MP Unit 1 Introduction To 80386

MP UNIT 1
Introduction to 80386
Digital Systems
eg. Computer
Sub Systems
eg. Processor, IC’s
Combinational Circuits Modules

1. Half Adder eg. Combinational
2. Full Adder and Sequential
3. Half Subtractor circuits
4. Full Subtractor
5. Binary Adder Sequential Circuits
6. BCD Adder 1. Flipflops
7. MUX and DeMUX 2. Registers
8. Comparator 3. Counters Basic Unit
9. Parity Generator eg. Logic gates
and Checker
R. V. Bidwe, PICT, Pune. 2

Computer Organization and
Architecture
• Computer Architecture refers to those attributes
of a system visible to a programmer or, put
another way, those attributes that have a direct
impact on the logical execution of a program.
• Eg. Instruction set, the number of bits used to

represent various data types (e.g., numbers,
characters), I/O mechanisms, and techniques for
addressing memory.
• Computer Organization refers to the
operational units and their interconnections
that realize the architectural specifications.
• Eg. Hardware details transparent to the

programmer, such as control signals;
Interfaces between the computer and
peripherals; and the memory technology
used.

• Eg:
– It is an architectural design issue whether a

computer will have a multiply instructions.
– It is an organizational issue whether that

instruction will be implemented by a special
multiply unit or by a mechanism that makes
repeated use of the add unit of the system.

What is Microprocessor
• A microprocessor, sometimes called a logic chip,
is a computer processor on a microchip.
• It is also called as “Heart of Computer.”
• The microprocessor contains all, or most of, the

central processing unit (CPU) functions.
• A microprocessor is designed to perform

arithmetic and logic operations that make use of
small number-holding areas called registers.

• Typical microprocessor operations include
adding, subtracting, comparing two numbers,
and fetching numbers from one area to
another.
• These operations are the result of a set of

instructions that are part of the
microprocessor design.

Three basic characteristics differentiate
microprocessors:
• Instruction set: The set of instructions that the
microprocessor can execute.
• Bandwidth : The number of bits processed in a
single instruction.
• Clock speed : Given in megahertz (MHz), the
clock speed determines how many instructions
per second the processor can execute.
In both cases, the higher the value, the more
powerful the CPU.
For example, a 32-bit microprocessor that runs at
50MHz is more powerful than a 16-bit
microprocessor that runs at 25MHz.
Different Components in Computer
• Following are the different componentspresent
in system.
1. Microprocessors
2. Microcontrollers
3. Memories
I. RAM
II. ROM
III. Cache
IV. Registers
4. Timers
5. Input/ Output Ports
6. Communication Ports
7. Interconnect Buses
Prof. R. V. Bidwe, PICT, Pune. 9
Microprocessor & Microcontrollers
• A microprocessor, sometimes called a Logic Chip, is a
computer processor on a microchip.
• The microprocessor contains all, or most of, the Central

Processing Unit (CPU) functions.
• A microprocessor is designed to perform arithmetic and

logic operations that make use of small number-holding
areas called Registers.

• Typical microprocessor operations include adding,
subtracting, comparing two numbers, and fetching
numbers from one area to another.

instructions that are part of the microprocessor
design.

Microprocessor Vs. Microcontroller

How It Looks

Pinless Microprocessor
R. V. Bidwe, PICT,Pune. 16
Evolution of Computers
First Generation (1940-1956) Vacuum Tubes
• The first electronic computer was designed at

Iowa State between 1939-1942.
• The Atanasoff-Berry Computer used the
binary system(1’s and 0’s).
• Contained Vacuum Tubes and stored numbers
or calculations by burning holes in paper.

IBM Stretch - 1959

IBM Stretch - 1959

Second Generation (1956-1963)
Transistors
• In 1947, the Transistor was invented.
• The transistor made computers smaller, less expensive

and increased calculating speeds.
• Second generation computers also saw a new way data

was stored.
• Punch cards were replaced with magnetic tapes.
• ALP are used for computing.

Third Generation (1964-1971)
Integrated Circuits
• Transistors were replaced by
integrated circuits(IC).
• One IC could replace

hundreds of transistors.
• This made computers even

smaller and faster.
• OS is used for UI.

• Keyboard entry is possible.
Fourth Generation (1971-Present)
Microprocessors
• In 1970 the Intel
Corporation invented the
Microprocessor: an entire
CPU on one chip.
• This led to
microcomputers-
computers on a desk.

Fifth Generation
(Present and Beyond) AI
• Having features like
– Artificial Intelligence
– Voice Recognition
– Parallel Processing
– Natural Language Processing

History of Microprocessor
MP Introduction Data Bus Address Bus
4004 1971 4 8
8008 1972 8 8
8080 1974 8 16
8085 1977 8 16
8086 1978 16 20
80186 1982 16 20
80286 1983 16 24
80386 1986 32 32
80486 1989 32 32
Pentium 1993 onwards 32
Core solo 2006 32
Dual Core 2006 32
Core 2 Duo 2006 32
Core to Quad 2008 32
I3,i5,i7 2010 64
4004
The Intel 4004 Processor was announced in 1971. It has 2300

transistors with an initial clock speed of 108KHz. It cost $200.

8008
The Intel 8008 Processor was introduced in 1972. It has 3,500

transistors with an initial clock speed of 800KHz.

8080

transistors with an initial clock speed of 2MHz.
8086
The Intel 8086 Processor was introduced in 1978. It had a

staggering 29,000 transistors, dwarfing the Intel 8080
processor. It has 29,000 transistors with an initial clock speed of
5MHz. R. V. Bidwe, PICT, Pune. 31
80286

transistors with an initial clock speed of 6 MHz.

80386

transistors with an initial clock speed of 16 MHz.
80486
The Intel 486 Processor was introduced in 1989. It has 1.2

million transistors with an initial clock speed of 25MHz.

Pentium
The Intel Pentium Processor was introduced in 1993. It has 3.1

million transistors with an initial clock speed of 66 MHz.

Pentium-Pro
The Intel Pentium Pro Processor was introduced in 1995. It has

5.5 million transistors with an initial clock speed of 200 MHz.

Pentium-II
The Intel Pentium II Processor was introduced in 1997. It

has 7.5 million transistors with an initial clock speed of 300
MHz.
Celeron
The Intel Celeron Processor was introduced in 1998. It has 7.5

million transistors just like the Intel Pentium II but with an
initial clock speed of 266 MHz.
Pentium-III
The Intel Pentium III Processor was introduced in 1999. It has

9.5 million transistors with an initial clock speed of 600 MHz.
Pentium-4
The Intel Pentium 4 Processor was introduced in 2000. It has

an astonishing 42 million transistors with an initial clock
speed of 1.5 GHz.
Xeon
The Intel Xeon 7500 Processor was introduced in 2001. It has

42 million transistors with an initial clock speed of 1.7 GHz.

Pentium-M
The Intel Pentium M Processor was introduced in 2003. It

has 55 million transistors with an initial clock speed of 1.7
GHz.
Core-2
The Intel Core 2 Processor was introduced in 2006. It has

291 million transistors with an initial clock speed of 2.66
GHz.

Core-2-Duo
The Intel Core 2 Duo Processor was introduced in 2008. It

has 410 million transistors with an initial clock speed of
2.4 GHz.

Atom
The Intel Atom Processor was introduced in 2008. It has 41

million transistors with an initial clock speed of 1.86 GHz.

i-Series (2nd Generation)
The 2nd generation Intel Core Processor was introduced in

2010. It is a monster with 1.16 billion transistors and an
initial clock speed of 2.7 GHz.
i-Series (3rd Generation)
The 3rd generation Intel Core Processor was introduced in

2010. It has a staggering 1.4 billion transistors and an initial
clock speed of 2.9 GHz.
i-Series (7th Generation)
• Introduced in 2015 and Clock speed can be upto 4.4 GHz.

• Introduced in 2019 and Clock speed can be upto 5.1 GHz.

Family tree of 80386
Address
Chip Introduction Data bus Memory
Bus
4004 1971 4 8 256 Byte
256 Byte
8008 1972 8 8
8080 1974 8 16 64 KB
1M
8086/88 1978 16/8 20
1M
80186/188 1982 16/8 20
16M:Clock speed is
80286 1983 16 24
high
DX (1986:not
DX:4G (275,000
compatibility) DX:32+132 pin 32
80386 transistor)
SX (1988: mostly used, SX:16+100 pin 24
SX:16MB
Not Co-Processor)
Memory Size: 4G
80486 32 32
+16K cache
80286 vs 80386 vs 80486

Difference between 80386 SX/DX

About 8086
• It is 16 bit processor. So that it has 16 bit ALU,
16 bit registers and internal data bus and 16
bit external data bus.
• 8086 has 20 bit address lines to access

memory. Hence it can access.
2^20 = 1 MB memory location
• Pipelining:-8086 uses two stage of pipelining.
First is Fetch Stage and the second is Execute
Stage.
– Fetch stage that prefetch upto 6 bytes of
instructions stores them in the queue.
– Execute stage that executes these instructions.
• Pipelining improves the performance of the

processor so that operation is faster.
• Operates in two modes:-8086 operates in two
modes:
– Minimum Mode: A system with only one
microprocessor.
– Maximum Mode: A system with multiprocessor.
• 8086 uses memory banks:-The 8086 uses a

memory banking system. It means entire data is
not stored sequentially in a single memory of 1
MB but memory is divided into two banks of
512KB.
• Interrupts:-8086 has 256 vectored interrupts.
• Multiplication And Division:-8086 has a
powerful instruction set. So that it supports
Multiply and Divide operation.
• First processor who has implemented

Segmentation and Pipelining.
Architecture of 8086

• The architecture of 8086 includes
– Arithmetic Logic Unit (ALU)

– Flags
– General registers
– Instruction byte queue
– Segment registers

EU & BIU
• The 8086 CPU logic has been partitioned into
two functional units namely Bus Interface
Unit (BIU) and Execution Unit (EU).
• The major reason for this separation is to
increase the processing speed of the
processor.
• The BIU has to interact with memory and
input and output devices in fetching the
instructions and data required by the EU.
• EU is responsible for executing the
instructions of the programs and to carry out
the required processing.
BUS INTERFACE UNIT (BU)
The BIU performs all bus operations for EU.
• Fetching instructions
• Responsible for executing all external bus
cycles.
• Read operands and write result.
EXECUTION UNIT (EU)
Execution unit contains the complete
infrastructure required to execute an
instruction.
Bus Interface Unit
• The BIU has
– Instruction stream byte queue
– A set of segment registers
– Instruction pointer

BIU – Instruction Byte Queue
• 8086 instructions vary from 1 to 6 bytes.
• Therefore fetch and execution are taking place

concurrently in order to improve the
performance of the microprocessor.
• The BIU feeds the instruction stream to the

execution unit through a 6 byte prefetch
queue.
BIU – Instruction Byte Queue
• Execution and decoding of certain instructions
do not require the use of buses.
• While such instructions are executed, the BIU
fetches up to six instruction bytes for the
following instructions (the subsequent
instructions).
• The BIU store these prefetched bytes in a first-
in-first out register by name instruction byte
queue.
• When the EU is ready for its next instruction,
it simply reads the instruction byte(s) for the
instruction from the queue in BIU.
Execution Unit
• The Execution Unit (EU) has
– Control unit
– Instruction decoder
– Arithmetic and Logical Unit (ALU)
– General registers
– Flag register
– Pointers
– Index registers

Execution Unit
• Control unit is responsible for the co-
ordination of all other units of the processor.
• ALU performs various arithmetic and logical

operations over the data.
• The instruction decoder translates the

instructions fetched from the memory into a
series of actions that are carried out by the
EU.

Programmer’s Model of 8086
• General Purpose Register

• Segment Registers

Different Areas in Memory
• Program memory – Program can be located anywhere in
memory.
• Data memory – The processor can access data in any one

out of 4 available segments.
• Stack memory – A stack is a section of the memory set

aside to store addresses and data while a subprogram
executes.
• Extra segment – This segment is also similar to data

memory where additional data may be stored and
maintained.
Segment Registers
• Code Segment (CS) register is a 16-bit register
containing address of 64 KB segment with processor
instructions.
• The processor uses CS segment for all accesses to
instructions referenced by instruction pointer (IP)
register.
• Stack Segment (SS) register is a 16-bit register

containing address of 64KB segment with program
stack.
• By default, the processor assumes that all data
referenced by the stack pointer (SP) and base pointer
(BP) registers is located in the stack segment.

Segment Registers
• Data Segment (DS) register is a 16-bit register
containing address of 64KB segment with program
data.
• By default, the processor assumes that all data
referenced by general registers (AX, BX, CX, DX) and
index register (SI, DI) is located in the data segment.
• Extra Segment (ES) register is a 16-bit register

containing address of 64KB segment, usually with
program data.
• By default, the processor assumes that the DI
register references the ES segment in string
manipulation instructions.
• Flag Register

Segmentation in 8086
• The process of dividing memory is called
Segmentation.
• Intel 8086 has 20 lines address bus.
• With 20 address lines, the memory that can be
addressed is 2^20 bytes
2^20 = 1,048,576 bytes (1 MB).
• 8086 can access memory with address ranging from
00000 H to FFFFF H.

• In 8086, memory has four different types of
segments.
These are:
– Code Segment
– Data Segment
– Stack Segment
– Extra Segment
• These registers are 16-bit in size.
• Each register stores the base address (starting
address) of the corresponding segment.
• Because the segment registers cannot store 20 bits,
they only store the upper 16 bits.
Logical to physical address Translation in
8086
• The 20-bit address of a byte is called its Physical

Address.
• But, it is specified as a Logical Address.
• Logical address is in the form of:
Base Address : Offset
• Offset is the displacement of the memory location
from the starting location of the segment.

Example
• The value of Data Segment Register (DS) is 2222
H.
• To convert this 16-bit address into 20-bit, the BIU
appends 0H to the LSBs of the address.
• After appending, the starting address of the Data
Segment becomes 22220H.
• If the data at any location has a logical address
specified as:
2222 H : 0016 H
• Then, the number 0016 H is the offset. 2222 H is
the value of DS.

• To calculate the effective address of the memory, BIU
uses the following formula:
Effective Address =
Starting Address of Segment + Offset
• To find the starting address of the segment, BIU
appends the contents of Segment Register with 0H.
• Then, it adds offset to it.
Therefore:
EA = 22220 H
+ 0016 H
------------
22236 H
Question
The contents of the following registers are:
• CS = 1111 H
• DS = 3333 H
• SS = 2526 H
• IP = 1232 H
• SP = 1100 H
• DI = 0020 H
Calculate the corresponding physical addresses for
the address bytes in CS, DS and SS.
1. CS = 1111 H
• The base address of the code segment is 11110 H.
• Effective address of memory is given by 11110H +
1232H = 12342H.
2. DS = 3333 H
• The base address of the data segment is 33330 H.
0020H = 33350H.
3. SS = 2526 H
• The base address of the stack segment is 25260 H.
1100H = 26360H.
Section .text
Exit:
Global Main Add:
---
---
Main: ----
----
---
---
---
;Menu ---
ret
1. ADD
2. Sub Sub:
3. Mul ---
----
4. DIV
---
5. Exit ---
ret
;If choice=1
Call Add Mul:
---
;If choice=2 ----
Call Sub ---
---
ret
New in 80386
• Data bus = 32bit, all registers (except Segment) of
32 bit and Eflags is also of 32 bit.
• Address Bus = 32 bit. (4 GB Memory)
• Enhanced Memory Management Unit.
• Supports Virtual addressing.
• Faster execution of arithmetic operations.
• Works in :-
1. Real Mode (8086)
2. Protected Mode
3. Virtual 8086 Mode
• Additional Interrupts in IVT.
FEATURES
• Manufactured using Intel’s complementary High-
performance Metal-oxide-semiconductor 3 process.
• 8 General Purpose Registers of 32-bit .
• 32-bit Address and Data Bus.
• Supports 8 bit,16 bit,32 bit data.
• Prefetch Queue of 16B.
• Very Large address space i.e VM of 64 TB and PM of
4GB.
• Supports Segmentation and Paging.
• 4 levels of Protection.
• Uses 3-stage Pipelines.
• Supports Multitasking with Protection.
• On chip cache memory for TLB.
• Pipelined Instruction Execution.
• Memory Management unit.
• High speed numeric support via 80287 and 80387
coprocessor.
• It can operate in Real , Protected and Virtual 8086
mode.


• The Internal Architecture of 80386 is divided
into 3 sections.
1) Central Processing Unit
2) Memory Management Unit
3) Bus Interface Unit

Central Processing Unit
• Central processing unit is further divided into
Execution Unit and Instruction Unit.
• The Execution Unit has 8 General purpose and 8

Special purpose registers which are either used for
handling data or calculating offset addresses.
• The Instruction Unit decodes the opcode bytes

received from the 16-byte instruction code queue and
arranges them in a 3- instruction decoded instruction
queue.
• After decoding them pass it to the control section
for deriving the necessary control signals. The
barrel shifter increases the speed of all shift
and rotate operations.
• The multiply / divide logic implements the bit-

shift-rotate algorithms to complete the
operations in minimum time.
• Even 32- bit multiplications can be executed

within one microsecond by the multiply / divide
logic.
Memory Management Unit
• The Memory management unit consists of a
Segmentation Unit and a Paging Unit.
• Segmentation unit allows the use of two address

components, viz. segment and offset for
relocability and sharing of code and data.
• Segmentation unit allows segments of size 4

Gbytes at max.
• The Paging unit organizes the physical memory
in terms of pages of 4 kbytes size each.
• Paging unit works under the control of the

segmentation unit, i.e. each segment is further
divided into pages.
• The virtual memory is also organizes in terms of

segments and pages by the memory management
unit.
• The Segmentation unit provides a 4 level Protection
Mechanism for protecting and isolating the system
code and data from those of the application program.
• Paging unit converts Linear addresses into Physical

addresses.
• The Control and Attribute PLA checks the privileges

at the page level. Each of the pages maintains the
paging information of the task.
• The Limit and Attribute PLA checks segment limits

and attributes at segment level to avoid invalid
accesses to code and data in the memory segments.
Bus Interface Unit
• The Bus control unit has a priority-izer to resolve the
priority of the various bus requests.
• This controls the access of the bus. The address driver

drives the bus enable and address signal A0–A31.
• The pipeline and dynamic bus sizing unit handle the

related control signals.
• The data buffers interface the internal data bus with the
system bus.

Register Set
• The 80386 contain total 16 registers,
These registers grouped as:

1. General Purpose
2. Segment
3. Status and Instruction
4. Control Registers
5. System Address Registers
6. Debug Registers
7. Test Registers

General Purpose Registers

Segment Registers

Status and IP

Flag Registers

• VM (Virtual 8086 Mode): If set while the
80386 is in Protected Mode, the 80386 will
switch to Virtual 8086 operation.
• The VM bit can be set only in Protected Mode,
by the IRET instruction (if current privilege
level is 0).
• RF (Resume Flag): The RF flag is used in

conjunction with the debug register
breakpoints.
• When RF is set, it causes any debug fault to be
ignored on the next instruction.
• NT (Nested Task): This flag applies to
Protected Mode.
• NT is set to indicate that the execution of this

task is nested within another task
• The value of NT in EFLAGS is tested by the

IRET instruction to determine whether to do
an inter-task return or an intra-task return.

IOPL (Input / Output Privilege Level)
• This two-bit field applies to Protected Mode.

IOPL indicates the numerically maximum CPL
(Current Privilege Level) value permitted to
execute I/O instructions without generating
an Exception.
• It also indicates the maximum CPL value can

be altered by IF (INTR Enable Flag) bit when
new values are popped into the EFLAG
register.
• IF (INTR Enable Flag): The IF flag, when set,
allows recognition of external interrupts
signaled on the INTR pin.
• TF (Trap Enable Flag): When TF is set, the

80386 generates an exception 1 trap after the
next instruction is executed.
• When TF is reset, exception 1 traps occur only

as a function of the breakpoint addresses
loaded into debug registers DR0-DR3.
• OF (Overflow Flag): It is set if the operation
resulted in a signed overflow. Signed overflow
occurs when the operation resulted in
carry/borrow into the sign bit (high-order bit) of
the result.
• DF (Direction Flag): DF defines whether ESI

and/or EDI registers post-decrement or post-
increment during the string instructions.
• Post-decrement occurs if DF is set.

Flags
• The Arithmetic Instructions use CF, SF, ZF, AF,
PF, CF.
• The control flag DF controls String instruction.
• Clearing DF flag causes string instructions to

auto increment or to process string from low
to high address.
Fundamental Data Types

Byte Integer

Word Integer

BCD

Packed BCD

String

Pointers

Procedures

Why Procedures?

Nested Procedures

Macros

Macros as Inline codes

Difference between Macro and
Procedure

How to define macro
section .data Section .text
Global main
msg: db “hello”,10 Main:
len: equ $-msg -
print msg,len
Section .bss -
-
count: resb 2 print msg,len
-
%macro print 2 -
Mov rax,1 -
Mov rdi,1 ; code of addition and result stored in COUNT variable
Mov rsi, %1 print count,2
Mov rdx, %2 -
Syscall -
%endmacro Mov rax,60
Mov rdi,0
syscall

Stack

Directives
• There are some instructions in the assembly

language program which are not a part of
processor instruction set.
• These instructions are instructions to the

assembler, linker and loader. These are
referred to as pseudo-operations or as
assembler directives.
• Different Data Types in ALP
– DB – Define Byte
– DW – Define Word
– DD – Define Doubleword
– DQ – Define Quadword
– DT – Define Ten Bytes
• Different sections in ALP

– Section .data
– Section .bss
– Section .text

Register File
24-Aug-18 Prof. R. V. Bidwe, PICT, Pune. 124

ALP Constructs
1. Basic Data Types
Data Types:
• Byte (8-bit)
• Word (16-bit)
• Double word (32-bit)
• Quadword (64-bit)
• Ten bytes (80-bit)
2. Data Types
1. Definition directives
• db (define byte)
• dw (define word)
• dd (define double word)
• dq (define quad word)
• dt (define ten bytes)
2. Declaration directives
• resb (reserve byte)
• resw (reserve word)
• resd (reserve double word)
• resq (reserve quad word)
3. Memory addressing directives
• byte
• word
• dword
• qword

Byte Ordering in Computer Memory (Data
definition)
1. Little endian machine

• Stores data little-end first
• Least significant byte at smallest address
• Example: Intel processors (all x86 processors)
2. Big endian machine

• Stores data big-end first
• Most significant byte at smallest address
• Example: IBM processors (Power PC)
Byte Ordering in Computer Memory – Data
Definition (Continued…)
Little endian Big endian
Memory Data Memory Data
location location
1000000A h 1000000A h
10000009 h 12 10000009 h FE
10000008 h 34 10000008 h CD
10000007 h 56 10000007 h 5C
10000006 h 78 10000006 h A9
10000005 h A9 10000005 h 78
10000004 h 5C 10000004 h 56
10000003 h CD 10000003 h 34
10000002 h FE 10000002 h 12
10000001 h 10000001 h
10000000 h 10000000 h
Qnumber
24-Aug-18 dq 12345678A95CCDFE
Prof. R. V.hBidwe, PICT, Pune. 129
Memory addressing Memory location Data
1000000A h
section .data 10000009 h 98
num: dq 9828919849096878h 10000008 h 28
section .bss
10000007 h 91
name: resb 8
10000006 h 98
Memory addressing: 10000005 h 49
mov al, byte[num] ; al = 78 10000004 h
mov ax , word [num] ; ax = 6878
09
10000003 h 68
mov eax , dword [num] ; eax = 49096878
mov rax , qword [num] 10000002 h 78
; rax = 9828919849096878 10000001 h
10000000 h

A. Data Movement Instructions
• These instructions provide convenient
methods for moving bytes, words, or
doublewords of data between memory and
the registers of the base architecture. They fall
into the following classes:
1. General-purpose data movement instructions.

2. Stack manipulation instructions.
3. Type-conversion instructions.

1. General-purpose Data Movement
Instructions
• MOV (Move) transfers a byte, word, or doubleword
from the source operand to the destination operand.
The MOV instruction is useful for transferring data
along any of these paths. There are also variants of
MOV that operate on segment registers.
● To a register from memory

● To memory from a register
● Between general registers
● Immediate data to a register
● Immediate data to a memory
• XCHG (Exchange) swaps the contents of two
operands.
• This instruction takes the place of three MOV

instructions.
• XCHG is especially useful for implementing

semaphores or similar data structures for
process synchronization.

2. Stack Manipulation Instructions
• PUSH (Push) decrements the stack pointer (ESP),
then transfers the source operand to the top of
stack indicated by ESP.
• PUSH is often used to place parameters on the

stack before calling a procedure; it is also the
basic means of storing temporary variables on
the stack.
• The PUSH instruction operates on memory

operands, immediate operands, and register
operands (including segment registers).
• PUSHA (Push All Registers) saves the contents of
the eight general registers on the stack.
• This instruction simplifies procedure calls by

reducing the number of instructions required to
retain the contents of the general registers for
use in a procedure.
• The processor pushes the general registers on the

stack in the following order: EAX, ECX, EDX, EBX,
the initial value of ESP before EAX was pushed,
EBP, ESI, and EDI. PUSHA is complemented by the
POPA instruction.
• POP (Pop) transfers the word or doubleword
at the current top of stack (indicated by ESP)
to the destination operand, and then
increments ESP to point to the new top of
stack.
• POP moves information from the stack to a

general register, or to memory There are also
a variant of POP that operates

• POPA (Pop All Registers) restores the registers
saved on the stack by PUSHA, except that it
ignores the saved value of ESP.

3. Type Conversion Instructions
• The type conversion instructions convert bytes into
words, words into doublewords, and doublewords
into 64-bit items (quad-words).
• There are two classes of type conversion instructions:

1. The forms CWD, CDQ, CBW, and CWDE which
operate only on data in the EAX register.
2. The forms MOVSX and MOVZX, which permit one

operand to be in any general register while permitting
the other operand to be in memory or in a register.

• CWD (Convert Word to Doubleword) and CDQ
(Convert Doubleword to Quad-Word) double the
size of the source operand. CWD extends the sign
of the word in register AX throughout register DX.
• CDQ extends the sign of the doubleword in EAX

throughout EDX.
• CBW (Convert Byte to Word) extends the sign of

the byte in register AL throughout AX.
• CWDE (Convert Word to Doubleword Extended)

extends the sign of the word in register AX
throughout EAX.
• MOVSX (Move with Sign Extension) sign-
extends an 8-bit value to a 16-bit value and a
8- or 16-bit value to 32-bit value.
• MOVZX (Move with Zero Extension) extends

an 8-bit value to a 16-bit value and an 8- or
16-bit value to 32-bit value by inserting high-
order zeros.

B. Binary Arithmetic Instructions
• Addition and Subtraction Instructions
• Comparison and Sign Change Instruction
• Multiplication Instructions
• Division Instructions

Addition and Subtraction Instructions
• ADD (Add Integers) replaces the destination operand
with the sum of the source and destination operands.
Sets CF if overflow.
• ADC (Add Integers with Carry) sums the operands,

adds one if CF is set, and replaces the destination
operand with the result. If CF is cleared, ADC performs
the same operation as the ADD instruction.
• INC (Increment) adds one to the destination operand.

INC does not affect CF. Use ADD with an immediate
value of 1 if an increment that updates carry (CF) is
needed.
• SUB (Subtract Integers) subtracts the source operand from
the destination operand and replaces the destination
operand with the result. If a borrow is required, the CF is
set. The operands may be signed or unsigned bytes, words,
or doublewords.
• SBB (Subtract Integers with Borrow) subtracts the source

operand from the destination operand, subtracts 1 if CF is
set, and returns the result to the destination operand. If CF
is cleared, SBB performs the same operation as SUB.
• DEC (Decrement) subtracts 1 from the destination operand.

DEC does not update CF. Use SUB with an immediate value
of 1 to perform a decrement that affects carry.
2. Comparison and Sign Change
Instruction
• CMP (Compare) subtracts the source operand
from the destination operand. It updates OF, SF,
ZF, AF, PF, and CF but does not alter the source
and destination operands. A subsequent Jcc
instruction can test the appropriate flags.
• NEG (Negate) subtracts a signed integer operand

from zero. The effect of NEG is to reverse the sign
of the operand from positive to negative or from
negative to positive.

3. Multiplication Instructions
• MUL (Unsigned Integer Multiply) performs an
unsigned multiplication of the source operand
and the accumulator.
– If the source is a byte, the processor multiplies it by
the contents of AL and returns the double-length
result to AH and AL.
– If the source operand is a word, the processor
multiplies it by the contents of AX and returns the
double-length result to DX and AX.
– If the source operand is a doubleword, the processor
multiplies it by the contents of EAX and returns the
64-bit result in EDX and EAX.
– MUL sets CF and OF when the upper half of the result
is nonzero; otherwise, they are cleared.
• IMUL (Signed Integer Multiply) performs a signed multiplication
operation.
• IMUL has three variations:

1. A one-operand form. The operand may be a byte, word, or
doubleword located in memory or in a general register. This
instruction uses EAX and EDX as implicit operands in the same way
as the MUL instruction.
2. A two-operand form. One of the source operands may be in any

general register while the other may be either in memory or in a
general register. The product replaces the general-register operand.
3. A three-operand form; two are source and one is the destination

operand. One of the source operands is an immediate value stored in
the instruction; the second may be in memory or in any general
register. The product may be stored in any general register.
4. Division Instruction
• DIV (Unsigned Integer Divide) performs an unsigned
division of the accumulator by the source operand. The
Dividend (the accumulator) is twice the size of the
Divisor (the source operand); the quotient and
remainder have the same size as the divisor, as the
following table shows.

• IDIV (Signed Integer Divide) performs a signed
division of the accumulator by the source
operand. IDIV uses the same registers as the
DIV instruction.

C. Decimal Arithmetic Instructions
• Packed BCD Adjustment Instructions
• Unpacked BCD Adjustment Instructions

1. Packed BCD Adjustment Instructions
• DAA (Decimal Adjust after Addition) adjusts the result
of adding two valid packed decimal operands in AL.
DAA must always follow the addition of two pairs of
packed decimal numbers (one digit in each half-byte)
to obtain a pair of valid packed decimal digits as
results. The carry flag is set if carry was needed.
• DAS (Decimal Adjust after Subtraction) adjusts the

result of subtracting two valid packed decimal
operands in AL. DAS must always follow the subtraction
of one pair of packed decimal numbers (one digit in
each halfbyte) from another to obtain a pair of valid
packed decimal digits as results. The carry flag is set if a
borrow was needed.
2. Unpacked BCD Adjustment Instructions
• AAA (ASCII Adjust after Addition) changes the
contents of register AL to a valid unpacked decimal
number, and zeros the top 4 bits. AAA must always
follow the addition of two unpacked decimal operands
in AL. The carry flag is set and AH is incremented if a
carry is necessary.
• AAS (ASCII Adjust after Subtraction) changes the

contents of register AL to a valid unpacked decimal
number, and zeros the top 4 bits. AAS must always
follow the subtraction of one unpacked decimal
operand from another in AL. The carry flag is set and
AH decremented if a borrow is necessary.
• AAM (ASCII Adjust after Multiplication) corrects the
result of a multiplication of two valid unpacked decimal
numbers. AAM must always follow the multiplication
of two decimal numbers to produce a valid decimal
result. The high order digit is left in AH, the low order
digit in AL.
• AAD (ASCII Adjust before Division) modifies the

numerator in AH and AL to prepare for the division of
two valid unpacked decimal operands so that the
quotient produced by the division will be a valid
unpacked decimal number. AH should contain the high-
order digit and AL the low-order digit. This instruction
adjusts the value and places the result in AL. AH will
contain zero.

D. Logical Instructions
• The group of logical instructions includes:
● The Boolean operation instructions

● Bit test and modify instructions
● Bit scan instructions
● Rotate and shift instructions
● TEST instructions

1. Boolean Operation Instructions
• NOT (Not) inverts the bits in the specified
operand to form a one‘s complement of the
operand.
• The NOT instruction is a unary operation that

uses a single operand in a register or memory.
• NOT has no effect on the flags.

• The AND, OR, and XOR instructions perform the
standard logical operations "and", "(inclusive)
or", and "exclusive or". These instructions can
use the following combinations of operands:
– Two register operands.

– A general register operand with a memory operand.
– An immediate operand with either a general register
operand or a memory operand.
– AND, OR, and XOR clear OF and CF, leave AF
undefined, and update SF, ZF, and PF.

2. Bit Test and Modify Instructions

3. Bit Scan Instructions
• These instructions scan a word or doubleword for a one-
bit and store the index of the first set bit into a register.
• The bit string being scanned may be either in a register or

in memory.
• The ZF flag is set if the entire word is zero (no set bits are
found); ZF is cleared if a one-bit is found. If no set bit is
found, the value of the destination register is undefined.
• BSF (Bit Scan Forward) scans from low-order to high-order

(starting from bit index zero).
• BSR (Bit Scan Reverse) scans from high-order to low-order

(starting from bit index 15 of a word or index 31 of a
doubleword). R. V. Bidwe, PICT, Pune. 168
4. Shift and Rotate Instructions

How it works?

Rotate Instructions

TEST Instruction
• TEST (Test) performs the logical "and" of the two
operands, clears OF and CF, leaves AF undefined, and
updates SF, ZF, and PF.
• The flags can be tested by conditional control transfer

instructions. The operands may be doublewords,
words, or bytes.
• The difference between TEST and AND is that TEST

does not alter the destination operand.
• TEST differs from BT in that TEST is useful for testing

the value of multiple bits in one operations, whereas
BT tests a single bit.
Control Transfer Instructions
• Unconditional Transfer Instructions
• Conditional Transfer Instructions
• Software-Generated Interrupts

1.Unconditional Transfer Instructions
• JMP (Jump) unconditionally transfers control to the
target location. JMP is a one-way transfer of execution;
it does not save a return address on the stack.
• CALL (Call Procedure) activates an out-of-line

procedure, saving on the stack the address of the
instruction following the CALL for later use by a RET
(Return) instruction.
• CALL places the current value of EIP on the stack. The
RET instruction in the called procedure uses this
address to transfer control back to the calling program.

• RET (Return From Procedure) terminates the
execution of a procedure and transfers control
through a back-link on the stack to the program
that originally invoked the procedure.
• RET restores the value of EIP that was saved on

the stack by the previous CALL instruction.
• IRET (Return From Interrupt) returns control to

an interrupted procedure.
• IRET differs from RET in that it also pops the flags

from the stack into the flags register. The flags are
stored on the stack by the interrupt mechanism.
2. Conditional Transfer Instructions

• LOOP (Loop While ECX Not Zero) is a conditional
transfer that automatically decrements the ECX
register before testing ECX for the branch
condition.
• If ECX is non-zero, the program branches to the

target label specified in the instruction.
• The LOOP instruction causes the repetition of a

code section, until the operation of the LOOP
instruction decrements ECX to a value of zero.
• LOOPE (Loop While Equal) and LOOPZ (Loop
While Zero) are synonyms for the same
instruction.
• These instructions automatically decrement the
ECX register before testing ECX and ZF for the
branch conditions.
• If ECX is non-zero and ZF=1, the program
branches to the target label specified in the
instruction.
• If LOOPE or LOOPZ finds that ECX=0 or ZF=0,
control transfers to the instruction immediately
following the LOOPE or LOOPZ instruction.
• LOOPNE (Loop While Not Equal) and LOOPNZ
(Loop While Not Zero) are synonyms for the
same instruction.
• These instructions automatically decrement the
ECX register before testing ECX and ZF for the
branch conditions.
• If ECX is non-zero and ZF=0, the program
branches to the target label specified in the
instruction.
• If LOOPNE or LOOPNZ finds that ECX=0 or ZF=1,
control transfers to the instruction immediately
following the LOOPNE or LOOPNZ instruction.
3. Software-Generated Interrupts
• INT n (Software Interrupt) activates the interrupt
service routine that corresponds to the number
coded within the instruction.
• The interrupt service routine terminates with an

IRET instruction that returns control to the
instruction that follows INT.
• INTO (Interrupt on Overflow) invokes interrupt 4

if OF is set. Interrupt 4 is reserved for this
purpose. OF is set by several arithmetic, logical,
and string instructions.
• BOUND (Detect Value Out of Range) verifies
that the signed value contained in the
specified register lies within specified limits.
• An interrupt (INT 5) occurs if the value

contained in the register is less than the lower
bound or greater than the upper bound.

String and Character Translation
Instructions

If sting instructions are not used..

REP Instruction
•These instructions are used along with string instructions
only.

Instructions for Block-Structured
Languages
• ENTER
• LEAVE

• ENTER: ENTER (Enter Procedure) creates a
stack frame that may be used to implement
the scope rules of block-structured high-level
languages.
• The ENTER instruction includes two operands.

– The first parameter specifies the number of bytes
of dynamic storage to be allocated on the stack
for the routine being entered.
– The second parameter corresponds to the lexical
nesting level (0-31) of the routine.

• Example: ENTER 2048,3
– Allocates 2048 bytes of dynamic storage on the
stack and sets up pointers to two previous stack
frames in the stack frame that ENTER creates for
this procedure.

• LEAVE: LEAVE (Leave Procedure) reverses the
action of the previous ENTER instruction.
• The LEAVE instruction does not include any

operands.
• LEAVE copies EBP to ESP to release all stack

space allocated to the procedure by the most
recent ENTER instruction.

Flag Control Instructions
• The Flag manipulation instructions directly
modify some of the Flags of 8086.
•
i. CLC – Clear Carry Flag.
ii. CMC – Complement Carry Flag.
iii. STC – Set Carry Flag.
iv. CLD – Clear Direction Flag.
v. STD – Set Direction Flag.
vi. CLI – Clear Interrupt Flag.
vii. STI – Set Interrupt Flag.
Flag Transfer Instructions
• LAHF (Load AH from Flags) copies SF, ZF, AF,
PF, and CF to AH bits 7, 6, 4, 2, and 0,
respectively. The contents of the remaining
bits (5, 3, and 1) are undefined. The flags
remain unaffected.
• SAHF (Store AH into Flags) transfers bits 7, 6,

4, 2, and 0 from AH into SF, ZF, AF, PF, and CF,
respectively (see Figure 3-22).

• The PUSHF and POPF instructions are not only
useful for storing the flags in memory where
they can be examined and modified but are
also useful for preserving the state of the flags
register while executing a procedure.

• PUSHF (Push Flags) decrements ESP by two and then
transfers the low-order word of the flags register to the
word at the top of stack pointed to by ESP.
• The variant PUSHFD decrements ESP by four, then
transfers both words of the extended flags register to
the top of the stack pointed to by ESP (the VM and RF
flags are not moved, however).
• POPF (Pop Flags) transfers specific bits from the word

at the top of stack into the low-order byte of the flag
register, then increments ESP by two.
• The variant POPFD transfers specific bits from the
doubleword at the top of the stack into the extended
flags register (the RF and VM flags are not changed,
however), then increments ESP by four.

Coprocessor Interface Instructions
• ESC (Escape) is a 5-bit sequence that begins
the opcodes that identify floating point
numeric instructions.
• The ESC pattern tells the 80386 to send the

opcode and addresses of operands to the
numeric coprocessor.

• WAIT (Wait) is an 80386 instruction that
suspends program execution until the 80386
CPU detects that the BUSY pin is inactive.
• BUSY condition indicates that the coprocessor

has completed its processing task and that the
CPU may obtain the results.

Segment Register Instructions
1. Segment-register transfer instructions.
MOV SegReg, ...

MOV ..., SegReg
PUSH SegReg
POP SegReg

2. Control transfers to another executable
segment.
JMP far
CALL far
RET far

3. Data pointer instructions.
LDS
LES
LFS
LGS
LSS

• LDS (Load Pointer Using DS) transfers a pointer
variable from the source operand to DS and the
destination register.
• The source operand must be a memory operand,

and the destination operand must be a general
register.
• DS receives the segment-selector of the pointer.

The destination register receives the offset part
of the pointer, which points to a specific location
within the segment.
• Example: LDS ESI, STRING_X
– Loads DS with the selector identifying the

segment pointed to by a STRING_X, and loads the
offset of STRING_X into ESI.
– Specifying ESI as the destination operand is a

convenient way to prepare for a string operation
on a source string that is not in the current data
segment.

• LES (Load Pointer Using ES) operates
identically to LDS except that ES receives the
segment selector rather than DS.
• Example: LES EDI, DESTINATION_X
– Loads ES with the selector identifying the segment

pointed to by DESTINATION_X, and loads the
offset of DESTINATION_X into EDI.
– This instruction provides a convenient way to
select a destination for a string operation if the
desired location is not in the current extra
segment.
• LFS (Load Pointer Using FS) operates
identically to LDS except that FS receives the
• LGS (Load Pointer Using GS) operates

identically to LDS except that GS receives the
• LSS (Load Pointer Using SS) operates

identically to LDS except that SS receives the
Miscellaneous Instructions
• Address Calculation Instruction
• No-Operation Instruction
• Translate Instruction

Address Calculation Instruction
• LEA (Load Effective Address) transfers the offset of the
source operand (rather than its value) to the destination
operand. The source operand must be a memory operand,
and the destination operand must be a general register.
• This instruction is especially useful for initializing registers
before the execution of the string primitives (ESI, EDI) or
the XLAT instruction (EBX). The LEA can perform any
indexing or scaling that may be needed.
• Example: LEA EBX, EBCDIC_TABLE
• Causes the processor to place the address of the starting

location of the table labeled EBCDIC_TABLE into EBX.

No-Operation Instruction
• NOP (No Operation) occupies a byte of
storage but affects nothing but the instruction
pointer, EIP.

Translate Instruction
• XLAT (Translate) replaced a byte in the AL register with
a byte from a user-coded translation table.
• When XLAT is executed, AL should have the unsigned

index to the table addressed by EBX. XLAT changes the
contents of AL from table index to table entry. EBX is
unchanged.
• The XLAT instruction is useful for translating from one
coding system to another such as from ASCII to EBCDIC.
The translate table may be up to 256 bytes long. The
value placed in the AL register serves as an index to the
location of the corresponding translation value.
Addressing Modes
• What is Addressing Mode?
– The way operand is specified within an

instruction, i.e., either as an immediate operand
or indirect operand or direct operand.
– The way to access Variables, Arrays, Records,

Pointer and other complex data types.

• Types of addressing modes
o Register Addressing Modes
o Immediate Operand Addressing
o Memory Operand Addressing
• Each operand can use a different addressing

Mode.

Register Addressing Mode
• The effect of executing the {MOV BX,CX}
instruction at the point just before the BX
register changes. Note that only the rightmost
16 bits of register EBX change.

Immediate Addressing Mode
• The operation of the {MOV EAX,13456H}
instruction. This instruction copies the
immediate data (13456H) into EAX.

Memory Addressing Modes
• The 8086 processor generalized the memory
addressing modes.
• In 8086 you are allowed to use BX or BP as

Base Registers apart from Segment Registers
and SI or DI as Index Registers.

1. Direct Data Addressing
• The operation of the {MOV AL, byte[1234H]}
instruction when DS=1000H .

2. Register Indirect Addressing
• 8086 Allows data to be addressed at any
memory location through an offset address
held in any of the following registers: BP, BX,
DI, and SI.
• Base Address is given by Segment Registers.

• The operation of the {MOV AX, word[BX]}
instruction when BX = 1000H and DS = 0100H.
Note that this instruction is shown after the
contents of memory are transferred to AX.

3. Base+ Index Addressing
• An example showing how the base-plus-index
addressing mode functions for the
{MOV DX, word[BX + DI]} instruction.
Note: DS=0100H, BX=1000H and DI=0010H.

4. Base+ Index+ Displacement Addressing
• Similar to base-plus-index addressing and
displacement addressing.
– Data in a segment of memory are addressed by
adding the displacement to the contents of a
base or an index register (BP, BX, DI, or SI)
• Figure shows the operation of the

{MOV AX, word[BX+1000H]} instruction.
when BX=0100H and DS=0200H

• The operation of the
{MOV AX, word[BX+1000H]} instruction.

Implied/ Implicit Addressing Mode
• Instructions with no oprand belongs to this
addressing mode.

ASCII to Hex Table

Blue Screen Error: Exception

MP UNIT 2
Bus Cycles and System Architecture
Topics
• Initialization- Processor State after Reset
• 80386DX Signals- Pin Diagram of 80386 and

description.
• 80386DX Bus Cycles- System Clock, Bus States,

Pipelined and Non-pipelined Bus Cycles.
• System Architecture- System Registers, System

Instructions

Initialization- Processor State After
Reset
•EAX: holds zero if the 80386 passed the test
(Power on self test).
• A nonzero value in EAX indicate 80386 unit is

faulty.
• EDX: It holds a component identifier and revision

number after RESET as Figure 5-1 illustrates. DH
contains 3, which indicates an 80386 component.
DL contains a unique identifier of the revision level.
The remaining registers and flags are set as follows:
EFLAGS = 00000002 H
IP = 0000FFF0 H
CS selector = 0000 H
DS selector = 0000 H
ES selector = 0000 H
SS selector = 0000 H
FS selector = 0000 H
GS selector = 0000 H
IDTR:
Base =0
Limit = 03FF H
All registers not mentioned above are undefined.

• CLK2: The input pin provides the basic system
clock timing for the operation of 80386.
• D0 – D31: These 32 lines act as bidirectional data

bus during different access cycles.
• A31 – A2: These are upper 30 bit of the 32- bit

address bus.
• BE0 to BE3: (Active Low) The 32- bit data bus

supported by 80386 and the memory system of
80386 can be viewed as a 4-byte wide memory
access mechanism.
Bus Control
ADS#: (Address Data Strobe)
Active when issued a valid request.
The address status output pin indicates that the
address bus and Bus Cycle Definition Pins( W/R#,
D/C#, M/IO#, BE0# to BE3# ) are carrying the
respective valid signals.
BS16#: The bus size – 16 input pin allows the

interfacing of 16 bit devices with the 32 bit wide
80386 data bus.
• READY#: The ready signals indicates to the
CPU that the previous bus cycle has been
terminated and the bus is ready for the next
cycle. The signal is used to insert WAIT states
in a bus cycle and is useful for interfacing of
slow devices with CPU.
• NA#: Gives address of next instruction if

pipelining is enabled. If pipelining is not
enabled, this pin is high, if instruction is in
waiting state.

Bus Arbitration
• HOLD: The Bus hold input pin enables the
other bus masters to gain control of the
system bus if it is asserted.
• HLDA: The bus hold acknowledge output

indicates that a valid bus hold request has
been received and the bus has been
relinquished by the CPU.

Interrupts
• INTR: This interrupt pin is a mask-able interrupt,
that can be masked using the IF of the flag
register.
• NMI: A valid request signal at the non-mask-able

interrupt request input pin internally generates a
non- mask-able interrupt of type 2.
• RESET: A high at this input pin suspends the

current operation and restart the execution from
the starting location.
Co-Processor Signaling
• BUSY#: The busy input signal indicates to the
CPU that the coprocessor is busy with the
allocated task.
• ERROR#: The error input pin indicates to the

CPU that the coprocessor has encountered an
error while executing its instruction.
• PEREQ: (Processor extension request)

Output signal indicates to the CPU to fetch
data.
A bus cycle definition pins
• LOCK#: BUS LOCK is a bus cycle definition pin
that indicates that system have locked system
bus of other peripherals.
• W/R#: WRITE/READ is a bus cycle definition

pin that distinguishes write cycles from read
cycles.

• D/C#: DATA/CONTROL is a bus cycle definition
pin that distinguishes data cycles, either
memory or I/O, from control cycles which are:
interrupt acknowledge, halt, and instruction
fetching.
• M/IO#: MEMORY I/O is a bus cycle definition

pin that distinguishes memory cycles from
input/output cycles.

Power Connection Pins
• VCC: These are system power supply lines.
• GND:

System Clock

Non-pipelined read & write cycles
(No wait states)

Non-pipelined read & write cycles
(With wait states)

Bus States (Using non-pipelined
address)

• T1: First clock of a non-pipelined bus cycle (Intel386
DX drives new address and asserts ADS#)
• T2: subsequent clocks of a bus cycle when NA# has

not been sampled asserted in the current bus cycle
• Ti: idle state
• Th: Hold acknowledge state (Intel386 DX asserts

HLDA)
• The fastest bus cycle consists of two states: T1 and

T2.
Asserting BS16#: No wait states

Asserting BS16#: Wait states

Transitioning to pipelined address

Fast Transitioning to pipelined address

System Registers
• EFLAGS
• System Registers
• Control Registers
• Debug Registers
• Test Registers
Flag Registers

• VM (Virtual 8086 Mode): If set while the
Intel386 DX is in Protected Mode, the Intel386
DX will switch to Virtual 8086 operation.
• The VM bit can be set only in Protected Mode,
by the IRET instruction (if current privilege
level e 0)
• RF (Resume Flag): The RF flag is used in

conjunction with the debug register
breakpoints.
• When RF is set, it causes any debug fault to be
ignored on the next instruction.
• NT (Nested Task): This flag applies to
Protected Mode.
• NT is set to indicate that the execution of this
task is nested within another task
• The value of NT in EFLAGS is tested by the
IRET instruction to determine whether to do
an inter-task return or an intra-task return.

IOPL (Input / Output Privilege Level)
• This two-bit field applies to Protected Mode.

IOPL indicates the numerically maximum
CPL(current privilege level) value permitted
to execute I/O instructions without
generating an Exception
• It also indicates the maximum CPL value
allowing alteration of the IF (INTR Enable Flag)
bit when new values are popped into the
EFLAG register
• IF (INTR Enable Flag): The IF flag, when set,
allows recognition of external interrupts
signaled on the INTR pin.
• TF (Trap Enable Flag): When TF is set, the

Intel386 DX generates an exception 1 trap
after the next instruction is executed.
• When TF is reset, exception 1 traps occur only
as a function of the breakpoint addresses
loaded into debug registers DR0-DR3.

• OF (Overflow Flag) : It is set if the operation
resulted in a signed overflow. Signed overflow
occurs when the operation resulted in
carry/borrow into the sign bit (high-order bit) of
the result.
• DF (Direction Flag) : DF defines whether ESI

and/or EDI registers post-decrement or post-
increment during the string instructions.
• Post-decrement occurs if DF is set

Flags
• The arithmetic instructions use CF, SF, ZF, AF,
PF, CF
• The control flag DF controls “STRING”
instruction
• Clearing DF flag causes string instructions to
auto increment or to process string from low
to high address

Control Register

CR
• The CR0 is identical to the MSW (Machine
Status Word) found in 80286 except that this
is 32 bit wide.
• CR1 is not used in 80386.
• CR2 hold the Linear Page Address of the last

page accessed before a page fault interrupt.
• CR3 holds the Page Directory Base Address.

PG (Paging Enable):
Selects Page Table Translation of linear
addresses into physical addresses when
PG=1. Page table translation allows any linear
address to be assigned any physical memory
location.
ET (Processor Extension Type):
Selects the 80287 coprocessor when ET=0 or
the 80387 coprocessor when ET=1.
This bit was installed because there was no
80387 available when the 80386 first
appeared.
TS (Task Switch):
Indicate that the 80386 has switched tasks(In
protected mode ,changing the content of TR
places a 1 in TS).
EM (Emulate Processor Extension):

The emulate bit set to cause a type 7 interrupt
for each ESC instruction. (ESC instructions are
used to encode instruction for the 80387
coprocessor. So when it is set co-processor
generates coprocessor not available fault).
[Type 7 Interrupt: Co-Processor Not Available.]

MP (Monitor Processor Extension):
Is reset to indicate that the arithmetic
coprocessor is present in the system.
PE (Protection Enable):
Is set to select the Protected Mode of
operation for the 80386.It may also cleared to
reenter the real mode.

Debug Register

• These are used to control debug functions.
• The first four debug register contain 32 bit linear

break point addresses.
• The breakpoint addresses ,which may locate an

instruction, are constantly compared with the
addresses generated by the program.
• If a match occurs , the 80386 will cause a type 1

interrupt(trap or debug) to occur, if directed by
debug registers DR6 (Debug status register) or
DR7 (Debug control register).

BT:
If set the debug interrupt was caused by a task
switch.
BS:
If set the debug interrupt was caused by the TF
bit in the flag register.
BD:
If set the debug interrupt was caused by an
attempt to read the debug register with the GD
bit set.
The GD bit protects access to the debug registers.
B3-B0:
Indicate which of the 4 debug breakpoints
addresses caused the debug interrupt.
LEN:
Defines the size of access at the breakpoint
address as 00(byte), 01(word), 10(Currently Not
Used) or 11 (double word).
RW:
Selects the cause of action that that enabled
breakpoint address as 00 (instruction
access),01(data write), 10(Currently Not Used),
11(data read n write).
• The low-order eight bits of DR7 (L0 - L3 and G0 - G3)
selectively enable the four address breakpoint conditions.
There are two levels of enabling: the local (L0 through L3)
and global (G0 through G3) levels.
• The local enable bits are automatically reset by the
processor at every task switch to avoid unwanted
breakpoint conditions in the new task. The global enable
bits are not reset by a task switch; therefore, they can be
used for conditions that are global to all tasks.
• The LE and GE bits control the "exact data breakpoint

match" feature of the processor.
• If either LE or GE is set, the processor slows execution so
that data breakpoints are reported on the instruction that
causes them.
• It is recommended that one of these bits be set whenever
data breakpoints are armed. The processor clears LE at a
task switch but does not clear GE.
Test Registers
• Two test registers are provided for the purpose of
testing.
• TR6 is the Test Command Register, and TR7 is the
Test Data Register.
• These registers are accessed by variants of the MOV
instruction.
• A test register may be either the source operand or
destination operand.
• The MOV instructions are defined in both real-
address mode and protected mode.
• The test registers are privileged resources; in
protected mode, the MOV instructions that
access them can only be executed at privilege
level 0.
• An attempt to read or write the test registers

when executing at any other privilege level
causes a General Protection Exception.

Test Operations

UNIT 3
Memory Management

Memory Addresses
• Logical address: Included in the machine language instructions
to specify the address of an operand or of an instruction.
- Embodies the well-known 80 x 86 segmented architecture.
- Consists of a segment and an offset.
• Linear address (virtual address): A single 32-bit unsigned

integer.
- Can be used to address up to 4 GB
- Usually represented in hexadecimal notation.
• Physical address: Used to address memory cells in memory

chips.
- Physical addresses are represented as 32-bit or 36-bit
unsigned integers.
Segmentation
• Starting with the 80286 model, Intel microprocessors
perform address translation in two different ways
called real mode and protected mode.
• Real mode exists mostly to maintain processor

compatibility with older models and to allow the
operating system to bootstrap.

Descriptor Tables
• Global Descriptor Table (GDT)
• Local Descriptor Table (LDT)
• Interrupt Descriptor Table (IDT)

Selectors and Descriptors
• A logical address consists of two parts: a segment
identifier and an offset that specifies the relative
address within the segment.
• The segment identifier is a 16-bit field called the

Segment Selector, while the offset is a 32-bit field.
• To make it easy to retrieve segment selectors quickly,

the processor provides segmentation registers whose
only purpose is to hold Segment Selectors; these
registers are called CS, SS, DS, ES, FS, and GS.
Selectors
Segment Registers are now called Segment
Selectors and point to structure called a
Segment Descriptor.
Segment selector contain a 13 bit index field

that is used to select one of 8192 segment
descriptor that resides either in Global
Descriptor Table (GDT) or Local Descriptor
Table (LDT).

• There is only one GDT in protected mode.
• Protected mode tasks, however ,may each have

their own LDT.
• The TI bit in the segment selector picks the

appropriate descriptor table during translation.
• Two Requestor Privilege Level (RPL) bits are used

in protection check to determine if access to
segment is allowed.

• Selector may be loaded into any of the six
segment registers (CS,DS,SS,ES,FS,GS).
• A selector that has an index value of zero and

points to GDT is called a Null Selector.
• This selector value is reserved to provide a

method if initializing segment registers, since
any access using a null selector generate an
exception (General-protection Exception- INT
13).

Descriptors
• A descriptor is a series of 8 bytes that describe
and locate a memory segment.
• It contain 32 bit base address that specifies the

beginning of the segment of memory controlled
by the descriptor.
• The size of segment is indicated by a 20 bit limit

field and the state of the Granularity Bit (G bit).

• A segment descriptor provides the 80386
with the data it needs to map a logical
address into a linear address.
• These descriptors are not created by

programs, but created by Compilers, Linkers,
Loaders, or the Operating System.

Access Right Byte

• When G (Granularity bit) is set, the limit bit represent
the number of 4kb pages contains in the segment.
• This allows the size of segment to be of any length

from 4KB to 4GB.
• When this bit is cleared (G = 0) the 20-bit limit field is

assumed to be measured in units of 1 byte. If it is set
(G = 1), the limit field is in units of 4 KB.
• Two Descriptor Privilege Level (DPL) bits specifies the

privilege level required to access the segment.
• An attempt by less privilege task to use the segment

result in exception.
P (Present Bit):
Indicate whether the segment is present in
memory. A segment-not-present exception is
generated if this bit is clear when the segment
descriptor is accessed.
S (Segment Descriptor) :
When set, indicate that the segment is a
system segment. When clear, the segment is a
code or data segment.

D (Default Operation Size):
For code segment, D controls the default
operand and address size (16 bit when D is
clear versus 32 bit when set).
For data segment, D controls how stack is
manipulated (via SP /ESP with 16/32 bit
pushes/pops)
AVL : Available to programmer.

Example of D bit uses
• for Code segment
– D = 0 means 16-bit 80286 code
– D = 1 means 32-bit 80386+ code
• for Stack Segment

– D = 0  Stack operations are 16-bit wide,
 SP is used as a stack pointer,
 Maximum stack size is FFFF (64 KB)
–D=1  Stack operations are 32-bit wide,

 ESP is used as a stack pointer,
 Maximum stack size is FFFFFFFF (4GB)
18
Available (AVL) bit
• The AVL (available) field specifies whether the

descriptor is available for user or it is for use
by operating system.
– AVL=0 not available for user, used by OS

– AVL=1 available for user
19
Type field
E (Executable):
Executable selects a stack segment (E=0) or a
code segment (E=1) .E also defines the function
of the next two bits.
X (Expansion):
If E=0,then X indicates the direction of expansion
for the data segment . If X=0,the segment expand
upward , as in a data segment.

RW (Read Write):
If E=0,then the read/write bit indicate that the
data segment may be written or not.
If E=1,then RW indicate that the code segment
may be read (RW=0) or not read (RW=1).

A (Accessed Bit):
Accessed is set each time that the
microprocessor accesses the segment.
It is sometimes used by operating system to
keep track of which segments have been
accessed.

Types of Descriptors
• System: • Non System:
1. LDT 1. Data
2. Task State Segment 2. Stack
(TSS) 3. Code
3. GATE
1. Call
2. Interrupt
3. Task
4. Trap

Code and Data Descriptions

System Descriptor Formats

LDT Descriptor (Type 2)
• It describes about LDT.
• It is present in GDT and point to base of the

LDT.
• The segment descriptors in LDT are unique to

each task.

GATE Descriptor
• It is special type of descriptor used for protection

checks.
• They also control the access to entry points.
 Call Gate (C): Used to modify the privilege level.

 Task Gate (5): Used in Multitasking.
 Interrupt Gate (E): Used to specify ISR.
 Trap Gate (F): Used for interrupt and exception
handling.

• A Word Count which specifies how many
parameters are to be copied from the caller's
stack to the stack of the called routine.
• The Word Count field is only used by call

gates when there is a change in the privilege
level, other types of gates ignore the word
count field.

• Interrupt and Trap Gates use the destination
selector and destination offset fields of the
gate descriptor as a pointer to the start of the
interrupt or trap handler routines.
• The difference between interrupt gates and

trap gates is that the interrupt gate disables
interrupts (resets the IF bit) while the trap
gate does not.

Task State Segment (TSS) Descriptor
• In multitasking the task segment is addressed
with the help of TSS descriptor.
• It contain the information of location, size and

Privilege level of TSS.
• It appears only in GDT

TSS Descriptor
The B bit controls the size of the stack pointer register. If B=1,
ESP will be used to point stack. And If B=0, SP will be used to
point stack.
Page Translation

Paging

PDE (Page Directory Entry)
• The page directory have 1024 directory entries of 4
bytes each.
• Each page directory entry addresses a page table
that contains 1024 entries.

• Each Page Directory Entry contains the
1. Address of the next level of tables
2. Page Tables and information about the page
table.
• The upper 10 bits of the linear address

(A22±A31) are used as an index to select the
correct Page Directory Entry.

• D : The D (Dirty) bit 6 is set to 1 before a write to an
address covered by that page table entry occurs.
• A : The A (Accessed) bit 5, is set by the Intel386 DX for

both types of entries before a read or write access
occurs to an address covered by the entry.
• U/S and R/W : These bits are used to provide User/

Supervisor and Read/Write protection for individual
pages.
• P : The P (Present) bit 0 indicates if a Page Directory or

Page Table entry can be used in address translation.
– If P = 1 the entry can be used for address translation.

• User which corresponds to level 3 of the
segmentation based protection, and
supervisor which encompasses all of the
other protection levels (0, 1, 2).

PTE (Page Table Entry)
• Each Page Table is 4K bytes and holds up to 1024

Page Table Entries.
• Page Table Entries have the starting address of the
page frame and statistical information about the
page.

• The 20 upper bit page frame address is
concatenated with the lower 12 bits of the
linear address to form the physical address.
• Page tables can be shared between tasks and

swapped to disks.

Translation Look-aside Buffer
• The Intel386 DX keeps a cache of the most
recently accessed pages, this cache is called
the Translation Look-aside Buffer (TLB).
• The 32-entry TLB coupled with a 4K page size,

results in coverage of 128K bytes of memory
addresses.

TLB

• The paging unit hardware receives a 32-bit
linear address from the segmentation unit.
• The upper 20 linear address bits are

compared with all 32 entries in the TLB to
determine if there is a match.
• If there is a match (i.e. a TLB hit), then the 32-

bit physical address is calculated and will be
placed on the address bus.
Combining Segment and Page
Translation

Segmentation in 80386DX

Paging

Demand Paging
• Demand Paging follows that pages should
only be brought into memory if the executing
process demands them.
• This is often referred to as Lazy Evaluation as

only those pages demanded by the process
are swapped from secondary storage to main
memory.

• The new terms we will be learning in this
section is:
– Demand Paging
– Swapping
– Virtual Memory / Virtualization

Steps involved in Demand Paging
1. Determining Memory Requirement
2. Allocating Memory
3. Saving the Contents of Reallocated Memory
4. Remapping a Page Memory
5. Restoring Reallocated Pages

1. Determining Memory Requirement
• Theoretically, a program gives best performance

when it is completely loaded into primary
memory, but practically it is not possible.
• Majority of memory is used by OS, Memory

resident Programs and other user’s programs, or
memory may not be available.
• So as per requirement of new task, memory will

be made free by swapping out data to secondary
memory.
2. Allocating Memory
• System will check A bit (Bit 5) from PTE of

every page, and accordingly pages will be
allocated.
• If accessed bit has not be set by the system,

meaning is that 4 KB page frame is never
references by the processor.
• If required, System will use LRU algorithm.

3. Saving the Contents of Reallocated
Memory
• Contents from page frame will be copied to

secondary memory.
• During copying, D bit (bit 6) from PTE will be

checked.

4. Remapping a Page Memory
• After completing copy from the page, P bit

from PTE will be set again, as new valid
entries are added to page of new task.
• Also entries from TLB will be updated

accordingly.

5. Restoring Reallocated Pages
• Data may be restored to pages as per system

requirement.

Demand Paging and Virtual Memory
1. Creates the illusion of nearly infinite memory.
2. Achieved by “Swapping” pages by physical
memory.
3. Processor requests page marked not present.
4. Page is chosen for reuse.
5. Contents of page are swapped out.
6. Page is readdressed.
7. Program is restarted.

Virtual Memory in 80386
• In a system, at any point minimum 16,384
descriptors (8192 of GDT + 8192 of LDT) will be
present.
• Each descriptor from system can address a

memory of minimum 1 Byte and Maximum 4
GB.
• So the virtual memory supported by the system

will be 64 TB. (16,384 descriptors * 4 GB= 64 TB)
System Instructions
1. Verification of pointer parameters :
i. ARPL ── Adjust RPL

ii. LAR ── Load Access Rights
iii. LSL ── Load Segment Limit
iv. VERR ── Verify for Reading
v. VERW ── Verify for Writing

2. Addressing descriptor tables :
i. LLDT ── Load LDT Register

ii. SLDT ── Store LDT Register
iii. LGDT ── Load GDT Register
iv. SGDT ── Store GDT Register

3. Multitasking:
i. LTR ── Load Task Register

ii. STR ── Store Task Register
4. Coprocessing and Multiprocessing):
i. CLTS ── Clear Task-Switched Flag

ii. ESC ── Escape instructions
iii. WAIT ── Wait until Coprocessor not available

5. Input and Output:
i. IN ── Input
ii. OUT ── Output
iii. INS ── Input String
iv. OUTS ── Output String
6. Interrupt control:
i. CLI ── Clear Interrupt-Enable Flag
ii. STI ── Set Interrupt-Enable Flag
iii. LIDT ── Load IDT Register
iv. SIDT ── Store IDT Register

7. Debugging :
i. MOV ── Move to and from debug registers
8. TLB testing:
i. MOV ── Move to and from test registers
9. System Control:
i. SMSW ── Set MSW
ii. LMSW ── Load MSW
iii. HLT ── Halt Processor
iv. MOV ── Move to and from control registers
UNIT 4
Protection
Why Protection?
• The purpose of the protection features of the
80386 is to help detect and identify bugs
(Unauthorized accesses).
• To help debug applications faster and make

them more robust in production, the 80386
contains mechanisms to verify memory
accesses and instruction execution for
conformance to protection criteria.

Overview of 80386DX Protection
Mechanisms
1. Type checking
2. Limit checking
3. Restriction of addressable domain
4. Restriction of procedure entry points
5. Restriction of instruction set
– The concept of "Privilege" is central to several
aspects of protection (numbers 3, 4, and 5 in the
above list).

Segment-Level Protection
• All five aspects of protection apply to segment
translation:
1. Type checking
2. Limit checking
3. Restriction of addressable domain
4. Restriction of procedure entry points
5. Restriction of instruction set

Descriptors Store Protection
Parameters
• The protection parameters are placed in the
descriptor by systems software at the time a
descriptor is created.
• When a program loads a selector from a segment

register, the processor loads not only the address of
the segment but also protection information.
• Each segment register has bits in the invisible portion

for storing base, limit, type, and privilege level;
therefore, subsequent protection checks on the same
segment do not consume additional clock cycles.
• Clear regions in Figure highlights the protection-
related fields of segment descriptors.

1. Type Checking
• The TYPE field of a descriptor has two functions:
1. It distinguishes among different descriptor

formats. (system/non-system).
2. It specifies the intended usage of a segment.

eg. If the segment is read only segment then its
accessed is limited to only reading purpose.

2. Limit Checking
• The limit field of a segment descriptor is used
by the processor to prevent programs from
addressing outside the segment.
• The processor's interpretation of the limit

depends on the setting of the G (granularity)
bit.

3. Privilege Levels

Protection Check
1. It checks, If the descriptor table index by the
selector contain a valid descriptor for that selector.
2. It also checks to see if the segment descriptor is of

the right type to be loaded into specified segment
register cache.
3. It checks the P bit of the access byte.
4. Further checks are made each time a location in the

actual segment is accessed.
• The rules regarding the stack segment are slightly
different than those involving data segments.
• Instructions that load selectors into SS, must refer to

data segment descriptors for read write permission.
• And also, the DPL and RPL must equal the CPL.

Terminology
• Privilege Level (PL):
– One of the four hierarchical privilege levels.

– Level 0 is the most privileged level.
– Level 3 is the least privileged level.
• Requestor Privilege Level (RPL):
– The privilege level of the original supplier of the

selector.
– RPL is determined by the least two significant bits of a
selector.
• Current Privilege Level (CPL):
– The privilege level at which a task is currently

executing, which equals the privilege level of the
code segment being executed.
– CPL can also be determined by examining the lowest 2
bits of the CS register, except for conforming code
segments.
• Descriptor Privilege Level (DPL):

– The DPL of the descriptor of the target segment.
• Effective Privilege Level (EPL):

– The effective privilege level is the least privileged of
the RPL and DPL. EPL is the numerical maximum of
RPL and DPL.
• I/O Privilege Level (IOPL):
– Defines the least privileged level at which I/O

instructions can be unconditionally performed.
– I/O instructions can be unconditionally performed
when CPL <= IOPL.
– IOPL-sensitive instructions- CLI and STI.
– IF bit can be changed by loading a new value into
the EFLAGS register.

Rules of Privilege
# Data stored in a segment with privilege level P
can be accessed only by code executing at a
privilege level at least as privileged as P.
# A code segment/procedure with privilege level

P can only be called by a task executing at the
same or a lesser privilege level than P.

Privilege Check for Data Access
• Assume that a task needs data from data
segment.
• The privilege levels are checked at the time a

selector for the target segment is loaded into the
data segment register.
• Three privilege levels enter into privilege checking

mechanism
– CPL
– RPL of the selector of target segment
– DPL of the descriptor of the target segment
• The addressable domain of a task varies as CPL
changes.
• When CPL is zero, data segments at all privilege

levels are accessible;
• when CPL is one, only data segments at privilege

levels one through three are accessible;
• when CPL is three, only data segments at

privilege level three are accessible.
• A procedure can only access the data that is at
the same or less privilege level (not
numerically).

Control Transfer
• The far JMP and CALL can be done in 2 ways:
1. Without Call Gate Descriptor
2. With Call Gate Descriptor

Without Call Gate
• The processor permits a JMP or CALL directly
to another segment only if
1.DPL of the target segment = CPL of the
calling segment
2.Confirming bit of the target code is set and
DPL of the target segment ≤ CPL
• Confirming Segment: These segments may be
called from various privilege levels but execute
at the privilege level of the calling procedure.
(e.g. math library, system calls).
Privilege Check for Control Transfer
without Gate

With Call Gate
• The FAR pointer of the control transfer
instruction uses the selector part of the
pointer and selects a gate.
• The selector and offset fields of a gate form a

pointer to the entry of a procedure.

Privilege level transitions can only occur via gates.
• JMPs can be made to a non-conforming code

segment with the same privilege or to a conforming
code segment with greater or equal privilege.
• CALLs can be made to a non-conforming code

segment with the same privilege or via a gate to a
more privileged level.

In case of Interrupts:
• Interrupts handled within the task obey the

same privilege rules as CALLs.
• Conforming Code segments are accessible by

privilege levels which are the same or less
privileged than the conforming-code
segment's DPL.

• The code segment selected in the gate must
be the same or more privileged than the
task's CPL.
• Task switches can be performed by a CALL,

JMP or INT which references either a task
gate or task state segment who's DPL is less
privileged or the same privilege as the old
task's CPL.

Call Gates
• One of the major uses of gates is to provide a
secure method of privilege transfers within a
task.
• Gates can be accessed by a task if the

EPL <= gate descriptor's DPL.
• Call Gates are accessed via a CALL instruction.

Inter-level call gate
1. Load CS:EIP from gate check for validity.
2. SS is pushed zero-extended to 32 bits.
3. ESP is pushed.
4. Copy Word Count 32-bit parameters from the

old stack to the new stack.
5. Push Return address on stack.

Accessing Data in Code Segments
• The following methods of accessing data in code
segments are possible:
1. Load a data-segment register with a selector of a

nonconforming, readable, executable segment.
2. Load a data-segment register with a selector of a

conforming, readable, executable segment.
3. Use a CS override prefix to read a readable,

executable segment whose selector is already
loaded in the CS register.
Restricting Control Transfers
• With the 80386, control transfers are
accomplished by the instructions JMP, CALL,
RET, INT, and IRET, as well as by the exception
and interrupt mechanisms.

• The "Near" forms of JMP, CALL, and RET transfer
within the current code segment, and therefore
are subject only to limit checking.
• The processor ensures that the destination of the

JMP, CALL, or RET instruction does not exceed the
limit of the current executable segment.
• This limit is cached in the CS register.
• Therefore, protection checks for near transfers

require no extra clock cycles.
• The operands of the "Far" forms of JMP and
CALL refer to other segments; therefore, the
processor performs privilege checking. There
are two ways a JMP or CALL can refer to
another segment:
1. The operand selects the descriptor of

another executable segment.
2. The operand selects a call gate descriptor.

Gate Descriptors Guard Procedure
Entry Points
• To provide protection for control transfers among
executable segments at different privilege levels,
the 80386 uses gate descriptors. There are four
kinds of gate descriptors:
● Call gates
● Trap gates
● Interrupt gates
● Task gates

Format of 80386 Call Gate

Privilege Check via Call Gate

• Gates can be used for control transfers to
numerically smaller privilege levels or to the
same privilege level (though they are not
necessary for transfers to the same level).
• Only CALL instructions can use gates to transfer

to smaller privilege levels.
• A gate may be used by a JMP instruction only to

transfer to an executable segment with the same
privilege level or to a conforming segment.

Page-Level Protection
• Two kinds of protection are related to pages:
1. Restriction of addressable domain.
2. Type checking.

Page-Table Entries Hold Protection
Parameters
• Figure highlights the fields of PDEs and PTEs
that control access to pages.

1. Restricting Addressable Domain
• The concept of privilege for pages is
implemented by assigning each page to one of
two levels:
1. Supervisor level (U/S=0) ── for the operating

system and other systems software and related
data.
2. User level (U/S=1) ── for applications procedures
and data.
2. Type Checking
• At the level of page addressing, two types are defined:
1. Read-only access (R/W=0)

2. Read/write access (R/W=1)
• When the processor is executing at supervisor level, all

pages are both readable and writable.
• When the processor is executing at user level, only pages

that belong to user level and are marked for read/write
access are writable.
• Pages that belong to supervisor level are neither readable

nor writable from user level.
Combining Page and Segment
Protection
• When paging is enabled, the 80386 first
evaluates segment protection, then evaluates
page protection.
• If the processor detects a protection violation

at either the segment or the page level, the
requested operation cannot proceed; a
protection exception occurs instead.

Combining Directory and Page
Protection

UNIT 5
Multitasking and Virtual 8086
Mode
Part 1: Multitasking
• To provide efficient, protected multitasking,
the 80386 employs several special data
structures.
● Task State Segment

● Task State Segment Descriptor
● Task Register
● Task Gate Descriptor

• With these structures the 80386 can rapidly
switch execution from one task to another, saving
the context of the original task so that the task
can be restarted later.
• In addition to the simple task switch, the 80386

offers two other task-management features:
1. Interrupts and exceptions can cause task switches. (To

call Interrupt and return from interrupt)
2. With each switch to another task, the 80386 can also
switch to another LDT and to another Page Directory.
Task State Segment
• All the information which is needed to
manage a task, is stored in a special type of
segment, a Task State Segment (TSS).
• The fields of a TSS belong to two classes:

1. Dynamic Set
2. Static Set

1. A Dynamic Set:- The processor updates this set
with each switch from the task. This set includes
the fields that store:
● The general registers (EAX, ECX, EDX, EBX, ESP, EBP,

ESI, EDI).
● The segment registers (ES, CS, SS, DS, FS, GS).
● The flags register (EFLAGS).
● The instruction pointer (EIP).
● The selector of the TSS of the previously executing
task (updated only when a return is expected).

2. A Static Set:- The processor reads this set but
does not change. This set includes the fields that
store:
– The selector of the task's LDT.

– The register (PDBR) that contains the base address of
the task‘s page directory (read only when paging is
enabled).
– Pointers to the stacks for privilege levels 0-2.
– The T-bit (debug trap bit) which causes the processor
to raise a debug exception when a task switch occurs.
– The I/O map base.

TSS

TSS Descriptor

Task Register
• The Task Register (TR) identifies the currently
executing task by pointing to the TSS.
• The task register has both a "visible" portion

(i.e., can be read and changed by instructions)
and an "invisible" portion (maintained by the
processor to correspond to the visible portion;
cannot be read by any instruction).

• The selector in the visible portion selects a TSS
descriptor in the GDT.
• The processor uses the invisible portion to cache

the base and limit values from the TSS
descriptor.
• Holding the base and limit in a register makes

execution of the task more efficient, because the
processor does not need to repeatedly fetch
these values from memory when it references
the TSS of the current task.
• The instructions LTR and STR are used to
modify and read the visible portion of the task
register.
• Both instructions take one operand, a 16-bit

selector located in memory or in a general
register.

Task Gate Descriptor

• A Task Gate Descriptor provides an indirect,
protected reference to a TSS.
• The SELECTOR field of a task gate must refer to

a TSS descriptor.
• The DPL field of a task gate controls the right

to use the descriptor to cause a task switch.

• The 80386 has task gates in addition to TSS
descriptors to satisfy three needs:
1. One task can execute different multiple task

switches, i.e. one TSS may require multiple Task
gate Descriptors.
2. The need to provide selective access to tasks.
Using PL of a task, Task Gate Descriptors choose
high priority task to be executed.
3. The need for an interrupt or exception to cause
a task switch. Task gates may also reside in the
IDT, making it possible for interrupts and
exceptions to cause task switching.
• Task gate in LDT and a task gate in the IDT can
identify the same task.

Task Switching
• The 80386 switches execution to another task
in any of four cases:
1. The current task executes a JMP or CALL that

refers to a TSS descriptor.
2. The current task executes a JMP or CALL that
refers to a Task Gate.
3. An interrupt or exception vectors to a Task Gate in
the IDT.
4. The current task executes an IRET when the NT
flag is set.
• A task switching operation involves these steps:
1. Checking that the current task is allowed to switch
to the designated task. Data-access privilege rules
apply in the case of JMP or CALL instructions.
2. Checking that the TSS descriptor of the new task is

marked present and has a valid limit.
3. Saving the state of the current task. The processor

finds the base address of the current TSS cached in the
task register. It copies the registers into the current TSS
(EAX, ECX, EDX, EBX, ESP, EBP, ESI, EDI, ES, CS, SS, DS,
FS, GS, and the flag register). The EIP field of the TSS
points to the instruction after the one that caused the
task switch.
4. Loading the Task Register with the selector of
the incoming task‘s TSS descriptor, marking
the incoming task's TSS descriptor as busy, and
setting the TS (task switched) bit of the MSW.
5. Loading the incoming task's state from its

TSS and resuming execution. The registers
loaded are the LDT register; the flag register;
the general registers EIP, EAX, ECX, EDX, EBX,
ESP, EBP, ESI, EDI; the segment registers ES, CS,
SS, DS, FS, and GS; and PDBR.

Tests conducted during a Task Switch
NP = Segment-not-
present exception
GP = General
protection fault
TS = Invalid TSS
SF = Stack fault
Validity tests of a
selector checks
whether selector
referring to the
proper
Table or not (eg.,
the LDT selector
refers to the GDT).
Task Linking
• The back-link field of the TSS and the NT (nested
task) bit of the flag work together allow the
80386 to automatically return to a task that
CALLed another task or was interrupted by
another task.
• When a CALL instruction, an interrupt instruction,

an external interrupt, or an exception causes a
switch to a new task, the 80386 automatically
fills the back-link of the new TSS with the
selector of the outgoing task's TSS and, at the
same time, sets the NT bit in the new task's flag
register.
Effect of Task Switch on BUSY, NT, and
Back-Link

Task Address Space
• In 80386, data can be stored in form of
segments or pages.
• The LDT selector and PDBR can be used to

select the appropriate segment or page to
access the data.
• By appropriate choice of the segment and

page mappings for each task, tasks may share
address spaces.
1. Task Linear-to-Physical Space Mapping
• The choices for arranging the linear-to-physical

mappings of tasks fall into two general classes:
1. One “linear-to-physical mapping” shared among

all tasks.
– When paging is not enabled, this is the only
possibility. Without page tables, all linear addresses
map to the same physical addresses.
– When paging is enabled, one page directory is shared

among all executing tasks.
2. Several partially overlapping “linear-to-
physical mappings”.
– This style is implemented by using a different page

directory for each task. As PDBR (page directory
base register) is loaded from the TSS with each
task switch, each task may have a different page
directory.

• In theory, the linear address spaces of
different tasks may map to completely distinct
physical addresses.
• As the entries of different page directories
point to different page tables and the page
tables point to different pages of physical
memory, then the tasks do not share any
physical addresses.
• In practice, some portion of the linear address
spaces of all tasks are mapped to the same
physical addresses (see figure on next slide).
Partially-Overlapping Linear Spaces

2. Task Logical Address Space
• Actually, a common linear-to-physical space
mapping does not enable sharing of data
among tasks.
• To share data, tasks must also have a

common logical-to-linear space mapping; i.e.,
they must also have access to descriptors that
point into a shared linear address space.

• There are three ways to create common
logical-to-physical address-space mappings:
1. Via the GDT. All tasks have access to the

descriptors in the GDT. If those descriptors
point into a linear-address space that is
mapped to a common physical-address space
for all tasks, then the tasks can share data
and instructions.

2. By sharing LDTs. Two or more tasks can use
the same LDT if the LDT selectors in their TSSs
select the same LDT segment.
3. By descriptor aliases in LDTs. It is possible for

certain descriptors of different LDTs to point to
the same linear address space, if they share
common aliases between descriptors.

Task-Nesting
• Tasks can be nested…

Part 2: Virtual 8086 Mode
• The 80386 supports execution of one or more 8086,
8088, 80186 or 80188 programs in an 80386
protected-mode environment.
• An 8086 program runs in this environment as part of a

V86 (virtual 8086) task.
• V86 tasks take advantage of the hardware support of

multitasking offered by the protected mode.
• Not only can there be multiple V86 tasks, each one

executing an 8086 program, but V86 tasks can be
multiprogrammed with other 80386 tasks.
• The purpose of a V86 task is to form a "Virtual
Machine" with which to execute an 8086 program.
• A complete virtual machine consists not only of 80386
hardware but also of systems software.
• Thus, the emulation of an 8086 is the result of
cooperation between hardware and software:
– The Hardware provides a Virtual set of Registers (via the

TSS), a Virtual Memory Space (the first megabyte of the
linear address space of the task), and directly executes all
instructions that deal with these registers and with this
address space.
– The Software controls the external interfaces of the virtual
machine (I/O, interrupts, and exceptions) in a manner
consistent with the larger environment in which it
executes.
• Software that helps implement virtual 8086 machines
is called a V86 monitor.
Executing 8086 Code
i. Registers and Instructions
ii. Linear Address Formation

i. Registers and Instructions
• The register set available in V86 mode
includes all the registers defined for the 8086
plus the new registers introduced by the
80386: FS, GS, Debug Registers, Control
Registers, and Test Registers.
• New instructions that explicitly operate on the

segment registers FS and GS are available

ii. Linear Address Formation
• It shifts the selector left by four bits to form a 20-bit
base address. The effective address is extended with
four high-order zeros and added to the base address to
create a linear address.
• Because of the possibility of a carry, the resulting

linear address may contain up to 21 significant bits.
• An 8086 program may generate linear addresses

anywhere in the range 0 to 10FFEFH (one megabyte
plus approximately 64 Kbytes) of the task's linear
address space.

Structure of a V86 Task
• A V86 task consists partly of the 8086 program to
be executed and partly of 80386 "native mode"
code that serves as the virtual-machine monitor.
• The task must be represented by an 80386 TSS

(not an 80286 TSS).
• The processor enters V86 mode to execute the

8086 program and returns to protected mode to
execute the monitor or other 80386 tasks.

• To run successfully in V86 mode, an existing
8086 program needs the following:
● A V86 Monitor.
● Operating-system services.

• The V86 monitor is 80386 protected-mode code that
executes at privilege-level zero.
• The monitor consists primarily of initialization and

exception-handling procedures.
• As for any other 80386 program, executable-segment

descriptors for the monitor must exist in the GDT or in the
task's LDT.
• The linear addresses above 10FFEFH are available for the

V86 monitor, the operating system, and other systems
software.
• The monitor may also need data-segment descriptors so

that it can examine the interrupt vector table or other parts
of the 8086 program in the first megabyte of the address
space. R. V. Bidwe, PICT, Pune. 42
Protection within a V86 Task
• Because it does not refer to descriptors while
executing 8086 programs, the processor also
does not utilize the protection mechanisms
offered by descriptors.
• To protect the systems software that runs in a

V86 task from the 8086 program, software
designers may follow either of these
approaches:

1. Reserve the first megabyte (plus 64
kilobytes) of each task's linear address space
for the 8086 program.
2. Use the U /S bit of page-table entries to

protect the virtual-machine monitor and
other systems software in each virtual 8086
task's space. When the processor is in V86
mode, CPL is 3. (user Priviliges ) If the pages
of the virtual-machine monitor have
supervisor privilege, they cannot be accessed
by the 8086 program.
Entering and Leaving V86 Mode

• The processor can enter V86 by either of two
means:
1. A task switch to an 80386 task loads the image

of EFLAGS from the new TSS.
– The TSS of the new task must be an 80386 TSS, not
an 80286 TSS, because the 80286 TSS does not store
the high-order word of EFLAGS, which contains the
VM flag.
– A value of one in the VM bit of the new EFLAGS

indicates that the new task is executing 8086
instructions; therefore, while loading the segment
registers from the TSS, the processor forms base
addresses as the 8086 would.

2. An IRET from a procedure of an 80386 task
loads the image of EFLAGS from the stack.
– A value of one in VM in this case indicates that the
procedure to which control is being returned is an
8086 procedure.
– The CPL at the time the IRET is executed must be

zero, else the processor does not change VM.

• The processor leaves V86 mode when an
interrupt or exception occurs. There are two
cases:
1. The interrupt or exception causes a task switch.

– A task switch from a V86 task to any other task loads
EFLAGS from the TSS of the new task.
– If the new TSS is an 80386 TSS and the VM bit in the

EFLAGS image is zero or if the new TSS is an 80286
TSS, then the processor clears the VM bit of EFLAGS,
loads the segment registers from the new TSS using
80386-style address formation, and begins executing
the instructions of the new task according to 80386
protected-mode semantics.

2. The interrupt or exception vectors to a
privilege-level zero procedure.
– The processor stores the current setting of EFLAGS
on the stack, then clears the VM bit.
– The interrupt or exception handler, therefore,
executes as "native" 80386 protected-mode code.
– If an interrupt or exception vectors to a
conforming segment or to a privilege level other
than three, the processor causes a general-
protection exception.
UNIT 6
Interrupts, Exceptions and
Introduction to Microcontrollers
Exceptions and Interrupts
• Interrupts and exceptions are special kinds of control
transfer; they work somewhat like unprogrammed
CALLs.
• They alter the normal program flow to handle external

events or to report errors or exceptional conditions.
• Interrupts are used to handle asynchronous events

external to the processor.
• Exceptions handle conditions detected by the

processor itself in the course of executing instructions.
• There are two sources for external interrupts and
two sources for exceptions:
1. Interrupts
– Maskable interrupts, which are signalled via the INTR
pin.
– Nonmaskable interrupts, which are signalled via the
NMI (Non-Maskable Interrupt) pin.
2. Exceptions
– Processor detected. These are further classified as
Faults, Traps and Aborts.
– Programmed. The instructions INT 0, INT 3, INT n, and
BOUND can trigger exceptions. These instructions are
often called "Software Interrupts", but the processor
handles them as exceptions.
Identifying Interrupts
• Each different type of interrupt or exception
have given a unique identification number.
• The NMI and the exceptions recognized by

the processor are assigned predetermined
identifiers in the range 0 through 31.
• Not all of these numbers are currently used by

the 80386; they are reserved for future.
• The identifiers of the maskable interrupts are
determined by external interrupt controllers (eg.
8259A PIC) and communicated to the processor during
the processor‘s interrupt-acknowledge sequence.
• The numbers assigned by an 8259A PIC can be

specified by software. Any numbers in the range 32
through 255 can be used.
• Exceptions are classified as faults, traps, or aborts

depending on the way they are reported and whether
restart of the instruction that caused the exception is
supported.

• Faults
– Faults are exceptions that are reported "before"

the instruction causing the exception.
– Faults are either detected before the instruction

begins to execute, or during execution of the
instruction.
– If detected during the instruction, the instruction

is automatically restarted by the system.

• Traps
– A trap is an exception that is reported at the

instruction boundary immediately after the
instruction in which the exception was detected.
– Trap happens after or during the execution of

instruction.
– Eg. Debugger breakpoint, Overflow situation,

Division by zero or Invalid memory access.

• Aborts
– An abort is an exception that permits neither

precise location of the instruction causing the
exception nor restart of the program that caused
the exception.
– Aborts are used to report severe errors, such as

hardware errors and inconsistent or illegal values
in system tables.
– Eg. Blue screen error because of RAM or ROM.

Interrupt and Exception ID Assignments

Enabling and Disabling Interrupts
• The processor services interrupts and
exceptions only between the end of one
instruction and the beginning of the next.
• When the repeat prefix is used to repeat a

string instruction, interrupts and exceptions
may occur between repetitions.
• Thus, operations on long strings do not delay

interrupt response.
• Certain conditions and flag settings cause the
processor to inhibit certain interrupts and
exceptions at instruction boundaries.
1. NMI Masks Further NMIs

2. IF (Interrupt-enable Flag) Masks INTR
3. RF Masks Debug Faults
4. MOV or POP to SS Masks Some Interrupts and
Exceptions

1. NMI Masks Further NMIs
– While an NMI handler is executing, the processor

ignores further interrupt signals at the NMI pin
until the next IRET instruction is executed.

2. IF Masks INTR
– The IF (Interrupt-enable Flag) controls the acceptance

of external interrupts signalled via the INTR pin.
– As with the other flag bits, the processor clears IF in

response to a RESET signal.
– The instructions CLI and STI alter the setting of IF.
– CLI and STI explicitly alter IF. These instructions may

be executed only if CPL ≤ IOPL.
• The IF is also affected implicitly by the
following operations:
– The instruction PUSHF stores all flags, including IF,

in the stack where they can be examined.
– Task switches and the instructions POPF and IRET
load the flags register; therefore, they can be used
to modify IF.
– Interrupts through interrupt gates automatically
reset IF, disabling interrupts.

Interrupt Service Sequence
1. External interface sends an interrupt signal, to the
Interrupt Request (INTR) pin, or an internal interrupt
occurs.
2. The CPU finishes the present instruction and sends
Interrupt Acknowledge (INTA) to hardware interface.
3. The interrupt type N is sent to the Central Processor
Unit (CPU) via the Data bus from the hardware
interface.
4. The contents of the flag registers are pushed onto
the stack.
R V Bidwe, PICT, Pune. 15

5. Both the interrupt (IF) and (TF) flags are cleared.
This disables the INTR pin and the trap or single-
step feature.
6. The contents of the code segment register (CS)
are pushed onto the Stack.
7. The contents of the instruction pointer (IP) are
pushed onto the Stack.
8. The interrupt vector contents are fetched, and
then placed into the IP and into the CS so that the
next instruction executes at the interrupt service
procedure addressed by the interrupt vector.
9. While returning from the interrupt-service
routine by the Interrupt Return (IRET)
instruction, the IP, CS and Flag registers are
popped from the Stack and return to their state
prior to the interrupt.

3. RF Masks Debug Faults
– The RF bit in EFLAGS controls the recognition of debug

faults.
– This permits debug faults to be raised for a given

instruction at most once, no matter how many times
the instruction is restarted.
Note: RF (Resume Flag):

– The RF flag is used in conjunction with the debug
register breakpoints.
– When RF is set, it causes any debug fault to be ignored

on the next instruction.
4. MOV or POP to SS Masks Some Interrupts
and Exceptions
– Software that needs to change stack segments
often uses a pair of instructions; for example:
MOV SS, AX
MOV ESP, StackTop
– If an interrupt or exception is processed after SS

has been changed but before ESP has received the
corresponding change, then the two parts of the
stack pointer SS:ESP are inconsistent for the
duration of the interrupt handler or exception
handler.
– To prevent this situation, the 80386, after both a
MOV to SS and a POP to SS instruction, inhibits
NMI, INTR, debug exceptions, and single-step
traps at the instruction boundary following the
instruction that changes SS.
– Some exceptions may still occur; namely, page

fault and general protection fault.
– So, its better to use the 80386 LSS instruction, so

the problem will not occur.

Priority Among Simultaneous
Interrupts and Exceptions
• If more than one interrupt or exception is
pending at an instruction boundary, the
processor services one of them at a time.
• The priority is assigned to classes of interrupt and

exception sources.
• The processor first services a pending interrupt or

exception from the class that has the highest
priority, transferring control to the first
instruction of the interrupt handler.
• Lower priority exceptions are discarded, or
lower priority interrupts are held pending.
• Discarded exceptions will be rediscovered

when the interrupt handler returns control to
the point of interruption.

• Priority Among Simultaneous Interrupts and
Exceptions

Interrupt Descriptor Table
• The Interrupt Descriptor Table (IDT) associates
each interrupt or exception identifier with a
descriptor for the instructions that service the
associated event.
• Like the GDT and LDTs, the IDT is an array of 8-

byte descriptors.
• Unlike the GDT and LDTs, the first entry of the

IDT may contain a descriptor.
• Because there are only 256 identifiers, the IDT
need not contain more than 256 descriptors.
• It can contain fewer than 256 entries; entries are

required only for interrupt identifiers that are
actually used.
• The IDT may reside anywhere in physical

memory. The processor locates the IDT by means
of the IDT register (IDTR).
• The instructions LIDT and SIDT operate on the

IDTR. Both instructions have one explicit
operand: the address in memory of a 6-byte area.
• IDT Register and Table

• LIDT (Load IDT register) loads the IDT register
with the linear base address and limit values
contained in the memory operand.
• This instruction can be executed only when the

CPL is zero.
• It is normally used by the initialization logic of an

operating system when creating an IDT.
• SIDT (Store IDT register) copies the base and limit

value stored in IDTR to a memory location. This
instruction can be executed at any privilege level.

• Pseudo-Descriptor Format for LIDT and SIDT

IDT Descriptors
• The IDT may contain any of three kinds of
descriptor:
– Task gates
– Interrupt gates
– Trap gates

80386 IDT Gate Descriptors

Interrupt Tasks and Interrupt
Procedures
• Using “CALL” instruction, interrupt or exception call a
interrupt handler.
• The processor uses the interrupt or exception identifier

to index a descriptor in the IDT.
• If the processor indexes to an interrupt gate or trap

gate, it invokes the handler in a manner similar to a
CALL to a call gate.
• If the processor finds a task gate, it causes a task switch

in a manner similar to a CALL to a task gate.
1. Interrupt Procedures
• Interrupt Vectoring for Procedures

1.1 Stack of Interrupt Procedure
– Just as with a control transfer due to a CALL

instruction, a control transfer to an interrupt or
exception handling procedure uses the stack to store
the information needed for returning to the original
procedure.
– Interrupt pushes the EFLAGS register onto the stack
before the pointer to the interrupted instruction.
– If any error code is generated, it is also pushed on
the stack.
– An exception handler can use the error code to help
diagnose the exception.

1.2 Returning from an Interrupt Procedure
– An interrupt procedure also differs from a normal

procedure in the method of leaving the
procedure. The IRET instruction is used to exit
from an interrupt procedure.
– IRET is similar to RET except that IRET increments

EIP by an extra four bytes (because of the flags on
the stack) and moves the saved flags into the
EFLAGS register.

1.3 Flags Usage by Interrupt Procedure
– Interrupts that vector through either interrupt

gates or trap gates cause TF (the trap flag) to be
reset after the current value of TF is saved on the
stack as part of EFLAGS.
– A subsequent IRET instruction restores TF to the

value in the EFLAGS image on the stack.

– The difference between an interrupt gate and a
trap gate is in the effect on IF (the interrupt-
enable flag).
– An interrupt that vectors through an interrupt
gate resets IF, thereby preventing other interrupts
from interfering with the current interrupt
handler.
– A subsequent IRET instruction restores IF to the
value in the EFLAGS image on the stack.
– An interrupt through a trap gate does not change
IF.

1.4 Protection in Interrupt Procedures
– The privilege rules for interrupt procedures is

similar to that for procedure calls.
– CPU does not permit an interrupt to transfer
control to a procedure in a segment of lesser
privilege than the current privilege level.
– An attempt to violate this rule results in a General
Protection Exception.
– Because occurrence of interrupts is not generally
predictable, this privilege rule effectively imposes
restrictions on the privilege levels at which
interrupt and exception handling procedures can
execute. R. V. Bidwe, PICT, Pune. 39
– Either of the following strategies can be employed
to ensure that the privilege rule is never violated.
• Place the handler in a conforming segment. This

strategy suits the handlers for certain exceptions (eg.
divide error). Such a handler must use only the data
available to it from the stack. If it needed data from a
data segment, the data segment would have to have
privilege level three, thereby making it unprotected.
• Place the handler procedure in a privilege level zero

segment.

2. Interrupt Tasks
• A task gate in the IDT points indirectly to a
task. The selector of the gate points to a TSS
descriptor in the GDT.

• When an interrupt or exception vectors to a
task gate in the IDT, a task switch results.
• Handling an interrupt with a separate task

offers two advantages:
– The entire context is saved automatically.

– The interrupt handler can be isolated from other
tasks by giving it a separate address space, either
via its LDT or via its page directory.
Error Code
• With exceptions that relate to a specific segment, the
processor pushes an error code onto the stack of the
exception handler (whether procedure or task).
• The format of the error code resembles that of a

selector; however, instead of an RPL field, the error
code contains two one-bit items:
1. The processor sets the EXT bit if an event external to the

program caused the exception.
2. The processor sets the I-bit (IDT-bit) if the index portion of
the error code refers to a gate descriptor in the IDT.

• If the I-bit is not set, the TI bit indicates
whether the error code refers to the GDT
(value 0) or to the LDT (value 1). The
remaining 14 bits are the upper 14 bits of the
segment selector involved.

Divide Error (INT 0)
• The divide-error fault occurs during a DIV or
an IDIV instruction when the Divisor is zero.

Debug Exceptions (INT 1)
• The processor triggers this interrupt for any of a
number of conditions; whether the exception is a fault
or a trap depends on the condition:
– Instruction Address Breakpoint Fault.

– Data Address Breakpoint Trap.
– General Detect Fault. (attempt is made to use the debug
registers at the same time that 80386 is using them) (BD)
– Single-step Trap. (BS)
– Task-switch Breakpoint Trap. (BT)
• The processor does not push an error code for this

exception. An exception handler can examine the
debug registers to determine which condition caused
the exception.
Breakpoint (INT 3)
• Exceptions generated because of breakpoints.

Overflow (INT 4)
• This trap occurs when the processor encounters
an INTO instruction and the OF (overflow) flag is
set. {INTO − Used to interrupt the program
during execution if OF = 1}
• Since signed arithmetic and unsigned arithmetic

both use the same arithmetic instructions, the
processor cannot determine which is intended
and therefore does not cause overflow
exceptions automatically. Instead it merely sets
OF when the results.

Bounds Check (INT 5)
• This fault occurs when the processor, while
executing a BOUND instruction, finds that the
operand exceeds the specified limits.
• BOUND ensures that a signed array index is

within the limits specified by a block of
memory consisting of an upper and a lower
bound.

Invalid op-code (INT 6)
• The Invalid Opcode exception occurs when the
processor tries to execute an invalid or
undefined opcode, or an instruction with invalid
prefixes.
• This exception also occurs when the type of

operand is invalid for the given opcode. Example
include an intersegment JMP referencing a
register operand.
No Math Unit Available
(INT 7)
• It is triggered whenever a floating point instruction is
being executed with the EM (Emulate Processor
Extension) and TS bit of MSW are set.
• It can also be generated when a WAIT instruction is

detected with both MP (Monitor Processor
Extension) and TS bits of MSW are set.
• Wait instruction causes a processor to wait till

coprocessor completes its task.
Double Fault Exception (INT 8)
• A Double Fault exception occurs if
the processor encounters a problem while trying to
service a pending interrupt or exception.
• An example situation when a double fault would

occur is when an interrupt is triggered but the
segment in which the interrupt handler resides is
invalid.
• If the processor encounters a problem when calling

the double fault handler, a Triple Fault is generated
and the processor shuts down
Coprocessor Segment Overrun (INT 9)
• This exception is raised in protected mode if the
80386 detects a Page or Segment Violation while
transferring the middle portion of a coprocessor
operand to the NPX. This exception is avoidable.
• Math Coprocessor is also known as NPX, NDP,

FPU. Numeric Processor Extension (NPX),
Numeric Data Processor (NDP), Floating Point
Unit (FPU).
Invalid Task State Segment
(INT 10)
• Its generated by the following conditions:
I. A illegal back link in a Task State Segment.

II. The TSS containing an illegal CS,DS,ES or FS value.
III. The TSS indicating an invalid privileged stack is not
valid during inter-level call.
IV. The TSS is too small.
V. An invalid or not present LDT in a TSS.

Not Present (INT 11)
• It is generated by trying to load the CS,DS,ES,SS,FS,GS

or a task register with an operand that is valid except
for being marked Not Present. (P bit from descriptor
is reset)

Stack Exception (INT 12)
• A stack fault occurs in either of two general
conditions:
– As a result of a Limit Violation in any operation

that refers to the SS register. This includes stack-
oriented instructions such as POP, PUSH, ENTER,
and LEAVE.
– When attempting to load the SS register with a
descriptor that is marked not-present but is
otherwise valid.

General Protection (INT 13)
• It is activated for all protection exceptions that are
not specifically covered by other exceptions.
A. A jump to data segment with high privilege level.

B. Writing to read only segment.
C. Attempting to address a memory location with an
offset address that exceed the limit for the specified
segment (Invalid Offset).
D. Putting an address into SS for a read only segment
when the address come from a Task State segment.

Page Fault (INT 14)
• It is triggered only in Protected or Virtual mode, is
generated when page fault occurs.
• The returned error code contains following

information:
a) If bit 0 is reset, the exception was generated by a
Page that is not present.
b) If bit 0 set, the exception was generated by a Page
Level Violation.

c) If bit 1 is reset, the exception was caused by
an illegal read access.
d) If bit 1 is set, the exception was caused by an
illegal write access.
e) If bit 2 is reset, the exception was generated

at user level.
f) If bit 2 is set, the exception was generated at
supervisor level.
Introduction to Microcontrollers
General Architecture of
Microcontroller: 8051

Features of 8051 Microcontroller
• An 8051 microcontroller comes bundled with the
following
• features −
– 4KB bytes on-chip program memory (ROM)
– 128 bytes on-chip data memory (RAM)
– Four register banks
– 128 user defined software flags
– 8-bit bidirectional data bus
– 16-bit unidirectional address bus
– 32 general purpose registers each of 8-bit
– 16 bit Timers (usually 2, but may have more or
less)
– Three internal and two external Interrupts
– Four 8-bit ports,(short model have two 8-bit
ports)
– 16-bit program counter and data pointer
– 8051 may also have a number of special features
such as UARTs, ADC, Op-amp, etc.

• A microprocessor, sometimes called a Logic Chip, is a
computer processor on a microchip.
• The microprocessor contains all, or most of, the Central

Processing Unit (CPU) functions.
• A microprocessor is designed to perform arithmetic and

logic operations that make use of small number-holding
areas called Registers.

• Typical microprocessor operations include adding,
subtracting, comparing two numbers, and fetching
numbers from one area to another.

instructions that are part of the microprocessor
design.

Microprocessor Vs. Microcontroller


Applications of Microcontroller
Access Monitoring System

RFID reader (Student’s ID)
Display (Name and authenticity)
Microcontroller
RTC (Real Time Clock)
Buzzer (Intruder detection)
Switch (Buzzer acknowledge)

1. Name: SGDT/SIDT -- Store Global/Interrupt Descriptor Table Register
Usage: SGDT mem (48 bit)
SIDT mem (48 bit)
Description
SGDT/SIDT copies the contents of the descriptor table register the six bytes of memory
indicated by the operand. The LIMIT field of the register is assigned to the first word at
the effective address. If the operand-size attribute is 32 bits, the next three bytes are
assigned the BASE field of the register, and the fourth byte is written with zero. The last
byte is undefined. Otherwise, if the operand-size attribute is 16 bits, the next four bytes
are assigned the 32-bit BASE field of the register.
SGDT and SIDT are used only in operating system software; they are not used in
application programs.
Flags Affected: None
2. SLDT -- Store Local Descriptor Table Register
Usage: SLDT reg/mem (16 bit)
Description
SLDT stores the Local Descriptor Table Register (LDTR) in the two-byte register or
memory location indicated by the effective address operand. This register is a selector
that points into the Global Descriptor Table.
SLDT is used only in operating system software. It is not used in application programs.
3. SMSW -- Store Machine Status Word
Usage: SMSW reg/mem (16 bit)
Description
SMSW stores the machine status word (part of CR0) in the two-byte register or memory
location indicated by the effective address operand.

4. LGDT/LIDT -- Load Global/Interrupt Descriptor Table Register
Usage: LGDT mem (48 bit)
LIDT mem (48 bit)
Description
The LGDT and LIDT instructions load a linear base address and limit value from a six-
byte data operand in memory into the GDTR or IDTR, respectively. If a 16-bit operand is
used with LGDT or LIDT, the register is loaded with a 16-bit limit and a 24-bit base, and
the high-order eight bits of the six-byte data operand are not used. If a 32-bit operand is
used, a 16-bit limit and a 32-bit base is loaded; the high-order eight bits of the six-byte
operand are used as high-order base address bits.
The SGDT and SIDT instructions always store into all 48 bits of the six-byte data
operand. With the 80286, the upper eight bits are undefined after SGDT or SIDT is
executed. With the 80386, the upper eight bits are written with the high-order eight
address bits, for both a 16-bit operand and a 32-bit operand. If LGDT or LIDT is used
with a 16-bit operand to load the register stored by SGDT or SIDT, the upper eight bits
are stored as zeros.
LGDT and LIDT appear in operating system software; they are not used in application
programs. They are the only instructions that directly load a linear address (i.e., not a
segment relative address) in 80386 Protected Mode.
5. LLDT -- Load Local Descriptor Table Register
Usage: LLDT reg/mem (16 bit)
Description
LLDT loads the Local Descriptor Table register (LDTR). The word operand (memory or
register) to LLDT should contain a selector to the Global Descriptor Table (GDT). The
GDT entry should be a Local Descriptor Table. If so, then the LDTR is loaded from the
entry. The descriptor registers DS, ES, SS, FS, GS, and CS are not affected. The LDT
field in the task state segment does not change.
The selector operand can be 0; if so, the LDTR is marked invalid. All descriptor
references (except by the LAR, VERR, VERW or LSL instructions) cause a #GP fault.
LLDT is used in operating system software; it is not used in application programs.

6. LMSW -- Load Machine Status Word
Usage: SMSW reg/mem (16 bit)
Description
LMSW loads the machine status word (part of CR0) from the source operand. This
instruction can be used to switch to Protected Mode; if so, it must be followed by an
intrasegment jump to flush the instruction queue. LMSW will not switch back to Real
Address Mode.
LMSW is used only in operating system software. It is not used in application programs.
7. LTR -- Load Task Register
Usage: LTR reg/mem (16 bit)
Description Loads the source operand into the segment selector field of the task register.
8. STR -- Store Task Register
Usage: STR reg/mem (16 bit)
Description Stores the segment selector field of the task register to operand.

Scanned by CamScanner

MP Unit 1 Introduction To 80386

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MP Unit 1 Introduction To 80386

Uploaded by

Copyright:

Available Formats

MP UNIT 1

Combinational Circuits Modules

R. V. Bidwe, PICT, Pune. 2

• Eg. Instruction set, the number of bits used to

• Eg. Hardware details transparent to the

R. V. Bidwe, PICT, Pune. 4

– It is an architectural design issue whether a

– It is an organizational issue whether that

R. V. Bidwe, PICT, Pune. 5

• It is also called as “Heart of Computer.”

• The microprocessor contains all, or most of, the

• A microprocessor is designed to perform

R. V. Bidwe, PICT, Pune. 6

• These operations are the result of a set of

R. V. Bidwe, PICT, Pune. 7

• It is also called as “Heart of Computer.”

• The microprocessor contains all, or most of, the Central

• A microprocessor is designed to perform arithmetic and

Prof. R. V. Bidwe, PICT, Pune. 10

• These operations are the result of a set of

Prof. R. V. Bidwe, PICT, Pune. 11

Prof. R. V. Bidwe, PICT, Pune. 12

R. V. Bidwe, PICT, Pune. 15

First Generation (1940-1956) Vacuum Tubes

• The first electronic computer was designed at

R. V. Bidwe, PICT, Pune. 18

R. V. Bidwe, PICT, Pune. 19

R. V. Bidwe, PICT, Pune. 20

• The transistor made computers smaller, less expensive

• Second generation computers also saw a new way data

• Punch cards were replaced with magnetic tapes.

• ALP are used for computing.

• One IC could replace

• This made computers even

• OS is used for UI.

R. V. Bidwe, PICT, Pune. 25

– Natural Language Processing

R. V. Bidwe, PICT, Pune. 26

The Intel 4004 Processor was announced in 1971. It has 2300

R. V. Bidwe, PICT, Pune. 28

The Intel 8008 Processor was introduced in 1972. It has 3,500

R. V. Bidwe, PICT, Pune. 29

The Intel 8080 Processor was introduced in 1974. It has 4,500

The Intel 8086 Processor was introduced in 1978. It had a

The Intel 286 Processor was introduced in 1982. It has 134,000

R. V. Bidwe, PICT, Pune. 32

The Intel 386 Processor was introduced in 1985. It has 275,000

The Intel 486 Processor was introduced in 1989. It has 1.2

R. V. Bidwe, PICT, Pune. 34

The Intel Pentium Processor was introduced in 1993. It has 3.1

R. V. Bidwe, PICT, Pune. 35

The Intel Pentium Pro Processor was introduced in 1995. It has

R. V. Bidwe, PICT, Pune. 36

The Intel Pentium II Processor was introduced in 1997. It

The Intel Celeron Processor was introduced in 1998. It has 7.5

The Intel Pentium III Processor was introduced in 1999. It has

The Intel Pentium 4 Processor was introduced in 2000. It has

The Intel Xeon 7500 Processor was introduced in 2001. It has

R. V. Bidwe, PICT, Pune. 41

The Intel Pentium M Processor was introduced in 2003. It

The Intel Core 2 Processor was introduced in 2006. It has

R. V. Bidwe, PICT, Pune. 43

The Intel Core 2 Duo Processor was introduced in 2008. It