Register organization of 80386 - Department of Information Technology

1
REGISTER ORGANIZATION OF 80386
Prof. Bhavana Kanawade Department of Information
Technology, I²IT
2

• REGISTER ORGANIZATION OF 80386DX
• 80386DX register set includes following
  categories
• General Purpose Registers
• Segment Registers
• Instruction Pointer and Flags
• Control Registers
• System Address Registers
• Debug Registers
• Test Registers

3

• AGeneral Purpose Registers
• 80386DX has an eight 32-bit general purpose
  registers named as EAX, EBX, ECX, EDX, ESI, EDI,
  EBP and ESP.
• It is used to hold instruction operand.
• Operand may be a data or address.
• The lower 16 bits of the 32-bit registers can be
  accessed separately. This is done by using the
  16-bit names of the registers AX, BX, CX, DX,
  SI, DI, BP and SP.
• When accessed as a 16-bit operand, the upper 16
  bits of the register are neither used nor
  changed.
• Finally 8-bit operations can individually access
  the lowest byte (i.e. bits 0 to 7) and the higher
  byte (i.e. bits 8 to 15) of general purpose
  registers AX, BX, CX and DX.
• The lowest bytes are named AL, BL, CL and DL
  (each of 8-bit) respectively.
• The higher bytes are named AH, BH, CH and DH
  (each of 8-bit) respectively.

4
Fig 80386 general registers and instruction
pointer
5

• B) Instruction Pointer
• The instruction pointer is a 32-bit register
  named EIP.
• EIP holds the offset of the next instruction to
  be executed.
• The offset is always relative to the base of the
  code segment (CS).
• The lower 16 bits (bits 0 to 15) of EIP contain
  the 16-bit instruction pointer named IP, which is
  used for 16-bit addressing.
•  
•  
•  

6

• B) Flags Register
• 80386DX has a 32-bit Flags Register named EFLAGS.
  
• The defined bit fields within EFLAGS are shown in
  Figure below,
• It is used to control certain operations of
  80386DX and to indicate the status of the 80386
  DX.
• It contains information about
• the result of the recent arithmetic or logical
  operation
• the state of the processor
• the state of the current task
• The lower 16 bits (bit 0 to 15) of EFLAGS contain
  the 16-bit flag register named FLAGS, which is
  most useful when executing 8086 and 80286 code.

7
Fig Flag Register
8

• VM (Virtual 8086 Mode, bit 17)
• The VM bit provides virtual 8086 mode within
  protected mode.
• If it is set in protected mode, the 80386DX will
  switch to virtual 8086 operation.
• The VM bit can be set only in protected mode.
•  
• RF (Resume Flag, bit 16)
• The RF flag is used with the debug register
  breakpoints.
• A breakpoint is a special marker that tells the
  debugger to stop execution of the program at the
  breakpoint when running in debug mode.
• It is checked at the starting of every
  instruction cycle. By setting RF to 1, a
  potential breakpoint on the next instruction will
  be ignored.
• The RF is automatically reset after successful
  execution of every instruction.
•  

9

• NT (Nested Task, bit 14)
• This flag applies to Protected Mode.
• NT is set to indicate that the execution of this
  task is nested within another task.
• If set, it indicates that the current nested
  task's Task State Segment (TSS) has a valid back
  link to the previous task's TSS.
• IOPL (Input/output Privilege Level, bits 12-13)
• These two-bit fields are used in protected mode
  to generate four levels of security from 0 to 3
  at which your code must be running in order to
  execute any I/O related instructions.
• IOPL indicates the maximum current privilege
  level value(CPL) permitted to execute I/O
  instructions without generating exceptions.
• The IOPL field in the EFLAGS register defines the
  right to use I/O-related instructions.
• CPLltIOPL

10
(No Transcript)
11

• OF (Overflow Flag, bit 11)
• OF is set if the operation resulted in a signed
  overflow.
• DF (Direction Flag, bit 10)
• DF defines whether ESI and/or EDI registers
  post-increment or post-decrement during string
  instructions.
• Post-increments occurs if DF is reset.
• Post-decrement occurs if DF is set.
•  IF (INTR Enable Flag, bit 9)
• If IF is set, it allows recognition of external
  interrupts signaled on the INTR pin.
• If IF is reset, external interrupts signaled on
  the INTR are not recognized.

12

• TF (Trap Enable Flag, bit 8)
• These flags are useful when debugging programs.
• By setting TF to 1, the processor is forced to
  operate in single step mode in which an internal
  exception 1 is generated after every instruction.
   
• SF (Sign Flag, bit 7)
• SF is set if the high-order bit of the result is
  set, it is reset otherwise.
• ZF (Zero Flag, bit 6)
• ZF is set if all bits of the result are 0.
  Otherwise it is reset.

13

• AF (Auxiliary Carry Flag, bit 4)
• The Auxiliary Flag is used to simplify the
  addition and subtraction of packed BCD
  quantities.
• AF is set if operation resulted in a carry out of
  bit 3.
• Otherwise AF is reset.
•  
• PF (Parity Flags, bit 2)
• PF is set if the low-order eight bits of the
  operation contains an even number of 1's (even
  parity). PF is reset if the low-order eight bits
  have odd parity.
•  
• CF (Carry Flag, bit 0)
• CF is set if the operation resulted in a carry
  out of (addition), or a borrow into (subtraction)
  the high-order bit. Otherwise CF is reset.

14

• C) Segment Registers
• There are six 16-bit segment registers named as
  CS, DS, ES, SS, FS, GS.
• In real mode they contain the base address of a
  segment
• CS base address of the code segment
• SS base address of the stack segment
• DS base address of the data segment
• ES, FS, GS base address of other data segments
• Six 16 bit segment registers hold segment
  selector values identifying the currently
  addressable memory segments.
• In protected mode, each segment may range in size
  from one byte up to 4 GB.
• In real address mode, the maximum segment size is
  fixed at 64 KB.

15
(No Transcript)
16

• D) Control Registers
• The 80386 DX has three control registers of 32
  bits, CR0, CR2 and CR3, to hold machine state of
  a global nature (not specific to an individual
  task).
• These registers hold machine state that affects
  all tasks in the system. To access the Control
  Registers, load and store instructions are
  defined.
• CR0 Machine Control Register (includes 80286
  Machine Status Word)
• CR0, shown in Figure, contains 6 defined bits for
  control and status purposes.
• The low-order 16 bits of CR0 are also known as
  the Machine Status Word, MSW, for compatibility
  with 80286 Protected Mode.

17
Fig CR0 (Control Register 0)
18

• CR0 bits are described below
• PG (Paging Enable, bit 31)
• The PG bit is set to enable the paging unit. It
  is reset to disable the on-chip paging unit.
•  
• R (reserved, bit 4)
• This bit is reserved by Intel. When loading CR0
  care should be taken to not alter the value of
  this bit.
•  
• TS (Task Switched, bit 3)
• TS bit is set automatically every time by
  processor whenever a task switch operation is
  performed. It will never clear this bit on its
  own. Programmer can clear this bit using CLTS
  instruction.
•  

19

• EM (Emulate Coprocessor, bit 2)
• This bit is set to cause all coprocessor opcodes
  to generate a coprocessor not available fault
  (exception 7). It is reset to allow coprocessor
  opcodes to be executed on an actual intel387DX
  coprocessor.
•  
• MP (Monitor Coprocessor, bit 1)
• When this bit is set, 80386 assumes that real
  floating point hardware is present in the system.
  If it is reset it assumes that no such hardware
  is present .
•  
• PE (Protection Enable, bit 0)
• The PE bit is set to enable the Protected Mode.
  If PE is reset, the processor operates in Real
  Mode. PE can be set using LMSW instruction but it
  can not be reset using LMSW.

20

• CR1 reserved CR1 is reserved for use in future
  by Intel.
•  
• CR2 Page Fault Linear Address
• CR2, shown in Figure below, holds the 32-bit
  linear address that caused the last page fault
  detected.
•  
• CR3 Page Directory Base Address
• CR3, shown in Figure, contains the physical base
  address of the page directory table. A task
  switch through a TSS changes a value in CR3.

Fig CR2 and CR3
21

• E) System Address Registers
• System Address Registers are special registers
  which are defined to reference the tables or
  segments supported by the 80286CPU and 80386DX
  protection model.
• These tables or segments are
• GDT (Global Descriptor Table)
• IDT (Interrupt Descriptor Table)
• LDT (Local Descriptor Table)
• TSS (Task State Segment)
• The addresses of these tables and segments are
  stored in special registers called System Address
  Registers.
• These four registers are named as GDTR, IDTR,
  LDTR and TR, respectively.
• GDTR and IDTR registers hold the 32-bit linear
  base address and 16-bit limit of the GDT and IDT,
  respectively.
• LDTR and TR registers hold the 16-bit selector
  for the LDT descriptor and the TSS descriptor,
  respectively.
•  

22
Fig System address and system segment registers
23

•  
• F) Test Registers
• There are TR0-TR7 eight test registers. But only
  2 registers are defined TR6 TR7.
• These registers are used to check TLB of the
  paging unit.
• The two TLB testing operations are write entries
  into TLB perform TLB lookup.
• TR6 is the command test register.
• TR7 is the data register which contains the data
  of the Translation Look aside buffer test.

24
Fig TR6 and TR7
25

• TR6
• C bit- This is the command bit. C0 write to TLB
  is performed. C1 TLB lookup is performed.
• Linear address On a TLB write a TLB entry is
  allocated to this linear address. On a TLB lookup
  if one and only one TLB entry matches, the rest
  of the fields of TR6 TR7 are set from the
  matching TLB entry.
• The next 7 bits are used as tag attributes for
  the TLB cache.
• V bit Valid for this TLB entry
• D,D Dirty and Not Dirty (page identified by
  cache entry has been modified.)
• U,U User and not user (page is accessible from
  PL3 code)
• W,W Writable and not writable. (write
  permission)

26
X X Effect during TLB lookup Value of bit X after TLB write
0 0 Miss all Bit X becomes undefined
0 1 Match if X0 Bit X becomes 0
1 0 Match if X1 Bit X becomes 1
1 1 Match all Bit X becomes undefined
TR7 Physical address This is the data field of
the TLB. On a write to the TLB, the TLB entry
allocated to the linear address in TR6 is set to
this value. On a TLB lookup, the data field from
the TLB is read out to here.
27

• PL
• On a TLB write if PL1 causes the REP field of
  TR7 to select which of four associative blocks of
  the TLB is to be written. PL0 allows the
  internal pointer in the paging unit to select
  which TLB block is written.
• On a TLB lookup if PL1 means lookup was hit
• PL0 means TLB lookup miss.

28
Fig Debug Registers
29

• G) Debug Registers
• The six programmer accessible debug registers
  provide on-chip support for debugging.
• Debug Registers DR0 to DR3 are used to specify
  the four linear breakpoints.
• The Debug Status Register DR6 displays the
  current state of the breakpoints.
• DR4 and DR5 are reserved by Intel.
• DR7 is the Debug Control Register.
• DR0-DR3
• The first four debug registers hold up to 4
  linear address breakpoints.
• The addresses in these registers are compared to
  the processors address generation logic on every
  instruction if match is found an exception 1 is
  generated.

30

• DR6(Debug status register)
• 80386 sets the appropriate bits in this register
  to indicate the circumstances that caused the
  last debug fault. These bits are never cleared by
  processor.
• B0 (Breakpoint 0 hit)
• The processor sets this bit when it references
  the linear address contained in DR0.
• BD (Break for debug register access)
• This bit is set when the exception1 handler is
  invoked by an illegal reference to one of the
  debug registers when the register set is locked.
• BS(Break for single step)
• This bit is set if the processor has taken the
  exception1 because tracing is enabled (TF is
  set).
• BT (Break for task switch)
• Whenever the 80386 initiates a task switch to a
  task that has its trace bit set in its task
  image, processor initiates an exception1 if this
  bit is set.

31

• DR7Debug control register.
• It controls the operation of four linear address
  breakpoints by a set of 4 fields each.
• L0 (Local enable) When this bit is set, the
  breakpoint address in DR0 is monitored as long as
  80386 is running the current task.
• G0 (Global enable) As long as this bit is set,
  80386 monitors the linear address in DR0 at all
  times regardless of the task.
• RW0(read/write access) These bits qualify the
  type of access that must occur at the address in
  DR0 before the breakpoint will be taken.
• LEN0 (Breakpoint length) It specifies the length
  of breakpoint.

32
RW LEN
00 Code fetch 00 1 byte
01 Data write 01 2 bytes word aligned
10 Reserved 10 Reserved
11 Data read/write 11 4 bytes, dword aligned.
33

• LE (Local exact)
• Due to the pipelined architecture , 80386 may not
  set status bit in DR6 at the instant breakpoint
  occurs. If LE bit is set 80386 sets corresponding
  status bit at the instant at which breakpoint
  occurs when the 80386 is running current task. On
  task switch this bit is reset.
• GE (Global exact) It is same as LE but its scope
  is global.
• GD (global debug access) When this bit is set,
  the 80386 denies the further access to any of the
  debug registers either for reading or writing.

34

• References
• All contents are referred from following
  references
• Intel386 DX microprocessor manual
• James Turley, "Advanced 80386 Programming
  Techniques", McGraw Hill Education.

35

• THANK YOU
• For further information please contact
• Prof. Bhavana Kanawade
• Department of Information Technology
• Hope Foundations International Institute of
  Information Technology, I²IT
• Hinjawadi, Pune 411 057
• Phone - 91 20 22933441
• www.isquareit.edu.in bhavanak_at_isquareit.edu.in