SUBJECT CODE : 210954 As per Revised Syllabus of SAVITRIBAI PHULE PUNE UNIVERSITY Choice Based Credit System (CBCS) S.E. (Computer) Semester - IV CROPROCESSOR Atul P Godse MS. Softw B.E. Industrial Electronics ystems (BITS Pilani) Formerly Lecturer in Department of Electronics Engg. Vishwakarma Institute of Technology Dr. Deepali A. Godse M.E., Ph.D. (C Head of Informal ‘omputer Engg.) ‘ology Department, Bharati Vidyopeeth's Colleg ing for Women, Pune =" TECHNICAL | <% PUBLICATIONS | { smeesso ‘An Up-Thrust for Knowledge \ @MICROPROCESSOR Subject Code : 210254 S.E. (Computer Engineering) Semester - IV © Copyright with Authors All publishing rights (printed ond ebook version) reserved with Technicol Publications. No part ofthis book Published oy PUBLICATIONS Printer Yogi) Pontes & Bindes SNo. 10/14 Ghule Indus Estate, Nanded Vilage Road Ta, - Havel, Dat. - Pune - 41104 ISBN 978-81-947993-9.9 9788194799299 awPREFACE The importance of Microprocessor is well known in various engineering fields Overwhelming response to our books on various subjects inspired us to write this book The book Is structured to cover the key aspects of the subject Microprocessor. The book uses plain, lucid language to explain fundamentals of this subject. The book provides logical method of explaining various complicated concept me s and stepwise hods to explain the important topics. Each chapter is well supported with necessary illustrations, practical examples and solved problems. All the chapters in the book are arranged in a proper sequence that permits each toj lier studies. All een taken to make students comfortable in understanding the basic concepts ic to build upon e care has of the subject Representative questions have been added at the end of each section to help the students in picking important points from that section The book not only covers the entire scope of the subject but explains the philosophy of the subject. This makes the understanding of this subject more clear and makes it more interesting. The book will be very useful not only to the students but also to the subject teachers. The students ha e to omit nothing and possibly have to cover nothing more. We w h to express our profound thanks to all those who helped in making this book a reality. Much ne ded moral support and encouragement is provided on humerous occasions by our whole family. We wish to thank the Publisher and the entire team of Techni cal Publications who have taken immense pain to get this book in time with quality printing Any suggestion for the improvement of the book will be acknowledged and well appreciated Authors A. P. Godse Dy. D. A. Godse Dedicated to Neha & Rutura,SYLLABUS Microprocessor - (210254) C Scheme jemester (TH) : 30 Marks 03 End_Semester (TH) : 70 Marks UnitI —_ Introduction to 80386 Brief History of Intel Processors, 80586 DX Features and Architecture, Programmers Model Operating modes, Addressing modes and data types. Applications Instruction Set ; Data Movement Instructions, Binary Arithmetic Instructions. Decimal Arithmetic Instructions, Logical Instructions, Control Transfer Instructions, String and Character Transfer Instructions, Instructions for Block Structured Language, Flag Control Instructions, Coprocessor Interface Instructions, Segment Register Instructions. Miscellaneous Instructions. (Chapter s- 1,9) Unit Il Bus Cycles and System Architecture Initialization « Processor State after Reset, Functional pin Diagram, functionality of various pins, /O Organization, Memory Organization (Memory banks), Basic memory read and writes cycles with timing diag Systems Architecture - Systems Registers (Systems flags, Memory Management regist Control registers, Debug registers, Test registers), System Instructions. (Chapter - 3) Unit II_ Memory Management Global Descriptor Table, Local Descriptor Table, Interrupt Descriptor Table, GDTR, LDTR, IDTR Formats of Descriptors and Selector, Segment Translation, Page Translation, Combining ment and Page Translation. (Chapter - 4)UnitIV Protection Need of Protection, Overview of 80386DX Protection Mechanisms : Protection ri \gs and level: Privileged Instructions, Concept of DPL, CPL, RPL, EPL. Inter privilege level transfers using Call jates, Conforming code segment, Privilege levels and stacks, Page Level Protection, Combining egment and Page Level Protection. (Chapter - 5) UnitV = Multitasking and Virtual 8086 Mode Multitasking - Task State Segment. TSS Descriptor. Task Register. Task Gate Descriptor. Task Switching, Task Linking, Task Address Space. Virtual Mode - Features, Memory management in Virtual Mode . Entering and leaving Virtual mode. (Chapters - 6, 7) Unit VI Interrupts, Exceptions, and Introduction to Microcontrollers Interrupts and Exceptions : Identifying Interrupts. Enabling and Disabling Interrupts, Priority among Simultaneous Interrupts and Exceptions, Interrupt Descriptor Table (IDT), IDT Descriptors, Interrupt Tasks and Inte pt Procedures, Error Code, and Exception Conditions, Introduction to Microcontrollers : Architecture of typical Microcontroller, Difference between Microprocessor and Microcontroller, Characteristics of microcontrollers, Application of Microcontrollers. (Chapters - 8, 9)TABLE OF ee Chapter - 1 Introduction to 80386 (1 - 1) to (1 - 24) 1-2 1.1 Brief History of Intel Processors ........ 1.2 80386DxX Features. a5 1.3 80386Dx Architecture... 1.4 Programmers Model 1-9 1.4.1 General Purpose / Multipurpose Registers ..... shut.dga'240 1.4.2 Special - Purpose Registers . A o ee LL 1.4.3 EFLAGS 1-11 1.4.4 Segment Registers : 3 Be Paey Ped 1.4.4.1 CS (Code Segment) and CS Register 1-14 1.4.4.2 DS (Data Segment) and DS Register 1-14 1.4.4.3 €5 (Extra Segment) and ES Register 1-15 1.4.4.4 8S (Stack Segment) and SS Register 1-15 1.4.45 FS and GS ; 4-15 1.4.5 Segments and Offsets. 1-15 1.5 Operating Modes... 1.6 Addressing Modes 1.6.1 Immediate Operands agent eas Send ABW? 1.6.2 Register Operands ......... 3 : fs 1-18 1.6.3 Memory Operands 1-18 1.7 Data Types... Chapter-2 Applications Instruction Set (2 - 1) to (2 - 58) 2.1 Introduction..... 2-2 2.1.1 Data Movement Instructions 2-22.1.2 Binary Arithmetic Instructions. 2.1.3 Decimal Arithmetic Instructions BLA Logical nstructionss isa /enysPouride > save oapealieiinaieve tote 2.1.5 Control Transfer Instructions 2.1.6 String and Character Translation Instructions 2.1.7 Instructions for Block-Structured Languages ...........006eeeeee 2.1.8 Flag Control Instructions 2.1.9 Coprocessor Interface Instructions 2.1.10 Segment Register Instructions. 2.1.11 Miscellaneous Instructions 2.2 Instruction Set of 80386. Chapter-3 Bus Cycles and System Architecture (3 - 1) to (3 - 36) 3.1 Initialization 3.2 Processor State after Reset..... 3.3 Functional Pin Diagram....... 3.3.1 Memory/IO Interface Signals, 3.3.2 Interrupt Interface Signals 3.3.3 DMA Interface Signals 3.3.4 Coprocessor Interface Signals 3.4 1/0 Organization ... 3.4.1 1/0 Mapped 1/0 3.4.2 Memory Mapped I/O .......cccccccceeeeeeeeeeeeeeeeeeeees 3.5 Memory Organization (Memory Banks)... 3.6 Basic Memory Read and Writes Cycles with Timing Diagram... 3.6.1 Non-Pipelined Bus Cycles 3.6.2 Pipelined Bus Cycles 3.6.3 Idle State in Pipelined Bus Cycles 3.6.4 Bus Cycle with Wait State 3-2 3-17 3-18 3-18 -.3-19 3-203.6.5 Non-Pipelined Read Cycle 3-20 3.6.6 Non-Pipelined Write Cycle..... z _ ity: 3 22 3.6.7 Non-Pipelined Read / Write Cycles.........0sceseeeevseeeeeerev seen 3-24 3.7 Systems Architecture 3-26 3.8 Systems Registers 3.8.1 System Flags - EFLAGS 3-27 3.8.2 Memory-Management (System Address) Registers ; wee 3227 3.8.3 Control Registers? co one pove-yeh veers yee nue htewevitoat ee 3-27 3.8.4 Debug Registers 3-29 3.8.5 Test Registers : . SeyeF 8h 3.9 Systems Instructions Unit - TT Chapter - 4 Memory Management (4 - 1) to (4 - 28) 4.1 Address Translation Overview 4-2 4.2 Segment Translation 4-3 4.2.1 Selector 4-3 4.2.1.1 Index Part 4-3 4.2.1.2 Requester's Privilege Level (RPL) 4-3 4.2.1.3 Table Indicator (TI) 4-4 4.2.2 Global Descriptor Table (GDT) and Local Descriptor Table (LOT) 4-4 4.2.3 Segment Descriptor ......... 7 ee As dy tat te AES 4.2.4 General Format of Descriptor 4-6 4.2.5 Types of Segment Descriptors and Their Formats 4-8 4.2.5.1 Non-system (Code and Data) Segment Descriptor 4-8 4.2.5.2 System Segment Descriptors 4-11 4.2.6 Descriptor Tables - GDT, IDT and LOT ........sseceeeeeeeeeeeesen eee es 4-12 4.2.7 Descriptor Registers - GDTR, LOTR and IDTR ores cee Ae 1d 4.2.7.1 Global Descriptor Table Register (GDTR) 2 4-14 4.2.7.2 Interrupt Descriptor Table Register (/DTR) . 4-15 wii)4.2.7.3 Local Descriptor Table Register (LOTR) 4.2.8 Segment Registers and Segment Descriptor Cache 4.3 Page Translation 4.3.1 Page Tables 4.3.2 PDE Descriptor 4.3.3 PTE Descriptor 4.3.4Translation Lookaside Buffer/Page Translation Cache 4.4 Combining Segment and Page Translation 4-15 4-17 4-20 4-22 4-22 4-24 4-25 4-27 Chapter-5 Protec! 5.1 Need of Protection ... 5.2 Overview of 80386Dx Protection Mechanisms........ 5.3 Segment Level Protection... 5.3.1 Type Checking 5.3.2 Limit Checking 5.3.3 Protection Levels - Privilege Level Protection 5.3.4 Concept of DPL, CPL, RPL and EPL 5.3.4.1 Restricting Access to Data 5.3.4.2 Accessing Data in Code Segments 5.3.4.3 Restricting Control Transfers 5.3.5 Changing Privilege Levels 5.3.5.1 Conforming Code Segment 5.3.5.2 Inter Privileged Level Transfers using Call Gates 5.3.6 Stack Switching .........ccceseeseseeeeesereeees 5.4 Page Level Protection .... 5.4.1 Restricting Addressable Domain 5.4.2 Type Checking 5.5 Combining Segment and Page Level Protection 5.6 1/0 Protection (5 - 1) to (5 - 20) -2 sade ade sntlbgnies 3D Es -5-16 -.5-165.6.11/0 Privilege Level 5.6.2 1/0 Permission Bit Map 5.7 Privilege and I/O Sensitive Instructions 5.7.1 Privileged Instructions 5.7.2 IOPL Sensitive Instructions. 5-17 5-17 5-19 5-19 5-19 Chapter - 6 Multitasking 6.1 Introduction... 6.2 Task State Segment....... 6.3 TSS Descriptor. 6.4 Task Register...... 6.5 Task Gate Descriptor 6.6 Task Switching 6.6.1 Task Switching without Task Gate 6.6.2 Task Switching with Task Gate. . 6.7 Task Linking... 6.8 Task Address Space... 6.8.1 Task Linear-to-Physical Space Mapping 6.8.2 Task Logical Address Space (6 - 1) to (6 - 16) 1-2 6-11 12 6-13 6-14 6-15 Chapter-7 Virtual 8086 Mode Tel Features cssccsees 7.2 Executing 8086 Code ..... 7.2.1 Registers 7.2.2 Instructions 7.3 Memory Management in Virtual Mode.. 7.3.1 Linear Address Formation ........sse+000008 7.3.2 Structure of V86 Task (7 - 1) to (7 - 10) wn 27.3.3 Using Paging for V86 Tasks. 7-6 7.3.4 Protection within a V86 Task : ‘ 7-6 7.4 Entering and Leaving Virtual 8086 Mode ... 7-7 7.4.1 Entering 8086 Virtual Mode 7-7 7.4.2 Leaving 8086 Virtual Mode ... s BAnR? é aanapane hay, 7.5 Difference between Real, Protected and Virtual 8086 Modes... Chapter-8 Interrupts and Exceptions (8 - 1) to (8 - 20) 8.1 Introduction. 8-2 8.2 Identifying Interrupts..... 8-3 8.3 Enabling and Disabling Interrupts......cssssscsstseeuteneenensneneenetstees® = 4 8.3.1 NMI Masks Further NMIs 8-4 8.3.2 IF Masks INTR .... b é vedtaseaaaieB=4 8.3.3 RF Masks Debug Faults. : tes - . . 8-4 8.3.4 MOV or POP to SS Masks Some Interrupts and Exceptions 8-4 8.4 Priority Among Simultaneous Interrupts and Exceptions... 8-5 8.5 Interrupt Descriptor Table Lays Beb 8.6 Interrupt Tasks and Interrupt ProcedUres ..cissvscssieenisnenentet 8-8 8.6.1 Interrupt Procedures . . 8-8 8.6.1.1 Stack of Interrupt Procedure 8-9 8.6.1.2 Trap Gate Vs Interrupt Gate d t 8-9 8.6.1.3 Returning from an interrupt Procedure a 8-10 8.6.2 Interrupt Tasks ... weeee See eee eee eee 8-11 8.7 Error Code ; ‘ : mre neinentedi Ai Rae cana. 8.8 Exception Conditions 8-13 Chapter-9 Introduction to Microcontrollers (9 - 1) to (9 - 32) 9.1 Microcontrollers and Embedded Processors 9-29.1.1 Comparison between Microprocessor and Microcontroller: 9.1.2 Different Types of Microcontrollers 9.1.2.1 Embedded Microcontrollers. 9.1.2.2 External Memory Microcontrollers 9.1.3 Criteria for Selecting Microcontroller... 9.1.4 Applications of Microcontroller. 9.2 Features of 8051 Microcontroller 9.3 Block Diagram of 8051 Microcontroller ...cccsocseeee 9.4 Register Organization of 8051 Microcontroller 9.4.1 Aand B Registers . 9.4.2 Data Pointer (DPTR) 9.4.3 Program Counter 9.4.4 8051 Flag Bits/PSW Registers 9.4.5 Special Function Registers ...........200005 9.4.6 Stack and Stack Pointer 9.5 Pin Diagram of 8051 ..... 9.6 Memory Organization sense sales 9.6.1 Internal RAM Organization 9.6.1.1 8051 Register Banks (Working Registers) . 9.6.1.2 Bit / Byte Addressable 9.6.1.3 General Purpose RAM 9.6.2 ROM Space in the 8051 9.7 External Memory Interfacing... 9.7.1 External Program Memory. 9.7.2 External Data Memory 9.7.3 Accessing External Data Memory in 8051C 9-21 9-21 9-21 9-22 29-24 9-26 Microprocessor Laboratory (L- 1) to (L- 62) Solved SPPU Question Papers (S - 1) to (S - 10) Solved Model Question Papers (S - 11) to (S - 14)UNIT - I | 1 | Introduction to 80386 Syllabus Brief History of Intel Processors, 80386 DX Features and Architecture, Programmers Model, Operating modes, Addressing modes and data types. Contents 1.1. Brief History of Intel Processors 1.2 80386DX Features May-10,13, 1.3 80386DX Architecture May-2000,06,11,12,13, Dec.-05,11,13, Nov.-12, Programmers Mode! Dec.-03,14,19, May-10,13,19, Operating Modes Addressing Modes Dec.-14,17, May-18, Data Types May-14,19, (1-1)Microprocessor 1-2 Introduction to 80386 EEE Brief History of Intel Processors * The world’s first microprocessor, the Intel 4004, was a 4-bit microprocessor. (A bit is a bi ary digit with a value zero or one and bit microprocessor 2bit address lines to access 4096 4-bit wide memory locations. The 4004 microprocessor means the microprocessor can process 4-bit word in one cycle. It has has only 45 instructions. © The Intel released the 4040, as updated version of 4004 with enhancement in speed, and without any improvement in word length and memory size. * In 1972 announced the 8008, 8-bit and faster version of 4004. This version came up with expanded memory size upto 16 kbytes and additional instructions to make total of 48 instructions. (A byte is 8-bit binary number and a K is 1024). * In 1974 Intel came out with 8080 was a considerable improvement over its predecessors * The 8080 had a much larger instruction set and since NMOS technology used, it is much faster than 8008. + In 1977, Intel introduced updated version of 8080-8085. * The Table 1.1.1 shows the improvement of 8080 over 8008 and 8085 over 8080. Parameter Processor 8008 8080 8085, Speed Requires 20 us for nires 2 js for Requires 1.3 us for execution one execution one execution of one instructi r instruction instruction (10 times faster) Memory size 16 kbytes 64 kbytes 64 kbytes (4 times more) TTL compatibility Not directly compatible | Compatible Compatible Interfacing, More costly and Fasier and less More easier and less complex expensive expensive as it contains intemal clock generator and internal system controller Table 1.1.1 * The next generation was 8086 processor, a 16-bit processor, with advanced architey jure and instruction set. At the same time Intel introduced processor 8088. The 8088 is an 8-bit version of the 8086 which has fewer data lines but retains all of the processing features of the 8086. The programs that run on 8088 will also run, without modification on the 8086. The 8086/88 pair were the first members of TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-3 Introduction to 80386 iAPX 86, family of microprocessors. This pair has 20 address lines to address upto 1 Mbyte of memory (1 Mbyte = 1024 kbyte) and also supported with 4 or 6 byte instruction queue to implement pipelining feature. (Feature of tching the next instruction while the current instruction is executing is called pipelining). This pair belongs to CISC (complex instruction set computers) because of the number and complexity of instructions. J, the 80186/88 very similar to 8086/8088 included many useful peripheral 1/O functions as an integral * In 1983 the next version was announce pair. The 80186/ part of the microprocessor. The improved instruction set of 80186/88. supports these peripheral I/O functions. Although the 80186 provided increased functionality, it maintained compatibility with the 8086, ensuring that it could execute 8086 programs. * After 80186/88, Intel has announced 80286, which is 16-bit processor like 8086, The 80286 was the first family member designed specifically for use as a CPU in a multi-user microcomputer. It contains many advanced modes of operations not supported by 8086. The 8028 boosted a new mode of operation-protected mode. Due to this the entire concept of emory segmentation was changed. The virtual memory management circuitry were included in the 80286, which allow an 80286 to operate in either real address mode or protected virtual address mode. * In 1986, the next advanced processor, the 80386DX, was introduced. As expected, 80386DX is faster than any of its predecessors, with a minimum operating frequency of 16 MHz. It is an 32-bit processor with 32-bit register set, address bus and data bus. Internal Chip Introduction Data bus Address bus Number of cache instructions executed memory per second es 4004 v7 4 8 50000 * 8008 972 8 8 50000 _ soso 74 8 16 0000 3 8085) 197 8 16 769230 x 8086/88, 1978 16/8 20 million - 80186/188 1982 16/8 20 TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMier Introduction to 80386 processor 1983 16 pr 4.0 million = 0386DX 1986 2 25 million 803868X 1988 16 24 25 million 8K 486DX 1989 32 32 50 million (With coprocessor) 8K 804868x 1989 2 2 50 million (Without coprocessor) Table 1.1.2 80X86 family tree During 1988, an “economy version” of the 80386, called the 80386SX was introduced by Intel. This processor had the same outside connections as the 80286, but inside it was a modes, The Table 1.1.2 shows the 80X86 family tree 86-processor supporting the 386’s expanded instruction set and various operating Early in 1989, Intel introduced the 80486DX, the more highly integrated microprocessor with built-in coprocessor. Meanwhile, Intel has also developed step-down version 80486SX (without coprocessor and lower clock speed). The Pentium, introduced in 1993, was similar to the 80386 and 80486 microprocessors. It contained larger internal cache and data bus width is extended to 64-bit. The Table 1.1.3 shows the comparison between various pentium processors. Processor Released Databus Memory Licache 12 Bus year width size Data-Code cache transfer speed Pentium 60 MHz, 1993 oA 8K-8K = - 60-66 MHz 66 MHz 120 MHz 133 MHz, 233 MHz Pentium Pro 1995 oA 64 GByte 256K 60 - 66 MHz 150-166 MHz, Pentium 11 350 MHz 1997 64 64GByte. 16K -16K K 100 MHz 400 MHz 0 MHz. Pentium IL Xeon 1998, 64 64GByte 16K-16K 512K or 100 MFtz 1M ECHNICAL PUBLICATIONS” n up thrust for knowledgejoprocessor 1-5 Introduction to 80386 Pentium III 1 GHz 1998 ot 64GByte 16K-16K 512K 100 MHz Slot 1 version Pentium Il 1 GHz 1998 64 64 GByte 16K-16K 256K 100 MHz Flip chip version Pentium Il 1 GHz 1998 64 64 GByte 16K-16K 256K 66 MHz Celeron Pentium IV 1.3 GHz 2000 64 64 GByte 1.4 GHz. 1.5 GHz, 256K 100 MHz Table 1.1.3 Comparison between pentium processors Pentium IV uses the RAMBUS memory technology in place of SDRAM technology used in other pentium proce: 1, Explain in brief history of Intel Processors. ‘sors Sive comparison between 8008, 8080 and 8085 Processors, 3. Give comparison between various Intel Processors [EEE] 80386Dx Features The 80386 processor is available in two different versions, the 80386DX and the 80386SX. The 80386DX has 32-bit address bus and a 32-bit data bus. However, 80386SX has only 24-bit address bus and a 16-bit data bus. 1. The 80386DX is a 32-bit processor. The 32-bit ALU allows to process 32-bit data. 2. It has 32-bit address bus, So it can access up to 4 Gbyte (2° ) physical memory or 64 terabyte (2°) of virtual memory. 3. The 80386DX runs with speed up to 20 MHz instructions per second. 4. The pipelined architecture of the 80386DX, allows simultaneous instruction fetchin; decoding, execution and memory management. Instruction pipelining, a high bus bandwidth and on-chip address translation significantly shorten the average instruction execution time of 80386DX. These architectural design features enable the 80386DX to execute 3 to 4 million instructions per second, 5. It allows programmers to switch between different operating systems such as PC-DOS and UNIX. 6. It can operate on 17 different data types. TECHNICAL PUBLICATIONS™ - An up thrust for knowledgeMicroprocessor 1-6 Introduction to 80386 7. It has built-in virtual memory management circuitry and protection circuitry required to operate an 80386DX in these modes. 8. The 80386DX can operate in real mode, protected mode or a variation of protected mode called virtual 8086 mode. In real mode it functions basically as a fast 8086 or real mode 80286. The protection mode operation provides paging, virtual addressing, multilevel protection and multitasking and debugging capabilities. 9. The 80386DX microproce 80188 and 80286 chips. V will also run under the 80386. GOVE Cu) | 1.3 EVR a Mra SPPU : May-2000,06,11,12,13, Dec.-05,11,13, Nov.-12 or is compatible with their earlier 8086, 8088, 80186, tually anything that runs under these microprocessors The Internal Architecture of 80386DX is divided into 3 sections + Central Processing Unit (CPU) = Execution unit « Instruction decode unit * Memory Management Unit (MMU) = Segmentation unit = Paging unit * Bus Control Unit The central processing, unit is further divided into execution unit and instruction unit. The Memory management unit consists of a segmentation unit and a paging unit. These units operate in parallel. Fetching, decoding, execution, memory management and bus accesses for several instructions are performed simultaneously. This parallel operation is called pipelined instructions processing, Execution Unit The execution unit reads the instruction from the instruction queue and executes the instructions. It consists of three subunits ; Control unit, data unit and protection test unit. 1. Control uni special hardware allows 80386DX to reduce time required for execution of multiply and It contains microcode and special hardware. The microcode and divide instructions. It also speeds the effective address calculation 2. Data unit: The data unit contains the ALU, eight 32-bit general purpose registers and a 64-bit barrel shifter. The barrel shifter is used for multiple bit shifts in one clock. TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1 Introduction to 80386 Thus it increases the speed of all shift and rotate operations. The multiply/divide logic implements the bit-shift-rotate algorithms to complete the operations in minimum time. The entire data unit is responsible for data operations requested by the control unit 3. Protection test unit: The protection test unit checks for segmentation violations under the control of the microcode Instruction Decode Unit The instruction decode unit takes instruction bytes from the code prefetch queue and translates them into microcode. The decoded instructions are then stored in the instruction queue. They are passed to the control section for deriving the necessary control signals. Segmentation Unit The segmentation unit translates logical addresses into linear addresses at the request of the execution unit, The segmentation unit compares the effective address for the length limit specified in the segment descriptor. The segment unit adds the segment base and the effective address to generate linear address. Before calculation of linear address it also checks for access rights. It provides a 4 level protection mechanism for protecting and isolating the system code and data from those of the application program, Paging Unit When the 80386DX paging mechanism is enabled, the paging unit translates linear addresses generated by the segmentation unit or the code prefetch unit into physical addresses. If paging unit is not enabled, the physical address is the same as the linear address, and no translation is necessary. The paging unit gives physical address to the Bus Interface Unit to perform memory and I/O accesses. It organizes the physical memory in terms of pages of 4 kbytes size each The control and attribute PLA checks the privileges at the page level. Each of the pages maintains the paging information of the task. The limit and attribute PLA checks segment limits and attributes at segment level to avoid invalid accesses to code and data in the memory segments. Bus Control Unit The Bus Control Unit is the 80386DX’s communication with the outside world. It provides a full 32-bit bi-directional data bus and 32-bit address bus, The bus control unit is responsible for following operations 1. It accepts internal requests for code fetch and for data transfers from the code fetch unit and from the execution unit. It then prioritize the request with the help of prioritizer and generates signals to perform bus cycles. TECHNICAL PUBLICATIONS® - An up thrust for knowledgeIntroduction to 80386 Microprocessor peg HUN NDIRI%d YUN POD9PAd yun TONED wunlevea uotannsur opannsul ae 3 enon wou [Ys] seisey ges th |_ overs papovag | —x| !04499 apna ° me apo. Bumvenbes| | soe 30 | erpay | 9709 | coasop aerbes| | pta}ele woRoansul apooed Se £9-0q -« 4) sren0sue, snq AQv34 ‘isa Xow sseuppe WN ‘say 10.)U09 nq 2OOT RM a) Aeneas, 'snq joqU0o. 7 / 9uyjedi ey asa | | EHD Kymy | a= a0 sso 7 Letty germ || [Soe rs a «cig | ene ne onseioud espe ape aeoal wun wonnaoxg aed soydu9800 ang seaippe enwOHE von ‘13834 reve ASN HOUYS ==] 4eppy yndur ‘sng sseuppe @ajoey IWN LNT GIO ysanbey, 9 IPE yey yun jenuog sng yun Buibeq up uoREuOWBOS. UN juoweBeuey Kiowoyy Fig. 1.3.1 80386DX architecture communicate with memory and I/O devices. The address driver drives the bus enable and address signal A, 2, It sends address, data and control signals to 0 - Ast and the transreceiver interface the internal data bus with the system bus. @ TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-9 Introduction to 80386 3, It controls the interface to external bus masters and coprocessors, 4. It also provides the address relocation facility Instruction Prefetch Unit The instruction prefetch unit fetches sequentially the instruction byte stream from the memory. It uses bus control unit to fetch instruction bytes when the bus control unit is not performing bus cycles to execute an instruction. These prefetched instruction bytes are stored in the 16-byte code queue. A 16-byte code queue holds these instructions until the decoder needs them. ‘The prefetcher always fetches instructions in the order in which they appear in the memory. In fact, the prefetcher simply reads code one double word at a time, not caring whether it's bringing in complete instructions or pieces of two instructions with each access. When jump or call instructions are executed, the contents of the prefetched and decode queues are cleared out. In this case, prefetcher again starts filling up its queue. Instruction Predecode Unit The instruction predecode unit takes instruction bytes from the instruction prefetch queue and translates them into microcode. The decoded instructions are then stored in the instruction queue. GOMEuAC Cue) 1. Draw the functional block diagram of 80386DX and exp in the main functional units lain the function of central processing unit of 80386DX ment unit of 80386DX. ? Sees 5. What is BIU in 80386 processor ? What are the functions of BIU ? Ses lain the function of memory manag 4. What of prefe e work in JUMP and CALL instruction execut 6. How does 4 SUSE Draco the functional block diagram of 80386DX and explain the main functional units Sos ER] Programmers Model SPPU : Dec.-03,14,19, May-10,13,19 * The programming model of the 80386DX considered to be program visible because its registers are used during application programming and are specified by the instructions. Other registers, are considered to be program invisible because they TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-10 Introduction to 80386 80386DX are not addressable directly during 3t o applications programming, but may EIP \P b used indirectly during syster be used indirectly during system ce programming. Some of them are Ds used to control and operate the ss ES protected memory system. fe. Fig. 1.4.1 illustrates the programming, Gs model of the 80386DX. at EAX aX It consists of EBX BX . a ECX cx = General purpose / Multi-purpose EDX Dx registers 3 15 0 , ESP sP = Special purpose registers eee [ a 7] BP ESI SI = ERLAGS register EDI DI = Segment registers 34 0 eres > Fig. 1.4.1 80386 register set EERE General Purpose / Multipurpose Registers EAX (accumulator) ; EAX is referenced as a 32-bit register (EAX), as a 16-bit register (AX), or as either of two &-bit registers (AH and AL), Note that if an 8 - or 16-bit register is addressed, only that portion of the 32-bit register changes without affecting the remaining bits. The accumulator is used for instructions such as multiplication, division, and some of the adjustment instructions. For these instructions, the accumulator has a special purpose, but is generally considered to be a multipurpose register. The EAX register may also hold the offset address of a location in the memory system EBX (base index) : EBX is addressable as EBX, BX, BH, or BL. The BX register sometimes holds the offset address of a location in the memory system. The EBX also can address memory data, ECX (count) : ECX is a general-purpose register that also holds the count for various instructions. The ECX register also can hold the offset address of memory data, Instructions that use a count are the repeated string instructions (REP/REPE/REPNE); and ift, rotate, and LOOP/LOOPD instructions. The shift and rotate instructions use CL as the count, the repeated string instructions use CX, and the LOOP/LOOPD instructions use either CX or ECX, TECHNICAL PUBLICATIONS = An up thrust for kn wedgeMicroprocessor 1-19 Introduction to 80386 * EDX (data) : EDX is a general-purpose register that also holds a part of the result from a multiplication or part of the dividend before a division. This register can also address memory data * EBP (base pointer) : EBP points to a memory location for memory data transfers. This register is addressed as either BP or EBP. + EDI (destination index) ; EDI often addresses string destination data for the string instructions. It also functions as either a 32-bit (EDI) or 16-bit (DI) general-purpose « ESI (source index) : ESI is used as either ESI or SI. The source index register often addresses source string data for the string instructions. Like EDI, ESI also functions as a general-purpose register. As a 16-bit register, it is addressed as SI; as a 32-bit register, it is addressed as ESI. E24 Special - Purpose Registers © The special-purpose registers include EIP, ESP, EFLAGS; and the segment registers CS, DS, ES, SS, FS, and GS. + EIP (instruction pointer) : EIP addresses the next instruction in a section of memory defined as a code segment. This register is IP (16 bits) when the microprocessor operates in the real mode and EIP (32 bits) when the 80386 operate in the protected mode. The instruction pointer, which points to the next instruction in a program, is used by the microprocessor to find the next sequential instruction in a program located within the code segment. The instruction pointer can be modified with a jump or a call instruction. * ESP (stack pointer) : ESP addresses an area of memory called the stack, The stack memory stores data through this pointer. This register is referred to as SP if used as a 1é-hit register and ESP if referred to as a 32-bit register EREEH ertacs A Flag is a flip-flop which indicates some condition produced by the execution of an instruction or controls certain operations of the EU. The EFLAG register contains thirteen flags. Fig 1.4.2 shows the bit pattern of the EFLAG register. These flags can be categorized in three different groups 1. Status flags : These flags reflect the state of a particular program 2. Control flags : These flags directly affect the operation of few instructions. 3, System flags : These flags reflect the current status of the machine and which are usually used by operating system than by application programs. TECHNICAL PUBLICATIONS® = An up thrust for kn wledgeMicroprocessor 1-12 Introduction to 80386 (7m — oan) | Lee (Re (por aid Fig. 1.4.2 Bit pattern of EFLAG register Status Flags : The status flags are : CF (Carry Flag), PF (Parity Flag ), AF (Auxiliary carry Flag), ZF (Zero Flag), SF (Sign Flag), and OF (Overflow Flag). These flags indicate some condition produced by the exe ition of arithmetic or logical instructions. These flags provide necessary information for arithmetic and logical control decisions. CF (Carry flag): This bit is set by arithmetic instructions that generate either a carry or a borrow. This bit can also be set, cleared, or inverted with the STC, CLC or CMC instructions, respectively. Carry fl contain the bit shifted or rotated out of the register is also used in shift and rotate instructions to PF (Parity flag) : The parity bit is set by most instructions if the least significant 8-bit of the result contain even number of one's. AF (Auxiliary carry flag) : This bit is set when there is a carry or borrow after a nibble addition or subtraction, respectively. The programmer can’t access this bit directly, but this bit is internally used for BCD arithmetic, ZF (Zero flag) : Zero flag is set to 1, if the result of an operation is zero. SF (Sign flag) : ‘The signed numbers are represented by combination of sign and magnitude. The Most Significant Bit (MSB) indicates sign of the number, For negative number MSB is 1. Sign flag is set to 1, if the result of an operation is negative (MSB = 1) OF (Overflow flag) : In most complemented arithmetic, nificant bit is used to represent sign and s——~ remaining bits are used to represent magnitude of a Hear number (see Fig. 14.3). This flag is set if the result of @ gig 4.4 sign and magnitude signed operation is too large to fit in the number of bits representation available (7-bits for 8-bit number) to represent it For example, if you add the 8-bit signed number 01110110 (+118 decimal) and the 8-bit signed number 00110110 (+54 decimal). The result will be 10101100 (+172 decimal) TECHNICAL PUBLICATIONS® « An up thrust for knowledgeMicroprocessor 1-13 Introduction to 80386 which is correct binary result, But in this case, it is too large to fit in the 7-bits allowed for the magnitude in an 8-bit signed number. The overflow flag will be set after this operation to indicate that the result of the addition has overflowed into the sign bit Control Flags DF ( Direction flag) : The direction flag controls the direction of string operations When the D flag is cleared these operations process strings from low memory up towards high memory. This means that offset pointers (usually SI and DI) are incremented by 1 after each operation in the string instructions when D flag is cleared. If the D flag is set, then SI and DI are decremented by 1 after each operation to process strings from high to low memory System Flags VM (Virtual Memory) flag: This fl flag is set, 80386 switches from protected mode to virtual 8086 mode. ig indicates operating mode of 80386. When VM R (Resume) flag/Restart flag : This flag, when set allows selective masking of some exceptions at the time of debugging NT (Nested flag): This flag is set when one system task invokes another task. (ie. nested task). IOPL (UO Privilege level): The two bits in the IOPL are used by the processor and the operating system to determine your application's access to /O facilities. It holds privilege level, from 0 to 3, at which the current code is running in order to execute any W/O related instruction, IF (Interrupt Flag): When interrupt flag is set, the 80386 recognizes and handles external hardware interrupts on its INTR pin. If the interrupt flag is cleared, 80386 ignores any inputs on this pin. The IF flag is set and cleared with the STI and CLI instructions, respectively TF (Trap Flag): Trap flag allows user to single-step through programs. When an 80386 detects that this flag is set, it generates an internal exception 1. After servicing the exception, the processor executes the next instruction and repeats the process. This single stepping continues until program code resets this flag, for debugging programs single step facility is used. ecutes one instruction and then automatically TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-14 Introduction to 80386 ERE] Segment Registers The 80386 has a 1 Mbyte address Bit 15 Bito space in real mode. But all of this memory cannot be active at one [TEST] Code segment time. ‘The 80386 supports six [ps] Data segment simultaneously accessible memory Ss | Stack segment blocks called segments. ES | Extra segment SY Extra segment A segment represens an [-———f3____|_ Enos independently accessible block of = 7 memory consisting of 64K Fig. 1.4.4 Segment registers consecutive byte-wide —_ storage locations. These segments are addressed by 16-bit registers : CS, DS, ES, SS, FS and GS. These registers are called segment registers, generate memory addr when combined with other registers in the microprocessor. sses A segment register functions differently in the real mode when compared to the protected mode operation of the 80386DX. Fig. 1.4.4 shows the segment registers. RRZRI cs (Code Segment) and CS Register ‘The code segment is a section of memory that holds the code (programs and procedures) used by the 80386DX. The CS (Code Segment) register defines the starting address of the section of memory holding currently active code segment. In real mode operation, it defines the start of a 64K-byte section of memory; protected mode, it selects a descriptor that describes the starting address and length of a section of memory holding code. The code segment is limited to 4G bytes in the 80386 when it operates in the protected mode. DS (Data Segment) and DS Register The data segment is a section of memory that contains most data used by a program. Data are accessed in the data segment by an offset address or the contents of other registers that hold the offset address. ‘The DS (Data Segment) register is used to hold the address of currently active data segment. The data segment is limited to 4G bytes in the 80386 when it operates in the protected mode. TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-15 Introduction to 80386 EEZE] Es (Extra Segment) and ES Register * The extra segment is an additional data segment that is used by some of the string instructions to hold destination data * The ES (Extra Segment) is used as general data segment register. This register holds the base addresses of memory segment EEZZ] ss (Stack Segment) and SS Register * The stack segment defines the area of memory used for the stack. The stack entry point is determined by the stack segment and stack pointer registers. The BP register also addresses data within the stack segment, EREZE Fs and cs * The FS and GS segments are supplemental segment registers. * The FS, and GS registers are used as general data segment registers. These registers hold the base addresses of two different memory segments. These segments are referred as to Extra Segments. EES Segments and Offsets * A combination of a segment address and an offset address, access a memory location in the real mode. All real mode memory addresses must consist of a segment address plus an offset address, This is illustrated in Fig, 1.4.5. 19 43 0 Base | 16-bitsegment selector | c000 + 19 1645 0 oftset [0000 | 16-biteffective address 2019 Linear address Fig. 1.4.5 Memory addressing in real mode * The segment address, located within one of the segment registers, defines the beginning address of any 64K-byte memory segment. The offset address selects any location within the 64K byte memory segment. Segments in the real mode always have a length of 64K bytes. * Table 1.4.1 and 1.4.2 show the default 16-bit and 32-bit segment and offset address combinations, respectively. TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-16 Introduction to 80386 Segment Offset Special Purpose cs BP Instruction address ss SP or BP. Stack address Ds BX, DI, SI, an 8-bit number Data address ora 16-bit number ES DI for string instructions String destination address Table 1.4.1 Default 16-bit segment and offset address combinations Segme Offset Special Purpose nt cs EP Instruction address ss ESP or EBP Stack address ps EBX, EDI, ESI, FAX, Data address ECX, EDX an 8-bit number or a 32-bit number ES EDI for string String destination instructions address FS No default General address cs No default General address Table 1.4.2 Default 32-bit segment and offset address combinations Cen) 1, Draw and xplain the prograntmer’s model of 80386DX. the different registers in 80386. 3. Describe $0386 flag register with significance of each and every bit in di SAEs Ce OEMS ment registers of 80386 4. Explain the function of segments and Describe following different flags defined in 80886 processor a) DF b) VM c) NT d) RF Secs h the help of diagram explain 80386 applic TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1- Introduction to 80386 EE Operating Modes * ‘The operating mode of the 80386 also determines the features that are accessible. ‘The 80386 has three operating modes : = Real-Address Mode = Protected Mode, = Virtual 8086 (V86) Mode + Real-address mode (often called just “real mode") is the mode of the processor immediately after RESET. In real mode the 80386 appears to programmers as a fast 8086 with some new instructions. Most applications of the 80386 will use real mode for initialization only. * Protected mode is the natural 32- bit environment of the 80386 processor. In this mode all instructions and features are available. * Virtual 8086 mode (also called V86 mode) is a dynamic mode in the sense that the processor can switch repeatedly and rapidly between V8 mode and protected mode. The CPU enters V86 mode from protected mode to execute an 8086 program, then leaves V86 mode and enters protected mode to continue executing a native 80386 program. ROVCUAC tC) 1. Write a short note om operating 1 [EE Addressing Modes des of $0386DX processor As a part of programming flexibility, processor provides different ways to access these operands from different locations. The different ways by which processor can access data are referred to as addressing modes. The 80386DX provides a total of 11 addre: operands. These addressing modes can be categorized in three groups ing modes for instructions to specify * Register operand addressing, * Immediate operand addressing * Memory operand addressing. EEE Immediate Operands Certain instructions use data from the instruction itself as operands, Such an operand is called an immediate operand. The operand may be 32-, 16-, or 8-bits long, TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-18 Introduction to 80386 Example : For 8-bit operand : MOV AL, 20H : This instruction copies 20H in the lower byte of EAX register For 16-bit operand :_ MOV AX, 1020 H : This instruction copies 1020H in the lower word of EAX register For 32-bit operand :_ MOV EAX, 10B89C20H : This instruction copies 10B89C20H in the EAX register EEPa Register Operands Operands may be located in one of the 32-bit general registers (EAX, EBX, ECX, EDX, ESI, EDI, ESP, or EBP), in one of the 16-bit general registers (AX, BX, CX, DX, SI, DI, SP, or BP), or in one of the 8-bit general registers (AH, BH, CH, DH, AL, BL, CL, or DL). Examples : For 8-bit operand : MOV AL, DL : This instruction copies the lower byte contents of the EDX register to the lower byte of the EAX register. Both source and destination operands are the internal registers of 80386DX For 16-bit operand : MOV AX, DX : This instruction copies the lower word contents of EDX register to the lower word of the EAX register. For 32-bit operand = MOV EAX, EDX : This register to the EAX register ERE] Memory Operands The remaining 9 addressing modes provide a mechanism for specifying the physical instruction copies the contents of EDX address of an operand. In 80386DX, physical address is calculated before any read or write operation, The physical address consists of two components : The segment base address and an effective address. The effective address can be specified in a variety of ways, One way is to encode the effective address of the operand directly in the instruction. This represents direct addressing mode. The effective address can be generated with the combinations of four addressing elements : Base, Index, Scale factor and Displacement, where, Base : The contents of any general purpose register Index ; The contents of any general purpose register. The index registers are used to access the elements of an array, or a string of characters. TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-19 Introduction to 80386 Scale: The index register’s value can be multiplied by a scale factor either 1, 2, 4 or 8 Scaled index mode is especially useful for accessing, arrays or structures Displacement : An 8, 16 or 32-bit immediate value following the instruction The general formula for generating effective address is given as follows EA = Base + (Index x Scaling factor) + Displacement The Fig. 1.6.1 shows the registers that can be used to hold the values of segment base, base, and index Physical Address = Segment Base Address + Effective Address (PA) = SBA + EA PA = SBA: [Base + (Index x Scale factor ) + Displacement } fos) ) px) 1) ie | ss 8x fex| | | | | cx ole | 8,16 or } ps | a cx \ } seit | pas 2 Bee Se mecha |< ox } x4 >| + doisciace paeie Be ment [ BP Fs si | si Les} Lod oi) Fig. 1.6.1 Physical address generation Now we see the different memory operand addressing modes Direct Mode : In this mode, the instruction is having the effective address of the operand. This effective address is used as an 8, 16 or 32 displacement from the location specified by the current value in the selected segment register is always DS. Example: — MOV EBX, [159DH] Here, PA = DS + 159DH Register Indirect Mode : In this mode, the base register gives the effective address of the operand. Example : MOV EBX, [EAX] Here, PA = DS + EAX Based Mode : In this mode, a base register’s contents are added to a displacement to form the effective address of the operand. Example: MOV EBX, [ EAX + 24] Here, PA = DS + EAX + 24 TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-20 Introduction to 80386 Index Mode : In this mode, an index register’s contents are added to a displacement to form the effective address of the operand Example: MOV EI , [ SI] + 159DH Here, PA = DS + 159DH + SI Scaled Index Mode : In this mode, an index register’s contents are multiplied by a sealing factor and then added to displacement to form the effective address of the operand, Example : MOV EBX, 9DH +[ SI* 4] Here, PA = DS + 159DH +(SI* 4) Based Index Mode : In this mode, the contents of a base register are added to the contents of an index register to form the effective address of the operand. Example: MOV EBX, [ ESI ][ EAX ] Here, PA = DS + ESI + EAX Based Scaled Index Mode: In this mode, the contents of an index register are multiplied by a scaling factor and then added to the base register to obtain the effective address of the operand Example : MOV EBX, [ ESI * 2] [ EAX] He PA = DS+(ESIx4) +EAX Based Index Mode with Displacement : In this mode, the contents of an index register and the base register and a displacement are all added together to form the effective address of the operand. Example: MOV EBX, [ EAX ] [ EDI + 24] Here, PA = DS +EAX + EDI +24 Based Scaled Index Mode with Displacement : In this mode, the contents of an index register are multiplied by a scaling factor and result is then added to the contents of a base register and displacement to form the effective address of the operand. Example: MOV EBX, | EAX ] [ ESI * 4] +24 Here, PA = DS +EAX+(ESI x4) +24 (QNDE) pics sieve the base usefiul caled indexed addressing with displacement will be Solution : In based scaled indexed addressing with displacement an, effective address is formed by adding 8 bit or 16 bit displacement with the sum of contents of any one of the Base register (BX/BP) and any of the Index register in a default segment. ic. this addressing is useful whenever one of base register, and one of the index register and displacement is specified TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-21 Introduction to 80386 Instruction Base Reg, | Index Reg, | Displacement Memory EA, Data Register Base Reg Fig. 1.6.2 RCMCuAC ued 1. Discuss the following addressing modes amples i) Direct it) Register indirect iii plus index iv) Immediate v) Scaled indexed. Enlist and explain any three addressing modes of 80386. Ses Ue) 3, Explain immet with ant exam Ss a Data Types Euan + Bytes, words, and doublewords are the fundamental data types. A byte is eight contiguous bits starting at any logical address. The bits are numbered 0 through 7; e and register addressing mor bit zeto is the least significant bit * A word is two contiguous bytes starting at any byte address. A word thus contains 16 bits. The bits of a word are numbered from 0 through 15; bit 0 is the least significant bit. The byte containing bit 0 of the word is called the low byte; the byte containing bit 15 is called the high byte. * A doubleword is two contiguous words starting at any byte address. A doubleword thus contains 32 bits. The bits of a doubleword are numbered from 0 through 31; bit 0 is the least significant bit. The word containing bit 0 of the doubleword is called the low word; the word containing bit 31 is called the high word. * Although bytes, words, and doublewords are the fundamental types of operands, the 80386DX also supports additional interpretations of these operands. Depending on the instruction referring to the operand, the following additional data types are recognized by 80386DX. = Bit: A single bit quantity = Bit Field : A group of up to 32 contiguous bits, which spans a maximum of four bytes, TECHNICAL PUBLICATIONS® « An up thrust for kn wledgeMicroprocessor 1-22 Introduction to 80386 = Bit String : A set of contiguous bits, on the Intel386 DX bit strings can be up to 4 gigabits long. = Byte : A signed 8-bit quantity. (-128 through +127) = Unsigned Byte : An unsigned 8-bit quantity. (0 through 255) a Integer (Word) : A signed 16-bit quantity. (-32,768 through +32,767) = Unsigned Integer (Word) : An unsigned 16-bit quantity. (0 through 65535) = Long Integer (Double Word) : A signed 32-bit quantity. All operations assume a 2's complement representation. (-2°! through +2") -1) = Unsigned Long Integer (Double Word) : An unsigned 32-bit quantity. (0 through 2” - 1) = Signed Quad Word : A signed 64-bit quantity = Unsigned Quad Word : An unsigned 64-bit quantity. = Offset : A 16 - or 32-bit offset only quantity which indirectly references another memory location. = Near Pointer : A 32-bit logical address. A near pointer is an offset within a segment. Near pointers are used in either a flat or a segmented model of memory organization. = Far Pointer : A 3-bit logical address of two components : A 16-bit segment selector component and a 32-bit offset component. Far pointers are used by applications programmers only when systems designers choose a segmented memory organization. = Char : A byte representation of an ASCII Alphanumeric or control character = String : A contiguous sequence of bytes, words or dwords. A string may contain between 1 byte and 4 Gbytes. = BCD : A byte (unpacked) representation of decimal digits 0 - 9. = Packed BCD : A byte (packed) representation of two decimal digits 0 - 9 storing one digit in each nibble. * When the Intel386 DX is coupled with an Intel387 DX Numeric Coprocessor then the following common Floating Point types are supported. = Floating Point : A signed 32-bit, 64-bit, or 80-bit real number representation. Floating point numbers are supported by the Intel387 DX numeric coprocessor. TECHNICAL PUBLICATIONS® - An up thrust for knowledge1-23 Introduction to 80386 are “pa cane snake ales 5 Sore signed sioned fret? ursignee oe oe ae ma sath — — syne TR —— agiade singe clog oa si Tiago (0) Signed andunsigned bye (0 Signet and unsigned word ah Matas ro “0 : : oe : FP signed ous + Unsired gout + - Sin ot CASS : ; Wagntade Magnitude (6 Slgned and unsigned double word sane no — isis Ind fe Nod ascii see ‘pn be a Taga tarde (6) ignod quad word (eyAscit char m% ‘ +2 cigootes 2 cist z 0? o ~ (n sung reo w 6 2 8 Short $1 £ Long 47 , sk ea Teal Sueaer Oia (a) Nar andar polters ne ° Unpectan PPT racked 77 os 4 8 2 5 ae a ponte = — a Sie eco F Eco |s— eines 11932 bis —H1 gor at (h) Packed and unpacked 860 (narra Floating fT point I sign tit Sonent Magnitude = () Floating point Supported by 80387) Fig. 1.7.1 Data types supported by 80386DX @ TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 1-24 Introduction to 80386 * Fig. 1.7.1 illustrates the data types supported by the Intel386 DX and the Intel387 DX numeric coprocessor. Oca tou) 1. Explain the data types pported by 80386. Se SCs Sess List fundamental data types of 80: Q00 @ TECHNICAL PUBLICATIONS® - An up thrust for knowledgeUNIT - I | 2 Applications Instruction Set Syllabus Applications Instruction Set : Data Movement Instructions, Binary Arithmetic Instructions, Decimal Arithmetic Instructions, Logical Instructions, Control Transfer Inst Character Transfer Instructions, Instructions for Block Structured Language, Flag Control Instructions, Coprocessor Interface Instructions, Segment Register Instructions, Miscellaneous Instructions uctions, String and Contents 2.1 Introduction 2.2 Instruction Set of 80386. .. : - Doc.-13,14,15,17,18,19, May-14,15,16,17,19, (2-1)Microprocessor 2-2 Applications Instruction Set EB introduction Instruction set of 80386 can be categorized as data movement instructions, binary arithmetic instructions, decimal arithmetic instructions, logical instructions, control transfer instructions, string and character transfer instructions, instructions for block structured language, flag control instructions, coprocessor interface instructions, segment register instructions, miscellaneous instructions. EXEB Data Movement Instructions These instructions provide convenient methods for moving bytes, words, or doublewords of data between memory and the registers of the base architecture. They fall into the following classes: 1. General-purpose data movement instructions : MOV and XCHG 2. Stack manipulation instructions ; PUSH, POP, PUSHA and POPA 3. Type-conversion instructions : CWD, CDQ, CBW, CWDE, MOVSX and MOVZX EERE Binary Arithmetic Instructions The arithmetic instructions of the 80386 processor simplify the manipulation of numeric data that is encoded in binary. Operations include the standard add, subtract, multiply, and divide as well as increment, decrement, compare, and change sign. Both signed and unsigned binary integers are supported. The binary arithmetic instructions may also be used as one step in the process of performing arithmetic on decimal integers. 1. Addition instructions : ADD, ADC, INC, AAA, and DAA. Subtraction instructions SUB, SBB, DEC, AAS, DAS, CMP, and NEG 3. Comparison and Sign Change Instruction: CMP and NEG 4, Multiplication Instructions : MUL and IMUL vision Instructions ; DIV and IDIV EXE Decimal Arithmetic Instructions The decimal arithmetic instructions are classified as 1. Packed BCD Adjustment Instructions : DAA and DAS 2, Unpacked BCD Adjustment Instructions : AAA, AAS, AAM and AAD TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-3 Applications Instruction Set ERE Logical Instructions The group of logical instructions includes: 1, The Boolean operation instructions : AND, OR, XOR and NOT Bit test and modify instructions : BIT, BTS, BTR and BTC 3. Bit scan instructions : BSF and BSR 4, Shift instructions : SAL, SHL, SAR, SHR, SHLD and SHRD 5. Rotate instructions : ROL, ROR, RCL and RCR 6. Byte set on condition : SETec Test Instruction : TEST EE control Transfer Instructions The 80386 provides both conditional and unconditional control transfer instructions to direct the flow of execution. Conditional control transfers depend on the results of operations that affect the flag register. Unconditional control transfers are always executed. 1, Jump Instruction : JMP 2, Call Instruction : CALL Return and Return-From-Interrupt Instruction : RET and IRET 4. Unsigned Conditional Transfers : JA/JNBE, JAE/JNB, JB/JNAE, JBE/JNA, JC, JE/JZ, JNE/JNZ,JNP/JPO and JP/JPE 5. Signed Conditional Transfers : JG/JNLE, JGE/JNL, JL/JNGE, JLE/JNG, and JS JNO, JO 6. Loop Instructions : LOOP, LOOPE and LOOPNE Executing a Loop or Repeat Zero Times : JCXZ 8. Software-Generated Interrupts : INT n, INTO, and BOUND EAEG String and Character Translation Instructions 1. A set of primitive string operations : MOV! MPS, SCAS, LODS and STOS Control flag instructions: CLD and STD. 3. Repeat prefixes : REP, REPE/REPZ, REPNE/REPNZ TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-4 Applications Instruction Set Instructions for Block-Structured Languages These instructions provide machine-language support for functions normally found in high-level languages. These instructions include : ENTER and LEAVE, which simplify the programming of procedures. ESE Flag Control Instructions The flag, control instructions provide a method for directly changing the state of bits in the flag register. 1. Carry and Direction Flag Control Instructions : STC, CLC, CMC, CLD and STD 2. Flag Transfer Instructions : LAHE, SAHE, PUSHE and POPF EERE] coprocessor Interface Instructions Coprocessor interface instructions include ESC and WAIT instructions. EXEDI segment Register Instructions The instructions that deal with s gment registers are 1. Segment-register transfer instructions : MOV SegReg, .... MOV ..., SegReg, PUSH SegReg and POP SegReg Control transfers to another executable segment : JMP far, CALL far and RET far 3. Data pointer instructions ; LDS, LES, LFS, LGS and LSS Interrupt-related instructions capable of transferring control to another segment INT n, INTO, BOUND and IRET EERE Viscelianeous Instructions 1. Address Calculation Instruction : LEA 2, No-Operation Instruction : NOP 3. Translate Instruction : XLAT EAB instruction Set of 80386 Bag AAA -- ASCII Adjust AL after Addition Execute AAA only following an ADD instruction that leaves a byte result in the AL register. The AAA adjusts AL to contain the correct decimal digit result. If the addition produced a decimal carry, the AH register is incremented, and the carry and auxiliary carry flags are set to 1. If there was no decimal carry, the carry and auxiliary flags are TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-5 Applications Instruction Set set to 0 and AH is unchanged. In either case, AL is left with its top nibble set to 0. To convert AL to an ASCII result, follow the AAA instruction with OR AL, 30H. Flags Affected: AF and CF Exceptions :_ None Examples : AL 0011 0100 ASCH 4 CL = 0011 1000 Ascu 8 ADD AL, CL AL = 0110 1100 6CH — = Incorrect temporary result AL 0000 0010 Unpacked BCD for 2 Carry = 1 to indicate correct answer is 12 decimal. AAD -- ASCII Adjust AX before Division AAD is used to prepare two unpacked BCD digits (the least-significant digit in AL, the most-significant digit in AH) for a division operation. It converts two unpacked BCD digits to equivalent binary number in AL. This is accomplished by setting AL to AL+(10 * AH), and then setting AH to 0. AX is then equal to the binary equivalent of the original unpacked two-digit number. Flags Affected : SE, ZF, and PF Exceptions : None Examples : AX = 0403 unpacked BCD for 43 decimal, CL = 07H AAD Adjust to binary before division, AX = 002BH = 2BH = 43 decimal DIV CL Divide AX by unpacked BCD in CL. AL = quotient = 06 unpacked BCD AH = remainder = 01 unpacked BCD AAM -- ASCII Adjust AX after Multiply After the two unpacked BCD digits are multiplied, the AAM instruction is used to adjust the product to two unpacked BCD digits in AX. Flags Affected : SE, ZF, and PF Exceptions : None Examples : ; AL = 0000 0100 = Unpacked BCD 4 CL = 0000 0110 = Unpacked BCD 6 MUL CL AL xCL Result in AX AX = 0000 0000 0001 1000 = OO18H TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-6 Applications Instruction Set AAM AX = 0000 0010 0000 0100 Which is unpacked BCD for Now by ding 3030H in AX register we get the result in ASCII form AAS — ASCII Adjust AL after Subtraction Execute AAS only after a SUB instruction that leaves the byte result in the Al register. The AAS adjusts AL so it contains the correct decimal digit result. If the subtraction produced a decimal carry, the AH register is decremented, and the carry and auxiliary carry flags are set to 1. If no decimal carry occurred, the carry and auxiliary carry flags are set to 0, and AH is unchanged. In either case, AL is left with its top nibble set to 0. To convert AL to an ASCII result, follow the AAS with OR AL, 30H. Flags Affected : AF and CF Exceptions: None Examples : 1 AL = 0011 1000 ASCH 8 CL = 0011 0010 ASCH 2 SUB AL, Cl AL = 0000 0110 BCD 06 cr=0 AAS AL = 0000 0010 = BCD 06 + CF = 0 no borrow required 2 AL = 0011 0010 ASCII 2 CL = 0011 1000 ASCH 8 SUB AL, CL AL = 1111 1010 = FAH CF=1 AAS AL = 0000 0110 = BCD 6 CF = 1 borrow needed means (~ 6) ADC -- Add with Carry ADC performs an integer addition of the two operands DEST and SRC and the carry flag, CF. The result of the addition is assigned to the first operand (DEST), and the flags are set accordingly. ADC is usually executed as part of a multi-byte or multi-word addition operation. The source may be an immediate number, a register, or a memory location. The destination may be a register, or a memory location. The source and destinations in an instruction cannot both be memory locations. The source and destination both must be a doubleword, word or byte. When an immediate byte value is added to a word or doubleword operand, the immediate value is first sign-extended to the size of the word or doubleword operand. TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2- Applications Instruction Set Flags Affected : OF, SE, ZF, AF, CF, and PF Exceptions : Real Mode Interrupt 13 is generated if any part of the operand would lie outside of the effective address space from 0 to OFFFFH Protected Mode GP(0) - General protection error is the redult is in a-nonweitable segment. GP(0) - General protection exception is generated if an illegal memory oper an effective address in the CS, DS, ES, FS, or GS segments. $S(0) - Stack fault exception is generated if an illegal address in the SS segment. PF - Page fault condition can also occur. Virtual 8086 Same exceptions as in Real Address Mode, PE - Page fault condition can also Mode occur Examples ADC DL, CL Add contents of CL. to contents of DL with carry and store result in DL ie. DL DL +CL + CY ADC DX, BX Add contents of BX to contents of DX with carry and store result in DX ie. DX © DX + BX + CY ADC EDX, EBX Add contents of EBX to the contents of EDX with carry and store result in EDX ADD -- Add The instruction is similar to ADC. Only two operands are added. Examples : ADD AL, OFOH ; Add immediate number 0FOH to contents of AL ADD CL, TOTAL [BX] } Add byte from effective address ; TOTAL [BX] to contents of CL ADD CX, TOTAL [BX) ; Add word from effective address TOTAL [BX] to contents of CX ADD ECX, EAX ; Add contents of ECX to the contents of EAX and store ; result in ECX AND -- Logical AND Each bit of the result of the AND instruction is a 1 if both corresponding bits of the operands are 1; otherwise, it becomes a 0. The destination may be a register, or a memory location, The source and destinations in an instruction cannot both be memory locations. The source and destination both must be a doubleword, word or byte. Flags Affected: CF = 0, OF = 0; PF, SF, and ZF TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-8 Applications Instruction Set Exceptions : Real Mode Interrupt 13 is generated if any part of the operand would lie outside of the effective address space from 0) to OFFFFH. Protected Mode — GP(0) - General protection error is generated if the result is in a nonwritable segment. GP(0) - General protection exception is generated if an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments. $$(0) - Stack fault exception is generated if an illegal the SS segment. PF - Page fault condition can also occur. address in Virtual 8086 Same exceptions as in Real Address Mode, PF - Page fault condition can also Mode Examples : 1 AL = 1001 0011 = 93H BL = 0111 0101 = 75H AND BL, AL AND byte in AL with byte in BL BL = 0001 0001 = 11H 2. CX = 0110 1011 1001 110 AND CX, 0OFOH CX = 0000 0000 1001 0000 AND EDX, EBX AND doubleword in EBX with doubleword in EDX and store result in EDX The AND operation clears bits of a binary number. The task of clearing a bit in a binary number is called masking, The Fig. 2.2.1 shows the process of masking, XXXX XXX Unknown bit binary number (CE ©1111 0000 Masking pattem “XXXX (OWI) —-Result \— naskes bis Fig. 2.2.1 Masking using AND operation ARPL - Adjust RPL Field of Selector The ARPL instruction has two operands. The first operand is a 16-bit memory variable or word register that contains the value of a selector. The second operand is a word register. If the RPL field ("requested privilege level’--bottom two bits) of the first operand is less than the RPL field of the second operand, the zero flag is set to 1 and the RPL field of the first operand is increased to match the second operand. Otherwise, the zero flag is set to 0 and no change is made to the first operand ARPL prevents operating system software from accessing subroutines of a more privilege than the caller. @ TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor Flags Affected : Exceptions : Real Mode Protected Mode Virtual 8086 Mode Example : ARPL “9 Applications Instruction Set ZE Interrupt 6 - ARPL is not recognized in Real Address Mode. GP(0) - General protection error is generated if the result is in a nonwritable segment. GP(0) - General protection exception is generated if an illegal memory operand with an effective address in the CS, DS, FS, FS, or GS segments. $S(0) - Stack fault exception is generated if an illegal address in the SS segment. PF - Page fault condition can also occur Same exceptions as in Real Address Mode, PE - Page fault condition can also memory_word, BX BOUND ~ Check Array Index against Bounds BOUND ensures that a signed array index is within the limits specified by a block of memory consisting of an upper and a lower bound. Each bound uses one word for an operand-size attribute of 16 bits and a doubleword for an operand-size attribute of 32 bits. Flags Affected : Exceptions : Real Mode Protected Mode Virtual 8086 Mode Example BOUND AX, BOUND A None Interrupt 5 if the bounds test fails. Interrupt 13 if any part of the ope would lie outside of the effective address space from 0 to OFFFFH. Interrupt 6 if the second operand is a register. Interrupt 5 if the bounds test fails. GP(Q) - General protection exception is generated if an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments. $S(0) - Stack fault exception is generated if an illegal address in the SS segment. PF - Page fault condition can also occur Same exceptions as in Real Address Mode, PE - Page fault condition can also mem_word mem _limits TECHNICAL PUBLICATIONS® - An up thrust for knowledgejoprocessor -10 Applications In BSF -- Bit Scan Forward BSF scans the bits in the second word or doubleword operand starting with bit 0. The ZF flag is cleared if the bits are all 0; otherwise, the ZF flag is set and the destination register is loaded with the bit index of the first set bit Flags Affected: ZF Exceptions : Real Mode Interrupt 13 if any part of the operand would lie outside of the effective address space from 0) to OFFFFH. Protected Mode GP(0) - General protection exception is generated if an illegal _memory with an effective address in the CS, DS, ES, FS, or GS segments. $5(0) - Stack fault exception is generated if an illegal address in the SS segment. PF - Page fault condition can operar Virtual 8086 Same exceptions as in Real Address Mode, PI Mode It condition can also occur Example BSF CX, mem_word BSF ECX, EBX BSR - Bit Scan Reverse BSR scans the bits in the second word or doubleword operand from the most significant bit to the least significant bit. The ZF flag is cleared if the bits are all 0; otherwise, ZF is set and the destination register is loaded with the bit index of the first set bit found when scanning in the reverse direction. Flags Affected: ZF Exceptions : Real Mode Interrupt 13 is generated if any part of the operand would lie outside of the from 0 to OFFFFH. effective address space Protected Mode —_GP(0) - General protection error is generated if the result is in a nonwritable segment. GP(0) - General protection exception is generated if an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS (0) - Stack fault exception is generated if an illegal address in the SS segment. PF - Page fault condition can also occur segments. Virtual 8086 Same exceptions as in Real Address Mode, PF - Page fault condition can also Mode occur Example BSR BX, BX BSR ECX, mem_Dword TECHNICAL PUBLICATIONS® - An up thrust for knowledgejoprocessor : Applications Instruction Set BT -- Bit Test BT saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the carry flag. Flags Affected : CF Exceptions Real Mode Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to OFFEFH. Protected Mode GP(0) - General protection exception is generated if an illegal memory operand with an effective address in the C5, DS, ES, FS, or GS segments $5(0) - Stack fault exception is generated if an illegal address in the SS segment. PF - Page fault condition can also occur Virtual 8086 Same exceptions as in Real Address Mode, PF - Page fault condition can also Mode occur, Examples BT BX, Cx BT FAX, ECX BTC - Bit Test and Complement BTC saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the carry flag and then complements the bit. Flags Affected: CF Exceptions : Real Mode Interrupt 13 is generated if any part of the operand would lie outside of the effective address space from 0 to OFFFFH. Protected Mode GP(0) - Gene segment. GP(0) - General protection exception is generated if an ile; memory operand with an effective address in the CS, DS, ES, FS, ot segments. $$(0) - Stack fault exception is generated if an illegal address ir al protection error is generated if the result is in a nonwritable the $S segment. PF - Page fault condition can also occur. Virtual 8086 Same exceptions as in Real Address Mode, PE - Page fault condition can also Mode occur Examples BIC CX, DX BTC memory, BX TECHNICAL PUBLICATIONS® - An up thrust for knowledgejoprocessor -12 Applications Instruction Set BTR — Bit Test and Reset BTR saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the carry flag and then stores 0 in the bit. Flags Affected: CF Exceptions Real Mode Interrupt 13 is generated if effective address space from 0 to OFFFFEL y part of the operand would lie outside of the Protected Mode GP(0) - General protection error is generated if the result is in a nonwritable segment. GP(0) - General protection exception is generated if an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments. $$(0) - Stack fault exception is the SS segment. PF - Page fault condition can also occur Virtual 8086 Same exceptions as in Real Address Mode, PF - Page fault condition can also Mode occur Examples BIR memory BIR ECX, EDX ex BTS -- Bit Test and Set BTS saves the value of the bit indicated by the base (first operand) and the bit offset (second operand) into the carry flag and then stores 1 in the bit. Flags Affected: CF Exceptions : Real Mode Interrupt 13 is generated if effective address space from 0 to OFFFFH. ny part of the operand would lie outside of the Protected Mode — GP(0) - General protection error is generated if the result is in a nonwritable segment. GP(0) - General protection exception is generated if an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments. $S(0) - Stack fault exception is generated if an illegal address in the SS segment. PF - Page fault condition can also occur Virtual 8086 Same exceptions as in Real Address Mode, PF - Page fault condition can also Mode occur, Examples BIS ECX, EDX BIS memory, ECX TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor -13 Applications Instruction Set CALL -- Call Procedure The CALL instruction causes the procedure named in the operand to be executed When the procedure is complete (a return instruction is executed within the procedure), execution continues at the instruction that follows the CALL instruction The action of the different forms of the instruction are described below. Near Call : A call to a procedure which is in the same code segment. The offset of the instruction following CALL is pushed onto the stack. It will be popped by a near RET instruction within the procedure. The CS register is not changed by this form of CALL. Far Call : A call to a procedure which is not in the same code segment. These forms of the instruction push both CS and IP or EIP as a return address, A call instruction followed by procedure name is known as direct call and a call instruction followed by register name is known as indirect call. In case of indirect call, register contents are used as an offset of the first instruction of the procedure. In Protected Mode, both long pointer forms consult the AR byte in the descriptor indexed by the selector part of the long pointer. Depending on the value of the AR byte, the call will perform one of the following types of control transfers * A far call to the same protection level * An inter-protection level far call * A task switch Flags Affected : All flags are affected if a task switch occurs; no flags are affected if a task switch does not occur. Protected Mode Exceptions For far calls GP, NP, SS, and TS For near direct G z (0) if procedure location is beyond the code segment limits; $5(0) if pushing the return address exceeds the bounds of the stack segment) PE (fault-code) - for a page fault. For a near GPO) for an illegal memory operand with an effective address in the CS, DS, indirect call ES, FS, or GS segments; $5(0) for an illegal address in the SS segment. GP(0) if the indirect t oblained is beyond the code segment limits. PF(fault-code) for a page fault Real Address Interrupt 13 if any part of the operand would lie outside of the effective Mode Exceptions address space from 0 to OFFFFH Virtual 8086 Same exceptions as in Real Address Mode; PF (fa Mode Exceptions code) for a page fault TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-14 Applications Instruction Set Examples CALL Multiply : Direct call CALL CX Indirect call CBWICWDE -- Convert Byte to Word/Convert Word to Doubleword CBW converts the signed byte in AL to a signed word in AX by extending the most significant bit of AL (the sign bit) into all of the bits of AH. CWDE converts the signed word in AX to a doubleword in EAX by extending the most significant bit of AX into the two most significant bytes of EAX. Flags Affected : None Exceptions :_ None Example ; AX = 0000 0000 1001 1010 cBw ; convert signed byte in AL to signed word in AX ; Result : AX = 1111 1111 1001 1010 CLe ~ Clear Carry Flag CLC sets the carry flag to zero. Flags Affected: CF = 0 Exceptions : None CLD — Clear Direction Flag CLD clears the direction flag. Flags Affected: DF = 0 Exceptions :_ None CLI — Clear Interrupt Flag CLI clears the interrupt flag if the current privilege level is at least as privileged as IOPL Flags Affected : IF = Exceptions : Protected Mode — GP(0) if the current privilege level is greater (has less privilege) than the IOPL in the flags register. IOPL specifies the least privileged level at which 1/0 can be performed. Real Address None. Mode @ TECHNICAL PUBLICATIONS® - An up thrust for knowledgejoprocessor Applications In Virtual 8086 Mode 40) as for Protected Mode. cLTS Clear Task-Switched Flag in CRO CLTS clears the task-switched (TS) flag in register CRO. This flag is set by the 80386 every time a task switch occurs. It is a privileged instruction that can only be executed at privilege level 0. Flags Affected : TS = 0 (TS is in CRO, not the flag register) Exceptions : Protected Mode — GP(0) - if CLTS is executed wit a current privilege level other than 0. Real Address None (valid in Real Address Mode to allow initialization for Protected Mode Mode), Virtual 8086 Same exceptions as in Real Address Mode. Mode Mc -- Complement Carry Flag CMC reverses the setting of the carry flag. Flags Affected : CF Exceptions: None CMP Compare Two Operands AP subtracts the s cond operand from the first but, unlike the SUB instruction, does not store the result; only the flags are changed. Flags Affected : OF, SE, ZF, AF, PF, and CF Exceptions : Protected Mode GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments. PF-(fault-code) for a page fault. $S(0) - for an illegal address in the SS segment Real Address Interrupt 13 if any part of the operand would lie outside of the effective Mode address space from 0 to OFFFFH. Virtual 8086 Same exceptions as in Real Address Mode. PE(fault-code) for a page fault Mode @ TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor -16 Applications Instruction Set Examples CMP BL, 01H Compare immediate number 01H with byte in BL CMP CX, BX ; Compare word in BX with word in CX. CMP CX, TOTAL ; Compare word at displacement TOTAL in DS with word in CX. CMP EBX, 12345678H ; Compare immediate Dword with EBX CMPS/CMPSBICMPSWICMPSD — Compare String Operands CMPS compares the byte, word, or doubleword pointed to by the source-index register with the byte, word, or doubleword pointed to by the destination-index register If the address-size attribute of this instruction is 16 bits, SI and DI will be used for source- and destination-index registers; otherwise ESI and EDI will be used. The comparison is done by subtracting the operand indexed by the destination-index register from the operand indexed by the source-index register. The result of the subtraction is not stored; only the flags reflect the change. After the comparison is made, both the source-index register and destination-index register are automatically advanced. If the direction flag is 0 (CLD was executed), the registers increment; if the direction flag is 1 (STD was executed), the registers decrement. The registers increment or decrement by 1 if a byte is compared, by 2 if a word is compared, or by 4 if a doubleword is compared. CMPSB, CMPSW and CMPSD are synonyms for the byte, word, and doubleword CMPS instructions, respectively, Flags Affected : OF, SF, ZF, AF, PF and CF Exceptions : Protected Mode GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments, $5(0) - for an illegal address in the SS segment. PP(fault-code) for a page fault. Real Address Interrupt 13 if any part of the operand would lic outside of the effective Mode address space from 0) to OFFFFH. Virtual 8086 Same exceptions as in Real Address Mode. PF (fault-code) for a page fault: Mode Examples ‘CMPSB Compare bytes MPsp Compare Dwords CWD/CDQ— Convert Word to Doubleword/Convert Doubleword to Quadword CWD converts the signed word in AX to a signed doubleword in DX:AX by extending the most significant bit of AX into all the bits of DX. CDQ converts the signed doubleword in EAX to a signed 64-bit integer in the register pair EDX:EAX by extending the most significant bit of EAX (the sign bit) into all the bits of EDX. TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-17 Applications Instruction Set Flags Affected : None Exceptions :_ None Example DX = 0000 0000 0000 0000 AX = 1001 0000 1001 0001 cwD Convert signed word in AX to signed doubleword in DX : AX Result: DX = 11M 141 1 AX = 1001 0000 1001 0001 DAA -- Decimal Adjust AL after Addition Execute DAA only after executing an ADD instruction that leaves a two-BCD-digit byte result in the AL register. The ADD operands should consist of two packed BCD digits. The DAA instruction adjusts AL to contain the correct two-digit packed decimal result. Instruction works as follows : 1. If the value of the low-order four bits (D-D) in the AL is greater than 9 or if AF is set, the instruction adds 6 (06) to the low-order four bits. 2. If the value of the high-order four bits (D-D) in the AL is greater than 9 or if carry flag. is set, the instruction adds 6 (60) to the high-order four bits. Flags Affected : AF, CF, SF, ZF and PF Exceptions : None Examples : 1 AL = 0011 1001 = 39 BCD CL = 0001 0010 = 12 BCD Add AL, CL AL = 0100 1011 = 48H DAA Add 0110 Because 1011 > 9 AL = 0101 0001 = 51 BCD 2. AL = 1001 0110 = 9 BCD BL = 0000 0111 = 07 BCD ADD AL, Bl AL = 1001 1101 = 9DHL DAA Add 0110 Because 1101 > 9 AL = 1010 0011 = A3H 1010 > 9 so add 0110 0000 AL = 0000 0011 = 03 BCD, CF = 1. The result is 103. DAS -~ Decimal Adjust AL after Subtraction Execute DAS only after a subtraction instruction that leaves a two-BCD-digit byte result in the AL register. The operands should consist of two packed BCD digits. DAS adjusts AL to contain the correct packed two-digit decimal result. TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-18 Applications Instruction Set Instruction works as follows : 1. If the value of the low-order four bits (D-D) in the AL is greater than 9 or if AF is set; the instruction subtracts 6 (06) from the low-order four bits. Flags Affected 2. If the value of the high-order four bits (D-D) in the AL is greater than 9 or if carry flag is set, the instruction subtracts 6 (60) from the high-order four bits, AF, CF, SE, ZF and PF Exceptions: None Examples 1 SUB AL, C SUB AL, CL AL = 0011 0010 = 32 BCD CL = 0001 0111 = 17 BCD AL = 0001 1011 = 1BH Subtract 0110 because 1011 > 9 AL = 0001 010: AL = 0010 0011 CL = 0101 1000 AL = 1100 101 Subtract 0110 (6) because 10 AL = 1100 0101 = C5H Subtract 0110 0000 because 1100 > 9 AL = 0110 0101 = 65 BCD CF =1, CF = 1 means borrow is needed means number is negative (~ 65). DEC — Decrement by 4 DEC subtracts 1 from the operand. Flags Affected : Exceptions : Protected Mode Real Address Mode Virtual 8086 Mode OE, SE, ZE, AF, and PF GP(O) - if the result is a nonwritable segment. GP(O) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS s $5(0) - for an illegal address in the SS segment. PE - (fa fault. ents. It-code) for a page Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to OFFFFH. Same exceptions as in Real Address Mode. PF(fault-code) for a page fault, @ TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMi joprocessor -19 Applications Instruction Set DIV -- Unsigned Divide DIV performs an unsigned division. The dividend is implicit; only the divisor is given as an operand. The remainder is always less than the divisor. The type of the divisor determines which registers to use as follows Size Dividend _Divisor Quotient — Remainder byte AX x/m8 AL AH word DX:AX rmi6 AX Dx dword EDX:BAX r/m32. FAX EDX Flags : OF, SF, ZF, AR, PF, CF are undefined, Exceptions : Protected Mode Interrupt 0 if the quotient is too large to fit in the designated register (AL, AX, or EAX), of if the divisor is 0, GP(0) - for an illegal memory operand effective address in the CS, DS, ES, FS, or GS segments. $5(0) - for an illegal address in the SS segment. PF- fault-code) for a page fault Real Address Interrupt 0 Mode the quotient is too big to fit in the designated register (AL, AX, or EAX), oF if the divisor is 0, Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to OFFFFH Virtual 8086 Same exceptions as in Real Address Mode. PF-(fault-code) for a page fault. Mode Examples DIV CL Word in AX/byte in CL, Quotient in AL, remainder in AH. DIV CX Double word in DX and AX/word in CX, Quotient in AX, remainder in DX, ENTER - Make Stack Frame for Procedure Parameters ENTER creates the stack frame required by most block-structured high-level languages. The first operand specifies the number of bytes of dynamic storage allocated on the stack for the routine being entered, The second operand gives the lexical nesting level (0 to 31) of the routine within the high-level language source code. It determines the number of stack frame pointers copied into the new stack frame from the preceding frame. BP (or EBP, if the operand-size attribute is 32 bits) is the current stack frame pointer Flags Affected : None Protected Mode 55(0)- Exceptions SP or ESP would exceed the stack limit at any point during instruction execution. PF- (fault-code) for a page fault TECHNICAL PUBLICATIONS® - An up thrust for knowledgeroprocessor Applications Instruction Set Real Address Virtual 8086 Mode : None Mode : None Examples ENTER 0BI2H, 0; Creates procedure stack frame ENTER 0534H, 1; Creates stack frame for procedure parameter ESC (Escape) is a 5-bit sequence (11011) that begins the opcodes that identify floating point numerical instructions. The ESC tells the 80386 to send the opcode and addresses of operands to the numeric coprocessor. HLT - Halt HALT stops instruction execution and places the 80386 in a HALT state. Flags Affected : None Exceptions : Protected Mode GP(0)- if the current privilege level is not 0. Real Address Virtual 8086 Mode : None Mode : None IDIV ~ Signed Divide IDIV performs a signed division. The dividend, quotient, and remainder are implicitly allocated to fixed registers. Only the divisor is given as an explicit 1/m operand. The type of the divisor determines which registers to use as follows Size Divisor Quotient Remainder Dividend byte xim8 AL AH AX word rimi6 AX Dx DX:AX dword rim32 EAX EDX EDX:EAX Flags Affected: OF, SF, ZF, AR, PF, CF are undefined. Exceptions : Protected Mode Interrupt 0 if the quotient is too large to fit in the designated register (AL or AX), or if the divisor is 0. GP(0) - for an illegal memory operand effective address in the C5, DS, ES, FS, or GS segments. $S(0) - for an illegal address in the SS segment; PF-(fault-code) for a page fault, TECHNICAL PUBLICATIONS® - An up thrust for knowledgejoprocessor Applications In wuction Set Real Address _Interrupt 0 if the quotient is too large to fit in the designated register (AL or Mode AX), or if the divisor is 0. Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to OFFFFH Virtual 8086 Same exceptions as in Real Address Mode. PE-(fault-code) for a page fault Mode IMUL ~ Signed Multiply IMUL performs signed multiplication. Flags Affected : OF and CF; SF, ZF, AF, and PF are undefined. Exceptions : Protected Mode GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments. SS(0) - for an illegal address in the SS segment PF-(fault-code) for a page fault Real Address Interrupt 13 if any part of the operand would lie outside of the effective Mode address space from 0 to OFFFFH. Virtual 8086 Same exceptions as in Real Address Mode. PF-(fault-code) for a page fault Mode Examples IMUL BL AL XBL, result in AX IMUL CX AX x CX, high-order word of result in DX and low-order word of result in AX. IN = Input from Port IN transfers a data byte or data word from the port numbered by the second operand into the register (AL, AX, or EAX) specified by the first operand. Access any port from 0 to 65535 by placing the port number in the DX register and using an IN instruction with DX as the second parameter. These I/O instructions can be shortened by using an 8-bit port I/O in the instruction. The upper eight bits of the port address will be 0 when 8-bit port I/O is used Flags Affected : None Exceptions : Protected Mode GP(0) - if the current privilege level is larger (has less privilege) than IOPL and any of the corresponding I/O permission bits in TSS equals 1 Real Address. None Mode Virtual 8086 GP(0) - fault if any of the corresponding /O permission bits in TSS equals 1 Mode TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-22 Applications Instruction Set Examples : IN AL, OFSH ; Copy a byte from port OFSH to AL IN AX, 95H Copy a word from port 95H to AX MOV DX, 30F8H Load 16-bit address of the port in DX. IN AL, DX Copy a byte from 8-bit port 30F8H to AL. IN AX, DX Copy a word from 16-bit port 30F8H to AX. IN EAX, DX Copy a Dword from 32-bit part to EAX INC — Increment by 1 INC adds 1 to the operand Flags Affected : OF, SF, ZF, AF and PF Exceptions : Protected Mode GP(0) - if the operand is in a nonwritable segment. GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments. $8(0) - for an illegal address in the SS segment. PF-(fault-code) for a page fault. Real Address __ Interrupt 13 if any part of the operand would lie outside of the effective Mode address space from 0 to OFFIFH. Virtual $086 Same exceptions as in Real Address Mode. PF-(fauilt-eode) for a page fault Mode Examples INC AL } Add 1 to contents of AL INC EBX ; Add 1 to contents of EBX INC BYTE PTR [BX] ; Increment byte at offset of BX in DS. BYTE PTR directive indicates to the assembler ; that the byte from memory is to be incremented INC WORD PTR [BX] Increment word at offset af BX in DS. WORD PTR directive indicates to the assembler that the word from memory is to be incremented. INS/INSB/INSWIINSD = Input from Port to String INS transfers data from the input port numbered by the DX register to the memory byte or word at ES: st-index, The memory operand must be addressable from ES; no ion register is DI if the address-size attribute of segment override is possible. The destin. the instruction is 16 bits, or EDI if the address-size attribute is 32 bits. te value. The INS does not allow the specification of the port number as an imm ister value. port must be addressed through the DX ri The destination address is determined by the contents of the destination index register. Load the correct index into the destination index register before executing INS. TECHNICAL PUBLICATIONS® - An up thrust for kn wledgejoprocessor 2-23 Applications Instruction Set After the transfer is made, DI or EDI advances automatically. If the direction flag is 0 (CLD was executed), DI or EDI increments; if the direction flag is 1 (STD was executed), DI or EDI decrements. DI increments or decrements by 1 if a byte is input, by 2 if a word is input, or by 4 if a doubleword is input. INSB, INSW and INSD are synonyms of the byte, word, and doubleword INS instructions. Flags Affected : None Exceptions : Protected Mode — GP(0) - if CPL is numerically greater than IOPL. and any of the corresponding /O permission bits in TSS equals 1, GP(O) - if the destination is in a nonwritable segment. GP(0)- for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments; $S(0) - for an illegal address in the SS segment. PF - (fault-code) for a page fault Real Address _ Interrupt 13 if any part of the operand would lie outside of the effective Mode address space from 0) to OFFFFH Virtual 8086 GP(0) - fault if any of the corresponding I/O permission bits in TSS equals 1 Mode PF-(fault-code) for a page fault. INT/INTO ~ Call to Interrupt Procedure The INT instruction generates via software a call to an interrupt handler. The immediate operand, from 0 to 255, gives the index number into the Interrupt Descriptor Table (IDT) of the interrupt routine to be called. In Protected Mode, the IDT consists of an array of eight-byte descriptors; the descriptor for the interrupt invoked must indicate an interrupt, trap, or task gate. In Real Address Mode, the IDT is an array of four byte-long pointers. In Protected and Real Address Modes, the base linear address of the IDT is defined by the contents of the IDTR. The INTO conditional software instruction is identical to the INT interrupt instruction except that the interrupt number is implicitly 4, and the interrupt is made only if the 80386 overflow flag is set. In Real Address Mode, INT n pushes the flags, CS, and the return IP onto the stack, in that order, then jumps to the long pointer indexed by the interrupt number Flags Affected : None Exceptions : Protected Mode _ GP, NP, SS, and TS as indicated under Operation’ above. Real Address None. Mode TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-24 tions Instruction Set Virtual 8086 GP(0) - fault if JOPL is less than 3, for INT only, to permit emulation. ‘Mode Interrupt 3 (0CCH) generates Interrupt 3. INTO generates Interrupt 4 if the overflow flag equals 1 IRET/IRETD = Interrupt Return In Real Address Mode, IRET pops the instruction pointer, CS, and the flags reg from the stack and resumes the interrupted routine. In Protected Mode, the action of IRET depends on the setting of the nested task flag (NT) bit in the flag re; bits in the flag register are changed only when CPL equals 0 ter. When popping the new flag image from the stack, the IOPL If NT equals 0, IRET returns from an interrupt procedure without a task switch, The code returned to must be equally or less privileged than the interrupt routine (as indicated by the RPL bits of the CS sel ctor popped from the stack). If the destination code is less privileged, IRET also pops the stack pointer and $5 from the stack. CALL or INT that caused a task switch. The updated state of the task executing IRET is saved in its task state segment. If If NT equals 1, IRET reverses the operation of 2 the task is reentered later, the code that follows IRET is executed. Flags Affected : All; the flags register is popped from stack Exceptions : Protected Mode _ GP, NP, or SS. Real Address _Interrupt 13 if any part of the operand being popped lies beyond address Mode OFFFFH Virtual 8086 GP(0) fault if IOPI. is less than 3, to permit emulation Mode Jec --Jump if Condition is Met Instruction Description Condition for Jump JA Jump short if above (CF+0 and ZF-0) JAE Jump short if above or equal (CF-0) 1B Jump short if below (Fat) JBE Jump short if below or equal (CFI or ZF=1) Ie Jump short if carry (CF) Joxz Jump short if CX register is 0 JECXZ Jump short if ECX register is 0 TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor TEIZ Jump Ic Jump IGE Jump i Jump JLE Jump INA oe JNAE Jump JNB Jump JNBE Jump JNC Jump INE Jump ING Jump INGE Jump INI Jump INLE Jump INO Jump INP Jump INS Jump INZ Jump Jo re iP Jump IPE Jump IPO Jump 1S Jump Conditional jumps (except JCXZ) test the flag instruction. The terms "less' ‘above" and "below’ jump is made to the location provided short short short short short short short short short short short short short short short short short short short short short short short short and equal greater greater or equal if not above {not above or equal if not below if not below or equal if not carry if not equal eater or equal if not less if not less or equal if not overflow if not parity if not sign if not zero if overflow if parity if parity odd if sign ‘great as the operand Applications Instruction Set (ZF-1) (ZF+0 and SF=OF) (SF-OF) (SFOOF) (ZF-1 and SFOOF) (CFI or ZF=1) (CF) (C0) (C0 and ZF=0) (C0) (ZP-1 or SFOOF) (Foor) (SF-OF) (ZF-0 and SF-OF) (OF-0) (PF-0) (SF-0) ZF-0) (OF+1) (F=1) (PF=1) (Pr-0) (F=1) which have been set by a previous " are used for comparisons of signed integers; are used for unsigned integers. If the given condition is true, a JCXZ differs from other conditional jumps because it tests the contents of the CX or EC) Flags Affected : None register for 0, not the flags. TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor Applications Instruction Set Exceptions : Protected Mode GP(0) - if the offset jumped to is beyond the limits of the code segment Real Address Mode : None Virtual 8086 Mode : None JMP -- Jump ‘The JMP instruction transfers control to a different point in the instruction stream without recording return information Near Jump (Intra - segment) : Jump within same code segment. It does not involve changing the segment register value. Far Jump (Inter - segment) : Jump which is not in same code segment. Intra - segment changes the segment register along with offset. An intra - segment direct jump uses the offset byte following the instruction. On the s the contents of the location addressed by other hand, intra-segment indirect jump the bytes following the instruction byte The JMP ptr16:16 and ptr16:32 forms of the instruction use a four-byte or six-byte operand as a long pointer to the destination, The JMP and forms fetch the long pointer from the memory location specified (indirection). In Real Address Mode or Virtual 8086 Mode, the long pointer provides 16 bits for the CS register and 16 or 32 bits for the EIP register (depending on the operand-size attribute). In Protected Mode, both long pointer forms consult the Access Rights (AR) byte in the descriptor indexed by the selector part of the long pointer Flags Affected : All if a task switch takes place; none if no task switch occurs Exceptions : Protected Mode Far jumps : GP, NP, SS, and TS Near direct jumps : GP(Q) if procedure location is beyond the code segment limits Near indirect jumps : GP(0) - for an illegal memory operand with ar effective address in the CS, DS, ES, FS, or G5 segments $S(0) - for an illegal address in the SS segment. GP - if the indirect offset obtained is beyond the code segment limits, PF-(fault-code) for a page fault Real Address Interrupt 13 if any part of the operand would be outside of the effective Mode address space from 0 to OPFFFH Virtual 8086 Same exceptions as under Real Address Mode. PE-(fault-code) for a page Mode fault TECHNICAL PUBLICATIONS® « An up thrust for knowledgeMicroprocessor 2-27 Applications Instruction Set LAHF -- Load Flags into AH Register LAHF transfers the low byte of the flags word to AH. The bits, from MSB to LSB, are sign, zero, indeterminate, auxiliary, carry, indeterminate, parity, indeterminate, and carry Flags Affected : None Exceptions : None LAR — Load Access Rights Byte The LAR instruction stores a masked form of the second doubleword of the descriptor for the source selector if the selector is visible at the CPL (modified by the ctor’s RPL) and is a valid descriptor type. The destination register is loaded with the high-order doubleword of the descriptor masked by OOFxFF00, and ZF is set to 1. The x sele indicates that the four bits corresponding to the upper four bits of the limit are undefined in the value loaded by LAR. If the selector is invisible or of the wrong type, ZF is cleared. Flags Affected : ZF Exceptions : Protected Mode GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments. $S(0) - for an illegal address in the SS segment. PF -(fault-code) for a page fault. Real Address Mode _ Interrupt 6 - LAR is unrecognized in Real Address Mode. Virtual 8086 Mode __Same exceptions as in Real Address Mode. Examples LAR BX, mem_word LAR DX, BAX LEA -- Load Effective Address LEA calculates the effective address (offset part) and stores it in the specified register The operand-size attribute of the instruction is determined by the chosen register. The address-size attribute is determined by the USE attribute of the segment containing the second operand. The addr by LEA, as follows size and operand-size attributes affect the action performed TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor Applications Instruction Set Operand Size Address Size Action Performed 16 16 16-bit effective address is calculated and stored in requested 16-bit register destination. 16 32 32-bit effective address is calculated. The lower 16 bits of the address are stored in the requested 16-bit register destination 32 16 16-bit effective address is calculated. The 16-bit address is zero-extended and stored in the requested 32-bit register destination. 32 32 32-bit effective address is calculated and stored in the requested 32-bit register destination, Flags Affected : None Exceptions Protected Mode UD - if the second operand is a register. Real Address Mode _ Interrupt 6 if the second oper ind is a register Virtual 8086 Mode __Same exceptions as in Real Address Mode. Examples LEA CX, TOTAL ; Load CX with offset of TOTAL in DS. LEA BP, $5:STACKTOP —_; Load BP with offset of STACK_TOP in $5, LEA AX, [BX] [DI] ; Load AX with EA = [BX] + [DI] LEAVE -- High Level Procedure Exit LEAVE reverses the actions of the ENTER instruction. By copying the frame pointer to the stack p variables. The old frame pointer is popped into BP or EBP, restoring the caller's frame. inter, LEAVE releases the stack space used by a procedure for its local A subsequent RET instruction removes any arguments pushed onto the stack of the exiting procedure Flags Affected : None Exceptions : Protected Mode $5(0) - if BP does not point to a location within the limits of the current stack segment Real Address Mode Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to OFFFFH. Virtual 8086 Mode _ Same exceptions as in Real Address Mod TECHNICAL PUBLICATIONS® - An up thrust for kn wledgejoprocessor Applications Instruction Set LGDTILIDT ~ Load Global/Interrupt Descriptor Table Register The LGDT and LIDT instructions load a linear base address and limit value from a six-byte data operand in memory into the GDTR or IDTR, respectively. If a 16-bit operand is used with LGDT or LIDT, the register is loaded with a 16-bit limit and a 24-bit base, and the high-order eight bits of the six-byte data operand are not used. If a 32-bit operand is used, a 16-bit limit and a 32-bit base is loaded; the high-order eight bits of the six-byte operand are used as high-order base address bits. Flags Affected : None Exceptions : Protected Mode GP(O) - if the current privilege level is not 0, UD - if the source operand is a register, GP(0) - for an illegal memory operand with an effective address in the C5, DS, ES, FS, or GS segments. $$(0) - for an illegal address in the SS segment, PF - (fault-code) for a page fault. Real Address Mode Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to OFFFFH, Interrupt 6 if the source operand is a ster Virtual 8086 Mode Same exceptions as in Real Address Mode, PE - (fault-code) for a page fault LGS/LSS/LDS/LES/LFS -» Load Full Pointer These instructions read a full pointer from memory and store it in the selected segment register:register pair. The full pointer loads 16 bits into the segment register $S, DS, ES, FS, or GS. The other register loads 32 bits if the operand-size attribute is 32 bits, or loads 16 bits if the operand-size attribute is 16 bits Instruction Segment Register Loaded Las cs Iss S LDs Ds LES: ES. LES FS Flags Affected : None @ TECHNICAL PUBLICATIONS® - An up thrust for knowledgejoprocessor 2-30 Applications Instruction Set Exceptions : Protected Mode GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments, $$(0) - for an illegal address in the SS segment, the second ope! st be a memory operand, not a register GP(0) - if a null selector is loaded into SS, PF - (fault-code) for a page fault. Real Address The second operand must be a memory operand, not a register, Interrupt Mode 13 if any part of the operand would lie outside of the effective address space from 0 to OFFFFH. Virtual 8086 Mode Same exceptions as in Real Address Mode, PF -(fault-code) for a page fault Examples LSS SI, myword Loads $5 : reg 16 with memory pointer LFS EBX, myword Loads FS : reg 32 with memory pointer LLDT — Load Local Descriptor Table Register LLDT loads the Local Descriptor Table Register (LDTR). The word operand (memory or register) to LLDT should contain a selector to the Global Descriptor Table (GDT). The GDT entry should be a Local Descriptor Table. If so, then the LDTR is loaded from the entry Flags Affected : None Exceptions : Protected Mode GP(O) - if the current privilege level is not 0, GP - (selector) - if the selector operand does not point into the Global Descriptor Table, or if the entry in the GDT is not a Local Descriptor Table, NP(selector) - if the LDT descriptor is not present, GP(0) - for an illegal memory operand with an effective address in the CS, DS, BS, FS, or GS segments, $5(0) - for an ille PF-(fault-code fault. address in the SS segme for a page Real Address Mode Interrupt 6 - LLDT is not recognized in Real Address Mode Virtual 8086 Mode __Same exceptions as in Real Address Mode. LMSW - Load Machine Status Word LMSW loads the machine status word (part of CRO) from the source operand. This instruction can be used to switch to Protected Mode; if so, it must be followed by an intrasegment jump to fl sh the instruction queue. LMSW will not switch back to Real Address Mode. Flags Affected : None TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor -31 Applications Instruction Set Exceptions : Protected Mode GP(0) - if the current privilege level is not 0, GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments, SS(0) - for an illegal address in the SS segment, PF- (fault-code) for a page fault. Real Address Mode Interrupt 13 if any part of the operand would lie outside of the effective 0 to OFFFEH. address space fron Virtual 8086 Mode _ Same exceptions as in Real Add ess Mode, PF-(fault-code) for a page fault Example LMSW BX Loads MSW with contents of BX LOCK -- Assert LOCK# Signal Prefix The LOCK prefix causes the LOCK signal of the 80386 to be asserted during execution of the instruction that follows it. In a multiprocessor environment, this signal can be used to ensure that the 80386 has exclusive use of any shared memory while LOCK is asserted. The LOCK prefix functions only with the following instructions BI, BIS, BIR, BIC memory, register/immediate XCHG register, memory XCHG memory, register ADD, OR, ADC, SBB, AND, SUB, XOR __ memory, register/immediate NOT, NEG, INC, DEC memory XCHG always asserts LOCK regardless of the presence or absence of the LOCK prefix Flags Affected : None Exceptions : Protected Mode UD - if LOCK is used with an instruction for which LOCK prefix is not allowed other exceptions can be generated by the subsequent (locked) instruction Real Address Mode Interrupt 6 if LOCK is used with an instruction for which LOCK prefix is not allowed exceptions can still be generated by the subsequent (locked) instruction Virtual 8086 Mode UD - if LOCK is used with an instruction for which LOCK prefix is not generated by the subsequent (locked) allowed exceptions can stil instruction, TECHNICAL PUBLICATIONS® - An up thrust for knowledgeApplications Instruction Set LODS/LODSB/LODSWILODSD =- Load String Operand LODS loads the AL, AX, or EAX register with the memory byte, word, or doubleword at the location pointed to by the source-index register. After the transfer is made, the source-index register is automatically advanced. If the direction flag is 0 (CLD was executed), the source index increments; if the direction flag is 1 (STD was executed), it decrements. ‘The increment or decrement is 1 if a byte is loaded, 2 if a word is loaded, or 4 if a doubleword is loaded. Flags Affected : None Exceptions : Protected Mode GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments, $S(0) - for an illegal address in the SS segment, PF(fault-code) - for a page fault. Real Address Mode Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to OFBFFH. Virtual 8086 Mode Same exceptions as in Real Address Mode, PF(fault-code) - for a page fault LOOP/LOOPcond = Loop Control with CX Counter LOOP decrements the count register without changing any of the flags. Conditions are then checked for the form of LOOP being used. If the conditions are met, a short jump is made to the label given by the operand to LOOP. If the address-size attribute is used. 16 bits, the CX register is used as the count register; otherwise the ECX register The operand of LOOP must be in the range from 128 (decimal) bytes before the instruction to 127 bytes ahead of the instruction, Flags Affected : None Exceptions : Protected Mode GP(0) - if the offset jumped to is beyond the limits of the current code segment, Real Address Mode : None tual 8086 Mode : None LSL — Load Segment Limit ‘The LSL instruction loads a register with a segment limit, and sets ZF to 1, provided that the source selector is visible at the CPL and that the descriptor is a type accepted by LSL. Otherwise, ZF is cleared to 0. The segment limit is loaded as a byte granular value. If the descriptor has a page granular segment limit, LSL will translate it to a byte TECHNICAL PUBLICATIONS® - An up thrust for knowiedgezations Instruction Set joprocessor =33 Appl limit before loading it in the destination register (shift left 12 the 20-bit “raw” limit from descriptor, then OR with 00000FFFH) Flags Affected : ZF as described above Exceptions : Protected Mode GP(Q) - for an illegal memory operand with an effective address in the CS, DS, FS, FS, or GS segments, $5(0) - for an illegal address in the SS segment, PF(fault-code) - for a page fault Real Address Mode Interrupt 6 - LSL is not recognized in Real Address Mode. Virtual 8086 Mode __Same exceptions as in Real Address Mode. LTR — Load Task Register LTR loads the task register from the source register or memory location specified by the operand. The loaded task state segment is marked busy. A task switch does not occur. Flags Affected : None Exceptions : Protected Mode GP(O) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments, $S(0) - for an illegal address in the SS segment, GP(0) if the current privilege level is not 0, GP(selector) if the object named by the source selector is not a TSS or is already busy, NP(selector) - if the TSS is marked "not present’, PF(fault-code)- for a page fault. Real Address Mode —_ Interrupt 6 - LTR is not recognized in Real Address Mode. Virtual 8086 Mode Same exceptions as in Real Address Mode. MOV -- Move Data MOV copies the second operand to the first operand. If the destination operand is a segment register (DS, ES, SS, etc.), then data from a descriptor is also loaded into the register. A MOV into SS inhibits all interrupts until after the execution of the next instruction. Flags Affected : None TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor -34 Applications Instruction Set Exceptions : Protected Mode GP, SS, and NP - if a segment register is being loaded; otherwise, GP(0) - if the destination is in a nonwritable segment; GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments, $S(0) - for an illegal address in the SS segment, PF-(fault-code) for a page fault Real Address Mode Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to OFFFFH Virtual 8086 Mode Same exceptions as in Real Address Mode, PF(fault-code) - for a fault Examples MOV BX, 592FH Load the immediate number 592FH in BX MOV DS, CX Copy word from CX register to data segment register MOV -- Move to/from Special Registers The above forms of MOV store or load the following special registers in or from a general purpose register * Control registers CRO, CR2, and CR3 * Debug Registers DRO, DR1, DR2, DR3, DR6, and DR7 * Test Registers TR6 and TR7 Flags Affected : OF, SF, ZF, AF, PF, and CF are undefined Exceptions : Protected Mode GP(O) - if the current privilege level is not 0. Real Address Mode None Virtual 8086 Mode __ GP(0) - if instruction execution is attempted. Examples MOV EAX, CRO Moves control register into EAX register MOV EBX, DO Moves debug register 0 into EBX register MOV CR2, ECX Moves ECX into control register 2 MOVS/MOVSB/MOVSW/MOVSD -- Move Data from String to String MOVS copies the byte or word at [(E)SI] to the byte or word at ES:[(E)DI]. The destination operand must be addressable from the ES register; no segment override is possible for the destination. A segment override can be used for the source operand; the default is DS TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor -35 Applications In ‘The addresses of the source and destination are determined solely by the contents of (®)SI and (E)DI. Load the correct index values into (E)SI and (E)DI before executing the MO’ instruction. MOVSB, MOVSW, and MOVSD are synonyms for the byte, word, and doubleword MOVS instructions. After the data is moved, both (E)SI and (E)DI are advanced automatically. If the direction flag is 0 (CLD was executed), the registers are incremented; if the direction flag is 1 (STD was executed), the registers are decremented. The registers are incremented or decremented by 1 if a byte was moved, 2 if a word was moved, or 4 if a doubleword was moved Flags Affected: None Exceptions Protected Mode GP(O) - if the result is in a nonwritable segment, GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments, $S(0) - for an illegal address in the S5 segment, PF(fault-code) - Real Address Mode Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to OFEFFH. Virtual 8086 Mode Same exceptions as in Real Address Mode, PF(fault-code) - for a page fault. MOVSX -- Move with Sign-Extend MOYSX reads the contents of the effective address or register as a byte or a word, ze attribute of the instruction (16 or 32 bits), and sign-extends the value to the operand stores the result in the destination register Flags Affected : None Exceptions : Protected Mode GP(O) - for an illegal memory operand with an effective address in the CS, DS, ES, FS or GS segments, $§(0) - for an illegal address in the SS segment, PF(fault-code) - for a page fault. Real Address Mode Interrupt 13 - if any part of the operand would lie outside of the effective address space from 0 to OFFFFH. Virtual 8086 Mode Same exceptions as in Real Address Mode, PF(fault-code) - for a page fault Example MOVSX AX, Cl Moves sign extended contents of CL in AX TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-36 Applications Instruction Set MOVZX — Move with Zero-Extend MOVZX reads the contents of the effective address or register as a byte or a word, zero extends the value to the operand-size attribute of the instruction (16 or 32 bits), and stores the result in the destination register Flags Affected: None Exceptions : Protected Mode GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments, $5(0) - for an illegal address in the SS segment, PF(fault-code) - for a page fault Real Address Mode Interrupt 13 - if any part of the operand would lie outside of the effective address space from 0 to OFFFFH. Virtual 8086 Mode Same exceptions as in Real Address Mode, PF(fault-code) ge fault Example MOVZX AX, CI Moves zero extended contents of CL into AX MUL -- Unsigned Multiplication of AL or AX MUL performs unsigned multiplication. Its actions depend on the size of its operand, as follows * A byte operand is multiplied by AL; the result is left in AX. The carry and overflow flags are set to 0 if AH is 0; otherwise, they are set to 1 + A word operand is multiplied by AX; the result is left in DX:AX. DX contains the high-order 16 bits of the product. The carry and overflow flags are set to 0 if DX is 0; otherwise, they are set to 1 © A doubleword operand is multiplied by EAX and the result is left in EDX:EAX. EDX contains the high-order 32 bits of the product. The carry and overflow flags are set to 0 if EDX is 0; otherwise, they are set to 1. Flags Affected : OF and CF as described above; SF, ZF, AF, PF, and CF are undefined Exceptions : Protected Mode GP(O) - for an illegal memory operand with an effective address in the CS, DS, ES, FS, or GS segments, $5(0) - for an illegal address in the SS segment, PF(fault-code) - for a page fault. Real Address Mode Interrupt 13 - if any part of the operand would lie outside of the effective address space from 0 to OFFFFH, Virtual 8086 Mode Same exceptions as in Real Address Mode, PE(fault-code) - for a page fault TECHNICAL PUBLICATIONS® - An up thrust for knowledgejoprocessor Examples MUL BL ; AL x BL, result in AX. MUL BX X x BX, result high word in DX low word in AX. NEG --Two's Complement Negation NEG replaces the value of a register or memory operand with its two's complement The operand is subtracted from zero and the result is placed in the operand. The carry flag, is set to 1, unless the operand is zero, in which case the carry flag is cleared to 0. Flags Affected : CF, OF, SF, ZF and PF Exceptions : Real Mode GP) - if the result is in a nonwritable segment, GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS or GS segments; $8(0) - for an illegal address in the SS segment, PF(fault-code) - for a page fault. Protected Mode Interrupt 13 if any part of the operand would lie outside of the effective address space from 0 to OFFFFH. fault Virtual 8086 Same exceptions as in real-address mode, PF(fault-code) - for a p: Mode NOP -- No Operation NOP performs no operation Flags Affected : None Exceptions : None NOT — One's Complement Negation NOT inverts the operand; every 1 becomes a 0 and vice versa. Flags Affected : None Exceptions : Protected Mode — GP(0) - if the result is in a nonwritable segment, GP(0) - for an illegal memory operand with an effective address in the CS, DS, ES, FS or GS segments, $S(0) - for an illegal address in the SS segment, PF(fault-code) - fault for ap; Real Address Interrupt 13 - if any part of the operand would lie outside of the effective Mode address space from 0 to OFFFFH. Virtual 8086 Same exceptions as in real-address mode; PF(fault-code) - for a page fault Mode TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor 2-38 Applications Instruction Set OR -- Logical Inclusive OR OR computes the inclusive OR of its two operands and places the result in the first operand. Each bit of the result is 0 if both corresponding bits of the operands are 0; otherwise, each bit is 1 The OR instruction is used to set (make one) any bit in the binary number. This is illustrated in Fig. 2.2.2 ales MRK RK IOX Unknown 8-bit binary number +4444 0000 Setting pattern MX X xX Result es _e Fig. 2.2.2 Setting bit/s using OR operation et bits Flags Affected : OF = 0, CF = 0, SF, ZF, and PF is undefined Exceptions : Protected Mode — GP(0) - if the result is in a nonwritable segment, GP(0) - for an illegal memory operand with an effective address in the CS, DS, BS, FS or GS segments; $$(0) - for an illegal address in the SS segment; PF(fault-code) - for a page fault. Real Address Interrupt 13 - if any part of the operand would lie outside of the effective Mode address space from 0) to OFFFFH Virtual 8086 Same exceptions as in real-address mode, PF(fault-code) - for a page fault Mode Examples AL = 1001 0011 = 93H. BL = 0111 0101 = 75H OR BL, AL OR byte in AL with byte in BL. 5 BL = 1111 0111 = F7H CX = 0110 1011 1001 1110 OR CX, OOFOH CX = 0110 1011 1111 1110 OUT — Output to Port OUT transfers a data byte or data word from the register (AL, AX or EAX) given as the second operand to the output port numbered by the first operand, Output to any port from 0 to 65535 is performed by placing the port number in the DX register and then using an OUT instruction with DX as the first operand. If the instruction contains an eight-bit port ID, that value is zero-extended to 16 bits Flags Affected: None TECHNICAL PUBLICATIONS® - An up thrust for knowledgeMicroprocessor -39 Applications Instruction Set Exceptions : Protected Mode GP(O) - if the current privilege level is higher (has less privilege) than IOPL and any of the corresponding I/O permission bits in TSS equals 1. Real Address. None Mode Virtual 8086 GPC) - fault if any of the corresponding I/O permission bits in TSS equals 1 Mode Examples OUT OFBH, AL Copy contents of AL to 8-bit port OFSH. OUT OFBH, AX Copy contents of AX to 16-bit port OFBH. MOV DX, 30F8H Load 16-bit address of the port in DX. OUT DX, AL Copy the contents of AL to port 30F8H. our X, AX Copy the contents of AX to port 30F8H. OUTS/OUTSB/OUTSWIOUTSD = Output String to Port OUTS transfers data from the memory byte, word or doubleword at the source-index register to the output port addressed by the DX register. If the address-size attribute for this instruction is 16 bits, SI is used for the source-index register; otherwise, the address-size attribute is 32 bits and ESI is used for the source-index register. OUTS does not allow specification of the port number as an immediate value. The the DX register value. Load the correct value into DX port must be addressed through before executing the OUTS instruction: The address of the source data is determined by the contents of source-index register. Load the correct index value into SI or ESI before executing the OUTS instruction. After the transfer, source-index register is advanced automatically. If the direction flag, is 0 (CLD was executed), the source-index register is incremented; if the direction flag is 1 (STD was executed), it is decremented. The amount of the increment or decrement is 1 if a byte is output, 2 if a word is output or 4 if a doubleword is outp OUTSB, OUTSW and OUTSD are synonyms for the byte, word and doubleword OUTS instructions. Flags Affected: None Exceptions : Protected Mode — GP(0) - if CPL. is greater than IOPL and any of the corresponding 1/0 permission bits in 'TSS equals 1, GP(0) - for an illegal memory operand with an effective address in the CS, DS or ES segments, $5(0) - for an illegal address in the SS segment, PF(fault-code) - for a page fault. Real Address Interrupt 13 - if any part of the operand would lie outside of the effective Mode address space from 0 to OFFFFH. TECHNICAL PUBLICATIONS® « An up thrust for kr