Real Mode and Protect Mode


Real Mode and Protect Real Mode and Protect Mode ArchitectureMode Architecture

Wannachai Wannasawade

Real Mode and Protect Mode


1First M byte of memory is called real real

memorymemory oo conventional memory conventional memory o8 0 8 8 /8 6 8 0 1 8 8 /1 8 6

operate exclusively in real mode (upward compatible upto P4)

4oP) 80286+ can operate in both real &

protected mode operate in both real & protected mode all members of the family

Real Mode and Protect Mode


All real mode memory addresses comprise ofa segmentaddr ess +off set addr ess Segment Address: located in segment registers, defi n

es t he begi nni ng addr ess of any - 6 4 K byte m emor y segment

Offset Address: selects any location within t he - 64K byte memory segment (also called displacement) Note: All segments in real mode have afixed -length of 6 4 K bytes

Real Mode and Protect Mode


-64K byt e Segmen







1 0 0 0

oooo ooo oooooooo


Real Mode and Protect Mode


Physical Address Physical Address

Segment + Offset by shift left segment 1 byte


Segment is 2000H Offset is 1234H

thus Physical Address is 2 0 0 0 0 +1 2 3 4 H =


In real mode, Segment size are 64Kbyte per Segmen


Real Mode and Protect Mode


Default Segment and Offset Register It’s combination between segment and offset. For

example CS:IP or CS:EIP

Segment oooooo Pur poseCS oo Instruction AddressSS SP or BP Stack AddressDS BX,DI,SI,and Data Address

8 ,1 6 bit numberES DI for string String Destination

instruction Address

Real Mode and Protect Mode


Segment oooooo Pur poseCS EIP Instruction AddressSS ESP or EBP Stack AddressDS EAX.EBX,ECX,

EDX, EDI,ESI, Data Address and 8 ,3 2 bit number

ES EDI for string String Destinationinstruction Address

FS No default General AddressGS No default General Address

Real Mode and Protect Mode


A new program is loaded in t he TPA at the first free location

which is pointed at by -the freepointer Program loading is handledautomatically -by the program loader Both of the above pointers a

r e managed by operating system

Real Mode and Protect Mode


Example of loading a program in TPA

Suppose an application requires1 000Hbyt es of memory for cod

, 1 9 0 200bytesfordataand H for

stack and no extra segment

Real Mode and Protect Mode


o Relocation: ( i.e., usable without any change if moved in memory)

Advantage of segment + offset addressing: the resulting address is relocatable, is useful as it allows seamless relocation of programs This allows the same program to be executed on slightly different machines (or slightly different operating systems)

operating systems) This also allows real mode programs to work in

protected mode

Real Mode and Protect Mode


: 1More than Mbyte



Protected Mode: System Descriptor Tables

ooooooooooo o ooooooooo

Real Mode and Protect Mode


What comprises the state of a running program (a process o r task)?

If a second process,2P , is to be created and run (not shown), then the state of 1P must be saved so it can be later resumed -with no side effects.

Since only one copy of the registers exist, they must be s aved in memory.

We’ll see there is hardware support for doing this on the Pentium later.

Real Mode and Protect Mode


For now, let’s focus on the organization and management ofmemory. Ideally, programmers would like a fast, infinitely large nonv olatilememor y. In reality, computers have a memory hierarchy:

Cache (SRAMS) : Small (KBytes), expensive, volatile and very fast (< 5ns).

Main Memory (DRAM) -: Larger (MBytes), medium price d, volatile and mediumspeed (<8 0 ns).

Disk: - - GBytes, low priced, non volatile and slow (ms). Therefore, the OS is charged with managing these limited re

sources and creating the illusion of a fast, infinitely large mai n memory.

The Memory Manager portion of the OS: Tracks memory usage. Allocates/Deallocates memory. Implements virtual memory.

Real Mode and Protect Mode


In a multiprogramming environment, a simple memory management scheme is to divide up memory into n (possibly

-unequal) fixed sized partitions. - These partitions are defined at system start up and can b

e used to store all the segments of the process (e.g., code , d ata and stack).

Advantage:Advantage: it’s simple to implement. However, it utilizes memory poorly. Also, in time sharing systems, queueing up jobs in this manner leads to unacceptable res

ponse time for user processes.

Real Mode and Protect Mode


- In a variable sized partition scheme, the number, lo cation and size of memory partitions vary dynamica

l l y:

1( ) Initially, process A oo oo ooooooo 2( ) Then B and C are created.

3 A ooooooooooo 4 D is created, B terminates.

Real Mode and Protect Mode


o Problem:Problem: Dynamic partition size improves memory utiliza tion but complicates allocation and deallocation by creating h

oles( external fragmentation).o This may prevent a process from running that could other

wise run if the holes were merged, e.g., combining 1X and 2X i n previous slide.

o Memory compaction is a solution but is rarely used becaus e of the CPU time involved.

o Also, the size of a process’s data segments can change dynamically, e.g. malloc().o If a process does not have room to grow, it needs to be mo

ved or killed.

Real Mode and Protect Mode


The hard disk can be used to allow more processes to run th an would normally fit in main memory. For example, when a process blocks I/O (e.g. keyboard i

nput), it can be swapped out to disk, allowing other proces ses to run. The movement of whole processes to and from disk i

s called swapping.swapping. The disk can be used to implement a second scheme, virtuvirtu

al memory. al memory. Virtual memory allows processes to run even when their

total size (code, data and stack) exceeds the amount of ph ysical memory (installed DRAM).

This is very common, for example, in microprocessors wi -th 32 bit address spaces.

If an OS supports virtual memory, it allows for the execu tion of processes that are only partially present in main m

emory. OS keeps the parts of the process that are currently i

n use in main memory and the rest of the process on disk.

Real Mode and Protect Mode


When a new portion of the process is needed, the OS swaps out older notnot recently used recently used memory to disk.

Virtual memory also works in a multiprogrammed system. Main memory stores bits and pieces of many processes. A process blocks whenever it requires a portion of itself

that is on disk, much in the same way it blocks to do I/O. The OS schedules another process to run until the refer

enced portion is fetched from disk. But swapping out portions of memory that vary in size is no t efficient.

External fragmentation is still a problem (it reduces me mory utilization).

Two concepts: Segmentation:Segmentation: Allows the OS to “share” code and enf

orce meaningful constraints on the memory used by a pro cess, e.g. no execution of data.

Paging:Paging: Allows the OS to efficiently manage physical m emory, and makes it easier to implement virtual memory.

Real Mode and Protect Mode


So how does paging work? We will refer to addresses which appear on the address bus

of main memor y as a physical addresses. Processes generate virtual addresses , e.g., MOV EAX, [EBX]

Note, the value given in [EBX] can reference memory lo cations that exceed the size of physical memory.

(We can also start with linear addresses , which are virtu al addresses translated through the segmentation system, to be discussed).

All virtual (or linear) addresses are sent to the Memory Man Memory Managementagement Unit (MMU) Unit (MMU) for translation to a physical address.

Real Mode and Protect Mode


The virtual (and physical) address space is divided into pagpageses.

Page size is architecture dependent but usually range b - etween 512 64K.

Corresponding units in physical memory are called page fr page framesames.

Pages and page frames are usually the same size.

Note that 8 virtual pages are not mapped into physical memor y (indicated by an o on the previous slide).

Assume:• Page size is 4K• Virtual Memory is 64K• ii iii i3 2

• iiiiiiiiii iiiii iii• iiiiii1 6 .• iiii iii8 .

• Assume the process issues the iiiiiii ii i 0 -> iiiiii translates it to physical a

iiiiii 8192(using the layout on right.) • ii iiiiiiiiii ii, 2 0 5 0 0 physic 12 20 12308al address K + = .

Real Mode and Protect Mode


A present /absent present /absent bit in the hardware indicates which virtua l pages are mapped into physical RAM and which ones are not (

out on disk). What happens when a process issues an address to an unmapped page?

MMU notes page is unmapped using present/absent bit. MMU causes CPU to traptrap - to OS page fault. OS selects a page frame to replace and saves its current c

ontents to disk. OS fetches the page referenced and places it into the free dpage f r ame. OS changes the mem map and restarts the instruction tha t caused the trap.

Paging allows the physical address space of a process to be n oncontiguous !

This solves the external fragmentation problem (since an y set of pages can be chosen as the address space of the pr

ocess). However, it generally doesn’t allow 100% mem utilization , since the last page of a process may not be entirely used ((ii

nternal fragmentation nternal fragmentation).).

Real Mode and Protect Mode


Address translation by MMU

Real Mode and Protect Mode


Two important issues w.r.t the Page Table: SizeSize::

- The Pentium uses 32 bit virtual addresses. - With a 4K page size, a 32 bit address space has 232/21

2 20= or 1 ,0 4 8 ,5 7 6 virtual page numbers ! If each page table entry occupies 4 bytes, that’s 4MB of

memory, just to store the page table. - For 64 bit machines, there are 252 virtual page number

s !!! PerformancePerformance::

- - The mapping from virtual to physical addresses must b e done f or EVERY memory reference.

Every instruction fetch requires a memory reference. Many instructions have a memory operand. Therefore, the mapping must be extremely fast, a couple nanoseconds, otherwise it becomes the bottleneck.

Real Mode and Protect Mode


Single page table stored in an array of fast hardware registers.

OS loads registers from memory when a process is started. Advantage:Advantage: No memory references are needed for the

page table. Disadvantage:Disadvantage: Context switches require the entire pag

e t abl e t o be loaded. If it is large, this will be expensive.

Page table kept entirely in main memory. Single register points to the start of the page table. Advantage:Advantage: Context switches only require updating ther egi st er pointer. Disadvantage:Disadvantage: One or more memory references are ne

eded t o r ead page table entries for each instruction. Modern computers keep “frequently used” page table entri

es on chip in a cache (similar to first alternative above) and the others in main memory (similar to the second alternative).

Real Mode and Protect Mode


Example of two level page table and page frame

Real Mode and Protect Mode


-This addresses page table size problem since many of the second le vel page tables need not be defined (and therefore stored in main me

mory). Note that two page faults can occur for a single memory reference.

- If the second level page table is not in memory, a page fault occurs. - If the page that the second level entry refers to is not in memory , another page fault occurs.

In general, Page Frames Page Frames are machine dependent with the followinginfo:

Page Frame address : Most significant bits of physical memory address. Present/Absent bit : If 1, page is in memory, if 0, it is on disk. Modified bit : If set, page has been written to, e.g. it is ‘dirty’. Referenced bit : Used in the OS page replacement algorithm. Protection bits : Specifi es if data in page can be read/written/executed.

Real Mode and Protect Mode


- With two level paging, one memory reference could require thr ee memor y accesses !

In order to reduce the number of times this occurs, a fast looku p table called a TLB is added as a hardware cache in the micropro


Real Mode and Protect Mode


Number of TLB entries varies from 8 to 2 0 48

Typically around 64. When a TLB miss occurs:

A trap occurs and an OS routine handles the f ault. The instruction is thenr est ar t ed.

The OS routine copies one (or more) page fra me(s) from the page table in memory to one (o

r more) of the TLB entries. Therefore, if page is referenced again soon, a TL

B hit occurs eliminating the memory reference for the page table entry

Real Mode and Protect Mode


Allows access to data and programs located bo

t h

1above and within the first M byte of memory While offset addresses ( 32 4upto bits or G b 32 4upto bits or G b

iiiiiiii) are still valid, the segment addressing sche

me i s not valid. The segment register in this case contains a sel

ector which selects a iiiiiiiiiiiiiiiiiiii oooo o descript

or t abl e Real mode programs work in protected mode,

because the difference is primarily in the interpre

t at i on of di ff er ent r egi st er s

Real Mode and Protect Mode


ooo oooooooo oo o oooo ooo ooooooooo ooooooo ooo of t

he 8 1 9 2 descriptors stored in one of two descrip

oooo Descriptor: describes the location, length and ooo

ess r i ght s of t he memor y segment

Types of descriptor tables

iiiiii iiiiiiiiii iiiiiiiiiii iiiiiiiiii iiiii (common to all prog

ooooo iiiii iiiiiiiiii iiiiiiiiii iiiiiiiiii iiiii (application specific)

Each descriptor contains 8192 descriptors

Real Mode and Protect Mode


Base Address: indicates the starting location of the segment

For 8 0 2 8 6 , 2 4 bit (1 6 M bytes) For 8 0 3 8 6 +, 3 2 bit (4 G bytes)

Real Mode and Protect Mode


Segment Limit: contains the last offset address found in th e segment

Example: if a segment begins at 60 0000H and ends at 6000FFH, then

Base Address = 60 0000H Segment Limit = 00FFH

For 80286, limit is 16 bits (upto 64K) 80386 20 1For +, limit is bits (upto M, in standard mode)

Real Mode and Protect Mode


Other New Features (in x386+ descriptor)o Granularity bit (G):o If G=0, the limit is in the range 0 – FFFFFHo If G=1, the limit is multiplied by 4K, allowing a

4 4segment length of G bytes in steps of K byteso 1: 1:o Base = start = 1000 0000H; Limit = 001FFH; G =0

o End = Base + Limit = 10000000H + 001FFH = 1000 01 = 1000 01

o 2Example : 2Example :o Base = start = 1000 0000H; Limit = 001F FXXXH;

G = 1o End = Base + Limit = 10000000H + 001F FXXXH

101= F FFFFH 101= F FFFFH

Real Mode and Protect Mode


Other New Featureso AV bit: AV bit is used to indicate whether the segm

ent i s available or reserved by OS or another applicationo D bit: Indicates how x386+ access register and memor y data in the protected modeo - D = 0 16 bit instruction modeo - D = 1 32 bit instruction modeo -This bit value can be over riden

Real Mode and Protect Mode


Real Mode and Protect Mode


Privilege levels are used in multiuser environment (highest RPL = 00)

(highest RPL = 0 0 )

Real Mode and Protect Mode


DS=0008H Descriptor 1, PL = 00 from Global Descriptor

Descriptor Contains Base Address: 0010 0000H

Segment Limit = 000FFH Note: Descriptor 0 is not for program use

oo o ooo oooooo

Real Mode and Protect Mode


GDTR and LDTR are used to access the global & local descriptor tables

al & local descriptor tables

Not addressable for programming

Accessible to OS

Each segment register has a program invisible oo o( which acts like an address cache ) t o ooooo o

he corresponding descriptor information f or a segm

ent r egi st er

Real Mode and Protect Mode


Real Mode and Protect Mode


The memory paging mechanism allows for any phy

sical address t o be assi gned t o any linear address ooo e., relocation is possible)

oooooo ooooooo oo oo ooooooo ooooooooo oo o oooooooo Memory paging allows for a linear address to be ooo

isible translated to a physical address The scheme allows usage of extended memory ooo

ources such as memory between video & system BIO

S etc. Paging mechanism can be used in both real and ooooooooo o oooo

Real Mode and Protect Mode


o Paging unit is controlled by µP’s control registers- (CR0 CR3 in 386 4x + and CR in Pentiums)

Real Mode and Protect Mode


ism are in CR0 and CR3, e.g., PG: (in CR0) PG=1 enables paging mechanism, else linear address is directly converted to a physical address

el se l i near address is directly converted to a physic al addr ess

PCD: (in CR3 ) controls the PCD pin of µP, i.e., PCDooo

1equals logic during bus cycles that are not pages (foo

controlling L2 cache) PWT: (in CR3 ) controls the PWT pin of µP, i.e., PWo ooo

1equals logic during bus cycles that are not pages (foo

o oooo ooooooo oooooo) Page directory base address: (in CR3 ) locates theoooo

directory for page translation unit at any 4K byte bouooooo oo t he memor y syst em

Real Mode and Protect Mode


The page directory has 1024 directory entries

of length 4 bytes each Each page directory entry addresses a page table that contains 1024 entries

ble that contains 1024 entries

Real Mode and Protect Mode


GDTR (global descriptor table register)
IDTR (interrupt descriptor table register)
LDTR (local descriptor table register): A selector into GDTR, which is allocated as local descriptor table
TR (task register): holds a selector which accesses a descriptor that defines the task (an application program or subprogram)

task (an application program or subprogram) Note task switching can done at a rate of 1 7 µs

Real Mode and Protect Mode


Page directory entry: leftmost 1 0 bits (4 M bytesoo oooooo ooooooooo), .., 00000000 003H to F FFFFH

1 0address st page (page ) Page table entry: contains the next 1 0 bits (4 K booo range) after the page directory entry, e.g., 0000 0000H 00000to FFFH refer to both directory and table equal 0 Page offset address: selects a byte in the 4 K byte o oo ooo oooo

Real Mode and Protect Mode



o If page table 0 entry contains address 0010 0000Then

o For l i near addr esses 0000 0000 oo 0000 0

The corresponding physical address is

o 0010 0000 0010 0 0010 0000 0010 0

Real Mode and Protect Mode


Translation Lookaside Buffer (TLB): caches the most recent 32 page directory and page table entries Pentium+ processors have TLBs for each level of page translation

Real Mode and Protect Mode


Real Mode and Protect Mode













Real Mode and Protect Mode


There is only 1 page directory in the system The page directory has 1024 doubleword ooooooo

Page Directory Entry (PDE) Each page table is also 4K bytes in size and has 1024 entries

1024 entries If entire 4 G bytes of RAM are paged, more than

4M byte are required for the storage of paging oooooo
