PUSH--Push Word or Doubleword Onto the Stack

Opcode

Instruction

Description

FF /6

PUSH r/m16

Push r/m16

FF /6

PUSH r/m32

Push r/m32

50+rw

PUSH r16

Push r16

50+rd

PUSH r32

Push r32

6A

PUSH imm8

Push imm8

68

PUSH imm16

Push imm16

68

PUSH imm32

Push imm32

0E

PUSH CS

Push CS

16

PUSH SS

Push SS

1E

PUSH DS

Push DS

06

PUSH ES

Push ES

0F A0

PUSH FS

Push FS

0F A8

PUSH GS

Push GS

Description

Decrements the stack pointer and then stores the source operand on the top of the stack. The address-size attribute of the stack segment determines the stack pointer size (16 bits or 32 bits), and the operand-size attribute of the current code segment determines the amount the stack pointer is decremented (2 bytes or 4 bytes). For example, if these address- and operand-size attributes are 32, the 32-bit ESP register (stack pointer) is decremented by 4 and, if they are 16, the 16-bit SP register is decremented by 2. (The B flag in the stack segment's segment descriptor determines the stack's address-size attribute, and the D flag in the current code segment's segment descriptor, along with prefixes, determines the operand-size attribute and also the address-size attribute of the source operand.) Pushing a 16-bit operand when the stack address-size attribute is 32 can result in a misaligned the stack pointer (that is, the stack pointer is not aligned on a doubleword boundary).

The PUSH ESP instruction pushes the value of the ESP register as it existed before the instruction was executed. Thus, if a PUSH instruction uses a memory operand in which the ESP register is used as a base register for computing the operand address, the effective address of the operand is computed before the ESP register is decremented.

In the real-address mode, if the ESP or SP register is 1 when the PUSH instruction is executed, the processor shuts down due to a lack of stack space. No exception is generated to indicate this condition.

Intel® Architecture Compatibility

For Intel® Architecture processors from the Intel® 286 on, the PUSH ESP instruction pushes the value of the ESP register as it existed before the instruction was executed. (This is also true in the real-address and virtual-8086 modes.) For the Intel® 8086 processor, the PUSH SP instruction pushes the new value of the SP register (that is the value after it has been decremented by 2).

Operation

IF StackAddrSize 32
THEN
IF OperandSize 32
THEN
ESP ESP - 4;
SS:ESP SRC; (* push doubleword *)
ELSE (* OperandSize 16*)
ESP ESP - 2;
SS:ESP SRC; (* push word *)
FI;
ELSE (* StackAddrSize 16*)
IF OperandSize 16
THEN
SP SP - 2;
SS:SP SRC; (* push word *)
ELSE (* OperandSize 32*)
SP SP - 4;
SS:SP SRC; (* push doubleword *)
FI;
FI;

Flags Affected

None.

Protected Mode Exceptions

#GP(0) - If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. If the DS, ES, FS, or GS register is used to access memory and it contains a null segment selector.

#SS(0) - If a memory operand effective address is outside the SS segment limit.

#PF(fault-code) - If a page fault occurs.

#AC(0) - If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.

Real-Address Mode Exceptions

#GP - If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit.

#SS - If a memory operand effective address is outside the SS segment limit. If the new value of the SP or ESP register is outside the stack segment limit.

Virtual-8086 Mode Exceptions

#GP(0) - If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit.

#SS(0) - If a memory operand effective address is outside the SS segment limit.

#PF(fault-code) - If a page fault occurs.

#AC(0) - If alignment checking is enabled and an unaligned memory reference is made.