9/10/2014

1
Memory
Management
Real-Mode Memory
Management
Following reset, Intel processors start executing code in the
real-mode operating environment. Since real-mode is fully
compatible with the 8086 architecture, it enables execution of
MS-DOS applications on newer processors such as the
Pentium and Pentium Pro. Unfortunately, along with the
numerous benefits of real-mode, there is also one major
drawback to this mechanism. That is, a processor running in
real-mode can exploit only the lowest 20 bits of its address
bus and is therefore limited to the meager 1MB memory
space of the 8086. IBM's decision to reserve the upper 384KB
of the PC for ISA add-on cards (and the BIOS), made things
even worst since it left real-mode applications (including MS-
DOS itself) with barely 640KB of RAM to work with.
The first 1Mbyte of memory is called either the real mode or
conventional memory system. The DOS operating system
requires the microprocessor to operate in this mode. It allows
application software.
A processor requires a minimum of 20 address lines to have
the ability to access 1MB of memory. When Intel engineers
designed the 8086, it was impractical to implement a 20 bit
address register to hold the generated addresses. So instead,
Intel decided to divide address space into 64KB segments and
coordinate memory access through the use of two 16 bit
values - a Segment and an Offset.








Four dedicated Segment Registers were created in order to
hold the segment portion of the processor generated
addresses. Each of these registers was designated to serve as
a base pointer to a unique segment in the processor physical
address space.
9/10/2014
2
Segment
Register
Designated Role
CS
Code Segment Register
This register points to the currently active code
segment. Used in conjunction with the IP register to
point to the next instruction to be fetched and
executed by the processor.
DS
Data Segment Register
This register usually points to the default data
segment which contains the global and static
variables of the active application.
Segment
Register
Designated Role
ES
Extra Segment Register
General purpose segment register used mostly for data
transfers between different segments.
SS
Stack Segment Register
This register points to the segment containing the
active stack. The top of stack is located at address
SS:SP.
FS
GS
General Purpose Segment Registers
First introduced on the 80386, these segment registers
can be used for any purpose in your application code.
Physical memory calculation
The value set into a segment register identifies a specific 64KB
region of memory, whereas the offset part points to an exact
location within that region. To calculate a physical address, the
processor shifts the content of the segment register four bits
to the left (thus multiplying its value by 16) and adds the
offset.
Segment and Offset
Through the combination of these two, a memory location is
accessed in the real mode. All real mode memory address
must consist of a segment address plus an offset address.
Segment Address
Defines the beginning address of any 64k-byte memory
segment.
Offset Address
Sometimes called displacement or relative. Selects any
location within the 64k-byte memory segment. It is the
distance above the start of the segment.
9/10/2014
3
Note:
Each segment register is internally appended with a 0H on its
right end.
The segment address can begin only at a 16-byte boundary,
which is called paragraph. Once the beginning address in
known, an ending address is known, by adding FFFFH.
The code segment register defines the start of the code
segment and the instruction pointer to locate the next
instruction within the code segment. This combination (CS:IP
or CS:EIP) locates the next instruction executed by the
microprocessor.

The notation adopted by Intel for address representation in
real-mode is segment:offset. For an example consider address
A359:B3FD which is located at segment A359h and has an
offset which equals B3FDh. This notation was chosen since it
serves the need to pinpoint an exact location within the
physical address space of the processor while allowing the
programmer to examine the internal composition of the
address value.
Interesting to note is the fact that although segments are
64KB in size, they are spaced 16 bytes apart in memory. This
should make perfect sense to you if you understand the
procedure taken by the processor when it calculates physical
addresses in real-mode.
Since the content of a segment register forms the 16 high-
order bits of a physical address, it is always divisible by 16 and
has its lowest four bits set to zero. This concept is clearly
depicted in the following figure:
Note that there is an area of overlap between segments in
real-mode, so each physical address is accessible using many
different combinations of segment and offset values. For
instance, if we load one of the segment registers with 1234h
and use an offset which equals 5h, we can read the content of
physical address 12345h.
Mov BX, 1234h
Mov ES, BX
Mov BX, 5h
Mov AL, [ES:BX]
In this case, the processor will shift 1234h four bits to the left
(12340h) and add the offset 5h. Alternatively, we could load
ES with 1233h and use an offset which equals 15h to get a
pointer which corresponds to the same physical memory
location.
9/10/2014
4
For years, the world of personal computing was dominated by
real-mode MS-DOS. The arrival of the Windows operating
system which dispensed with real-mode in favor of the much
advanced protected-mode, marked a new era in the
computing industry.
Introduction to Protected-
Mode
When introduced in the late 1970's, the 8086 was considered
a technological breakthrough. It was a cheap, powerful 16 bit
processor which could address *huge* amounts of memory
(up to 1MB). The 8086 gained an enormous popularity soon
after its introduction, since it was chosen by IBM engineers
when they designed the first personal computer (they actually
used a variant of the 8086 known as the 8088 but the
differences are minor). Since 1MB of memory was considered
an overkill for a personal computer, IBM decided to utilize only
the first 640KB for RAM and reserve the remaining 384KB for
the BIOS and ISA add-on cards.
At first, most applications were rather compact and therefore
were not affected by the 640KB barrier, but eventually some
memory hogging applications hit the market and Intel had to
devise a solution.
The solution came in 1982 when Intel introduced its new
processor : The 80286. As opposed to the 8086 which offered
only one operating mode, the 80286 actually incorporated
two: A backward compatible 8086 operating mode called
Real-Mode and a secondary advanced mode called Protected-
Mode.
Protected-mode allowed the 80286 to exploit its 24-bit
address bus and thus access up to 16MB of physical memory.

Allows access to data and programs located above the first
1Mbyte of memory as well as within the first 1Mbyte of
memory. Segment address is no longer present in this mode.
In place of the segment address, the segment register
contains a selector that selects a descriptor from a descriptor
table. The descriptor describes the memory segment
location, length and access rights. Most function in the real
mode will function without change in the protected mode.
The difference between modes is in the way that the segment
register is interpreted by the microprocessor to access the
memory segment.

9/10/2014
5
Unfortunately, DOS applications could not be easily ported to
protected-mode since it was incompatible with the 8086
implementation for which DOS had been developed. This fact
among others made protected-mode unattractive to software
developers of the time.
Added to this was the fact that it was impossible to return
gracefully back to real-mode once you switched the processor
into protected-mode. The only way for doing so was by
resetting the processor - a highly time consuming operation. It
seems that Intel engineers assumed that once you were
running in protected-mode, you'll never want to go back to a
lowly real-mode environment.
Another deficiency of the 80286 was related to the maximum
size of segments. Although protected-mode gave the
processor an ability to access its entire address space,
memory access was not linear but had to be done using
segments. The maximum size allowed for each segment was
64KB (much the same as on the 8086).
In view of the limitations of the 80286 design, Intel released
its next innovation known as the 80386. The 80386 was highly
superior to its predecessors.
A 32-bit address bus replaced the old 24-bit bus of the 80286
giving the user a total of 4GB physical address space, a third
operating mode dubbed Virtual-Mode was implemented to
support execution of old 8086 code while still running in a
protected-mode environment, and, last but not least, Paging
support was added.
The 80386 formed the basis for the following protected-mode
implementations on the 80486, Pentium and Pentium Pro
processors.
The protected-mode architecture incorporates many
advanced features and solves the memory constraint enforced
by the old 8086 design.
Memory management is a mechanism which provides
operating systems powerful capabilities such as segmentation
and paging.
The first incarnation of the segmentation unit found on the
8086 processor had only one purpose - to serve as a gateway
for a 1MB physical address space. Intel's decision to keep the
segmentation unit alive and kicking under protected-mode
was largely influenced by the desire to retain compatibility
and ease porting of old applications to the new environment.
Under protected-mode there are no longer fixed sized
segments equally spaced in memory, but instead, the size and
location of each segment is set in an associated data structure
called a Segment Descriptor.
9/10/2014
6
When accessing memory, all memory references are relative
to the base address of their corresponding segment. This
makes relocation of program modules fairly easy since there is
no need for the operating system to perform code fix-ups
when it loads applications into memory.
With paging enabled, the processor adds an extra level of
indirection to the memory translation process. By using
special look-up tables in memory, the processor fakes each
application into thinking as if it owns the entire 4GB address
space. Instead of serving as a physical address, an application-
generated address is used by the processor to index one of its
look-up tables.

The corresponding entry in the table contains the actual
physical address which is sent to the processor address bus
(This is a rather simplified description of the process). The
name "paging" was chosen since this indirection mechanism
cannot be applied to individual bytes but rather to 4KB chunks
(or pages) of memory. Through the use of paging, operating
systems can create distinct address spaces for each running
application thus simplifying memory access and preventing
potential conflicts.
Global Descriptor
Contains segment definitions that apply to all programs.
Other term is system descriptor.
Local Descriptor
Usually unique to an application. Other term is application
program. Each table contains 8192 descriptors. The base
address portion of the descriptor indicates the starting
location of the memory segment. The segment limit contains
the last offset address found in a segment.
There is another feature found in the 80386 through the
Pentium II descriptor that is not found in the 80286 descriptor:
the G bit or granularity bit.
Virtual-memory allows applications to allocate more memory
than is physically available. This is done by keeping memory
pages partially in RAM and partially on disk. When a program
tries to access an on-disk page, an Exception is generated (an
exception is a processor-generated interrupt signaling a critical
event) and the operating system reloads the page to allow the
faulting application resume its execution.

9/10/2014
7
AV bit
1 segment is available
0 segment is not available
D bit
0 instructions are 16-bit compatible with the 8086- 80286
1 instructions are 32-bit
G bit Granularity
0 the limit specifies the segment limit of 00000H to FFFFFH
1 the value of the limit is multiplied by 4K bytes (appended
with XXXH)

TI bit
0 selects the global descriptor table
1 selects the local descriptor table
RPL Requested Privilege Level
00 highest
11 lowest

9/10/2014
8
Access Rights Byte
Controls access to the protected mode memory segment.
Describes how the segment functions in the system. Allows
complete control over the segment.


PROGRAM MEMORY
ADDRESSING
DIRECT PROGRAM MEMORY ADDRESSING
Intersegment Jump is a jump to any memory location within
the entire memory system.
Direct Jump is often called a far jump.
Label refers to the location that is called or jumped to
instead of the actual numeric address
EX. JMP [10000H]
RELATIVE PROGRAM MEMORY ADDRESSING
Relative relative to the instruction pointer
Intrasegment Jump a jump anywhere within the current
code segment
9/10/2014
9
Short Jump contain an 8-bit displacement
Far Jump contain a16-bit displacement
EX. JMP [02]
JMP [1122]
INDIRECT PROGRAM MEMORY ADDRESSING
Indirect Jump if a relative register holds the address
Near Jump if a 16 bit register holds the address of a JMP
instruction
Indirect-indirect or Double-Indirect Jump if the register is
considered to be relative
EX. JMP BX
JMP [BX]
STAC K PROGRAM MEMORY ADDRESSING
Stack Segment and Stack Pointer - maintains the stack
memory
Whenever a word of data is pushed onto the stack, the higher-
order-8-bits are placed in the location addressed by SP-1. The
low-order-8-bits are placed in the location addressed by SP-2.
SP is decremented by 2 so that the next word of data is stored
in the next available stack memory location.
Whenever data are popped from the stack, the low-order-8-
bits are removed from the location addressed by SP. The high-
order-8-bits are removed from the location addressed by
Sp+1.

The Sp register is then incremented by 2.
EX. PUSH BX
POP CX

Multitasking
Multitasking refers to the ability of the operating system to run
multiple tasks concurrently. True multitasking can only be achieved
on a multiprocessor machine where each task is scheduled for
execution on a different processor. Conventional operating systems
such as Windows 95 emulate true multitasking by quickly switching
between pending tasks giving each a time-slice to execute.
When running in protected-mode, a task switch makes the
processor save the current Context Information (notably register
values) in a Task State Segment. When the original task is
rescheduled for execution, the processor uses the saved information
to set its internal registers to allow the original task resume its
execution.
9/10/2014
10
Protection
Real-mode does not include support for protection and
therefore cannot offer a secure and reliable execution
environment. Buggy and hostile applications can shake the
operating system integrity by overwriting various system data
structures. When applied, protection can guard against
software bugs and help the operating system in performing
reliable multitasking. Protection checks are made before any
memory cycle is started; A protection violation terminates the
offending memory cycle and generates an exception.
Numerous benefits can also be seen during the software
development process. Any illegal memory reference made by
the developed application can be blocked and analyzed by a
debugger while ensuring the stability of all other software
development tools. (compiler, profiler etc.)

Virtual Mode
The desire to allow execution of MS-DOS applications under
the control of a protected-mode environment, (such as
Windows) has led for the inclusion of virtual-mode to all of
Intel's 32 bit processors. When the processor is running in
virtual-mode, it behaves as if it were an 8086 equipped with
protection, multitasking and paging support. Note that virtual-
mode is not an entirely new processor operating environment
but instead a property which can be applied on a per-task
basis. A virtual-mode task can be executed along-side other
tasks on the system including those which were written to
fully utilize protected-mode features.
Unfortunately, MS-DOS applications were not designed to run
under a multitasking environment and therefore assume full
ownership of the system. Such applications could bring the
entire system to a halt if, for instance, they clear the processor
interrupt flag (disabling hardware interrupts). To prevent such
disruptions, instructions that affect the state of the interrupt
flag (such as CLI, STI, POPF etc.) cause an exception when
executed by a virtual-mode task. An operating system piece of
code known as the Virtual Machine Monitor handles these
exceptions and emulates the offending instructions. This
ensures a smooth fail-safe operation of both virtual-mode and
protected-mode tasks running on the system.

9/10/2014
11
Debugging Support
When debugging applications, the 80386 comes to your aid by
providing a set of configurable debug registers. Setting a
breakpoint is done by updating one of the debug registers
with the desired memory address and specifying the type of
processor cycle which should trigger the breakpoint. When
the breakpoint is hit, an exception is generated and the
debugger can gain control to display information regarding the
developed application and the processor internal state.
The debugging support on the 80386 supersedes the old 8086
mechanism which required a modification to the instruction
stream in order to set a breakpoint inside application code.