1

The Central Processing Unit

CHAPTER 04
 Contents
 CPU Complexity,

 x86, x64 registers organization,

 Key characteristics of x86 processor instruction set.

 Describe x86 processor memory segmentation.

 Describe the various types of 8086/8088 addressing modes.

 CPU Complexity
Modern CPU is extremely complex (Intel CPU chip contains 2.5 billion
transistors). The reason of complexity:

 Multiple Cores,

 Multiple Roles,

 Protection and Privilege,

 Hardware Priorities,

 Generality,

 High-speed
 Modes of Execution
 In most CPUs, the hardware uses a set of parameters to handle the
complexity and control operation → the hardware has multiple
modes of execution.

 At any given time, the current execution mode determines how the
CPU operates

 The current execution mode determine: subset of instruction that are

valid, the region of memory that can be accessed, the functional
units that are available, the amount of privilege
 Changing modes
 Automatic Mode Change. External hardware can change the
mode of a CPU. For example, when an I/O device requests service,
the hardware informs the CPU. Hardware in the CPU changes mode
(and jumps to the operating system code) automatically before
servicing the device.

 Manual Mode Change occurs under control of a running program.

Most often, the program is the operating system, which changes
mode before it executes an application. However, some CPUs also
provide multiple modes that applications can use, and allow an
application to switch among the modes.
 Privilege and Protection
 The mode of execution is linked to CPU facilities for privilege and
protection, the current mode specifies the level of privilege for the
CPU.
 There are at least two levels of protection:
 The operating system must run with absolute privilege,
whereas the application programs can run with limited privilege.
 8

Processor
• Processor organization
Structure and • Register organization
Function
 Overview
 Things that the processor must do

Fetch Interpret Process

Fetch data Write data
instruction instruction data
•Register •Decode •From mem •Performing •To memory
•Cache instruction •From I/O arithmetic •To I/O
•Main mem module or logical module
operations

 To do these things, the processor needs to store some data

temporarily → It needs a small internal memory
Simplified view of the processor
Internal Structure of the processor
 Register Organization
There is a set of registers that function as a level of memory above main
memory and cache in the hierarchy. The registers in the processor
perform two roles:

 User-visible registers: Enable the machine- or assembly language

programmer to minimize main memory references by optimizing use
of registers.

 Control and status registers: Used by the control unit to control the
operation of the processor and by privileged, operating system
programs to control the execution of programs.
 Register Organization
User-visible registers: Control and status registers
 General purpose  Program counter (PC)
 Data
 Instruction register (IR)
 Addressing
 Segment pointers  Memory address register (MAR)
 Index registers
 Memory buffer register (MBR)
 Stack pointers

 Condition codes (flags)

 14

Intel x86 Register Organization

Intel 8088 Intel 80386

 Intel x86 Register Organization
 General: may be used for all types of x86 instructions; they can also
hold operands for address calculations.

 Some of these registers serve special purposes. For example, string

instructions use the contents of the ECX, ESI, and EDI registers as
operands without having to reference these registers explicitly in the
instruction
 Intel x86 Register Organization
 Segment: The six 16-bit segment registers contain segment selectors,
which index into segment tables

 The code segment (CS) register references the segment containing

the instruction being executed.

 The stack segment (SS) register references the segment containing a

user-visible stack. The remaining segment registers (DS, ES, FS, GS)
enable the user to reference up to four separate data segments at a
time
 Intel x86 Register Organization
 Instruction pointer: Contains the address of the current instruction.

 Flags – Program Status Word (PSW): The 32-bit EFLAGS register

contains condition codes and various mode bits. In 64-bit mode, this
register is extended to 64 bits and referred to as RFLAGS (upper 32-
bits are not used).

 Condition bits: includes the six condition codes (carry, parity,

auxiliary, zero, sign, overflow), which report the results of an integer
operation.
 Intel x86 Register Organization
Mode bits

 Trap flag (TF): When set, causes an interrupt after the execution of
each instruction. This is used for debugging.

 Interrupt enable flag (IF): When set, the processor will recognize
external interrupts.

 Direction flag (DF): Determines whether string processing instructions

increment or decrement the 16-bit half-registers SI and DI (for 16-bit
operations) or the 32-bit registers ESI and EDI (for 32-bit operations)
Flag Register
 20

Intel x86 Register - 64 bit

 Interrupt processing
 Interrupt (is generated by a signal from hardware)

 Maskable interrupts: INTR – processor does not recognize unless the IF is set

 Non-maskable interrupts: NMI – recognition of such interrupts can not be

prevented

 Exception (is generated from software)

 Processor-detected exceptions: Results when the processor encounters an

error while attempting to execute an instruction.

 Programmed exceptions: These are instructions that generate an

exception (e.g., INTO, INT3, INT, and BOUND)
Interrupt Vector Table
 Interrupt Handling
1. The current stack segment register and stack pointer (ESP) is pushed
onto the stack.
2. The current value of the EFLAGS register is pushed onto the stack.
3. Both the interrupt (IF) and trap (TF) flags are cleared. This disables
INTR interrupts and the trap or single-step feature.
4. The current code segment (CS) pointer and the current instruction
pointer (IP or EIP) are pushed onto the stack.
5. If the interrupt is accompanied by an error code, then the error code
is pushed onto the stack.
6. The interrupt vector contents are fetched and loaded into the CS
and IP or EIP registers. Execution continues from the interrupt service
routine (ISR).
7. On IRET, CS, IP and FLAGS are popped.
8. IF and TF are set to the state prior to the interrupt.
 24

• Machine instruction
characteristics
Instruction Sets: • Types of operands
Characteristics • Types of operations
and Functions
 Elements of a Machine Instruction
 Operations: Opcode

 Operand storage in the CPU (data can be stored in a stack

structure or in registers)

 Number of explicit operands per instruction (zero, one, two,

and three being the most common)

 Operand location (instructions can be classified as register-to-

register, register- to-memory or memory-to-memory)

 Type and size of operands (operands can be addresses,

numbers, or even characters)
 Number of addresses
Number of Addresses Symbolic Interpretation
representation
3 OP C, A, B C  A OP B
2 OP A, B A  A OP B
1 OP A AC  AC OP A
0 OP T  (T-1) OP T

A,B,C: memory of register locations

AC: Accumulator
T: Top of stack
T-1: Second element of stack
 Types of operands
Machine instructions operate on data. The most important general
categories of data:

 Addresses

 Numbers

 Characters

 Logical data
 x86 Operation Types
Data movement

Instruction Description
MOV Move operand, between registers or between register
and memory
PUSH/PUSHA Push (Push all) operand/registers onto stack
MOVSX Moves a byte to a word or a word to a DWORD
with twos-complement sign extension.
LEA Loads the offset of the source operand, rather than its
value to the destination operand
XLAT Table lookup translation. Replaces a byte in AL with a
byte from a user-coded translation table
IN, OUT Input, output operand from I/O space
 x86 Operation Types
Arithmetic

Instruction Description
ADD Add operands
SUB Subtract operands
MUL Unsigned integer multiplication, with byte, word, or
double word operands, and word, Dword, or Qword
result
DIV Unsigned divide
IDIV Signed divide
 x86 Operation Types
Logical/Control transfer
Instruction Description
NOT, AND, OR, XOR NOT, AND, OR, XOR operands
SHR/SHL Shift logical right or left
SAR/SAL Shift arithmetic right or left
ROR/ROL Rotate right or left
DIV Unsigned divide
IDIV Signed divide
JMP Unconditional jump
CALL Call subroutine: Transfer control to another
location
JE/JZ Jump if equal/zero
LOOPE/LOOPZ Loops if equal/zero
 x86 Operation Types
String operations
Instruction Description
LODS Load byte, word, dword of string
MOVS Move byte, word, dword string. The instruction operates
on one element of a string, indexed by registers ESI and
EDI
 36

• Real mode address space

8086/8088 • Physical & Logical address
Memory • Segment boundary
address
Segmentation
• Segment registers
 Introduction
 Segmentation was introduced on the Intel 8086 in 1978 as a way to
allow programs to address more than 64 KB (65,536 bytes) of
memory.

 The Intel 80286 introduced a second version of segmentation in

1982 that added support for virtual memory and memory
protection.

 The original model was then renamed real mode, and the new
version was named protected mode.
 Real mode address space
 With 20 address lines of 8086/8088 processor,
address space in real mode run from 00000 to
0FFFFh (1 megabyte of memory),

 8086/8088 processor only has 16-bit registers

➔ needs to combine 2 registers to address a
memory location.

Base (16 bits)

Offset (16 bits)

 Physical, logical, effective address
 Physical address (PA): 20-bit address to refer to a memory location in
one megabyte of memory space,

 Logical, effective address (EA): a 2-component address which is

written as:

Base:Offset

 Base: segment boundary address

 Offset: the displacement of memory location in a segment

PA = Base << 4 bits + Offset

 Segment boundary address
 Any memory address evenly divisible by 16 is called a paragraph
boundary (The first paragraph boundary is address 0, the second is
10h, the third is 20h, and so on).

 Any paragraph boundary may be considered as the start of a

segment.

 There are 64K different paragraph boundaries where a segment

may begin.

 Any segment may begin at any paragraph boundary.

 The number of the paragraph boundary is called the segment

address.
 Segment boundary address

A physical address can be represented

Segment 0
differently logical addresses depending
Segment 1
on the base (segment) selected
Segment 2
Example:

64KB The memory location at 004AFh may be

located by:
Segment: 0040h, Offset 00AFh
Or
Segment: 0030h, Offset 01AFh
Or
Segment: 0000h, Offset 04AFh
 Segment Registers
 In real mode, the registers CS, DS, SS, and ES point to the currently
used program code segment (CS), the current data segment (DS),
the current stack segment (SS), and one extra segment determined
by the programmer (ES).

 The valid segment:offset register pairs:

 CS:IP points to next instruction (instruction pointer) in code segment

 DS|ES:BX, DS|ES:SI, DS|ES:DI point to data in data/extra segment

 SS:SP points to the top of stack

 SS:BP point to the data in stack segment (local variables)

 43

• Immediate Addressing
• Direct Addressing
• Indirect Addressing
x86 Addressing • Register Addressing
Modes • Register Indirect Addressing
• Displacement Addressing
• Stack Addressing
 Addressing Modes
 Processor Instruction:

Opcode Operand

 Addressing modes: How to specify the address of the operands

 Common addressing modes:
 Immediate Addressing, Direct Addressing, Indirect Addressing
 Register Addressing, Register Indirect Addressing
 Displacement Addressing, Stack Addressing
 Immediate Addressing
 The operand value is present in the instruction

Advantages:

 no memory reference other than the instruction fetch is required to

obtain the operand → saving one memory or cache cycle in the
instruction cycle.

Example:
Instruction
MOV AX, 1502h
operand
ADD AX, 5
 Direct Addressing
 The address field contains the effective address of the operand

 It requires only one memory reference and no special calculation

Instruction

Example: address

MOV BX, WORD_VALUE

operand
ADD DL, BYTE_VALUE

BYTE_VALUE DB 65, 66, 67

WORD_VALUE DW 134, 456

 Indirect Addressing
 The address field refers to the address of a word in memory. Memory
references are coded within square brackets.

Example:
Instruction
MOV BX, ARRAY address
operand
MOV [BX], 100

ADD BX, 2

MOV [BX], 200

ARRAY 10 DW 0
 Register Addressing
 Similar to direct addressing. The only difference is that the address
field refers to a register rather than a main memory address

Example:

MOV BX, AX

MOV COUNT, CX

JMP AX ; jump within code segment

 Register Indirect Addressing
 Is analogous to indirect addressing. The only difference is whether the
address field refers to a memory location or a register. Generally, the
base registers EBX, EBP (or BX, BP) and the index registers (DI, SI),
memory references are coded within square brackets.

Example:
Address
MOV BX, 1B67h 1B66 35
1B67 69
MOV AX, [BX]
1B68 1B
JMP [BX] ; Jump address in data segment 1B69 24
1B6A 01
MOV AX, [DI] ; DS:[DI]
1B6B
MOV AX, [BP] ; SS:[BP]
 Displacement Addressing
 A very powerful mode of addressing combines the capabilities of
direct addressing and register indirect addressing

 The most common uses of displacement addressing:

 Relative addressing

 Indexing
 Relative Addressing
Example:

MOV BX, 1B67h

MOV AX, [BX] ; Register indirect

…
Address
MOV AX, [BX+2] ; AX = 0124h: Relative
1B66 35
Or 1B67 69
MOV BX, ARRAY ; indirect 1B68 1B
… 1B69 24
1B6A 01
MOV BX, [ARRAY+2]; relative
1B6B
 Indexed Addressing
 Use disp[reg] or [disp+reg] to refer to memory location

Example:
MOV AL, Disp[BX] ; MOV DL, [BX+Disp]

MOV AL, Disp[SI] ; MOV DL, [SI+Disp]

MOV AL, Disp[BP] ; MOV DL, [BP+Disp]

 Based Indexed Addressing
 Use both base register and index register to refer to memory location

Example:
MOV AL, [BX][SI] ; MOV AL, [BX+SI]

MOV AL, [BP][SI] ; MOV DL, [BP+SI]

 Based Indexed Plus Displacement
 The same as based indexed addressing plus an additional 8-bit or 16-
bit displacement

Example:
MOV AL, disp[BX][SI] ; MOV AL, [BX+SI+disp]

MOV AL, disp[BP][SI] ; MOV DL, [BP+SI+disp]

 An Easy way to remember
 There are total 17 different legal memory addressing modes on the
8086/8088. These are disp, [bx], [bp], [si], [di], disp[bx], disp[bp],
disp[si], disp[di], [bx][si], [bx][di], [bp][si], [bp][di], disp[bx][si], disp
[bx][di], disp[bp][si], and disp[bp][di].

 An easier way to member:

[BX] [SI]
Disp
[BP] [DI]
 Stack Addressing
 A stack is a linear array of locations. It is sometimes referred to as a
pushdown list or last-in-first-out queue.

 Items in stack are appended to the top of the stack so that, at any
given time, the block is partially filled.

 Associated with the stack is a pointer whose value is the address of

the top of the stack. The stack pointer is maintained in a register (BP)
Thus, references to stack locations in memory are in fact register
indirect addresses.

 The stack mode of addressing is implied. The machine instructions

need not include a memory reference but implicitly operate on the
top of the stack