14CSU111

MICROPROCESSORS AND INTERFACING

UNIT II: 8086 PROCESSOR

80x86 Architecture
Dr. Sudeep Surendran
ECE Department
MITS

1
UNIT II: 8086 PROCESSOR

1. 80x86 Architecture
2. Addressing modes
3. Assembly language programming
4. Assembly directives
5. Data and program control instructions
6. Arithmetic and Logical instructions
7. String instructions
8. Procedures

2
Introduction
1. Microprocessor as a programmable device
• Look at its internal programming model and then
how its memory space is addressed.

2. The architecture of Intel microprocessors is presented.

3. How the Intel family members address the memory

system.

4. The real, protected, and flat addressing modes of

operation.
3
Chapter Objectives
Upon completion of this chapter, you will be able to:

1. Describe function and purpose of each program-visible register in the 8086-Core2

microprocessors, including 64-bit extensions.
2. Detail the flag register and the purpose of each flag bit.
3. Describe how memory is accessed using real mode memory-addressing techniques.
4. Describe how memory is accessed using protected mode memory-addressing techniques.
5. Describe how memory is accessed using the 64-bit flat memory model.
6. Describe program-invisible registers found in the 80286 through Core2 microprocessors.
7. Detail the operation of the memory-paging mechanism.

4
INTERNAL MICROPROCESSOR ARCHITECTURE

• Before a program is written or instruction investigated, internal

configuration of the microprocessor must be known.

• In a multiple core microprocessor each core contains the same

programming model.
• Each core runs a separate task or thread simultaneously.

5
The Programming Model

• 8086 through Core2 considered program visible.

• registers are used during programming and are specified by the
instructions

• Other registers considered to be program invisible.

• not addressable directly during applications programming

6
The Programming Model cont’d
• 80286 and above contain program-invisible registers to
control and operate protected memory and other features of
the microprocessor

• 80386 through Core2 microprocessors contain full 32-bit

internal architectures.

• 8086 through the 80286 are fully upward-compatible to the

80386 through Core2.
7
 • The 80386 through the Core2
microprocessors contain full 32-
bit internal architectures.

• The architectures of the earlier

8086 through the 80286 are fully
upward-compatible to the 80386
through the Core2.

• The shaded areas in this

illustration represent registers that
are found in early versions of the
8086, 8088, or 80286
microprocessors and are provided
on the 80386–Core2
microprocessors for compatibility
to the early versions
Fig: The programming model 8086 through Core2 microprocessor including the 64-bit extensions 8
Fig: The programming model 8086 through Core2 microprocessor including the 64-bit extensions 9
Fig: The programming model 8086 through Core2 microprocessor including the 64-bit extensions 10
The Programming Model cont’d

• The programming model contains 8-, 16-, 32-bit 64-bit

registers.

• The Pentium 4 and Core2 also contain 64-bit registers when

operated in the 64-bit mode.

11
The Programming Model cont’d

• The 8-bit registers are:

• AH, AL, BH, BL, CH, CL, DH, and DL

• They are referred to when an instruction is formed using these two-

letter designations.
• Eg.: ADD AL,AH

12
The Programming Model cont’d

• The 16-bit registers are :

• AX, BX, CX, DX, SP, BP, DI, SI, IP, FLAGS, CS, DS, ES, SS, FS, and GS.

• Contain a pair of 8-bit registers.

• Eg: AX contains AH and AL.

• The 16-bit registers are referenced with the two-letter designations such
as AX.
• Eg: ADD DX, CX

13
The Programming Model cont’d

• The extended 32-bit registers are EAX, EBX, ECX, EDX, ESP, EBP,
EDI, ESI, EIP, and EFLAGS.
• These 32-bit extended registers, and 16-bit registers FS and GS, are available only in the
80386 and above.
• The 16-bit registers are referenced by the designations FS or GS for the two new 16-bit
registers, and by a three-letter designation for the 32-bit registers.
• Eg: ADD ECX, EBX
• Some registers are general-purpose or multipurpose registers, while some have special
purposes.

• The multipurpose registers include EAX, EBX, ECX, EDX, EBP, EDI,
and ESI.
• These registers hold various data sizes (bytes, words, or doublewords) and are used for almost any
purpose, as dictated by a program.

14
The Programming Model cont’d

• The 64-bit registers are designated as RAX, RBX, and so forth.

• In addition to the renaming of the registers for 64-bit widths, there are also additional 64-bit
registers that are called R8 through R15.

• The 64-bit extensions have multiplied the available register space by more than 8 times in the
Pentium 4 and the Core2 when compared to the original microprocessor architecture

• Eg: ADD RCX, RBX

15
• To access the low-order byte of the R8 register, use R8B (where B is
the low-order byte).
• Likewise, to access the low-order word of a numbered register, such as
R10, use R10W in the instruction.
• The letter D is used to access a doubleword.
• An example instruction that copies the low-order doubleword from R8
to R11 is MOV R11D, R8D.
• There is no special letter for the entire 64-bit register.

The overrides used to access portions of a 64-bit register. 16

Multipurpose Registers
• RAX - a 64-bit register (RAX), a 32-bit register (accumulator) (EAX), a 16-bit
register (AX), or as either of two 8-bit registers (AH and AL).
• The accumulator is used for instructions such as multiplication, division, and
some of the adjustment instructions.
• Intel plans to expand the address bus to 52 bits to address 4P (252~1015 =peta)
bytes of memory.
• RBX, addressable as RBX, EBX, BX, BH, BL.
• BX register (base index) sometimes holds offset address of a location in the memory system in
all versions of the microprocessor
• RCX, as RCX, ECX, CX, CH, or CL.
• a (count) general-purpose register that also holds the count for various instructions
• RDX, as RDX, EDX, DX, DH, or DL.
• a (data) general-purpose register
• holds a part of the result from a multiplication
or part of dividend before a division

17
Multipurpose Registers
• RBP, as RBP, EBP, or BP.
• points to a memory (base pointer) location for memory data transfers
• RDI addressable as RDI, EDI, or DI.
• often addresses (destination index) string destination data for the string instructions
• RSI used as RSI, ESI, or SI.
• the (source index) register addresses source string data for the string instructions
• like RDI, RSI also functions as a general-
purpose register
• R8 - R15 found in the Pentium 4 and Core2 if 64-bit extensions are enabled.
• data are addressed as 64-, 32-, 16-, or 8-bit
sizes and are of general purpose
• Most applications will not use these registers until 64-bit processors are common.
• the 8-bit portion is the rightmost 8-bit only
• bits 8 to 15 are not directly addressable as
a byte

18
Special-Purpose Registers
• Include RIP, RSP, and RFLAGS
• segment registers include CS, DS, ES, SS, FS, and GS

• RIP addresses the next instruction in a section of memory.

• defined as (instruction pointer) a code segment

• RSP addresses an area of memory called the stack.

• the (stack pointer) stores data through this pointer

• RFLAGS indicate the condition of the microprocessor and control its

operation.
19
 Flag registers of all versions of the microprocessor.
• Flags are upward-compatible from the 8086/8088 through Core2 .

• Flags never change for any data transfer or program control operation.

• The rightmost five and the overflow flag are changed by most arithmetic and logic operations

• Some of the flags are also used to control features found in the microprocessor.

20
Fig. : The EFLAG and FLAG register counts for the entire 8086 and Pentium microprocessor family.
Flag bits & Their functions
• C (carry)
• Holds the carry after addition or borrow after subtraction.
• Also indicates error conditions.

• P (parity)
• Count of ones in a number expressed as even or odd.
• Logic 0 for odd parity; logic 1 for even parity.

• A (auxiliary carry)
• Holds the carry (half-carry) after addition or the borrow after subtraction between bit 3 and 4
of the result.

• Z (zero)
• =1when arithmetic or logic operation is zero. Else 0

• S (sign)
• =1 result is negative after an arithmetic or logic instruction executes.
21
Flag bits & Their functions
• T (trap)
• The trap flag enables trapping through an on-chip debugging feature to check for errors

• I (interrupt)
• Controls operation of the INTR (interrupt request) input pin. (1=enable, 0 disable)

• D (direction)
• selects increment or decrement mode for the DI and/or SI registers.

• O (overflow)
• occurs when signed numbers are added or subtracted.
• an overflow indicates the result has exceeded the capacity of the machine

• IOPL
• used in protected mode operation to select the privilege level for I/O devices.

22
Flag bits & Their functions
• NT (nested task)
• flag indicates that the current task is nested within another task in protected mode
operation.

• RF (resume)
• Used with debugging to control resumption of execution after the next instruction.

• VM (virtual mode)
• Selects virtual mode operation in a protected mode system.

• AC, (alignment check)

• Activates if a word or doubleword is addressed on a non-word or non-doubleword
boundary.
23
Flag bits & Their functions

• VIF
• is a copy of the interrupt flag bit available to the Pentium 4–(virtual interrupt)

• VIP (virtual)
• provides information about a virtual mode interrupt for (interrupt pending) in
Pentium.
• Used in multitasking environments to provide virtual interrupt flags

• ID (identification)
• Indicates that the Pentium microprocessors support the CPUID instruction.
• CPUID instruction provides the system with information about the Pentium
microprocessor

24
Segment Registers
• Generate memory addresses when combined with other registers in the
microprocessor.

• Four or six segment registers in various versions of the microprocessor.

• A segment register functions differently in real mode than in protected

mode.

25
Segment Registers & Their functions
• CS (code)
• A section of memory that holds the code (programs and procedures) used by the microprocessor.
• The code segment register defines the starting address of the section of memory holding code.
• In real mode operation, it defines the start of a 64Kbyte section of memory;
• In protected mode, it selects a descriptor that describes the starting address and length of a section
of memory holding code.
• The code segment is limited to 64K bytes in the 8088–80286, and 4G bytes in the 80386 and above
when these microprocessors operate in the protected mode.

• DS (data) contains most data used by a program.

• Data are accessed by an offset address or contents of other registers that hold the
offset address

• ES (extra) an additional data segment used by some instructions to hold

destination data.

26
Segment Registers & Their functions
• SS (stack) defines the area of memory used for the stack.
• Stack entry point is determined by the stack segment and stack pointer
registers
• The BP register also addresses data within the stack segment

• FS and GS segments are supplemental segment registers available in

80386–Core2 microprocessors.
• allow two additional memory segments for access by programs
• Windows uses these segments for internal operations

27
Address Modes of 80x86

➢In real mode, multiple programs could be running in memory

at the same time, any program could access any area of
memory and,
• If any error could take down the entire system.

➢In Protected mode the areas of memory could be physically

isolated by the processor itself to prevent illegal writes to
other programs running in memory at the same time.
• Allows the operating system (OS) to dictate where each program
should run.

28
Address Modes of 80x86
• Real mode, (real address mode) for all x86-compatible CPUs.
• A 20-bit segmented memory address space (giving 1 MiB of addressable memory) and unlimited
direct software access to all addressable memory, I/O addresses and peripheral hardware.
• 1 MiB (Mebibyte) = 220 bytes = 1024 kibibytes (1024x1024)
• No support for memory protection, multitasking, or code privilege levels.

• The other mode available is called protected mode. In protected mode, programs can
access extended memory and virtual memory.
• Supports multitasking.

• The 80386 and later microprocessors support a third mode called virtual 8086 mode.
• Several real-mode programs could be run at once.

• The DOS operating system was not designed to take advantage of protected mode.
• It executes programs in real mode unless a protected mode extender is run first.

29
REAL MODE MEMORY ADDRESSING
• Only the 8086 and 8088 operate exclusively in the real mode.
• Real mode operation allows the microprocessor to address only the first 1M byte of
memory space—even if it is the Pentium 4 or Core2 microprocessor.
• 2^20=1MB (mega bytes of locations)

• The 80286 and above operate in either the real or protected mode.
• For backward compatibility, all x86 CPUs start in real mode when reset

• In the 64-bit operation mode of the Pentium 4 and Core2, there is no real mode
operation.

• The first 1M byte of memory is called the real memory, conventional memory,
or DOS memory system.
30
Switching between modes
• Intel introduced protected mode into the x86 family with the intention that
operating systems which used it would run entirely in the new mode and that all
programs running under a protected mode operating system would run in
protected mode as well.

• But programs written for real mode cannot run in protected mode without being
rewritten.
• User base real mode – so need a way to switch between the modes.

• In 80286 no easy way to switch back to real mode.

• Before the 386 the only way to switch from protected mode back to real mode was to reset the
processor
• Does not clear the system's RAM, then the processor is reset, restarts in real mode, and
executes some real mode code to restore the saved state from memory. It can then run other
real mode code until the program is ready to switch back to protected mode.
• The switch to real mode is costly in terms of time, but this technique allows protected mode
programs to use services such as BIOS, which runs entirely in real mode

31
Segments and Offsets
• Memory location in the real mode is accessed by a combination of a
segment address and an offset address.

• Segment address defines the beginning address of any 64K-byte memory

segment

• Offset address selects any location within the 64K byte memory segment
• Called ‘displacement’,

32
Segments and Offsets

Fig.: The real mode memory-addressing scheme, using a segment address plus an offset. 33
 Segment address
• The segment register in Example contains 1000H, yet it addresses a starting segment at
location 10000H.
• In the real mode, each segment register is internally appended with a 0H on its rightmost end.
• This forms a 20-bit memory address, allowing it to access the start of a segment.
• The microprocessor must generate a 20-bit memory address to access a location within
the first 1M of memory.
• For example, when a segment register contains 1200H, it addresses a 64K-byte memory segment beginning at
location 12000H.
• Likewise, if a segment register contains 1201H, it addresses a memory segment beginning at location 12010H.
• Because of the internally appended 0H, real mode segments can begin only at a l6-byte boundary in the
memory system. Each is hexadecimal so 4 bits jumps. Each bit represent a byte memory locations
• This l6-byte boundary is often called a paragraph.

• Because a real mode segment of memory is 64K in length, once the beginning address is
known, the ending address is found by adding FFFFH.
• For example, if a segment register contains 3000H, the first address of the segment is 30000H, and the last
address is or 3FFFFH.

34
Q: Find the starting & the ending address of the memory segment

35
Q: Find the starting & the ending address of the memory segment

36
The starting & the ending address of the memory segment

Tab. Example of real mode segment addresses.

37
Offset Address
• The offset address, which is a part of the address, is added to the start
of the segment to address a memory location within the memory
segment.
• If the segment address is 1000H and the offset address is 2000H, the
microprocessor addresses memory location 12000H.
• The offset address is always added to the starting address of the segment to
locate the data.
• The segment and offset address is sometimes written as 1000:2000 for a
segment address of 1000H with an offset of 2000H.

38
Offset address
• Some addressing modes combine more than one register and an offset
value to form an offset address.
• When this occurs, the sum of these values may exceed FFFFH (16Bits)

• Eg.: The address accessed in a segment whose segment address is

4000H and whose offset address is specified as the sum of F000H plus
3000H will access memory location 42000H instead of location
52000H.
• When the F000H and 3000H are added, they form a l6-bit (modulo 16) sum of 2000H
used as the offset address; not 12000H, the true sum.
• The carry of 1 (F000H + 3000H = 12000H) is dropped for this addition to form the offset
address of 2000H.
• The address is generated as 4000:2000 or 42000H.

39
Default Segment and Offset Registers

• The microprocessor has rules that apply to segments whenever

memory is addressed.
• these define the segment and offset register combination

• Eg 1. the code segment register is always used with the instruction

pointer to address the next instruction in a program.
• This combination is CS:IP or CS:EIP, depending upon the microprocessor’s
mode of operation.
• The code segment register defines the start of the code segment.
• The instruction pointer locates the next instruction within the code segment.

• Eg 2. Another of the default combinations is the stack.

• stack data are referenced through the stack segment at the memory location
addressed by either the stack pointer (SP/ESP) or the pointer (BP/EBP)
Default Segment and Offset Registers

Tab. Default 16-bit segment and offset combinations.

41
 Default Segment and Offset Registers
• 80386 and above have a far greater selection of segment/offset address
combinations than do the 8086 through the 80286 microprocessors.

Fig. Default 32-bit segment and offset combinations. 42

 Memory segments
➢ The 8086–80286 microprocessors allow four memory segments and the
80386–Core2 microprocessors allow six memory segments.

➢ A program can have more than four or six segments, but only access four or
six segments at a time.

43
Fig. A memory system showing the placement of four memory segments. 44
Overlap of memory segments
• A memory segment can touch or even overlap if 64K bytes of memory
are not required for a segment.
• Suppose that an application program requires 1000H bytes of memory
for its code, 190H bytes of memory for its data, and 200H bytes of
memory for its stack. This application does not require an extra
segment.
• The segments show an overlap because the amount of data in them
does not require 64K bytes of memory.
• Segments can be moved over any area of memory by changing the
segment starting address.
45
Fig. An application program containing a code, data, and stack segment loaded into a DOS system memory.
46
Relocation
• Segment plus offset addressing allows relocatable program and
data.
• A relocatable program is one that can be placed into any area of memory
and executed without change.
• Relocatable data are data that can be placed in any area of memory and
used without any change to the program.

• The personal computer memory structure is different from machine

to machine, requiring relocatable software and data.

• It also allows programs written to function in the real mode to

operate in a protected mode system.
 Relocation
• Because memory is addressed within a segment by an offset address, the memory
segment can be moved to any place in the memory system without changing any
of the offset addresses.

• This is accomplished by moving the entire program, as a block, to a new area and
then changing only the contents of the segment registers.

• If an instruction is 4 bytes above the start of the segment, its offset address is 4. If
the entire program is moved to a new area of memory, this offset address of 4 still
points to 4 bytes above the start of the segment.

• Without this feature, a program would have to be extensively rewritten or altered

before it is moved. This would require additional time or many versions of a
program for the many different configurations of computer systems.

48
 INTRODUCTION TO PROTECTED MODE MEMORY ADDRESSING
• 80286 and above allows access to data and programs located above as well as within the
first 1M byte of memory.
• Protected mode is where Windows operates.
• Requires a change to the segment plus an offset addressing scheme used with real mode
memory addressing.
• When data and programs are addressed in extended memory, the offset address is still
used to access information located within the memory segment.
• Segment address is no longer present in the protected mode.
• Instead, the segment register contains a selector that selects a descriptor from a descriptor
table.
• The descriptor describes the memory segment’s information.
• Most programs written to function in the real mode will function without change in the protected
mode.
• Another difference, in the 80386 and above, is that the offset address can be a 32-bit
number instead of a 16-bit number in the protected mode.
• A 32-bit offset address allows the microprocessor to access data within a segment that can be up to
4G bytes in length.

49
Selectors and Descriptors
• The selector, located in the segment register, selects one of 8192
descriptors from one of two tables of descriptors (global/local).
• The descriptor describes the location, length, and access rights of the
segment of memory.
• Indirectly, the segment register still selects a memory segment, but not
directly as in the real mode.
• For example,
• In the real mode, if CS = 0008H, the code segment begins at location 00080H
• In the protected mode, this segment number can address any memory location
in the entire system for the code segment.

50
 Selectors and Descriptors
• There are two descriptor tables used with the segment registers:
• one contains global descriptors and the other contains local descriptors.
• The global descriptors contain segment definitions that apply to all programs,
whereas the local descriptors are usually unique to an application.
• Global descriptor - system descriptor and local descriptor - application
descriptor.
• Each descriptor table contains 8192 descriptors, so a total of 16,384 total
descriptors are available to an application at any time.
• Because the descriptor describes a memory segment, this allows up to 16,384
memory segments to be described for each application.
• Since a memory segment can be up to 4G bytes in length, this means that an
application could have access to 4G * 16,384 bytes of memory or 64T bytes.
• Each descriptor is 8 bytes in length.
• Descriptors for the 80286 and the 80386–Core2 differ slightly, but the 80286
descriptor is upward-compatible.

51
Descriptors

52
Fig.: The 80286 through Core2 64-bit descriptors.
Descriptors
➢Each descriptor is 8 bytes in length.
➢Total memory of GDT/LDT=64KB. (8 x 8192)
➢The base address portion of the descriptor indicates the starting
location of the memory segment.
• For the 80286 microprocessor, the base address is a 24-bit address, so
segments begin at any location in its 16M bytes of memory.
• The paragraph boundary limitation is removed in these microprocessors when
operated in the protected mode so segments may begin at any address.
• The 80386 and above use a 32-bit base address that allows segments to begin
at any location in its 4G bytes of memory.
• 80286 descriptor’s base address is upward-compatible to the 80386 through
the Pentium 4 descriptor.

53
Descriptors
• The segment limit contains the last offset address found in a
segment.
• Eg.: If a segment begins at memory location F00000H and ends at location
F000FFH, the base address is F00000H and the limit is FFH.
• For the 80286 microprocessor, the base address is F00000H (24bits)and the limit is
00FFH (16bits).
• For the 80386 and above, the base address is 00F00000H (32bits) and the limit is
000FFH(20bits).
• An 80286 can access memory segments that are between 1 and 64K bytes in
length. (virtual mem.=64x16384=1GB, physical mem.=2^(24)=16MB)
• The 80386 and above access memory segments that are between 1 and 1M
byte, or 4K and 4G bytes in length.

54
Descriptors
• G bit, (granularity bit) Found in the 80386 - Pentium 4.
• If G=0, the limit specifies a segment limit of 00000H to FFFFFH. (20bit)
• If G=1 , the value of the limit is multiplied by 4K bytes (appended with
FFFH). The limit is then 00000FFFFH to FFFFFFFFH. (32bits)
• This allows a segment length of 4K to 4G bytes in steps of 4K bytes. (64K
bytes in the 80286).
• The 80386 and above use a 32-bit architecture that allows an offset
address-segment lengths of 4G bytes and the 16-bit offset address
allows segment lengths of 64K bytes.
• Operating systems operate in a 16- or 32-bit environment.
• Eg. :, DOS -16-bit, Windows -32-bit (WIN32).

55
56
Descriptors
• In the 64-bit descriptor, the L bit selects 64-bit addresses in a Pentium
4 or Core2
• 64-bit extensions ; L = 1
• 32-bit compatibility mode ; L = 0.
• In 64-bit protected operation, the code segment register is still used to
select a section of code from the memory.
• 64-bit descriptor has no limit or base address.
• It only contains an access rights byte and the control bits.
• The base address of the segment by default is 00 0000 0000H.
• All code segments start at address zero for 64-bit operation.
• There are no limit checks for a 64-bit code segment.

57
Descriptors
• The AV bit used by some OSs to indicate that the segment is available (AV=1 ) or
not available (AV=0) in physical memory(primary) it is present in secondary mem.
and not yet transferred to primary.
• The D bit indicates how the 80386 through the Core2 instructions access register
and memory data in the protected or real mode.
• If D=0, the instructions are 16-bit instructions, compatible with the 8086–80286
microprocessors.
• The instructions use 16-bit offset addresses and 16-bit register. (16-bit instruction mode or DOS mode)
• If D=1 , the instructions are 32-bit instructions.
• All offset addresses and all registers are 32 bits.
• The default for register size and offset address is overridden in both the 16- and
32-bit instruction modes.
• Both the MSDOS and PCDOS operating systems require that the instructions are always used
in the 16-bit instruction mode.
• Windows 3.1, and any application that was written for it, also requires that the 16-bit
instruction mode is selected.
• Instruction mode is accessible only in a protected mode system such as Windows Vista.
58
Descriptors
• The access rights byte controls access to the protected mode segment.
• Access rights associated with the segment.
• Which are the applications allowed to access the particular segment.
• It describes how the segment functions in the system.
• It allows complete control over the segment.
• If the segment is a data segment, the direction of growth is specified.
• If the segment grows beyond its limit, the microprocessor’s operating system program is
interrupted, indicating a general protection fault.
• You can even specify whether a data segment can be written or is write-protected.
• The code segment is also controlled in a similar fashion and can have reading
inhibited to protect software.
• A 64-bit flat model program contains its data and stacks in the code
segment.

59
 Access rights byte

60
Fig. The access rights byte for the 80286 through Core2 descriptor.
Access rights byte

61
Segment register
• Descriptors are chosen from the descriptor table by the segment register.
• The segment register contains a 13-bit selector field, a table selector bit, and a
requested privilege level field.

Fig. The contents of a segment register during protected mode operation of the 80286 through Core2 microprocessors.
62
Segment register
• The 13-bit selector chooses one of the 8192 descriptors from the descriptor
table.
• The TI bit selects either the GDT or the LDT.
• The requested privilege level (RPL) requests the access privilege level of a
memory segment.
• The highest privilege level is 00 and the lowest is 11.
• If the requested privilege level (PL of application) ≥ privilege level set by the access rights
byte, access is granted.
• For example, if the requested privilege level is 10 and the access rights byte sets the
segment privilege level at 11, access is granted because 10 is higher in priority than
privilege level 11.
• Privilege levels are used in multiuser environments.
• Windows uses privilege level 00 (ring 0) for the kernel and driver programs and level 11
(ring 3) for applications. Windows does not use levels 01 or 10.
• If privilege levels are violated, the system normally indicates an application or privilege
level violation.

63
Selection of segment in memory
1. The segment register, containing a selector, chooses a descriptor
from the global descriptor table.
2. The entry in the global descriptor table selects a segment in the
memory system.
• Eg.: DS contains 0008H (selector), which accesses the descriptor
number 1 from the global descriptor table using a requested privilege
level of 00.
• Descriptor number 1 contains a descriptor that defines the base address as
00100000H with a segment limit of 000FFH.
• Thus, a value of 0008H loaded into DS causes the μp to use memory locations
00100000H–001000FFH for the data segment.
• Descriptor zero is called the null descriptor, must contain all zeros, and
may not be used for accessing memory.
64
Fig. Using the DS register to select a description from the global descriptor table 65
Program-Invisible Registers
• 80286–Core2 contain Program-invisible registers in protected mode used
to access and specify the address of GDT/LDT in memory.
• They are not directly addressed by software.
• Each of the segment registers contains a program-invisible portion used
in the protected mode called cache memory. (Different from L1 or L2 caches
found with the μp.)
• The program-invisible portion of the segment register is loaded with the
base address, limit, and access rights each time the number segment
register is changed.
• The μp accesses a descriptor table and loads the descriptor into the program-
invisible portion of the segment register until the segment number is again
changed.
• This allows the μp to repeatedly access a memory segment without
referring to the descriptor table every time (hence the term cache).
66
 67
Fig. The program-invisible register within the 80286–Core2 microprocessors.
 Program-Invisible Registers
• The GDTR (global descriptor table register) and IDTR (interrupt descriptor table register)
contain the base address of the descriptor table and its limit.
• The limit of each descriptor table is 16 bits because the maximum table length is 64KB.
• In protected mode, the address of the GDT and its limit are loaded into the GDTR.
• Before using the protected mode, the IDT and the IDTR must also be initialized.
• The location of the LDT is selected from the GDT.
• One of the global descriptors is set up to address the local descriptor table.
• To access the LDT, the LDTR (local descriptor table register) is loaded with a selector. This selector
accesses the GDT and loads the address, limit, and access rights of the LDT into the cache of
LDTR.
• The TR (task register) holds a selector, which accesses a descriptor that defines a task.
• A task is most often a procedure or application program.
• The descriptor for the task is stored in the GDT, so access can be controlled through the privilege
levels.
• The task register allows a context or task switch in about 17μs.
• Task switching allows the μp to switch between tasks in a fairly short amount of time.
• Allows multitasking systems to switch from one task to another in a simple and orderly fashion.

68
MEMORY PAGING

69
MEMORY PAGING

70
MEMORY PAGING

71
MEMORY PAGING

72
MEMORY PAGING

73
Virtual Memory

74
Virtual Memory

75
Virtual Memory

76
MEMORY PAGING
• The memory paging mechanism located within the 80386 and above
allows any physical memory location to be assigned to any linear
address.

• The linear address is defined as the address generated by a program.

• The physical address is the actual memory location accessed by a

program.

77
MEMORY PAGING
• With the memory paging unit, the linear address is invisibly translated
to any physical address, which allows an application written to
function at a specific address to be relocated through the paging
mechanism.

• It also allows memory to be placed into areas where no memory exists.

• Eg. The upper memory blocks provided by EMM386.EXE in a DOS system.

• In Windows, each application is allowed a 2G linear address space

from location 00000000H–7FFFFFFFH even though there may not be
enough memory or memory available at these addresses.
• Through paging to the hard disk drive and paging to the memory through the
memory paging unit, any Windows application can be executed.
78
Paging Registers
• The registers important to the paging unit are CR0 and CR3.

• PG bit of CR0 selects paging when placed at a logic 1 level.

• PG = 0, the linear address generated by the program is the physical address used to
access memory.
• PG = 1, the linear address is converted to a physical address through the paging
mechanism.

• The paging mechanism functions in both the real and protected modes.

79
Paging Registers
• CR3 contains the page directory base or root address, and the PCD and
PWT bits.
• The PCD and PWT bits control the operation of the PCD and PWT pins on the μp
during bus cycles that are not paged.

• PCD bit =1, the PCD pin becomes a logic one. Allows the external hardware to
control the level 2 cache memory (buffer between the μp and the main DRAM)

• The PWT bit appears on PWT pin to control the write-through cache in the system.

• The page directory base address locates the directory for the page translation unit.
• It locates the page directory at any 4K boundary in the memory because it is appended
internally with 000H.
• The page directory contains 1024 directory entries of 4 bytes each.
• Each page directory entry addresses a page table that contains 1024 entries.

80
Paging Registers
• Available to the 80386 - Core2 microprocessors.
• The paging unit is controlled by the contents of the μp’s control registers. (CR0 - CR4)
• CR4 Begins with the Pentium, controls extensions to the basic architecture of the microprocessor.
• Eg. 2M- or a 4M-byte page that is enabled by controlling CR4.

81
Fig. : The control register structure of the microprocessor.
Linear address
• The linear address, as it is generated by the software, is broken into three sections that are
used to access the page directory entry, page table entry, and memory page offset
address.

• The leftmost 10 bits address an entry in the page directory.

• For linear address 00000000H–003FFFFFH, the first page directory is accessed.

• The contents of the page directory select a page table that is indexed by the next 10 bits of
the linear address (bit positions 12–21).
• This means that address 00000000H–00000FFFH selects page directory entry of 0 and page table
entry of 0.
• 4K-byte address range.

• The offset part of the linear address (bit positions 0–11) selects a byte in the 4K-byte
memory page.

• If the page table entry 0 contains address 00100000H, then the microprocessor physical
address is 00100000H-00100FFFH for linear address 00000000H–00000FFFH (Accessed
by the program).
82
Linear address
• The linear address, as it is generated by the software, is broken into three sections that are used to
access the page directory entry, page table entry, and memory page offset address.

83
The format for the linear address (a) and a page directory or page table entry (b).
Linear address
• Because the act of repaging a 4K-byte section of memory requires
access to the page directory and a page table, which are both located in
memory, Intel has incorporated a special type of cache called the TLB
(translation look-aside buffer).

• In the 80486, the cache holds the 32 most recent page translation
addresses. i.e. the last 32 page table translations are stored in the TLB,
so if the same area of memory is accessed, the address is already
present in the TLB, and access to the page directory and page tables is
not required.

• This speeds program execution. The Pentium–Pentium 4 contain

separate TLBs for each of their instruction and data caches.
84
The Page Directory and Page Table
• The page directory, a few page tables, and some memory pages.

The paging mechanism in the 80386 through Core2 microprocessors 85

The Page Directory and Page Table
• There is only one page directory in the system.

• The page directory contains 1024 doubleword addresses that locate up

to 1024 page tables.

• The page directory and each page table are 4K bytes in length.

• If the entire 4G byte of memory is paged, the system must allocate 4K

bytes of memory for the page directory, and 4K times 1024 or 4M
bytes for the 1024 page tables.

86
FLAT MODE MEMORY
• The memory system in a Pentium-based computer (Pentium 4 or
Core2) that uses the 64-bit extensions uses a flat mode memory
system.

• A flat mode memory system is one in which there is no segmentation.

• Address of the first byte in the memory is 00 0000 0000H and the last
location is FF FFFF FFFFH (40-bits).

• The flat model does not use a segment register to address a location in
the memory.
87
FLAT MODE MEMORY

• The CS segment register is used to select a descriptor from the

descriptor table that defines the access rights of only a code segment.

• The segment register still selects the privilege level of the software.
The flat model does not select the memory address of a segment using
the base and limit in the descriptor.

• In 64-bit mode the actual address is not modified by the descriptor as

in 32-bit protected mode.

88
FLAT MODE MEMORY
• The offset address is the actual physical address in 64-bit mode.
• This form of addressing is much easier to understand, but offers little
protection to the system, through the hardware, as did the protected
mode system.
• The real mode system is not available if the processor operates in the
64-bit mode.
• Protection and paging are allowed in the 64-bit mode.
• The CS register is still used in the protected mode operation in the 64-
bit mode.

89
FLAT MODE MEMORY

90
The 64-bit flat mode memory model.
FLAT MODE MEMORY
• In the 64-bit mode if set to IA32 compatibility (L bit =0 in descriptor),
address is 64-bits,
• But only 40 bits of the address are brought out to the address pins,
• Address above 40 bits is truncated.
• Instructions can only use a 32- bit displacement
• Allows a range of ±2G from the current instruction. (Total 4G)
• This addressing mode is called RIP relative addressing.
• The move immediate instruction allows a full 64-bit address and access to any flat
mode memory location.
• Other instructions do not allow access to a location above 4G (offset 32-bits).
• If the Pentium is operated in the full 64-bit mode (L bit =1), the address
may be 64-bits or 32-bits.
• Most programs today are operated in the IA32 compatible mode so current
versions of Windows software operates properly.
91
Summary
• The programming model of the 8086 through 80286 contains 8- and 16-bit
registers. The programming model of the 80386 and above contains 8-, 16-,
and 32-bit extended registers as well as two additional 16-bit segment
registers: FS and GS.
• The 8-bit registers are AH, AL, BH, BL, CH, CL, DH, and DL. The 16-bit
registers are AX, BX, CX, DX, SP, BP, DI, and SI.
• The segment registers are CS, DS, ES, SS, FS, and GS.
• The 32-bit extended registers are EAX, EBX, ECX, EDX, ESP, EBP, EDI,
and ESI.
• The 64-bit registers in a Pentium 4 with 64-bit extensions are RAX, RBX,
RCX, RDX, RSP, RBP, RDI, RSI, and R8 through R15.
• In addition, the microprocessor contains an instruction pointer (IP/EIP/RIP)
and flag register (FLAGS, EFLAGS, or RFLAGS).

92
Summary
• All real mode memory addresses are a combination of a segment
address plus an offset address.
• The starting location of a segment is defined by the 16-bit number in
the segment register that is appended with a hexadecimal zero at its
rightmost end.
• The offset address is a 16-bit number added to the 20-bit segment
address to form the real mode memory address.
• All instructions (code) are accessed by the combination of CS
(segment address) plus IP or EIP (offset address).

93
Summary
• Data are normally referenced through a combination of the DS (data
segment) and either an offset address or the contents of a register that
contains the offset address.
• The 8086–Core2 use BX, DI, and SI as default offset registers for data if
16-bit registers are selected. The 80386 and above can use the 32-bit
registers EAX, EBX, ECX, EDX, EDI, and ESI as default offset registers
for data.
• Protected mode operation allows memory above the first 1M byte to be
accessed by the 80286 - Core2 microprocessors.
• This extended memory system (XMS) is accessed via a segment address
plus an offset address, just as in the real mode. The difference is that the
segment address is not held in the segment register. In the protected mode,
the segment starting address is stored in a descriptor that is selected by the
segment register.

94
Summary
• A protected mode descriptor contains a base address, limit, and access rights byte.
• The base address locates the starting address of the memory segment
• The limit defines the last location of the segment.
• The access rights byte defines how the memory segment is accessed via a program.
• The 80286 microprocessor allows a memory segment to start at any of its 16M bytes of
memory using a 24-bit base address.
• The 80386 and above allow a memory segment to begin at any of its 4G bytes of memory
using a 32-bit base address.
• The limit is a 16-bit number in the 80286 and a 20-bit number in the 80386 and above.
• This allows an 80286 memory segment limit of 64K bytes, and an 80386 and above memory
segment limit of either 1M bytes (G=0 ) or 4G bytes ( G=1).
• The L bit selects 64-bit address operation in the code descriptor.
• The segment register contains three fields of information in the protected mode.
• The leftmost 13 bits of the segment register address one of 8192 descriptors from a descriptor table.
• The TI bit accesses either the global descriptor table (TI=0 ) or the local descriptor table (TI=1 ).
• The rightmost 2 bits of the segment register select the requested priority level for the memory
segment access.

95
Summary
• The program-invisible registers are used by the 80286 and above to
access the descriptor tables.
• Each segment register contains a cache portion that is used in
protected mode to hold the base address, limit, and access rights
acquired from a descriptor.
• The cache allows the microprocessor to access the memory segment
without again referring to the descriptor table until the segment
register’s contents are changed.
• A memory page is 4K bytes in length. The linear address, as generated
by a program, can be mapped to any physical address through the
paging mechanism found within the 80386 -Pentium 4 microprocessor.

96
Summary
• Memory paging is accomplished through control registers CR0 and CR3.
• The PG bit of CR0 enables paging.
• The contents of CR3 addresses the page directory.
• The page directory contains up to 1024 page table addresses that are used to access
paging tables.
• The page table contains 1024 entries that locate the physical address of a 4K-byte
memory page.
• The TLB (translation look-aside buffer) caches the 32 most recent page
table translations.
• Speeds the execution of the software.
• The flat mode memory contains 1T byte of memory using a 40-bit address.
• The flat mode is only available in the Pentium 4 and Core2 that have their 64-bit
extensions enabled.

97