1-32-Bit Microprocessor - Intel 80386

Advanced Microprocessor (AMI – 17627)

Computer Department, Jamia Polytechnic (0366)

Chapter 1

32-bit Microprocessor - Intel 80386 30 Marks Syllabus: Salient features, internal architecture, Register organization (General-purpose register, segment register, status and control register, instruction pointer. Segment descriptor cache register. System address register LDTR, GDTR, Debug register, Test registers, Control register. Addressing modes of 80386, real, PVAM, paging, virtual 8086. Address translation in real, PVAM, paging, Enabling and disabling paging (Machine Status word)

Features of 80386: 1) The 80386 is a 32bit processor that supports 8bit/16bit/32bit data operands. 2) 8 general purpose 32-Bit registers 3) The 80386 instruction set is upward compatible with all its predecessors (8086, 80186, 80286). 4) The 80386 has three modes of operations: i) Real Addressing Mode ii) Protected Virtual Addressing Mode (PVAM) iii) Virtual 8086 mode 5) The 80386 can run 8086 applications under protected mode in its virtual 8086 mode of operation. 6) With the 32 bit address bus, the 80386 can address up to 4Gbytes of physical memory. The physical memory is organized in terms of segments of 4Gbytes at maximum. 7) The 80386 CPU supports 16K number of segments and thus the total virtual space of 4 Gbytes * 16K = 64 Terabytes. 8) The memory management section of 80386 supports the virtual memory, paging and four levels of protection, maintaining full compatibility with 80286. 9) The 80386 offers a set of 8 debug registers DR0-DR7 for hardware debugging and control. 10) The 80386 has on-chip address translation cache. 11) The concept of paging is introduced in 80386 that enables it to organize the available physical memory in terms of pages of size 4Kbytes each, under the segmented memory. 12) The 80386 can be supported by 80387 for mathematical data processing.

Difference between Pentium and 80386 microprocessors: (Refer next page)

1



Pentium 1. Superscalar, Super pipelined Yes

80386DX No

Architecture 2. Dynamic Branch Prediction

Yes

No

3. On-chip Floating-Point Unit

Present

Not present

4. Code and Data Caches

8KB for code and 8KB for data

Not present

5. Data bus

64 bit

32 bit

6. Bus Cycle Pipelining

Supported

Not supported

7. Address Parity and Internal Supported

Not supported

Parity Checking 8. Functional Redundancy

Supported

Not supported

9. System Management Mode

Supported

Not supported

10. On-chip Advanced

Present

Not present

11. IEEE 1149.1 Boundary Scan

Implemented

Not implemented

12. Speed

Faster than 80386

Slower than Pentium

Checking and Lock Step operation

Programmable Interrupt Controller (APIC)

Signal Descriptions of 80386: CLK2 : The input pin provides the basic system clock timing for the operation of 80386. D0 – D31: These 32 lines act as bidirectional data bus during different access cycles. Data bus is used to transfer data between the microprocessor and its memory and I/O system. A31 – A2: These are upper 30 address lines of the 32- bit address bus. BE0# to BE3# : The 32- bit data bus supported by 80386 and the memory system of 80386 can be viewed as a 4- byte wide memory access mechanism. The 4 byte enable lines BE0 to BE3, may be used for enabling these 4 blanks. Using these 4 enable signal lines, the CPU may transfer 1 byte / 2 / 3 / 4 bytes of data simultaneously. W/R# (Write/Read#): The write / read output distinguishes the write and read cycles from one another.

2



D/C# (Data/Control#): This data / control output pin distinguishes between a data transfer cycle from a machine control cycle like interrupt acknowledge. ADS# (Address Status#): The address status output pin indicates that the address bus and bus cycle definition pins (W/R#, D/C#, M/IO#, BE0# to BE3#) are carrying the respective valid signals. The 80383 does not have any ALE signals and so this signal may be used for latching the address to external latches. ______________________________________________________________ M/IO#

D/C#

W/R#

Bus cycle type

---------------------------------------------------------------------------------------------Low

Low

Low

Interrupt Acknowledge

Low

High

Low

I/O Data Read

Low

High

High

I/O Data Write

High

Low

Low

Memory Code Read

High

High

Low

Memory Data Read

High

High

High

Memory Data Write

---------------------------------------------------------------------------------------------READY#: The ready signal indicates to the CPU that the previous bus cycle has been terminated and the bus is ready for the next cycle. The signal is used to insert WAIT states in a bus cycle and is useful for interfacing of slow devices with CPU. LOCK#: This is active low output pin. It is used to prevent the other master in the system to gain the control of the bus for current and following bus cycles. This pin can be activated by LOCK instruction prefix. This is also activated by 80386 during XCHG instruction, interrupt acknowledge bus cycle and descriptor table access. BS16# (Bus Size 16): The bus size – 16 input pin allows the interfacing of 16 bit devices with the 32 bit wide 80386 data bus. Successive 16 bit bus cycles may be executed to read a 32 bit data from a peripheral. NA# (Next address): The Next Address signal causes the 80386 to output the address of the next instruction data in the current bus cycle. This pin is often used for pipelining the address. HOLD (Hold Request): The bus hold input pin enables the other bus masters to gain control of the system bus if it is asserted. HLDA (Hold Acknowledge):

3



The bus hold acknowledge output indicates that a valid bus hold request has been received and the bus has been relinquished by the CPU. BUSY#: This is an input signal to 80386 from processor extension (coprocessor – 80287 or 80837). This is an active low signal. This indicates the status of coprocessor. When this signal is activated this indicates that processor extension is busy with its allotted job. Hence microprocessor suspends its execution and goes into wait state until the BUSY signal becomes inactive. ERROR#: This is an input signal to 80386 from processor extension (coprocessor – 80287 or 80387). This is an active low signal. This indicates the status of coprocessor. When this signal is activated this indicates that the processor extension has committed a mistake. This will cause the 80386 to perform the processor extension interrupt (INT 16). PEREQ (Processor Extension Request): The processor extension request output signal indicates to the CPU to fetch a data word for the coprocessor. INTR: The INTR (interrupt request) signal is an active high input signal to the processor. This signal is used by external devices. Upon receiving an active signal on this line, microprocessor suspends the execution of current instruction and serves the interrupt request. When the microprocessor responds to the interrupt request, it performs two interrupt acknowledge bus cycles to read INT number from interrupt controller. This signal can be masked by clearing the interrupt enable bit of flag register. NMI: The NMI (Non-Maskable Interrupt) is an active high, input signal to microprocessor. It is equivalent to INT 02H instruction. After receiving NMI signal, no interrupt acknowledge cycle is done. The interrupt enable bit of flag register does not have any effect on NMI signal i.e. this interrupt can not be masked by using interrupt enable bit of flag register. RESET: The 80386 is reset by activating the RESET pin for at least 15 CLK2 periods. The RESET signal is level sensitive. When the RESET signal is asserted, the 80386 will start executing instructions at address FFFF FFF0H. The 82384 clock generator provides system clock (CLK2) and RESET signal. After reset 80386 starts in real addressing mode. N / C: No connection pins are expected to be left open while connecting the 80386 in the circuit. VCC: These are system power supply lines. VSS: These return lines for the power supply. 4



Architecture of 80386 The Internal Architecture of 80386 is divided into 3 sections.  Central processing unit(CPU)  Memory management unit(MMU)  Bus interface unit(BIU) Central processing unit is further divided into Execution unit (EU) and Instruction unit (IU). Execution unit has 8 General purpose and 8 Special purpose registers which are either used for handling data or calculating offset addresses. The Instruction unit decodes the opcode bytes received from the 16-byte instruction code queue and arranges them in a 3- instruction decoded instruction queue. After decoding, instructions are passed to the control section for deriving the necessary control signals. The barrel shifter increases the speed of all SHIFT and ROTATE operations. The multiply / divide logic implements the bit-shift-rotate algorithms to complete the operations in minimum time. Even 32- bit multiplications can be executed within one microsecond by the multiply / divide logic. The Memory management unit consists of 

Segmentation unit and



Paging unit.

Segmentation unit allows the use of two address components, viz. segment and offset for relocability and sharing of code and data. Segmentation unit allows segments of size 4Gbytes maximum. The Segmentation unit provides a 4 level protection mechanism for protecting and isolating the system code and data from those of the application program. The Paging unit organizes the physical memory in terms of pages of 4kbytes size each. Paging unit works under the control of the segmentation unit, i.e. each segment is further divided into pages. The virtual memory is also organized in terms of segments and pages by the memory management unit. Paging unit converts linear addresses into physical addresses. The control and attribute PLA checks the privileges at the page level. Each of the pages maintains the paging information of the task. The limit and attribute PLA checks segment limits and attributes at segment level to avoid invalid accesses to code and data in the memory segments. The Bus control unit has a prioritizer to resolve the priority of the various bus requests. This controls the access of the bus. The address driver drives the bus enable and address signal A0 – A31. The pipeline and dynamic bus sizing unit handle the related control signals. The data buffers interface the internal data bus with the system bus.

5



Register Organization: The 80386 registers may be grouped into these basic categories: 1. General registers. These eight 32-bit general-purpose registers are used primarily to contain operands for arithmetic and logical operations. 2. Segment registers. These six registers determine, at any given time, which segments of memory are currently addressable. 3. Status and instruction registers. These special-purpose registers are used to record and alter certain aspects of the 80386 processor state.

General Registers The general registers of the 80386 are the 32-bit registers EAX, EBX, ECX, EDX, EBP, ESP, ESI, and EDI. These registers are used to contain the operands of logical and arithmetic operations. They may also be used for operands of address computations (except that ESP cannot be used as an index operand). The low-order word of each of these eight registers has a separate name and can be treated as a unit. This feature is useful for handling 16-bit data items and for compatibility with the 8086 and 80286 processors. The word registers are named AX, BX, CX, DX, BP, SP, SI, and DI.

6



Each byte of the 16-bit registers AX, BX, CX, and DX has a separate name and can be treated as a unit. This feature is useful for handling characters and other 8-bit data items. The byte registers are named AH, BH, CH, and DH (high bytes); and AL, BL, CL, and DL (low bytes). All of the general-purpose registers are available for addressing calculations and for the results of most arithmetic and logical calculations; however, a few functions are dedicated to certain registers. EAX, AX, AL act as 32 bit, 16 bit and 8 bit accumulators. EBX, BX registers are used as base registers. ECX, CX, CL registers are used as counters. EDX, DX act as data registers. Segment Registers At any given instant, six segments of memory may be immediately accessible to an executing 80386 program. The segment registers CS, DS, SS, ES, FS, and GS are used to identify these six current segments. Each of these registers specifies a particular kind of segment, as characterized by the associated mnemonics ("code," "data," or "stack"). Each register uniquely determines one particular segment, from among the segments that make up the program. The segment containing the currently executing sequence of instructions is known as the current code segment; it is specified by means of the CS register. The 80386 fetches all instructions from this code segment, using as an offset the contents of the instruction pointer. CS is changed implicitly as the result of intersegment control-transfer instructions (for example, CALL and JMP), interrupts, and exceptions. Subroutine calls, parameters, and procedure activation records usually require that a region of memory be allocated for a stack. All stack operations use the SS register to locate the stack. The DS, ES, FS, and GS registers allow the specification of four data segments, each addressable by the currently executing program. The processor associates a base address with each segment selected by a segment register. To address an element within a segment, a 32-bit offset is added to the segment's base address. Once a segment is selected (by loading the segment selector into a segment register), a data manipulation instruction only needs to specify the offset. Simple rules define which segment register is used to form an address when only an offset is specified. Figure: General Registers

7



Figure: Segment Registers

Flags Register The flags register is a 32-bit register named EFLAGS. Figure 2-8 defines the bits within this register. The flags control certain operations and indicate the status of the 80386. The low-order 16 bits of EFLAGS is named FLAGS and can be treated as a unit. This feature is useful when executing 8086 and 80286 code, because this part of EFLAGS is identical to the FLAGS register of the 8086 and the 80286. The flags may be considered in three groups: the status flags, the control flags, and the systems flags.

Status Flags CF (Carry Flag) ── Sets if carry or borrow is generated. PF (Parity Flag) ── Sets if low-order eight bits of result contain an even number of 1s. AF (Auxiliary Carry Flag) ── Sets on carry from or borrow to the low order four bits of AL (i.e. from bit D3 to bit D4). Used for decimal arithmetic. ZF (Zero Flag) ── Sets if result is zero. SF (Sign Flag) ── Sets equal to high-order bit of result (0 is positive, 1 if negative). OF (Overflow Flag) ── Sets if result is too large or too small to fit in destination operand.

Control Flags DF (Direction Flag) ── Setting DF causes string instructions to auto-decrement; that is, to process strings from high addresses to low addresses. Clearing DF causes string instructions to auto-increment, or to process strings from low addresses to high addresses.

System Flags IF (Interrupt-Enable Flag) ── Setting IF allows the CPU to recognize external (maskable) interrupt requests. Clearing IF disables these interrupts. IF has no effect on either exceptions or nonmaskable external interrupts.

8



Figure: Flag Register IOPL (I/O Privilege Level) ── The IOPL field in the FLAGS register defines the right to use I/Orelated instructions (used in PVAM). NT (Nested Task) ── The processor uses the nested task flag to control chaining of interrupted and called tasks. NT influences the operation of the IRET instruction. RF (Resume Flag) ── This flag is used with the debug register breakpoints. It is checked at the starting of every instruction cycle and if it is set, any debug fault is ignored during the instruction cycle. The RF is automatically reset after successful execution of every instruction, except for IRET and POPF instructions. TF (Trap Flag) ── Setting TF puts the processor into single-step mode for debugging. In this mode, the CPU automatically generates an exception after each instruction, allowing a program to be inspected as it executes each instruction. Single-stepping is just one of several debugging features of the 80386. VM (Virtual 8086 Mode) ── If this flag is set, the 80386 enters the virtual 8086 mode within the protection mode. This is to be set only when the 80386 is in protected mode. In this mode, if any privileged instruction is executed an exception 13 is generated. This bit can be set using IRET instruction or any task switch operation only in the protected mode. Instruction Pointer The instruction pointer register (EIP) contains the offset address, relative to the start of the current code segment, of the next sequential instruction to be executed. The instruction pointer is not directly visible to the programmer; it is controlled implicitly by control-transfer instructions, interrupts, and exceptions.

9



As Figure below shows, the low-order 16 bits of EIP is named IP and can be used by the processor as a unit. This feature is useful when executing instructions designed for the 8086 and 80286 processors.

Figure: Instruction Pointer Register

Segment Descriptor cache registers: The 80386 stores information from descriptors into its internal segment descriptor cache registers; this avoids the need to consult a descriptor table every time it accesses memory for data or code. This speeds up execution.

Every segment register has a "visible" portion and an "invisible" portion, as figure above illustrates. The visible portions of these segment address registers are manipulated by programs as if they were simply 16-bit registers. The invisible portions are manipulated by the processor. These registers are loaded by program instructions. Using these instructions, a program loads the visible part of the segment register with a 16-bit selector. Using the 13 most significant bits of this selector, the processor automatically fetches the base address, limit, type, and other information from a descriptor which is present in a descriptor table (GDT/LDT) and loads them into the invisible part of the segment descriptor cache register.

10



Systems Address Registers: Memory-Management Registers Four registers of the 80386 locate the data structures that control segmented memory management: GDTR (Global Descriptor Table Register), LDTR (Local Descriptor Table Register): These registers point to the segment descriptor tables GDT and LDT. IDTR (Interrupt Descriptor Table Register): This register points to a table of entry points for interrupt handlers (the IDT). TR (Task Register): This register points to the information needed by the processor to define the current task.

Global Descriptor Table Register (GDTR):

47

BASE(32 bit)

16

15

LIMIT

0

The Global Descriptor Table Register (GDTR) is a dedicated 48-bit (6 byte) register used to record the base and size of a system's global descriptor table (GDT). Thus, two of these bytes define the size of the GDT, and four bytes define its base address in physical memory. LIMIT is the size of the GDT, and BASE is the starting address. LIMIT is 1 less than the length of the table, so if LIMIT has the value 15, then the GDT is 16 bytes long. To load the GDTR, the instruction LGDT is used.

Local Descriptor Table Register (LDTR): The Local Descriptor Table Register (LDTR) is a dedicated 48-bit register that contains, at any given moment, the base and size of the local descriptor table (LDT) associated with the currently executing task. Unlike GDTR, the LDTR register contains both a "visible" and a "hidden" component. Only the visible component is accessible, while the hidden component remains truly inaccessible to application programs.

11



16 bit visible selector 15

0 48 bit hidden descriptor cache

Base (32 bit)

Limit (16 bit)

47

16 15

0

The visible component of the LDTR is a 16-bit "selector" field. The format of these 16 bits is same as a segment selector in a virtual address pointer. Thus, it contains a 13-bit INDEX field, a 1-bit TI field, and a 2-bit RPL field. The TI "table indicator" bit must be zero, indicating a reference to the GDT (i.e., to global address space). The INDEX field consequently provides an index to a particular entry within the GDT. This entry, in turn, must be an LDT descriptor. In this way, the visible "selector" field of the LDTR, by selecting an LDT descriptor, uniquely designates a particular LDT in the system. The dedicated, protected instructions LLDT and SLDT are reserved for loading and storing, respectively, the visible selector component of the LDTR register.

Interrupt Descriptor Table The IDT may reside anywhere in physical memory. The processor locates the IDT by means of the IDT register (IDTR). IDT register contains a 32-bit base and a 16-bit limit. The instructions LIDT and SIDT operate on the IDTR. Both instructions have one explicit operand: the address in memory of a 6byte area. Figure below shows the format of this area. LIDT (Load IDT register) loads the IDT register with the linear base address and limit values contained in the memory operand. This instruction can be executed only when the CPL is zero. SIDT (Store IDT register) copies the base and limit value stored in IDTR to a memory location. This instruction can be executed at any privilege level.

12



Task Register (TR): The task register (TR) identifies the currently executing task by pointing to the TSS. The task register has both a "visible" portion (i.e., can be read and changed by instructions) and an "invisible" portion (maintained by the processor to correspond to the visible portion; cannot be read by any instruction). The selector in the visible portion selects a TSS descriptor in the GDT. The processor uses the invisible portion to cache the base and limit values from the TSS descriptor. Holding the base and limit in a cache register makes execution of the task more efficient, because the processor does not need to repeatedly fetch these values from memory when it references the TSS of the current task.

16 bit visible selector 15

0

48 bit hidden descriptor cache Base (32 bit)

Limit (16 bit)

47

16 15

0

The instructions LTR and STR are used to modify and read the visible portion of the task register. Both instructions take one operand, a 16-bit selector located in memory or in a general register. LTR (Load task register) loads the visible portion of the task register with the selector operand, which must select a TSS descriptor in the GDT. LTR also loads the invisible portion with information from the TSS descriptor selected by the operand. LTR is a privileged instruction; it may be executed only when CPL is zero. LTR is generally used during system initialization to give an initial value to the task register; thereafter, the contents of TR are changed by task switch operations. STR (Store task register) stores the visible portion of the task register in a general register or memory word. STR is not privileged. 13



Descriptor Tables: Descriptors are stored in descriptor tables. There are two types of descriptor tables: Local Descriptor Table (LDT) and Global Descriptor Table (GDT). Since upper 13 bits of selector is used to select a descriptor therefore, there can be 213=8K (8192) descriptors in a descriptor table. The size of each descriptor is 8 bytes, therefore in order to store 8K descriptors, 8K*8=64KB memory is required. So maximum size of LDT and GDT is 64KB. Since there are 16K descriptors (8Kdescriptors from LDT and 8Kdescriptors from GDT) available per task, and each descriptor can store information about a segment of 4GB, therefore total virtual memory per task is 16K*4GB=64TB. GDT is common to all tasks. It can contain descriptors of all types except interrupt gate descriptor and trap gate descriptor. LDT is contains descriptors of a particular task. This means each task has its own LDT. LDT contains code/data segment descriptors, task gate and call gate descriptors. There is one more descriptor table called Interrupt Descriptor Table (IDT). This table is used to store interrupt gate, trap gate and task gate descriptors. There are 256 interrupts available in 80386, therefore, it can store 256 descriptors. Hence the maximum size of IDT is 256*8 bytes=2048 bytes (2KB). IDT is referred by using INT n instruction, or when external interrupts occur or in case of instruction exceptions.

GDT Only one GDT

LDT

IDT

Each task can have its own Only one IDT LDT

Descriptors in GDT are global Descriptors and shared by each task.

in

LDT

specific to a particular task.

are These

descriptors

used

when a hardware or software interrupt occurs

14

are



Contains descriptors of any Contains Code/Data segment Contains

descriptors

of

type except interrupt and trap descriptors and descriptors of interrupt/trap and task gates. gates.

call and task gates.

Total 8K descriptors can be Total 8K descriptors can be Maximum 256 descriptors can stored in GDT.

stored in LDT.

be present in IDT

Maximum size of GDT is 64 Maximum size of LDT is 64 Maximum size of IDT is 2 KB. KB.

KB.

LGDT instruction is used to LLDT instruction is used to LIDT instruction is used to load load GDTR.

load LDTR.

IDTR.

Control Registers Figure below shows the format of the 80386 control registers CR0, CR2, and CR3.  CR0 contains system control flags, which control or indicate conditions that apply to the system as a whole, not to an individual task. PE (Protection Enable, bit 0) Setting PE causes the processor to begin executing in protected mode. This can be cleared by resting the microprocessor. MP (Monitor Coprocessor or Math Present, bit 1) The MP (monitor coprocessor) bit indicates whether a coprocessor is actually attached. The MP flag controls the function of the WAIT instruction. If, when executing a WAIT instruction, the CPU finds MP set, then it tests the TS flag; it does not otherwise test TS during a WAIT instruction. If it finds TS set under these conditions, the CPU signals exception 7. EM (Emulate, bit 2) The EM bit indicates whether coprocessor functions are to be emulated. If the processor finds EM set when executing an ESC instruction, it signals exception 7, giving the exception handler an opportunity to emulate the ESC instruction. TS (Task Switched, bit 3) The TS bit of CR0 helps to determine when the context of the coprocessor does not match that of the task being executed by the 80386 CPU. The 80386 sets TS each time it performs a task switch (whether triggered by software or by hardware interrupt). If, when interpreting one of the ESC instructions, the CPU finds TS already set, it causes exception 7. The WAIT instruction also causes exception 7 if both TS and MP are set. Operating systems can use this exception to switch the context of the coprocessor to correspond to the current task. ET (Extension Type, bit 4) ET indicates the type of coprocessor present in the system (ET=0 -> 80287 or ET=1 ->80387)

15



PG (Paging, bit 31) PG indicates whether the processor uses page tables to translate linear addresses into physical addresses.  CR2 is used for handling page faults when PG is set(i.e. paging is enabled). The processor stores the linear address that triggers the fault (i.e. page fault linear address).  CR3 is used when PG is set. CR3 enables the processor to locate the page directory for the current task.

Debug Register (DR0 – DR7) The debug registers bring advanced debugging abilities to the 80386, including data breakpoints and the ability to set instruction breakpoints without modifying code segments.

 DR0 to DR3 store 4 breakpoint linear addresses,  DR4 and DR5 are reserved,  DR6 is debug status register and  DR7 is debug control register. Test Registers (TR6 and TR7) The test registers are not a standard part of the 80386 architecture. They are provided for testing of the translation lookaside buffer (TLB), the cache used for storing information from page tables.  TR6 is test command register and  TR7 is test data register. 31

0

16



TR7 TR6

Real Addressing Mode of 80386 After reset, the 80386 starts from memory location FFFFFFF0H under the real address mode. In the real mode, 80386 works as a fast 8086 with 32-bit registers and data types. All the instructions of 80386 are available in this mode except those which are designed for protected mode only. In real mode, the default operand size is 16 bit but 32- bit operands and addressing modes may be used with the help of override prefixes. The segment size in real mode is 64KB; hence the 32-bit effective addressing must be less than 0000FFFFFH. The real mode initializes the 80386 and prepares it for protected mode. Memory Addressing in Real Mode: In the real mode, the 80386 can address at the most 1Mbytes of physical memory using address lines A2-A19. Paging unit is disabled in real addressing mode, and hence the linear addresses are the same as the physical addresses.

To form a physical memory address, appropriate segment registers contents (16-bits) are shifted left by four positions and then added to the 16-bit offset address formed using one of the addressing modes, in the same way as in the 8086. The segment in 80386 real mode can be read, write or executed, i.e. no protection is available. Any fetch or access past the end of the segment limit generates exception 13 in real address mode. The segments in 80386 real mode may be overlapped or non-overlapped. The interrupt vector table of 80386 has been allocated 1Kbyte space starting from 00000H to 003FFH. Protected Mode of 80386 All the capabilities of 80386 are available for utilization in its protected mode of operation. The 80386 in protected mode support all the software written for 80286 and 8086 to be executed under the control of memory management and protection abilities of 80386. The protected mode allows the use of additional instruction, addressing modes and capabilities of 80386.

17



Addressing in Protected Mode: In this mode, the contents of segment registers are used as selectors to address one of descriptors stored in LDT or GDT. Descriptors contain the segment limit, base address and access rights byte of segments. The effective address (offset) is added with segment base address to calculate linear address. This linear address is further used as physical address, if the paging unit is disabled; otherwise the paging unit converts the linear address into physical address.

The paging unit is a memory management unit enabled only in protected mode. The paging mechanism allows handling of large segments of memory in terms of pages of 4Kbyte size. The paging unit operates under the control of segmentation unit. The paging unit if enabled converts linear addresses into physical address, in protected mode.

Descriptors: Descriptors are used to translate logical address (consisting of a segment selector and segment offset) into linear address. Descriptors are stored in either LDT (Local Descriptor Table) or GDT (Global Descriptor Table). Size of each descriptor is 8 bytes. Descriptors carry the information about segment such its base address in physical memory, segment limit (size), access right information etc. Descriptors can be classified as segment descriptors (for Code, Data and Stack segments) and system segment descriptors.

Data Segment Descriptor: Base: Defines the location of the segment within the 4 gigabyte linear address space. The processor concatenates the three fragments of the base address to form a single 32-bit value. Limit: Defines the size of the segment. When the processor concatenates the two parts of the limit field, a 20-bit value results. The processor interprets the limit field in one of two ways, depending on the setting of the granularity bit: 

In units of one byte, to define a limit of up to 1 megabyte.



In units of 4 Kilobytes, to define a limit of up to 4 gigabytes. The limit is shifted left by 12 bits when loaded, and low-order one-bits are inserted. 18



G (Granularity) bit: Specifies the units with which the LIMIT field is interpreted. When the bit is clear, the limit is interpreted in units of one byte; when set, the limit is interpreted in units of 4 Kilobytes. DPL (Descriptor Privilege Level) bits: These two bits describe the privilege level of the segment. Privilege level may be 0 (DPL=00), 1(DPL=01), 2(DPL=10) or 3(DPL=11). These bits are used in the protection mechanism of 80386. P (Present) bit: P=1, Segment is present in the physical memory. Descriptor contents are valid and can be used in address translation. When P=0, Segment is not present in the memory, the base and limit fields are not valid. A (Accessed) bit: The processor sets this bit when the segment is accessed; i.e., a selector for the descriptor is loaded into a segment register AVL (Available) bit: This bit is available for use by operating system or other system softwares. W (Writable) bit: If W=0, Data segment is not writable. If W=1, Data segment is writable. ED (Expansion Direction) bit: ED=0, Expand up segment, offset must be < limit (Data segments). ED=1, Expand down segment, offset must be > limit (Stack segments) E (Executable) bit: E=0, the segment is not executable. For data/stack segment this bit will be always 0 (reset). S (System Segment) bit: For Code/Data segments this bit is 1. B bit: It controls the size of stack and stack pointer. If the B bit is 0, stack operations use the SP register and upper bound for the stack is FFFFH. If the B bit is 1, the ESP register is used for the stack operations with a stack upper bound of FFFFFFFFH.

Code Segment Descriptor: (Note: Base, Limit, G, DPL, P, S, A and AVL bits have same meaning as above.) R (Readable) bit: If R=0, Code segment is not readable and if R=1, Code segment is readable. C (Conforming) bit: C=1, Code segment is conforming, it can be executed when CPL>DPL and CPL remains unchanged. (CPL – Current Privilege Level; DPL – Descriptor Privilege Level) C=0, Code segment is non-conforming, it can be executed when CPL=DPL E (Executable) bit: E=1, The segment is executable. For code segment this bit will be always 1. S (System Segment) bit: For Code/Data segments this bit is 1. 19



D (Default operand size) bit: This bit specifies the default size for operands and offsets. If D=0, default operands and offsets are assumed to be 16 bit for 32 bit operands and offsets the D bit must be 1.

System Segment Descriptor: Besides the descriptors for data and code segments commonly used by applications programs, the 80386 has descriptors for special segments used by the operating system and for gates. These are system segment descriptors. The S bit of these descriptors is 0. The type field gives the type of descriptor as given below. (Note: Base, Limit, G, DPL, P and AVL bits have same meaning as above.) Type field 0 1 2 3 4 5 6 7 8 9 A B C D E F

Type of Segment or Gate Reserved Available 286 TSS LDT Busy 286 TSS Call Gate Task Gate 286 Interrupt Gate 286 Trap Gate Reserved Available 386 TSS Reserved Busy 386 TSS 386 Call Gate Reserved 386 Interrupt Gate 386 Trap Gate

20



Paging: Paging is one of the memory management techniques used for virtual memory multitasking operating system. The segmentation scheme may divide the physical memory into variable size segments but the paging divides the memory into a fixed size pages. The segments are supposed to be the logical segments of the program, but the pages do not have any logical relation with the program. The pages are just fixed size portions of the program module or data. The advantage of paging scheme is that the complete segment of a task need not be present in the physical memory at any time. Only a few pages of the segments, which are required currently for the execution need to be available in the physical memory. Thus the memory requirement of the task is substantially reduced, relinquishing the available memory for other tasks. Whenever the other pages of task are required for execution, they may be fetched from the secondary storage. There is no need to keep the pages in the memory which have been executed, and hence the space occupied by them may be relinquished for other tasks. Thus paging mechanism provides an effective technique to manage the physical memory for multitasking systems.

Enabling and Disabling Paging: By setting the PG bit (Most significant Bit or bit 31) of CR0 to 1, paging can be enabled. This bit cannot be set until the processor is in protected mode. When PG is set, the PDBR (Page Directory Base Register – CR3) should already be initialized with a physical address that points to a valid page directory. To enable paging, use MOV instruction to set most significant bit of CR0, e.g. MOV EAX, CR0 After this bit is set, page translation takes effect on the next instruction. Paging can be disabled by making the PG bit of CR0 as zero.

Paging Unit: The paging unit of 80386 uses a two level table mechanism to convert a linear address provided by segmentation unit into physical addresses. The paging unit converts the complete map of a task into pages, each of size 4K. The task is further handled in terms of its page, rather than segments. The paging unit handles every task in terms of three components namely page directory, page tables and page itself. Page Directory Base Register: The control register CR2 is used to store the 32-bit linear address at which the previous page fault was detected. The CR3 is used as page directory physical base address register, to store the physical starting address of the page directory. The lower 12 bits of the CR3 are always zero to ensure the page size aligned with the directory. Page Directory: This is at the most 4Kbytes in size. Each directory entry is of 4 bytes, thus a total of 1024 entries are allowed in a directory. The upper 10 bits of the linear address are used as an index to the corresponding page directory entry. The page directory entries point to page tables.

21



Page Tables: Each page table is of 4Kbytes in size and may contain a maximum of 1024 entries. The page table entries contain the starting address of the page and the statistical information about the page. The upper 20 bit page frame address is combined with the lower 12 bit of the linear address. The address bits A12- A21 are used to select one of the 1024 page table entries. The page table can be shared between the tasks. Page directory and page table entry format: The P bit of the above entries indicates, if the entry can be used in address translation. If P=1, the entry can be used in address translation, otherwise it cannot be used. The P bit of the currently executed page is always high. The accessed bit A is set by 80386 before any access to the page. If A=1, the page is accessed, else not accessed. The D bit (Dirty bit) is set before a write operation to the page is carried out. The D-bit is undefined for page directory entries. The OS reserved bits are defined by the operating system software. The User / Supervisor (U/S) bit and Read/Write (R/W) bit are used to provide protection. These bits are decoded to provide protection under the 4 level protection model. The level 0 is supposed to have the highest privilege, while the level 3 is supposed to have the least privilege. This protection provide by the paging unit is transparent to the segmentation unit. Following table explains page level protection with these bites: __________________________________________________________________________ U/S

R/W

Permitted for level 3

Permitted for levels 2, 1, 0

--------------------------------------------------------------------------------------------------------------0

0

None

Read/Write

0

1

None

Read/Write

1

0

Read only

Read/Write

1

1

Read/Write

Read/Write

---------------------------------------------------------------------------------------------------------------

22



Paging Mechanism:

Logical address (Segment register contents : Offset value e.g. CS : IP) is converted into linear address by segmentation unit. If paging is enabled, the linear address is further translated into physical address by paging unit. The 10 most significant bits of linear address select one of the entries from page directory. This entry gives the base address of one of the page tables. The next 10 bits of linear address, select one of the entries from this page table. The selected entry in the page table gives the base address of target page to access. To this base address remaining 12 least significant bits of linear address is added to form the physical address. The physical address will appear on address lines and in this way physical memory will be accessed.

Conversion of a Linear Address to a Physical Address: The paging unit receives a 32 bit linear address from the segmentation unit. The structure of linear address is shown below.

The upper 20 linear address bits (A12 – A31) are compared with all the entries in the translation look aside buffer to check if it matches with any of the entries. If it matches, the 32 bit physical address is calculated from the matching TLB entry and placed on the address bus. For converting all the linear 23



addresses to physical addresses, if the conversion process uses the two level paging for every conversion, a considerable time will be wasted in the process. Hence to optimize this, a 32 entry page table cache is provided which stores the 32 recently accessed page table entries. Whenever a linear address is to be converted to physical address, it is first checked to see, whether it corresponds to any of the page table cache entries. This page table cache is also known as Translation Look-aside buffer (TLB). If the page table entry is not in the TLB, the 80386 reads the appropriate page directory entry. It then checks the P bit of the directory entry. If P=1, it indicates that the page table is in the memory. Then the 80386 refers to the appropriate page table entry and sets the accessed bit A. If P=1, in the page table entry, the page is available in the memory. Then the processor updates the A and D bits and accesses the page. The upper 20 bits of linear address, read from the page table are stored in TLB for future possible access. If P=0, the processor generates a page fault exception (Interrupt number 14).When a page fault exception is generated, CR2 is loaded with the page fault linear address.

Virtual 8086 Mode: In its protected mode of operation, 80386DX provides a virtual 8086 operating environment to execute the 8086 programs. The real mode can also used to execute the 8086 programs along with the capabilities of 80386, like protection and a few additional instructions. Once the 80386 enters the protected mode from the real mode, it cannot return back to the real mode without a reset operation. Thus, the virtual 8086 mode of operation of 80386, offers an advantage of executing 8086 programs while in protected mode. The address forming mechanism in virtual 8086 mode is exactly identical with that of 8086 real mode. In virtual mode, 8086 can address 1Mbytes of physical memory that may be anywhere in the 4Gbytes address space of the protected mode of 80386. Like 80386 real mode, the addresses in virtual 24



8086 mode lie within 1Mbytes of memory. In virtual mode, the paging mechanism and protection capabilities are available at the service of the programmers (note the 80386 supports multiprogramming; hence more than one programmer may use the CPU at a time). Paging unit may not be necessarily enable in virtual mode, but may be needed to run the 8086 programs which require more than 1Mbyts of memory for memory management function. In virtual mode, the paging unit allows only 256 pages, each of 4Kbytes size. Each of the pages may be located anywhere in the maximum 4Gbytes physical memory. The virtual mode allows the multiprogramming of 8086 applications. The virtual 8086 mode executes all the programs at privilege level 3. Any of the other programs may deny access to the virtual mode programs or data. However, the real mode programs are executed at the highest privilege level, i.e. level 0. The virtual mode may be entered using an IRET instruction at CPL=0 or a task switch at any CPL, executing any task whose TSS is having a flag image with VM flag set to 1. The IRET instruction may be used to set the VM flag and consequently enter the virtual mode. The PUSHF and POPF instructions are unable to read or set the VM bit, as they do not access it. Even in the virtual mode, all the interrupts and exceptions are handled by the protected mode interrupt handler. To return to the protected mode from the virtual mode, any interrupt or exception may be used. As a part of interrupt service routine, the VM bit may be reset to zero to pull back the 80386 into protected mode.

25



Privilege Protection in 80386: The 80386 has a four level privilege system (from PL0 to PL3). Privilege level 0 is the highest privilege level while privilege level 3 is the least privilege level. The privilege mechanism is used to control the execution of privileged instructions and access to different descriptors and their associated segments. At a time, a segment is present at one of the four privilege levels. There are restrictions on segments present at one particular privilege level to access segment present at the same level or at different privilege level. Certain instruction can be executed at PL0 only. Protection in 80386 has five aspects: 1. Type checking 2. Limit checking 3. Restriction of addressable domain 4. Restriction of procedure entry points 5. Restriction of instruction set Type checking is accomplished with the help of read/write privileges. The Read only segments (with descriptor W bit = 0) cannot be written into. Similarly the segments having descriptors with R bit = 0 cannot be read. Limit checking is accomplished with the help of LIMIT field of descriptors. Offset must be less than or equal to LIMIT value in case of expand up segments. For expand down segments, offset must be greater than LIMIT value. Restriction of addressable domain is accomplished by applying the rules of privilege check using values given by CPL, DPL, PRL fields. Restriction of procedure entry points is accomplished by using gates because gates define the entry points to the procedures. Here also rules of privilege check will be applied by using the values given by CPL, DPL, PRL fields. Restriction of instruction set: Some instruction must be executed at certain privilege level e.g. LMSW instruction can be executed at privilege level 0 only.

Current Privilege Level (CPL): This is the privilege level of the running task. This is given by the lower order two bits of CS register. This can be changed if control is transferred to a segment present at different privilege level (PL). This can also be changed due to a task switch if the new task is executed at different PL. Descriptor Privilege Level (DPL): This is given by DPL bits of the descriptor. This gives the minimum privilege level form which this descriptor can be used. If this is 0 (highest privilege level) then the descriptor can be accessed from privilege level 0 only. If DPL=1 then the descriptor can be accessed from privilege level 0 and 1 only. If DPL=2 then the descriptor can be accessed from privilege level 0, 1 and 2 only. If DPL=3 then the descriptor can be accessed from privilege level 0, 1, 2 and 3.

26



Requested Privilege Level (RPL): It specifies the privilege level of the selector. It is used to lower the privilege level. Effective Privilege Level is numerically max(CPL, RPL).

Accessing Data: To access data three different privilege levels are checked: 1. The CPL, 2. The RPL of the segment selector register, and 3. The DPL of the descriptor of target segment (the segment which is to be accessed). Instruction may load a data-segment register and use it only if the DPL of the target segment is numerically greater than or equal to the maximum of the CPL and selector’s RPL. In other word, a procedure can only access data that is at the same or less privilege level. The rule: Numerical max(CPL,RPL) <= DPL of target segment descriptor Following figure explains this.

Control Transfer without using Gates: Control transfer are accomplished by instructions JMP, CALL, INT, RET, IRET and by the exception and interrupt mechanism. For near form of JMP, CALL, and RET, control is transferred within the current code segment, therefore only segment limit is checked. For far form of JMP, CALL, and RET, control is transferred to other segment. For this type of control transfer if Gates are not required, two privilege levels are checked: 1. The CPL, 2. The DPL of target segment (the segment which is to be accessed).

27



The processor permits a JMP or CALL to another segment only if one of the following rules is satisfied: 

DPL of the descriptor of target segment is equal to CPL.



The conforming bit of the target code segment descriptor is set, and the DPL of the target is less than or equal to CPL.

i.e. for non-conforming code segment CPL = DPL and for conforming code segment CPL >= DPL (numerical comparison) Following figure explains this:

Control Transfer using Gates: Control can be transferred to other privilege levels by using gates. If control is transferred by using gates then four privilege levels are checked: 1. The CPL, 2. The RPL of the selector used to specify the call gate, 3. The DPL of the gate descriptor, and 4. The DPL of the descriptor of target segment (the segment which is to be executed). For a JMP instruction to a non-conforming code segment, both of the following privilege rules must be satisfied: (All comparisons are numerical.) max(CPL,RPL) <= gate DPL Target segment DPL = CPL For a JMP instruction to a conforming code segment, both of the following privilege rules must be satisfied: max(CPL,RPL) <= gate DPL Target segment DPL <= CPL

28



For a CALL instruction to a conforming/non-conforming code segment, both of the following privilege rules must be satisfied: max(CPL,RPL) <= gate DPL Target segment DPL <= CPL Control transfers by CALL instruction are explained by following figure:

TLB Testing: The 80386 provides a mechanism for testing the Translation Look aside Buffer (TLB), the cache used for translating linear addresses to physical addresses. Although failure of the TLB hardware is rare, users may wish to include TLB confidence tests among other power-up confidence tests for the 80386. When testing the TLB, it is recommended that paging be turned off (PG=0 in CR0) to avoid interference with the test data being written to the TLB. Structure of the TLB: The TLB is a four-way set-associative memory. Figure below illustrates the structure of the TLB. There are four sets of eight entries each. Each entry consists of a tag and data. Tags are 24-bits wide. They contain the high-order 20 bits of the linear address, the valid bit, and three attribute bits (D, U/S and R/W). The data portion of each entry contains the high-order 20 bits of the physical address.

29



Test Registers: Two test registers, shown in Figure below, are provided for the purpose of testing. TR6 is the test command register, and TR7 is the test data register. These registers are accessed by variants of the MOV instruction. A test register may be either the source operand or destination operand. The MOV instructions are defined in both real-address mode and protected mode. The test registers are privileged resources; in protected mode, the MOV instructions that access them can only be executed at privilege level 0. An attempt to read or write the test registers when executing at any other privilege level causes a general protection exception.

30



The test command register (TR6) contains a command and an address tag to use in performing the command: C

This is the command bit. There are two TLB testing commands: write entries into the

TLB, and perform TLB lookups. To cause an immediate write into the TLB entry, move a double word into TR6 that contains a 0 in this bit. To cause an immediate TLB lookup, move a double word into TR6 that contains a 1 in this bit. Linear Address On a TLB write, a TLB entry is allocated to this linear address; the rest of that TLB entry is set per the value of TR7 and the value just written into TR6. On a TLB lookup (read), the TLB is interrogated per this value; if one and only one TLB entry matches, the rest of the fields of TR6 and TR7 are set from the matching TLB entry. V

The valid bit for this TLB entry. The TLB uses the valid bit to identify entries that

contain valid data. Entries of the TLB that have not been assigned values have zero in the valid bit. All valid bits can be cleared by writing to CR3. D, D#

The dirty bit (and its complement) for/from the TLB entry.

U, U#

The U/S bit (and its complement) for/from the TLB entry.

W, W#

The R/W bit (and its complement) for/from the TLB entry.

The meaning of these pairs of bits is given by following table, where X represents D, U, or W.

Table: Meaning of D, U, and W Bit Pairs X

X#

Effect during TLB Lookup

Value of bit X after TLB Write

0

0

(undefined)

(undefined)

0

1

Match if X=0

Bit X becomes 0

1

0

Match if X=1

Bit X becomes 1

1

1

(undefined)

(undefined)

The test data register (TR7) holds data read from or data to be written to the TLB. Physical Address

This is the data field of the TLB. On a write to the TLB, the TLB entry

allocated to the linear address in TR6 is set to this value. On a TLB lookup, if HT is set, the data field (physical address) from the TLB is read out to this field. If HT is not set, this field is undefined. HT

For a TLB lookup, the HT bit indicates whether the lookup was a hit (HT ← 1) or a

miss (HT ← 0). For a TLB write, HT must be set to 1. REP

For a TLB write, selects which of four associative blocks of the TLB is to be written.

For a TLB read, if HT is set, REP reports in which of the four associative blocks the tag was found; if HT is not set, REP is undefined.

31



Test Operations:  To write a TLB entry: 1). Move a double word to TR7 that contains the desired physical address, HT, and REP values. HT must contain 1. REP must point to the associative block in which to place the entry. 2). Move a double word to TR6 that contains the appropriate linear address, and values for V, D, U, and W. Be sure C=0 for "write" command. Be careful not to write duplicate tags; the results of doing so are undefined.  To look up (read) a TLB entry: 1). Move a double word to TR6 that contains the appropriate linear address and attributes. Be sure C=1 for "lookup" command. 2). Store TR7. If the HT bit in TR7 indicates a hit, then the other values reveal the TLB contents. If HT indicates a miss, then the other values in TR7 are indeterminate. For the purposes of testing, the V bit functions as another bit of address. The V bit for a lookup request should usually be set, so that uninitialized tags do not match. Lookups with V=0 are unpredictable if any tags are uninitialized.

Debugging support: Debug Registers: Six 80386 registers are used to control debug features. These registers are accessed by variants of the MOV instruction. A debug register may be either the source operand or destination operand. The debug registers are privileged resources; the MOV instructions that access them can only be executed at privilege level zero. An attempt to read or write the debug registers when executing at any other privilege level causes a general protection exception. Figure below shows the format of the debug registers. Debug Address Registers (DR0-DR3) Each of these registers contains the linear address associated with one of four breakpoint conditions. Each breakpoint condition is further defined by bits in DR7. The debug address registers are effective whether or not paging is enabled. The addresses in these registers are linear addresses. If paging is enabled, the linear addresses are translated into physical addresses by the processor's paging mechanism (as explained earlier). If paging is not enabled, these linear addresses are the same as physical addresses. Note that when paging is enabled, different tasks may have different linear-to-physical address mappings. When this is the case, an address in a debug address register may be relevant to one task but not to another. For this reason the 80386 has both global and local enable bits in DR7. These bits indicate whether a given debug address has a global (all tasks) or local (current task only) relevance.

32



Debug Control Register (DR7) The debug control register shown in Figure above both helps to define the debug conditions and selectively enables and disables those conditions. For each address in registers DR0-DR3, the corresponding fields R/W0 through R/W3 specify the type of action that should cause a breakpoint. The processor interprets these bits as follows: 00 ── Break on instruction execution only 01 ── Break on data writes only 10 ── undefined 11 ── Break on data reads or writes but not instruction fetches Fields LEN0 through LEN3 specify the length of data item to be monitored. A length of 1, 2, or 4 bytes may be specified. The values of the length fields are interpreted as follows: 00 ── one-byte length 01 ── two-byte length 10 ── undefined 11 ── four-byte length If RWn is 00 (instruction execution), then LENn should also be 00. Any other length is undefined. 33



The low-order eight bits of DR7 (L0 through L3 and G0 through G3) selectively enable the four address breakpoint conditions. There are two levels of enabling: the local (L0 through L3) and global (G0 through G3) levels. The local enable bits are automatically reset by the processor at every task switch to avoid unwanted breakpoint conditions in the new task. The global enable bits are not reset by a task switch; therefore, they can be used for conditions that are global to all tasks. The LE and GE bits control the "exact data breakpoint match" feature of the processor. If either LE or GE is set, the processor slows execution so that data breakpoints are reported on the instruction that causes them. It is recommended that one of these bits be set whenever data breakpoints are armed. The processor clears LE at a task switch but does not clear GE.

Debug Status Register (DR6) The debug status register shown in Figure above, permits the debugger to determine which debug conditions have occurred. When the processor detects an enabled debug exception, it sets the low-order bits of this register (B0 thru B3) before entering the debug exception handler. Bn is set if the condition described by DRn, LENn, and R/Wn occurs. (Note that the processor sets Bn regardless of whether Gn or Ln is set. If more than one breakpoint condition occurs at one time and if the breakpoint trap occurs due to an enabled condition other than n, Bn may be set, even though neither Gn nor Ln is set.) The BT bit is associated with the T-bit (debug trap bit) of the TSS. The processor sets the BT bit before entering the debug handler if a task switch has occurred and the T-bit of the new TSS is set. There is no corresponding bit in DR7 that enables and disables this trap; the T-bit of the TSS is the sole enabling bit. The BS bit is associated with the TF (trap flag) bit of the EFLAGS register. The BS bit is set if the debug handler is entered due to the occurrence of a single-step exception. The single-step trap is the highest-priority debug exception; therefore, when BS is set, any of the other debug status bits may also be set. The BD bit is set if the next instruction will read or write one of the eight debug registers and ICE386 (In Circuit Emulator – 386) is also using the debug registers at the same time. Note that the bits of DR6 are never cleared by the processor. To avoid any confusion in identifying the next debug exception, the debug handler should move zeros to DR6 immediately before returning.

34



MSBTE Questions on this chapter Summer 2015 1. a) Attempt any THREE of the following : 12 (i) Describe the functions of the following pins of 80386. 1)

-

2) M/ 3) 4) b) Attempt any ONE of the following : 6 (i) Draw the neat labelled architecture of 80386. 2. Attempt any FOUR of the following : 16 a) State the functions of Test and debug register of 80386 with the neat diagram. 3. Attempt any FOUR of the following : 16 a) Draw the MSW of 80386 and describe the function of each bit. e) How many control registers are present in 80386. State the function of each. 4. a) Attempt any THREE of the following : 12 (i) Describe the real addressing mode of 80386 with neat diagram. b) Attempt any ONE of the following : 6 (i) Describe the virtual 8086 mode in 386 with neat sketch of memory mapping. 5. Attempt any FOUR of the following : 16 a) List the system address register 80386 and state their one function each. 6. Attempt any FOUR of the following : 16 a) What do you meant by paging. State the two advantages of paging. b) Draw and describe the segment descriptor cache register of 80386.

Winter 2015 1. a) Attempt any THREE of the following: 12 (i) With the neat diagram describe how physical address is generated in protected mode in 80386 microprocessor. b) Attempt any ONE of the following: 6 35



(i) Describe the fields in control registers in 80386 microprocessor with the help of neat diagram. 2. Attempt any TWO of the following: 16 a) With the help of neat diagram describe the functions of internal blocks of Pentium System Architecture. c) Draw the format of flag register of Intel 80386 microprocessor and describe any four salient flags of 80386 microprocessor. 3. Attempt any FOUR of the following: 16 d) With the neat diagram, describe the selector fields in 80386 microprocessor. 4. a) Attempt any THREE of the following: 12 b) Attempt any ONE of the following: 6 (i) List any three specific processor extension interface signals of 80386. Also describe the functions of these signals. 5. Attempt any TWO of the following: 16 b) With the neat diagram, describe the use of debug registers in 80386 microprocessor. 6. Attempt any FOUR of the following: 16 a) Compare real mode and protected mode of 80386 (any four points).

Summer 2016 1. Attempt any FIVE of the following: 20 a) List any eight features of 80386 processor. b) Distinguish between LDTR and GDTR (4 points) 2. Attempt any TWO of the following: 16 a) Describe paging mechanism with suitable diagram in 80386 processor, with TLB. 3. Attempt any FOUR of the following: 16 a) Draw and explain the format of CR0 register of 80386. 4. Attempt any TWO of the following: 16 a) Draw the architecture of 80386 and explain any two units in detail. 5. Attempt any FOUR of the following: 16 a) Describe the segment descriptor cache registers with suitable diagram, in 80386 microprocessor. 36



6. Attempt any TWO of the following: 16 a) Describe the function of following pins of 80386 processor. (i) (ii) PEREQ (iii) (iv) b) Describe address generation in PVAM mode of 80386 with suitable diagram.

Winter 2016 1. Answer any FIVE of the following: 20 a) State the salient features of 80386. b) Distinguish between LDTR and GDTR. 2. Attempt any FOUR of the following: 16 b) Describe debug and test registers of 80386 microprocessor. 3. Attempt any TWO of the following: 16 a) Illustrate with diagram the concept of virtual 8086 environment memory management. b) Explain with the help of neat diagram the memory organization of 80386. 4. Attempt any FOUR of the following: 16 c) Describe enabling and disabling of paging in 80386. 5. Attempt any FOUR of the following: 16 a) State the functions of the following pins of 80386 mp (microprocessor) (i)

-

(ii) (iii) D/ (iv) b) List any four differences between real addressing mode and protected virtual (PVAM) addressing mode of 80286. 6. Attempt any TWO of the following: 16 c) Draw and explain the internal architecture of 80386.

37

1-32-Bit Microprocessor - Intel 80386

Recommend Documents