notes unit 2
notes unit 2
When the 80386 is turned ON, or if reset button is pressed, it always begins operating in Real
mode.(Then programmer has to write program to operate the processor in Protected mode.)
1. When the processor is turned ON or Reset, the registers have the values shown in Table.
X=undefined
2. If BUSY pin is active(i.e. low), then MP then performs self test , (The result of self test is stored in
EAX)
3. MP checks if 80387 numeric processor is present on the motherboard or not by checking signal on
ERROR pin .
4. MP fetches always its first instruction from a fixed physical address FFFFFFF0.(since CS=F000 &
IP =FFF0). This is 16 bytes before the high end of the 80386’s 4GB address space i.e. FFFFFFFF.
And this address space is given to ROM in the PC. There we can write jump instruction , to go to our
program.
5. We can decide whether to continue in real mode or switch the80386 to protected mode.
functionality of various pins
#means active low i.e. when that pin is low,it is active else it is deactive.
CLK2( input )provides clock signal for synchronous operation. This signal is divided by two
internally, so the 80386 fundamental frequency is half the CLK2 signal frequency. For example, a
16-MHz 80386 requiresCLK2 signal of 32-MHz.
Data bus D31-DO(input, output).Either 8,16,24,or32bits of data can be transferred at once between
processor to /from memory & input output devices. The number of bits to be transferred is decided
by BE0# to BE3# pins
ByteEnableBE0#–BE3#(output),indicate which part of the32-bit data bus are carryingdata. If BE0#
is active then data is on D0–D7( byte)
IfBE1# is active then data is on D8–D15 ( byte) IfBE2# is active then data is on D16–D23(byte) If
BE3# is active then data is on D24–D31 ( byte)
IfBE0# & BE1# are active then data is on D16–D23 (16bits)
IfBE0#, BE1#, BE2#, BE3# are active then data is on D0 toD31 (32bits)
Address bus (A31-A2) ( output) , consists of 30 address pins but generates 32-bit addresses along
with byte-enable pins (BE3#-BE0#).(two address pins A0 and Al are replaced withfour byte enable
pins).Each byte-enable pin corresponds to one of four bytes of the 32-bit data bus.
A1 A0 BE# Data is on
0 0 BE0# is low ( active) D0–D7
0 1 BE1# is low ( active) D8–D15
1 0 BE2# is low ( active) D16–D23
1 1 BE3# is low ( active) D24–D31
Write/read (W/R#) (output)if low it indicates that CPU is reading from memory or input device. if
High , it indicates that CPU is writing to memory or output device
Data/control D/C#(output): tells whether data is being sent or received or control operation is
going on ( such as interrupt acknowledge, halt, and instruction fetching).
Memory/input output(M/IO#)(output):tells whether memory is being accessed or input/output
devices are being accessed
Address status(ADS#)(output):Indicates that a valid operation is being carried out on bus( D31-D0,
A31-A2, BE0 to BE3, M/IO, W/R , D/C are valid )
NEXT ADDRESS(NA#)(input)is used to request address pipelining. i.e. Sending address and status
signals for the next bus cycle during the current cycle
BUS SIZE16 (BS16#)(Input)allows the interfacing of 16 bit devices with the 32bit wide data bus of
80386.
HOLD(input)signal is generated by another bus master to request that the 80386 release the control
of the bus.
Maskable Interrupt (INTR) ( input)inputs cause the 80386 to interrupt its current program and
begin execution of an interrupt service routine. This Interrupt can be disabled by resetting the IF flag
in flag register
Non-Maskable Interrupt(NMI)(input)cause the 80386 to interrupt its current program and begin
execution of an interrupt service routine. This Interrupt cannot be disabled.
The 80386 can use either the 80287 orthe 80387 m a t h coprocessor.
BUSY signal from coprocessor tells processor that the coprocessor is busy. ERROR signal from
coprocessor tells processor that there is some error in executing instructions sent to it . PEREQ
allows the coprocessor to request data from the 80386.
Ready # ( input)It is used to match the speed of memory with that of processor . Till the processor
does not receive this signal from memory, the processor keeps on inserting wait states in a bus cycle
operation. When it is received from memory, the processor ends the current bus cycle.
LOCK#(output)tells other processors that the bus is locked and they are denied access to the system
bus while it is active.
RESET(input):stops any operation in progress and takes the 80386 in a reset state and it enters real
mode .
Memory Organization (Memory banks)
Memory is divided into 4 banks, each of 1GB locations, with each location storing8 bits.
Memory address 00000000H is in bank 0, next address 00000001H is in bank 1, address 00000002H
is in bank 2, and address 00000003H is in bank3& again address 00000004H is in bank 0 and so on.
The 80386 does not contain address pins A1 and A0 because these have been replaced as the bank
enable signals ( BE0 to BE3).
Bank selection is done by the bank enable signals BE3,BE2, BE1,and BE0. If a 32 bit number is to
be transferred, all four banks are selected;
If a 16-bit number is to be transferred, two banks (usually BE3 and BE2 or BE1 and BE0)are
selected;
If 8 bits are to be transferred, a single bank is selected (by sending low signal on corresponding BE
pin).
I/Oorganization
The 80386 allows two types of data transfer to input/output devices (ports):
• By means of a separate I/O address space (by using specific I/O instructions such as IN, OUT instructions)
Address Space
The 80386 provides a separate I/O address, apart from physical memory, that can be used to
address the input/output ports (or devices). The I/O address space consists of 2^(16) = (64K)
individually addressable 8-bit ports; any two consecutive 8-bit ports can be treated as a 16-bit
port; and four consecutive 8-bit ports can be treated as a 32-bit port. Thus, the I/O address space
can accommodate up to 64K 8-bit ports, up to 32K 16-bit ports, or up to 16K 32-bit ports.
In bus cycles, there are two options: pipelined and non-pipelined, which can be decided by the
NA# pin. If NA# pin is high, it is non-pipelined. If NA# pin is low, it is pipelined. Pipelined is
faster than non-pipelined.
Bus cycle consists of two states T1 and T2. During the entire bus cycle, the processor sends valid
address on A31-A2, BE0-BE3, and valid M/IO# (high for memory and low for IO), valid D/C# (for
data transfer it is high and for control operation it is low). During the write cycle, the W/R# pin is set
to high by the processor. And the processor sends data on the data bus to write to memory or device.
During the read cycle, the W/R# pin is set to low by the processor. And the processor reads data
from the data bus, which is sent by memory or device. BS16 decides whether data to be sent or
received is 16-bit or 32-bit. LOCK# is valid (low) so other processors (bus masters) cannot take
control of the bus during the bus cycle.
Write cycle with wait states
The processor checks the READY signal near the end of T2. If the READY pin is set high by an
external device, the processor simply stretches the T2 by maintaining the state with the same values
of all signals on pins. In other words, it inserts wait states as long as the READY signal is not made
low by external hardware. This is done to synchronize the speed of the processor with a slow
external device (memory or device).
Basic read cycle with timing diagram
In bus cycles, there are two options: pipelined and non-pipelined, which can be decided by the NA# pin. If the NA# pin is high, it is non-pipelined.
Pipelined is faster than non-pipelined. The bus cycle consists of two states, T1 and T2.
During the entire bus cycle, the processor sends valid address on A31-A2, BE0-BE3, and valid M/IO# (high for memory and low for IO), valid D/C#
(for data transfer, it is high, and for control operation, it is low).
During the read cycle, the W/R# pin is set to low by the processor. And the processor reads data from the Data bus, which is sent by memory or
device. BS16 decides whether data to be sent or received is 16-bit or 32-bit. LOCK# is valid (low), so other processors (bus masters) cannot take
control of the bus during the bus cycle.
The VM bit provides Virtual 8086 Mode within Protected Mode. If set to 1 while the Intel386 DX
is in Protected Mode, the Intel386 DX will switch to Virtual 8086 operation, i.e. behaves like
8086. But if the program contains privileged opcodes, it generates exception 13 faults. The VM bit
can be set only in Protected Mode, by the IRET instruction (if the current privilege level is 0) and
by task switches at any privilege level.
RF (Resume Flag)
The RF flag is used in with the debug register breakpoints. It is checked at instruction boundaries
before breakpoint processing. By setting it, you can selectively mask (disable) some exceptions
while you are debugging code. RF is then automatically reset at the successful completion of
every instruction (no faults are signaled) except the IRET instruction, the POPF instruction, (and
JMP, CALL, and INT instructions causing a task switch).
NT (Nested Task)
This flag applies to Protected Mode. NT is set to indicate that the execution of this task is nested
within another task. If set, it indicates that the current nested task’s Task State Segment (TSS) has
a valid back link to the previous task’s TSS. This bit is set or reset to control transfers to other
tasks.
This two-bit field applies to Protected Mode. It holds the privilege level, from 0 to 3, at which
your code must be running in order to execute any I/O-related instructions. Means if IOPL is set
as 10 (i.e. 2), the code should also have CPL 2, in order to execute IO-related instructions. If code
having CPL3 tries to execute IO instructions, it will cause exception 13 fault. (Level 0 is the most
privileged level and level 3 is the least privileged.) IOPL indicates the numerically maximum CPL
(current privilege level) value permitted to execute I/O instructions. POPF and IRET instruction
can alter the IOPL field when executed at CPL0.
A program can have at a time 6 segments. One for code (program), one for stack, and four for
holding data. Six 16-bit segment registers (CS, SS, DS, ES, GS, GS) hold selectors that store
information about current memory segments. Segment registers are shown in Figure.
In Protected Mode, each segment may have size from one byte up to the entire physical memory of 4
Gbytes (2^32 bytes).
In Real Address Mode, the maximum segment size is fixed at 64 Kbytes (2^16 bytes).
Control registers
The Intel386 DX has three control registers of 32 bits, CR0, CR2, and CR3, to hold machine state of
a global nature (not specific to an individual task). These registers, along with System Address
Registers, hold machine state that affects all tasks in the system. To access the Control Registers,
load and store instructions are used.
CR0:MachineControlRegister
CR0,shown in Figure, contains 6 bits for control and status purposes.
The low-order 16 bits of CR0 are also known as the Machine Status Word, MSW. LMSW and
SMSW instructions are for the Load and Store the lower 16 bits of CR0. New Intel386DX
operating systems should use the <MOV CR0, Reg> instruction for the Load and Store the lower
16 bits of CR0.
PG (Paging Enable)
The PG bit is set to enable the on-chip paging unit. When it is reset, it disables the on-chip paging
unit.
TS (Task Switched)
The processor sets this bit automatically every time it performs a task switch. It will never clear
this bit on its own; you can do so with the CLTS instruction.
EM (Emulate Coprocessor)
If this bit is set, then whenever 80386 fetches a floating-point instruction, it causes an exception
(because 80386 can't execute floating-point instructions). You can use this exception to emulate
floating-point operation by a program (instead of getting it executed by coprocessor) if you want.
MP (Monitor Coprocessor)
When this bit is set, the 80386 assumes that a floating-point coprocessor (80387) is attached to it.
PE (Protection Enable)
When PE = 0, 80386 works in real mode. When PE is set to 1, 80386 works in protected mode.
Changing PE from 1 to 0, to switch from protected mode to real mode, requires a longer sequence
of instructions.
CR1: reserved
CR1 is reserved for use in future Intel processors.
Debug registers
The six debug registers provide on-chip support for debugging. They can be accessed by
programmer.
80386 provides two other ways for debugging:
1. INT3 instruction
2. Setting trap flag in flags register
Debug Registers DR0 to DR3 specify the four linear breakpoints.
The Debug Control Register DR7 is used to set the breakpoints and
the Debug Status Register DR6, displays the current state of the breakpoints.
Each of these breakpoints is controlled by a set of four fields each (Li, Gi, LENi, RWi) (i=0 to 3).
The meaning is as follows:
L0, L1, L2, L3 (local enable)
When this bit is set, the breakpoint address in DR0/1/2/3 is monitored only for the current running
task.
G0, G1, G2, G3 (global enable)
When this bit is set, the breakpoint address in DR0/1/2/3 is monitored only for all tasks.
LEN0, LEN1, LEN2, LEN3 (length of breakpoint) (two bits for each LEN field)
LEN specifies the length of the associated breakpoint field.
00 1 byte
01 2 byte
10 Reserved
11 4 byte
RW(read/write)
When breakpoint address is matched during one of the following types of access, then breakpoint
fault (exception) occurs.
Eg. If RW is set to 00 for DR0 & if break point address in DR0 is matched with current linear
address (generated by80386 ) at which there is instruction, then break point fault ( exception) occurs.
Typeof access:
00 Instructionfetch
01 Datawritesonly
10 Reserved
11 Datareadsandwrites only
Test registers
There are two test registers: TR6 & TR7 (TR0 to TR5 are not available to the programmer). These
are used for testing the TLB (translation lookaside buffer) which is used in memory management.
TR6 is used to set conditions for testing TLB and to start testing. TR7 returns the result (status) of
TLB testing.
TLB can store details about 32 pages in physical memory. Each entry holds a 20-bit linear
address, the 20-bit physical address to which it is mapped, and four tag bits. The tag bits are
defined as follows:
V (Valid): When set, the V bit indicates that this entry (about that page) is valid. If this bit is clear,
this entry is not valid.
D (Dirty): when this bit is set, it indicates that the page it points to has been modified by the
program.
U (user): when this bit is set, it indicates that the page it points to is user accessible. If it is clear, it
means the page is accessible only by supervisor program (having privilege level = 0).
W (writable): when this bit is set, it indicates that the page it points to is writable (program can
write into that page).
C (command bit): when C=1, the processor performs a write to the TLB. When C=0, the processor
performs a TLB lookup (reading of TLB).
TR7:
RP (replacement pointer): This field indicates which set of the TLB’s four-way set-associative
cache to write to.
PL (or H) (hit): PL has two roles. During TLB lookup, the PL bit indicates whether the lookup
was a hit (PL gets set to 1) or a miss (PL gets reset to 0). During TLB writes, it determines how
cache sets are selected. PL=1 causes the REP field of TR7 to select which off four associative
blocks of the TLB is to be written, and PL=0 allows to select which TLB block is written. If this
bit is set, the RP field determines which cache set to write to. If it is cleared, the set is determined
with an internal algorithm. Physical address, this field contains either the physical address to be
written into the TLB or the results of a valid TLB hit.
System Instructions
Also called as Protection Mode instruction. These are used only in operating system software;
they are not used in application programs.
SGDT Store global descriptor table register copies the contents of the descriptor table register
(total six bytes) in the memory. The address of the memory is specified in the instruction. eg
SGDT mem
LGDT Load Global Descriptor Table Register loads a linear base address and limit value from a
six-byte data operand in memory into the GDTR.
SIDT Store interrupt descriptor table register copies the contents of the interrupt descriptor table
register (total six bytes) in the memory. The address of the memory is specified in the instruction.
eg SIDT mem
LIDT load interrupt descriptor table register loads a linear base address and limit value from a six-
byte data operand in memory into the IDTR.
SLDT Store Local Descriptor Table Register SLDT stores the Local Descriptor Table Register
(LDTR) in the two-byte register or memory location. Eg SLDT BX
LLDT Load Local Descriptor Table Register loads the Local Descriptor Table register (LDTR).
The word operand (memory or register) to LLDT should contain a selector to the Global
Descriptor Table (GDT). The GDT entry should be a Local Descriptor Table. If so, then the
LDTR is loaded from the entry.
STR store task register The contents of the task register are copied to the two-byte register or
memory location Eg STR mem STR CX
LTR Load Task Register loads the task register from the source register or memory location
specified by the operand Eg LTR mem
LAR Load the access rights Loads the access rights from the segment descriptor specified by the
second operand (source operand) into the first operand (destination operand) and sets the ZF flag
in the flag register. The source operand (which can be a register or a memory location) contains
the segment selector for the segment descriptor being accessed. The destination operand is a
general-purpose register. Eg LAR BX, mem
LSL Loads segment limit Loads the unscrambled segment limit from the segment descriptor
specified with the second operand (source operand) into the first operand (destination operand)
and sets the ZF flag in the FLAGS register. The source operand (which can be a register or a
memory location) contains the segment selector for the segment descriptor being accessed. The
destination operand is a general-purpose register. eg. LSL AX, mem
VERR/VERW Verify a Segment for Reading Verifies whether the code or data segment specified
with the source operand is readable (VERR) from the current privilege level (CPL). The source
operand is a 16-bit register or a memory location that contains the segment selector for the
segment to be verified. If the segment is accessible and readable (VERR) the ZF flag is set;
otherwise, the ZF flag is cleared. Eg VERR reg/mem
VERW Verify a Segment for Writing Verifies whether the code or data segment specified with
the source operand is writable (VERW) from the current privilege level (CPL). The source
operand is a 16-bit register or a memory location that contains the segment selector for the
segment to be verified. If the segment is accessible and writable (VERW), the ZF flag is set;
otherwise, the ZF flag is cleared. Eg VERW reg/mem
ARPL (Adjust requested privilege level) This instruction is used to modify a selector’s privilege
level. It can only change from higher privilege level to lower privilege level. PL are from 0 to 3
where 0 is the highest PL and 3 is the lowest PL. If the RPL of the destination operand is
numerically less (higher privilege level) than that of the source operand, the destination selector’s
RPL is changed to match that of the source operand, and ZF is set to 1. If the destination operand
is numerically higher (less privileged), then it is not modified and ZF is set to 0. Eg ARPL AX,
BX If selector in AX has PL=1 and selector in BX has PL=2, then PL of selector in AX is
changed to 2 and zero flag is set to 1.
SMSW Store Machine Status Word stores the machine status word (part of CR0) in the two-byte
register (16-bit) or memory location. Eg SMSW REG16/mem
LMSW Load Machine Status Word loads the machine status word (part of CR0) from the source
operand. This instruction can be used to switch to Protected Mode; if so, it must be followed by an
intrasegment jump to flush (clear) the instruction queue. LMSW will not switch back to Real
Address Mode. Eg LMSW reg/mem
HLT (HALT)
This instruction stops the processor. The processor will not execute any instruction until the
processor is brought out of the halt state either by a signal on the reset pin or on the interrupt pin. In
case of Reset, the processor will resume from real mode again. Whereas in case of an interrupt, after
the interrupt service routine is completed, the execution will resume at the instruction after the HLT
instruction. The HLT instruction is a privileged instruction. When the processor is running in
protected or virtual-8086 mode, the privilege level of a program or procedure must be 0 to execute
the HLT instruction.
It is a Prefix to an instruction. When an instruction has this LOCK prefix, the 80386 makes LOCK
signal low. This makes the system bus locked. So that other bus masters (processors) in the system
cannot take control of the system bus. In a multiprocessor environment, the LOCK# signal ensures
that the processor has exclusive use of any shared memory while the signal is asserted (active). The
LOCK prefix functions only with the following instructions: BT, BTS, BTR, BTC, XCHG, ADD,
OR, ADC, SBB, AND, SUB, XOR, NOT, NEG, INC, DEC
ESC (Escape)
The processor cannot execute the instructions meant to be executed by the coprocessor. So such
instructions have escape code in them (first five bits of the coprocessor instruction are 11011). The
ESC pattern tells the 80386 to send the opcode and addresses of operands to the math coprocessor,
which then performs these operations.