Intel X86 Series CPU addressing mode

Intel X86 Series CPU addressing mode

1 of the history of the first microprocessor chip 4004 is made by Intel. The so-called X86 series, refers to the inte from the 16-bit microprocessor 8086 began the entire CPU chip series. In the X86 series 8086 and 8088 are 16-bit processors, and starting with 80386 are 32-bit processors.
2 When we say that a CPU is a 16-bit or 32-bit, it refers to the width of the Alu in the "Arithmetic logic unit" in the processor.
The data-line portion of the system bus, called a bus, usually has the same width as the Alu. Intel uses the CPU8086 in its 16-bit
1M byte address space, the width of the address bus select、read is determined accordingly, that is 20 bits. In this way, a problem in the presence of Intel's designers: Although the width of the address bus select、read is 20 bits, but the CPU in the width of the ALU is only 16 digits, that is, the direct operation of the pointer length is 16 bits, that is, the direct operation of the pointer length is 16 bits. How to fill this void.
Intel uses a segmented approach.
Intel has four "segment registers" in 8086CPU: CS, DS, SS, and ES, for executable code (instructions), data, stacks, and others. Each segment register is 16 bits, corresponding to the height of 16 bits in the address bus select、read. The "internal address" in each "access memory" instruction is 16-bit, but is automatically added to the contents of a segment register within the CPU before address bus select、read is sent to form a 20-bit actual address. This enables the conversion from a 16-bit to a 20-bit actual address, or "mapping". Because this memory addressing method lacks the inclusion of memory space, it is called a "real address mode" in order to distinguish it from the "protected mode" that appears later.
For 8086 of this flaw, Intel implemented its "protection mode" from 80286.
From 8088/8086 to 80386, a leap from a relatively primitive 16-bit CPU to a modern 32-bit CPU has been completed, while 80286 has become an intermediate step in this leap. Since 80386, Intel's CPU after 80486, Penitium, Pentiumii, and so on, although the speed of the increase in several levels, the function is not a small improvement, but basically belong to the same system structure in the improvement and strengthening, and no significant qualitative changes, So collectively known as the i386 structure.
3 When an access memory instruction emits a memory address, the CPU can then generalize the address that should actually be placed on the data bus:
(1) According to the nature of the instructions to determine which segment registers should be used, such as the address in the transfer instruction in the code snippet, and the number of orders in the address in the data section. This is the same as the real address pattern.
(2) According to the contents of the paragraph register, find the corresponding "Address section description structure."
(3) The base address is obtained from the description structure of the address segment.
(4) The address issued in the instruction as a displacement, compared to the length specified in the paragraph description structure, to see if it crosses the line.
(5) According to the nature of the instruction and the access rights in the paragraph descriptor to determine whether to exceed the authority.
(6) The address issued in the instruction as a displacement, with the base address added to the actual physical address.
The actual implementation of the 4 80386 segment memory management mechanism:
First, two additional registers are added to the 80386CPU: one is the global Segment Description table register GDTR, the other is the local Segment Description table register LDTR, which can be used to point to an array of description structures stored in memory, or a segment description table. Since these two registers are newly added and there is no question of compatibility with the original instructions, the special instructions for accessing the two registers are designed as "privileged commands".

On this basis, the high 13-bit (low 3-bit) of the segment register is used as the subscript (index) of the specific description structure in the Access Segment Description table as shown in the following illustration:

The Segment Description table pointer in GDTR or LDTR is combined with the subscript given in the segment register, to determine where the specific paragraph description of the table entry in memory, it can also be understood that the segment register content of the low 3-bit after shielding with the GDTR or LDTR base address added to the description of the beginning of the table entry. (in the entire system, the Global descriptor Table GDT only one (one processor corresponds to a GDT), GDT can be placed anywhere in memory, but the CPU must know the GDT entrance, which is where the base address is placed, The Intel Designer door provides a register GDTR to hold the GDT entry address, the programmer will GDT set in the memory of a location, you can through the LGDT instructions to the GDT import address into this register, since then, The CPU accesses the GDT based on the contents of this register as a GDT entry. The GDTR store is the base address of the GDT in memory and its table length boundaries. ）

5 Paragraph Description Chart item

The size of each descriptor table item is 8 bytes, each of which contains the base address of the segment and the size of the segment, along with some other information, which is structured as follows:

Where B31~b24 and B23~b16 are the base addresses of bit16~bit23 and Bit24~bit31 respectively, and L19~l16 and l15~l0 are the limit and bit16~bit19 of the section length (bit0~). bit15. Where DPL is a 2-bit bit segment, and type is a 4-bit segment. The entire byte in which they reside is decomposed as follows:

Why the base site of 8-bit and low 24-bit are not linked together.

The most natural and reasonable explanation is that at the outset Intel was intent on 24-bit address space, which was later changed to 32-bit address space. This can also be verified from the segment length field, which is also split into two sections: when the G-sign bit is 1 o'clock, the length of the unit is 4KB, and the 16-bit capacity of the segment length field is 64K, so the maximum possible length of a segment is 64K X 4K =256m, which is the size of the 24-bit address space. So, as you can see, Intel initially wanted to use the 24-bit address space, and soon realized that it should be 32, but 80286 was already on sale, so we had to tinker with it.

6 whenever the content of a segment register changes (through the MOV, pop, etc.), the CPU will take the new contents of this register to determine the segment description of the CPU inside a "shadow" descriptor. In this way, several segment registers in the CPU have several shadow descriptors, so it can also be seen as an extension of the segment registers. The expanded segment registers are divided into two parts, one visible (for the program), the same as the original segment registers, the other is invisible, and the space used to store shadow descriptors, which is used exclusively for internal use by the CPU.

7 on the basis of the 80386-segment memory management, if you point each segment register to the same descriptor, and in that descriptor the base address is set to 0, and the length of the segment is set to the maximum, thus forming an entire segment that covers the entire 32-bit address space starting at 0. Since the base address is 0, the physical address at this time is the same as the logical address, and the address that the CPU puts on the bus is the address given in the instruction. Such an address is different from a hierarchical address made up of "segment registers/displacements", so Intel becomes a planar (Flat) address. The Linux kernel source code uses the flat address.

8 80386-segment Virtual Storage Management

When the contents of a segment register change, the CPU will find the corresponding segment descriptor and load it into the CPU according to the contents of the new segment register and the contents of the GDTR or LDTR. In this process, the CPU examines the P flag bit in the descriptor, and if p bit 0 indicates that the section to which the descriptor is pointing is not in memory (that is, somewhere on the disk), the CPU produces an exception at this time, The corresponding service program can then read the contents of this paragraph from the disk swap area into memory somewhere and set the base address in the descriptor accordingly, and then set the P flag to 1. Accordingly, storage segments that are temporarily unused in memory can be written to disk, and the P flag bit in its descriptor is changed to 0.

Support for segment memory management is only one component of the i386 protection model. If there is no separation of system State and user state, as well as the establishment of privileged instruction (only allowed in System state), there is no protection effect even with the aforementioned segment memory management. For example, instructions for loading and storing GDTR and LDTR Lgdt/lldt and Sgdt/sldt are privileged directives. It is precisely because these instructions are used only in the system state (that is, in the operating system kernel) that the user program not only can not change the content of GDTR and LDTR, but also because it is impossible to know the location of the Segment Description table in memory and to access the space of its segment descriptor. Thus, the protection mechanism of the system cannot be broken by modifying the segment descriptor.

80386 does not divide the system state and user state in the same way as normal CPUs do, but instead divides it into four privileged levels, of which 0 is the highest and 3 is the lowest. Each instruction also has its application level, such as the Lgdt mentioned above, only in the state of level 0 can be used. Typically, the user's application is level 3. The current run level of a general program is determined by the local Descriptor DPL field of its code snippet. Of course, the DPL fields in each descriptor are set by the kernel at level 0. The DPL field, which is described by the global segment, is different and represents the desired level.