Unit - 5
Initializing of 80386DX, debugging and virtual 8086 mode
1. The contents of EAX depend upon the results of the power-up self test. The self-test may be requested externally by assertion of BUSY# at the end of RESET. T
2. He EAX register holds zero if the 80386 passed the test. A nonzero value in EAX after self-test indicates that the particular 80386 unit is faulty. If the self-test is not requested, the contents of EAX after RESET is undefined.
3. DX holds a component identifier and revision number after RESET as Figure 10-1 illustrates. DH contains 3, which indicates an 80386 component. DL contains a unique identifier of the revision level.
4. Control register zero (CR0) contains the values s The ET bit of CR0 is set if an 80387 is present in the configuration (according to the state of the ERROR# pin after RESET). If ET is reset, the configuration either contains an 80287 or does not contain a coprocessor. A software test is required to distinguish between these latter two possibilities.
5.The remaining registers and flags are set as follows:
EFLAGS =00000002H
IP =0000FFF0H
CS selector =000H
DS selector =0000H
ES selector =0000H
SS selector =0000H
FS selector =0000H
GS selector =0000H
IDTR:
Base =0
Limit =03FFH
All registers not mentioned above are undefined.
Key takeaways
- The contents of EAX depend upon the results of the power-up self test. The self-test may be requested externally by assertion of BUSY# at the end of RESET
- If ET is reset, the configuration either contains an 80287 or does not contain a coprocessor.
1. In real-address mode a few structures must be initialized before a program can take advantage of all the features available in this mode.
5.2.1 Stack
1. No instructions that use the stack can be used until the stack-segment register (SS) has been loaded. SS must point to an area in RAM.
5.2.2 Interrupt Table
1. The initial state of the 80386 leaves interrupts disabled; however, the processor will still attempt to access the interrupt table if an exception or nonmaskable interrupt (NMI) occurs. Initialization software should take one of the following actions:
1.1 Change the limit value in the IDTR to zero. This will cause a shutdown if an exception or nonmaskable interrupt occurs.
1.2 Put pointers to valid interrupt handlers in all positions of the interrupt table that might be used by exceptions or interrupts.
1.3 Change the IDTR to point to a valid interrupt table.
5.2.3 First Instructions
1. After RESET, address lines A{31-20} are automatically asserted for instruction fetches. This fact, together with the initial values of CS:IP, causes instruction execution to begin at physical address FFFFFFF0H.
2. Near (intrasegment) forms of control transfer instructions may be used to pass control to other addresses in the upper 64K bytes of the address space.
3. The first far (intersegment) JMP or CALL instruction causes A{31-20} to drop low, and the 80386 continues executing instructions in the lower one megabyte of physical memory.
4. This automatic assertion of address lines A{31-20} allows systems designers to use a ROM at the high end of the address space to initialize the system.
Key takeaways
- In real-address mode a few structures must be initialized before a program can take advantage of all the features available in this mode.
- Change the limit value in the IDTR to zero. This will cause a shutdown if an exception or nonmaskable interrupt occurs.
- After RESET, address lines A{31-20} are automatically asserted for instruction fetches. This fact, together with the initial values of CS: IP, causes instruction execution to begin at physical address FFFFFFF0H.
1. Setting the PE bit of the MSW in CR0 causes the 80386 to begin executing in protected mode. The current privilege level (CPL) starts at zero.
2. The segment registers continue to point to the same linear addresses as in real address mode (in real address mode, linear addresses are the same physical addresses).
3. Immediately after setting the PE flag, the initialization code must flush the processor's instruction pre fetch queue by executing a JMP instruction.
4. The 80386 fetches and decodes instructions and addresses before they are used; however, after a change into protected mode, the prefetched instruction information (which pertains to real-address mode) is no longer valid.
5. A JMP forces the processor to discard the invalid information.
Key takeaways
- The segment registers continue to point to the same linear addresses as in real address mode (in real address mode, linear addresses are the same physical addresses).
- Immediately after setting the PE flag, the initialization code must flush the processor's instruction pre fetch queue by executing a JMP instruction.
1. Most of the initialization needed for protected mode can be done either before or after switching to protected mode.
2. If done in protected mode, however, the initialization procedures must not use protected-mode features that are not yet initialized.
5.4.1 Interrupt Descriptor Table
1. The IDTR may be loaded in either real-address or protected mode. However, the format of the interrupt table for protected mode is different than that for real-address mode.
2. It is not possible to change to protected mode and change interrupt table formats at the same time; therefore, it is inevitable that, if IDTR selects an interrupt table, it will have the wrong format at some time.
3. An interrupt or exception that occurs at this time will have unpredictable results. To avoid this unpredictability, interrupts should remain disabled until interrupt handlers are in place and a valid IDT has been created in protected mode.
5.4.2 Stack
1.The SS register may be loaded in either real-address mode or protected mode. If loaded in real-address mode, SS continues to point to the same linear base-address after the switch to protected mode.
5.4.3 Global Descriptor Table
1. Before any segment register is changed in protected mode, the GDT register must point to a valid GDT. Initialization of the GDT and GDTR may be done in real-address mode.
2. The GDT (as well as LDTs) should reside in RAM, because the processor modifies the accessed bit of descriptors.
5.4.4 Page Tables
1. Page tables and the PDBR in CR3 can be initialized in either real-address mode or in protected mode; however, the paging enabled (PG) bit of CR0 cannot be set until the processor is in protected mode.
2. PG may be set simultaneously with PE, or later. When PG is set, the PDBR in CR3 should already be initialized with a physical address that points to a valid page directory.
3. The initialization procedure should adopt one of the following strategies to ensure consistent addressing before and after paging is enabled:
4. The page that is currently being executed should map to the same physical addresses both before and after PG is set.
5. A JMP instruction should immediately follow the setting of PG.
5.4.5 First Task
1. The initialization procedure can run awhile in protected mode without initializing the task register; however, before the first task switch, the following conditions must prevail:
2. There must be a valid task state segment (TSS) for the new task. The stack pointers in the TSS for privilege levels numerically less than or equal to the initial CPL must point to valid stack segments.
3. The task register must point to an area in which to save the current task state. After the first task switch, the information dumped in this area is not needed, and the area can be used for other purposes.
Key takeaways
- Most of the initialization needed for protected mode can be done either before or after switching to protected mode.
- It is not possible to change to protected mode and change interrupt table formats at the same time;
- To avoid this unpredictability, interrupts should remain disabled until interrupt handlers are in place and a valid IDT has been created in protected mode.
- The GDT (as well as LDTs) should reside in RAM, because the processor modifies the accessed bit of descriptors.
- The initialization procedure should adopt one of the following strategies to ensure consistent addressing before and after paging is enabled:
- There must be a valid task state segment (TSS) for the new task. The stack pointers in the TSS for privilege levels numerically less than or equal to the initial CPL must point to valid stack segments.
$TITLE ('Initial Task') NAME INIT Init_stack SEGMENT RW DW 20 DUP (?) tos LABEL WORD init_stack ENDS init_data SEGMENT RW PUBLIC DW 20 DUP(?) init_data ENDS init_code SEGMENT ER PUBLIC ASSUME DS:init_data nop nop nop init_start: ; set up stack mov ax, init_stack mov ss, ax mov esp, offset tos mov a1,1 blink: xor a1,1 out 0e4h,a1 mov cx,3FFFh here: dec cx jnz here jmp SHORT blink hlt init_code ends END init_start, SS:init_stack, DS:init_data $TITLE('Protected Mode Transition -- 386 initialization') NAME RESET ;***************************************************************** ; Upon reset the 386 starts executing at address 0FFFFFFF0H. The ; upper 12 address bits remain high until a FAR call or jump is ; executed. |
1. The 80386 provides a mechanism for testing the Translation Lookaside Buffer (TLB), the cache used for translating linear addresses to physical addresses. Although failure of the TLB hardware is extremely unlikely, users may wish to include TLB confidence tests among other power-up confidence tests for the 80386.
5.6.1 structure of the TLB
1. The TLB is a four-way set-associative memory. it illustrates the structure of the TLB. There are four sets of eight entries each.
2. Each entry consists of a tag and data. Tags are 24-bits wide. They contain the high-order 20 bits of the linear address, the valid bit, and three attribute bits.
3.The data portion of each entry contains the high-order 20 bits of the physical address.
5.6.2 Test Registers
1. Two test registers, are provided for the purpose of testing. TR6 is the test command register, and TR7 is the test data register. These registers are accessed by variants of the MOV instruction.
2. A test register may be either the source operand or destination operand. The MOV instructions are defined in both real-address mode and protected mode.
3. The test registers are privileged resources; in protected mode, the MOV instructions that access them can only be executed at privilege level 0.
4 An attempt to read or write the test registers when executing at any other privilege level causes a general protection exception.
5. The test command register (TR6) contains a command and an address tag to use in performing the command:
5.1 C
This is the command bit. There are two TLB testing commands: write entries into the TLB, and perform TLB lookups. To cause an immediate write into the TLB entry, move a doubleword into TR6 that contains a 0 in this bit. To cause an immediate TLB lookup, move a doubleword into TR6 that contains a 1 in this bit.
5.2 Linear Address
On a TLB write, a TLB entry is allocated to this linear address; the rest of that TLB entry is set per the value of TR7 and the value just written into TR6. On a TLB lookup, the TLB is interrogated per this value; if one and only one TLB entry matches, the rest of the fields of TR6 and TR7 are set from the matching TLB entry.
5.3 V
The valid bit for this TLB entry. The TLB uses the valid bit to identify entries that contain valid data. Entries of the TLB that have not been assigned values have zero in the valid bit. All valid bits can be cleared by writing to CR3.
5.3 D, D#
The dirty bit (and its complement) for/from the TLB entry.
5.4 U, U#
The U/S bit (and its complement) for/from the TLB entry.
5.5 W, W#
The R/W bit (and its complement) for/from the TLB entry.
The meaning of these pairs of bits is given by Table , where X represents D, U, or W.
The test data register (TR7) holds data read from or data to be written to the TLB.
6. Physical Address
1. This is the data field of the TLB. On a write to the TLB, the TLB entry allocated to the linear address in TR6 is set to this value. On a TLB lookup, if HT is set, the data field (physical address) from the TLB is read out to this field. If HT is not set, this field is undefined.
7. HT
For a TLB lookup, the HT bit indicates whether the lookup was a hit (HT := 1) or a miss (HT := 0). For a TLB write, HT must be set to 1.
8. REP
For a TLB write, selects which of four associative blocks of the TLB is to be written. For a TLB read, if HT is set, REP reports in which of the four associative blocks the tag was found; if HT is not set, REP is undefined.
5.6.3 Test Operations
1. To write a TLB entry:
1.1 Move a double word to TR7 that contains the desired physical address, HT, and REP values. HT must contain 1. REP must point to the associative block in which to place the entry.
1.2 Move a double word to TR6 that contains the appropriate linear address, and values for V, D, U, and W. Be sure C=0 for "write" command.
2. Be careful not to write duplicate tags; the results of doing so are undefined. To look up (read) a TLB entry:
2.1 Move a double word to TR6 that contains the appropriate linear address and attributes. Be sure C=1 for "lookup" command.
2.2 Store TR7. If the HT bit in TR7 indicates a hit, then the other values reveal the TLB contents. If HT indicates a miss, then the other values in TR7 are indeterminate.
3. For the purposes of testing, the V bit functions as another bit of address. The V bit for a lookup request should usually be set, so that uninitialized tags do not match. Lookups with V=0 are unpredictable if any tags are uninitialized.
Key takeaways
- Most of the initialization needed for protected mode can be done either before or after switching to protected mode.
- It is not possible to change to protected mode and change interrupt table formats at the same time;
- To avoid this unpredictability, interrupts should remain disabled until interrupt handlers are in place and a valid IDT has been created in protected mode.
- The GDT (as well as LDTs) should reside in RAM, because the processor modifies the accessed bit of descriptors.
- The initialization procedure should adopt one of the following strategies to ensure consistent addressing before and after paging is enabled.
- There must be a valid task state segment (TSS) for the new task. The stack pointers in the TSS for privilege levels numerically less than or equal to the initial CPL must point to valid stack segments.
- Store TR7. If the HT bit in TR7 indicates a hit, then the other values reveal the TLB contents. If HT indicates a miss, then the other values in TR7 are indeterminate.
Part 2 debugging
He features of the 80386 architecture that support debugging include:
1. Reserved debug interrupt vector
Permits processor to automatically invoke a debugger task or procedure when an event occurs that is of interest to the debugger.
2. Four debug address registers
Permit programmers to specify up to four addresses that the CPU will automatically monitor.
3. Debug control register
Allows programmers to selectively enable various debug conditions associated with the four debug addresses.
4. Debug status register
Helps debugger identify condition that caused debug exception.
5. Trap bit of TSS (T-bit)
Permits monitoring of task switches.
6. Resume flag (RF) of flags register
Allows an instruction to be restarted after a debug exception without immediately causing another debug exception due to the same condition.
7 Single-step flag (TF)
Allows complete monitoring of program flow by specifying whether the CPU should cause a debug exception with the execution of every instruction.
8. Breakpoint instruction
Permits debugger intervention at any point in program execution and aids debugging of debugger programs.
9. Reserved interrupt vector for breakpoint exception
Permits processor to automatically invoke a handler task or procedure upon encountering a breakpoint instruction.
10. These features make it possible to invoke a debugger that is either a separate task or a procedure in the context of the current task. The debugger can be invoked under any of the following kinds of conditions:
10.1 Task switch to a specific task.
10.2 Execution of the breakpoint instruction.
10.3 Execution of every instruction.
10.4 Execution of any instruction at a given address.
10.5 Read or write of a byte, word, or double word at any specified address.
Write to a byte, word, or double word at any specified address.
Attempt to change a debug register.
Key takeaways
- Reserved debug interrupt vector
- Permits processor to automatically invoke a debugger task or procedure when an event occurs that is of interest to the debugger.
- Four debug address registers
- Trap bit of TSS (T-bit)
- Permits monitoring of task switches.
- Reserved interrupt vector for breakpoint exception
- Permits processor to automatically invoke a handler task or procedure upon encountering a breakpoint instruction.
1. Six 80386 registers are used to control debug features. These registers are accessed by variants of the MOV instruction.
2. A debug register may be either the source operand or destination operand. The debug registers are privileged resources; the MOV instructions that access them can only be executed at privilege level zero.
3. An attempt to read or write the debug registers when executing at any other privilege level causes a general protection exception.
5.8.1 Debug Address Registers (DR0-DR3)
1. Each of these registers contains the linear address associated with one of four breakpoint conditions. Each breakpoint condition is further defined by bits in DR7.
2. The debug address registers are effective whether or not paging is enabled. The addresses in these registers are linear addresses.
3. If paging is enabled, the linear addresses are translated into physical addresses by the processor's paging mechanism
4. If paging is not enabled, these linear addresses are the same as physical addresses.
5. Note that when paging is enabled, different tasks may have different linear-to-physical address mappings. When this is the case, an address in a debug address register may be relevant to one task but not to another.
6. For this reason the 80386 has both global and local enable bits in DR7. These bits indicate whether a given debug address has a global (all tasks) or local (current task only) relevance.
5.8.2 Debug Control Register (DR7)
1. The debug control register both helps to define the debug conditions and selectively enables and disables those conditions.
2. For each address in registers DR0-DR3, the corresponding fields R/W0 through R/W3 specify the type of action that should cause a breakpoint. The processor interprets these bits as follows:
2.1 00 -- Break on instruction execution only
2.2 01 -- Break on data writes only
2.3 10 -- undefined
2.4 11 -- Break on data reads or writes but not instruction fetches
3. Fields LEN0 through LEN3 specify the length of data item to be monitored. A length of 1, 2, or 4 bytes may be specified. The values of the length fields are interpreted as follows:
3.1 00 -- one-byte length
3.2 01 -- two-byte length
3.3 10 -- undefined
3.4 11 -- four-byte length
If RWn is 00 (instruction execution), then LENn should also be 00. Any other length is undefined.
5.8.3 Debug Status Register (DR6)
1. The debug status register permits the debugger to determine which debug conditions have occurred.
2. When the processor detects an enabled debug exception, it sets the low-order bits of this register (B0 thru B3) before entering the debug exception handler. Bn is set if the condition described by DRn, LENn, and R/Wn occurs. (Note that the processor sets Bn regardless of whether Gn or Ln is set.
3. If more than one breakpoint condition occurs at one time and if the breakpoint trap occurs due to an enabled condition other than n, Bn may be set, even though neither Gn nor Ln is set.)
4. The BT bit is associated with the T-bit (debug trap bit) of the TSS (refer to 7 for the location of the T-bit). The processor sets the BT bit before entering the debug handler if a task switch has occurred and the T-bit of the new TSS is set.
5. There is no corresponding bit in DR7 that enables and disables this trap; the T-bit of the TSS is the sole enabling bit.
6. The BS bit is associated with the TF (trap flag) bit of the EFLAGS register. The BS bit is set if the debug handler is entered due to the occurrence of a single-step exception.
7. The single-step trap is the highest-priority debug exception; therefore, when BS is set, any of the other debug status bits may also be set.
5.8.4 Breakpoint Field Recognition
1. The linear address and LEN field for each of the four breakpoint conditions define a range of sequential byte addresses for a data breakpoint.
2. The LEN field permits specification of a one-, two-, or four-byte field. Two-byte fields must be aligned on word boundaries (addresses that are multiples of two) and four-byte fields must be aligned on double word boundaries (addresses that are multiples of four).
3. These requirements are enforced by the processor; it uses the LEN bits to mask the low-order bits of the addresses in the debug address registers.
4. Properly aligned code or data breakpoint addresses will not yield the expected results.
5. A data read or write breakpoint is triggered if any of the bytes participating in a memory access is within the field defined by a breakpoint address register and the corresponding LEN field. gives some examples of breakpoint fields with memory references that both do and do not cause traps.
Key takeaways
- An attempt to read or write the debug registers when executing at any other privilege level causes a general protection exception.
- The debug address registers are effective whether or not paging is enabled. The addresses in these registers are linear addresses
- He debug control register both helps to define the debug conditions and selectively enables and disables those conditions.
- If more than one breakpoint condition occurs at one time and if the breakpoint trap occurs due to an enabled condition other than n, Bn may be set, even though neither Gn nor Ln is set.)
- The linear address and LEN field for each of the four breakpoint conditions define a range of sequential byte addresses for a data breakpoint.
Two of the interrupt vectors of the 80386 are reserved for exceptions that relate to debugging. Interrupt 1 is the primary means of invoking debuggers designed expressly for the 80386; interrupt 3 is intended for debugging debuggers and for compatibility with prior processors in Intel's 8086 processor family.
12.3.1 Interrupt 1 -- Debug Exceptions
1. The handler for this exception is usually a debugger or part of a debugging system. The processor causes interrupt 1 for any of several conditions.
2. The debugger can check flags in DR6 and DR7 to determine what condition caused the exception and what other conditions might be in effect at the same time.
3. Table associates with each breakpoint condition the combination of bits that indicate when that condition has caused the debug exception.
4. Instruction address breakpoint conditions are faults, while other debug conditions are traps. The debug exception may report either or both at one time. The following paragraphs present details for each class of debug exception.
Debug Exception Conditions
Flags to Test Condition BS=1 Single-step trap B0=1 AND (GE0=1 OR LE0=1) Breakpoint DR0, LEN0, R/W0 B1=1 AND (GE1=1 OR LE1=1) Breakpoint DR1, LEN1, R/W1 B2=1 AND (GE2=1 OR LE2=1) Breakpoint DR2, LEN2, R/W2 B3=1 AND (GE3=1 OR LE3=1) Breakpoint DR3, LEN3, R/W3 BD=1 Debug registers not available; in use by ICE-386. BT=1 Task switch
|
Key takeaways
- The debugger can check flags in DR6 and DR7 to determine what condition caused the exception and what other conditions might be in effect at the same time.
1. This exception is caused by execution of the breakpoint instruction INT 3. Typically, a debugger prepares a breakpoint by substituting the opcode of the one-byte breakpoint instruction in place of the first opcode byte of the instruction to be trapped.
2. When execution of the INT 3 instruction causes the exception handler to be invoked, the saved value of ES:EIP points to the byte following the INT 3 instruction.
3. With prior generations of processors, this feature is used extensively for trapping execution of specific instructions. With the 80386, the needs formerly filled by this feature are more conveniently solved via the debug registers and interrupt 1.
4. However, the breakpoint exception is still useful for debugging debuggers, because the breakpoint exception can vector to a different exception handler than that used by the debugger.
5. The breakpoint exception can also be useful when it is necessary to set a greater number of breakpoints than permitted by the debug registers.
Key takeaways
- This exception is caused by execution of the breakpoint instruction INT 3.
- With prior generations of processors, this feature is used extensively for trapping execution of specific instructions
- The breakpoint exception can also be useful when it is necessary to set a greater number of breakpoints than permitted by the debug registers.
Part 3 Virtual 8086 mode
1. The processor executes in V86 mode when the VM (virtual machine) bit in the EFLAGS register is set. The processor tests this flag under two general conditions:
2. When loading segment registers to know whether to use 8086-style address formation.
3. When decoding instructions to determine which instructions are sensitive to I
4. Except for these two modifications to its normal operations, the 80386 in V86 mode operated much as in protected mode.
5.11.1 Registers and Instructions
1. The register set available in V86 mode includes all the registers defined for the 8086 plus the new registers introduced by the 80386: FS, GS, debug registers, control registers, and test registers.
2. New instructions that explicitly operate on the segment registers FS and GS are available, and the new segment-override prefixes can be used to cause instructions to utilize FS and GS for address calculations.
3. Instructions can utilize 32-bit operands through the use of the operand size prefix.
4. 8086 programs running as V86 tasks are able to take advantage of the new applications-oriented instructions added to the architecture by the introduction of the 80186/80188, 80286 and 80386:
- New instructions introduced by 80186/80188 and 80286.
-- PUSH immediate data
-- Push all and pop all (PUSHA and POPA)
-- Multiply immediate data
-- Shift and rotate by immediate count
-- String I/O
-- ENTER and LEAVE
-- BOUND
5.11.2 Linear Address Formation
1. In V86 mode, the 80386 processor does not interpret 8086 selectors by referring to descriptors; instead, it forms linear addresses as an 8086 would. It shifts the selector left by four bits to form a 20-bit base address.
2. The effective address is extended with four high-order zeros and added to the base address to create a linear address.
3. Because of the possibility of a carry, the resulting linear address may contain up to 21 significant bits. An 8086 program may generate linear addresses anywhere in the range 0 to 10FFEFH (one megabyte plus approximately 64 Kbytes) of the task's linear address space.
4. V86 tasks generate 32-bit linear addresses. While an 8086 program can only utilize the low-order 21 bits of a linear address, the linear address can be mapped via page tables to any 32-bit physical address.
Key takeaways
- Except for these two modifications to its normal operations, the 80386 in V86 mode operated much as in protected mode
- New instructions that explicitly operate on the segment registers FS and GS are available, and the new segment-override prefixes can be used to cause instructions to utilize FS and GS for address calculations
- The effective address is extended with four high-order zeros and added to the base address to create a linear address.
1. A V86 task consists partly of the 8086 program to be executed and partly of 80386 "native mode" code that serves as the virtual-machine monitor.
2. The task must be represented by an 80386 TSS (not an 80286 TSS). The processor enters V86 mode to execute the 8086 program and returns to protected mode to execute the monitor or other 80386 tasks.
3. To run successfully in V86 mode, an existing 8086 program needs the following:
- A V86 monitor.
- Operating-system services.
4. The V86 monitor is 80386 protected-mode code that executes at privilege-level zero. The monitor consists primarily of initialization and exception-handling procedures.
5. As for any other 80386 program, executable-segment descriptors for the monitor must exist in the GDT or in the task's LDT. The linear addresses above 10FFEFH are available for the V86 monitor, the operating system, and other systems software.
6. The monitor may also need data-segment descriptors so that it can examine the interrupt vector table or other parts of the 8086 program in the first megabyte of the address space.
In general, there are two options for implementing the 8086 operating system:
7. The 8086 operating system may run as part of the 8086 code. This approach is desirable for any of the following reasons:
7.1 The 8086 applications code modifies the operating system.
7.2 There is not sufficient development time to reimplement the 8086 operating system as 80386 code.
8. The 8086 operating system may be implemented or emulated in the V86 monitor. This approach is desirable for any of the following reasons:
8.1 Operating system functions can be more easily coordinated among several V86 tasks.
8.2 The functions of the 8086 operating system can be easily emulated by calls to the 80386 operating system.
Key takeaways
- The task must be represented by an 80386 TSS (not an 80286 TSS). The processor enters V86 mode to execute the 8086 program and returns to protected mode to execute the monitor or other 80386 tasks.
- The V86 monitor is 80386 protected-mode code that executes at privilege-level zero. The monitor consists primarily of initialization and exception-handling procedures.
- There is not sufficient development time to reimplement the 8086 operating system as 80386 code.
- The functions of the 8086 operating system can be easily emulated by calls to the 80386 operating system.
1. This summarizes the ways that the processor can enter and leave an 8086 program. The processor can enter V86 by either of two means:
1.1 A task switch to an 80386 task loads the image of EFLAGS from the new TSS. The TSS of the new task must be an 80386 TSS, not an 80286 TSS, because the 80286 TSS does not store the high-order word of EFLAGS, which contains the VM flag. A value of one in the VM bit of the new EFLAGS indicates that the new task is executing 8086 instructions; therefore, while loading the segment registers from the TSS, the processor forms base addresses as the 8086 would.
1.2 An IRET from a procedure of an 80386 task loads the image of EFLAGS from the stack. A value of one in VM in this case indicates that the procedure to which control is being returned is an 8086 procedure. The CPL at the time the IRET is executed must be zero, else the processor does not change VM.
2. The processor leaves V86 mode when an interrupt or exception occurs. There are two cases:
2.1 The interrupt or exception causes a task switch. A task switch from a V86 task to any other task loads EFLAGS from the TSS of the new task. If the new TSS is an 80386 TSS and the VM bit in the EFLAGS image is zero or if the new TSS is an 80286 TSS, then the processor clears the VM bit of EFLAGS, loads the segment registers from the new TSS using 80386-style address formation, and begins executing the instructions of the new task according to 80386 protected-mode semantics.
2.2 The interrupt or exception vectors to a privilege-level zero procedure. The processor stores the current setting of EFLAGS on the stack, then clears the VM bit. The interrupt or exception handler, therefore, executes as "native" 80386 protected-mode code. If an interrupt or exception vectors to a conforming segment or to a privilege level other than three, the processor causes a general-protection exception; the error code is the selector of the executable segment to which transfer was attempted.
3. Systems software does not manipulate the VM flag directly, but rather manipulates the image of the EFLAGS register that is stored on the stack or in the TSS. The V86 monitor sets the VM flag in the EFLAGS image on the stack or in the TSS when first creating a V86 task. Exception and interrupt handlers can examine the VM flag on the stack. If the interrupted procedure was executing in V86 mode, the handler may need to invoke the V86 monitor.
Key takeaways
- 1 A task switch to an 80386 task loads the image of EFLAGS from the new TSS. The TSS of the new task must be an 80386 TSS, not an 80286 TSS, because the 80286 TSS does not store the high-order word of EFLAGS, which contains the VM flag.
- The interrupt or exception causes a task switch. A task switch from a V86 task to any other task loads EFLAGS from the TSS of the new task.
- Systems software does not manipulate the VM flag directly, but rather manipulates the image of the EFLAGS register that is stored on the stack or in the TSS.
References
1. A.Ray, K.Bhurchandi, ”Advanced Microprocessors and peripherals: Arch, Programming &
Interfacing”, Tata McGraw Hill,2004 ISBN 0-07-463841-6
2. Intel 80386 Programmer's Reference Manual 1986, Intel Corporation, Order no.: 231630-011,
December 1995.
3. James Turley, “Advanced 80386 Programming Techniques”, McGraw-Hill, ISBN: 10:
0078813425, 13: 978-0078813429.