Intel 80386

Intel 80386
Features of 80386
Introduced in 1985 by Intel.
It is a 32 bit processor that supports 8/16/32 bit
data operands.
32 bit internal registers.New category of
registers,Viz, Control,Test and Debug
32 bit data bus.
It has 32 bit address bus, so it can address up to

232 = 4GB of RAM (Physical address).
Three different operating modes
Real,Protected and Virtual 8086.

3/11/2006 Y.H.Dandawate 3
Features Continued …..
Instruction set upward compatible to its predecessors.New
instructions deal with protection mechanism,memory
segmentation and paging MMU.
The Memory Management Unit (MMU) provides virtual
memory, paging and four levels of protection. The concept
of paging enables it to organize available physical
memory in terms of pages of 4K under segmented
memory.
Multitasking .
Clock frequency starting from 16 MHz. Different versions
have 33 MHz, 66 MHz.Available as 80386 DX, 80386
SX,80386 SL etc.
Features Continued …..
Data types supported are byte,word,double word
,unpacked BCD,Packed BCD, Long integer(64),Short
real(32),long real (64),extended real (80)( Real are for
floating point).
Available in 132 pin grid array package,some are in 100
pin etc.
It has 11 addressing modes.
Internal Architecture of 80386
Internal Architecture of 80386
Register Set
Flag Register
I/OPL, NT flag works in protected mode.

VM Flag, when cleared 386 operates in protected mode
When set operates in Y.H.Dandawate
3/11/2006
virtual. 9
Why Protection ?
The purpose of the protection features of the 80386 is
To help to detect and identify bugs in hundreds or
thousands of program modules.
To help debug applications run faster and make them
more robust.
To prevent users from interfering each other.
To prevent program bugs from damaging data.
To prevent Malicious attempts to compromise system
integrity.
To prevent accidental damage to data.
So ….
The 80386 contains mechanisms to verify memory accesses
and instruction execution for conformance to protection
criteria. These mechanisms may be used or ignored,
according to system design objectives.
The protection hardware of the 80386 is an integral
part of the memory management hardware.
Also by privilege Protection.
Registers
Memory Management Registers( Associated with Protection)
1) GDTR : Global Descriptor Table Register.
48 bit register.
2)IDTR : Interrupt Descriptor Table Register.
48 bit register.
3) LDTR: Local Descriptor Table Register.
16 bit register.
4) TR : Task Register . 16 bit register.
GDTR and LDTR points to the segment descriptor tables, GDT and
LDT.
IDTR points to the table of entry points for interrupt handlers.
TR points to the information needed by the processor to define the
current task.
Control Registers.
Three Control registers CR0,CR2 & CR3.
( CR1 is left undefined by Intel).
1) CR0
MSW : Status Word Machine.

0. PE : ( Protection Enable) Setting PE causes the processor to begin
executing in protected mode. Resetting PE returns to real-address
mode.
1. MP : ( Math Present): If set assumes that real floating point hardware
is attached to it.
CRO Contd…
2. EM : ( Emulate Co-processor) When this bit is set 386
will generate an exception 11 ( device not available)
whenever it fetches a floating point instruction. This
exception handler can be used to emulate floating point
hardware in software.
3. TS : ( Task Switched ) The processor sets this bit
automatically every time it performs a task switch. Cleared
by programmer.
4. ET : ( Extension type) ET indicates the type of coprocessor
present in the system (80287 or 80387).
31.PG : ( Paging) When set enables paging and if reset
disables paging in MMU.
CR2 and CR3
CR2 is read only which gives the last 32 bit
address that caused page fault.
Debug Registers
DR 0 to DR3
These registers hold up to four linear address
breakpoints.The addresses in registers are
compared with processors address
generation logic on every instruction and if
match is found an exception 1 ( debug fault)
is generated.
The debug address registers are effective
whether or not paging is enabled.
DR6 and DR7
B0 : The processor sets this bit when it references the linear

address contained in DR0 , modified by the conditions set by
LEN0, RW0,L0,G0,LE and GE fields in DR7. B1 to B3 are
applied similarly to Dr1 to DR3 respectively.
BD : Break for debug register access. This is set if the
exception 1 handler is invoked by illegal reference to one of
debug registers.
BS : Break for single step. ( If TF is set)
BT : Break for task switch.
3/11/2006 Y.H.Dandawate
These bits are never cleared by processor. 18
Contd …
L0: Local Enable 0, When this bit is set the
breakpoint address in DR0 is monitored as
long as the 80386 is running the curent
task.When the task switch occurs,this bit is
cleared by the processor and must be re-
enabled under program control.
G0 : As long as this bit is set 386 monitors the
linear address in DR0 all the
times,regardless of task.
Contd…
RW : These bits qualify the type of access that must occur at
the address in DR before break point is taken.
LEN : Break point length :specify the length of data

item to be monitored.
Contd…
LEN LEN bits in Reg. DR7
00 1 byte
01 2 bytes, word alligned
10 reserved
11 4 bytes, dword alligned
LE : Local Exact : if set, the processor slows execution
so that data breakpoints are reported on the
instruction that causes them.Only for current task.
GE : Global Exact
GD : Global Debug access: once this bit is set the processor
will deny all further access
3/11/2006 to any of the debug registers.21
Y.H.Dandawate
Test Registers
Two Registers TR6 and TR7
The test registers are used to perform confidence checking

on the paging MMU’s translation look aside buffer
(TLB).By writing into this register one can initiate write
directly into 80386 TLB or perform a mock TLB lookup.
TR6 is test command register and TR7 is test data register.
TR6
C ( Command) : When this bit is cleared ,a write to the TLB is
performed .If it is set processor performs TLB look up.
Linear Address: This is the tag field of the TLB. On a TLB write, a
TLB entry is allocated to this linear address and the rest of that TLB
entry is set per the value of TR7 and the value just written into TR6.
Physical Address: This is the data field of the TLB.On a write to the
TLB, the TLB entry allocated to the linear address in TR6 is set to this
value.
V: The valid bit for this TLB entry. All valid bits can also be cleared
by writing to CR3.
D, D#: The dirty bit for/from the TLB entry.
U, U#: The user bit for/from the TLB entry.
W, W#: The writable bit for/from the TLB entry.
TR7
REP ( Replacement Pointer): This field indicates
which set of TLB’s four way set associative cache
to write to.
PL: On a TLB write, PL=1causes the REP field of
TR7 to select which of four associative blocks of
the TLB is to be written, but PL=0 allows the
internal pointer in the paging unit to select which
TLB block is written.
Memory Segmentation
What is memory segmentation ?
How is segmentation in 80386 ?
1)It is not possible to represent all

information that defines a segment in a 16
bit register.
2) Some other things are required when you
deal about protection mechanisms.
3) Fundamental hurdle is user can no longer
access any address in the processor’s
memory space merely
3/11/2006
by asking.
Y.H.Dandawate 25
Features of Memory Segmentation in
80386
80386 provides a mechanism where by system
programmer defines what each segment will
be.Definition includes starting address,its
length,its intended use and other attributes.
( Memory segment need not be be of 64KB,
anything from 1 byte to 4 GB.
Attributes defines for what segment is used for
such as code,data,stack or other purpose, privilege
level)
In 386 system a program cannot cannot access an
area of memory unless that area has been
3/11/2006described to it. Y.H.Dandawate 26
Segment Descriptors
A segment is described by a special structure
called Segment descriptor.
A segment descriptor
Must be created for every segment.
It is created by programmer.
Has segments base address
Has Segment Size.
Segments Use
Segments privilege level.
Segment Descriptor Format
Base address bits : 32

Limit Address : 20 bits ( Length of segment –1)
A ( Accessed) : Processor automatically sets this bit
whenever a memory reference is made using the defined
segment.
DPL : (2) : Indicates the level of privilege associated with the
memory space that descriptor defines. DPL0 is highest
Segment Descriptor Contd…
S ( System ) : If clear indicates that this
is system segment descriptor. If set non-system.
P ( Present): If clear,the address range that this descriptor
defines is considered to be temporarily not present in
physical memory space.
U ( User): Undefined and ignored by 386,but user can use
it.
X : Reserved
D ( Default):When clear operands in this is segment is
assumed to be 16 bits and when set assumed to be 32 bits.
Segment Descriptor Contd…
G ( Granularity): When this bit is cleared ,the 20
bit limit field is assumed to be measured in units
of 1 byte.If set the limit is in units of 4 KB.
Type (3): Type of segment you are defining.
000: Data , read only ( ROM space)
001: Data ,R/W
010: Stack read only
011: Stack R/W
100: Code, execute only
101: Code execute/ read
110: Code execute only , conforming
111:Code execute / read, conforming
H.W . Go thro p 37Y.H.Dandawate
3/11/2006 & 38 of Turley for example.30
Descriptor Tables
You can create as many segment descriptors
you want.
How processor keeps track of all these
separate ,unrelated pieces of Information?
The segment descriptors that you defined
must be grouped and placed one after
another in continuous memory locations.this
group arrangement is known as descriptor
table.
Three types of Descriptor Tables.
Descriptor Table Registers
Descriptor Table Registers
GDTR
1] Maintains list of Most Segments
2] It’s a general Purpose table of descriptors.
3]May contain special system descriptor.
IDTR
Maintains list of Interrupt service routines.

LDT
1] Optional
2] Extends range of GDT
3] Is allocated to each task when multitasking
is enabled.
Segment Selectors
Once the descriptors are defined how does the
processor make use of them ?
Can we use segment registers ?
Segment register is used as pointer to the
descriptor table, so how to go from segment
register to segment descriptor to memory
segment ?
Any 16 bit value that you write into a segment
register is called a selector.
H.W – What is null selector.
Segment Selector Format
TI (2) Table indicator: When 0 GDT, when 1 LDT

RPL ( 0,1): Requested Privilege level ) : privilege checking
by protection mechanism.
Index (13) : The value selects one of 8192 descriptors in a
descriptor table.
Memory Addressing
Contd…
80386 has six segment registers
1] One for current code segment (CS)
2] One for current stack (SS)
3] Four for general data segments
(DS,ES,FS,GS)
H.W. How to load segment selectors ?
Local Descriptor Table Register ( LDTR)
LDT is extension of GDT,but assigned to
individual task.
LDT’s are created exactly like GDT’s and
IDT’s.
The LDTR refers to special LDT in GDT.An
LDT in GDT defines the base address and
limit of another descriptor table ,i.e. an LDT.
The GDT may contain any numbers of LDT
descriptor.
How memory location in LDT is accessed ?
LDT descriptor format.
Base 00 Limit P 0000010 Base Limit

Address
31-24
00 19-16 Address 15-00
23-00
P = Present bit,if 0 non present fault is generated.
More in Segmentation.
Segment Aliasing.
Reference to the same physical location
in memory using different segment
registers.So you can write into your
code space and execute your data
space,this is known as aliasing.
Segment Overlapping.
PRIVILEGE LEVELS
It’s one of the technique for implementing System level
protection and supported directly by hardware.
This protection features and functions are available to
operating system designers,application writers or would be
for system crashers.
The privilege protection mechanism catches more subtle
errors and malicious attempts to compromise the integrity
of the system.
The privilege system consist of four levels of privilege
numbered from 0 to 3. ( PL0 to PL3)being PL0 highest and
PL3 lowest.
Defining Privilege Levels
Privilege levels apply to entire segment.
The privilege level is defined in the segment
descriptor.DPL.( The descriptor has no privilege
level assigned to it.)
At the given point , the processors privilege level
is determined by the DPL of the code Segment
from which it is currently fetching and executing
code , this is referred as Current privilege level
(CPL)
The types of checks the privilege
system performs fall into three
categories.
1 ] Execute certain instructions.
2 ] Reference data other than its own.
3] Transfer Control to code other than its
own.
Executing Privilege Instructions.
Instructions that modify the interrupt flag ,alter
segmentation,perform peripheral I/O.
or affect the protection mechanism are privileged
instructions.
They are allowed only if program is running at
PL0,otherwise 386 generates a general protection
fault.(exception 13).means code must be at CPL 0.
There are 19 privileged instructions.
Privileged Data References.
Used with applications in a multi-tasking environment
share data.Programs are not allowed to read or write data
items that have a higher privilege level,however
applications can use data at the same or lower privilege
level.
This is achieved by two ways
1] Whenever selector is loaded in data segment register and
if it is less than the CPL then 386 rejects the selector
immediately.CPU checks RPL level to CPL.
2] When selector makes a memory reference 80386 checks
the type of access you are requesting( read or write) is
allowed for that segment.
Privileged Code References
Transferring control to other code
Many programs in multitasking share pieces of
code such as run time libraries.Programs are not
allowed to CALL or JMP to code segment that
have different privilege level. Another segment
must be a code segment(executable permission)
and marked present.
More critical in intersegment.
H.W How to determine Current Privilege level

(CPL)
Changing Privilege Levels
How to change privilege levels ?
Two ways
1 ] Conforming Code Segments

2] Call Gates
Conforming Code Segments
These are type 6 and 7 descriptors.
Conforming code segments do not have inherent privilege
level of their own,they conform to the level of the code
that call them or jump to them.
These do not remove existing privilege.
Do not alter RPL bits in the code segment register .
Can be shared by code at all privilege levels.
In conclusion, it do not actually change your privilege
level but conforms to the level of its caller. Ideal for share
libraries.
Simple
Call Gates
This effects a real change privilege
level.This is the only way to change.
It’s a special system descriptor that acts as a
interface layer,or intermediary between
code segments of different privilege levels.
Call gate descriptor format
Not correct to call descriptor, but placed in
descriptor table, and gets loaded in CS.
Are defined like segment descriptors.

Must be invoked by CALL instruction.
Levels of Privilege
Privilege check for data
PAGING
The use of Paging feature is optional.
Paging is another type of memory management
useful for virtual memory multitasking operating
systems.
paging divides programs into multiple uniform
size pages ( 4 K )
Pages bear no direct relation to the logical
structure of a program.
Only pages containing active task can be placed in
memory at a time.
How paging is enabled
3/11/2006 ?
Y.H.Dandawate 53
Paging Organization
Paging Mechanism
Page Directory
The Page Directory is 4K bytes long and allows
up to 1024 Page Directory Entries.
Each Page Directory Entry contains the address of
the next level of tables, the Page Tables and
information about the page table.
Page Directory Entry (PDE)
PDE Contd…
Page Table address.
A ( Accessed): Sets if read or write access occurs to an
address covered by the entry.
D bit is undefined for PDE.
P ( Present ) :If set , the pointed page is present in physical
memory.
U/S ( User /Supervisor)
: These are used for protection.If set the memory page that
this PDE covers are accessible from all privilege levels.If
clear only PL0,1and 2.
R/W (Read/Write) :
PDE contd…
Page Table Entry (PTE)
H.W. What is Demand Paging.

H.W. What is TLB ( Translation
lookaside buffer ) and its paging operation
Address Translation
MULTITASKING
What is Multitasking ?
Task : A task can be a single program,or it can be a group of related
programs.
( A task is any collection of code and date that has Task State Segment
(TSS) assigned to it.
In multitasking timesharing is used.
Timesharing
1] Allows multiple users to use the same computer.
2] Provides economical use of processing resources.
3] Is invisible to users.
4] Can work for any number of users.
To make multitasking successful two things are
crucial
1] Determination of when to change from one user
to another. ( time slot)
2] Ability to restart a user’s program when its time
slice comes around.
To restart properly the information at the end of time slice
should be stored(freeze)properly
The frozen state of a program is known as its Context and
act of freezing the state of one program and thawing the
next one is called context switch.
The time sharing machine will have a private area
that is accessible only to the operating system
,where it will store all of the information
necessary to restart each program,this is known as
context store or state frame.
The context switch
1] Is necessary to perform timesharing

2] Saves the state of the current program.
3] loads the state of the next program
4] Allows any program to be restated at any time.
How 80386 have features
3/11/2006 for multitasking ?
Y.H.Dandawate 62
Task State Segment (TSS)
This is the context store .The task’s vital
information is stored when the task is not
running.This information is used by 386 to
restart the task.
TSS is not available to general user program.
Privileged at PL0.
TSS is pointed by TSS descriptor in GDT.
Task State Segment Descriptor
TSS descriptor appears only in GDT.
The 386 requires 104 bytes to store the
context save , so limit of a TSS descriptor
must never be less than 0067 H.
To Create a task
Choose an area of memory for a context
store.
Define a task state segment.
Store original value for the segment
registers.
Store original values for the general purpose
registers.
Store original value for the instruction
pointer.
Moving between tasks ..
Can be initiated by software(JMP or CALL),by exception,by interrupt.
Forcing a task switch is very similar to calling a call gate.
Task gate descriptor acts as interface point between user code and
TSS.
Task gate format.
Task Register (TR)
16 bit processor register.
Always hold the selector for the current
task.
Old task state is saved in current TSS.
New TSS selector is stored in task

register.
H.W. Nested Tasks.
What is Scheduling and Scheduler.
Thank You

Intel 80386

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Intel 80386

Uploaded by

Copyright:

Available Formats

Intel 80386

 It has 32 bit address bus, so it can address up to

Real,Protected and Virtual 8086.

I/OPL, NT flag works in protected mode.

MSW : Status Word Machine.

B0 : The processor sets this bit when it references the linear

LEN : Break point length :specify the length of data

 The test registers are used to perform confidence checking

1)It is not possible to represent all

 Has segments base address

 Has Segment Size.

 Segments privilege level.

Base address bits : 32

Maintains list of Interrupt service routines.

TI (2) Table indicator: When 0 GDT, when 1 LDT

H.W. How to load segment selectors ?

Base 00 Limit P 0000010 Base Limit

P = Present bit,if 0 non present fault is generated.

H.W How to determine Current Privilege level

1 ] Conforming Code Segments

 Are defined like segment descriptors.

H.W. What is Demand Paging.

1] Is necessary to perform timesharing

 Task gate format.

 New TSS selector is stored in task

You might also like

It has 32 bit address bus, so it can address up to

The test registers are used to perform confidence checking

Has segments base address

Has Segment Size.

Segments privilege level.

Are defined like segment descriptors.

Task gate format.

New TSS selector is stored in task