2 * This file is part of the Palacios Virtual Machine Monitor developed
3 * by the V3VEE Project with funding from the United States National
4 * Science Foundation and the Department of Energy.
6 * The V3VEE Project is a joint project between Northwestern University
7 * and the University of New Mexico. You can find out more at
10 * Copyright (c) 2008, Jack Lange <jarusl@cs.northwestern.edu>
11 * Copyright (c) 2008, The V3VEE Project <http://www.v3vee.org>
12 * All rights reserved.
14 * Author: Jack Lange <jarusl@cs.northwestern.edu>
16 * This is free software. You are permitted to use,
17 * redistribute, and modify it as specified in the file "V3VEE_LICENSE".
20 #include <palacios/vmm_types.h>
22 /* .... Giant fucking switch tables */
31 INT, // KCH: adding software interrupts
138 static int get_addr_width(struct guest_info * info, struct x86_instr * instr) {
140 switch (v3_get_vm_cpu_mode(info)) {
142 return (instr->prefixes.addr_size) ? 4 : 2;
148 if (info->segments.cs.db) {
149 return (instr->prefixes.addr_size) ? 2 : 4;
151 return (instr->prefixes.addr_size) ? 4 : 2;
154 PrintError("Unsupported CPU mode: %d\n", info->cpu_mode);
159 static int get_operand_width(struct guest_info * info, struct x86_instr * instr,
259 switch (v3_get_vm_cpu_mode(info)) {
261 return (instr->prefixes.op_size) ? 4 : 2;
263 if (instr->prefixes.rex_op_size) {
271 if (info->segments.cs.db) {
273 return (instr->prefixes.op_size) ? 2 : 4;
275 return (instr->prefixes.op_size) ? 4 : 2;
278 PrintError("Unsupported CPU mode: %d\n", info->cpu_mode);
283 switch (v3_get_vm_cpu_mode(info)) {
285 PrintError("Invalid instruction given operating mode (%d)\n", form);
294 PrintError("Unsupported CPU mode: %d\n", info->cpu_mode);
300 switch (v3_get_vm_cpu_mode(info)) {
310 PrintError("Unsupported CPU mode: %d\n", info->cpu_mode);
319 switch (v3_get_vm_cpu_mode(info)) {
329 PrintError("Unsupported CPU mode: %d\n", info->cpu_mode);
336 PrintError("Unsupported instruction form %d\n", form);
346 typedef enum {INVALID_ADDR_TYPE, REG, DISP0, DISP8, DISP16, DISP32} modrm_mode_t;
347 typedef enum {INVALID_REG_SIZE, REG64, REG32, REG16, REG8} reg_size_t;
354 } __attribute__((packed));
361 } __attribute__((packed));
368 static inline int decode_gpr(struct guest_info * core,
370 struct x86_operand * reg) {
372 struct v3_gprs * gprs = &(core->vm_regs);
376 reg->operand = (addr_t)&(gprs->rax);
379 reg->operand = (addr_t)&(gprs->rcx);
382 reg->operand = (addr_t)&(gprs->rdx);
385 reg->operand = (addr_t)&(gprs->rbx);
388 if (reg->size == 1) {
389 reg->operand = (addr_t)&(gprs->rax) + 1;
391 reg->operand = (addr_t)&(gprs->rsp);
395 if (reg->size == 1) {
396 reg->operand = (addr_t)&(gprs->rcx) + 1;
398 reg->operand = (addr_t)&(gprs->rbp);
402 if (reg->size == 1) {
403 reg->operand = (addr_t)&(gprs->rdx) + 1;
405 reg->operand = (addr_t)&(gprs->rsi);
409 if (reg->size == 1) {
410 reg->operand = (addr_t)&(gprs->rbx) + 1;
412 reg->operand = (addr_t)&(gprs->rdi);
416 reg->operand = (addr_t)&(gprs->r8);
419 reg->operand = (addr_t)&(gprs->r9);
422 reg->operand = (addr_t)&(gprs->r10);
425 reg->operand = (addr_t)&(gprs->r11);
428 reg->operand = (addr_t)&(gprs->r12);
431 reg->operand = (addr_t)&(gprs->r13);
434 reg->operand = (addr_t)&(gprs->r14);
437 reg->operand = (addr_t)&(gprs->r15);
440 PrintError("Invalid Reg Code (%d)\n", reg_code);
451 static inline int decode_cr(struct guest_info * core,
453 struct x86_operand * reg) {
455 struct v3_ctrl_regs * crs = &(core->ctrl_regs);
457 // PrintDebug("\t Ctrl regs %d\n", reg_code);
461 reg->operand = (addr_t)&(crs->cr0);
464 reg->operand = (addr_t)&(crs->cr2);
467 reg->operand = (addr_t)&(crs->cr3);
470 reg->operand = (addr_t)&(crs->cr4);
474 PrintError("Invalid Reg Code (%d)\n", reg_code);
481 // This converts the displacement into the appropriate masked value
483 QUESTION: Are the register Values signed ?????
485 #define MASK_DISPLACEMENT(reg, mode) ({ \
487 if (mode == DISP8) { \
488 val = (sint8_t)(reg & 0xff); \
489 } else if (mode == DISP16) { \
490 val = (sint16_t)(reg & 0xffff); \
491 } else if (mode == DISP32) { \
492 val = (sint32_t)(reg & 0xffffffff); \
494 PrintError("Error invalid displacement size (%d)\n", mode); \
501 #define ADDR_MASK(val, length) ({ \
502 ullong_t mask = 0x0LL; \
505 mask = 0x00000000000fffffLL; \
508 mask = 0x00000000ffffffffLL; \
511 mask = 0xffffffffffffffffLL; \
519 static int decode_rm_operand16(struct guest_info * core,
520 uint8_t * modrm_instr,
521 struct x86_instr * instr,
522 struct x86_operand * operand,
523 uint8_t * reg_code) {
525 struct v3_gprs * gprs = &(core->vm_regs);
526 struct modrm_byte * modrm = (struct modrm_byte *)modrm_instr;
527 addr_t base_addr = 0;
528 modrm_mode_t mod_mode = 0;
529 uint8_t * instr_cursor = modrm_instr;
531 // PrintDebug("ModRM mod=%d\n", modrm->mod);
533 *reg_code = modrm->reg;
537 if (modrm->mod == 3) {
538 //PrintDebug("first operand = Register (RM=%d)\n",modrm->rm);
539 operand->type = REG_OPERAND;
541 decode_gpr(core, modrm->rm, operand);
544 struct v3_segment * seg = NULL;
546 operand->type = MEM_OPERAND;
548 if (modrm->mod == 0) {
550 } else if (modrm->mod == 1) {
552 } else if (modrm->mod == 2) {
558 base_addr = gprs->rbx + MASK_DISPLACEMENT(gprs->rsi, mod_mode);
561 base_addr = gprs->rbx + MASK_DISPLACEMENT(gprs->rdi, mod_mode);
564 base_addr = gprs->rbp + MASK_DISPLACEMENT(gprs->rsi, mod_mode);
567 base_addr = gprs->rbp + MASK_DISPLACEMENT(gprs->rdi, mod_mode);
570 base_addr = gprs->rsi;
573 base_addr = gprs->rdi;
576 if (modrm->mod == 0) {
580 base_addr = gprs->rbp;
584 base_addr = gprs->rbx;
590 if (mod_mode == DISP8) {
591 base_addr += *(sint8_t *)instr_cursor;
593 } else if (mod_mode == DISP16) {
594 base_addr += *(sint16_t *)instr_cursor;
599 // get appropriate segment
600 if (instr->prefixes.cs_override) {
601 seg = &(core->segments.cs);
602 } else if (instr->prefixes.es_override) {
603 seg = &(core->segments.es);
604 } else if (instr->prefixes.ss_override) {
605 seg = &(core->segments.ss);
606 } else if (instr->prefixes.fs_override) {
607 seg = &(core->segments.fs);
608 } else if (instr->prefixes.gs_override) {
609 seg = &(core->segments.gs);
611 seg = &(core->segments.ds);
614 operand->operand = ADDR_MASK(get_addr_linear(core, base_addr, seg),
615 get_addr_width(core, instr));
619 return (instr_cursor - modrm_instr);
623 // returns num_bytes parsed
624 static int decode_rm_operand32(struct guest_info * core,
625 uint8_t * modrm_instr,
626 struct x86_instr * instr,
627 struct x86_operand * operand,
628 uint8_t * reg_code) {
630 struct v3_gprs * gprs = &(core->vm_regs);
631 uint8_t * instr_cursor = modrm_instr;
632 struct modrm_byte * modrm = (struct modrm_byte *)modrm_instr;
633 addr_t base_addr = 0;
634 modrm_mode_t mod_mode = 0;
635 uint_t has_sib_byte = 0;
638 *reg_code = modrm->reg;
642 if (modrm->mod == 3) {
643 operand->type = REG_OPERAND;
644 // PrintDebug("first operand = Register (RM=%d)\n",modrm->rm);
646 decode_gpr(core, modrm->rm, operand);
649 struct v3_segment * seg = NULL;
651 operand->type = MEM_OPERAND;
653 if (modrm->mod == 0) {
655 } else if (modrm->mod == 1) {
657 } else if (modrm->mod == 2) {
663 base_addr = gprs->rax;
666 base_addr = gprs->rcx;
669 base_addr = gprs->rdx;
672 base_addr = gprs->rbx;
678 if (modrm->mod == 0) {
682 base_addr = gprs->rbp;
686 base_addr = gprs->rsi;
689 base_addr = gprs->rdi;
695 struct sib_byte * sib = (struct sib_byte *)(instr_cursor);
696 int scale = 0x1 << sib->scale;
700 switch (sib->index) {
702 base_addr = gprs->rax;
705 base_addr = gprs->rcx;
708 base_addr = gprs->rdx;
711 base_addr = gprs->rbx;
717 base_addr = gprs->rbp;
720 base_addr = gprs->rsi;
723 base_addr = gprs->rdi;
732 base_addr += MASK_DISPLACEMENT(gprs->rax, mod_mode);
735 base_addr += MASK_DISPLACEMENT(gprs->rcx, mod_mode);
738 base_addr += MASK_DISPLACEMENT(gprs->rdx, mod_mode);
741 base_addr += MASK_DISPLACEMENT(gprs->rbx, mod_mode);
744 base_addr += MASK_DISPLACEMENT(gprs->rsp, mod_mode);
747 if (modrm->mod != 0) {
748 base_addr += MASK_DISPLACEMENT(gprs->rbp, mod_mode);
752 base_addr += MASK_DISPLACEMENT(gprs->rsi, mod_mode);
755 base_addr += MASK_DISPLACEMENT(gprs->rdi, mod_mode);
762 if (mod_mode == DISP8) {
763 base_addr += *(sint8_t *)instr_cursor;
765 } else if (mod_mode == DISP32) {
766 base_addr += *(sint32_t *)instr_cursor;
770 // get appropriate segment
771 if (instr->prefixes.cs_override) {
772 seg = &(core->segments.cs);
773 } else if (instr->prefixes.es_override) {
774 seg = &(core->segments.es);
775 } else if (instr->prefixes.ss_override) {
776 seg = &(core->segments.ss);
777 } else if (instr->prefixes.fs_override) {
778 seg = &(core->segments.fs);
779 } else if (instr->prefixes.gs_override) {
780 seg = &(core->segments.gs);
782 seg = &(core->segments.ds);
785 operand->operand = ADDR_MASK(get_addr_linear(core, base_addr, seg),
786 get_addr_width(core, instr));
790 return (instr_cursor - modrm_instr);
794 int decode_rm_operand64(struct guest_info * core, uint8_t * modrm_instr,
795 struct x86_instr * instr, struct x86_operand * operand,
796 uint8_t * reg_code) {
798 struct v3_gprs * gprs = &(core->vm_regs);
799 uint8_t * instr_cursor = modrm_instr;
800 struct modrm_byte * modrm = (struct modrm_byte *)modrm_instr;
801 addr_t base_addr = 0;
802 modrm_mode_t mod_mode = 0;
803 uint_t has_sib_byte = 0;
808 *reg_code = modrm->reg;
809 *reg_code |= (instr->prefixes.rex_reg << 3);
811 if (modrm->mod == 3) {
812 uint8_t rm_val = modrm->rm;
814 rm_val |= (instr->prefixes.rex_rm << 3);
816 operand->type = REG_OPERAND;
817 // PrintDebug("first operand = Register (RM=%d)\n",modrm->rm);
819 decode_gpr(core, rm_val, operand);
821 struct v3_segment * seg = NULL;
822 uint8_t rm_val = modrm->rm;
824 operand->type = MEM_OPERAND;
827 if (modrm->mod == 0) {
829 } else if (modrm->mod == 1) {
831 } else if (modrm->mod == 2) {
838 rm_val |= (instr->prefixes.rex_rm << 3);
842 base_addr = gprs->rax;
845 base_addr = gprs->rcx;
848 base_addr = gprs->rdx;
851 base_addr = gprs->rbx;
854 if (modrm->mod == 0) {
858 base_addr = gprs->rbp;
862 base_addr = gprs->rsi;
865 base_addr = gprs->rdi;
868 base_addr = gprs->r8;
871 base_addr = gprs->r9;
874 base_addr = gprs->r10;
877 base_addr = gprs->r11;
880 base_addr = gprs->r12;
883 base_addr = gprs->r13;
886 base_addr = gprs->r14;
889 base_addr = gprs->r15;
898 struct sib_byte * sib = (struct sib_byte *)(instr_cursor);
899 int scale = 0x1 << sib->scale;
900 uint8_t index_val = sib->index;
901 uint8_t base_val = sib->base;
903 index_val |= (instr->prefixes.rex_sib_idx << 3);
904 base_val |= (instr->prefixes.rex_rm << 3);
910 base_addr = gprs->rax;
913 base_addr = gprs->rcx;
916 base_addr = gprs->rdx;
919 base_addr = gprs->rbx;
925 base_addr = gprs->rbp;
928 base_addr = gprs->rsi;
931 base_addr = gprs->rdi;
934 base_addr = gprs->r8;
937 base_addr = gprs->r9;
940 base_addr = gprs->r10;
943 base_addr = gprs->r11;
946 base_addr = gprs->r12;
949 base_addr = gprs->r13;
952 base_addr = gprs->r14;
955 base_addr = gprs->r15;
964 base_addr += MASK_DISPLACEMENT(gprs->rax, mod_mode);
967 base_addr += MASK_DISPLACEMENT(gprs->rcx, mod_mode);
970 base_addr += MASK_DISPLACEMENT(gprs->rdx, mod_mode);
973 base_addr += MASK_DISPLACEMENT(gprs->rbx, mod_mode);
976 base_addr += MASK_DISPLACEMENT(gprs->rsp, mod_mode);
979 if (modrm->mod != 0) {
980 base_addr += MASK_DISPLACEMENT(gprs->rbp, mod_mode);
984 base_addr += MASK_DISPLACEMENT(gprs->rsi, mod_mode);
987 base_addr += MASK_DISPLACEMENT(gprs->rdi, mod_mode);
990 base_addr += MASK_DISPLACEMENT(gprs->r8, mod_mode);
993 base_addr += MASK_DISPLACEMENT(gprs->r9, mod_mode);
996 base_addr += MASK_DISPLACEMENT(gprs->r10, mod_mode);
999 base_addr += MASK_DISPLACEMENT(gprs->r11, mod_mode);
1002 base_addr += MASK_DISPLACEMENT(gprs->r12, mod_mode);
1005 base_addr += MASK_DISPLACEMENT(gprs->r13, mod_mode);
1008 base_addr += MASK_DISPLACEMENT(gprs->r14, mod_mode);
1011 base_addr += MASK_DISPLACEMENT(gprs->r15, mod_mode);
1018 if (mod_mode == DISP8) {
1019 base_addr += *(sint8_t *)instr_cursor;
1021 } else if (mod_mode == DISP32) {
1022 base_addr += *(sint32_t *)instr_cursor;
1028 Segments should be ignored
1029 // get appropriate segment
1030 if (instr->prefixes.cs_override) {
1031 seg = &(core->segments.cs);
1032 } else if (instr->prefixes.es_override) {
1033 seg = &(core->segments.es);
1034 } else if (instr->prefixes.ss_override) {
1035 seg = &(core->segments.ss);
1036 } else if (instr->prefixes.fs_override) {
1037 seg = &(core->segments.fs);
1038 } else if (instr->prefixes.gs_override) {
1039 seg = &(core->segments.gs);
1041 seg = &(core->segments.ds);
1045 operand->operand = ADDR_MASK(get_addr_linear(core, base_addr, seg),
1046 get_addr_width(core, instr));
1050 return (instr_cursor - modrm_instr);
1056 static int decode_rm_operand(struct guest_info * core,
1057 uint8_t * instr_ptr, // input
1059 struct x86_instr * instr,
1060 struct x86_operand * operand,
1061 uint8_t * reg_code) {
1063 v3_cpu_mode_t mode = v3_get_vm_cpu_mode(core);
1065 operand->size = get_operand_width(core, instr, form);
1069 return decode_rm_operand16(core, instr_ptr, instr, operand, reg_code);
1071 if (instr->prefixes.rex_op_size) {
1072 return decode_rm_operand64(core, instr_ptr, instr, operand, reg_code);
1076 case LONG_32_COMPAT:
1077 return decode_rm_operand32(core, instr_ptr, instr, operand, reg_code);
1079 PrintError("Invalid CPU_MODE (%d)\n", mode);
1086 static inline op_form_t op_code_to_form_0f(uint8_t * instr, int * length) {
1091 struct modrm_byte * modrm = (struct modrm_byte *)&(instr[2]);
1093 switch (modrm->reg) {
1101 return INVALID_INSTR;
1162 return INVALID_INSTR;
1167 static op_form_t op_code_to_form(uint8_t * instr, int * length) {
1191 return op_code_to_form_0f(instr, length);
1231 struct modrm_byte * modrm = (struct modrm_byte *)&(instr[1]);
1233 switch (modrm->reg) {
1247 return INVALID_INSTR;
1251 struct modrm_byte * modrm = (struct modrm_byte *)&(instr[1]);
1253 switch (modrm->reg) {
1267 return INVALID_INSTR;
1271 struct modrm_byte * modrm = (struct modrm_byte *)&(instr[1]);
1273 switch (modrm->reg) {
1275 return ADD_IMM2SX_8;
1279 return ADC_IMM2SX_8;
1281 return AND_IMM2SX_8;
1283 return SUB_IMM2SX_8;
1285 return XOR_IMM2SX_8;
1287 return INVALID_INSTR;
1316 return MOV_MEM2AL_8;
1320 return MOV_AL2MEM_8;
1347 struct modrm_byte * modrm = (struct modrm_byte *)&(instr[1]);
1349 switch (modrm->reg) {
1355 return INVALID_INSTR;
1359 struct modrm_byte * modrm = (struct modrm_byte *)&(instr[1]);
1361 switch (modrm->reg) {
1367 return INVALID_INSTR;
1373 struct modrm_byte * modrm = (struct modrm_byte *)&(instr[1]);
1375 switch (modrm->reg) {
1381 return INVALID_INSTR;
1386 struct modrm_byte * modrm = (struct modrm_byte *)&(instr[1]);
1388 switch (modrm->reg) {
1394 return INVALID_INSTR;
1399 return INVALID_INSTR;
1405 static char * op_form_to_str(op_form_t form) {
1408 case LMSW: return "LMSW";
1409 case SMSW: return "SMSW";
1410 case CLTS: return "CLTS";
1411 case INVLPG: return "INVLPG";
1412 case MOV_CR2: return "MOV_CR2";
1413 case MOV_2CR: return "MOV_2CR";
1414 case MOV_DR2: return "MOV_DR2";
1415 case MOV_2DR: return "MOV_2DR";
1416 case MOV_SR2: return "MOV_SR2";
1417 case MOV_2SR: return "MOV_2SR";
1418 case MOV_MEM2_8: return "MOV_MEM2_8";
1419 case MOV_MEM2: return "MOV_MEM2";
1420 case MOV_2MEM_8: return "MOV_2MEM_8";
1421 case MOV_2MEM: return "MOV_2MEM";
1422 case MOV_MEM2AL_8: return "MOV_MEM2AL_8";
1423 case MOV_MEM2AX: return "MOV_MEM2AX";
1424 case MOV_AL2MEM_8: return "MOV_AL2MEM_8";
1425 case MOV_AX2MEM: return "MOV_AX2MEM";
1426 case MOV_IMM2_8: return "MOV_IMM2_8";
1427 case MOV_IMM2: return "MOV_IMM2";
1428 case MOVS_8: return "MOVS_8";
1429 case MOVS: return "MOVS";
1430 case MOVSX_8: return "MOVSX_8";
1431 case MOVSX: return "MOVSX";
1432 case MOVZX_8: return "MOVZX_8";
1433 case MOVZX: return "MOVZX";
1434 case HLT: return "HLT";
1435 case PUSHF: return "PUSHF";
1436 case POPF: return "POPF";
1437 case ADC_2MEM_8: return "ADC_2MEM_8";
1438 case ADC_2MEM: return "ADC_2MEM";
1439 case ADC_MEM2_8: return "ADC_MEM2_8";
1440 case ADC_MEM2: return "ADC_MEM2";
1441 case ADC_IMM2_8: return "ADC_IMM2_8";
1442 case ADC_IMM2: return "ADC_IMM2";
1443 case ADC_IMM2SX_8: return "ADC_IMM2SX_8";
1444 case ADD_IMM2_8: return "ADD_IMM2_8";
1445 case ADD_IMM2: return "ADD_IMM2";
1446 case ADD_IMM2SX_8: return "ADD_IMM2SX_8";
1447 case ADD_2MEM_8: return "ADD_2MEM_8";
1448 case ADD_2MEM: return "ADD_2MEM";
1449 case ADD_MEM2_8: return "ADD_MEM2_8";
1450 case ADD_MEM2: return "ADD_MEM2";
1451 case AND_MEM2_8: return "AND_MEM2_8";
1452 case AND_MEM2: return "AND_MEM2";
1453 case AND_2MEM_8: return "AND_2MEM_8";
1454 case AND_2MEM: return "AND_2MEM";
1455 case AND_IMM2_8: return "AND_IMM2_8";
1456 case AND_IMM2: return "AND_IMM2";
1457 case AND_IMM2SX_8: return "AND_IMM2SX_8";
1458 case OR_2MEM_8: return "OR_2MEM_8";
1459 case OR_2MEM: return "OR_2MEM";
1460 case OR_MEM2_8: return "OR_MEM2_8";
1461 case OR_MEM2: return "OR_MEM2";
1462 case OR_IMM2_8: return "OR_IMM2_8";
1463 case OR_IMM2: return "OR_IMM2";
1464 case OR_IMM2SX_8: return "OR_IMM2SX_8";
1465 case SUB_2MEM_8: return "SUB_2MEM_8";
1466 case SUB_2MEM: return "SUB_2MEM";
1467 case SUB_MEM2_8: return "SUB_MEM2_8";
1468 case SUB_MEM2: return "SUB_MEM2";
1469 case SUB_IMM2_8: return "SUB_IMM2_8";
1470 case SUB_IMM2: return "SUB_IMM2";
1471 case SUB_IMM2SX_8: return "SUB_IMM2SX_8";
1472 case XOR_2MEM_8: return "XOR_2MEM_8";
1473 case XOR_2MEM: return "XOR_2MEM";
1474 case XOR_MEM2_8: return "XOR_MEM2_8";
1475 case XOR_MEM2: return "XOR_MEM2";
1476 case XOR_IMM2_8: return "XOR_IMM2_8";
1477 case XOR_IMM2: return "XOR_IMM2";
1478 case XOR_IMM2SX_8: return "XOR_IMM2SX_8";
1479 case INC_8: return "INC_8";
1480 case INC: return "INC";
1481 case DEC_8: return "DEC_8";
1482 case DEC: return "DEC";
1483 case NEG_8: return "NEG_8";
1484 case NEG: return "NEG";
1485 case NOT_8: return "NOT_8";
1486 case NOT: return "NOT";
1487 case XCHG_8: return "XCHG_8";
1488 case XCHG: return "XCHG";
1489 case SETB: return "SETB";
1490 case SETBE: return "SETBE";
1491 case SETL: return "SETL";
1492 case SETLE: return "SETLE";
1493 case SETNB: return "SETNB";
1494 case SETNBE: return "SETNBE";
1495 case SETNL: return "SETNL";
1496 case SETNLE: return "SETNLE";
1497 case SETNO: return "SETNO";
1498 case SETNP: return "SETNP";
1499 case SETNS: return "SETNS";
1500 case SETNZ: return "SETNZ";
1501 case SETP: return "SETP";
1502 case SETS: return "SETS";
1503 case SETZ: return "SETZ";
1504 case SETO: return "SETO";
1505 case STOS_8: return "STOS_8";
1506 case STOS: return "STOS";
1507 case INT: return "INT"; // KCH
1511 return "INVALID_INSTR";
