cdp ece 291 -- spring 2000 ece 291 spring 2000 lecture 8: real & protected mode paging and...

CDP ECE 291 -- Spring 2000

ECE 291

Spring 2000

Lecture 8:

Real & Protected Mode

Paging and Virtual Memory

Constantine D. Polychronopoulos

Professor, ECE

Office: 463 CSRL


Real Mode Addressing

- Up to 1Mb of addressable memory. Address is always computed by <segment reg: displacement> where each of the two can be 16-bits.

- Segment register is always extended with a 0H at the right end.

- Hence: up to 20 bits of address => 1Mb of memory

- Segments (or paragraphs) are always 64Kb

16-bit Default Segment + Offset address combinations:

Segment Offset Special Purpose CS IP Instruction address

SS SP or BP Stack address

DS BX, DI, SI, Data addressan 8- or 16-bit number

ES DI for string ops String destination address


Real Mode

Segment Offset Special Purpose CS EIP Instruction address

SS ESP or EBP Stack address

DS EBX, EDI, ESI, Data addressEAX, ECX, EDX,an 8- or 32-bit number

ES DI for string ops String destination address

FS No default General address GS No default General address

32-bit Default Segment + Offset address combinations:

=>In 386-Pentium III, never place a number > FFFFH in an offset register I when operating in real mode


Real Mode (cont.)

• Up to 4 64Kb-segments for < x286 - up to 6 segments for >= x386

• Program can use any arbitrary number of segments but only 4/6 can be addresses simultaneously at any given time

• Note: If a user segment does not use all 64Kb of memory segment regs can be initialized so that segments can overlap - it’s your responsibility to assure the overlap does not create unwanted side-effects!

• DOS or any OS is responsible for linking and loading a user program, figuring out the code-data-stack segments, dynamic data area, and initializing the corresponding segment registers.


Example of Overlapping Segments

OS& drivers00000

0908F

Code090F CS090F0

0A0EF

Data0A0F DS0A0F0

0A27F

Stack0A28 SS0A280

0A47F0A480

FFFFFMemory

Stack

Code

Data

Conceptual overlap


Real Mode (cont.)

• Segment registers allow programs to be written using only offset address and still be relocated anywhere in memory: all we need to do to move a code/data/stack segment is to change the corresponding segment register - all offset addresses remain same.

• Relocation of code and data is very important for:

– up/downward compatibility

– write programs without concerned about the memory size of the particular machine they execute on

– moving programs around in memory and allowing multiple programs to run simultaneously

• Segment regs are used to address real memory addresses in Real Mode only.

• The result is similar to Virtual Memory (in ECE 312)


Protected Mode: >= x386• In protected mode (where memory is much larger) we have yet

another indirection: Segments are still 64K large but now segment regs no longer point to memory directly - they point to descriptors which then point to the beginning of a segment in memory.

• The drawback is a more expensive address translation mechanism

• But the benefit is that we can relocate any segment anywhere in 4Gb space, customize access rights to each segment, share segments with different programs/applications, etc.

• NOTE: Protected mode does NOT require any change in the application either (unless you customize protection rights) since the indirection is handled automatically by the linker/loader.


Protected Mode: General

• In PM, segment point now to descriptor tables - which then give us the starting address of the segment

• Each DT contains 8K (8,192) descriptors where each descriptor is an 8-byte quantity that describes a memory segment. There are two DT:

– Global (or System) descriptor

– Local (or application) descriptor

• Therefore we have up to 16K (2 x 8,192) memory segments that can be addressed in PM by each application.

• The two DTs reside in memory and take up a max of 64Kb of memory (8b x 8K).


Limit (L15-L0)

Base (B15-B0)

Access rights

Base(B23-B16)

0000000000000000

80286 Descriptor

Limit (L15-L0)

Base (B15-B0)

Access rights

Base(B23-B16)

LimitL19-L16

BaseB31-B24

G D 0AV

386-Pentium III Descriptor

Format of Descriptors in PM:

- Each descriptor is 8 bytes long- Base is the base address of segment in memory: in x286 it’s 24-bits but in x386+ it can be 32-bits. (Smallest mem. granularity is 4Kb so in x386+, least significant 12 bits can be ignored in Base => 24+21=32 bit addresses)- Limit is the last offset in segment: i.e. variable size segments in PM. In x286 limit is 16-bits bit in x386+ it is 20bits. e.g. - x286: Segment begins at F00000H and ends at F000FFH => it has base F00000H and has a limit of 00FFH. e.g. - x386: same segment would begin at 00F00000H and will have a limit of 000FFH (20 bits)


PM: Descriptor Format

Limit (L15-L0)

Base (B15-B0)

Access rights

Base(B23-B16)

LimitL19-L16

BaseB31-B24

G D 0AV

386-Pentium III Descriptor G - granularity bit: Specifies the size of segment incremets:

- G=0 => Limit specifies a segment limit of 00000H to FFFFFH

- G=1 => Limit specifies a segment limit of 00000XXXH to FFFFFXXXH

(G=1 allows a segment length of 4Kb-4Gb in increments of 4Kb)

Example 1: Base =Start= 10000000H G=0 End=Base+Limit=10000000H + 001FFH = 100001FFH

Example 2: Base =Start= 10000000H G=1 End=Base+Limit=10000000H + 001FFXXXH = 101FFFFFH

The extension XXX can take any value from 000 to FFF


PM: Descriptor Format (cont.)

Limit (L15-L0)

Base (B15-B0)

Access rights

Base(B23-B16)

LimitL19-L16

BaseB31-B24

G D 0AV

386-Pentium III Descriptor AV - bit: Specifies whether the segment is available or not.

D-bit: Specifies how memory is accessed in RM or PM

- D=0 => Default: 16-bit instructions, offsets and registers

- D=1 => Default: 32-bit instructions, offsets and registers

NOTE: The default of register size and offset size can be overridden in both 16- and 32-bit instruction modes.

Access Rights byte: Specifies access rights, access violation actions, direction of growth (for data segments) - e.g., shared code segments

Descriptor Selector TI RPL

Segment Register in PM:RPL=requested privilege level (00-highest, 11-lowest)

TI=0 => Global descriptor tableTI=1 => Local descriptor table

Selects one of 8,192 descriptors in global or local description tables


How do we access DT in PM?

• In PM registers contain offsets into the DT (or selectors), not segment addresses (which are contained in the descriptors)

• The processor “knows” where to find the DT: a special register, GDTR (invisible) keeps the base address of the DT.

• Each time a segment register changes (indicating that a new segment is to be accessed => a DT access is needed) the following actions take place:

– GDTR + segment reg => address in memory from where to get Descriptor

– Descriptor (Base, Limit, Access) is fetched in an invisible register in the processor (descriptor cache) where it’s kept so that DT is not accessed with each memory access (too expensive)

– When a segment register is reloaded the corresponding DT cache entry is invalidated


System (Invisible) Registers

• Besides a GDTR and a LDTR there are 10 descriptor caches (i.e. registers that cache DT entries)

• Also, there is a task register, TR, which holds a selector of a descriptor that defines a task (i.e. a procedure, or application). The TR allows a context (task) switch in only 17μs.

• TR allows switching from one application program to another in a short period of time. This is also known as multiprogramming, multitasking, or time-sharing.

• TR points to a descriptor in the global descriptor table.


PAGING

• Paging: Maps a virtual to a physical address:

– Linear (virtual) address ==> physical address

• Paging also extends the “size” of memory beyond that of physical memory (DRAM). The principle works by fetching and keeping in memory only those segments that are currently accessed to make progress in the execution. All other code/data may be in disk (linear addresses that are not currently present in physical memory).

• Why paging? Because segmentation is not enough to allow multiple applications to reside in memory at the same time and thus execute “together” - the reason is that we need separate segment registers for each application but we also need to make sure that different application segments map to different physical memory segments. This, would severely limit the # of apps that can run together as well as the range of memory they could address: no longer relocatable!

• Paging solves all of the above problems!


Paging (cont.)

• Memory Management Unit MMU (or memory paging unit - MPG) translates linear to physical addresses.

• Paging is controlled by the (invisible) control registers that keep the location of the mapping tables known as the page table directory (PTD) and the page map tables (PMT). The address translation process then follows the steps:– Use a control register to get the base of PTD– Use MSBs of the linear address as an offset into PTD to get entry– Entry gives the base of the PMT for this application. Add to it the

next MSBs of the linear address to get entry of PMT. – This entry gives the location in physical memory of the base of the

segment we want to access. Add to it the LSBs of the linear address to form the byte address of data or instruction to acceess.

• Paging works with real and with protected mode


Paging - Control Registers

• Control registers: CR0-CR3 (and in Pentium CR4) are 32b regs. Bit 0 (MSB) of CR0 is used to set paging on/off. If CR0(0)=0 the linear address is also the physical address. Otherwise, paging is enabled.

• CR3 has the page directory page address - there is only one page directory in the entire system with up to 1,024, 32-bit entries.

• Each entry in the page directory points to a page table. Each page table contains up to 1,024, 32-bit entries, each pointing to a physical memory page (segment).

• Thus, we have up to 220 x 4bytes = 4Mb of physical memory reserved only for the PMT -- way too much!

• Usually, a PMT is needed for each active application, and in practice there are only a few PMTs. However, the 4Kb space for the page directory must be reserved and available.


Paging: Address Translation

Directory2231

Page Table

21 12

Offset

11 0

Linear (virtual) address:

CR3 (Page directory base)

Address1231

Control bits

6 0PMT entry - points to base of

memory (page) segment:

Page Table base address

32-bit Physical Address

This is what used to be the Segment Register in RM


Paging Examples

- Range of linear addresses that map to 1st entry of page directory: Answer: 00000000H - 003FFFFFH (or 00000000000…. - 00000000001111….)

- What range of memory can be mapped for each directory entry?Answer: Each entry is base of a 1K-entry page table. Each of these entries points to base of a 4Kbyte of memory => 1K x 4Kb = 4Mb

- Accessing memory and performing all these operations for each linear address generated by a program would be prohibitively expensive!

Solution: Translation Lookaside Buffer (TLB) contains the 32 most recent <linear-to-physical> translations. When an new addr. references one of the 32 most recent 4Kb segments, the mapping is available in the TLB and we need not compute it. This speeds up computation significantly. Also, due to temporal/spatial locality TLB hits account for the great majority of translations!!


Recall Instruction Format:

OPCODE:

D - Direction of data transfers:- D = 0: data transfers from R/M field to Register - D = 0: data transfers TO the Register from R/M field in next byte

W - Data size:- W=0: data size is a byte- W=1: data size is a word/double word

| | | | | | D|W


MOD: Selecting Addressing Mode

- MOD field: 1 byte that specifies the addressing mode + enables/disables displacement.

MOD REG R/M 2 3 3

MOD Format00 No displacement01 8-bit sign-extended disp.10 16-bit displacement11 R/M is a register

- Only when MOD=11 => R/M field is a register specifier


REG: Specifying the Register in Register Assignment

MOD REG R/M 2 3 3

Code W=0: Byte W=1: word or doubleword000 AL AX or EAX

001 CL CX or ECX

010 DL DX or EDX

011 BL BX or EBX

100 AH SP or ESP

101 CH BP or EBP

110 DH SI or ESI

111 BH DI or EDI


Code Address Function000 DS: [BX+SI]001 DS: [BX+DI]010 SS: [BP+SI]011 SS: [BP+DI]100 DS: [SI]101 DS: [DI]110 SS: [BP]111 DS: [BX]

R/M Field: Selecting Addressing Mode

-If MOD is 00, 01, 10, then R/M does not specify a register operand, but memory addressing mode:

Examples:

1. If MOD=00 and R/M=101:

addressing mode is [DI]

2. If MOD=01 and R/M=101

addressing mode is [DI +disp]

3. If MOD=10 and R/M=101

addressing mode is disp1[DI+disp2]


Example 1

The instruction 10001011 11110010 (or 8BF2H) has:

OPCODE=100010 indicates a MOV

D=1 indicates that data flows into register

W=1 indicates word or doubleword data

MOD=11 indicates that the R/M field also specifies a register

REG=110 indicates SI and

R/M=010 indicates DX

Therefore: MOV SI, DX


Example 2

The instruction 10001010 00010101 (or 8BF2H) has:

OPCODE=100010 indicates a MOV

D=1 indicates that data flows into register specified in REG

W=0 indicates byte

MOD=00 no displacement

REG=010 indicates DL

R/M=101 indicates addressing mode [DI]

Therefore: MOV DL, [DI]

cdp ece 291 -- spring 2000 ece 291 spring 2000 lecture 8: real & protected mode paging and...

Documents