Encoding ADC EAX, ECX - 2 different ways to encode? (arch x86)

Question

I\'m looking through an Intel Instruction Set manual, and it looks like there are 2 different forms of ADC that would match/encode ADC EAX, ECX as

Answer 1

This is redundancy of instruction encoding. Any architecture that use multiple parameters in the instruction has this.

Think of a RISC architecture that have add rx, ry, rz that assigns the sum of ry and rz into rx then you can encode add rx, ry, rz or add rx, rz, ry, they'll all be equivalent.

In x86 we (normally) have only 2 parameters for each instruction but you can select the direction between them since you can store to or read from memory. If you don't use memory then you can choose the direction between the 2 registers, so there are 2 encoding ways

You can use this to identify some compilers/assemblers. For some assemblers you can choose which encoding to use. In GAS you can use .s suffix to force it to emit the alternate encoding

10 de   adcb   %bl,%dh
12 f3   adcb.s %bl,%dh

Answer 2

The binary enconding of the ADC is (assumming reg-reg operation):

000100dw  Mod Reg Ind 
d= destination, 1 if Reg is the destination register, 0 if not
w= word operation, =0 if byte operation, =1 32 bit operation
Reg= is the register to use as a destination Register
Mod / Ind fields are used to specify the other Register involved, Mod=11, Ind= the other register

When the instruction is used with two registers like ADC EAX, ECX there are two possible encodings:

a) EAX= EAX + ECX, COP= 13h, the "normal" case
00010011 11|000|001 where d=1 meaning 000 (EAX) is the destination register and 001 (ECX) is the other register.

b) EAX= ECX + EAX, COP= 11h, 
00010001 11|001|000 d=0 meaning 001 (ECX) is not the destination register so 000(EAX) must be the destination register.

The D bit is involved in almost two operands instructions involving reg-reg or reg-mem operands.