This article is written simply because the learning protection model requires this knowledge. Readers can take a look at the content and find out when necessary, there is no need to resist the difficulty. I have to read this article carefully and remember the definitions of each bit in each register. However, if you want to write more articles in the future, remember to come back and check the relevant content.
80386 a total of 7 types of 32-bit registers are provided, as shown below:
- General registers (eax, EBX, ECx, EDX, ESP, EBP, ESI, EDI)
- Segment registers (CS, SS, DS, es, FS, GS)
- Instruction Pointer registers and flag registers (EIP, eflags)
- System Table registers (GDTR, idtr, ldtr, TR)
- Control registers (Cr0, CR1, CR2, Cr 3, and Cr4)
- Debugging registers (dr0, DR1, DR2, dr3, DR4, DR5, dr6, and dr7)
- Test register (tr6, tr7)
Among them, the last three registers are available only for CPUs after 80386, and the previous CPUs are completely unavailable.
Is the rough description of the first four types of registers:
This article only gives a general introduction to these registers, some of which are special and meaningful.
I. General registers
A group of eight General registers is a 32-bit extension of the 8086/80286 General Register. Its usage is similar to that in 8086/80286 and supports 8-bit, 16-bit, and 32-bit operations, for 32-bit operations, the register name is preceded by "E ".
The eight registers are named as follows: eax (accumulators), EBX (base address), ECx (count), EDX (data), ESP (Stack pointer), EBP (base address pointer), ESI (source address change), EDI (target address change ).
Ii. segment register
80386 adds two segments of registers FS and Gs to 8086/80286.
In addition to CS and SS, programmers can use all other segment registers to support data segments.
Each segment register corresponds to this 64-bit high-speed cache (in some documents, there are 96 bits, but the value uses 64 bits ), this is not found in 8086 (48 digits in 80286). The specific function of this function is described in another article.
Iii. Instruction Pointer registers and flag registers
The instruction register EIP is a 32-bit extension of the 8086/80286 instruction pointer register. It contains the 32-bit offset of the instruction to be executed. This value is always relative to the segment base address represented by CS.
The flag register is also a 32-bit extension of the 8086/80286 flag register, which is defined as follows (this figure is taken from Intel's latest documentation on the ia32 architecture ):
Among them, of, DF, if, TF, SF, ZF, AF, PF, and CF already exist in 8086. Please refer to relevant materials.
Iopl (I/O privilege level) appears from 80286. Two bits indicate the I/O privilege level. If the current privilege level is less than or equal to iopl, you can perform the I/O operation. Otherwise, a protective exception occurs. Iopl can only be modified by programs or tasks with a privilege level of 0.
NT (nested task) also appears from 80286, indicating a nested task, used to control the iret of the interrupt return command. When Nt = 0, use the values saved in the stack to restore eflags, Cs, and EIP, so as to achieve the return; If Nt = 1, the return is interrupted through task switching.
The following flags are only available for CPUs after 80386.
VM (Virtual-8086 mode) indicates virtual 8086 mode. If the VM is set and 80386 is out of protection mode, the CPU is switched to virtual 8086 mode, any operation on the segment is back to the real mode, just as running in 8086.
RF (resume
Flag) indicates the recovery flag (also called the restart flag), which is used together with the debug register for breakpoint and single-step operations. When Rf = 1
Any debugging faults of the next command will be ignored without any exception or interruption. When Rf = 0, the debugging fault is accepted and an exception is interrupted. Used to force the program to resume execution after debugging fails.
RF is automatically reset after each command.
AC (alignment
Check) indicates the alignment check. This sign is available only for CPUs after 80486. When AC = 1 and am = 1 in Cr0, allow the memory to perform address alignment check.
Yes, there will be abnormal interruptions. The so-called address alignment means that when a word is accessed (2 bytes long), its address must be an even number (a multiple of 2). When the two words are accessed (4 bytes long, the address must be a multiple of 4.
However, the address alignment check is executed only for programs running in privileged level 3. The flag is ignored for privileged level 0, 1, and 2.
VIF (virtual interrupt flag) indicates the virtual interrupt flag. The following three marks are available for CPUs after Pentium. When VIF is set to 1, virtual interrupt can be used. When VIF is set to 0, virtual interrupt cannot be used. This sign should be used with the following VIP and the VME in Cr4.
Virtual interrupt pending flag indicates the virtual interrupt suspension flag. If VIP is 1, VIF is valid. If VIP is 0, VIF is invalid.
ID (identification flag) indicates the identification mark. This flag is used only to determine whether the Pentium CPU supports the cpuid command.
In fact, if you do not write an operating system, most of the logos may be rarely used once. It is good to have an impression, and it is not too late to check them again.
Iv. System Table register
80386
There are four system table registers, including Global Descriptor Table register (GDTR), Interrupt Descriptor Table register (idtr), Local Descriptor Table register (ldtr), and task Status Register.
(TR ). The system table register is used to manage four system tables in the protection mode. It is also called the protection mode register because it can only be used in the protection mode. This article introduces the description of the appendix.
V. Control registers
There are four control registers of 80386, CR1 is retained for later use, and a CR4 is added starting from Pentium. The low 16 bits of Cr0 contain the same as the MSW of 80286.
It maintains compatibility with 80286 and is also compatible with the two commands lmsw/smsw starting from 80286. The basic definition is as follows:
The meanings of Cr0 are as follows:
:
- PE (Protection enable) protection mode is allowed. Pe = 0 indicates that the CPU is working in the real mode, and PE = 1 indicates that the CPU is working in the protection mode.
- MP (Monitor coprocessor) monitors the coprocessor. MP = 1 indicates that the coprocessor is working, and MP = 0 indicates that the coprocessor is not working.
- EM (emulation) co-processor simulation, when MP = 0, Em = 1, indicates that the software simulation co-processor is working.
- TS (Task switched) task conversion. Every time a task is converted, TS = 1. The task conversion is complete. Ts = 0. When Ts = 1, the coprocessor is not allowed to work.
The preceding four definItions start from 80286. The following two definitions start from 80386.
- The extended type of the ET (extension type) processor reflects the type of the extended coprocessor. ET = 0 is 80287, and ET = 1 is 80387.
- The Page Management Mechanism of PG (paging) is enabled. When PG is set to 1, the page management mechanism works, otherwise it does not work.
The following bit definitions have been added since 80486.
- Ne (numeric error) value: exception interrupt control. When Ne = 1, if a fault occurs when the coprocessor command is run, the exception interrupt is used. When Ne = 0, the external interrupt is used.
- WP (write protect) Write protection. When Wp = 1, write operations on read-only pages will cause page faults.
- Am (alignment mask) alignment flag. If am = 1, alignment check is allowed. If am = 0, alignment check is not allowed. About alignment, this is introduced in the AC flag of eflags, in CPUs after 80486, the CPU alignment check must meet three conditions: Ac = 1, am = 1, and the current privileged level is 3.
- NW (not
Write-through) and Cd (Cache
Disable), both of which are used to control the internal cache of the CPU. When nw = 0 and Cd = 0, the cache is enabled. Other combinations are more complicated.
For more information, see intel? "Software developer's in 64 and IA-32 ubuntures
Manual Volume 3A "is a detailed description of the combinations of the two marks in Chapter 10th.
CR1 is retained; Cr2 stores the linear address that causes page faults. Cr2 is valid only when PG = 1. When the page fault handling program is activated, the error code in the press-in page fault handling program stack provides page fault status information.
The base address of the page Directory is stored in bit12-bit31, because the directory is always page-aligned (4 K for one page), so the base address of the page Directory can start from bit12. Only when PG = 1 in Cr0 is used, the base address of the page Directory in Cr0 is valid.
Starting from 80486, two control bits are defined in the lower 12 bits of, as shown below:
:
- Page cache disable (page-level cache disable) the page cache is forbidden. When the page Directory table is set to 0, the page Directory table is cached at high speed. When the page Directory table is set to 1, the page Directory table is not cached at high speed; this bit controls the operation of the outside cache on the PCD pin.
- PWT (page-
Level writes
Transparent), cache writes are divided into write-through (write-back) and write-back (write-back), more than 80486 of the internal CPU
The cache is completely writable, but for external cache, some pages are allowed to be written back, while others are completely written. When PWT = 1, the external cache transparently writes the page Directory; otherwise, it returns
Write; this bit drives the PWT pin to control whether the external cache is write-through or write-back.
CR4 occurs from Pentium CPU.
.
- VME (Virtual-8086 mode extensions) virtual 8086 mode extension. VME = 1 allows virtual 8086 extension mode; otherwise, only 80386/80486 virtual 8086 mode can be used.
- PVI (protected-mode virtual interrupts) protects virtual interrupts. When PVI is set to 1, the virtual interrupt mark VIF (in eflags) is supported in protection mode ), if PVI is set to 0, virtual interrupt flag is not supported.
- The TSD (Time Stamp disable) time stamp is forbidden. when TSD is set to 1, the rdtsc command (read timestamp count command) can be executed in a program with a privilege level of 0. when TSD is set to 0, allows any privileged level to execute rdtsc commands.
- De (debugging extensions) debugging extension,
- PSE (page size extensions) page size extension. When PSE is set to 1, the page size can be expanded to 2 m or 4 M. When PSE is set to 0, the page size can only be 4 K.
- Physical address extension of PAE (physical address extension). When PAE is set to 1, the physical address of the page can be expanded to over 36 bits. When PAE is set to 0, only the physical address of 32bits can be used.
- MCE (machine-check enable) hardware check enable. CPU after Pentium has a hardware detection function, which is allowed when MCE = 1.
- When PGE is set to 1, global pages are allowed. When PGE is set to 0, global pages are disabled.
- PCE (performance-monitoring counter enable) Performance monitoring counter enabling. When PCE = 1, The rdpmc command can be executed under any protection level. When PCE = 0, only programs with a privilege level of 0 can execute the rdpmc command.
- Osfxsr (operating system support for fxsave and fxrstor instructions ctions)
- Osxmmexcpt (operating system support for unmasked SIMD floating-point exceptions)
- Vmxe (vmx-enable bit) vmx enable bit. When vmxe is set to 1, the vmx operation is allowed.
- Smxe (smx-enable bit) smx enable bit. If smxe is set to 1, smx is allowed.
- Osxsave (xsave and processor extended states-enable bit)
6. debugging registers
There are a total of 8 debug register DR0--DR7, The DR0-DR3 can be respectively set 4 breakpoint linear address, the DR4-DR5 retains unused, dr6 is the breakpoint Status Register, dr7 is the breakpoint control register (including the breakpoint type, breakpoint length, and breakpoint opening/disabling)
VII. Test registers
A total of 8 test register TR0--TR7, TR0-TR2 reserved, TR3-TR5 for cache testing, tr6 for command test register, tr7 for test data register.