LEAVE

High Level Procedure Exit

Opcodes

Hex Mnemonic Encoding Long Mode Legacy Mode Description
C9 LEAVE A Valid N.E. Set RSP to RBP, then pop RBP.
C9 LEAVE A N.E. Valid Set ESP to EBP, then pop EBP.
C9 LEAVE A Valid Valid Set SP to BP, then pop BP.

Instruction Operand Encoding

Op/En Operand 0 Operand 1 Operand 2 Operand 3
A NA NA NA NA

Description

Releases the stack frame set up by an earlier ENTER instruction. The LEAVE instruction copies the frame pointer (in the EBP register) into the stack pointer register (ESP), which releases the stack space allocated to the stack frame. The old frame pointer (the frame pointer for the calling procedure that was saved by the ENTER instruction) is then popped from the stack into the EBP register, restoring the calling procedure's stack frame.

A RET instruction is commonly executed following a LEAVE instruction to return program control to the calling procedure.

See "Procedure Calls for Block-Structured Languages" in Chapter 7 of theIntel® 64and IA-32 Architectures Software Developer's Manual, Volume 1, for detailed information on the use of the ENTER and LEAVE instructions.

In 64-bit mode, the instruction's default operation size is 64 bits; 32-bit operation cannot be encoded. See the summary chart at the beginning of this section for encoding data and limits.

Pseudo Code

IF StackAddressSize = 32
	ESP = EBP;
ELSE
	IF StackAddressSize = 64
		RSP = RBP;
	FI;
ELSE
	IF StackAddressSize = 16
		SP = BP;
	FI;
FI;
IF OperandSize = 32
	EBP = Pop();
ELSE
	IF OperandSize = 64
		RBP = Pop();
	FI;
ELSE
	IF OperandSize = 16
		BP = Pop();
	FI;
FI;

Flags Affected

None.

Exceptions

64-Bit Mode Exceptions

Exception Description
#UD If the LOCK prefix is used.
#AC(0) If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.
#SS(0) If the stack address is in a non-canonical form.

Compatibility Mode Exceptions

Same exceptions as in protected mode.

Virtual-8086 Mode Exceptions

Exception Description
#UD If the LOCK prefix is used.
#AC(0) If alignment checking is enabled and an unaligned memory reference is made.
#PF(fault-code) If a page fault occurs.
#GP(0) If the EBP register points to a location outside of the effective address space from 0 to FFFFH.

Real-Address Mode Exceptions

Exception Description
#UD If the LOCK prefix is used.
#GP If the EBP register points to a location outside of the effective address space from 0 to FFFFH.

Protected Mode Exceptions

Exception Description
#UD If the LOCK prefix is used.
#AC(0) If alignment checking is enabled and an unaligned memory reference is made while the current privilege level is 3.
#PF(fault-code) If a page fault occurs.
#SS(0) If the EBP register points to a location that is not within the limits of the current stack segment.