INTEL 80286 PROGRAMMER'S REFERENCE MANUAL 1987 Intel Corporation makes no warranty for the use of its products and assumes no responsibility for any errors which may appear in this document nor does it make a commitment to update the information contained herein. Intel retains the right to make changes to these specifications at any time, without notice. Contact your local sales office to obtain the latest specifications before placing your order. The following are trademarks of Intel Corporation and may only be used to identify Intel Products: Above, BITBUS, COMMputer, CREDIT, Data Pipeline, FASTPATH, Genius, i, Œ, ICE, iCEL, iCS, iDBP, iDIS, IýICE, iLBX, im, iMDDX, iMMX, Inboard, Insite, Intel, intel, intelBOS, Intelevision, inteligent Identifier, inteligent Programming, Intellec, Intellink, iOSP, iPDS, iPSC, iRMX, iSBC, iSBX, iSDM, iSXM, KEPROM, Library Manager, MAP-NET, MCS, Megachassis, MICROMAINFRAME, MULTIBUS, MULTICHANNEL, MULTIMODULE, MultiSERVER, ONCE, OpenNET, OTP, PC-BUBBLE, Plug-A-Bubble, PROMPT, Promware, QUEST, QueX, Quick-Pulse Programming, Ripplemode, RMX/80, RUPI, Seamless, SLD, UPI, and VLSiCEL, and the combination of ICE, iCS, iRMX, iSBC, iSBX, MCS, or UPI and a numerical suffix, 4-SITE. MDS is an ordering code only and is not used as a product name or trademark. MDS(R) is a registered trademark of Mohawk Data Sciences Corporation. *MULTIBUS is a patented Intel bus. Additional copies of this manual or other Intel literature may be obtained from: Intel Corporation Literature Distribution Mail Stop SC6-59 3065 Bowers Avenue Santa Clara, CA 95051 (c)INTEL CORPORATION 1987 CG-10/86 Preface ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ This manual describes the 80286, the most powerful 16-bit microprocessor in the 8086 family, and the 80287 Numeric Processor Extension (NPX). Organization of This Manual 80286 The 80286 contains a table of contents, eleven chapters, four appendices, and an index. For more information on the 80286 book's organization, see its first chapter, Chapter 1, "Introduction to the 80286." Section 1.4 in that chapter explains the organization in detail. Notational Conventions This manual uses special notation to represent sub- and superscript characters. Subscript characters are surrounded by {curly brackets}, for example 10{2} = 10 base 2. Superscript characters are preceeded by a caret and enclosed within (parentheses), for example 10^(3) = 10 to the third power. Table of Contents ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Chapter 1 Introduction to the 80286 1.1 General Attributes 1.2 Modes of Operation 1.3 Advanced Features 1.3.1 Memory Management 1.3.2 Task Management 1.3.3 Protection Mechanisms 1.3.4 Support for Operating Systems 1.4 Organization of This Book 1.5 Related Publications Chapter 2 80286 Base Architecture 2.1 Memory Organization and Segmentation 2.2 Data Types 2.3 Registers 2.3.1 General Registers 2.3.2 Memory Segmentation and Segment Registers 2.3.3 Index, Pointer, and Base Registers 2.3.4 Status and Control Registers 2.4 Addressing Modes 2.4.1 Operands 2.4.2 Register and Immediate Modes 2.4.3 Memory Addressing Modes 2.4.3.1 Segment Selection 2.4.3.2 Offset Computation 2.4.3.3 Memory Mode 2.5 Input/Output 2.5.1 I/O Address Space 2.5.2 Memory-Mapped I\0 2.6 Interrupts and Exceptions 2.7 Hierarchy of Instruction Sets Chapter 3 Basic Instruction Set 3.1 Data Movement Instructions 3.1.1 General-Purpose Data Movement Instructions 3.1.2 Stack Manipulation Instructions 3.2 Flag Operation with the Basic Instruction Set 3.2.1 Status Flags 4 3.2.2 Control Flags 4 3.3 Arithmetic Instructions 3.3.1 Addition Instructions 3.3.2 Subtraction Instructions 3.3.3 Muitiplication Instructions 3.3.4 Division Instructions 3.4 Logical Instructions 3.4.1 Boolean Operation Instructions 3.4.2 Shift and Rotate Instructions 3.4.2.1 Shift Instructions 3.4.2.2 Rotate Instructions 3.4.3 Type Conversion and No-Operation Instructions 3.5 Test and Compare Instructions 3.6 Control Transfer Instructions 3.6.1 Unconditional Transfer Instructions 3.6.1.1 Jump instruction 3.6.1.2 Call Instruction 3.6.1.3 Return and Return from interrupt Instruction 3.6.2 Conditional Transfer Instructions 3.6.2.1 Conditional Jump Instructions 3.6.2.2 Loop Instructions 3.6.2.3 Executing a Loop or Repeat Zero Times 3.6.3 Software-Generated Interrupts 3.6.3.1 Software Interrupt Instruction 3.7 Character Translation and String Instructions 3.7.1 Translate Instruction 3.7.2 String Manipulation Instructions and Repeat Prefixes 3.7.2.1 String Movement Instructions 3.7.2.2 Other String Operations 3.8 Address Manipulation Instructions 3.9 Flag Control instructions 3.9.1 Carry Flag Control Instructions 3.9.2 Direction Flag Control Instructions 3.9.3 Flag Transfer Instructions 3.10 Binary-Coded Decimal Arithmetic Instructions 3.10.1 Packed BCD Adjustment Instructions 3.10.2 Unpacked BCD Adjustment Instructions 3.11 Trusted Instructions 3.11.1 Trusted and Privileged Restrictions on POPF and IRET 3.11.2 Machine State Instructions 3.11.3 Inputand Output Instructions 3.12 Processor Extension Instructions 3.12.1 Processor Extension Synchronization Instructions 3.12.2 Numeric Data Processor Instructions 3.12.2.1 Arithmetic Instructions 3.12.2.2 Comparison Instructions 3.12.2.3 Transcendental Instructions 3.12.2.4 Data Transfer Instructions 3.12.2.5 Constant Instructions Chapter 4 Extended Instruction Set 4.1 Block I\O Instructions 4.2 High-Level Instructions Chapter 5 Real Address Mode 5.1 Addressing and Segmentation 5.2 Interrupt Handling 5.2.1 Interrupt Vector Table 5.2.1.1 Interrupt Procedures 5.2.2 Interrupt Priorities 5.2.3 Reserved and Dedicated Interrupt Vectors 5.3 System Initialization. Chapter 6 Memory Management and Virtual Addressing 6.1 Memory Management Overview 6.2 Virtual Addresses 6.3 Descriptor Tables 6.4 Virtual-to-Physical Address Translation 6.5 Segments and Segment Descriptors 6.6 Memory Management Registers 6.6.1 Segment Address Translation Registers 6.6.2 System Address Registers Chapter 7 Protection 7.1 Introduction 7.1.1 Types of Protection 7.1.2 Protection Implementation 7.2 Memory Management and Protection 7.2.1 Separation of Address Spaces 7.2.2 LDT and GDT Access Checks 7.2.3 Type Validation 7.3 Privilege Levels and Protection 7.3.1 Example of Using Four Privilege Levels 7.3.2 Privilege Usage 7.4 Segment Descriptor 7.4.1 Data Accesses 7.4.2 Code Segment Access 7.4.3 Data Access Restriction by Privilege Level 7.4.4 Pointer Privilege Stamping via ARPL 7.5 Control Transfers 7.5.1 Gates 7.5.1.1 Call Gates 7.5.1.2 Intra-Level Transfers via Call Gate 7.5.1.3 Inter-Level Control Transfer via Call Gates 7.5.1.4 Stack Changes Caused by Call Gates 7.5.2 Inter-Level Returns Chapter 8 Tasks and State Transitions 8.1 Introduction 8.2 Task State Segments and Descriptors 8.2.1 Task State Segment Descriptors 8.3 Task Switching 8.4 Task Linking 8.5 Task Gates Chapter 9 Interrupts and Exceptions 9.1 Interrupt Descriptor Table 9.2 Hardware Initiated Interrupts 9.3 Software Initiated Interrupts 9.4 Interrupt Gates and Trap Gates 9.5 Task Gates and Interrupt Tasks 9.5.1 Scheduling Considerations 9.5.2 Deciding Between Task, Trap, and Interrupt Gates 9.6 Protection Exceptions and Reserved Vectors 9.6.1 Invalid OP-Code (Interrupt 6) 9.6.2 Double Fault (Interrupt 8) 9.6.3 Processor Extension Segment Overrun (Interrupt 9) 9.6.4 Invalid Task State Segment (Interrupt 10) 9.6.5 Not Present (Interrupt 11) 9.6.6 Stack Fault (Interrupt 12) 9.6.7 General Protection Fault (Interrupt 13) 9.7 Additional Exceptions and Interrupts 9.7.1 Single Step Interrupt (Interrupt 1) Chapter 10 System Control and Initialization 10.1 System Flags and Registers 10.1.1 Descriptor Table Registers 10.2 System Control Instructions 10.2.1 Machine Status Word 10.2.2 Other Instructions 10.3 Privileged and Trusted Instructions 10.4 Initialization 10.4.1 Real Address Mode 10.4.2 Protected Mode Chapter 11 Advanced Topics 11.1 Virtual Memory Management 11.2 Special Segment Attributes 11.2.1 Conforming Code Segments 11.2.2 Expand-Down Data Segments 11.3 Pointer Validation 11.3.1 Descriptor Validation 11.3.2 Pointer Integrity: RPL and the"Trojan Horse Problem" 11.4 NPX Context Switching 11.5 Multiprocessor Considerations 11.6 Shutdown Appendix A 80286 System Initialization Appendix B The 80286 Instruction Set Appendix C 8086/8088 Compatibility Considerations Appendix D 80286/80386 Software Compatibility Considerations Index Figures 1-1 Four Privilege Levels 2-1 Segmented Virtual Memory 2-2 Bytes and Words in Memory. 2-3 80286/80287 Supported Data Types 2-4 80286 Base Architecture Register Set 2-5 Real Address Mode Segment Selector Interpretation 2-6 Protected Mode Segment Selector Interpretation 2-7 80286 Stack 2-8 Stack Operation 2-9 BP Usage as a Stack Frame Base Pointer 2-10 Flags Register. 2-11 Two-Component Address 2-12 Use of Memory Segmentation 2-13 Complex Addressing Modes 2-14 Memory-Mapped I/O 2-15 Hierarchy of Instructions 3-1 PUSH 3-2 PUSHA 3-3 POP 3-4 POPA. 3-5 Flag Word Contents 3-6 SAL and SHL 3-7 SHR 3-8 SAR 3-9 ROL 3-10 ROR 3-11 RCL 3-12 RCR 3-13 LAHF and SAHF 3-14 PUSHF and POPF 4-1 Formal Definition of the ENTER Instruction 4-2 Variable Access in Nested Procedures 4-2a Stack Frame for MAIN at Level 1 4-2b Stack Frame for Procedure A 4-2c Stack Frame for Procedure B at Level 3 Called from A 4-2d Stack Frame for Procedure C at Level 3 Called from B 5-1a Forming the Segment Base Address 5-1b Forming the 20-Bit Physical Address in the Real Address Mode 5-2 Overlapping Segments to Save Physical Memory 5-3 Interrupt Vector Table for Real Address Mode 5-4 Stack Structure after Interrupt (Real Address Mode) 6-1 Format of the Segment Selector Component 6-2 Address Spaces and Task Isolation 6-3 Segment Descriptor (S=1) 6-4 Special Purpose Descriptors or System Segment Descriptors (S=O) 6-5 LDT Descriptor 6-6 Virtual-to-Physical Address Translation 6-7 Segment Descriptor Access Bytes 6-8 Memory Management Registers 6-9 Descriptor Loading 7-1 Addressing Segments of a Module within a Task 7-2 Descriptor Cache Registers 7-3 80286 Virtual Address Space 7-4 Local and Global Descriptor Table Definitions 7-5 Error Code Format (on the stack) 7-6 Code and Data Segments Assigned to a Privilege Level. 7-7 Selector Fields 7-8 Access Byte Examples. 7-9 Pointer Privilege Stamping 7-10 Gate Descriptor Format. 7-11 Call Gate 7-12 Stack Contents after an Inter-Level Call 8-1 Task State Segment and TSS Registers 8-2 TSS Descriptor 8-3 Task Gate Descriptor 8-4 Task Switch Through a Task Gate 9-1 Interrupt Descriptor Table Definition 9-2 IDT Selector Error Code. 9-3 Trap/Interrupt Gate Descriptors 9-4 Stack Layout after an Exception with an Error Code 10-1 Local and Global Descriptor Table Definition 10-2 Interrupt Descriptor Table Definition 10-3 Data Type for Global Descriptor Table and Interrupt Descriptor Table 11-1 Expand-Down Segment 11-2 Dynamic Segment Relocation and Expansion of Segment Limit 11-3 Example of NPX Context Switching B-1 /n Instruction Byte Format B-2 /r Instruction Byte Format Tables 2-1 Implied Segment Usage by Index, Pointer, and Base Registers 2-2 Segment Register Selection Rules 2-3 Memory Operand Addressing Modes 2-4 80286 Interrupt Vector Assignments (Real Address Mode) 3-1 Status Flags' Functions 3-2 Control Flags' Functions 3-3 Interpretation of Conditional Transfers 5-1 Interrupt Processing Order 5-2 Dedicated and Reserved Interrupt Vectors in Real Address Mode 5-3 Processor State after RESET 7-1 Segment Access Rights Byte Format 7-2 Allowed Segment Types in Segment Registers 7-3 Call Gate Checks 7-4 Inter-Level Return Checks 8-1 Checks Made during a Task Switch 8-2 Effect of a Task Switch on BUSY and NT Bits and the Link Word 9-1 Trap and Interrupt Gate Checks 9-2 Interrupt and Gate Interactions 9-3 Reserved Exceptions and Interrupts 9-4 Interrupt Processing Order 9-5 Conditions That Invalidate the TSS 10-1 MSW Bit Functions 10-2 Recommended MSW Encodings for Processor Extension Control 11-1 NPX Context Switching B-1 ModRM Values B-2 Protection Exceptions of the 80286 B-3 Hexadecimal Values for the Access Rights Byte C-1 New 80286 Interrupts Chapter 1 Introduction to the 80286 ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The 80286 is the most powerful 16-bit processor in the 8086 series of microprocessors, which includes the 8086, the 8088, the 80186, the 80188, and the 80286. It is designed for applications that require very high performance. It is also an excellent choice for sophisticated "high end" applications that will benefit from its advanced architectural features: memory management, protection mechanisms, task management, and virtual memory support. The 80286 provides, on a single VLSI chip, computational and architectural characteristics normally associated with much larger minicomputers. Sections 1.1, 1.2, and 1.3 of this chapter provide an overview of the 80286 architecture. Because the 80286 represents an extension of the 8086 architecture, some of this overview material may be new and unfamiliar to previous users of the 8086 and similar microprocessors. But the 80286 is also an evolutionary development, with the new architecture superimposed upon the industry standard 8086 in such a way as to affect only the design and programming of operating systems and other such system software. Section 1.4 of this chapter provides a guide to the organization of this manual, suggesting which chapters are relevant to the needs of particular readers. 1.1 General Attributes The 80286 base architecture has many features in common with the architecture of other members of the 8086 family, such as byte addressable memory, I/O interfacing hardware, interrupt vectoring, and support for both multiprocessing and processor extensions. The entire family has a common set of addressing modes and basic instructions. The 80286 base architecture also includes a number of extensions which add to the versatility of the computer. The 80286 processor can function in two modes of operation (see section 1.2 of this chapter, Modes of Operation). In one of these modes only the base architecture is available to programmers, whereas in the other mode a number of very powerful advanced features have been added, including support for virtual memory, multitasking, and a sophisticated protection mechanism. These advanced features are described in section 1.3 of this chapter. The 80286 base architecture was designed to support programming in high-level languages, such as Pascal, C or PL/M. The register set and instructions are well suited to compiler-generated code. The addressing modes (see section 2.4.3 in Chapter 2) allow efficient addressing of complex data structures, such as static and dynamic arrays, records, and arrays within records, which are commonly supported by high-level languages. The data types supported by the architecture include, along with bytes and words, high level language constructs such as strings, BCD, and floating point. The memory architecture of the 80286 was designed to support modular programming techniques. Memory is divided into segments, which may be of arbitrary size, that can be used to contain procedures and data structures. Segmentation has several advantages over more conventional linear memory architectures. It supports structured software, since segments can contain meaningful program units and data, and more compact code, since references within a segment can be shorter (and locality of reference usually insures that the next few references will be within the same segment). Segmentation also lends itself to efficient implementation of sophisticated memory management, virtual memory, and memory protection. In addition, new instructions have been added to the base architecture to give hardware support for procedure invocations, parameter passing, and array bounds checking. 1.2 Modes of Operation The 80286 can be operated in either of two different modes: Real Address Mode or Protected Virtual Address Mode (also referred to as Protected Mode). In either mode of operation, the 80286 represents an upwardly compatible addition to the 8086 family of processors. In Real Address Mode, the 80286 operates essentially as a very high-performance 8086. Programs written for the 8086 or the 80186 can be executed in this mode without any modification (the few exceptions are described in Appendix C, "Compatibility Considerations"). Such upward compatibility extends even to the object code level; for example, an 8086 program stored in read-only memory will execute successfully in 80286 Real Address Mode. An 80286 operating in Real Address Mode provides a number of instructions not found on the 8086. These additional instructions, also present with the 80186, allow for efficient subroutine linkage, parameter validation, index calculations, and block I/O transfers. The advanced architectural features and full capabilities of the 80286 are realized in its native Protected Mode. Among these features are sophisticated mechanisms to support data protection, system integrity, task concurrency, and memory management, including virtual storage. Nevertheless, even in Protected Mode, the 80286 remains upwardly compatible with most 8086 and 80186 application programs. Most 8086 applications programs can be re-compiled or re-assembled and executed on the 80286 in Protected Mode. 1.3 Advanced Features The architectural features described in section 1.1 of this chapter are common to both operating modes of the processor. In addition to these common features, Protected Mode provides a number of advanced features, including a greatly extended physical and logical address space, new instructions, and support for additional hardware-recognized data structures. The Protected Mode 80286 includes a sophisticated memory management and multilevel protection mechanism. Full hardware support is included for multitasking and task switching operations. 1.3.1 Memory Management The memory architecture of the Protected Mode 80286 represents a significant advance over that of the 8086. The physical address space has been increased from 1 megabyte to 16 megabytes (2^(24) bytes), while the virtual address space (i.e., the address space visible to a program) has been increased from 1 megabyte to 1 gigabyte (2^(30) bytes). Moreover, separate virtual address spaces are provided for each task in a multi-tasking system (see the next section, 1.3.2, "Task Management"). The 80286 supports on-chip memory management instead of relying on an external memory management unit. The one-chip solution is preferable because no software is required to manage an external memory management unit, performance is much better, and hardware designs are significantly simpler. Mechanisms have been included in the 80286 architecture to allow the efficient implementation of virtual memory systems. (In virtual memory systems, the user regards the combination of main and external storage as a single large memory. The user can write large programs without worrying about the physical memory limitations of the system. To accomplish this, the operating system places some of the user programs and data in external storage and brings them into main memory only as they are needed.) All instructions that can cause a segment-not-present fault are fully restartable. Thus, a not-present segment can be loaded from external storage, and the task can be restarted at the point where the fault occurred. The 80286, like all members of the 8086 series, supports a segmented memory architecture. The 80286 also fully integrates memory segmentation into a comprehensive protection scheme. This protection scheme includes hardware-enforced length and type checking to protect segments from inadvertent misuse. 1.3.2 Task Management The 80286 is designed to support multi-tasking systems. The architecture provides direct support for the concept of a task. For example, task state segments (see section 8.2 in Chapter 8) are hardware-recognized and hardware-manipulated structures that contain information on the current state of all tasks in the system. Very efficient context-switching (task-switching) can be invoked with a single instruction. Separate logical address spaces are provided for each task in the system. Finally, mechanisms exist to support intertask communication, synchronization, memory sharing, and task scheduling. Task Management is described in Chapter 8. 1.3.3 Protection Mechanisms The 80286 allows the system designer to define a comprehensive protection policy to be applied, uniformly and continuously, to all ongoing operations of the system. Such a policy may be desirable to ensure system reliability, privacy of data, rapid error recovery, and separation of multiple users. The 80286 protection mechanisms are based on the notion of a "hierarchy of trust." Four privilege levels are distinguished, ranging from Level 0 (most trusted) to Level 3 (least trusted). Level 0 is usually reserved for the operating system kernel. The four levels may be visualized as concentric rings, with the most privileged level in the center (see figure 1-1). This four-level scheme offers system reliability, flexibility, and design options not possible with the typical two-level (supervisor/user) separation provided by other processors. A four-level division is capable of separating kernel, executive, system services, and application software, each with different privileges. At any one time, a task executes at one of the four levels. Moreover, all data segments and code segments are also assigned to privilege levels. A task executing at one level cannot access data at a more privileged level, nor can it call a procedure at a less privileged level (i.e., trust a less privileged procedure to do work for it). Thus, both access to data and transfer of control are restricted in appropriate ways. A complete separation can exist between the logical address spaces local to different tasks, providing users with automatic protection against accidental or malicious interference by other users. The hardware also provides immediate detection of a number of fault and error conditions, a feature that can be useful in the development and maintenance of software. Finally, these protection mechanisms require relatively little system overhead because they are integrated into the memory management and protection hardware of the processor itself. Figure 1-1. Four Privilege Levels ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º LEVEL 3 ÄÄÄÄÄÄÄÄ×ÄÄLEAST TRUSTED º ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º º º LEVEL 2 º º º º ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º º º º º LEVEL 1 º º º º º º ÉÍÍÍÍÍÍÍÍÍ» º º º º º º º LEVEL 0 º º º º º º º º  º º º º º º º ÈÍÍÍÍÍÍÍØͼ º º º º º º ³ º º º º º ÈÍÍÍÍÍÍÍÍÍÍØÍÍÍͼ º º º º ³ º º º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍØÍÍÍÍÍÍͼ º º ³ º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍØÍÍÍÍÍÍÍÍÍͼ ³ ÀMOST TRUSTED 1.3.4 Support for Operating Systems Most operating systems involve some degree of concurrency, with multiple tasks vying for system resources. The task management mechanisms described above provide the 80286 with inherent support for such multi-tasking systems. Moreover, the advanced memory management features of the 80286 allow the implementation of sophisticated virtual memory systems. Operating system implementors have found that a multi-level approach to system services provides better security and more reliable systems. For example, a very secure kernel might implement critical functions such as task scheduling and resource allocation, while less fundamental functions (such asI/O) are built around the kernel. This layered approach also makes program development and enhancement simpler and facilitates error detection and debugging. The 80286 supports the layered approach through its four-level privilege scheme. 1.4 Organization of This Book To facilitate the use of this book both as an introduction to the 80286 architecture and as a reference guide, the remaining chapters are divided into three major parts. Part I, comprising chapters 2 through 4, should be read by all those who wish to acquire a basic familiarity with the 80286 architecture. These chapters provide detailed information on memory segmentation, registers, addressing modes and the general (application level) 80286 instruction set. In conjunction with the 80286 Assembly Language Reference Manual, these chapters provide sufficient information for an assembly language programmer to design and write application programs. The chapters in Part I are: Chapter 2, "Architectural Features." This chapter discusses those features of the 80286 architecture that are significant for application programmers. The information presented can also function as an introduction to the machine for system programmers. Memory organization and segmentation, processor registers, addressing modes, and instruction formats are all discussed. Chapter 3, "Basic Instruction Set." This chapter presents the core instructions of the 8086 family. Chapter 4, "Extended Instruction Set." This chapter presents the extended instructions shared by the 80186 and 80286 processors. Part II of the book consists of a single chapter: Chapter 5, "Real Address Mode." This chapter presents the system programmer's view of the 80286 when the processor is operated in Real Address Mode. Part III of the book comprises chapters 6 through 11. Aimed primarily at system programmers, these chapters discuss the more advanced architectural features of the 80286, which are available when the processor is in Protected Mode. Details on memory management, protection mechanisms, and task switching are provided. The chapters in Part III are: Chapter 6, "Virtual Memory." This chapter describes the 80286 address translation mechanisms that support virtual memory. Segment descriptors, global and local descriptor tables, and descriptor caches are discussed. Chapter 7, "Protection." This chapter describes the protection features of the 80286. Privilege levels, segment attributes, access restrictions, and call gates are discussed. Chapter 8, "Tasks and State Transitions." This chapter describes the 80286 mechanisms that support concurrent tasks. Context-switching, task state segments, task gates, and interrupt tasks are discussed. Chapter 9, "Interrupts, Traps and Faults." This chapter describes interrupt and trap handling. Special attention is paid to the exception traps, or faults, which may occur in Protected Mode. Interrupt gates, trap gates, and the interrupt descriptor table are discussed. Chapter 10, "System Control and Initialization." This chapter describes the actual instructions used to implement the memory management, protection, and task support features of the 80286. System registers, privileged instructions, and the initial machine state are discussed. Chapter 11, "Advanced Topics." This chapter completes Part III with a description of several advanced topics, including special segment attributes and pointer validation. 1.5 Related Publications The following manuals also contain information of interest to programmers of 80287 systems: þ Introduction to the 80286, order number 210308 þ ASM286 Assembly Language Reference Manual, order number 121924 þ 80286 Operating System Writer's Guide, order number 121960 þ 80286 Hardware Reference Manual, order number 210760 þ Microprocessor and Peripheral Handbook, order number 230843 þ PL/M-286 User's Guide, order number 121945 þ 80287 Support Library Reference Manual, order number 122129 þ 8086 Software Toolbox Manual, order number 122203 (includes information about 80287 Emulator Software) Chapter 2 80286 Base Architecture ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ This chapter describes the 80286 application programming environment as seen by assembly language programmers. It is intended to introduce the programmer to those features of the 80286 architecture that directly affect the design and implementation of 80286 application programs. 2.1 Memory Organization and Segmentation The main memory of an 80286 system makes up its physical address space. This address space is organized as a sequence of 8-bit quantities, called bytes. Each byte is assigned a unique address ranging from 0 up to a maximum of 2^(20) (1 megabyte) in Real Address Mode, and up to 2^(24) (16 megabytes) in Protected Mode. A virtual address space is the organization of memory as viewed by a program. Virtual address space is also organized in units of bytes. (Other addressable units such as words, strings, and BCD digits are described below in section 2.2, "Data Types.") In Real Address Mode, as with the 8086 itself, programs view physical memory directly, inasmuch as they manipulate pure physical addresses. Thus, the virtual address space is identical to the physical address space (1 megabyte). In Protected Mode, however, programs have no direct access to physical addresses. Instead, memory is viewed as a much larger virtual address space of 2^(30) bytes (1 gigabyte). This 1 gigabyte virtual address is mapped onto the Protected Mode's 16-megabyte physical address space by the address translation mechanisms described in Chapter 6. The programmer views the virtual address space on the 80286 as a collection of up to sixteen thousand linear subspaces, each with a specified size or length. Each of these linear address spaces is called a segment. A segment is a logical unit of contiguous memory. Segment sizes may range from one byte up to 64K (65,536) bytes. 80286 memory segmentation supports the logical structure of programs and data in memory. Programs are not written as single linear sequences of instructions and data, but rather as modules of code and data. For example, program code may include a main routine and several separate procedures. Data may also be organized into various data structures, some private and some shared with other programs in the system. Run-time stacks constitute yet another data requirement. Each of these several modules of code and data, moreover, may be very different in size or vary dynamically with program execution. Segmentation supports this logical structure (see figure 2-1). Each meaningful module of a program may be separately contained in individual segments. The degree of modularization, of course, depends on the requirements of a particular application. Use of segmentation benefits almost all applications. Programs execute faster and require less space. Segmentation also simplifies the design of structured software. 2.2 Data Types Bytes and words are the fundamental units in which the 80286 manipulates data, i.e., the fundamental data types. A byte is 8 contiguous bits starting on an addressable byte boundary. The bits are numbered 0 through 7, starting from the right. Bit 7 is the most significant bit: 7 0 ÚÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄ¿ ³ BYTE ³ ÀÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÙ A word is defined as two contiguous bytes starting on an arbitrary byte boundary; a word thus contains 16 bits. The bits are numbered 0 through 15, starting from the right. Bit 15 is the most significant bit. The byte containing bit 0 of the word is called the low byte; the byte containing bit 15 is called the high byte. 15 0 ÚÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄ¿ ³ HIGH BYTE ³ LOW BYTE ³ ÀÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÙ LOCATION N + 1 LOCATION N Each byte within a word has its own particular address, and the smaller of the two addresses is used as the address of the word. The byte at this lower address contains the eight least significant bits of the word, while the byte at the higher address contains the eight most significant bits. The arrangement of bytes within words is illustrated in figure 2-2. Note that a word need not be aligned at an even-numbered byte address. This allows maximum flexibility in data structures (e.g., records containing mixed byte and word entries) and efficiency in memory utilization. Although actual transfers of data between the processor and memory take place at physically aligned word boundaries, the 80286 converts requests for unaligned words into the appropriate sequences of requests acceptable to the memory interface. Such odd aligned word transfers, however, may impact performance by requiring two memory cycles to transfer the word rather than one. Data structures (e.g., stacks) should therefore be designed in such a way that word operands are aligned on word boundaries whenever possible for maximum system performance. Due to instruction prefetching and queueing within the CPU, there is no requirement for instructions to be aligned on word boundaries and no performance loss if they are not. Although bytes and words are the fundamental data types of operands, the processor also supports additional interpretations on these bytes or words. Depending on the instruction referencing the operand, the following additional data types can be recognized: Integer: A signed binary numeric value contained in an 8-bit byte or a 16-bit word. All operations assume a 2's complement representation. (Signed 32- and 64-bit integers are supported using the 80287 Numeric Data Processor.) Ordinal: An unsigned binary numeric value contained in an 8-bit byte or 16-bit word. Pointer: A 32-bit address quantity composed of a segment selector component and an offset component. Each component is a 16-bit word. String: A contiguous sequence of bytes or words. A string may contain from 1 byte to 64K bytes. ASCII: A byte representation of alphanumeric and control characters using the ASCII standard of character representation. BCD: A byte (unpacked) representation of the decimal digits (0-9). Packed BCD: A byte (packed) representation of two decimal digits (0-9). One digit is stored in each nibble of the byte. Floating Point: A signed 32-, 64-, or 80-bit real number representation. (Floating operands are supported using the 80287 Numeric Processor Configuration.) Figure 2-3 graphically represents the data types supported by the 80286. 80286 arithmetic operations may be performed on five types of numbers: unsigned binary, signed binary (integers), unsigned packed decimal, unsigned unpacked decimal, and floating point. Binary numbers may be 8 or 16 bits long. Decimal numbers are stored in bytes; two digits per byte for packed decimal, one digit per byte for unpacked decimal. The processor always assumes that the operands specified in arithmetic instructions contain data that represent valid numbers for the type of instruction being performed. Invalid data may produce unpredictable results. Unsigned binary numbers may be either 8 or 16 bits long; all bits are considered in determining a number's magnitude. The value range of an 8-bit unsigned binary number is 0-255; 16 bits can represent values from 0 through 65,535. Addition, subtraction, multiplication and division operations are available for unsigned binary numbers. Signed binary numbers (integers) may be either 8 or 16 bits long. The high-order (leftmost) bit is interpreted as the number's sign: 0 = positive and 1 = negative. Negative numbers are represented in standard two's complement notation. Since the high-order bit is used for a sign, the range of an 8-bit integer is -128 through +127; 16-bit integers may range from -32,768 through +32,767. The value zero has a positive sign. Separate multiplication and division operations are provided for both signed and unsigned binary numbers. The same addition and subtraction instructions are used with signed or unsigned binary values. Conditional jump instructions, as well as an "interrupt on overflow" instruction, can be used following an unsigned operation on an integer to detect overflow into the sign bit. Unpacked decimal numbers are stored as unsigned byte quantities. One digit is stored in each byte. The magnitude of the number is determined from the low-order half-byte; hexadecimal values 0-9 are valid and are interpreted as decimal numbers. The high-order half-byte must be zero for multiplication and division; it may contain any value for addition and subtraction. Arithmetic on unpacked decimal numbers is performed in two steps. The unsigned binary addition, subtraction and multiplication operations are used to produce an intermediate result. An adjustment instruction then changes the value to a final correct unpacked decimal number. Division is performed similarly, except that the adjustment is carried out on the two digit numerator operand in register AX first, followed by an unsigned binary division instruction that produces a correct result. Unpacked decimal numbers are similar to the ASCII character representations of the digits 0-9. Note, however, that the high-order half-byte of an ASCII numeral is always 3. Unpacked decimal arithmetic may be performed on ASCII numeric characters under the following conditions: þ the high-order half-byte of an ASCII numeral must be set to 0H prior to multiplication or division. þ unpacked decimal arithmetic leaves the high-order half-byte set to 0H; it must be set to 3 to produce a valid ASCII numeral. Packed decimal numbers are stored as unsigned byte quantities. The byte is treated as having one decimal digit in each half-byte (nibble); the digit in the high-order half-byte is the most significant. Values 0-9 are valid in each half-byte, and the range of a packed decimal number is 0-99. Additions and subtractions are performed in two steps. First, an addition or subtraction instruction is used to produce an intermediate result. Then, an adjustment operation is performed which changes the intermediate value to a final correct packed decimal result. Multiplication and division adjustments are only available for unpacked decimal numbers. Pointers and addresses are described below in section 2.3.3, "Index, Pointer, and Base Registers," and in section 3.8, "Address Manipulation Instructions." Strings are contiguous bytes or words from 1 to 64K bytes in length. They generally contain ASCII or other character data representations. The 80286 provides string manipulation instructions to move, examine, or modify a string (see section 3.7, "Character Translation and String Instructions"). If the 80287 numeric processor extension (NPX) is present in the system ÄÄ see the 80287 NPX bookÄÄthe 80286 architecture also supports floating point numbers, 32- and 64-bit integers, and 18-digit BCD data types. The 80287 Numeric Data Processor supports and stores real numbers in a three-field binary format as required by IEEE standard 754 for floating point numerics (see figure 2-3). The number's significant digits are held in the significand field, the exponent field locates the binary point within the significant digits (and therefore determines the number's magnitude), and the sign field indicates whether the number is positive or negative. (The exponent and significand are analogous to the terms "characteristic" and "mantissa," typically used to describe floating point numbers on some computers.) This format is used by the 80287 with various length significands and exponents to support single precision, double precision and extended (80-bit) precision floating point data types. Negative numbers differ from positive numbers only in their sign bits. Figure 2-1. Segmented Virtual Memory ÚÄ ÄÄ ÄÄ ÄÄ ÄÄ ÄÄ ÄÄ ÄÄ ÄÄ ¿ 20000ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» 8000ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» ³ ºCS º ³ º º 8600ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º MAIN º º PROCEDURE A º º PROCEDURE º ³ º PROCEDURE º ³ º º º B º 0ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ 0ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ 0ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ ³ ³ ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» 72535ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» ³ ºDS º ³ º º º º º DATA (MAIN) º º DATA (A) º º DATA (B) º ³ 0ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ ³ 0ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ 0ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ 2000ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» ³ ºSS PROCESS º ³ º STACK º ³ 0ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ ³ ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» ³ ºES PROCESS-WIDE º ³ º DATA º ³ 0ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ ³ ÀÄ ÄÄ ÄÄ ÄÄ ÄÄ ÄÄ ÄÄ ÄÄ ÄÄ Ù CURRENTLY ACCESSIBLE Figure 2-2. Bytes and Words in Memory BYTE ADDRESS All values in hexadecimal. MEMORY VALUES   ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ E º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ D º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ C º FE ºÄ¿ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÃÄ WORD AT ADDRESS B CONTAINS FE06 B º 06 ºÄÙ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ A º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹Ŀ 9 º 1F º ÃÄBYTE AT ADDRESS 9 CONTAINS 1F ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ÄÙ 8 º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ 7 º 23 ºÄ¿ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÃÄ WORD AT ADDRESS 6 CONTAINS 23OB 6 º OB ºÄÙ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ 5 º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ 4 º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ 3 º 74 º Ä¿ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ĿÃÄ WORD AT ADDRESS 2 CONTAINS 74CB 2 º CB º ÄÙ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÃÄ WORD AT ADDRESS 1 CONTAINS CB31 1 º 31 º ³ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ÄÙ 0 º º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ Figure 2-3. 80286/80287 Supported Data Types +1 0 7 0 7 0 15 14 8 7 0 SIGNED ÉÑÑÑÑÑÑÑ» UNSIGNED ÉÑÑÑÑÑÑÑ» SIGNED ÉÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ» BYTE º³ ³ º BYTE º ³ º WORD º³ ³ ³ ³ º ÈÏÍÍÍÍÍͼ ÈÍÍÍÍÍÍͼ ÈÏÍÍÍÍÍÍÏÍÍÍÍÍÍͼ SIGN BITÙÀÄÄÄÄÄÄÙ ³ÀMSB ³ SIGN BITÙÀMSB ³ MAGNITUDE ÀÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ MAGNITUDE MAGNITUDE +3 +2 +1 0 31 16 15 0 SIGNED DOUBLE WORD Supported by 80287 numeric data processor configuration. ÉÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ» º³ ³ ³ ³ ³ ³ ³ ³ º ÈÏÍÍÍÍÍÍÏÍÍÍÍÍÍÍÏÍÍÍÍÍÍÍÏÍÍÍÍÍÍͼ SIGN BITÙÀMBS ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ MAGNITUDE +7 +6 +5 +4 +3 +2 +1 0 63 48 47 32 31 16 15 0 SIGNED QUAD WORD Supported by 80287 numeric data processor configuration. ÉÑÍÍÑÍÍÍÑÍÍÍÑÍÍÍÑÍÍÍÑÍÍÍÑÍÍÍÑÍÍÍ» º³ ³ ³ ³ ³ ³ ³ ³ º ÈÏÍÍÏÍÍÍÏÍÍÍÏÍÍÍÏÍÍÍÏÍÍÍÏÍÍÍÏÍÍͼ SIGN BITÙÀMSB ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ MAGNITUDE +1 0 15 0 UNSIGNED WORD ÉÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ» º³ ³ ³ ³ º ÈÏÍÍÍÍÍÍÏÍÍÍÍÍÍͼ ³ÀMSB ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ MAGNITUDE +N +1 0 7 0 7 0 7 0 BINARY CODED DECIMAL ÉÑÑÑÑÑÑÑ» ÉÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ» (BCD) º ³ º  º ³ ³ ³ º ÈÍÍÍÍÍÍͼ ÈÍÍÍÍÍÍÍÏÍÍÍÍÍÍͼ BCD BCD BCD DIGIT N DIGIT 1 DIGIT 0 +N +1 0 7 0 7 0 7 0 ASCII ÉÑÑÑÑÑÑÑ» ÉÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ» º ³ º  º ³ ³ ³ º ÈÍÍÍÍÍÍͼ ÈÍÍÍÍÍÍÍÏÍÍÍÍÍÍͼ ASCII ASCII ASCII CHARACTER[N] CHARACTER{1} CHARACTER{0} +N +1 0 7 0 7 0 7 0 PACKED BCD ÉÑÑÑÑÑÑÑ» ÉÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ» º ³ º  º ³ ³ ³ º ÈÍÍÍÍÍÍͼ ÈÍÍÍÍÍÍÍÏÍÍÍÍÍÍͼ ÀÄÄÄÙ ÀÄÄÄÙ MOST LEAST SIGNIFICANT SIGNIFICANT DIGIT DIGIT +N +1 0 7/15 0 7/15 0 7/15 0 STRING ÉÑÑÑÑÑÑÑ» ÉÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ» º ³ º  º ³ ³ ³ º ÈÍÍÍÍÍÍͼ ÈÍÍÍÍÍÍÍÏÍÍÍÍÍÍͼ BYTE/WORD N BYTE/WORD BYTE/WORD 1 0 +3 +2 +1 0 31 16 15 0 POINTER ÉÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ» º³ ³ ³ ³ ³ ³ ³ ³ º ÈÏÍÍÍÍÍÍÏÍÍÍÍÍÍÍÏÍÍÍÍÍÍÍÏÍÍÍÍÍÍͼ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ SELECTOR OFFSET +9 +8 +7 +6 +5 +4 +3 +2 +1 0 79 0 FLOATING POINT Supported by 80287 numeric data processor configuration. ÉÑÍÍÑÍÍÍÑÍÍÍÑÍÍÍÑÍÍÍÑÍÍÍÑÍÍÍÑÍÍÍÑÍÍÍÑÍÍÍ» º³ ³ ³ ³ ³ ³ ³ ³ ³ ³ º ÈÏÍÍÏÍÍÍÏÍÍÍÏÍÍÍÏÍÍÍÏÍÍÍÏÍÍÍÏÍÍÍÏÍÍÍÏÍÍͼ SIGN BITÙÀÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ EXPONENT MAGNITUDE 2.3 Registers The 80286 contains a total of fourteen registers that are of interest to the application programmer. (Five additional registers used by system programmers are covered in section 10.1.) As shown in figure 2-4, these registers may be grouped into four basic categories: þ General registers. These eight 16-bit general-purpose registers are used primarily to contain operands for arithmetic and logical operations. þ Segment registers. These four special-purpose registers determine, at any given time, which segments of memory are currently addressable. þ Status and Control registers. These three special-purpose registers are used to record and alter certain aspects of the 80286 processor state. 2.3.1 General Registers The general registers of the 80286 are the 16-bit registers AX, BX, CX, DX, SP, BP, SI, and DI. These registers are used interchangeably to contain the operands of logical and arithmetic operations. Some instructions and addressing modes (see section 2.4), however, dedicate certain general registers to specific uses. BX and BP are often used to contain the base address of data structures in memory (for example, the starting address of an array); for this reason, they are often referred to as the base registers. Similarly, SI and DI are often used to contain an index value that will be incremented to step through a data structure; these two registers are called the index registers. Finally, SP and BP are used for stack manipulation. Both SP and BP normally contain offsets into the current stack. SP generally contains the offset of the top of the stack and BP contains the offset or base address of the current stack frame. The use of these general-purpose registers for operand addressing is discussed in section 2.3.3, "Index, Pointer, and Base Registers." Register usage for individual instructions is discussed in chapters 3 and 4. As shown in figure 2-4, eight byte registers overlap four of the 16-bit general registers. These registers are named AH, BH, CH, and DH (high bytes); and AL, BL, CL, and DL (low bytes); they overlap AX, BX, CX, and DX. These registers can be used either in their entirety or as individual 8-bit registers. This dual interpretation simplifies the handling of both 8- and 16-bit data elements. Figure 2-4. 80286 Base Architecture Register Set 16-BIT SPECIAL REGISTER REGISTER NAME FUNCTIONS GENERAL REGISTERS 7 0 7 0 ÚÄ ÉÍÍÍÍÍÍÑÍÍÍÍÍͻĿ ³ AX º AH ³ AL º ³ BYTE ³ ÇÄÄÄÄÄÄÅÄÄÄÄÄĶ ÃÄMULTIPLY/DIVIDE ADDRESSABLE ³ DX º DH ³ DL º ³ I/O INSTRUCTIONS (8-BITÄ´ ÇÄÄÄÄÄÄÅÄÄÄÄÄĶ͵ REGISTER ³ CX º CH ³ CL º ÃÄLOOP/SHIFT/REPEAT COUNT NAMES ³ ÇÄÄÄÄÄÄÅÄÄÄÄÄĶ͵ SHOWN) ³ BX º BH ³ BL º ³ ÀÄ ÇÄÄÄÄÄÄÁÄÄÄÄÄĶ ÃÄBASE REGISTERS BP º º ³ ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ͵ SI º º ³ ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ ÃÄINDEX REGISTERS DI º º ³ ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ͵ SP º º ÃÄSTACK POINTER ÈÍÍÍÍÍÍÍÍÍÍÍÍͼÄÙ 15 0 SEGMENT REGISTERS 15 0 ÉÍÍÍÍÍÍÍÍÍÍÍÍÍ» CS º º CODE SEGMENT SELECTOR ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ DS º º DATA SEGMENT SELECTOR ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ SS º º STACK SEGMENT SELECTOR ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ ES º º EXTRA SEGMENT SELECTOR ÈÍÍÍÍÍÍÍÍÍÍÍÍͼ STATUS AND CONTROL 15 0 REGISTERS ÉÍÍÍÍÍÍÍÍÍÍÍÍÍ» F º º FLAGS ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ IP º º INSTRUCTION POINTER ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ MSW º º MACHINE STATUS WORD ÈÍÍÍÍÍÍÍÍÍÍÍÍͼ 2.3.2 Memory Segmentation and Segment Registers Complete programs generally consist of many different code modules (or segments), and different types of data segments. However, at any given time during program execution, only a small subset of a program's segments are actually in use. Generally, this subset will include code, data, and possibly a stack. The 80286 architecture takes advantage of this by providing mechanisms to support direct access to the working set of a program's execution environment and access to additional segments on demand. At any given instant, four segments of memory are immediately accessible to an executing 80286 program. The segment registers DS, ES, SS, and CS are used to identify these four current segments. Each of these registers specifies a particular kind of segment, as characterized by the associated mnemonics ("code," "stack," "data," or "extra") shown in figure 2-4. An executing program is provided with concurrent access to the four individual segments of memoryÄÄa code segment, a stack segment, and two data segmentsÄÄby means of the four segment registers. Each may be said to select a segment, since it uniquely determines the one particular segment from among the numerous segments in memory, which is to be immediately accessible at highest speed. Thus, the 16-bit contents of a segment register is called a segment selector. Once a segment is selected, a base address is associated with it. To address an element within a segment, a 16-bit offset from the segment's base address must be supplied. The 16-bit segment selector and the 16-bit offset taken together form the high and low order halves, respectively, of a 32-bit virtual address pointer. Once a segment is selected, only the lower 16-bits of the pointer, called the offset, generally need to be specified by an instruction. Simple rules define which segment register is used to form an address when only a 16-bit offset is specified. An executing program requires, first of all, that its instructions reside somewhere in memory. The segment of memory containing the currently executing sequence of instructions is known as the current code segment; it is specified by means of the CS register. All instructions are fetched from this code segment, using as an offset the contents of the instruction pointer (IP). The CS:IP register combination therefore forms the full 32-bit pointer for the next sequential program instruction. The CS register is manipulated indirectly. Transitions from one code segment to another (e.g., a procedure call) are effected implicitly as the result of control-transfer instructions, interrupts, and trap operations. Stacks play a fundamental role in the 80286 architecture; subroutine calls, for example, involve a number of implicit stack operations. Thus, an executing program will generally require a region of memory for its stack. The segment containing this region is known as the current stack segment, and it is specified by means of the SS register. All stack operations are performed within this segment, usually in terms of address offsets contained in the stack pointer (SP) and stack frame base (BP) registers. Unlike CS, the SS register can be loaded explicitly for dynamic stack definition. Beyond their code and stack requirements, most programs must also fetch and store data in memory. The DS and ES registers allow the specification of two data segments, each addressable by the currently executing program. Accessibility to two separate data areas supports differentiation and access requirements like local procedure data and global process data. An operand within a data segment is addressed by specifying its offset either directly in an instruction or indirectly via index and/or base registers (described in the next subsection). Depending on the data structure (e.g., the way data is parceled into one or more segments), a program may require access to multiple data segments. To access additional segments, the DS and ES registers can be loaded under program control during the course of a program's execution. This simply requires loading the appropriate data pointer prior to accessing the data. The interpretation of segment selector values depends on the operating mode of the processor. In Real Address Mode, a segment selector is a physical address (figure 2-5). In Protected Mode, a segment selector selects a segment of the user's virtual address space (figure 2-6). An intervening level of logical-to-physical address translation converts the logical address to a physical memory address. Chapter 6, "Memory Management," provides a detailed discussion of Protected Mode addressing. In general, considerations of selector formats and the details of memory mapping need not concern the application programmer. 2.3.3 Index, Pointer, and Base Registers Five of the general-purpose registers are available for offset address calculations. These five registers, shown in figure 2-4, are SP, BP, BX, SI, and DI. SP is called a pointer register; BP and BX are called base registers; SI and DI are called index registers. As described in the previous section, segment registers define the set of four segments currently addressable by a program. A pointer, base, or index register may contain an offset value relative to the start of one of these segments; it thereby points to a particular operand's location within that segment. To allow for efficient computations of effective address offsets, all base and index registers may participate interchangeably as operands in most arithmetical operations. Stack operations are facilitated by the stack pointer (SP) and stack frame base (BP) registers. By specifying offsets into the current stack segment, each of these registers provides access to data on the stack. The SP register is the customary top-of-stack pointer, addressing the uppermost datum on a push-down stack. It is referenced implicitly by PUSH and POP operations, subroutine calls, and interrupt operations. The BP register provides yet another offset into the stack segment. The existence of this stack relative base register, in conjunction with certain addressing modes described in section 2.4.3, is particularly useful for accessing data structures, variables and dynamically allocated work space within the stack. Stacks in the 80286 are implemented in memory and are located by the stack segment register (SS) and the stack pointer register (SP). A system may have an unlimited number of stacks, and a stack may be up to 64K bytes long, the maximum length of a segment. One stack is directly addressable at a time; this is the current stack, often referred to simply as "the" stack. SP contains the current top of the stack (TOS). In other words, SP contains the offset to the top of the push down stack from the stack segment's base address. Note, however, that the stack's base address (contained in SS) is not the "bottom" of the stack (figure 2-7). 80286 stack entries are 16 bits wide. Instructions operate on the stack by adding and removing stack items one word at a time. An item is pushed onto the stack (see figure 2-8) by decrementing SP by 2 and writing the item at the new TOS. An item is popped off the stack by copying it from TOS and then incrementing SP by 2. In other words, the stack grows down in memory toward its base address. Stack operations never move items on the stack; nor do they erase them. The top of the stack changes only as a result of updating the stack pointer. The stack frame base pointer (BP) is often used to access elements on the stack relative to a fixed point on the stack rather than relative to the current TOS. It typically identifies the base address of the current stack frame established for the current procedure (figure 2-9). If an index register is used relative to BP (e.g., base + index addressing mode using BP as the base), the offset will be calculated automatically in the current stack segment. Accessing data structures in data segments is facilitated by the BX register, which has the same function in addressing operands within data segments that BP does for stack segments. They are called base registers because they may contain an offset to the base of a data structure. The similar usage of these two registers is especially important when discussing addressing modes (see section 2.4, "Addressing Modes"). Operations on data are also facilitated by the SI and DI registers. By specifying an offset relative to the start of the currently addressable data segment, an index register can be used to address an operand in the segment. If an index register is used in conjunction with the BX base register (i.e., base + index addressing) to form an offset address, the data is also assumed to reside in the current data segment. As a rule, data referenced through an index register or BX is presumed to reside in the current data segment. That is, if an instruction invokes addressing for one of its operands using either BX, DI, SI, or BX with SI or DI, the contents of the register(s) (BX, DI, or SI) implicitly specify an offset in the current data segment. As previously mentioned, data referenced via SP, BP or BP with SI or DI implicitly specify an operand in the current stack segment (refer to table 2-1). There are two exceptions to the rules listed above. The first concerns the operation of certain 80286 string instructions. For the most flexibility, these instructions assume that the DI register addresses destination strings not in the data segment, but rather in the extra segment (ES register). This allows movement of strings between different segments. This has led to the descriptive names "source index" and "destination index." In all cases other than string instructions, however, the SI and DI registers may be used interchangeably to reference either source or destination operands. A second more general override capability allows the programmer complete control of which segment is used for a specific operation. Segment-override prefixes, discussed in section 2.4.3, allow the index and base registers to address data in any of the four currently addressable segments. Table 2-1. Implied Segment Usage by Index, Pointer, and Base Registers Register Implied Segment SP SS BP SS BX DS DI DS, ES for String Operations BP + SI, DI SS BX + SI, DI DS ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ NOTE All implied Segment usage, except SP to SS and DI to ES for String Operations, may be explicitly specified with a segment override prefix for any of the four segments. The prefix precedes the instruction for which explicit reference is desired. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Figure 2-5. Real Address Mode Segment Selector Interpretation ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍͻĿ º º ³ º º ³ ÚÄÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ³ 1 MEGABYTE SEGMENT 64K BYTES Ä´ º SEG 1 º ÃÄ PHYSICAL ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÀÄÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ³ ADDRESS ³ BASE ADDRESS º º ³ SPACE ³ º º ³ ÉÍÍÍÍÍÏÍÍÍÍÍÍÑÍÍÍÍÍÍ» º º ³ º SELECTOR ³ 0000 º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼÄÙ ÈÍÍÍÍÍÍÍÍÍÍÍÍÏÍÍÍÍÍͼ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ NOTES: 1. The selector inentifies a segment in physical memory. 2. A selector specifies the segments base address, Modulo 16, within the 1 Megabyte address space. 3. The selector is the 16 most significant bits of a segments physical base address. 4. The values of selectors determines the amount they overlap in real memory. 5. Segments may overlap by increments of 16 bytes. Overlap ranges from complete (SEG 1 = SEG 1) to none (SEG 1 Ø SEG 2 ñ 64K). ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Figure 2-6. Protected Mode Segment Selector Interpretation ÉÍÍÍÍÍÍÍÍÍÍÍͻĿ º SEG 3FFF º ³ ÌÍÍÍÍÍÍÍÍÍÍÍ͹ ³ º SEG 3FFE º ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÌÍÍÍÍÍÍÍÍÍÍÍ͹ ³ ÉÍÍÍÍÍÍÍÏÍÍÍÍÍÍ» º SEG 3FFD º ³ º SELECTOR º ÚÄÌÍÍÍÍÍÍÍÍÍÍÍ͹ ³ ÈÍÍÍÍÍÍÍÍÍÍÍÍÍͼ 1 TO 64K BYTESÄ´ º SEG 3FFC º ³ ÀÄÌÍÍÍÍÍÍÍÍÍÍÍ͹ ³ º SEG 3FFB º ³ ÌÍÍÍÍÍÍÍÍÍÍÍ͹ ³ 1 GIGABYTE ÷ ÷ ÃÄ VIRTUAL ÌÍÍÍÍÍÍÍÍÍÍÍ͹ ³ ADDRESS º SEG 4 º ³ SPACE ÌÍÍÍÍÍÍÍÍÍÍÍ͹ ³ º SEG 3 º ³ ÌÍÍÍÍÍÍÍÍÍÍÍ͹ ³ º SEG 2 º ³ ÌÍÍÍÍÍÍÍÍÍÍÍ͹ ³ º SEG 1 º ³ ÌÍÍÍÍÍÍÍÍÍÍÍ͹ ³ º SEG 0 º ³ ÈÍÍÍÍÍÍÍÍÍÍÍͼÄÙ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ NOTES: 1. A selector uniquely identifies (names) one of 16K possible segments in the task's virtual address space. 2. The selector value does not specify the segment's location in physical memory. 3. The selector does not imply any overlap with other segments (This depends on the base address of the segment via the memory management and protection information). ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Figure 2-7. 80286 Stack ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» LOGICAL º ºÄÄÄ BOTTOM OF STACK ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ (initial SP value) º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º  POP-UP ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ³ ÚÄÄÄÄÄÄÄÄÄÄĺ ºÄÄÄ LOGICAL TOP OF STACK ³ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ³ ³ º º  PUSH-DOWN ÉÍÍÍÍÍÍÑÍÍÍÏÍÍ» º º º SS ³ SP º º º ÈÍÍÑÍÍÍÏÍÍÍÍÍͼ º º ³ º º ³ º º ³ º º ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ STACK SEGMENT BASE ADDRESS Figure 2-8. Stack Operation STACK OPERATION FOR CODE SEQUENCE: PUSH AX STACK POP AX SEGMENT POP BX ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿    ³EXISTING STACK³ ÇÄÄÄÄÄÄÄÄĶ ³ BOTTOM ³ BEFORE PUSH ³ 1062 º 0 0 0 0 º ³ OF ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÇÄÄÄÄÄÄÄÄĶ ³ STACK 1060 º 1 1 1 1 º ÇÄÄÄÄÄÄÄÄĶ 105E º 2 2 2 2 º ÇÄÄÄÄÄÄÄÄĶ 105C º 3 3 3 3 º ÇÄÄÄÄÄÄÄÄĶ 105A º 4 4 4 4 º ÇÄÄÄÄÄÄÄÄĶ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 1058 º 5 5 5 5 º SS ³ SP ÇÄÄÄÄÄÄÄÄĶĿ ÉÍÍÍÍÍÍÍÍÍÍÑÍÍÍÍÍÏÍÍÍÍ» 1056 º 6 6 6 6 º ³ º SELECTOR ³ OFFSET º ÇÄÄÄÄÄÄÄÄĶ ³ NOT ÈÍÍÍÍÑÍÍÍÍÍÏÍÍÍÍÍÍÍÍÍͼ 1054 º 7 7 7 7 º ÃÄ PRESENTLY ³ ÇÄÄÄÄÄÄÄÄĶ ³ USED ³ 1052 º 8 8 8 8 º ³ ³ ÇÄÄÄÄÄÄÄÄĶÄÙ ³ 1050 º 9 9 9 9 º ³ ÷ ÷ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 0000 ÇÄÄÄÄÄÄÄÄĶ   STACK SEGMENT   ÇÄÄÄÄÄÄÄÄĶ 1062 º 0 0 0 0 º ÇÄÄÄÄÄÄÄÄĶ 1060 º 1 1 1 1 º ÇÄÄÄÄÄÄÄÄĶ 105E º 2 2 2 2 º ÇÄÄÄÄÄÄÄÄĶ 105C º 3 3 3 3 º ÇÄÄÄÄÄÄÄÄĶ 105A º 4 4 4 4 º PUSH AX ÇÄÄÄÄÄÄÄÄĶÉÍÍÍÍÍÍÍÍÍ» ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 1058 º 5 5 5 5 ºº A A A A º SS ³ SP ÇÄÄÄÄÄÄÄÄĶÈÍÍÑÍÍÍÍÍͼ ÉÍÍÍÍÍÍÍÍÍÍÑÍÍÍÍÍÏÍÍÍÍ» 1056 º A A A A ºÄÄÙ º SELECTOR ³ OFFSET º ÇÄÄÄÄÄÄÄÄĶ ÈÍÍÍÍÑÍÍÍÍÍÏÍÍÍÍÍÍÍÍÍͼ 1054 º 7 7 7 7 º ³ ÇÄÄÄÄÄÄÄÄĶ ³ 1052 º 8 8 8 8 º ³ ÇÄÄÄÄÄÄÄÄĶ ³ 1050 º 9 9 9 9 º ³ ÷ ÷ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 0000 ÇÄÄÄÄÄÄÄÄĶ   STACK SEGMENT   ÇÄÄÄÄÄÄÄÄĶ 1062 º 0 0 0 0 º ÇÄÄÄÄÄÄÄÄĶ 1060 º 1 1 1 1 º ÇÄÄÄÄÄÄÄÄĶ 105E º 2 2 2 2 º ÇÄÄÄÄÄÄÄÄĶ POP BX 105C º 3 3 3 3 º ÉÍÍÍÍÍÍÍÍÍ» ÇÄÄÄÄÄÄÄÄĶ º 5 5 5 5 º 105A º 4 4 4 4 º ÈÍÍÍÍÍÍÍÍͼ ÇÄÄÄÄÄÄÄÄĶ  ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 1058 º 5 5 5 5 ºÄÄÄÄÄÄÙ SS ³ SP ÇÄÄÄÄÄÄÄÄĶ ÉÍÍÍÍÍÍÍÍÍÍÑÍÍÍÍÍÏÍÍÍÍ» 1056 º A A A A ºÄÄÄÄÄÄ¿ º SELECTOR ³ OFFSET º ÇÄÄÄÄÄÄÄÄĶ  ÈÍÍÍÍÑÍÍÍÍÍÏÍÍÍÍÍÍÍÍÍͼ 1054 º 7 7 7 7 º ÉÍÍÍÍÍÍÍÍÍ» ³ ÇÄÄÄÄÄÄÄÄĶ º A A A A º ³ 1052 º 8 8 8 8 º ÈÍÍÍÍÍÍÍÍͼ ³ ÇÄÄÄÄÄÄÄÄĶ POP AX ³ 1050 º 9 9 9 9 º ³ ÷ ÷ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 0000 ÇÄÄÄÄÄÄÄÄĶ   Figure 2-9. BP Usage as a Stack Frame Base Pointer BP is a constant pointer to stack based variables and work space. All references use BP and are independent of SP, which may vary during a routine execution. PROC N PUSH AX PUSH ARRAY_SIZE CALL PROC_N 1 ÄÄÄÄÄÄÄÄÄ PROC_N+1 ÄÄÄÄÄÄÄ¿ PUSH BP ³ PUSH CX ³ MOVE BP, SP ³ SUB SP, WORK_SPACE ³ ù ³ ù ³ ù ³ "PROCEDURE BODY" ³ ù ³ ù ³ ù ³ MOV SP, BP ³ POP CX ³ POP BP ÀÄÄÄ RET   ÌÍÍÍÍÍÍÍÍÍÍÍÍ͹Ŀ º PARAMETERS º ³ ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ ³ º RETURN ADDR º ³ ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ ÃÄPROCEDURE N É Í Í» º REGISTERS º ³ STACK FRAME BP ÄÄÄÄÄÄÄÄÄÇÄÄÄÄÄÄÄÄÄÄÄÄĶ ³ ÈÍ Í ¼ º º ³ PROCEDURE  º WORK_SPACE º ³ N+1 STACK BOTTOM ³ ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ͵ FRAME OF ³ º PARAMETERS º ÃÄÄÄÄÄÄÙ STACK ³ ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ ³ DYNAMICALLY º RETURN ADDR º ³ ALLOCATED ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ ³ ON DEMAND ÉÍÍÍÍ» º REGISTERS º ³ RATHER THAN º BP ÇÄÄÄÄÄÄÄÄÄÇÄÄÄÄÄÄÄÄÄÄÄÄĶ ³¿STATICALLY ÈÍÍÍͼ º º ³ÃÄÄÄÄÄÙ º WORK_SPACE º ³³ ÚÄ ÄÄ ÄÄ ÄÄ ÄÇÄÄÄÄÄÄÄÄÄÄÄÄĶÄÙÙ ÄÄÄ¿ ÃÄ ÄÄ ÄÄ ÄÄ Äº º TOP OF STACK ÉÍÍÍÍÍÍÑÍÍÍÏÍÍ» º º º SS ³ SP º ÈÍÍÍÍÍÍÍÍÍÍÍÍͼ STACK SEGMENT BASE ÈÍÍÍÍÍÍÏÍÍÍÍÍͼ 2.3.4 Status and Control Registers Two status and control registers are of immediate concern to applications programmers: the instruction pointer and the FLAGS registers. The instruction pointer register (IP) contains the offset address, relative to the start of the current code segment, of the next sequential instruction to be executed. Together, the CS:IP registers thus define a 32-bit program-counter. The instruction pointer is not directly visible to the programmer; it is controlled implicitly, by interrupts, traps, and control-transfer operations. The FLAGS register encompasses eleven flag fields, mostly one-bit wide, as shown in figure 2-10. Six of the flags are status flags that record processor status information. The status flags are affected by the execution of arithmetic and logical instructions. The carry flag is also modifiable with instructions that will clear, set or complement this flag bit. See Chapters 3 and 4. The carry flag (CF) generally indicates a carry or borrow out of the most significant bit of an 8- or 16-bit operand after performing an arithmetic operation; this flag is also useful for bit manipulation operations involving the shift and rotate instructions. The effect on the remaining status flags, when defined for a particular instruction, is generally as follows: the zero flag (ZF) indicates a zero result when set; the sign flag (SF) indicates whether the result was negative (SF=1) or positive (SF=0); when set, the overflow flag (OF) indicates whether an operation results in a carry into the high order bit of the result but not a carry out of the high-order bit, or vice versa; the parity flag (PF) indicates whether the modulo 2 sum of the low-order eight bits of the operation is even (PF=0) or odd (PF=1) parity. The auxiliary carry flag (AF) represents a carry out of or borrow into the least significant 4-bit digit when performing binary coded decimal (BCD) arithmetic. The FLAGS register also contains three control flags that are used, under program control, to direct certain processor operations. The interrupt-enable flag (IF), if set, enables external interrupts; otherwise, interrupts are disabled. The trap flag (TF), if set, puts the processor into a single-step mode for debugging purposes where the target program is automatically interrupted to a user supplied debug routine after the execution of each target program instruction. The direction flag (DF) controls the forward or backward direction of string operations: 0 = forward or auto increment the address register(s) (SI, DI or SI and DI), 1 = backward or auto-decrement the address register(s) (SI, DI or SI and DI). In general, the interrupt enable flag may be set or reset with special instructions (STI = set, CLI = clear) or by placing the flags on the stack, modifying the stack, and returning the flag image from the stack to the flag register. If operating in Protected Mode, the ability to alter the IF bit is subject to protection checks to prevent non-privileged programs from effecting the interrupt state of the CPU. This applies to both instruction and stack options for modifying the IF bit. The TF flag may only be modified by copying the flag register to the stack, setting the TF bit in the stack image, and returning the modified stack image to the flag register. The trap interrupt occurs on completion of the next instruction. Entry to the single step routine saves the flag register on the stack with the TF bit set, and resets the TF bit in the register. After completion of the single step routine, the TF bit is automatically set on return to the program being single stepped to interrupt the program again after completion of the next instruction. Use of TF is not inhibited by the protection mechanism in Protected Mode. The DF flag, like the IF flag, is controlled by instructions (CLD = clear, STD = set) or flag register modification through the stack. Typically, routines that use string instructions will save the flags on the stack, modify DF as necessary via the instructions provided, and restore DF to its original state by restoring the Flag register from the stack before returning. Access or control of the DF flag is not inhibited by the protection mechanism in Protected Mode. The Special Fields bits are only relevant in Protected Mode. Real Address Mode programs should treat these bits as don't-care's, making no assumption about their status. Attempts to modify the IOPL and NT fields are subject to protection checking in Protected Mode. In general, the application's programmer will not be able to and should not attempt to modify these bits. (See section 10.3, "Privileged and Trusted Instructions" for more details.) Figure 2-10. Flags Register STATUS FLAGS: CARRYÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ PARITYÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ AUXILLIARY CARRYÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ZEROÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ SIGNÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ ³ OVERFLOWÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ 15 14 13 1211 10 9 8 7 6 5 4 3 2 1 0 ÉÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍ» FLAGS:º±±³NT³IOPL ³OF³DF³IF³TF³SF³ZF³±±³AF³±±³PF³±±³CFº ÈÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍͼ      ³ ³ ³ ³ ³ CONTROL FLAGS: ³ ³ ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄTRAP FLAG ³ ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄINTERRUPT ENABLE ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄDIRECTION FLAG ³ ³ SPECIAL FIELDS: ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄI/O PRIVILEGE LEVEL ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄNESTED TASK FLAG 2.4 Addressing Modes The information encoded in an 80286 instruction includes a specification of the operation to be performed, the type of the operands to be manipulated, and the location of these operands. If an operand is located in memory, the instruction must also select, explicitly or implicitly, which of the currently addressable segments contains the operand. This section covers the operand addressing mechanisms; 80286 operators are discussed in Chapter 3. The five elements of a general instruction are briefly described below. The exact format of 80286 instructions is specified in Appendix B. þ The opcode is present in all instructions; in fact, it is the only required element. Its principal function is the specification of the operation performed by the instruction. þ A register specifier. þ The addressing mode specifier, when present, is used to specify the addressing mode of an operand for referencing data or performing indirect calls or jumps. þ The displacement, when present, is used to compute the effective address of an operand in memory. þ The immediate operand, when present, directly specifies one operand of the instruction. Of the four elements, only one, the opcode, is always present. The other elements may or may not be present, depending on the particular operation involved and on the location and type of the operands. 2.4.1 Operands Generally speaking, an instruction is an operation performed on zero, one, or two operands, which are the data manipulated by the instruction. An operand can be located either in a register (AX, BX, CX, DX, SI, DI, SP, or BP in the case of 16-bit operands; AH, AL, BH, BL, CH, CL, DH, or DL in the case of 8-bit operands; the FLAG register for flag operations in the instruction itself (as an immediate operand)), or in memory or an I/O port. Immediate operands and operands in registers can be accessed more rapidly than operands in memory since memory operands must be fetched from memory while immediate and register operands are available in the processor. An 80286 instruction can reference zero, one, or two operands. The three forms are as follows: þ Zero-operand instructions, such as RET, NOP, and HLT. Consult Appendix B. þ One-operand instructions, such as INC or DEC. The location of the single operand can be specified implicitly, as in AAM (where the register AX contains the operand), or explicitly, as in INC (where the operand can be in any register or memory location). Explicitly specified operands are accessed via one of the addressing modes described in section 2.4.2. þ Two operand instructions such as MOV, ADD, XOR, etc., generally overwrite one of the two participating operands with the result. A distinction can thus be made between the source operand (the one left unaffected by the operation) and the destination operand (the one overwritten by the result). Like one-operand instructions, two-operand instructions can specify the location of operands either explicitly or implicitly. If an instruction contains two explicitly specified operands, only one of themÄÄeither the source or the destinationÄÄcan be in a register or memory location. The other operand must be in a register or be an immediate source operand. Special cases of two-operand instructions are the string instructions and stack manipulation. Both operands of some string instructions are in memory and are explicitly specified. Push and pop stack operations allow transfer between memory operands and the memory based stack. Thus, the two-operand instructions of the 80286 permit operations of the following sort: þ Register-to-register þ Register-to-memory þ Memory-to-register þ Immediate-to-register þ Immediate-to-memory þ Memory-to-memory Instructions can specify the location of their operands by means of eight addressing modes, which are described in sections 2.4.2 and 2.4.3. 2.4.2 Register and Immediate Modes Two addressing modes are used to reference operands contained in registers and instructions: þ Register Operand Mode. The operand is located in one of the 16-bit registers (AX, BX, CX, DX, SI, DI, SP, or BP) or in one of the 8-bit general registers (AH, BH, CH, DH, AL, BL, CL, or DL). Special instructions are also included for referencing the CS, DS, ES, SS, and Flag registers as operands also. þ Immediate Operand Mode. The operand is part of the instruction itself (the immediate operand element). 2.4.3 Memory Addressing Modes Six modes are used to access operands in memory. Memory operands are accessed by means of a pointer consisting of a segment selector (see section 2.3.2) and an offset, which specifies the operand's displacement in bytes from the beginning of the segment in which it resides. Both the segment selector component and the offset component are 16-bit values. (See section 2.1 for a discussion of segmentation.) Only some instructions use a full 32-bit address. Most memory references do not require the instruction to specify a full 32-bit pointer address. Operands that are located within one of the currently addressable segments, as determined by the four segment registers (see section 2.3.2, "Segment Registers"), can be referenced very efficiently simply by means of the 16-bit offset. This form of address is called by short address. The choice of segment (CS, DS, ES, or SS) is either implicit within the instruction itself or explicitly specified by means of a segment override prefix (see below). See figure 2-11 for a diagram of the addressing process. 2.4.3.1 Segment Selection All instructions that address operands in memory must specify the segment and the offset. For speed and compact instruction encoding, segment selectors are usually stored in the high speed segment registers. An instruction need specify only the desired segment register and an offset in order to address a memory operand. Most instructions need not explicitly specify which segment register is used. The correct segment register is automatically chosen according to the rules of table 2-1 and table 2-2. These rules follow the way programs are written (see figure 2-12) as independent modules that require areas for code and data, a stack, and access to external data areas. There is a close connection between the type of memory reference and the segment in which that operand resides (see the next section for a discussion of how memory addressing mode calculations are performed). As a rule, a memory reference implies the current data segment (i.e., the implicit segment selector is in DS) unless the BP register is involved in the address specification, in which case the current stack segment is implied (i.e, SS contains the selector). The 80286 instruction set defines special instruction prefix elements (see Appendix B). One of these is SEG, the segment-override prefix. Segment-override prefixes allow an explicit segment selection. Only in two special casesÄÄnamely, the use of DI to reference destination strings in the ES segment, and the use of SP to reference stack locations in the SS segmentÄÄis there an implied segment selection which cannot be overridden. The format of segment override prefixes is shown in Appendix B. Table 2-2 Segment Register Selection Rules Memory Reference Segment Register Implicit Segment Needed Used Selection Rule Instructions Code (CS) Automatic with instruction prefetch. Stack Stack (SS) All stack pushes and pops. Any memory reference which uses BP as a base register. Local Data Data (DS) All data references except when relative to stack or string destination. External (Global) Extra (ES) Alternate data segment Data and destination of string operation. Figure 2-11. Two-Component Address   POINTER º º ÚÄÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄ¿ ÌÍÍÍÍÍÍÍÍÍÍÍÍ͹Ŀ ÉÍÍÍÍÍÍÍÍÍÍÍÑÍÍÍÍÍÍÍÍÍÍÍ» º º ³ º SEGMENT ³ OFFSET º º º ³ ÈÍÍÍÍÍÍÍÍÍÍÍÏÍÍÍÍÍÍÍÍÍÍͼ º º ³ 31 16 15 0 ÇÄÄÄÄÄÄÄÄÄÄÄÄĶ ³ ÀÄÄÄÄÂÄÄÄÄÙ ÀÄÄÄÄÂÄÄÄÄÙ º OPERAND º ³ SELECTED ³ ³ º SELECTED º ÃÄ SEGMENT ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÇÄÄÄÄÄÄÄÄÄÄÄÄĶ ³ ³ º º ³ ³ º º ³ ³ º º ³ ³ º º ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÌÍÍÍÍÍÍÍÍÍÍÍÍ͹ÄÙ º º  MEMORY  2.4.3.2 Offset Computation The offset within the desired segment is calculated in accordance with the desired addressing mode. The offset is calculated by taking the sum of up to three components: þ the displacement element in the instruction þ the base (contents of BX or BPÄÄa base register) þ the index (contents of SI or DIÄÄan index register) Each of the three components of an offset may be either a positive or negative value. Offsets are calculated modulo 2^(16). The six memory addressing modes are generated using various combinations of these three components. The six modes are used for accessing different types of data stored in memory: addressing mode offset calculation direct address displacement alone register indirect base or index alone based base + displacement indexed index + displacement based indexed base + index based indexed with displacement base + index + disp In all six modes, the operand is located at the specified offset within the selected segment. All displacements, except direct address mode, are optionally 8- or 16-bit values. 8-bit displacements are automatically sign-extended to 16 bits. The six addressing modes are described and demonstrated in the following section on memory addressing modes. Figure 2-12. Use of Memory Segmentation ÚÄ ÄÄ Ä¿ ÉÍÍÍÍÍÍ» º CODE º ÇÄÄÄÄÄĶ MODULE A º DATA º ÈÍÍÍÍÍͼ CPU ³ ³ ÚÄÄÄÄÄÄÄÄÄÄÄ¿ ÉÍÍÍÍÍÍ» ³ ÉÍÍÍÍÍÍÍ» ³ º CODE º ³ º CODE ÇÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÇÄÄÄÄÄĶ MODULE B ³ ÇÄÄÄÄÄÄĶ ³ º DATA º ³ º DATA ÇÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÈÍÍÍÍÍͼ ³ ÇÄÄÄÄÄÄĶ ³ ³ ³ ³ º STACK ÇÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÉÍÍÍÍÍÍ» ³ ÇÄÄÄÄÄÄĶ ³ ³ º º PROCESS STACK ³ º EXTRA ÇÄÅÄÄÄÄÄÄÄÄÄÄÄ¿ ÀÄÄÄÄÄÄÄÄÄÈÍÍÍÍÍͼ ³ ÈÍÍÍÍÍÍͼ ³ ³ ³ ³ ³ SEGMENT ³ ³ ÉÍÍÍÍÍÍ» PROCESS ³ REGISTERS ³ ³ º º DATA ÀÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÈÍÍÍÍÍͼ BLOCK 1 ³ ³ ÉÍÍÍÍÍÍ» PROCESS º º DATA ÈÍÍÍÍÍͼ BLOCK 2 ÀÄ ÄÄ ÄÙ MEMORY 2.4.3.3 Memory Mode Two modes are used for simple scalar operands located in memory: þ Direct Address Mode. The offset of the operand is contained in the instruction as the displacement element. The offset is a 16-bit quantity. þ Register Indirect Mode. The offset of the operand is in one of the registers SI, DI, or BX. (BP is excluded; if BP is used as a stack frame base, it requires an index or displacement component to reference either parameters passed on the stack or temporary variables allocated on the stack. The instruction level bit encoding for the BP only address mode is used to specify Direct Address mode.) The following four modes are used for accessing complex data structures in memory (see figure 2-13): þ Based Mode. The operand is located within the selected segment at an offset computed as the sum of the displacement and the contents of a base register (BX or BP). Based mode is often used to access the same field in different copies of a structure (often called a record). The base register points to the base of the structure (hence the term "base" register), and the displacement selects a particular field. Corresponding fields within a collection of structures can be accessed simply by changing the base register. (See figure 2-13, example 1.) þ Indexed Mode. The operand is located within the selected segment at an offset computed as the sum of the displacement and the contents of an index register (SI or DI). Indexed mode is often used to access elements in a static array (e.g., an array whose starting location is fixed at translation time). The displacement locates the beginning of the array, and the value of the index register selects one element. Since all array elements are the same length, simple arithmetic on the index register will select any element. (See figure 2-13, example 2.) þ Based Indexed Mode. The operand is located within the selected segment at an offset computed as the sum of the base register's contents and an index register's contents. Based Indexed mode is often used to access elements of a dynamic array (i.e., an array whose base address can change during execution). The base register points to the base of the array, and the value of the index register is used to select one element. (See figure 2-13, example 3.) þ Based Indexed Mode with Displacement. The operand is located with the selected segment at an offset computed as the sum of a base register's contents, an index register's contents, and the displacement. This mode is often used to access elements of an array within a structure. For example, the structure could be an activation record (i.e., a region of the stack containing the register contents, parameters, and variables associated with one instance of a procedure); and one variable could be an array. The base register points to the start of the activation record, the displacement expresses the distance from the start of the record to the beginning of the array variable, and the index register selects a particular element of the array. (See figure 2-13, example 4.) Table 2-3 gives a summary of all memory operand addressing options. Table 2-3. Memory Operand Addressing Modes Addressing Mode Offset Calculation Direct 16-bit Displacement in the instruction Register Indirect BX, SI, DI Based (BX or BP) + Displacement The displacement can be a 0, 8 or 16-bit value. Indexed (SI or DI) + Displacement The displacement can be a 0, 8 or 16-bit value. Based Indexed (BX or BP) + (SI or DI) Based Indexed + Displacement (BX or BP) + (SI or DI) + Displacement The displacement can be a 0, 8 or 16-bit value. Figure 2-13. Complex Addressing Modes 1. BASED MODE 2. INDEXED MODE MOV AX, [BP + DATE_CODE] MOV ID[SI], DX ADD[BX + BALANCE], CX SUB BX, DATA_TBL[SI]     F ÌÍÍÍÍÍÍÍÍÍÍ͹Ŀ ÌÍÍÍÍÍÍÍÍÍÍ͹Ŀ I º º ³ º º ³ X ÉÍÍÍÍÍÍÍÍÍÍÍ» ÇÄÄÄÄÄÄÄÄÄÄĶ ³ ÉÍÍÍÍÍÍÍÍÍÍÍ» ÇÄÄÄÄÄÄÄÄÄÄĶ ³ E º DISPL ÇÄÄÄĺ OPERAND º ÃÄ º INDEX ÇÄÄÄĺ OPERAND º ÃÄD ÈÍÍÍÍÍÍÍÍÍÍͼ ÇÄÄÄÄÄÄÄÄÄÄĶ ³ ÈÍÍÍÍÍÍÍÍÍÍͼ ÇÄÄÄÄÄÄÄÄÄÄĶ ³ + º º ³ + º º ³ A ÉÍÍÍÍÍÍÍÍÍÍÍ» ÚÄÄÇÄÄÄÄÄÄÄÄÄÄĶÄÙ ÉÍÍÍÍÍÍÍÍÍÍÍ» ÚÄÄÇÄÄÄÄÄÄÄÄÄÄĶÄÙ R º BASE ÇÄÙ º º º DISPL ÇÄÙ º º R ÈÍÍÍÍÍÍÍÍÍÍͼ º º ÈÍÍÍÍÍÍÍÍÍÍͼ º º A + º º + º º Y ÉÍÍÍÍÍÍÍÍÍÍÍ» º º ÉÍÍÍÍÍÍÍÍÍÍÍ» º º º SEGMENT ÇÄÄÄÄÈÍÍÍÍÍÍÍÍÍÍͼ º SEGMENT ÇÄÄÄÄÈÍÍÍÍÍÍÍÍÍÍͼ ÈÍÍÍÍÍÍÍÍÍÍͼ ÈÍÍÍÍÍÍÍÍÍÍͼ 3. BASED INDEXED 4. BASED INDEXED MODE WITH DISPLACEMENT BASED MOV DX, [BP][DI] STRUCTURE AND [BX + SI], 3FFH MOV CX, [BP][SI + CNT] CONTAINING SHR[BX + DI + MASK] ARRAY   B   ÀÄ¿ ÌÍÍÍÍÍÍÍÍÍÍ͹Ŀ A ÌÍÍÍÍÍÍÍÍÍÍ͹ ÄÄ¿³ º º ³ S º º ³³ ÉÍÍÍÍÍÍÍÍÍÍÍ» ÇÄÄÄÄÄÄÄÄÄÄĶ ³ E ÉÍÍÍÍÍÍÍÍÍÍÍ» ÇÄÄÄÄÄÄÄÄÄÄĶĿ ³³ º INDEX ÇÄÄÄĺ OPERAND º ÃÄD º INDEX ÇÄÄÄ¿ º±±±±±±±±±±±º ³ A ³³ ÈÍÍÍÍÍÍÍÍÍÍͼ ÇÄÄÄÄÄÄÄÄÄÄĶ ³ ÈÍÍÍÍÍÍÍÍÍÍͼ ³ ÇÄÄÄÄÄÄÄÄÄÄĶ ³ R ³³ + º º ³ A + Àº OPERAND º ÃÄR ÃÙ ÉÍÍÍÍÍÍÍÍÍÍÍ» ÚÄÄÇÄÄÄÄÄÄÄÄÄÄĶÄÙ R ÉÍÍÍÍÍÍÍÍÍÍÍ» ÚÄÄÇÄÄÄÄÄÄÄÄÄÄĶ ³ A ³ º BASE ÇÄÙ º º R º DISPL ÇÄÙ º±±±±±±±±±±±º ³ Y ³ ÈÍÍÍÍÍÍÍÍÍÍͼ º º A ÈÍÍÍÍÍÍÍÍÍÍͼ ÚÇÄÄÄÄÄÄÄÄÄÄĶÄÙ ³ + º º Y + ³ º º ³ ÉÍÍÍÍÍÍÍÍÍÍÍ» º º ÉÍÍÍÍÍÍÍÍÍÍÍ» ³ ÇÄÄÄÄÄÄÄÄÄÄĶ ÄÄÙ º SEGMENT ÇÄÄÄÄÈÍÍÍÍÍÍÍÍÍÍͼ º BASE ÇÄÄÄÙ º º ÈÍÍÍÍÍÍÍÍÍÍͼ ÈÍÍÍÍÍÍÍÍÍÍͼ º º + º º ÉÍÍÍÍÍÍÍÍÍÍÍ» º º º SEGMENT ÇÄÄÄÄÈÍÍÍÍÍÍÍÍÍÍͼ ÈÍÍÍÍÍÍÍÍÍÍͼ 2.5 Input/Output The 80286 allows input/output to be performed in either of two ways: by means of a separate I/O address space (using specific I/O instructions) or by means of memory-mapped I/O (using general-purpose operand manipulation instructions). 2.5.1 I/O Address Space The 80286 provides a separate I/O address space, distinct from physical memory, to address the input/output ports that are used for external devices. The I/O address space consists of 2^(16) (64K) individually addressable 8-bit ports. Any two consecutive 8-bit ports can be treated as a 16-bit port. Thus, the I/O address space can accommodate up to 64K 8-bit ports or up to 32K 16-bit ports. I/O port addresses 00F8H to 00FFH are reserved by Intel. The 80286 can transfer either 8 or 16 bits at a time to a device located in the I/O space. Like words in memory, 16-bit ports should be aligned at even-numbered addresses so that the 16 bits will be transferred in a single access. An 8-bit port may be located at either an even or odd address. The internal registers in a given peripheral controller device should be assigned addresses as shown below. Port Register Port Addresses Example 16-bit even word addresses OUT FE,AX 8-bit; device on lower half of 16-bit data bus even byte addresses IN AL,FE 8-bit; device on upper half of 16-bit data bus odd byte addresses OUT FF,AL The I/O instructions IN and OUT (described in section 3.11.3) are provided to move data between I/O ports and the AX (16-bit I/O) or AL (8-bit I/O) general registers. The block I/O instructions INS and OUTS (described in section 4.1) move blocks of data between I/O ports and memory space (as shown below). In Protected Mode, an operating system may prevent a program from executing these I/O instructions. Otherwise, the function of the I/O instructions and the structure of the I/O space are identical for both modes of operation. INS es:byte ptr [di], DX OUTS DX, byte ptr [si] IN and OUT instructions address I/O with either a direct address to one of up to 256 port addresses, or indirectly via the DX register to one of up to 64K port addresses. Block I/O uses the DX register to specify the I/O address and either SI or DI to designate the source or destination memory address. For each transfer, SI or DI are either incremented or decremented as specified by the direction bit in the flag word while DX is constant to select the I/O device. 2.5.2 Memory-Mapped I/O I/O devices also may be placed in the 80286 memory address space. So long as the devices respond like memory components, they are indistinguishable to the processor. Memory-mapped I/O provides additional programming flexibility. Any instruction that references memory may be used to access an I/O port located in the memory space. For example, the MOV instruction can transfer data between any register and a port; and the AND, OR, and TEST instructions may be used to manipulate bits in the internal registers of a device (see figure 2-14). Memory-mapped I/O performed via the full instruction set maintains the full complement of addressing modes for selecting the desired I/O device. Memory-mapped I/O, like any other memory reference, is subject to access protection and control when executing in protected mode. Figure 2-14. Memory-Mapped I/O MEMORY ADDRESS SPACE ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» I/O DEVICE 1 º º ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º º º INTERNAL REGISTER º ÇÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¶Ä ÄÄ Ä ÄÄ Ä ÄÄ ÄºÄÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º º º º º º º ÇÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¶Ä ÄÄ Ä ÄÄ Ä ÄÄ ÄºÄÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ º º º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ º º º º I/O DEVICE 2 º º ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º º º INTERNAL REGISTER º ºÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄºÄ ÄÄ Ä ÄÄ Ä ÄÄ ÄºÄÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º º º º º º º ºÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄºÄ ÄÄ Ä ÄÄ Ä ÄÄ ÄºÄÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ º º º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ º º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ 2.6 Interrupts and Exceptions The 80286 architecture supports several mechanisms for interrupting program execution. Internal interrupts are synchronous events that are the responses of the CPU to certain events detected during the execution of an instruction. External interrupts are asynchronous events typically triggered by external devices needing attention. The 80286 supports both maskable (controlled by the IF flag) and non-maskable interrupts. They cause the processor to temporarily suspend its present program execution in order to service the requesting device. The major distinction between these two kinds of interrupts is their origin: an internal interrupt is always reproducible by re-executing with the program and data that caused the interrupt, whereas an external interrupt is generally independent of the currently executing task. Interrupts 0-31 are reserved by Intel. Application programmers will normally not be concerned with servicing external interrupts. More information on external interrupts for system programmers may be found in Chapter 5, section 5.2, "Interrupt Handling for Real Address Mode," and in Chapter 9, "Interrupts, Traps and Faults for Protected Virtual Address Mode." In Real Address Mode, the application programmer is affected by two kinds of internal interrupts. (Internal interrupts are the result of executing an instruction which causes the interrupt.) One type of interrupt is called an exception because the interrupt only occurs if a particular fault condition exists. The other type of interrupt generates the interrupt every time the instruction is executed. The exceptions are: divide error, INTO detected overflow, bounds check, segment overrun, invalid operation code, and processor extension error (see table 2-4). A divide error exception results when the instructions DIV or IDIV are executed with a zero denominator; otherwise, the quotient will be too large for the destination operand (see section 3.3.4 for a discussion of DIV and IDIV). An overflow exception results when the INTO instruction is executed and the OF flag is set (after an arithmetic operation that set the overflow (OF) flag). (See section 3.6.3, "Software Generated Interrupts," for a discussion of INTO.) A bounds check exception results when the BOUND instruction is executed and the array index it checks falls outside the bounds of the array. (See section 4.2 for a discussion of the BOUND instruction.) The segment overrun exception occurs when a word memory reference is attempted which extends beyond the end of a segment. An invalid operation code exception occurs if an attempt is made to execute an undefined instruction operation code. A processor extension error is generated when a processor extension detects an illegal operation. Refer to Chapter 5 for a more complete description of these exception conditions. The instruction INT generates an internal interrupt whenever it is executed. The effects of this interrupt (and the effects of all interrupts) is determined by the interrupt handler routines provided by the application program or as part of the system software (provided by system programmers). See Chapter 5 for more on this topic. The INT instruction itself is discussed in section 3.6.3. In Protected Mode, many more fault conditions are detected and result in internal interrupts. Protected Mode interrupts and faults are discussed in Chapter 9. 2.7 Hierarchy of Instruction Sets For descriptive purposes, the 80286 instruction set is partitioned into three distinct subsets: the Basic Instruction Set, the Extended Instruction Set, and the System Control Instruction Set. The "hierarchy" of instruction sets defined by this partitioning helps to clarify the relationships between the various processors in the 8086 family (see figure 2-15). The Basic Instruction Set, presented in Chapter 3, comprises the common subset of instructions found on all processors of the 8086 family. Included are instructions for logical and arithmetic operations, data movement, input/output, string manipulation, and transfer of control. The Extended Instruction Set, presented in Chapter 4, consists of those instructions found only on the 80186, 80188, and 80286 processors. Included are instructions for block structured procedure entry and exit, parameter validation, and block I/O transfers. The System Control Instruction Set, presented in Chapter 10, consists of those instructions unique to the 80286. These instructions control the memory management and protection mechanisms of the 80286. Table 2-4. 80286 Interrupt Vector Assignments (Real Address Mode) Function Interupt Related Return Address Number Instructions Before Instruction Causing Exception? Divide error exception 0 DIV, IDIV Yes Single step interrupt 1 All NMI interrupt 2 All Breakpoint interrupt 3 INT INTO detected overflow exception 4 INTO No BOUND range exceeded exception 5 BOUND Yes Invalid opcode exception 6 Any undefined Yes opcode Processor extension 7 ESC or WAIT Yes not available exception Interrupt table limit 8 INT vector Yes too small exception is not within table limit Processor extension segment 9 ESC with memory No overrun interrupt operand extending beyond offset FFFF(H) Reserved 10-12 Segment overrun exception 13 Word memory Yes reference with offset = FFFF(H) or an attempt to execute past the end of a segment Reserved 14, 15 Processor extension 16 ESC or WAIT error interrupt Reserved 17-31 User defined 32-255 Figure 2-15. Hierarchy of Instructions ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º º º º º ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º º º º º º º ÉÍÍÍÍÍÍÍÍÍÍ» º º º º º 8086 ×ÄÄ×ÄÄ×ÄÄBASIC INSTRUCTION SET º º º 8088 º º º º º ÈÍÍÍÍÍÍÍÍÍͼ º º º º 80186 ÄÄÄ×ÄÄ×ÄÄEXTENDED INSTRUCTION SET º º 80188 º º º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ º º 80286 ÄÄÄÄÄÄ×ÄÄSYSTEM CONTROL INSTRUCTION SET º º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ Chapter 3 Basic Instruction Set ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The base architecture of the 80286 is identical to the complete instruction set of the 8086, 8088, 80188, and 80186 processors. The 80286 instruction set includes new forms of some instructions. These new forms reduce program size and improve the performance and ease of implementation of source code. This chapter describes the instructions which programmers can use to write application software for the 80286. The following chapters describe the operation of more complicated I/O and system control instructions. All instructions described in this chapter are available for both Real Address Mode and Protected Virtual Address Mode operation. The instruction descriptions note any differences that exist between the operation of an instruction in these two modes. This chapter also describes the operation of each application program-relative instruction and includes an example of using the instruction. The Instruction Dictionary in Appendix B contains formal descriptions of all instructions. Any opcode pattern that is not described in the Instruction Dictionary is undefined and results in an opcode violation trap (interrupt 6). 3.1 Data Movement Instructions These instructions provide convenient methods for moving bytes or words of data between memory and the registers of the base architecture. 3.1.1 General-Purpose Data Movement Instructions MOV (Move) transfers a byte or a word from the source operand to the destination operand. The MOV instruction is useful for transferring data to a register from memory, to memory from a register, between registers, immediate-to-register, or immediate-to-memory. Memory-to-memory or segment register-to-segment register moves are not allowed. Example: MOV DS,AX. Replaces the contents of register DS with the contents of register AX. XCHG (Exchange) swaps the contents of two operands. This instruction takes the place of three MOV instructions. It does not require a temporary memory location to save the contents of one operand while you load the other. The XCHG instruction can swap two byte operands or two word operands, but not a byte for a word or a word for a byte. The operands for the XCHG instruction may be two register operands, or a register operand with a memory operand. When used with a memory operand, XCHG automatically activates the LOCK signal. Example: XCHG BX,WORDOPRND. Swaps the contents of register BX with the contents of the memory word identified by the label WORDOPRND after asserting bus lock. 3.1.2 Stack Manipulation Instructions PUSH (Push) decrements the stack pointer (SP) by two and then transfers a word from the source operand to the top of stack indicated by SP. See figure 3-1. PUSH is often used to place parameters on the stack before calling a procedure; it is also the basic means of storing temporary variables on the stack. The PUSH instruction operates on memory operands, immediate operands (new with the 80286), and register operands (including segment registers). Example: PUSH WORDOPRND. Transfers a 16-bit value from the memory word identified by the label WORDOPRND to the memory location which represents the current top of stack (byte transfers are not allowed). PUSHA (Push All Registers) saves the contents of the eight general registers on the stack. See figure 3-2. This instruction simplifies procedure calls by reducing the number of instructions required to retain the contents of the general registers for use in a procedure. PUSHA is complemented by POPA (see below). The processor pushes the general registers on the stack in the following order: AX, CX, DX, BX, the initial value of SP before AX was pushed, BP, SI, and DI. Example: PUSHA. Pushes onto the stack the contents of the eight general registers. POP (Pop) transfers the word at the current top of stack (indicated by SP) to the destination operand, and then increments SP by two to point to the new top of stack. See figure 3-3. POP moves information from the stack to either a register or memory. The only restriction on POP is that it cannot place a value in register CS. Example: POP BX. Replaces the contents of register BX with the contents of the memory location at the top of stack. POPA (Pop All Registers) restores the registers saved on the stack by PUSHA, except that it ignores the value of SP. See figure 3-4. Example: POPA. Pops from the stack the saved contents of the general registers, and restores the registers (except SP) to their original state. Figure 3-1. PUSH     HIGH ADDRESS º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SS LIMIT OPERANDS FROM º±±±±±±±±±±±±±±±º º±±±±±±±±±±±±±±±º PREVIOUS PUSH ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ INSTRUCTIONS SPĺ±±±±±±±±±±±±±±±º º±±±±±±±±±±±±±±±º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SP ALWAYS POINTS º º º OPERAND ºÄTO THE LAST WORD ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ PUSHED ONTO THE º º º º STACK (TOS) ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÷ ÷ ÷ ÷ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º SS ALWAYS POINTS LOW ADDRESS ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ TO LOWEST ADDRESS º º º º USED BY THE STACK  BEFORE   AFTER  PUSH OPERAND PUSH OPERAND PUSH decrements SP by 2 bytes and places the operand in the stack at the location to which SP points. Figure 3-2. PUSHA     HIGH ADDRESS º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SS LIMIT OPERANDS FROM º±±±±±±±±±±±±±±±º º±±±±±±±±±±±±±±±º PREVIOUS PUSH ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ INSTRUCTIONS ÚÄĺ±±±±±±±±±±±±±±±º º±±±±±±±±±±±±±±±º ³ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SPÄÄÙ º º º AX º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º CX º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º DX º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º BX º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º OLD SP º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º BP º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º SI º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º DI ºÄÄÄSP ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÷ ÷ ÷ ÷ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º LOW ADDRESS ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SS º º º º     BEFORE AFTER PUSHA PUSHA PUSHA copies the contents of the eight general registers to the stack in the above order. The instruction decrements SP by 16 bytes (8 words) to point to the last word pushed on the stack. Figure 3-3. POP     HIGH ADDRESS º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SS LIMIT OPERANDS FROM º±±±±±±±±±±±±±±±º º±±±±±±±±±±±±±±±º PREVIOUS PUSH ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ INSTRUCTIONS º±±±±±±±±±±±±±±±º º±±±±±±±±±±±±±±±ºÄÄÄSP ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SPÄÄĺ OPERAND º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÷ ÷ ÷ ÷ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º LOW ADDRESS ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SS º º º º  BEFORE   AFTER  POP OPERAND POP OPERAND POP copies the contents of the stack location before SP to the operand in the instruction. POP then increments SP by 2 bytes (1 word). Figure 3-4. POPA     HIGH ADDRESS º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SS LIMIT OPERANDS FROM º±±±±±±±±±±±±±±±º º±±±±±±±±±±±±±±±º PREVIOUS PUSH ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ INSTRUCTIONS º±±±±±±±±±±±±±±±º º±±±±±±±±±±±±±±±ºÄÄÄSP ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º AX º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º CX º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º DX º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º BX º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º SP º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º BP º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º SI º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SPÄÄĺ DI º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÷ ÷ ÷ ÷ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ º º º º LOW ADDRESS ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ SS  BEFORE   AFTER  POPA POPA POPA copies the contents of seven stack locations to the corresponding general registers. POPA discards the stored value of SP. 3.2 Flag Operation With the Basic Instruction Set 3.2.1 Status Flags The status flags of the FLAGS register reflect conditions that result from a previous instruction or instructions. The arithmetic instructions use OF, SF, ZF, AF, PF, and CF. The SCAS (Scan String), CMPS (Compare String), and LOOP instructions use ZF to signal that their operations are complete. The base architecture includes instructions to set, clear, and complement CF before execution of an arithmetic instruction. See figure 3-5 and tables 3-1 and 3-2. 3.2.2 Control Flags The control flags of the FLAGS register determine processor operations for string instructions, maskable interrupts, and debugging. Setting DF (direction flag) causes string instructions to auto-decrement; that is, to process strings from high addresses to low addresses, or from "right-to-left." Clearing DF causes string instructions to auto-increment, or to process strings from "left-to-right." Setting IF (interrupt flag) allows the CPU to recognize external (maskable) interrupt requests. Clearing IF disables these interrupts. IF has no effect on either internally generated interrupts, nonmaskable external interrupts, or processor extension segment overrun interrupts. Setting TF (trap flag) puts the processor into single-step mode for debugging. In this mode, the CPU automatically generates an internal interrupt after each instruction, allowing a program to be inspected as it executes each instruction, instruction by instruction. Table 3-1. Status Flags' Functions Bit Position Name Function 0 CF Carry Flag--Set on high-order bit carry or borrow; cleared otherwise 2 PF Parity Flag--Set if low-order eight bits of result contain an even number of 1 bits; cleared otherwise 4 AF Set on carry from or borrow to the low order four bits of AL; cleared otherwise 6 ZF Zero Flag--Set if result is zero; cleared otherwise 7 SF Sign Flag--Set equal to high-order bit of result (0 if positive, 1 if negative) 11 OF Overflow Flag--Set if result is too-large a positive number or too-small a negative number (excluding sign-bit) to fit in destination operand; cleared otherwise Table 3-2. Control Flags' Functions Bit Position Name Function 8 TF Trap (Single Step) Flag--Once set, a single step interrupt occurs after the next instruction executes. TF is cleared by the single step interrupt. 9 IF Interrupt-enable Flag--When set, maskable interrupts will cause the CPU to transfer control to an interrupt vector-specified location. 10 DF Direction Flag--Causes string instructions to auto decrement the appropriate index registers when set. Clearing DF causes auto increment. Figure 3-5. Flag Word Contents STATUS FLAGS: CARRYÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ PARITYÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ AUXILLIARY CARRYÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ZEROÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ SIGNÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ ³ OVERFLOWÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ 15 14 13 1211 10 9 8 7 6 5 4 3 2 1 0 ÉÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍÑÍÍ» FLAGS:º±±³NT³IOPL ³OF³DF³IF³TF³SF³ZF³±±³AF³±±³PF³±±³CFº ÈÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍÍÏÍͼ      ³ ³ ³ ³ ³ CONTROL FLAGS: ³ ³ ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄTRAP FLAG ³ ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄINTERRUPT ENABLE ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄDIRECTION FLAG ³ ³ SPECIAL FIELDS: ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄI/O PRIVILEGE LEVEL ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄNESTED TASK FLAG 3.3 Arithmetic Instructions The arithmetic instructions of the 8086-family processors simplify the manipulation of numerical data. Multiplication and division instructions ease the handling of signed and unsigned binary integers as well as unpacked decimal integers. An arithmetic operation may consist of two register operands, a general register source operand with a memory destination operand, a memory source operand with a register destination operand, or an immediate field with either a register or memory destination operand, but not two memory operands. Arithmetic instructions can operate on either byte or word operands. 3.3.1 Addition Instructions ADD (Add Integers) replaces the destination operand with the sum of the source and destination operands. ADD affects OF, SF, AF, PF, CF, and ZF. Example: ADD BL, BYTEOPRND. Adds the contents of the memory byte labeled BYTEOPRND to the contents of BL, and replaces BL with the resulting sum. ADC (Add Integers with Carry) sums the operands, adds one if CF is set, and replaces the destination operand with the result. ADC can be used to add numbers longer than 16 bits. ADC affects OF, SF, AF, PF, CF, and ZF. Example: ADC BX, CX. Replaces the contents of the destination operand BX with the sum of BX, CS, and 1 (if CF is set). If CF is cleared, ADC performs the same operation as the ADD instruction. INC (Increment) adds one to the destination operand. The processor treats the operand as an unsigned binary number. INC updates AF, OF, PF, SF, and ZF, but it does not affect CF. Use ADD with an immediate value of 1 if an increment that updates carry (CF) is needed. Example: INC BL. Adds 1 to the contents of BL. 3.3.2 Subtraction Instructions SUB (Subtract Integers) subtracts the source operand from the destination operand and replaces the destination operand with the result. If a borrow is required, carry flag is set. The operands may be signed or unsigned bytes or words. SUB affects OF, SF, ZF, AF, PF, and CF. Example: SUB WORDOPRND, AX. Replaces the contents of the destination operand WORDOPRND with the result obtained by subtracting the contents of AX from the contents of the memory word labeled WORDOPRND. SBB (Subtract Integers with Borrow) subtracts the source operand from the destination operand, subtracts 1 if CF is set, and returns the result to the destination operand. The operands may be signed or unsigned bytes or words. SBB may