Upload
api-3811113
View
141
Download
0
Tags:
Embed Size (px)
Citation preview
JTYHCEIE3112002CSF_ch2ppt page 1
Module2
SyllabusMicroprocessor architecture Real mode and
protected mode memory addressing - Memory paging - Addressing modes - Data addressing - Program memory addressing - Stack memory addressing - Data movement instructions - Arithmetic and logic instructions - Program control instructions - Programming the microprocessor modular programming - Using keyboard and display - Data conversions - disk files - interrupt hooks
JTYHCEIE3112002CSF_ch2ppt page 2
Internal microprocessor architecture
Before a program is written or any instruction investigated the internal configuration of the microprocessor must be known
The programming model of the 8086 through the Pentium Pro is considered program visible because its registers are used during programming and specified by the instructions
Registers which can not be addressable directly during applications programming but may be used indirectly during system programming are considered program invisible
JTYHCEIE3112002CSF_ch2ppt page 3
Internal microprocessor architecture
Figure 21 illustrates the programming model of the 8086 through the Pentium II microprocessor
Some registers are general-purpose or multipurpose registers while some have special purposes
JTYHCEIE3112002CSF_ch2ppt page 4
Registers
bull 16 program visible registersndash 7 multipurpose registersbull EAX EBX ECX EDXbull EBP EDI ESIndash 3 special-purpose registersbull EIPbull ESPbull EFLAGSndash 6 segment registersbull CS DS ES SS FS GSbull program invisible registersndash control and operate the protected
JTYHCEIE3112002CSF_ch2ppt page 5
Registers
Registers hold various data sizes (bytes words or doublewords) and are used for almost any purpose as dictated by a program
Multipurpose Registers Special-purpose Registers Segment Registers
JTYHCEIE3112002CSF_ch2ppt page 6
Flags
bullThree typesndash status flagndash control flagndash system flag
JTYHCEIE3112002CSF_ch2ppt page 7
Flag register
JTYHCEIE3112002CSF_ch2ppt page 8
Real mode memory addressing
Two operating modes ndash Real and Protected Real mode operation allows the microprocessor to
address only the first 1M byte of memory space - even the Pentium microprocessor
The first 1M byte of memory is called either the real memory or conventional memory system
Dos- requires real mode Real mode allows upward compatibility Ie it operation
allows application software written for the 80888086 which contain only 1M byte of memory to function in the 80286 and above without changing the software
In all cases each of these microprocessors begins operation in the real mode by default whenever power is applied or the microprocessor is reset
JTYHCEIE3112002CSF_ch2ppt page 9
Segments and offsets A combination of a segment address and an offset
address access a memory location in the real mode The segment address located within one of the
segment registers defines the beginning address of any 64K-byte memory segment
The offset address selects any location within the 64K-byte memory segment
Segments in the real mode have 64K bytes Offset also called displacement Each segment register is internally appended with a 0H
on its right end to form a 20 bit memory address Figure 23 Table 21
JTYHCEIE3112002CSF_ch2ppt page 10
Figure 23 The real mode memory-addressing scheme using a segment address plus an offset
Figure 23 Real Mode Memory
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 2
Internal microprocessor architecture
Before a program is written or any instruction investigated the internal configuration of the microprocessor must be known
The programming model of the 8086 through the Pentium Pro is considered program visible because its registers are used during programming and specified by the instructions
Registers which can not be addressable directly during applications programming but may be used indirectly during system programming are considered program invisible
JTYHCEIE3112002CSF_ch2ppt page 3
Internal microprocessor architecture
Figure 21 illustrates the programming model of the 8086 through the Pentium II microprocessor
Some registers are general-purpose or multipurpose registers while some have special purposes
JTYHCEIE3112002CSF_ch2ppt page 4
Registers
bull 16 program visible registersndash 7 multipurpose registersbull EAX EBX ECX EDXbull EBP EDI ESIndash 3 special-purpose registersbull EIPbull ESPbull EFLAGSndash 6 segment registersbull CS DS ES SS FS GSbull program invisible registersndash control and operate the protected
JTYHCEIE3112002CSF_ch2ppt page 5
Registers
Registers hold various data sizes (bytes words or doublewords) and are used for almost any purpose as dictated by a program
Multipurpose Registers Special-purpose Registers Segment Registers
JTYHCEIE3112002CSF_ch2ppt page 6
Flags
bullThree typesndash status flagndash control flagndash system flag
JTYHCEIE3112002CSF_ch2ppt page 7
Flag register
JTYHCEIE3112002CSF_ch2ppt page 8
Real mode memory addressing
Two operating modes ndash Real and Protected Real mode operation allows the microprocessor to
address only the first 1M byte of memory space - even the Pentium microprocessor
The first 1M byte of memory is called either the real memory or conventional memory system
Dos- requires real mode Real mode allows upward compatibility Ie it operation
allows application software written for the 80888086 which contain only 1M byte of memory to function in the 80286 and above without changing the software
In all cases each of these microprocessors begins operation in the real mode by default whenever power is applied or the microprocessor is reset
JTYHCEIE3112002CSF_ch2ppt page 9
Segments and offsets A combination of a segment address and an offset
address access a memory location in the real mode The segment address located within one of the
segment registers defines the beginning address of any 64K-byte memory segment
The offset address selects any location within the 64K-byte memory segment
Segments in the real mode have 64K bytes Offset also called displacement Each segment register is internally appended with a 0H
on its right end to form a 20 bit memory address Figure 23 Table 21
JTYHCEIE3112002CSF_ch2ppt page 10
Figure 23 The real mode memory-addressing scheme using a segment address plus an offset
Figure 23 Real Mode Memory
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 3
Internal microprocessor architecture
Figure 21 illustrates the programming model of the 8086 through the Pentium II microprocessor
Some registers are general-purpose or multipurpose registers while some have special purposes
JTYHCEIE3112002CSF_ch2ppt page 4
Registers
bull 16 program visible registersndash 7 multipurpose registersbull EAX EBX ECX EDXbull EBP EDI ESIndash 3 special-purpose registersbull EIPbull ESPbull EFLAGSndash 6 segment registersbull CS DS ES SS FS GSbull program invisible registersndash control and operate the protected
JTYHCEIE3112002CSF_ch2ppt page 5
Registers
Registers hold various data sizes (bytes words or doublewords) and are used for almost any purpose as dictated by a program
Multipurpose Registers Special-purpose Registers Segment Registers
JTYHCEIE3112002CSF_ch2ppt page 6
Flags
bullThree typesndash status flagndash control flagndash system flag
JTYHCEIE3112002CSF_ch2ppt page 7
Flag register
JTYHCEIE3112002CSF_ch2ppt page 8
Real mode memory addressing
Two operating modes ndash Real and Protected Real mode operation allows the microprocessor to
address only the first 1M byte of memory space - even the Pentium microprocessor
The first 1M byte of memory is called either the real memory or conventional memory system
Dos- requires real mode Real mode allows upward compatibility Ie it operation
allows application software written for the 80888086 which contain only 1M byte of memory to function in the 80286 and above without changing the software
In all cases each of these microprocessors begins operation in the real mode by default whenever power is applied or the microprocessor is reset
JTYHCEIE3112002CSF_ch2ppt page 9
Segments and offsets A combination of a segment address and an offset
address access a memory location in the real mode The segment address located within one of the
segment registers defines the beginning address of any 64K-byte memory segment
The offset address selects any location within the 64K-byte memory segment
Segments in the real mode have 64K bytes Offset also called displacement Each segment register is internally appended with a 0H
on its right end to form a 20 bit memory address Figure 23 Table 21
JTYHCEIE3112002CSF_ch2ppt page 10
Figure 23 The real mode memory-addressing scheme using a segment address plus an offset
Figure 23 Real Mode Memory
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 4
Registers
bull 16 program visible registersndash 7 multipurpose registersbull EAX EBX ECX EDXbull EBP EDI ESIndash 3 special-purpose registersbull EIPbull ESPbull EFLAGSndash 6 segment registersbull CS DS ES SS FS GSbull program invisible registersndash control and operate the protected
JTYHCEIE3112002CSF_ch2ppt page 5
Registers
Registers hold various data sizes (bytes words or doublewords) and are used for almost any purpose as dictated by a program
Multipurpose Registers Special-purpose Registers Segment Registers
JTYHCEIE3112002CSF_ch2ppt page 6
Flags
bullThree typesndash status flagndash control flagndash system flag
JTYHCEIE3112002CSF_ch2ppt page 7
Flag register
JTYHCEIE3112002CSF_ch2ppt page 8
Real mode memory addressing
Two operating modes ndash Real and Protected Real mode operation allows the microprocessor to
address only the first 1M byte of memory space - even the Pentium microprocessor
The first 1M byte of memory is called either the real memory or conventional memory system
Dos- requires real mode Real mode allows upward compatibility Ie it operation
allows application software written for the 80888086 which contain only 1M byte of memory to function in the 80286 and above without changing the software
In all cases each of these microprocessors begins operation in the real mode by default whenever power is applied or the microprocessor is reset
JTYHCEIE3112002CSF_ch2ppt page 9
Segments and offsets A combination of a segment address and an offset
address access a memory location in the real mode The segment address located within one of the
segment registers defines the beginning address of any 64K-byte memory segment
The offset address selects any location within the 64K-byte memory segment
Segments in the real mode have 64K bytes Offset also called displacement Each segment register is internally appended with a 0H
on its right end to form a 20 bit memory address Figure 23 Table 21
JTYHCEIE3112002CSF_ch2ppt page 10
Figure 23 The real mode memory-addressing scheme using a segment address plus an offset
Figure 23 Real Mode Memory
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 5
Registers
Registers hold various data sizes (bytes words or doublewords) and are used for almost any purpose as dictated by a program
Multipurpose Registers Special-purpose Registers Segment Registers
JTYHCEIE3112002CSF_ch2ppt page 6
Flags
bullThree typesndash status flagndash control flagndash system flag
JTYHCEIE3112002CSF_ch2ppt page 7
Flag register
JTYHCEIE3112002CSF_ch2ppt page 8
Real mode memory addressing
Two operating modes ndash Real and Protected Real mode operation allows the microprocessor to
address only the first 1M byte of memory space - even the Pentium microprocessor
The first 1M byte of memory is called either the real memory or conventional memory system
Dos- requires real mode Real mode allows upward compatibility Ie it operation
allows application software written for the 80888086 which contain only 1M byte of memory to function in the 80286 and above without changing the software
In all cases each of these microprocessors begins operation in the real mode by default whenever power is applied or the microprocessor is reset
JTYHCEIE3112002CSF_ch2ppt page 9
Segments and offsets A combination of a segment address and an offset
address access a memory location in the real mode The segment address located within one of the
segment registers defines the beginning address of any 64K-byte memory segment
The offset address selects any location within the 64K-byte memory segment
Segments in the real mode have 64K bytes Offset also called displacement Each segment register is internally appended with a 0H
on its right end to form a 20 bit memory address Figure 23 Table 21
JTYHCEIE3112002CSF_ch2ppt page 10
Figure 23 The real mode memory-addressing scheme using a segment address plus an offset
Figure 23 Real Mode Memory
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 6
Flags
bullThree typesndash status flagndash control flagndash system flag
JTYHCEIE3112002CSF_ch2ppt page 7
Flag register
JTYHCEIE3112002CSF_ch2ppt page 8
Real mode memory addressing
Two operating modes ndash Real and Protected Real mode operation allows the microprocessor to
address only the first 1M byte of memory space - even the Pentium microprocessor
The first 1M byte of memory is called either the real memory or conventional memory system
Dos- requires real mode Real mode allows upward compatibility Ie it operation
allows application software written for the 80888086 which contain only 1M byte of memory to function in the 80286 and above without changing the software
In all cases each of these microprocessors begins operation in the real mode by default whenever power is applied or the microprocessor is reset
JTYHCEIE3112002CSF_ch2ppt page 9
Segments and offsets A combination of a segment address and an offset
address access a memory location in the real mode The segment address located within one of the
segment registers defines the beginning address of any 64K-byte memory segment
The offset address selects any location within the 64K-byte memory segment
Segments in the real mode have 64K bytes Offset also called displacement Each segment register is internally appended with a 0H
on its right end to form a 20 bit memory address Figure 23 Table 21
JTYHCEIE3112002CSF_ch2ppt page 10
Figure 23 The real mode memory-addressing scheme using a segment address plus an offset
Figure 23 Real Mode Memory
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 7
Flag register
JTYHCEIE3112002CSF_ch2ppt page 8
Real mode memory addressing
Two operating modes ndash Real and Protected Real mode operation allows the microprocessor to
address only the first 1M byte of memory space - even the Pentium microprocessor
The first 1M byte of memory is called either the real memory or conventional memory system
Dos- requires real mode Real mode allows upward compatibility Ie it operation
allows application software written for the 80888086 which contain only 1M byte of memory to function in the 80286 and above without changing the software
In all cases each of these microprocessors begins operation in the real mode by default whenever power is applied or the microprocessor is reset
JTYHCEIE3112002CSF_ch2ppt page 9
Segments and offsets A combination of a segment address and an offset
address access a memory location in the real mode The segment address located within one of the
segment registers defines the beginning address of any 64K-byte memory segment
The offset address selects any location within the 64K-byte memory segment
Segments in the real mode have 64K bytes Offset also called displacement Each segment register is internally appended with a 0H
on its right end to form a 20 bit memory address Figure 23 Table 21
JTYHCEIE3112002CSF_ch2ppt page 10
Figure 23 The real mode memory-addressing scheme using a segment address plus an offset
Figure 23 Real Mode Memory
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 8
Real mode memory addressing
Two operating modes ndash Real and Protected Real mode operation allows the microprocessor to
address only the first 1M byte of memory space - even the Pentium microprocessor
The first 1M byte of memory is called either the real memory or conventional memory system
Dos- requires real mode Real mode allows upward compatibility Ie it operation
allows application software written for the 80888086 which contain only 1M byte of memory to function in the 80286 and above without changing the software
In all cases each of these microprocessors begins operation in the real mode by default whenever power is applied or the microprocessor is reset
JTYHCEIE3112002CSF_ch2ppt page 9
Segments and offsets A combination of a segment address and an offset
address access a memory location in the real mode The segment address located within one of the
segment registers defines the beginning address of any 64K-byte memory segment
The offset address selects any location within the 64K-byte memory segment
Segments in the real mode have 64K bytes Offset also called displacement Each segment register is internally appended with a 0H
on its right end to form a 20 bit memory address Figure 23 Table 21
JTYHCEIE3112002CSF_ch2ppt page 10
Figure 23 The real mode memory-addressing scheme using a segment address plus an offset
Figure 23 Real Mode Memory
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 9
Segments and offsets A combination of a segment address and an offset
address access a memory location in the real mode The segment address located within one of the
segment registers defines the beginning address of any 64K-byte memory segment
The offset address selects any location within the 64K-byte memory segment
Segments in the real mode have 64K bytes Offset also called displacement Each segment register is internally appended with a 0H
on its right end to form a 20 bit memory address Figure 23 Table 21
JTYHCEIE3112002CSF_ch2ppt page 10
Figure 23 The real mode memory-addressing scheme using a segment address plus an offset
Figure 23 Real Mode Memory
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 10
Figure 23 The real mode memory-addressing scheme using a segment address plus an offset
Figure 23 Real Mode Memory
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 11
A 20-bit real mode address allows one to access the start of a segment at any 16-byte boundary within the first 1M byte of memory
Any real mode segments can only begin at a 16-byte boundary in the memory system and this boundary is often called a paragraph
The ending address of a segment is starting address + FFFFH
The offset is always added to the starting address of the segment
Offset can be calculated form more than one register and an of set value
In the 80286 (with special external circuitry) and the 80386 through the Pentium Pro an extra 64K minus 16 bytes of memory is addressable when the segment address is FFFFH and the HIMEMSYS driver is installed in the system
This area of memory (0FFFF0H-10FFEFH) is referred to as high memory
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 12
Table 21 Example segment addresses
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 13
Default segment and offset registers
The microprocessors has a set of rules that apply to segments whenever memory is addressed
These rules which apply in either the real or protected mode define the segment register and offset register combination used by certain addressing modes
Table 22
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 14
Table 22 8086-80486 and Pentium-Pentium II default 16-bit segment and offset address combinations
Table 22 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 15
Table 23 80386 80486 Pentium Pentium Pro and Pentium II default 32-bit segment and offset address combinations
Table 23 Default Segment and Offset Registers
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 16
Default segment and offset registers
The code segment register defines the start of the code segment and the instruction pointer locates the next instruction within the code segment
Stack data are references through the stack segment at the memory location addressed by either the stack pointer (SPESP) or the base pointer (BPEBP)
Table 23
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 17
Default segment and offset registers
One can think of segments as windows that can be moved over any area of memory to access data and code
A program can have a lot of segments but can only access four (in 8086-80286) or six (in 80386 and above) segments at a time
Memory segments can touch or even overlap if 64k memory is not required for a segment
In Dos the program is loaded by the program loader in the TPA (Transient program area) at the first available area and it is indicated by a free pointer maintained by Dos
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 18
Figure 24 A
Memory System
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 19
Figure 25 An application program containing a code data and stack segment loaded into a DOS system memory
Figure 25 DOS system
memory
The segment show an overlap
because the amount of data in
them does not require 64K
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 20
Relocation Segment and offset addressing scheme allows
relocation Relocation allows the program function in real
mode to operate in protected mode systems A relocatable program is one that can be placed
into any area of memory and executed without change
Relocatable data are data that can be placed in any area of memory and used without any change to the program
The seg+off Addressing scheme allows relocation with out changing a thing in the program or data
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 21
Protected Mode Memory Addressing
ndash access above 1MB of memory (80286 and above)ndash offset address still used to access information located
withinthe memory segmentbull 80286 16-bitbull 80386 and above 32-bit (232 = 4G)ndash segment register contains a selector that selects a
descriptor from a descriptor tablebull descriptor describing the memory segmentrsquos location
length and access rightsndash protected mode instructions are identical to real modeinstructions - programs written to function in the real mode willfunction without change in the protected mode
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 22
Selectors and Descriptors
bull Two descriptor tables 8192 descriptors each ndashglobal descriptor table (GDT)
bull system descriptors contain segment definitions that apply to all programs
bull GDT register (GDTR) contains the linear address of the base of the GDT
ndashlocal descriptor table (LDT)bull application descriptors are usually unique to an
applicationbull LDT register (LDTR) contains the linear address of
the base of the LDT
bullDescriptor ndashdescribing location length and access rights of the segment ndash8 bytes in length 8192 8 = 64KB per descriptor table ndashdescriptor 0 is called null descriptor and may not be usedbullSelector located in the segment register ndashselects one of 8192 descriptors from one of two descriptor
tablesndash81922 memory segments described for each applications
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 23
Descriptor Format
bull base address starting location of memory segment ndash 80286 24-bit (224=16MB) ndash 80386 or above 32-bit (232=4GB) ndash begin at any location no paragraph boundary
limitationbull segment limit last offset address in a segment ndash ie base=F00000H and limit=FFH F00000 ~
F000FFH ndash 80286 16-bit (216=64KB) ndash 80386 or above 20-bit (220=1M 1MB or
1M4KBpage=4GB)
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 24
Descriptors of 80386-P4bullG (granularity) bitndash (0) limit of 00000H to FFFFFH (1) multiplied by 4Kbull AV (available) bit whether the segment is availablebullD bit how instructions access registermemory datandash (0) 16-bit instruction (1) 32-bit instructionExp 1Base3=Start=10000000HG=0End=Base+limit = 10000000H+001FFH=100001FFHExp 2Base3=Start=10000000HG=1End=Base+limit =
10000000H+001FFXXXH=101FFFFFH
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 25
The access rights byte for the80286 through Pentium 4
descriptor
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 26
Format of Segment Register
bullTI (Table Index) bit GDT or LDTbullRPL (Requested Privilege Levels) bitsndash 00 is the highest and 11 is the lowestndash access is granted if the RPL matches or is higher in prioritythan the DPL set by the access rights bytendash privilege violation is indicated if the privilege level is violated
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 27
Using the DS register to select adescriptor from the global descriptor table
bullBase= 0010 0000H bullLimit= 000FFH bullAccess rights (92H=1001
0010) P=1 valid DPL=00 privilege level S=1 code or data segment E=0 data segment ED=0 expand upward
(data) W=1 writable A=0 not accessed yet bullDS=0008H Selector=1 TI=0 GDT RPL=00 privilege level
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 28
The are not directly addressed by software these registers control the microprocessor when operated in the protected
Each segment registers contains aprogram invisible portion often called cache memory
These cache is loaded with base address limit access rights each time the number in the segment register is changed
This allows repeatedly access a memory segment with out referring the Descriptor table each time
GDTR and IDTR (interrupt descriptor table register) contains the base address of the descriptor table and its limit and are initialized before using the protected mode
LDTR is loaded with a selector with in GDT ie one of the global descriptor is set up to address LDT
Program-Invisible Registers
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 29
Program-Invisible Registers
bullTR (task register) holds a selector which accesses a descriptor that defines a task
- The descriptor for the application program is stored in the GDT
- task switch in about 17μs
- Task switch allows micro processor to switch between tasks (Multitasking)
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 30
Memory Pagingbull Memory paging mechanism
ndash 80386 and abovendash Any physical memory location can be assigned to any linearAddress- Linear address means address generated by a programndash 4KB-page boundary (or 4MB-page boundary in Pentium)
bull Advantagesndash A linear address is invisibly translated into a physical addressndash Allows memory to be placed into areas where no memory exists
bull Paging mechanism can be used in both real and protected modesbull EMM386EXE reassign extended memory in 4K blocks to
thesystem memory between video BIOS and the system BIOS
ROMS for upper memory blocks
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 31
Paging Registers Paging unit is controlled by the mprsquos control registersPaging Control Registers (CR0-CR4)bull CR0-CR3 ndash 80386 and abovebull CR4 only for Pentium and above (support 4MB paging)
ndash The page directory contains 1024 directory entries of 4 bytes eachbull CR0
PG 1 if paging is enabled if 0 the linear address becomes the physical address
bull CR3Page directory base address locates page directory for the page
translation unit at any 4KB boundaryThe pagedirector contains 1024 entriesof 4 byte each and each
addresses a page table that contains 1024 entries
PCD 1 PCD (page level cache disabled) pin of MP becomes one indicates during bus cycle that are not pages(for controlling L2 cache)
PWT 1 PWT(page level write transparent) pin of MP becomes high indicates during bus cycle that are not pages(for controlling write through cache)
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 32
Control register structure
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 33
Linear Address Format
1048698 Page directory entry leftmost 10 bits (4 M bytes in size) eg linear addresses 0000 0000H to 003F FFFFH address 1st page (page 0)
1048698 Page table entry contains the next 10 bits (4 K byte range) after the page directory entry eg 0000 0000H to 0000 0FFFH refer to both directory and table equal 0
1048698 Page offset address selects a byte in the 4K byte memory page
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry
JTYHCEIE3112002CSF_ch2ppt page 34
TLB ndash (translation look-aside buffer)1048698 TLB is a dedicated cache (queue) structure to
hold the 32 most recent page directory and table entries
1048698 Pentium+ processors have TLBs for each data and instruction caches
A page table or page directory entry