A.4.1 Common corner cases
- POP to CS is invalid, and used by 286+ CPUs as prefix byte for two-
byte instructions. Some 8086s may actually implement it however.
It is unclear how this interacts with the prefetch queue, which
is known to be purged by every JMP, CALL, interrupt, or return
instruction.
- LEA has to encode a memory reference as source operand, and thus not
a register.
- MOV to and from segregs can encode invalid non-existent segment
registers beyond DS, or (on a 386+) beyond GS.
- MOV to a segreg mustn't encode CS as destination. Like POP to CS,
the prefetch queue behaviour is uncertain.
- HLT should cause the machine to halt, ideally until the next
hardware interrupt occurs. It may however simply cause the machine
to sleep or give up a timeslice in a multitasker. Failing even that
is in error.
- SHL and other shift and rotate instructions mask the shift count
(either from CL or the immediate operand) with 31 on 186+ machines,
except NEC V20/V30. The latter, and 8088/8086, use the entire shift
count.
- On the 8088/8086, the divide by zero interrupt points behind the
instruction that caused the exception. Otherwise, it points at the
instruction.
- AAD and AAM accept immediate bytes other than 10 on some machines,
but not on the NEC V20/V30.
- Interrupt 6 (Invalid opcode) didn't exist on the 8088/8086.
Unsupported instructions may behave as one- or two-byte no-ops or
otherwise oddly.
- Interrupt lockout after MOV or POP to SS is described in the Control
Flags description of the Interrupt Flag, section A.2.5.1.
- Proper repeated string operations tracing is described in the
Control Flags description of the Trace Flag, section A.2.5.3.