm" means an immediate value (a fixed number).

New instructions and forms added in the Intel 80186 and 80188 are also found in NEC V20/V30 processors and their later versions.

The second argument for the ENTER instruction is an 8-bit immediate value. On 80186/80188 and NEC V-series processors, all 8 bits are used, but on 80286 and later processors, only the bottom 5 bits are used.

The new instructions in the 80286 support x86 protected mode. Some of these instructions can also be used in real mode.

On Intel (but not AMD) CPUs, the SGDT and SIDT instructions with a 16-bit operand size are documented to write a descriptor to memory with the last byte set to 0. However, in practice, bits 31:24 of the descriptor table address are written instead.

On the Intel 80286, the last byte written by SGDT/SIDT is always 0xFF. This feature has been used by software (such as an NE2000 NDIS driver and Microsoft Windows 3.0) to identify if the CPU is an 80286.

When the LMSW instruction is used to enter Protected mode, it must be immediately followed by a jump instruction to clear the prefetch queue. On the Intel 80286, executing three non-jump instructions after an LMSW that enters protected mode has been reported to cause a CPU reset.

The 80386 added support for 32-bit operations to the x86 instruction set. This was done by expanding general-purpose registers to 32 bits and introducing the concepts of OperandSize and AddressSize. Most instruction forms that previously used 16-bit data arguments can now use 32-bit arguments by setting OperandSize to 32 bits. Similarly, instructions that previously used 16-bit address arguments can now use 32-bit addresses by setting AddressSize to 32 bits. (Instructions that work with 8-bit data remain 8-bit, regardless of OperandSize. Using a 16-bit data size affects only the bottom 16 bits of 32-bit registers, leaving the top 16 bits unchanged.)

The default OperandSize and AddressSize for each instruction is determined by the D bit in the segment descriptor of the current code segment. If D=0, both are 16-bit. If D=1, both are 32-bit. These settings can also be changed for individual instructions using two new prefixes introduced in the 80386:

• 66h: Changes OperandSize from 16-bit to 32-bit if CS.D=0, or from 32-bit to 16-bit if CS.D=1.
• 67h: Changes AddressSize from 16-bit to 32-bit if CS.D=0, or from 32-bit to 16-bit if CS.D=1.

The 80386 also introduced two new segment registers, FS and GS, as well as x86 control, debug, and test registers.

New instructions in the 80386 can be divided into two categories:

• Existing opcodes that needed new names for their 32-bit OperandSize versions (e.g., CWDE, LODSD).
• New opcodes that added new functionality (e.g., SHLD, SETcc).

For instruction forms where operand size is clear from the arguments (e.g., ADD EAX,EBX, which uses EAX and implies 32-bit OperandSize), no new mnemonics are needed or provided.

If the source argument is all zeros, the destination register remains unchanged on AMD processors. On Intel processors, the destination register is usually unchanged, though some exceptions exist.

On processors that support PCIDs, writing to CR3 while PCIDs are enabled will only flush TLB entries related to the PCID specified in bits 11:0 of the CR3 value. To flush pages from other PCIDs, the CR4.PGE bit can be toggled, the CR4.PCIDE bit can be cleared, or the INVPCID instruction can be used.

In 64-bit mode, TLB flushing can be avoided by setting bit 63 of the CR3 value to 1.

When the CR0.PG bit is toggled (enabling or disabling paging), its effect on instruction fetch is immediate on Pentium Pro and later processors. However, on 386/486/Pentium processors, the effect is delayed by at least one instruction. This difference has caused compatibility issues, such as with SCO UNIX 3.2v4.0.

MOV to CR2 is listed as serializing, but it has been reported to be non-serializing on some Intel Core-i7 processors.

MOV to CR8 (introduced with x86-64) is serializing on AMD processors but not on Intel processors.

Integer/system instructions not included in the basic 80486 instruction set but added in various x86 processors before SSE were introduced. (Discontinued instructions are not included.)

On all known x86-64 processors, these instructions accept but ignore the REX prefix and ignore the top 32 bits of RCX.

WRMSR to the x2APIC ICR (MSR 830h) is often used to send an IPI (Inter-processor interrupt). On Intel (but not AMD) CPUs, such an IPI may not be fully processed.

On the 80186 and 80188, the second argument for the ENTER instruction is an

x87 floating-point instructions

The x87 coprocessor, if available, helps with calculations involving decimal numbers (floating-point arithmetic). It includes eight data registers, each storing one 80-bit floating-point number (1 sign bit, 15 exponent bits, 64 mantissa bits). These registers are arranged in a stack, with the top register called "st" or "st(0)" and the others named st(1), st(2), …, st(7). The coprocessor also includes control and status registers, such as "PC" (controls precision, deciding whether calculations use 24, 53, or 64 mantissa bits) and "RC" (controls rounding methods, such as rounding to zero, positive infinity, negative infinity, or nearest even). A 4-bit condition code register "CC" has four bits labeled C0, C1, C2, and C3. Not all arithmetic instructions follow the settings of PC and RC.

A common issue in x86 emulators that use a data format with fewer than 64 mantissa bits (e.g., FP64 numbers with 53 mantissa bits) occurs when FILD / FISTP loops are converted between int64 and FP64 formats. This conversion can cause some lower-value bits of each 64-bit data item to be lost. For example, in framebuffer data, this loss may appear as vertical lines every 8 pixels.

The C1 bit is set to the sign bit of st(0), whether st(0) is empty or not.

On the 80287, once the FPU is switched to Protected Mode using the F(N)SETPM instruction, it cannot return to Real Mode without a reset. On IBM-compatible PCs with 80287/80387 FPUs (but not 80486 or later models), this reset could be done by sending a byte with the value 0 to I/O port F1h.

Examples of numbers that cause large differences between the FSIN instruction and the mathematical sine function include:

Other instructions

The x86 system includes instruction sets that are no longer used and are not supported by Intel or AMD, as well as instructions that work but are not officially written about.

x86 processors have undocumented instructions that are built into the chips but are not included in some official documents. These instructions can be found on websites online, such as Ralf Brown's Interrupt List and sandpile.org.

Some of these instructions are available on many x86 processors, while others are only found on a small number of specific processors.