Real mode, protection mode, and virtual 8086 Mode

Source: Internet
Author: User
Tags types of tables

When I learned about embedded systems, I thought about the startup process of the system on the development board. I thought about the Startup Process of the Windows system. When I looked for information about the startup process, I said that the Boot Sector is running in the real mode, then ntldr was running in the protection mode and suddenly found that I forgot about the two modes, so I found some information.

 

The 80386 processor has three working modes: real mode, protection mode, and virtual 86 mode. The real mode and virtual 86 mode are set to be compatible with the 8086 processor. In real mode
The 80386 processor is equivalent to a fast 8086 processor. The protection mode is the main operating mode for 80386 processors. In this mode, 80386 can be addressable 4
The protection mode provides 80386 advanced multi-task, memory paging management, priority protection, and other mechanisms. In order to continue providing and 8086 Processor
Capacity, 80386 has also designed a virtual 86 mode, so that under the multi-task protection mode, some tasks run 32-bit programs, and some tasks run MS-DOS programs. In v86 Mode
It also supports task switching, memory paging management, and priority, but the memory addressing method is the same as that of 8086, which can also address 1 MB of space.

Therefore
See. The three operating modes of the 80386 processor have their own characteristics and are interrelated. The real mode is the basis for the 80386 processor operation. In this case, 80386 works as a fast 8086 processor. In the real model
You can switch to the protection mode through commands, or you can return from the protection mode to the actual mode. V86 mode is based on the protection mode. You can switch between the protection mode and v86 mode, but not from
The real mode directly enters the virtual 86 mode or directly exits from the virtual 86 mode to the real mode.

1. Real Mode

80386 when the processor is reset or powered on
Start in real mode. At this time, each register in the processor operates in the initialization value of the real mode. The memory addressing mode of the 80386 processor in the real mode is the same as that of the 8086 processor, multiplied by the content of the segment register
16 is used as the base address, and the offset address in the segment is added to form the final physical address. At this time, its 32-bit address line only uses 20 low bits. In real mode, the 80386 processor cannot manage the memory by page.
Therefore, the address of instruction addressing is the actual physical address in the memory. In real mode, all segments can be read, written, and executed.

In real mode, priority 80386 is not supported.
Some commands work at the privileged level (Priority 0), so they can execute all privileged commands, including the read/write control register Cr0. In fact, 80386 is to control sending through initialization in real mode.
Memory, GDTR, ldtr, idtr, TR, and other management registers and page tables, and then load Cr0 to enable the protection mode to enable the location and enter the protection mode. Hardware is not supported in real mode.
.

In real mode, the interrupt processing method is the same as that of the 8086 processor, and the interrupt vector table is used to locate the interrupt service program address. The structure of the interrupt vector table is also the same as that of the 8086 processor. Each 4 bytes form an interrupt vector, which includes two bytes of segment address and two bytes of offset address.

Slave
From the programming point of view, in addition to accessing some new registers of 80386, what progress does the real-mode 80386 processor and 8086 have? In fact, the biggest benefit is that 80386 of 32
Bit registers. Programming with 32-bit registers can make the computing program simpler and faster. For example, in the 8086 era, when 16-bit registers are used to complete 32-bit multiplication and division
There were too many questions during the exam, so these questions became teachers' favorites. At that time, when students dream about making the number of registers grow fast, the dream has finally come true, use 32-bit register 1
Command (the problem is that the teachers also discovered this opportunistic method. In order to achieve the goal of providing a solid foundation for the students, they also changed the question to a 64-bit multiplication and division, so now I have a dream change at night.
Register is suddenly extended to 64-bit). Secondly, the two auxiliary segment registers FS and GS added in 80386 can also be used in real mode, at the same time, the number of accessible segments reaches 6 without consideration.
Finally, many new commands of 80386 simplify some previously inconvenient operations. For example, in 80386, you can use the following commands to access Arrays:

MoV CX, [eax + EBX * 2 + array base address]

This
Put the items marked as eax and EBX in the array into CX; EBX *
2 In 2 can be 1, 2, 4, or 8, so that 8-bit to 64-bit arrays are supported. In the 8086 processor, one multiplication and two addition are required to implement the same function. In addition, pushad
The popad command and the popad command can push the values of all eight general-purpose registers into or pop up from the stack at a time, which is much faster than using the following command to import eight registers into the stack:

Push eax

Push EBX

...

Pop EBX

Pop eax

Of course, programs that use these new commands cannot get back to The 8086 processor for execution, because the encoding of these commands is undefined on the 8086 processor.

2. Protection Mode

When
80386 when working in protection mode, all its functions are available. At this time, 80386 all 32 address lines are available for addressing, and the physical addressing space is as high as 4
GB. In the protected mode, it supports the memory paging mechanism and provides good support for virtual memory. Although with 8086 addressable 1
Compared with MB physical address space, 80386 addressable physical address space is very large, but the actual microcomputer system cannot install such a large physical memory. Therefore, in order to run large programs and truly implement multiple tasks
Virtual Memory is a required technology.

In protection mode, 80386 supports multiple tasks. You can switch tasks in only one command by using hardware. The task environment is protected
Automatically completed by the processor. In protection mode, the 80386 processor also supports priority mechanisms, and different programs can run on different priorities. Priority: 0 ~ 3
Four levels, the operating system runs at the highest priority 0, and the application runs at a relatively low level, data can be securely shared between tasks and can be well isolated.
Each task. Switching from the real mode to the protection mode is achieved by modifying the control PE (bit 0) of the control register Cr0. Before that, you need to create some data tables necessary for the protection mode, such as global descriptors.
Table gdt and Interrupt Descriptor Table IDT.

The DOS operating system runs in real mode, while the Windows operating system runs in protection mode.

3. Virtual 86 mode

Virtual
The proposed 86 mode is set to execute the 8086 program in the protection mode. Although the 80386 processor has provided the real mode to be compatible with the 8086 program, the 8086 program actually only runs
Faster, the CPU resources are exclusive. When running these programs in a multi-task environment in the protection mode, many of these commands are incompatible with the protection mode environment, such as segment addressing, interrupt handling, and
I/O operation privileges. It is costly to discard these programs to work in protection mode. Imagine if a Windows or 80386 processor is declared as unavailable
Before the MS-DOS program, it is equal to give up a huge software library, windows and 80386 processor may end up like the apple, this is Microsoft
And intel do not want to see. Therefore, the 80386 processor has designed a virtual 86 mode.

The virtual 86 mode is executed in the protection mode in the form of a task.
80386 supports tasks composed of multiple real 80386 tasks and virtual 86 mode at the same time. In v86 mode, 80386 supports Task Switching and memory paging. In Windows
In the operating system, some programs are specifically used to manage tasks in the virtual 86 mode, called virtual 86 management programs.

Since the virtual 86 mode is based on the protection mode, it works in a real way.
It is a mix of real and protection modes. To be compatible with the addressing method of the 8086 program, the virtual 86 mode adopts the same addressing mode as the 8086 mode, that is, the segment register is multiplied by 16 as the base address and then combined with the offset.
The address is a linear address with a addressing space of 1 MB. However, obviously, multiple virtual 86 tasks cannot use the same location 1 at the same time.
MB address space. Otherwise, a conflict may occur. The operating system uses the paging mechanism to map the address space of different virtual 86 tasks to different physical addresses, so that each virtual 86 task seems to be
Use 0 ~ 1 MB address space.

8086 a considerable number of commands in the Code belong to privileged commands in protection mode, such as the CLI that shields the interruption and the iret that blocks the return command of the interruption.
. These commands are valid in the 8086 program. If these commands are not executed, code 8086 cannot work. To solve this problem, the virtual 86 management program uses a simulated method to complete these
. These privileged commands cause protection exceptions during execution. The virtual 86 hypervisor checks the abnormal commands in the exception handling program. If it is an interrupt command, it will be taken from the interrupt vector table of the virtual 86 task.
The entry address of the interrupt handler and transfer the control to the past. If it is an OS-threatening command, such as CLI, it is simply ignored, directly return to the next
. Through these measures, the 8086 program can run normally and cannot be noticed by the virtual 86 management program when executing these commands. MS-DOS application in
This works in windows.

--------------------------------------------------

What is protection mode?
Since the launch of the first microprocessor in 1969, Intel processors have been constantly updated, from 8086, 8088, 80286
80386, 80486, Pentium, Pentium II, Pentium 4, etc. The architecture is constantly changing. Later than 80386, some new functions were provided to make up for some defects of 8086. This includes
Memory protection, multi-tasking, and memory usage of more than 8086 kb, and still maintain compatibility with the family. That is to say, 80386 still has all the functions of 8086 and 80286,
The function has been greatly enhanced. In the early stages, the processor was working in the real mode. After 80286, the protection mode was introduced, and after 80386, the protection mode was greatly improved. In
80386, the protection mode provides better protection for programmers and more memory. In fact, the purpose of the protection mode is not to protect the program, but to protect all programs other than the program (including operations
System ).
In short, the protection mode is the most natural mode of the processor. In this mode, all the instructions of the processor and all the features of the architecture are available and can achieve the highest performance.
Protection mode and real mode
Slave
On the surface, there is no big difference between the protection mode and the actual mode. Both use the memory segment, interrupt, and device driver to process hardware, but there are many differences between the two. We know that memory is divided
Segment, the size of each segment is 64 KB, and such segment address can be expressed in 16 bits. Memory segments are processed through an internal mechanism associated with the segments register. These segments register (CS, DS,
SS and ES) content forms part of the physical address. Specifically, the final physical address consists of a 16-bit segment address and a 16-bit intra-segment offset address. Expressed:
Physical address = four shifts left segment address + offset address.
In
In protection mode, segments are defined through a series of tables called "descriptor tables. Segment registers store pointers to these tables. Two types of tables are used to define memory segments: Global Descriptor Table (gdt) and
Local Descriptor Table (LDT ). Gdt is a segment descriptor array that contains the basic descriptors that can be used by all applications. In real mode, the segment length is fixed (64 KB), while in the protection mode
In the formula, the segment length is variable, and the maximum length is 4 GB. LDT is also an array of segment descriptors. Unlike gdt, LDT is a segment, which stores partial segment descriptors that do not require global sharing.
Each operating system must define a gdt, and each running task has a corresponding LDT. The length of each descriptor is 8 bytes in the format of 3. When the segment register is loaded
The base address is obtained from the corresponding table entry. The descriptor content is stored in an image register invisible to the programmer (shadow
In register), so that the information can be used in the same segment next time instead of being extracted from the table every time. The physical address consists of a 16-bit or 32-bit offset plus the base address in the image register. Solid Mode
The difference between the pattern and the protection pattern can be clearly seen in Figure 1 and figure 2.
In addition, there is an Interrupt Descriptor Table (IDT ). These interrupt Descriptors will tell the processor where to find the interrupt handler. Like the actual mode, each interrupt has an entry, but the format of these entries is completely different. Because IDT is not used in the process of switching to the protection mode, we will not discuss it here.
Enter protection mode
80386
There are four 32-bit control registers named Cr0, CR1, CR2, and C3. CR1 is reserved for use in future processors and is not defined in 80386. Cr0 inclusion system control
Identifier, used to control the operation mode and status of the processor. Cr2 AND Cr 3 are used to control the paging mechanism. Here, we are concerned with the pe-bit control of the Cr0 register, which is used between the real mode and the protection mode.
. When Pe = 1, it indicates that the processor is running in the protection mode, and the segment mechanism is corresponding to the content described above. If PE = 0, the processor will work in the real mode.
To switch to the protection mode, the PE location is actually 1. To switch the system to the protection mode, you need to do other things. The program must initialize the system's segment registers and control registers. Run the jump command after the PE position is 1. The process is described as follows:
1. Create a gdt table;
2. Set the PE bit to 1 to enter the protection mode;
3. Execute the redirection to clear any commands read in real mode.
In real mode, the address accessed by the CPU command is the physical address, in the form of segment register: Offset
In protection mode, the CPU can use the segmentation and paging mechanisms.
The address used in the segmentation mechanism is the logical address, in the form of: Segment Selection Sub-: Offset
The address used in the paging mechanism is a linear address in the form of 0 XXXXXXXXX
Both logical and linear addresses are mapped to physical addresses by the CPU.
The multipart mechanism must be used in protection mode. On this basis, the paging mechanism can be used.
The logical address is converted to a linear address. If the paging mechanism is used, the linear address is mapped to a physical address through the paging mechanism. If the paging mechanism is not used, the linear address is the physical address.
Physical addresses in real mode can only access less than 1 MB of space, while physical addresses in protected mode can access all 32-bit space. Note that the physical memory space is only a part of the physical address space.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.