it322 intro 2
TRANSCRIPT
IT322: MICROPROCESSOR BASED DESIGN
X86 Memory Segmentation & x86 Addressing Modes
Memory Addressing• Refers to how operands are given instructions (instructions need operands)• Has two categories:-
(a) Non Memory Addressing, which is the simplest form of
addressing.
- It takes either predefined data or a register (name).
- It is the fastest way to address operands.
(b) Memory Addressing, which allows access to data in memory.
- Can be as fast as non-memory addressing only if the memory
being accessed exists in the cache that is on the CPU otherwise several cycles are required to directly read / write to RAM.
NOTE:
When accessing memory, the operand is surrounded by square brackets. Otherwise, without these brackets, either a memory address is being stored to be used later or data is to be retrieved from the memory to be worked on.
x86 Memory Segmentation
Memory Segmentation• It is the division of a computer's primary memory into segments or
sections. In a computer system using segmentation, a reference to a memory location includes a value that identifies a segment and an offset within that segment.
• It refers to the implementation of memory segmentation in the Intel x86 computer instruction set architecture.
X86 Segmentation• It was introduced on the Intel 8086 in 1978 as a way to allow programs to
address more than 64 KB (65,536 bytes) of memory. • Intel 80286 introduced a second version of segmentation in 1982 that
added support for virtual memory and memory protection. • At this point, the original model was renamed real mode, and the new
version was named protected mode. • The x86-64 architecture, introduced in 2003, has largely dropped support
for segmentation in 64-bit mode.
• In both real and protected modes the system uses 16-bit segment registers to derive the actual memory address.
• In real mode, the registers CS, DS, SS, and ES point to the currently used program code segment (CS), the current data segment (DS), the current stack segment (SS), and one extra segment determined by the programmer (ES).
• Intel 80386, introduced in 1985, adds two additional segment registers, FS and GS, with no specific uses defined by the hardware.
• The way in which the segment registers are used differs between the two modes.
x86 Memory Segmentation …
x86 Memory Segmentation …• The choice of segment is normally defaulted by the
processor according to the function being executed.• Instructions are always fetched from the code segment.• Any stack push or pop or any data reference referring to
the stack uses the stack segment. All other references to data use the data segment.
• The extra segment is the default destination for string operations (for example MOVS or CMPS). FS and GS have no hardware-assigned uses.
Real mode
• Is also called real address mode or v86 mode.• It is an operating mode of all x86-compatible CPUs.• In real mode or V86 mode, a segment is always 65,536
bytes in size (using 16-bit offsets).• It is characterized by a 20-bit segmented memory address
space (giving exactly 1 MB of addressable memory) and unlimited direct software access to all memory, I/O addresses and peripheral hardware.
• It provides no support for memory protection, multitasking, or code privilege levels.
• Before the release of the 80286, which introduced Protected mode, real mode was the only available mode for x86 CPUs.
• In the interests of backwards compatibility, all x86 CPUs start in real mode when reset.
• Intel 8086, the predecessor to the 286, was originally designed with a 20-bit address bus for its memory.
• This allowed the processor to access 220 bytes of memory, equivalent to 1 megabyte.
• At the time, 1 megabyte was considered a relatively large amount of memory, so the designers of the IBM Personal Computer reserved the first 640 kilobytes for use by applications and the operating system and the remaining 384 kilobytes for the BIOS (Basic Input/Output System) and memory for add-on devices.
• As the cost of memory decreased and memory use increased, the 1 MB limitation became a significant problem.
• Intel intended to solve this limitation along with others with the release of the 286.
Real mode …
Real mode …
• PC BIOS (IBM) and DOS operating systems (MS-DOS, DR-DOS, etc.) operate in real mode.
• Early versions of Microsoft Windows ran in real mode, until Windows 386, which ran in protected mode.
• Windows 3.0 could run in either real or protected mode. It could actually run in two "flavours" of protected mode: "standard mode", which ran using protected mode, and "386-enhanced mode", which is a virtualized version of standard mode and thus would not run on a 286.
• Windows 3.1 removed support for real mode, and it was the first mainstream operating environment which required at least an 80286 processor.
• Almost all modern x86 operating systems (Unix, Linux, OS/2, Windows 95 and later, etc.) switch the CPU into protected mode at startup.
• 64-bit operating systems may use this only as another stepping stone to get to long mode.
• It is worth noting that the protected mode of the 80286 is considerably more primitive than the improved protected mode introduced with the 80386; the latter is sometimes called 386 protected mode, and is the mode most modern 32-bit x86 operating systems run in.
Protected mode
• It is also called protected virtual address mode.• It is an operational mode of x86-compatible central processing units (CPUs). • It allows system software to use features such as virtual memory, paging and safe
multi-tasking designed to increase an operating system's control over application software.
• When a processor that supports x86 protected mode is powered on, it begins executing instructions in real mode, in order to maintain backwards compatibility with earlier x86 processors.
• Protected mode was first added to the x86 architecture in 1982, with the release of Intel's 80286 (286) processor, and later extended with the release of the 80386 (386) in 1985.
• Due to the enhancements added by protected mode, it has become widely adopted and has become the foundation for all subsequent enhancements to the x86 architecture, although many of those enhancements, such as added instructions and new registers, also brought benefits to the real mode.
• 386 had additional features to protected mode:- Paging, 32-bit physical and virtual address space (the 32-bit physical address space is not present on the 80386SX, and other 386 processor variants which use the older 286 bus) , 32-bit segment offsets, ability to switch back to real mode without resetting and Virtual 8086 mode.
• The 286 architecture introduced protected mode, allowing for (among other things) hardware-level memory protection. Using these new features.
• However, this required a new operating system that was specifically designed for protected mode.
• Since a primary design specification of x86 microprocessors is that they are fully backwards compatible with software written for all x86 chips before them, the 286 chip was made to start in 'real mode' – that is, in a mode which turned off the new memory protection features, so that it could run operating systems written for the 8086 and the 80186.
• As of 2014, even the newest x86 CPUs (including x86-64 CPUs) start in real mode at power-on and can run software written for almost any previous x86 chip.
Protected mode …
Addressing Modes
• An addressing mode is an aspect of the instruction set architecture in most central processing unit (CPU) designs.
• The various addressing modes that are defined in a given instruction set architecture define how machine language instructions in that architecture identify the operand (or operands) of each instruction.
• x86 processor has many different addressing modes that can be used for a multitude of different purposes.
• All addressing modes take the same amount of time to execute, however some modes require more work to be done with instructions in order to use them effectively making them slower than other modes.
• The addressing modes in 16 bits are slightly different than the addressing modes in 32 bits.
• Addressing is simply how we give an instruction its operands. • There are two types of addressing: non memory addressing and
memory addressing.
Non memory addressing & memory addressing• Non memory addressing is the simplest form of addressing because it
either takes predefined data or a register name. It is also the fastest way to address operands. • Memory addressing allows us to access data in memory. It can be as fast as non memory addressing modes only if the memory being
accessed exists in a cache that is on the CPU chip. If the memory does not exist in any cache it will be directly read from or
written to RAM which can take several cycles. The processor will stall the instruction in order to wait for a memory read or a memory write to be completed.
When accessing memory the operand will always be surrounded by square brackets ("[" and "]").
NOTE THAT:-• The square brackets mean that the operand points to a memory location and
that data should be read from or written to that memory location. • If the operand is not surrounded by square brackets either a memory
address is being stored to be used later on or data is to be retrieved from memory to be worked on.
Size of the Operation
• Sometimes when accessing memory the assembler will not know if you want to read or write one byte, two bytes, four bytes, or more.
• mov [0x500],5
;move the number 5 into memory at the location 0x500
;without specifying if the size of number 5 to be one byte
;or two bytes, etc long. MASM will not guess as that will lead to unpredictable behavior so
instead MASM requires you specify the size of the data you whish to move.
This is called specifying the size of the operation; • mov word [0x500],5
; The operation moves a word into the memory location 0x500• mov [0x500],AX
;the size of the operation is a word because we specify to move
;the register AX (a 16 bit register) into the memory location 0x500.
32-bit Protected Mode Addressing
(A) Non Memory Addressing Modes
These modes do not access memory. These modes will work with either static data or registers.
Register addressing mode • Is used to move data to and from registers and to manipulate the data in a
register. • The data may be a numeric value, memory address, or general data. • It is one of the most common and is almost always used in conjunction with
memory addressing modes. • cmp EAX,EBX
Immediate addressing mode • The operand's value is specified at compile time. • This operand is usually a numeric value or the compiler can place the offset of
a label or variable from the compiler's symbol table as the immediate operand.
• The operand is than compiled into the actual instruction that the operand is a part of.
mov EAX,100
add ECX,22
(B) Memory Addressing Modes
• These perform memory operations such as reading from and writing to memory.
• Because of the memory access, they are often slower than using the non memory addressing modes.
• Of course a program could not rely on immediate and register addressing modes alone.
• The processor to access memory in many different ways.• Most instructions will only allow one operand to use a memory
addressing mode while the other operand must use either the immediate or register addressing mode.
• Memory addresses are composed of several different components. • The table below lists the components that can make up a memory address.
Direct memory addressing mode - [disp] – is the most straight forward way to access memory.• It is used when the exact address of the memory to access is known. • The most common use is for the compiler to replace a label name with the label's offset
from the compiler's symbol table.• Can also use numeric addresses.
var dd 150
var dd 150
mov EAX, [var] ;Moves the value of var (150) into EAX
add EAX,[100h] ;Adds the value of the variable at 100h (100 in hex) to EAX
cmp dword [var],150 ;Compares the value of var (150) to the value 150
Displacement Base Index Scale
no disp EAX EAX 1
16-bit disp EBX EBX 2
32-bit disp ECX ECX 4
EDX EDX 8
ESI ESI
EDI EDI
EBP EBP
ESP
Register Indirect addressing - [base] - allows to specify the address of the memory to access in a register. • This mode is especially useful when the address to a
parameter is passed to a procedure.
var dd 12
mov EAX,dd
;Moves the address of var into EAX
mov EBX,100h
mov EDX,[EAX]
;Moves the value of var into EDX
;EAX holds the memory address of var
add word [EBX],4
;Adds the value 4 (as a word) to the value
;at the memory address 100h (100 in hex)
Based addressing - [base + disp] - allows the use of a base register and a displacement to access memory. • It is possible to emulate this mode by adding the
displacement to the base register using the add instruction.• However using the based mode will save instruction space
as well as CPU cycles.
var dw 2
var2 dw 17
mov EAX,var
mov EBX,var2
sub word ECX,[EAX+2]
;Subtracts the value of var2 from the ECX register
mov word [EBX-2],10
;Moves 10 into the value of var
Indexed addressing - [(index * scale) + disp] – allows to specify an index register, a scale factor, and a displacement. • This mode is extremely useful when accessing elements of
an array when the element size is 1, 2, 4, or 8 bytes big. • However, if the element size is not one of the scale sizes
than, you have to manually adjust the index according to the element size.
array resd 10
;Creates an array who's elements are 4 bytes big mov ESI,4
mov EDI,9
mov EBX,[ESI*4+array]
;Moves the value of the 5th element of array into EBX
inc dword [EDI*4+array]
;Increments the value of the 10th element of array
Based-Indexed with no scale factor addressing - [base + index + disp] – it exists to more easily support high level language constructs. • For example, if you had an array of structs you could use this
addressing mode to access a specific variable of an element in the array.
• The displacement would be the address of the beginning of the array, the base could be the element you wish to access (element size * element number), and the index could be the variable offset inside the struct of the element.
array resd 10 * 2 ;Creates an array of structs
;each struct consists of two dwords
mov ESI,5*8 ;Set ESI to point to the 6th element
mov EAX,4
;Set EAX to point to the second dword of our struct mov dword [EAX+ESI+array],120
;Sets the second dword of the 6th element
;of our array to 120
Based-Indexed with scale factor - [base + (index * scale) + disp] - is exactly like the based-Indexed with no scale factor addressing mode except that it contains a scale factored multiplied by index.
array resd 10 * 2
;Creates an array of structs
;each struct consists of two dwords
mov ESI,5
;Set ESI to point to the 6th element
mov EAX,4
;Set EAX to point to the second dword of our struct
mov dword [EAX+(ESI*8)+array],120
;Sets the second dword of the 6th element
;of our array to 120
16-bit Real Mode Addressing
(A) Non Memory Addressing Modes• These are the same as 32-bit non memory addressing
modes except that you can only use 16-bit registers or smaller.
• The largest displacement in 16-bit addresses can be at most 16 bits.
(B) Memory Addressing Modes• In 16-bit real mode we can address memory using 16-bit or
8-bit registers. • The addressing modes in 16 bits are much more restrictive
than in 32 bits. • The table below lists the components that can make up a
16-bit address.
• All of possible operands are listed using register names.
Direct addressing - [disp]
var dw 16
mov AX,[var]
add CX,[100h]
Register Indirect addressing - [BX], [BP], [SI], [DI]
var dw 150
mov BX,var
mov SI,0x500
mov word [BX],12
add SI,[100h]
Based addressing - [BX + disp], [BP + disp]
var dw 2
var2 dw 17
mov BX,var
mov BP,var2
sub CX,[BX+2]
mov word [BP-2],10
Indexed addressing - [SI + disp], [DI + disp]
var dw 2
var2 dw 17
mov SI,var
mov DI,var2
sub DX,[SI+2]
mov word [DI-2],4
Based-Indexed with no displacement addressing - [BX + SI], [BX + DI], [BP + SI], [BP + DI]
mov BX,0x1000
mov BP,0x250
mov SI,0x100
mov DI,0x500
sub DX,[BP+DI]
mov word [BX-SI],64
Based-Indexed with displacement addressing - [BX+SI+disp], [BX+DI+disp], [BP+SI+disp], [BP+DI+disp]
mov BX,0x1000
mov BP,0x300
mov SI,0x100
mov DI,0x750
sub DX,[BP+DI-0x50]
mov word [BX-SI-0x200],32