Transcript read mov

iAPX Systems
Electronic Computers M
1
iAPX History
We analyze 32 bit systems: generalization to 64 bits is straigtforward
Segment Registers (16 bits)
Code Segment
Stack Segment
Data Segment
Extra Ssegment
FS
Data
segments
GS
In iAPX systems all (physical) addresses are relative that is they are
indicated as offset from a base (a segment register). A consistent
piece of software (i.e. a subroutine, an operating system service etc.)
is called a segment and contains only relative addresses referred to a
common base This means that relocation in a non paged system is
very easy (only the base must be changed)
This wouldn’t be so important in a paged system but it is the base
for the protection (see later) because it acts on segments
2
iAPx Registers (32 bits)
31
0
IP
31
0
FLAGS
EF
Accumulators
31
15 8 7
0
AH AX AL EAX
BH BX BL
EBX
CH CX CL
ECX
DH DX DL
EDX
SI
ESI
DI
EDI
BP
EBP
SP
ESP
 In the new 64 bit systems more registers (R8, R9…R16) are
present
 Floating Point registers (8 x 80 bit stack).
3
Segments
•
The segmentation is a memory management scheme which reflects
the programmer’s point of view
•
A program is a segments collection: main program, procedures,
functions, objects, local and global variables, stack etc. that is
modules with consistent information to be stored in memory in
general in non consecutive addresses (at module level)
•
The segmentation allows the relocation and the sharing of data
•
Fragmentation is a possible drawback (external, not that of paging)
for instance if paging not implemented or disabled
•
Automatic segment association. Instructions=>CS, Stack=>SS,
Data=>DS. Other associations are possible making it explicit in the
instruction. BP automatically associated with SS (if no other
indication in the instruction
mov ax, 40
; copy word at address of DSmod16+40 to ax
mov ax, ES:40 ; copy word at address of ESmod16+40 to ax
push ax
; push ax into the slot indicated by SP+SSmod16
mov al, 40
; copy byte at address of DSmod16+40 to al
Mod16 – see later
It must be noted that although the same instruction code at the assembly
language is used (mov) compilers and assemblers translate this code
into different machine laguage codes according to the destination
register (ax, ah, al, eax etc.)
5
Segments
FFFFFFFFF
Data
Segment(s)
DS (ES, FS,GS)
X+2
X
X-2
Stack
Segment
Pop
Push
SP (offset)
BP (offset)
Word (16 bit)
oriented stack
SS
Stack Segment
base address
•The stack grows normally downwards
•The BP is mainly used to address the stack segment as a
memory data segment
Code
Segment
IP (offset)
CS
000000000
6
FLAGS (partial list)
8
10
9
11
7
6
TF
DF
IF
OF
SF
ZF
Sign
Overflow
Zero
Int. en.
Direction
Trap
4
2
0
AF
PF
CF
Carry
Parity
Aux. carry
7
Address construction
SEGMENT
BASE
(0)
CS/DS/ES/FS/GS/SS
(Mod16)
BP/BX
INDEX
SI/DI
OFFSET
S + [(B + I + O)]
10
Address construction
OPCODE
DIRECT
OPCODE
DISPL
MOD
EFFECT. ADDR.
MOD
DISPL
BASED
BX/BP
EFFECT. ADDR.
OPCODE
INDEXED
MOD
DISPL
SI/DI
EFFECT. ADDR.
11
Address construction
OPCODE
BASED
INDEXED
MOD
DISPL
SI/DI
BX/BP
EFFECT. ADDR.
OPCODE
INDIRECT
MOD
BX/BP/SI/DI
EFFECT. ADDR.
13
iAPx Segmentation
(32+ bit Systems)
• Protection and segment access control to check the
access rights and the address correctness
• Multiple “environments”: each one must be separated and
protected from the others (multiple concurrent usersprocesses)
• Operating systems support
8086
Address
Memory
iAPx86
Address
Control
Memory
15
Rivisited segmentation
•
If a system access control must implemented a control mechanism is
required
•
This is achieved by means of a segment table which for each
segment indicates the initial address, the size, its characteristics
(valid/invalid, read/write, user/supervisor etc.) pointed by a
segment table register. A further register storing the register table
size is used for protection (Segment Table Length Register): a
segment number k is valid if and only if k<STLR. Each entry is a
segment descriptor
16
Segment descriptors
• Each segment is an «object» which is described by a
segment descriptor which defines:
 The initial address in the address space
 The segment length
 The access rights (read, write, execute etc.)
 The privilege level (security level) which a program
must exibit to access the segment (see later)
 Whether it is a data or code segment or other types of
segments
 The presence in the main memory (significant when
the system is not paged)
 Whether an access to the segment was made (not
whether it was written – dirty segment)
17
Segment descriptor
31
24
Base 31:24
19 16
G
D A
0
B V
Limit
19-16
14 13
P
P
L
S
Base 15:00
11
8 7
Type
0
Base
23:16
Limit 15:00
64 bit
8 bytes
Example. Data segment descriptor
•
AV: available for the software
•
BASE: base starting address (32 bit)
•
DB: segment parallelism (16/32 bit operands)
•
PL privilege level (see later)
•
G: granularity (segment size – limit - multiple of 1 or 4096
bytes) of the segment 1Byte=>1MB or 4KB=>4GB
•
LIMIT: segment limit ( 20 bit – see G bit)
•
P: segment present in memory
•
S: descriptor type (system/user)
•
TYPE: segment type (data/code – R/W Expand down-up)
•
The descriptor fields have different meanings
according to the type and other parameters
•
Please notice that no fields are available to determine the
«age» of the segment for replacement policies (only the –
accessed – bit can be used) : this is due to the fact that
normally the systems are paged
•
More modern descriptors for higher parallelism are slightly
different
18
Descriptors
31
24
Base 31:24
19 16
G
D A Limit
P
0
S
P
B V 19-16
L
Base 15:00
P
14 13 11
P
L
8 7
Type
0
Base
23:16
Limit 15:00
S
Type
Access Right Byte
P
>
Present
in
memory
(code/data)
valid/invalid (for OS segments and gates)
PL
> Protection level
S
or
> = 1 code(data (user) ; = 0 system or gates segments
Type > 16 different types (really 32 because the meaning
depends on S too)
19
Data descriptors
(System ->only by OS usable– level 0 see later)
S = 1 non system
P
C/D
C/D
E
W
A
E
P
L
W
1
Type
Access Right Byte
A
Data/code (0 data).
Expand down or upward (stack)
Write – read only or R/W
Accessed
20
Code descriptors
S = 1 non system
P
C/D
C/D
C
R
A
C
P
L
R
1
Type
Access Right Byte
A
Code/Data
0/1 Conforming descriptor (see later))
0/1 read only or R/W
Accessed
21
Data Segments
Non System
C/D E(xp.) W
A(ccessed)
Descrizione
0
0
0
0
Not yet accessed segment, read only, upward
expansion
0
0
0
1
The same but accessed
0
0
1
0
Not yet accessed segment, read/write, upward
expansion (normal data segment)
0
0
1
1
The same but accessed
0
1
0
0
Not yet accessed segment, read only, downward
expansion (call gate see later)
0
1
0
1
The same but accessed
0
1
1
0
Not yet accessed segment, read/write,
downward expansion (normale stack segment)
0
1
1
1
The same but accessed
22
Descriptors tables
• In the iAPx86 systems each segment is found through its
descriptor whch can be located in two different tables: GDT
(Global Descriptor Table) or LDT (Local Descriptor Table).
• Typical descriptors of the LDTs are data, segments, code. There are
also task descriptors (see later)
• The CS, SS, DS etc. do not store addresses but selectors
(16 bits) which lead to the segment descriptors storing
all information of the segment
23
Addressing
An address of iAPX86 systems is a string of 48 bits (16 bit for
the selector and 32 bit for the offset)
Segment register
47
Limit address
0
32 31
SELECTOR
Segment
OFFSET
datum
Access Rights
Limit
Initial address
GDT or LDT
segment descriptor
Segment initial
address
The computed address is the linear or virtual
address
24
GDT
GDT
N
N-1
Index
N-2
SELECTOR
--------------4
3
2
1
CPU
Registers
LIMIT
0
BASE
GDTR
Global Descriptor Table Register
The base address value and the limit of the GDT must be stored by
the OS during the initial configuration phase through privileged
instructions (see later)
Since the index is stored in the first 13 bits of the selector (the other
bits are for control) the GDT can store up to 8192 8 bytes descriptors
(64 Kbytes). The same for each LDT (and IDT – see later). GDT is
used for system segments
25
LDT
LDT
N
N-1
N-2
GDT
N
N-1
N-2
--------------4
LDTR
--------------4
3
2
1
0
3
2
1
0
There is a LDTR register storing a
selector which points to the current LDT
descriptor. The LDT is therefore a
segment of the GDT. The register can be
loded by a privileged instruction. LDT is
used for user segments
26
LDT
A Local Descriptor Table contains all descriptors of a task
(process) defined in the system. In particular the LDTR
stores the selector of the LDT of the process presently
executed
Local Descriptor Table contents:
• Task code, data and stack
• The call gates (see later)
• The task gates which allow to trigger the execution of
other tasks
Are the addresses of the GDTR and LDTR virtual or
physical? And the addresses in the GDT and LDT? All
virtual!
There must be a GDT and LDT for each task!
27
Aliasing
But since all data of the LDT or GDT are segments descriptors how
can the OS modify the their contents since there are no specific access
instructions ?
ALIAS
Since a segment is a portion of the logical (and therefore physical)
memory nothing prevents a double description of the same area with
different access rights.
N
N-1
X
K
3
2
1
0
Y
GDT
X and Y are the same memory area which is however described by
two different descriptors i.e. one (X) code and the other (Y) data.
The compiler, for instance, when generates the code writes in the
segment through descriptor Y (enable write) but when the segment
must be executed the OS uses descriptor Y. Obviously the OS must
be aware of this aliasing because when X (Y) is deleted from
memory or saved in disk all aliased descriptors must be updatesd.
For the entire GDT and LDT there is an alias.
28
Selectors
Segment selector
(Segment register content)
15
3
INDEX
2 1
T
I
0
RPL
INDEX: descriptor table index
13 bit -> 8192 selectors
TI: Table Identifier (0 =>GDT – 1 => LDT)
RPL: Privilege level (see protection later)
29
An example
mov ax, 00D0
mov ds, ax
mov dl,[3]
In iAPX86 this means to insert 00D0 in DS, but
00D0 is a selector
0000|0000|1101|0000
pointing the twentyseventh descriptor (do not
forget 0!) of the GDT (11010B=26D) with
privilege level 00 ! If the segment base address
in the descriptor is 0000F5D0 the byte at virtual
address 0000F5D3 is read (the offset of the
instruction is 3) !
30
Descriptors caching
• The descriptors of all segments pointed by the segment
registers are stored in small caches of 8 bytes linked to the
segment registers. These caches are loaded when a new
selector is loaded into a segment register..
• This prevents that for each memory access an access to
the descriptor table is needed.
31
Full addressing in iAPX86
Displacement
SS
selector
Base Register
selector
GS
selector
FS
selector
ES
selector
DS
selector
CS
Index Register
X
Scale
+
DESCRIPTOR REGISTERS
Offset
Access Rights
SS
Access Rights
GS
Limit
Access Rights
FS
Limit
Base
Address
Access
Rights
ES
Limit
Base
Address
Access
Rights
DS
Limit
Base
Address
Access
Rights CS
Limit
Base Address
Limit
Base Address
+
LINEAR
ADDRESS
Base Address
CACHE
32
iAPX86 (32 bit) full addressing
15
SELECTOR 0
31
0
selector
OFFSET
Instruction Address
Descriptor
Linear address
22 21
31
DIR
0
12 11
TABLE
OFFSET
20 bit address
+ 12 bit info
20 bit address
+ 12 bit info
OP.
P.TBL.ENTRY
Physical address
DIR ENTRY
1024 slots
Each task has its own page table loaded for each
context change The OS services are started by software
interrupts
CR3
Physical address in CR3
(reloaded for each context
switch)
35
Page table descriptors
(I level)
Page Directory Element (DIR field)
31
12
Initial address 31:12
11
9 8 7 6 5 4 3 2 1 0
Avail
P P
P
0
0 A CWUW P
S
D T
Available for software
[Page size (4K/4M)]
[II level table used]
Page cache disable
Page write through
Supervisor
Writable
Present
Accessible only from Protection Level 0,1,2
The physical address of the first level table is pointed by the system
register CR3
In the field 31-12 the physical address of the II level table (aligned 4K!!)
is stored which is indexed through the TABLE value to obtain the initial
physical address (aligned !!) of the requested page
PCD e PWT indicate whether the II level table items are cacheable and
the used policy (WT or WB). The cacheability and the PWT of the I
level table is stored in CR3.
37
Page table descriptors
(II level)
Page Table Entry (Table fields of the virtual address)
Not used
12 11
31
Page base address 31:12
Avail
9 87 6 5 4 3 2 1 0
P P
0 0 D A CWUW P
D T
Available for software
Dirty (written)
Used
Page cache disable
Page write through
User/Supervisor
Writable
Present in memory
See later
Indicate whether the page data are cacheable and their policy
(WB or WT). For the protection (see later) first the segment
descriptor is checked then the page protection. Very often for
the page tables PWT=1: then no write-back problems occur
38
Sharing and protection
Process 1 page table
Process 2 page table
Pointers
Flags
Bit di controllo
Disk addresses
Memory
39
I and II level page fault
What in case of a page fault?
•
The linear address is saved in CR2 (hardware – see later)
•
A software interrupt n. 14 is generated
•
The triggered routine reads CR2
•
OS call to find a free or replaceable page
•
Disk driver call
•
The new initial address is stored in the II level table
•
IRET which restarts the page-faulted instruction
•
A page fault can occur also if the second level page table is
missing
40
Caches and page tables
A I or II level table stores data which must be available for the OS
and therefore must be possibly cacheable. The use policy can be
determined singularly for each level
CR3 control register
31
12 11
Page directory base address
Physical
Address
5 4 3 2
0
P P
Reserved C W Reserv.
D T
1/0 Data of the 1st level table can be
cacheable.
If cacheable Write Back or Write Trhough
The page (pointed by I or II level tables) policies are defined in the page
descriptors (previously described)
The physical initial address of the 1st level page (1024 elements)
(different for each process) is stored in the 20 Msbits (31-12). Different
page tables for each process
41
System registers
31
0
CR0
RESERVED
CR1
CR2
CR3
CR4
47
16 15
0
BASE
LIMIT
BASE
LIMIT
15
GDTR
IDTR
0
SELECTOR
TR
SELECTOR
LDTR
The system registers load and store are carried out by
specific privileged instructions (ex. LTR – Load Task
Register – LGDT – Load Global Descriptor Table etc.). For
privileges see later
42
CR0
31 30 29
PCN
G DW
5 4 3 2 1 0
18 17 16
R
A W
R
M P
R
N TE P
R
1
E SM E
R Reserved
PG Paging enable
CD Cache disable
NW Not writethrough
CACHE control
AM Alignment mask (align check)
WP Write protect (supervisor is not allowed to
write user pages)
NE Numeric Error
TS task switched (save e restore Floating Point)
EM Escape Instruction Trapped
PE Protection enabled
NB: Paging enable is valid only if PE=1
43
Page Fault
CR2
31
0
PAGE FAULT LINEAR ADDRESS
44
CR4
CR4 control register
31
7
Reserved
6 5 4
3
2
1 0
M
P
T P V
D
C 0 S
S V M
E
E
E
D I E
Machine check enable (i.e.
unaligned data)
[Page Size (4K/4M)]
Debugging extensions
Time stamp disable
Protected Mode Virtual Interrupt
Virtual 8086 Mode Extensions
If paging is disabled virtual and physical addresses coincide
iAPX86 systems can be segmented only, paged only (defining only
one big segment – see Linux) and segmented and paged
In the new systems bit 7 indicates whether page tables can be shared
among many processes. Bit 5 allows 36 bit addressing
45