Chapter -15

The 80286,80386 and 80486 Microprocessors

Prepared By: Prof. Vimal L. Vachhani

Assistant Professor,
Department of Information Technology,
DDU, Nadiad
Time Slice Scheduling: In
a full-fledged multitasking or multiuser operating
system, part of the operating system determines when it is time to switch
from one task to another is called, scheduler, dispatcher or supervisor.

Preemptive Priority based scheduling: In

a system which uses preemptive priority
based scheduling, an executing lower priority task can be interrupted by a
higher priority task.

•It is suitable to some control applications because it allows the most

important task to be done first.

Preserving the environment: The

registers data, pointers, etc., used by an
executing task are referred as its environment, state or context.

Accessing Resources: Anotherproblem in encountered in a multitasking system

is assuring that task have orderly access to resources such as printer disk
drives,etc.

The Need of Protection:

When you write an assembly language program, you usually refer to
addresses by name. The address you work With in a program are called
logical addresses, because they indicate the logical position
of code and data.
 FEATURES OF 80286:

•16-bit high performance CPU

•16-bit data bus and 24-bit address bus. Address directly 224=16MB
• Supports 1GB of Virtual memory
•Supports real and protected modes
•In real mode, it works as the faster 8086 and access only 1 MB memory.
• In protected mode it can access 16MB memory. This mode is used to
implement the operating systems with multiuser and multitasking.
•Additional Instruction and Addressing modes
•Improved pipelining with four internal functional units
•External math coprocessor
•The Register set is same as 8086 with an additional register MSW(Machine
Status Word)
•Four Segment Privilege level. The segment with a lower privilege level can not
access segment with a higher privilege level directly.
In the format of MSW bit 1 ,2 and 3 are used to indicate whether processor
extension(coprocessor) is present in the system or not. Bit 0 of the MSW is used to switch
the 80286 into protected mode.

Once an 80286 is switched into protected mode by executing the LMSW instruction, the
only way to get an 80286 back to its real address mode is by resetting the system.
FEATURES OF 80386:

1) 32bit data bus and 32 bit non multiplexed .232 =4GB

2) Fully 32-bit CPU
3) Support 64TB Virtual memory
4) Operates in three modes real, protected and virtual 8086
5) A 80386 can operate in real mode , protected mode or a variation of
protected mode called virtual 8086 mode
6) In real mode, it works as the faster 8086 and access only 1 MB
memory. Protected mode provides MMU with memory segmentation,
protection and multitasking.
7) Segment size from 1byte to 4GB
8) Support paging mechanism to implement demand paging
9) Provides 32bit extended registers, six 16bit segment registers,
protected node register s,control registers, debug registers and test
registers
10) Improved Instruction and new Addressing modes.
11) Improved pipelining with Six functional units
•Real operating mode of 80386:
•After a reset the 386 operates in real address mode. In this mode it functions basically as fast 8086 or real mode
80286.
Real Address Mode of 80386
•After reset, the 80386 starts from memory location
FFFFFFF0H under the real address mode. In the real mode,
80386 works as a fast 8086 with 32-bit registers and data
types.
•In real mode, the default operand size is 16 bit but 32- bit
operands and addressing modes may be used with the help
of override prefixes.
•The segment size in real mode is 64k, hence the 32-bit
effective addressing must be less than 000FFFFFH. The real
mode initializes the 80386 and prepares it for protected
mode.
•The segments in 80386 real mode may be overlapped or
non-overlapped.
•The interrupt vector table of 80386 has been allocated
1Kbyte space starting from 00000H to 003FFH.
•Memory Addressing in Real Mode: In the real mode, the
80386 can address at the most1Mbytes of physical
memory using address lines A0-A19.
•Paging unit is disabled in real addressing mode, and
hence the real addresses are the same as the physical
addresses.
•To form a physical memory address, appropriate
segment registers contents (16-bits) are shifted left by
four positions and then added to the 16-bit offset address
formed using one of the addressing modes, in the same
way as in the 80386 real address mode.
•The segment in 80386 real mode can be read, write or
executed, i.e. no protection is available.
•Any fetch or access past the end of the segment limit
generate exception 13 in real address mode.
Register Organization:
•The 80386 has eight 32 - bit general purpose registers
which may be used as either 8 bit or 16 bit registers.
•A 32 - bit register known as an extended register, is
represented by the register name with prefix E.
•Example : A 32 bit register corresponding to AX is EAX,
similarly BX is EBX etc.
•The 16 bit registers BP, SP, SI and DI in 8086 are now
available with their extended size of 32 bit and are names
as EBP,ESP,ESI and EDI.
•AX represents the lower 16 bit of the 32 bit register EAX.
• BP, SP, SI, DI represents the lower 16 bit of their 32 bit
counterparts, and can be used as independent 16 bit
registers.
•The six segment registers available in 80386 are CS, SS,
DS, ES, FS and GS.
•The CS and SS are the code and the stack segment
registers respectively, while DS, ES,FS, GS are 4 data
segment registers.
•A 16 bit instruction pointer IP is available along with 32 bit
counterpart EIP.
•Flag Register of 80386: The Flag register of 80386 is a 32
bit register. Out of the 32 bits, Intel has reserved bits D18 to
D31, D5 and D3, while D1 is always set at 1.Two extra new
flags are added to the 80286 flag to derive the flag register
of 80386. They are VM and RF flags.
 • VM - Virtual Mode Flag: If this flag is set, the 80386 enters
the virtual 8086 mode. This is to be set only when the 80386 is
in protected mode. In this mode, if any privileged instruction is
executed an exception 13 is generated. This bit can be set
using IRET instruction or any task switch operation only in the
protected mode. if VM=0, 80386 is in real or protected mode.
•RF- Resume Flag: This flag is used with the debug register
breakpoints. It is checked at the starting of every instruction
cycle and if it is set, any debug fault is ignored during the
instruction cycle. The RF is automatically reset after successful
execution of every instruction, except for IRET and POPF
instructions.
•Special purpose register: The special purpose register
include four protected mode registers, four control registers,
eight debug register and two test registers.
(1)Four Protected mode registers
GDTR(48bits),IDTR(48bits),LDTR(16bits),TR(16bits).
They are used in protected mode for memory segmentation, protection and
multitasking.

(2)Control Registers: The 80386 has four32 bit control registers CR0,
CR1, CR2 and CR3.CR0 contains total six flags.PE(Protection enable)PE=0 real
mode PE=1 protected mode ,MP(Math coprocessor Present),EM(Emulate
floating point coprocessor),ET(Extension type)coprocessor attached is
80387,PG(Paging)PG=1 MMU is enable.
•CR1 is reserved while CR2 and CR3 are used for paging mechanism.
(3) Debug Registers: Intel has provide a set of 8 debug
registers for hardware debugging. Out of these eight registers DR0 to
DR7, two registers DR4 and DR5 are Intel reserved.

(4) Test Registers: Intel has provide two test registers(TR6 and
TR7 used for internal testing purpose..
Protected Mode of 80386:
•All the capabilities of 80386 are available for
utilization in its protected mode of operation.
•The 80386 in protected mode support all the software
written for 80286 and 8086 to be executed under the
control of memory management and protection
abilities of 80386.
•The protected mode allows the use of additional
instruction, addressing modes and capabilities of
80386.
ADDRESSING IN PROTECTED MODE: In this mode, the
contents of segment registers are used as selectors
to address descriptors which contain the segment
limit, base address and access rights byte of the
segment.
•The effective address (offset) is added with segment
base address to calculate linear address. This linear
address is further used as physical address, if the
paging unit is disabled, otherwise the paging unit
converts the linear address into physical address.
•The paging unit is a memory management unit
enabled only in protected mode. The paging
mechanism allows handling of large segments of
memory in terms of pages of 4Kbyte size.
•Segments are interpreted differently in Protected Mode vs.
Real Mode:
•Segment register contains a selector that selects a descriptor
from the descriptor table.
•The descriptor contains information about the segment, e.g.,
it's base address, length and access rights.
•The offset can be 32-bits.
 63 56 55 52 51 48 47 40 39 16 15 0

Base G D X U Limit P DP S TYPE A Base Limit

(31-24) (19- L (23-0) (15-0)
16)

15 8 7 0
Base(31-24)
G D X U Limi 6
t
(19-
16)
P DP S T A Base(23-16) 4
Access Rights Byte L Y
P
E
Base(15-0) 2
Limit(15-0) 0

80386 Descriptor Format

•The Limit field defines the length of a segment in bytes minus 1.it is a 20
bits filed with bits 0-15 defining the lower 16bits and bits 48-51 defining the
upper 4bits.The value stored in limit field is length in bytes minus 1.

•E.g. if limit field is 003FFh it means that valid offset range is 0000 to
003FFh and the length of the segment is 00400h.

•To define a segment with only 1 byte the limit field would be 00000h.

•To define a segment of 1MB the limit field would be FFFFFh.

•Above definition of Limit field is true when G=0,the length is measured in

bytes.

•When G=1 length is measured in 4KB(chunks)

•Eg. Limit field is 0000 and G=1 the length of segment is 4KB
 •Bit40-47 in the segment descriptor define the access right.
Field Posi Meaning Function
tion
A Bit It is set when a segment define A=0 segment has not been accessed
(Access 0 by the descriptor is accessed. A=0 segment has been accessed
bit)
TPYE Bit It define the type of
(segment 1 2 segment(code, data, stack)
type) &3

S Bit If S=0 it is system segment S=0 system segment descriptor

(System 44 descriptor. If S=1non system S=1 code or data segment descriptor
bit) segment descriptor.
DPL Bit It defines the privilege level of Segment privilege attribute used in
(Descrip 45- the segment from 0 to 3. privilege test
tor 46
privilege
level)

P(Presen Bit If P=1 segment is physically P=0 segment is not mapped to physical
t bit) 47 present otherwise it is not memory
present. P=1 segment is mapped into physical
 •Types of Segment
Type Value Type of Segment
E ED R/W (Data seg. S=1 & E=0)
E C R/W (Code seg. S=1 & E=1)
0 0 0 Data segment, read only
0 0 1 Data segment, read/write
0 1 0 Stack segment, read only

0 1 1 Stack segment, read/write

1 0 0 Code segment, execute only

1 0 1 Code segment, execute/read

1 1 0 Code segment, execute only confirming

1 1 1 Code segment, execute /read confirming

E= executable, C=confirming, R=Readable, W=writable ED=expansion direction ED=0, Expand UP segment

OFFESET must be<= LIMIT.ED=1, Expand Down segment OFFESET must be>LIMIT
•Bit52-55 define four 1 bit field

Field Position Meaning

U Bit 52 It is not used by 80386 and is left for
(User the user to define it.
bit)
X Bit 53 It is reserved by intel can not be used
(Reserve by user.
d bit)
D Bit 54 This bit define the size of the operands.
(Default If D=0,operands are 16-bit and if
bit) D=1,operands are 32-bits.
G Bit 55 When G=0,the length is measured in
(Granul bytes.When G=1 length is measured in
arity bit) 4KB(chunks)
Did You Note!!
 There is an 100 % degradation in Memory access
time – because every memory access is two
accesses now, one for getting the base address and
another for actually accessing the data.

 A solution indeed: Along with the segment

registers, keep a shadow registers which stores
additional necessary information.
 Visible part Hidden part

Segment selector Base Address, CS

Limit, DPL.
SS

DS

ES

FS

GS
•When an attempt is made to access a segment by loading a segment selector into
the visible part of a segment Register,386 automatically makes several checks.

•To access a data segment for example, the selector might be loaded into the visible part o
the DS,ES,FS or GS register

•First of all it checks to see if the descriptor table indexed by the selector contains a valid
descriptor for that selector. If the selector attempts to access a location outside the limit of
the descriptor table or the location indexed by the selector in the descriptor table does not
contain a valid descriptor, then an exception is produced.

•Second it also checks to see if the segment descriptor is of the right type to be laded into
the specified segment register. for example descriptor for a read only data segment, canno
be loaded into SS register because stack must be able to be Written to. A Selector for the
code segment is “execute only” so can not be loaded in to the DS register.
•If privilege level of the selector and the privilege level of the current code
segment is not as high the privilege level of the descriptor an exception will be
produced an access will not be Allowed.

•If all these protection conditions are met, the limit, base and access right byte of
the segment descriptor are copied in to The invisible part of the segment
register.

•The 386 then checks the P bit of the accesses byte to see if the segment for
descriptor is present in physical memory. If it is not present type 11 exception is
produced the exception handler will read the segment in From disk to physical
memory.

•The address produced by program does not fall outside the limit.

•Attempts to write a code segment or read only data segment will cause an
exception.
15 2 1 0

TI RPL
Example-1

0010 0110 0100 0000

1011 0011 0111 1111

0000 1100 0000 0010

0000 0011 1111 1111

The segment start from the linear address 267F0C02h(Base)

The length of the segment is 1KB(Limit=003FFh)
The segment is a user defined data segment with read/write
permission(S=1,Type= 001)
The privilege level of segment is 1(DPL=01)
The segment is physically present(P=1) and already access(A=1)
The operand in the segment are 32bits(D=1)
The Limit in terms of bytes(G=0)

P DP S T A
L Y
P
 Example:2

Describe the following descriptor in detail. Selector of this descriptor must be loaded into
which register of 80386 in PM?

00h 40h 6

9Bh 80h 4
00h 00h 2
00h 20h 0

Which are all the checks 80386 will do and will there be exception(s) due to this
checks ?

P DP S T A
L Y
P
E
1 00 1 101 1
Example:3

The following is valid data segment descriptor and already cached in invisible
portion of the DS :
00h CFh 6

91h 00h 4
00h 80h 2
FFh FFh 0

Now if following instruction is executed in PM of 80386 :

MOV [000FFFF0h],12345678h
Will there be any exception ? Justify your answer. If any exception, suggest the
modification in the descriptor to avoid that exception.
Descriptor tables and Selectors: The 80386 starts in the real mode whenever it receives the reset.

•We can switch from real mode to protected mode by setting PE bit in the CR0 register.
•The protected mode permits memory management, virtual addresses, paging protection and
multitasking capabilities through MMU
•In protected mode for each segment one segment descriptor is created and managed.
•For a multitasking system at a time plenty of segments are in memory, which are parts of
different task. Which needs large number of segment descriptors so that memory areas
described by them are accessed by the processor for executing different task.
•How does the 80386 organize a large number of segment descriptors so that they can be
easily accessed to make references to segment spaces?
•The 80386 organizes the segment descriptors by grouping them in the tables depending on
the purpose of the segment descriptors

•Three types of the 80386 descriptor tables are listed as follows:

•GLOBAL DESCRIPTOR TABLE ( GDT ) (GDTR)-LGDT instruction executed system is
booted
•LOCAL DESCRIPTOR TABLE ( LDT ) (LDTR)-LLDT- instruction-highest privilege
Level
•INTERRUPT DESCRIPTOR TABLE ( IDT ) (IDTR)
GDT(Global Descriptor Table): The GDT represents global memory are shared by all the software tasks.
The 80386 protected mode needs only one GDT.
•The descriptor tables stores the segment descriotos,each of 8 bytes.
•The GDT stores maximum 8192(0 to 8181) decriptors,each of 8 bytes making maximum size 64KB.

Example-2 Given Base=00100F23h and Limit=03FFh in ht GDTR, What does it mean?

GDT Start from linear address 0100F23h
The size of GDT is 03FFh+1=1092 bytes.
The number of descriptor in GDT is 1092/8=128
Descriptor

GDTR

47 16 15 0
Descriptor
Base Limit Descriptor
Descriptor
IDT(Interrupt Descriptor Table):IDT is used to stores the descriptors for exception handles.

LDT(Local Descriptor Table):LDT is local to a task and can be created per task basis, but it is optional.

•The 80386 protected mode defines only one GDT and IDT whereas LDT can be multiple.
•The protected mode registers GDTR,IDTR and LDTR are used to keep track of GDT ,IDT and LDT in memory respectively.
•The task either use all the descriptors from the GDT if it does not define it own LDT.
•An LDT is not define as independent table, rather its defined as an extension to GDT containing the Base and Limit of the
LDT.
•That means the maximum number of LDT can be 8192 if all the descriptors in the GDT are LDT descriptors.

•Selectors: The 80386 contains six segment registers. The segment registers in the real mode have the same role as 8086.
•The role of segment registers entirely changes in the protected mode, segment register act as selector.

15 2 1 0

TI RPL

The format of Selector.

RPL=requested privilege level(0to3)
TI(Type indicator TI=0 selector refers to GDT TI=1 selector refers to LDT)
The width is 213 making 8192 descriptors each of 8 bytes making total size 64KB

Example-3 Given the selector value 2F32h find the table referred to and the index of the
pointed descriptor.
It is pointing to descriptor 1510 in GDT
 Descriptor Descriptor
LDTR

Index 0
Descriptor LDT
Descriptor Descriptor
Descriptor Descriptor
GDTR (LDT)
BASE
Descriptor

Memory
GDT
•User task can be protected from each other in a 386system by giving each task
its own local descriptor table .

•The LDT register which points to user’s local descriptor table can only be
changed with the LDTR instruction or by a task switch.

•The LDTR instruction can be executed only at the highest privileged level which
is usually reserved for the operating system.

•Likewise a switch form one task to another task is done by the operating system
At the highest privilege level.

•So, user task operating at lower privilege level cannot cause switch to other user
tasks. Also because of the limit checking , a task cannot accidently or
intentionally access descriptor in the another task local descriptor table.
 Two process each of PL = 3 should be allotted segments such that one should not access the segments of
other.

GDTR
GDT

All descriptors in GDT

have
PL = 0,1,2

LDTR
LDTR

Per process
Per process

If at all each process should access memory, it has to use the descriptors in its LDTR only
and it cannot change the LDTR/LDT/GDTR/GDT contents as they would be maintained in
a higher privileged memory area.
Introduction to Protection Model:
•The 80386 can run a task at one of the four privilege levels-0,1,2 and 3 where
level-0 is most privileged and level-3 is least privileged.

•The kernel of the operating system perform all the important task like process
management ,memory management and runs at level-0 as it needs to access all
the resources including privileged resources.

•The user tasks are running actually at lowest privileged level-3.

•The privilege 0,1 and 2 together called supervisor mode and privilege 3 is
called user mode.
•DPL,CPL,RPL

•DPL(Descriptor privilege level) field of segment descriptor defines the privilege level
of an entire segment. The CPL (Current privilege level) is set to DPL from where the
processor is fetching a instruction.

•The DPL of the segment(CS,DS,SS) is defined at the time of creating the segment
descriptor.

•CPL changes as the process moves from one code segment to other code segment.

•The code segment can access the data at the same or lower privilege levels than the
CPL. The access is allowed if DPL≥maximum(CPL,RPL).

•The code segment can access the stack only at the same privilege level that is only
target DPL=CPL.

•The code segment can transfer the control to another code segment if both are at the
same privilege level.
•The FAR jump or FAR Call instruction can transfer the control directly by
specifying the location within another code segment with the same privilege
level as the CPL.

•What if the target code segment at different privilege level?

•There are two ways

(1)Confirming code segment:

The code segment can transfer a control to a target code segment with a
lower privilege level provided the target code segment is defined as confirming
code segment. We can not use privilege instructions into the confirming code
segment.
(2)Call Gates

• There are four types of gates call, interrupt, task and trap.

• The call gates are used to implement the control transfer

mechanism for higher privilege codes. A call gate is simply special
type of descriptor. Gate descriptor are put into the GDT or LDT

• A call gate is a system segment descriptor with S=0 .

• If we have transferred the control to higher privilege level then we
can not access old stack
• The TSS(Task State Segment) of the task maintains stacks for each
privilege level.
• The WC(Word count) field defines the numbers of double word
parameters to be copied from the old stack segment to the new stack
segment.
Target DPL≤maximum(CPL,RPL)≤call gate DPL
• e.g. if CPL of the current code segment is 1,then it can use the call
gate with DPL 1,2 or 3 and transfer the control to the with code with
DPL 0 or 1.
 The format of a call gate

15 87 0

Destination offset(31-16)

P DP (0) TYPE 000 Word Count

L S 1100 (WC)
Destination Selector(15-0)
Destination offset(15-0)
Calling With the call gate

Descriptor
Destination
offset(Call
gate Target Code segment
descriptor)

FAR CALL Instruction Code Segment Descriptor

CALL SEG OFFSET G
D
Call gate Descriptor T

Descriptor
Descriptor

Memory
 Calling Higher privileged code

Code Seg Code Seg

Code Desc

CALL SEG OFFSET

CALL SEG OFFSET

Gate – Sel + Code Desc

offset

Correct Incorrect
 80386 Multitasking and Exception
Multitasking: The multitasking system allow execution of multiple tasks
from one or more users at the same time using a concept called time
sharing.

•The processor runs a task for a period of a time slice and switches to the
next task waiting for its turn.

•After execution of last task processor comes again to the first task

•This make it mandatory to save the state of the task somehow so that it
can be started next time with the last state, not from the beginning, and
thus the task moves forward towards finishing.

•The 80386 multitasking environment provides all the support for

executing multiple task without any problem

•The concept of multitasking looks very simple raises many issues, solving
which makes the system complex
•The processor needs to remember the correct point to resume the task.

•Not only remember the correct point but also remember the last state
including register flags and other state information.

•The entire state of a task including the execution point, register flags and
other necessary status information is called context of the task.

•Whenever the time slice for the current task is over ,the context of the
task is saved and the context of the next task to be executed to resume it
correctly.

•The process of saving the context of an outgoing task and loading the
context of an incoming task is known as context switching or task
switching.
Task State Segment
•The 80386 uses a special segment called task state segment to save the
context of a task.
•The TSS is described by a system segment descriptor called TSS
descriptor.
•The TSS descriptor can stored only in GDT.
•The Value of TYPE field is 1001 which indicates the TSS is available.
•When task represented by TSS is executing value of TYPE field is 1011.

Base(31-24) GD X U Limit 6
(19-
16)
P DPL S TYPE Base(23-16) 4
(0) 10B 1
Base(15-0) 2
Limit(15-0) 0

The format of TSS descriptor

•The 80386 needs minimum 104 bytes to store the state of the task.
•This indicates that limit field in the TSS descriptor can never be less than
the value 00067h.

•The TSS stores all the general purpose registers including eight extended
registers ,extended instruction pointer ,EFLAG and six segment register.

•Storing the CR3 register in the TSS indicates that the page directory and
the page table can also be changed from task to task.
•The back link field is used to store the selector of the previous task in a
task chain specifically when the task are nested so that it can return to the
calling task.
•The Bit_map field is used for the I/O permission.
•The TSS also store the details of stack(SS and ESP) at privilged level 0 ,1
and 2.
•The worst case is CPL of the task is 3 which needs to access the code at
any higher privileged level 0,1,2.
•For each task one TSS is required to store its context.
•TSS initialized only once when the task is created first time.
Bit_Map offeset - T
- LDT
- GS
- FS
- DS
- SS
- CS
- ES
EDI
ESI
EBP
ESP
EBX
EDX
ECX
EAX
EFLAG
EIP
CR3
- SS2
ESP2
- SS1
ESP1
- SS0
ESP0
Performing A task switching

•How does 80386 performs a task switch?

•Normally a task switch happens as result of executing the FAR JMP or

FAR CALL instruction.

•Another way is the occurrence of the interrupt or exception

•TR Register

•The task register plays an important role in task switching

•The TR always hold the selector value of TSS descriptor of the current
task
•The TR is updated automatically when a task switch happens to keep it
current.
 LIMIT

TSS

TR

TSS
Descriptor

GDT
BASE

Physical Memory
The TSS of the current Task
 Task Switching
•Let us see how the execution of the FAR CALL or FAR JMP
instruction causes a task switch.
•One of the operand in the FAR JMP or FAR CALL instruction is
selector value.
•The 80386 provides two different ways for a task switch, one by
directly refereeing to TSS descriptor using it selector value and
second by using Task gate.

•Direct Method
•In this method the task switching instruction(FAR JMP and FAR
CALL) contains directly the selector value of TSS descriptor of the
new task to which the context switch is going to happen.
•The CPL or RPL of the current task, whichever is higher ,must be
privileged enough to refer to the TSS, that is, it must have equal or
higher privilege than that of the TSS. The violation of this rule result
in a general protection fault.
Maximum(CPL,RPL)≥TSS DPL
The format of a Task Gate

15 87 0

P DP (0) TYPE -
L S 0101
Destination Selector(15-0)
-
•Task Gate
•In this method the task switching instruction(FAR JMP and FAR CALL)
contains
The selector value of the task gate which is very similar to the call gate. It is a
system segment descriptor with TYPE=0101.
•The task gate contains only the selector field which contains the selector field
which points to the TSS descriptor of the task to which task switching is to
happen.
•The violation of the following rule result in a general protection fault.
Maximum(CPL,RPL)≥Task gate DPL
Nested Task
•If task switch happens due to execution of a FAR CALL instruction or an
exception or interrupt, the new task or exception runs as the nested task
within the current task. The nesting of more level creates a task chain.
• The 80386 set the NT flag in the EFLAG register if the new task is nested
inside the current task.
•The TSS contains the 16 bit Back Link field to store the selector of the TSS
of the caller task if the task is nested task.
•That means if the NT=1 the back link field is valid and it store the selector
value of the TSS of the caller task.
•The NT=1 indicates the current task is child of the parent task having parent
selector in the Back Link field.
•Task Scheduling
•Who will perform the task switching?
•The operating system contains the software module called scheduler.
•The scheduler has well defined policy to select the next task fro the
execution.
I/O Privilege Levels

•When 80386 operating in protected mode it has two mechanism for

protecting I/O ports.
•The first mechanism involves the I/O privilege level bits in the 80386
EFLAGS. Only the OS or the procedure which is running at higher
privilege level can set these IOPL bits.
•In order to execute IN,INS, OUT, OUTS,CLI and STI instructions the
CPL of the task is must be same or lower number then IOPL. If it does not
satisfy this then privilege level exception is generated.
•Second mechanism to protect I/O ports form unauthorized access is an
I/O permission Bit map.

•The minimum size of the TSS for a task is 104bytes.However the TSS is
like any other segment and can be as large as 4GB.
•We can Extend the TSS beyond the 104bytes to store some useful
information.
•One such optional information is the I/O permission bit map for the task.
 I/O Permission
•We know that the instruction CLI ,STI ,IN,INS,OUT are trusted
instructions which can be executed by the task only if its CPL is
less than or equal to IOPL.

•The IOPL is a 2bit field in the ELAG register and change from task to
task.

•If the I/O permission bit map is defined for the task, we can execute
the I/O instructions even though the standard privileged check fails.
•The field at the offset 0066h in the TSS is the bit map offset.
•It store the offset at which I/O permission bit map starts.
•The I/O permission bit map is sequence of bits ,one for each byte I/O
port address.

•Each bit in the I/O permission bit map correspond to one byte I/O
port address.

•For example, the least significant bit of the first byte is the I/O
permission for the byte 0 ,next for address 1 and so on.
 80386 Exception
•The 8086 categorizes interrupts as hardware interrupts, exceptions and
software interrupts
•The 80386 interrupt and interrupt handling in the protected mode is also
similar to 8086 processor.

•The 80386 exceptions are nothing but the interrupts in the 80386 system
including hardware interrupts(maskable and non maskable),software
exceptions and software interrupts(INT n).

•The source of the hardware interrupts are the signals from the external
devices received either on INTR or on NMI pins.
•The interrupt received on INTR are maskable, where as on NMI are non
maskable.
•The software interrupt are caused by executing the INT n instruction ,where
n is the interrupt number or vector number and ranges from 0 to 255.
•The software exceptions occur due to the error condition like privilege
violation, accessing address outside the LIMIT.
There are three types of software exception in 80386.
(1)TRAP:
The software traps are caught after an error occurs. The execution is resumed from the next instruction after
completing the exception handler. They occurs in debugging or breakpoints.

(2)Fault:
The software faults are caught before they occur. Execution is resumed from the instruction that caused the fault.
Privilege violation and segment limit overrun are example of faults.

(3)Abort:
The software abort are caught after an error occurs. The program causing abort is terminated.

Vector Number category

0-16 The 80386 internal interrupts
17-31 Reserved
32-255 Maskable interrupts and INT n
vectors
The 80386 protected mode exception
 The IDT and Exception handling
•We know that 80386 protected mode uses three types of descriptor tables:
GDT, LDT and IDT.

•The IDT is like the GDT and 80386 needs only one.

• The IDT stores the descriptors which act as an entry point(gate) for the
corresponding exception handler(ISRs).

•The IDT stores the 256 gate descriptor, one for each vector, as the 80386
recognize a total 256 exception in the protected mode identified by vectors 0
to 255.

•In that sense IDT looks very similar to vector table.

•The only difference is that it store the descriptor gates rather than directly
the addresses.
The IDT and Exception handling
•Consider 8 bytes for each descriptor, the size of IDT is 256*8=2KB.

•That means limit of the IDT is 07FFh.

•The GDT and LDT is referred to by selectors, as the TI bit in the

selector selects one of them.
•This is not the case with the IDT.

•When an exception occurs , the 80386 gets the vector number which
act as an index into the IDT and the gate descriptor at that index into
the IDT is used to transfer the control to the respective handler.
•The IDTR register store the base and limit of the IDT.
•An interrupt through a interrupt gate change IF but an interrupt
through an trap gate does not resets IF.
•The IDT stores three different types of descriptor
(1)Interrupt Gate Descriptor
(2)Task gate
(3) Trap Gate
 GATE 255
IDTR GATE 254
47 40 39 16 15 0
Interrupt Descriptor Table
BASE LIMIT
GATE 2
GATE 1
GATE 0

Memory
The format of a Interrupt Gate Descriptor

15 87 0

Destination offset(31-16)

P DP (0) TYPE Reserved

L S 1110
Destination Selector(15-0)
Destination offset(15-0)
 Exception Handler Code Segment

OFFESET

Vector Number

Interrupt
GDT or LDT
Gate

IDT
SELECTOR Descriptor

Accessing an exception code using an interrupt gate Physical Memory

The format of a Trap Gate Descriptor

15 87 0

Destination offset(31-16)

P DP (0) TYPE Reserved

L S 1111
Destination Selector(15-0)
Destination offset(15-0)
If an interrupt type 16d Comes and IDTR=00001000008F, show that it will point to a valid interrupt gate
descriptor in IDT. The following is the interrupt Gate descriptor whose contents is as follows:

80h 00h 6

EEh 08h 4
00h 80h 2
00h 00h 0

Prove that it is a valid 80386 interrupt gate descriptor. Now if GDTR=00008000007F, selector of interrupt gate
descriptor will generate any exception? If yes, do the correction in the selector of the above descriptor such that
there would not be any exception. If no ,why?

First check the Limit field base on the interrupt type number of IDT. For this example interrupt type=16d so it
stored at 17th location in the IDT so limit should not be less than 17d. Then check S bit and TYPE field to prove
it valid or not

Second check the destination offset value from the give descriptor it should not be more than the limit specified
in GDTR otherwise it will generate exception.
 If an interrupt comes on IR0 pin of 8259 and upper five bits of ICW2 contains 00100 b and
IDTR=00000000007fh, will there be any exception ? If any exception, correct the content of IDTR. The
following is the interrupt Gate descriptor whose content is as follows :

00h 0Fh 6

EEh 00h 4
00h 80h 2
00h 00h 0

Prove that it is a valid interrupt gate descriptor.

IR0 pin of 8259 will set ICW2 register with interrupt type number. upper 5 bits, lower 3 bits are always 0 for ICW2.

D7 D6 D5 D4 D3 D2 D1 D0

0 0 0

ICW2
Paging:
•Paging Operation: Paging is one of the memory
management techniques used for virtual memory
multitasking operating system.
•The segmentation scheme may divide the physical
memory into a variable size segments but the paging
divides the memory into a fixed size pages.
•The segments are supposed to be the logical
segments of the program, but the pages do not have
any logical relation with the program.
•The pages are just fixed size portions of the program
module or data.
•The advantage of paging scheme is that the
complete segment of a task need not be in the
physical memory at any time.
•Only a few pages of the segments, which are
required currently for the execution need to be
available in the physical memory. Thus the
memory requirement of the task is substantially
reduced, relinquishing the available memory for
other tasks.
•Whenever the other pages of task are required
for execution, they may be fetched from the
secondary storage.
•The previous page which are executed, need
not be available in the memory, and hence the
space occupied by them may be relinquished
for other tasks.
•Thus paging mechanism provides an effective
technique to manage the physical memory for
multitasking systems.
•Paging Unit: The paging unit of 80386 uses a two
level table mechanism to convert a linear address
provided by segmentation unit into physical
addresses.
The paging unit converts the complete map of
a task into pages, each of size 4K. The task is further
handled in terms of its page, rather than segments.
The paging unit handles every task in terms
of three components namely page directory, page
tables and page itself.
•Paging Descriptor Base Register: The control
register CR2 is used to store the 32-bit linear
address at which the previous page fault was
detected.
The CR3 is used as page directory physical
base address register, to store the physical
starting address of the page directory.
The lower 12 bit of the CR3 are always zero
to ensure the page size aligned directory. A move
operation to CR3 automatically loads the page
table entry caches and a task switch operation, to
load CR0 suitably.
 The 80386 Control Registers

31 0

CR0 P E T E MP
G T S MP E
CR1

CR2 Page fault linear address

PDBR (12bits)
CR3 (Page Directory Base
address )(20bits)
 Page Frame
Page 4KB
Table 1023
Page Frame
PTE 1023 4KB
PDE 1023
. Page Frame
. 4KB
PTE N
CR3 PTE 1 Page Frame
PDE 1 4KB
PDBR PTE 0
PDE 0
Page Tables N Page Frame
4KB
Page Directory
Size=4KB

Page Page Frame

Table 0 4KB

Page Tables
Size=4KB Physical Memory
Linear to physical Address Translation
31 22 21 12 11 0

DIR PAGE OFFSET

Parts of Linear Address

Example-4
Assuming PDBR=23455h,the page table address in the PDE 5 =45345h,the page frame address in the
PTE 32 =67345h, What is the physical address for a linear address 014202CAh?

(1)The Linear address 014202CAh(0000 0001 0100 0010 0000 0010 1100 1010) means DIR=0000 0001
01=PDE index 5, PAGE=00 0010 0000=PTE index 32 and OFFSET=0010 1100 1010=2CAh.

(1)The Physical Address for the page directory is 23455000h(PDBR with lower 12 bits 0s).

(1)The PDE is located at the physical address 23455000h+5*4=23455014h.It is used to refer the page
table address from the PDE 5 which is 45345h.

(4) The physical address of the page table is 45345000h.

(5)The PTE is located at the physical address 45345000h+32*4=45345080h.It is used to refer the page
frame address from the PTE 32 which is 67345h.

(6)The physical address of the page frame is 67345000h.

(7) The memory location referred to is 67345000h+2CAh=673452CAh

31 12 11 10 9 8 7 6 5 4 3 2 1 0

PAGE OS 0 0 D A 0 0 U R P
TABLE RESERVED S
ADDRESS
W
31..12

Page Directory Entry

31 12 11 10 9 8 7 6 5 4 3 2 1 0

PAGE OS 0 0 D A 0 0 U R P
FRAME RESEV S W
ADDRESS ED
31..12

Page Table Entry

•Page Directory : This is at the most 4Kbytes in size.
Each directory entry is of 4 bytes,thus a total of 1024
entries are allowed in a directory.The upper 10 bits
of the linear address are used as an index to the
corresponding page directory entry. The page
directory entries point to page tables.
•Page Tables: Each page table is of 4Kbytes in size
and many contain a maximum of 1024 entries. The
page table entries contain the starting address of the
page and the statistical information about the page.
•The upper 20 bit page frame address is combined
with the lower 12 bit of the linear address. The
address bits A12- A21 are used to select the 1024
page table entries. The page table can be shared
between the tasks.
•The P bit of the above entries indicate, if the
entry can be used in address translation.
•If P=1, the entry can be used in address
translation, otherwise it cannot be used.
•The P bit of the currently executed page is
always high.
•The accessed bit A is set by 80386 before any
access to the page. If A=1, the page is
accessed, else unaccessed.
•The D bit ( Dirty bit) is set before a write
operation to the page is carried out. The D-bit
is undefined for page director entries.
•The OS reserved bits are defined by the
operating system software.
•The User / Supervisor (U/S) bit and read/write bit are
used to provide protection. These bits are decoded to
provide protection under the 4 level protection model.
•The level 0 is supposed to have the highest privilege,
while the level 3 is supposed to have the least
privilege.
•This protection provide by the paging unit is
transparent to the segmentation unit.
•In its protected mode of operation, 80386DX
provides a virtual 8086 operating environment to
execute the 8086 programs.
•The real mode can also used to execute the 8086
programs along with the capabilities of 80386, like
protection and a few additional instructions.
•Once the 80386 enters the protected mode from the
real mode, it cannot return back to the real mode
without a reset operation.
•Thus, the virtual 8086 mode of operation of 80386,
offers an advantage of executing 8086 programs
while in protected mode.
•The address forming mechanism in virtual 8086
mode is exactly identical with that of 8086 real mode.
Virtual 8086 Mode

•In its protected mode of operation, 386 provides a virtual

8086 operating environment to execute the 8086 programs.
•In virtual mode, 8086 can address 1Mbytes of physical
memory that may be anywhere in the 4Gbytes address space
of the protected mode of 80386.
•Like 80386 real mode, the addresses in virtual 8086 mode lie
within 1Mbytes of memory.
•In virtual mode, the paging mechanism and protection
capabilities are available at the service of the programmers.
•Thus, the virtual 8086 mode of operation of 386, offers an
advantage of executing 8086 programs while in protected
mode.
Virtual 8086 Mode
•The 80386 supports multiprogramming, hence more than one
programmer may be use the CPU at a time.
•The address forming mechanism in virtual 8086 mode is
exactly identical with that of 8086 real mode.
•To return to the protected mode from the virtual mode, any
interrupt or execution may be used.
•As a part of interrupt service routine, the VM bit may be
reset to zero to pull back the 80386 into protected mode.
•The virtual 8086 mode executes all the programs at privilege
level 3.Any of the other programmes may deny access to the
virtual mode programs or data.
Memory Model Of 80386
• The memory in the 386 and 486 system can be setup using
the Segment-only-model, the segmented-paged-model, the
simple flat model.
 80486 Microprocessor

• The 32-bit 80486 is the next evolutionary step up from the

80386.
• 32 byte prefetch queue.
• One of the most obvious feature included in a 80486 is a
built in math coprocessor on chip.
• 80486 is an 8Kbyte code and data cache on chip.this
improve the speed of 80486.
• It use four way set associative cache.
 .
 Pentium Microprocessor

Major futures of pentium processor are:

• Superscaler pipelined architecture.
• Separate cache for code and data each of 8KB.
• High performance floating point unit.
• Branch prediction logic.
 .