80486

The extended flag register EFLAG is

The only new flag bit is the AC alignment check, used to
indicate that the microprocessor has accessed a word at an odd
address or a double word boundary.
Efficient software and execution require that data be stored at

Flag Register of 80486

CF: Carry Flag
AF: Auxiliary carry
ZF: Zero Flag
SF : Sign Flag
TF : Trap Flag
IE : Interrupt Enable
DF : Direct Flag
OF : Over Flow
IOPL : I/O Privilege Level
NT : Nested Task Flag
RF : Resume Flag
VM : Virtual Mode
AC : Alignment CheckFlag Register of 80486
Pentium

Block diagram of the Pentium

Figure 1 shows a block diagram of the Pentium design.

The most important enhancements over the 486 are the separate instruction and data caches, the
dual integer pipelines (the U-pipeline and the V-pipeline, as Intel calls them), branch prediction
using the branch target buffer (BTB), the pipelined floating-point unit, and the 64-bit external
data bus. Even-parity checking is implemented for the data bus and the internal RAM arrays
(caches and TLBs).

As for new functions, there are only a few; nearly all the enhancements in Pentium are included
to improve performance, and there are only a handful of new instructions. Pentium is the first
high-performance micro-processor to include a system management mode like those found on
power-miserly processors for notebooks and other battery-based applications; Intel is holding to
its promise to include SMM on all new CPUs. Pentium uses about 3 million transistors on a huge
294 mm 2 (456k mils 2 ). The caches plus TLBs use only about 30% of the die. At about 17 mm
on a side, Pentium is one of the largest microprocessors ever fabricated and probably pushes
Intel’s production equipment to its limits. The integer data path is in the middle, while the
floating-point data path is on the side opposite the data cache. In contrast to other superscalar
designs, such as SuperSPARC, Pentium’s integer data path is actually bigger than its FP data
path. This is an indication of the extra logic associated with complex instruction support. Intel
estimates about 30% of the transistors were devoted to compatibility with the x86 architecture.
Much of this overhead is probably in the microcode ROM, instruction decode and control unit,
and the adders in the two address generators, but there are other effects of the complex
instruction set. For example, the higher frequency of memory references in x86 programs
compared to RISC code led to the implementation of the dual-ac.

Register set

The purpose of the Register is to hold temporary results, and control the execution of the
program. General-purpose registers in Pentium are EAX, ECX, EDX, EBX, ESP, EBP,ESI, or
EDI.

The 32-bit registers are named with prefix E, EAX, etc, and the least 16 bits 0-15 of these
registers can be accessed with names such as AX, SI Similarly the lower eight bits (0-7) can be
accessed with names such as AL & BL. The higher eight bits (8-15) with names such as AH &
BH. The instruction pointer EAP known as program counter(PC) in 8-bit microprocessor, is a
32-bit register to handle 32-bit memory addresses, and the lower 16 bit segment IP is used for
16-bi memory address.

The flag register is a 32-bit register , however 14-bits are being used at present for 13 different
tasks; these flags are upward compatible with those of the 8086 and 80286. The comparison of
the available flags in 16-bit and 32-bit microprocessor is may provide some clues related to
capabilities of these processors. The 8086 has 9 flags, the 80286 has 11 flags, and the 80286 has
13 flags. All of these flag registers include 6 flags related to data conditions (sign, zero, carry,
auxiliary, carry , overflow, and parity) and three flags related to machine operations.(interrupts,
Single-step and Strings). The 80286 has two additional : I/O Privilege and Nested Task. The I/O
Privilege uses two bits in protected mode to determine which I/O instructions can be used, and
the nested task is used to show a link between two tasks.

The processor also includes control registers and system address registers , debug and test
registers for system and debugging operations.

Addressing mode & Types of instructions

Instruction set is divided into 9 categories of operations and has 11 addressing modes. In addition
to commonly available instructions in a 8 bit microprocessor and this set includes operations
such as bit manipulation and string operations, high level language support and operating system
support. An instruction may have 0-3 operands and the operand can be 8, 16, or 32- bits long.
The 80386 handles various types of data such as Single bit , string of bits , signed and unsigned
8-, 16-, 32- and 64- bit data, ASCII character and BCD numbers.
High level language support group includes instructions such as ENTER and LEAVE. The
ENTER instruction is used to ENTER from a high level language and it assigns memory location
on the stack for the routine being entered and manages the stack. On the other hand the LEAVE
generates a return procedure for a high level language. The operating system support group
includes several instructions , such as APRL.( Adjust Requested Privilege Level) and the
VERR/W (Verify Segment for Reading or Writing). The APRL is designed to prevent the
operating system from gaining access to routines with a higher priority level and the instructions
VERR/W verify whether the specified memory address can be reached from the current privilege
level.

The FLAGS register is the status register in Intel x86 microprocessors that contains the current
state of the processor. This register is 16 bits wide. Its successors, the EFLAGS and RFLAGS
registers, are 32 bits and 64 bits wide, respectively. The wider registers retain compatibility with
their smaller predecessors.

Intel x86 FLAGS register

Bit # Abbreviation Description Category[1]
FLAGS
 0 CF Carry flag S
1 1 Reserved
2 PF Parity flag S
3 0 Reserved
4 AF Adjust flag S
5 0 Reserved
6 ZF Zero flag S
7 SF Sign flag S
8 TF Trap flag (single step) X
9 IF Interrupt enable flag X
10 DF Direction flag C
11 OF Overflow flag S
12, 13 IOPL I/O privilege level (286+ only) X
14 NT Nested task flag (286+ only) X
15 0 Reserved
EFLAGS
16 RF Resume flag (386+ only) X
17 VM Virtual 8086 mode flag (386+ only) X
18 AC Alignment check (486SX+ only) X
19 VIF Virtual interrupt flag (Pentium+) X
20 VIP Virtual interrupt pending (Pentium+) X
21 ID Able to use CPUID instruction (Pentium+) X
22 0 Reserved
23 0 Reserved
24 0 Reserved
25 0 Reserved
26 0 Reserved
27 0 Reserved
28 0 Reserved
29 0 Reserved
30 0 Reserved
31 0 Reserved
RFLAGS
32-63 0 Reserved

1. ^ S: Status flag
C: Control flag
X: System flag

80386 Register Addressing Modes

The 80386 (and later) processors provide 32 bit registers. The eight general-purpose
registers all have 32 bit equivalents. They are eax, ebx, ecx, edx, esi, edi, ebp, and esp. If you
are using an 80386 or later processor you can use these registers as operands to several
80386 instructions.
4.6.4 80386 Memory Addressing Modes
The 80386 processor generalized the memory addressing modes. Whereas the 8086
only allowed you to use bx or bp as base registers and si or di as index registers, the 80386
lets you use almost any general purpose 32 bit register as a base or index register. Furthermore,
the 80386 introduced new scaled indexed addressing modes that simplify accessing
elements of arrays. Beyond the increase to 32 bits, the new addressing modes on the 80386
are probably the biggest improvement to the chip over earlier processors.
4.6.4.1 Register Indirect Addressing Modes
On the 80386 you may specify any general purpose 32 bit register when using the register
indirect addressing mode. [eax], [ebx], [ecx], [edx], [esi], and [edi] all provide offsets,
by default, into the data segment. The [ebp] and [esp] addressing modes use the stack segment
by default.
Note that while running in 16 bit real mode on the 80386, offsets in these 32 bit registers
must still be in the range 0…0FFFFh. You cannot use values larger than this to access
more than 64K in a segment10. Also note that you must use the 32 bit names of the registers.
You cannot use the 16 bit names. The following instructions demonstrate all the legal
forms:
mov al, [eax]
mov al, [ebx]
mov al, [ecx]
mov al, [edx]
mov al, [esi]
mov al, [edi]
mov al, [ebp] ;Uses SS by default.
10. Unless, of course, you’re operating in protected mode, in which case this is perfectly legal.
Chapter 04
Page 164
mov al, [esp] ;Uses SS by default.
4.6.4.2 80386 Indexed, Base/Indexed, and Base/Indexed/Disp Addressing Modes
The indexed addressing modes (register indirect plus a displacement) allow you to
mix a 32 bit register with a constant. The base/indexed addressing modes let you pair up
two 32 bit registers. Finally, the base/indexed/displacement addressing modes let you
combine a constant and two registers to form the effective address. Keep in mind that the
offset produced by the effective address computation must still be 16 bits long when operating
in real mode.
On the 80386 the terms base register and index register actually take on some meaning.
When combining two 32 bit registers in an addressing mode, the first register is the base
register and the second register is the index register. This is true regardless of the register
names. Note that the 80386 allows you to use the same register as both a base and index
register, which is actually useful on occasion. The following instructions provide representative
samples of the various base and indexed address modes along with syntactical variations:
mov al, disp[eax] ;Indexed addressing
mov al, [ebx+disp] ; modes.
mov al, [ecx][disp]
mov al, disp[edx]
mov al, disp[esi]
mov al, disp[edi]
mov al, disp[ebp] ;Uses SS by default.
mov al, disp[esp] ;Uses SS by default.
The following instructions all use the base+indexed addressing mode. The first register
in the second operand is the base register, the second is the index register. If the base
register is esp or ebp the effective address is relative to the stack segment. Otherwise the
effective address is relative to the data segment. Note that the choice of index register does
not affect the choice of the default segment.
mov al, [eax][ebx] ;Base+indexed addressing
mov al, [ebx+ebx] ; modes.
mov al, [ecx][edx]
mov al, [edx][ebp] ;Uses DS by default.
mov al, [esi][edi]
mov al, [edi][esi]
mov al, [ebp+ebx] ;Uses SS by default.
mov al, [esp][ecx] ;Uses SS by default.
Naturally, you can add a displacement to the above addressing modes to produce the
base+indexed+displacement addressing mode. The following instructions provide a
representative
sample of the possible addressing modes:
mov al, disp[eax][ebx] ;Base+indexed addressing
mov al, disp[ebx+ebx] ; modes.
mov al, [ecx+edx+disp]
mov al, disp[edx+ebp] ;Uses DS by default.
mov al, [esi][edi][disp]
mov al, [edi][disp][esi]
mov al, disp[ebp+ebx] ;Uses SS by default.
mov al, [esp+ecx][disp] ;Uses SS by default.
There is one restriction the 80386 places on the index register. You cannot use the esp
register as an index register. It’s okay to use esp as the base register, but not as the index
register.
Memory Layout and Access
Page 165
4.6.4.3 80386 Scaled Indexed Addressing Modes
The indexed, base/indexed, and base/indexed/disp addressing modes described
above are really special instances of the 80386 scaled indexed addressing modes. These
addressing modes are particularly useful for accessing elements of arrays, though they are
not limited to such purposes. These modes let you multiply the index register in the
addressing mode by one, two, four, or eight. The general syntax for these addressing
modes is
disp[index*n]
[base][index*n]
or
disp[base][index*n]
where “base” and “index” represent any 80386 32 bit general purpose registers and “n” is
the value one, two, four, or eight.
The 80386 computes the effective address by adding disp, base, and index*n together.
For example, if ebx contains 1000h and esi contains 4, then
mov al,8[ebx][esi*4] ;Loads AL from location 1018h
mov al,1000h[ebx][ebx*2] ;Loads AL from location 4000h
mov al,1000h[esi*8] ;Loads AL from location 1020h
Note that the 80386 extended indexed, base/indexed, and base/indexed/displacement
addressing modes really are special cases of this scaled indexed addressing mode with
“n” equal to one. That is, the following pairs of instructions are absolutely identical to the
80386:
mov al, 2[ebx][esi*1] mov al, 2[ebx][esi]
mov al, [ebx][esi*1] mov al, [ebx][esi]
mov al, 2[esi*1] mov al, 2[esi]
Of course, MASM allows lots of different variations on these addressing modes. The
following provide a small sampling of the possibilities:
disp[bx][si*2], [bx+disp][si*2], [bx+si*2+disp], [si*2+bx][disp],
disp[si*2][bx], [si*2+disp][bx], [disp+bx][si*2]
4.6.4.4 Some Final Notes About the 80386 Memory Addressing Modes
Because the 80386’s addressing modes are more orthogonal, they are much easier to
memorize than the 8086’s addressing modes. For programmers working on the 80386 processor,
there is always the temptation to skip the 8086 addressing modes and use the 80386
set exclusively. However, as you’ll see in the next section, the 8086 addressing modes
really are more efficient than the comparable 80386 addressing modes. Therefore, it is
important that you know all the addressing modes and choose the mode appropriate to
the problem at hand.
When using base/indexed and base/indexed/disp addressing modes on the 80386,
without a scaling option (that is, letting the scaling default to “*1”), the first register
appearing in the addressing mode is the base register and the second is the index register.
This is an important point because the choice of the default segment is made by the choice
of the base register. If the base register is ebp or esp, the 80386 defaults to the stack segment.
In all other cases the 80386 accesses the data segment by default, even if the index register
is ebp. If you use the scaled index operator (“*n”) on a register, that reregister is always

the index register regardless of where it appears in the addressing mode:

6.1 The Processor Status Register (Flags)

The flags register maintains the current operating mode of the CPU and some instruction
state information. Figure 6.1 shows the layout of the flags register.
The carry, parity, zero, sign, and overflow flags are special because you can test their
status (zero or one) with the setcc and conditional jump instructions (see “The “Set on
Condition” Instructions” on page 281 and “The Conditional Jump Instructions” on
page 296). The 80x86 uses these bits, the condition codes, to make decisions during program
execution.
Various arithmetic, logical, and miscellaneous instructions affect the overflow flag.
After an arithmetic operation, this flag contains a one if the result does not fit in the signed
destination operand. For example, if you attempt to add the 16 bit signed numbers 7FFFh
and 0001h the result is too large so the CPU sets the overflow flag. If the result of the
arithmetic
operation does not produce a signed overflow, then the CPU clears this flag.
Since the logical operations generally apply to unsigned values, the 80x86 logical
instructions simply clear the overflow flag. Other 80x86 instructions leave the overflow
flag containing an arbitrary value.
The 80x86 string instructions use the direction flag. When the direction flag is clear, the
80x86 processes string elements from low addresses to high addresses; when set, the CPU
processes strings in the opposite direction. See “String Instructions” on page 284 for
additional
details.
The interrupt enable/disable flag controls the 80x86’s ability to respond to external
events known as interrupt requests. Some programs contain certain instruction sequences
that the CPU must not interrupt. The interrupt enable/disable flag turns interrupts on or
off to guarantee that the CPU does not interrupt those critical sections of code.
Figure 6.1 80x86 Flags Register
Overflow
Direction
Interrupt
Trace
Sign
Zero
Auxiliary Carry
Parity
Carry
= Unused
The 80x86 Instruction Set
Page 245
The trace flag enables or disables the 80x86 trace mode. Debuggers (such as CodeView)
use this bit to enable or disable the single step/trace operation. When set, the CPU interrupts
each instruction and passes control to the debugger software, allowing the debugger
to single step through the application. If the trace bit is clear, then the 80x86 executes
instructions without the interruption. The 80x86 CPUs do not provide any instructions
that directly manipulate this flag. To set or clear the trace flag, you must:
• Push the flags onto the 80x86 stack,
• Pop the value into another register,
• Tweak the trace flag value,
• Push the result onto the stack, and then
• Pop the flags off the stack.
If the result of some computation is negative, the 80x86 sets the sign flag. You can test
this flag after an arithmetic operation to check for a negative result. Remember, a value is
negative if its H.O. bit is one. Therefore, operations on unsigned values will set the sign
flag if the result has a one in the H.O. position.
Various instructions set the zero flag when they generate a zero result. You’ll often use
this flag to see if two values are equal (e.g., after subtracting two numbers, they are equal
if the result is zero). This flag is also useful after various logical operations to see if a specific
 bit in a register or memory location contains zero or one.
The auxiliary carry flag supports special binary coded decimal (BCD) operations. Since
most programs don’t deal with BCD numbers, you’ll rarely use this flag and even then
you’ll not access it directly. The 80x86 CPUs do not provide any instructions that let you
directly test, set, or clear this flag. Only the add, adc, sub, sbb, mul, imul, div, idiv, and BCD
instructions manipulate this flag.
The parity flag is set according to the parity of the L.O. eight bits of any data operation.
If an operation produces an even number of one bits, the CPU sets this flag. It clears this
flag if the operation yields an odd number of one bits. This flag is useful in certain data
communications programs, however, Intel provided it mainly to provide some compatibility
with the older 8080

mP.
The carry flag has several purposes. First, it denotes an unsigned overflow (much like
the overflow flag detects a signed overflow). You will also use it during multiprecision
arithmetic and logical operations. Certain bit test, set, clear, and invert instructions on the
80386 directly affect this flag. Finally, since you can easily clear, set, invert, and test it, it is
useful for various boolean operations. The carry flag has many purposes and knowing
when to use it, and for what purpose, can confuse beginning assembly language
programmers.
Fortunately, for any given instruction, the meaning of the carry flag is clear.

AC: Alignment-Check flag

When this bit is set, an alignment check is

performed during all memory accesses at

privilege level 3. If an unaligned access

takes place, exception 17 occurs.

VIF and VIP EFLAGS Bits

Two new flags were added to the EFLAGS register. These flags are intended for use when the
IOPL of the Ev86 task is less than 3 (see sidebar Caveats Of VME (When CR4.VME=1)). They
can only be purposely modified by the CPL-0 Ev86 monitor or an interrupt service routine.

VIF is a virtualized version of the standard interrupt flag (IF). While the Ev86 task is running,
any CLI and STI instruction will not modify the actual IF, instead these instructions modify VIF.
[5] This fact is completely hidden from the Ev86 task, as PUSHF, POPF, INT-n, and IRET have
also been modified to help hide this behavior.
The VIP flag is a Virtual Interrupt Pending flag. VIP can assist the multitasking operating system
in sending a virtual interrupt to the Ev86 task. The easiest way to understand VIP is to explain its
use in the context of a program running on an 8086. When the 8086 is in an uninterruptible state,
external interrupts remain pending but don't get serviced. After IF is set (because of STI, POPF,
or IRET), the pending interrupt is serviced by the CPU. VIF and VIP are intended to serve this
same purpose to the MTOS running an Ev86 task. Let's assume your Ev86 task was at the same
uninterruptible point as the previous 8086 example. A timer-tick interrupt occurs, and the MTOS
services the interrupt. During the interrupt service routine, the MTOS decided that the Ev86 task
needs to service this timer tick, and sets VIP. After returning, the Ev86 task is still in an
uninterruptible state (VIF=0). At some later time, the Ev86 task attempts to set IF (STI, POPF, or
IRET). When this happens, the Ev86 task becomes interruptible, and a general protection fault to
the monitor immediately occurs (#GP(0)).[8]

The ability to set and clear identification flag(ID) indicates that processor supports the CPU ID
instruction.CPU ID instrctn. Provides information abt s/w to vendor

• The Internal Architecture of 80386 is divided into 3 sections.

• Central processing unit(CPU)
• Memory management unit(MMU)
• Bus interface unit(BIU)
• Central processing unit is further divided into Execution unit(EU) and Instruction
unit(IU)

Execution unit has 8 General purpose and 8 Special purpose registers which are either used
for handling data or calculating offset addresses.
The Instruction unit decodes the opcode bytes received from the 16-byte instruction code
queue and arranges them in a 3- instruction decoded instruction queue.

•After decoding them pass it to the control section for deriving the necessary control
signals. The barrel shifter increases the speed of all shift and rotate operations.

• The multiply / divide logic implements the bit-shift-rotate algorithms to complete the
operations in minimum time.

•Even 32- bit multiplications can be executed within one microsecond by the multiply /
divide logic.

The Memory management unit consists of

 Segmentation unit and

 Paging unit.

•Segmentation unit allows the use of two address components, viz. segment and offset for
relocability and sharing of code and data.

•Segmentation unit allows segments of size 4Gbytes at max.

•The Paging unit organizes the physical memory in terms of pages of 4kbytes size each.

•Paging unit works under the control of the segmentation unit, i.e. each segment is further
divided into pages. The virtual memory is also organizes in terms of segments and pages by
the memory management unit.

The Segmentation unit provides a 4 level protection mechanism for protecting and isolating
the system code and data from those of the application program.

•Paging unit converts linear addresses into physical addresses.

•The control and attribute PLA checks the privileges at the page level. Each of the pages
maintains the paging information of the task. The limit and attribute PLA checks segment
limits and attributes at segment level to avoid invalid accesses to code and data in the
memory segments.

•The Bus control unit has a prioritizer to resolve the priority of the various bus
requests.This controls the access of the bus. The address driver drives the bus enable and
address signal A0 – A31. The pipeline and dynamic bus sizing unit handle the related
control signals.

The data buffers interface the internal data bus with the system bus.

Register Organisation:

•The 80386 has eight 32 - bit general purpose registers which may be used as either 8 bit or
16 bit registers.

•A 32 - bit register known as an extended register, is represented by the register name with
prefix E.

•Example : A 32 bit register corresponding to AX is EAX, similarly BX is EBX etc.

•The 16 bit registers BP, SP, SI and DI in 8086 are now available with their extended size of
32 bit and are names as EBP,ESP,ESI and EDI.

•AX represents the lower 16 bit of the 32 bit register EAX.

BP, SP, SI, DI represents the lower 16 bit of their 32 bit counterparts, and can be used as
independent 16 bit registers.

•The six segment registers available in 80386 are CS, SS, DS, ES, FS and GS.

•The CS and SS are the code and the stack segment registers respectively, while DS, ES,FS,
GS are 4 data segment registers.
•A 16 bit instruction pointer IP is available along with 32 bit counterpart EIP.

•Flag Register of 80386: The Flag register of 80386 is a 32 bit register. Out of the 32 bits,
Intel has reserved bits D18 to D31, D5 and D3, while D1 is always set at 1.Two extra new
flags are added to the 80286 flag to derive the flag register of 80386. They are VM and RF
flags.

• VM - Virtual Mode Flag: If this flag is set, the 80386 enters the virtual 8086 mode within
the protection mode. This is to be set only when the 80386 is in protected mode. In this
mode, if any privileged instruction is executed an exception 13 is generated. This bit can be
set using IRET instruction or any task switch operation only in the protected mode.

•RF- Resume Flag: This flag is used with the debug register breakpoints. It is
checked at the starting of every instruction cycle and if it is set, any debug fault is ignored
during the instruction cycle. The RF is automatically reset after successful execution of
every instruction, except for IRET and POPF instructions.

Segment Descriptor Registers: This registers are not available

for programmers, rather they are internally used to store the descriptor
information, like attributes, limit and base addresses of segments.

•The six segment registers have corresponding six 73 bit descriptor registers. Each of them
contains 32 bit base address, 32 bit base limit and 9 bit attributes. These are automatically
loaded when the corresponding segments are loaded with selectors.

•Control Registers: The 80386 has three 32 bit control registers CR0, CR2 and CR3 to hold
global machine status independent of the executed task. Load and store instructions are
available to access these registers.

•System Address Registers: Four special registers are defined to refer to the descriptor
tables supported by 80386.

The 80386 supports four types of descriptor table, viz. global descriptor table
(GDT),interrupt descriptor table (IDT), local descriptor table (LDT) and task state
segment descriptor (TSS).

•Debug and Test Registers: Intel has provide a set of 8 debug registers for hardware
debugging. Out of these eight registers DR0 to DR7, two registers DR4 and DR5 are Intel
reserved.

•The initial four registers DR0 to DR3 store four program controllable breakpoint
addresses, while DR6 and DR7 respectively hold breakpoint status and breakpoint control
information.

•Two more test register are provided by 80386 for page caching namely test control and
test status register.