Intel 80386

Intel 80386
Features of 80386
Introduced in 1985 by Intel. It is a 32 bit processor that supports 8/16/32 bit data operands. 32 bit internal registers.New category of registers,Viz, Control,Test and Debug 32 bit data bus. It has 32 bit address bus, so it can address up to 232 = 4GB of RAM (Physical address). Three different operating modes Real,Protected and Virtual 8086.
3/11/2006 Y.H.Dandawate 3
Features Continued ..
Instruction set upward compatible to its predecessors.New instructions deal with protection mechanism,memory segmentation and paging MMU. The Memory Management Unit (MMU) provides virtual memory, paging and four levels of protection. The concept of paging enables it to organize available physical memory in terms of pages of 4K under segmented memory. Multitasking . Clock frequency starting from 16 MHz. Different versions have 33 MHz, 66 MHz.Available as 80386 DX, 80386 SX,80386 SL etc.
Features Continued ..
Data types supported are byte,word,double word ,unpacked BCD,Packed BCD, Long integer(64),Short real(32),long real (64),extended real (80)( Real are for floating point). Available in 132 pin grid array package,some are in 100 pin etc. It has 11 addressing modes.
3/11/2006
Y.H.Dandawate
Internal Architecture of 80386
Internal Architecture of 80386
Register Set
Flag Register
I/OPL, NT flag works in protected mode. VM Flag, when cleared 386 operates in protected mode When set operates in Y.H.Dandawate virtual. 3/11/2006 9
Why Protection ?
The purpose of the protection features of the 80386 is To help to detect and identify bugs in hundreds or thousands of program modules. To help debug applications run faster and make them more robust. To prevent users from interfering each other. To prevent program bugs from damaging data. To prevent Malicious attempts to compromise system integrity. To prevent accidental damage to data.
So .
The 80386 contains mechanisms to verify memory accesses and instruction execution for conformance to protection criteria. These mechanisms may be used or ignored, according to system design objectives.
The protection hardware of the 80386 is an integral part of the memory management hardware. Also by privilege Protection.
3/11/2006
Y.H.Dandawate
11
Registers
Memory Management Registers( Associated with Protection) 1) GDTR : Global Descriptor Table Register. 48 bit register. 2)IDTR : Interrupt Descriptor Table Register. 48 bit register. 3) LDTR: Local Descriptor Table Register. 16 bit register. 4) TR : Task Register . 16 bit register. GDTR and LDTR points to the segment descriptor tables, GDT and LDT. IDTR points to the table of entry points for interrupt handlers. TR points to the information needed by the processor to define the current task. 3/11/2006 Y.H.Dandawate 12
Control Registers.
Three Control registers CR0,CR2 & CR3. ( CR1 is left undefined by Intel). 1) CR0
MSW : Status Word Machine.
0. PE : ( Protection Enable) Setting PE causes the processor to begin executing in protected mode. Resetting PE returns to real-address mode. 1. MP : ( Math Present): If set assumes that real floating point hardware is attached to it.
CRO Contd
2. EM : ( Emulate Co-processor) When this bit is set 386 will generate an exception 11 ( device not available) whenever it fetches a floating point instruction. This exception handler can be used to emulate floating point hardware in software. 3. TS : ( Task Switched ) The processor sets this bit automatically every time it performs a task switch. Cleared by programmer. 4. ET : ( Extension type) ET indicates the type of coprocessor present in the system (80287 or 80387). 31.PG : ( Paging) When set enables paging and if reset disables paging in MMU.
CR2 and CR3

CR2 is read only which gives the last 32 bit address that caused page fault.
3/11/2006
Y.H.Dandawate
15
Debug Registers
3/11/2006
Y.H.Dandawate
16
DR 0 to DR3
These registers hold up to four linear address breakpoints.The addresses in registers are compared with processors address generation logic on every instruction and if match is found an exception 1 ( debug fault) is generated. The debug address registers are effective whether or not paging is enabled.
DR6 and DR7
B0 : The processor sets this bit when it references the linear address contained in DR0 , modified by the conditions set by LEN0, RW0,L0,G0,LE and GE fields in DR7. B1 to B3 are applied similarly to Dr1 to DR3 respectively. BD : Break for debug register access. This is set if the exception 1 handler is invoked by illegal reference to one of debug registers. BS : Break for single step. ( If TF is set) BT : Break for task switch. 3/11/2006 bits are never cleared by processor. Y.H.Dandawate 18 These
Contd L0: Local Enable 0, When this bit is set the breakpoint address in DR0 is monitored as long as the 80386 is running the curent task.When the task switch occurs,this bit is cleared by the processor and must be reenabled under program control. G0 : As long as this bit is set 386 monitors the linear address in DR0 all the times,regardless of task.
Contd
RW : These bits qualify the type of access that must occur at the address in DR before break point is taken.
LEN : Break point length :specify the length of data item to be monitored.
Contd
LEN 00 01 10 LEN bits in Reg. DR7 1 byte 2 bytes, word alligned reserved
11 4 bytes, dword alligned LE : Local Exact : if set, the processor slows execution
so that data breakpoints are reported on the instruction that causes them.Only for current task. GE : Global Exact
GD : Global Debug access: once this bit is set the processor 3/11/2006 Y.H.Dandawate 21 will deny all further access to any of the debug registers.
Test Registers
Two Registers TR6 and TR7
The test registers are used to perform confidence checking on the paging MMUs translation look aside buffer (TLB).By writing into this register one can initiate write directly into 80386 TLB or perform a mock TLB lookup. TR6 is test command register and TR7 is test data register.
TR6
C ( Command) : When this bit is cleared ,a write to the TLB is performed .If it is set processor performs TLB look up. Linear Address: This is the tag field of the TLB. On a TLB write, a TLB entry is allocated to this linear address and the rest of that TLB entry is set per the value of TR7 and the value just written into TR6. Physical Address: This is the data field of the TLB.On a write to the TLB, the TLB entry allocated to the linear address in TR6 is set to this value. V: The valid bit for this TLB entry. All valid bits can also be cleared by writing to CR3. D, D#: The dirty bit for/from the TLB entry. U, U#: The user bit for/from the TLB entry. W, W#: The writable bit for/from the TLB entry.
TR7
REP ( Replacement Pointer): This field indicates which set of TLBs four way set associative cache to write to. PL: On a TLB write, PL=1causes the REP field of TR7 to select which of four associative blocks of the TLB is to be written, but PL=0 allows the internal pointer in the paging unit to select which TLB block is written.
3/11/2006
Y.H.Dandawate
24
Memory Segmentation
What is memory segmentation ? How is segmentation in 80386 ? 1)It is not possible to represent all information that defines a segment in a 16 bit register. 2) Some other things are required when you deal about protection mechanisms. 3) Fundamental hurdle is user can no longer access any address in the processors memory space merely by asking. 3/11/2006 Y.H.Dandawate 25
Features of Memory Segmentation in 80386

80386 provides a mechanism where by system programmer defines what each segment will be.Definition includes starting address,its length,its intended use and other attributes. ( Memory segment need not be be of 64KB, anything from 1 byte to 4 GB. Attributes defines for what segment is used for such as code,data,stack or other purpose, privilege level) In 386 system a program cannot cannot access an area of memory unless that area has been 3/11/2006described to it. Y.H.Dandawate 26
Segment Descriptors
A segment is described by a special structure called Segment descriptor. A segment descriptor Must be created for every segment. It is created by programmer. Has segments base address Has Segment Size. Segments Use Segments privilege level.
Segment Descriptor Format
Base address bits : 32 Limit Address : 20 bits ( Length of segment 1) A ( Accessed) : Processor automatically sets this bit whenever a memory reference is made using the defined segment. DPL : (2) : Indicates the level of privilege associated with the memory space that descriptor defines. DPL0 is highest
Segment Descriptor Contd

S ( System ) : If clear indicates that this is system segment descriptor. If set non-system. P ( Present): If clear,the address range that this descriptor defines is considered to be temporarily not present in physical memory space. U ( User): Undefined and ignored by 386,but user can use it. X : Reserved D ( Default):When clear operands in this is segment is assumed to be 16 bits and when set assumed to be 32 bits.
Segment Descriptor Contd

G ( Granularity): When this bit is cleared ,the 20 bit limit field is assumed to be measured in units of 1 byte.If set the limit is in units of 4 KB. Type (3): Type of segment you are defining.
000: Data , read only ( ROM space) 001: Data ,R/W 010: Stack read only 011: Stack R/W 100: Code, execute only 101: Code execute/ read 110: Code execute only , conforming 111:Code execute / read, conforming
3/11/2006 Y.H.Dandawate H.W . Go thro p 37 & 38 of Turley for example.30
Descriptor Tables
You can create as many segment descriptors you want. How processor keeps track of all these separate ,unrelated pieces of Information? The segment descriptors that you defined must be grouped and placed one after another in continuous memory locations.this group arrangement is known as descriptor table. Three types of Descriptor Tables.
Descriptor Table Registers
3/11/2006
Y.H.Dandawate
32
Descriptor Table Registers

GDTR 1] Maintains list of Most Segments 2] Its a general Purpose table of descriptors. 3]May contain special system descriptor. IDTR Maintains list of Interrupt service routines. LDT 1] Optional 2] Extends range of GDT 3] Is allocated to each task when multitasking is enabled.
Segment Selectors
Once the descriptors are defined how does the processor make use of them ? Can we use segment registers ? Segment register is used as pointer to the descriptor table, so how to go from segment register to segment descriptor to memory segment ? Any 16 bit value that you write into a segment register is called a selector. H.W What is null selector.
Segment Selector Format
TI (2) Table indicator: When 0 GDT, when 1 LDT RPL ( 0,1): Requested Privilege level ) : privilege checking by protection mechanism. Index (13) : The value selects one of 8192 descriptors in a descriptor table. 3/11/2006 Y.H.Dandawate 35
Memory Addressing
3/11/2006
Y.H.Dandawate
36
Contd
80386 has six segment registers 1] One for current code segment (CS) 2] One for current stack (SS) 3] Four for general data segments (DS,ES,FS,GS) H.W. How to load segment selectors ?
Local Descriptor Table Register ( LDTR)

LDT is extension of GDT,but assigned to individual task. LDTs are created exactly like GDTs and IDTs. The LDTR refers to special LDT in GDT.An LDT in GDT defines the base address and limit of another descriptor table ,i.e. an LDT. The GDT may contain any numbers of LDT descriptor. How memory location in LDT is accessed ?
LDT descriptor format.

Base Address 31-24
00 Limit P 00 19-16
0000010
Base Address 23-00
Limit 15-00
P = Present bit,if 0 non present fault is generated.
3/11/2006
Y.H.Dandawate
39
More in Segmentation.
Segment Aliasing. Reference to the same physical location in memory using different segment registers.So you can write into your code space and execute your data space,this is known as aliasing. Segment Overlapping.
PRIVILEGE LEVELS
Its one of the technique for implementing System level protection and supported directly by hardware. This protection features and functions are available to operating system designers,application writers or would be for system crashers. The privilege protection mechanism catches more subtle errors and malicious attempts to compromise the integrity of the system. The privilege system consist of four levels of privilege numbered from 0 to 3. ( PL0 to PL3)being PL0 highest and PL3 lowest.
Defining Privilege Levels

Privilege levels apply to entire segment. The privilege level is defined in the segment descriptor.DPL.( The descriptor has no privilege level assigned to it.) At the given point , the processors privilege level is determined by the DPL of the code Segment from which it is currently fetching and executing code , this is referred as Current privilege level (CPL)
The types of checks the privilege system performs fall into three categories. 1 ] Execute certain instructions. 2 ] Reference data other than its own. 3] Transfer Control to code other than its own.
Executing Privilege Instructions.

Instructions that modify the interrupt flag ,alter segmentation,perform peripheral I/O. or affect the protection mechanism are privileged instructions. They are allowed only if program is running at PL0,otherwise 386 generates a general protection fault.(exception 13).means code must be at CPL 0. There are 19 privileged instructions.
Privileged Data References.

Used with applications in a multi-tasking environment share data.Programs are not allowed to read or write data items that have a higher privilege level,however applications can use data at the same or lower privilege level. This is achieved by two ways 1] Whenever selector is loaded in data segment register and if it is less than the CPL then 386 rejects the selector immediately.CPU checks RPL level to CPL. 2] When selector makes a memory reference 80386 checks the type of access you are requesting( read or write) is allowed for that segment.
Privileged Code References

Transferring control to other code Many programs in multitasking share pieces of code such as run time libraries.Programs are not allowed to CALL or JMP to code segment that have different privilege level. Another segment must be a code segment(executable permission) and marked present. More critical in intersegment. H.W How to determine Current Privilege level (CPL)
Changing Privilege Levels

How to change privilege levels ? Two ways 1 ] Conforming Code Segments 2] Call Gates
3/11/2006
Y.H.Dandawate
47
Conforming Code Segments

These are type 6 and 7 descriptors. Conforming code segments do not have inherent privilege level of their own,they conform to the level of the code that call them or jump to them. These do not remove existing privilege. Do not alter RPL bits in the code segment register . Can be shared by code at all privilege levels. In conclusion, it do not actually change your privilege level but conforms to the level of its caller. Ideal for share libraries. Simple
Call Gates
This effects a real change privilege level.This is the only way to change. Its a special system descriptor that acts as a interface layer,or intermediary between code segments of different privilege levels.
3/11/2006
Y.H.Dandawate
49
Call gate descriptor format

Not correct to call descriptor, but placed in descriptor table, and gets loaded in CS.
Are defined like segment descriptors. Must be invoked by CALL instruction.

Levels of Privilege
3/11/2006
Y.H.Dandawate
51
Privilege check for data
3/11/2006
Y.H.Dandawate
52
PAGING
The use of Paging feature is optional. Paging is another type of memory management useful for virtual memory multitasking operating systems. paging divides programs into multiple uniform size pages ( 4 K ) Pages bear no direct relation to the logical structure of a program. Only pages containing active task can be placed in memory at a time. 3/11/2006 Y.H.Dandawate 53 How paging is enabled ?
Paging Organization
Paging Mechanism
3/11/2006
Y.H.Dandawate
54
Page Directory
The Page Directory is 4K bytes long and allows up to 1024 Page Directory Entries. Each Page Directory Entry contains the address of the next level of tables, the Page Tables and information about the page table. Page Directory Entry (PDE)
3/11/2006
Y.H.Dandawate
55
PDE Contd
Page Table address. A ( Accessed): Sets if read or write access occurs to an address covered by the entry. D bit is undefined for PDE. P ( Present ) :If set , the pointed page is present in physical memory. U/S ( User /Supervisor) : These are used for protection.If set the memory page that this PDE covers are accessible from all privilege levels.If clear only PL0,1and 2. R/W (Read/Write) :
PDE contd
3/11/2006
Y.H.Dandawate
57
Page Table Entry (PTE)
H.W. What is Demand Paging. H.W. What is TLB ( Translation lookaside buffer ) and its paging operation
Address Translation
3/11/2006
Y.H.Dandawate
59
MULTITASKING
What is Multitasking ? Task : A task can be a single program,or it can be a group of related programs. ( A task is any collection of code and date that has Task State Segment (TSS) assigned to it. In multitasking timesharing is used. Timesharing 1] Allows multiple users to use the same computer. 2] Provides economical use of processing resources. 3] Is invisible to users. 4] Can work for any number of users.
To make multitasking successful two things are crucial 1] Determination of when to change from one user to another. ( time slot) 2] Ability to restart a users program when its time slice comes around.
To restart properly the information at the end of time slice should be stored(freeze)properly The frozen state of a program is known as its Context and act of freezing the state of one program and thawing the next one is called context switch.
The time sharing machine will have a private area that is accessible only to the operating system ,where it will store all of the information necessary to restart each program,this is known as context store or state frame. The context switch 1] Is necessary to perform timesharing 2] Saves the state of the current program. 3] loads the state of the next program 4] Allows any program to be restated at any time. 3/11/2006 80386 have features for multitasking ? Y.H.Dandawate 62 How
Task State Segment (TSS)

This is the context store .The tasks vital information is stored when the task is not running.This information is used by 386 to restart the task. TSS is not available to general user program. Privileged at PL0. TSS is pointed by TSS descriptor in GDT.
3/11/2006
Y.H.Dandawate
63
Task State Segment Descriptor

TSS descriptor appears only in GDT. The 386 requires 104 bytes to store the context save , so limit of a TSS descriptor must never be less than 0067 H.
3/11/2006
Y.H.Dandawate
65
To Create a task
Choose an area of memory for a context store. Define a task state segment. Store original value for the segment registers. Store original values for the general purpose registers. Store original value for the instruction pointer.
Moving between tasks ..

Can be initiated by software(JMP or CALL),by exception,by interrupt. Forcing a task switch is very similar to calling a call gate. Task gate descriptor acts as interface point between user code and TSS.
Task gate format.
3/11/2006
Y.H.Dandawate
67
Task Register (TR)

16 bit processor register. Always hold the selector for the current task. Old task state is saved in current TSS. New TSS selector is stored in task register. H.W. Nested Tasks. What is Scheduling and Scheduler.
Thank You

Intel 80386

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Intel 80386

Uploaded by

Copyright:

Available Formats

Intel 80386

Internal Architecture of 80386

Internal Architecture of 80386

MSW : Status Word Machine.

CR2 and CR3

DR6 and DR7

Features of Memory Segmentation in 80386

Segment Descriptor Format

Segment Descriptor Contd

Segment Descriptor Contd

Descriptor Table Registers

Descriptor Table Registers

Segment Selector Format

Local Descriptor Table Register ( LDTR)

LDT descriptor format.

Base Address 23-00

P = Present bit,if 0 non present fault is generated.

Defining Privilege Levels

Executing Privilege Instructions.

Privileged Data References.

Privileged Code References

Changing Privilege Levels

Conforming Code Segments

Call gate descriptor format

Are defined like segment descriptors. Must be invoked by CALL instruction.

Privilege check for data

Page Table Entry (PTE)

Task State Segment (TSS)

Task State Segment Descriptor

Moving between tasks ..

Task gate format.

Task Register (TR)

You might also like