SPPU Microprocessor Unit 5 Detailed Study Notes.

markdown 2025-05-25

Unit 5: Multitasking and Virtual 8086 Mode in Intel

80386
Overview
Unit 5 of the SPPU Microprocessor course (Semester 4, Computer Engineering) explores the Intel 80386’s
advanced capabilities in multitasking and Virtual 8086 Mode. These features extend the 80386’s
architecture (Unit 3) and memory management (Unit 4), focusing on task management and legacy
compatibility. These detailed notes are designed for exam success, incorporating examples, analogies, tables,
and study aids, verified against the Intel 80386 Programmer's Reference Manual.

1. Multitasking in 80386
Multitasking allows the 80386 to execute multiple tasks by switching between them rapidly, leveraging
hardware support for efficiency and security. This optimizes CPU utilization and supports complex
applications.

1.1 Task State Segment (TSS)

The Task State Segment (TSS) is a 104-byte data structure in memory that stores a task’s full execution
context. It enables seamless task switching by saving and restoring register states.

TSS Structure

Dynamic Fields: Updated by the CPU during task switches (e.g., registers, EIP, EFLAGS).
Static Fields: Configured by the OS and unchanged during switches (e.g., stack pointers, CR3).

Detailed Table: TSS Fields

Size
Offset Field Type Description
(Bytes)

Selector of the previous task’s TSS (used in nested task

0x00 Backlink 2 Dynamic
switches)

0x02 Reserved 2 - Reserved for alignment or future use

0x04 ESP0 4 Static Stack pointer for privilege level 0 (kernel mode)

0x08 SS0 2 Static Stack segment selector for privilege level 0

0x0A Reserved 2 - Reserved

0x0C ESP1 4 Static Stack pointer for privilege level 1

0x10 SS1 2 Static Stack segment selector for privilege level 1

0x12 Reserved 2 - Reserved

0x14 ESP2 4 Static Stack pointer for privilege level 2

1/7
SPPU Microprocessor Unit 5 Detailed Study [Link] 2025-05-25

Size
Offset Field Type Description
(Bytes)

0x18 SS2 2 Static Stack segment selector for privilege level 2

0x1A Reserved 2 - Reserved

CR3
0x1C 4 Static Page directory base address for task’s virtual memory
(PDBR)

0x20 EIP 4 Dynamic Instruction pointer (next instruction to execute)

0x24 EFLAGS 4 Dynamic Flags register (e.g., carry, zero, VM, NT flags)

0x28 EAX 4 Dynamic General-purpose register

0x2C ECX 4 Dynamic General-purpose register

0x30 EDX 4 Dynamic General-purpose register

0x34 EBX 4 Dynamic General-purpose register

0x38 ESP 4 Dynamic Stack pointer for current privilege level

0x3C EBP 4 Dynamic Base pointer for stack frame

0x40 ESI 4 Dynamic Source index register (e.g., for string operations)

0x44 EDI 4 Dynamic Destination index register (e.g., for string operations)

0x48 ES 2 Dynamic Extra segment register

0x4A Reserved 2 - Reserved

0x4C CS 2 Dynamic Code segment register

0x4E Reserved 2 - Reserved

0x50 SS 2 Dynamic Stack segment register

0x52 Reserved 2 - Reserved

0x54 DS 2 Dynamic Data segment register

0x56 Reserved 2 - Reserved

0x58 FS 2 Dynamic Extra segment register (introduced in 80386)

0x5A Reserved 2 - Reserved

0x5C GS 2 Dynamic Extra segment register (introduced in 80386)

0x5E Reserved 2 - Reserved

0x60 LDT 2 Static Local Descriptor Table selector for task-specific segments

0x62 Reserved 2 - Reserved

Debug trap bit (if 1, triggers exception on task switch for

0x64 T-bit 1 Static
debugging)

2/7
SPPU Microprocessor Unit 5 Detailed Study [Link] 2025-05-25

Size
Offset Field Type Description
(Bytes)

0x65 Reserved 1 - Reserved

I/O Map Offset in TSS to I/O permission bitmap (controls port

0x66 2 Static
Base access)

Notes:

The TSS must be at least 104 bytes, but can be larger if an I/O permission bitmap is appended.
Reserved fields ensure alignment and compatibility with future enhancements.

Analogy: The TSS is like a detailed checklist for a project manager, capturing every tool (registers) and
instruction (EIP) needed to resume a task.

Detailed Example:

Task A is running with EIP=0x00001000, EAX=0x12345678, ESP=0x00002000, CS=0x0010, SS=0x0018,

and EFLAGS=0x00000202 (IF=1, IOPL=0).
A task switch occurs (e.g., via interrupt).
The CPU saves these values to Task A’s TSS at the appropriate offsets (e.g., EIP at 0x20, EAX at 0x28).
Task B’s TSS is loaded, restoring its state (e.g., EIP=0x00003000, EAX=0x87654321).

Study Tip: Practice mapping register values to TSS offsets (e.g., where is ECX stored?) to master its layout.

1.2 TSS Descriptor

The TSS Descriptor resides in the GDT and defines the TSS’s location and properties.

Format:
Base Address: 32-bit address of the TSS in memory.
Limit: 16-bit size (minimum 103 for 104-byte TSS; larger with I/O bitmap).
Type: 9 (available TSS) or 11 (busy TSS).
B-bit: 0 (not busy) or 1 (busy, currently executing).
DPL: Privilege level (typically 0 for OS tasks).
G-bit: Granularity (0=bytes, 1=4 KB).

Example:

GDT entry at index 4: Base=0x00100000, Limit=0x0067 (104 bytes), Type=9, DPL=0, B-bit=0.
Selector: (4 << 3) = 0x0020 (TI=0, RPL=0).

Analogy: The TSS Descriptor is like a library catalog card, pointing to a specific book (TSS) with metadata
(size, status).

1.3 Task Register (TR)

The Task Register (TR) is a 16-bit register that holds the GDT selector of the current task’s TSS Descriptor. It’s
updated via the LTR instruction (privileged) or during task switches.

Format: Bits 15–3 (GDT index), Bit 2 (TI=0 for GDT), Bits 1–0 (RPL).

3/7
SPPU Microprocessor Unit 5 Detailed Study [Link] 2025-05-25

Loading: LTR sets TR without switching tasks; task switches update TR automatically.

Example:

TR=0x0028 (index 5, TI=0, RPL=0) points to a TSS Descriptor at GDT[5].

After a switch to a TSS at GDT[6], TR becomes 0x0030.

Analogy: TR is like a GPS tracker, always pointing to the current task’s “location” (TSS).

1.4 Task Gate Descriptor

The Task Gate Descriptor facilitates task switches via interrupts or calls, residing in the GDT or IDT.

Format:
Type: 5 (task gate).
Selector: Points to a TSS Descriptor in the GDT.
DPL: Access privilege level.
Offset: Ignored (unlike call gates).

Example:

IDT entry 10: Type=5, Selector=0x0020 (GDT[4]), DPL=0.

An interrupt at vector 10 triggers a switch to the TSS at GDT[4].

Analogy: A task gate is like a VIP pass, granting controlled access to a task’s execution environment.

1.5 Task Switching

Task Switching involves pausing one task and resuming another, with hardware managing the process.

Triggers

1. JMP/CALL: Direct jump or call to a TSS Descriptor or Task Gate.

2. Interrupt/Exception: IDT entry points to a Task Gate.
3. IRET: Returns to a previous task if NT=1.

Detailed Process

1. Initiate Switch:
CPU detects a trigger (e.g., JMP to TSS Descriptor).
2. Save Current State:
Registers (EAX–EDI, ESP, EBP, CS–GS, EIP, EFLAGS) saved to current TSS.
If CALL or interrupt, NT=1 and backlink updated.
3. Validate New TSS:
Checks new TSS Descriptor (Limit ≥ 103, DPL, Type=9/11).
4. Load New State:
TR updated to new TSS selector.
Registers loaded from new TSS.
If paging enabled, CR3 loaded for new address space.
If LDT present, LDTR updated.

4/7
SPPU Microprocessor Unit 5 Detailed Study [Link] 2025-05-25

5. Update Status:
New TSS Descriptor’s B-bit set to 1.
Old TSS Descriptor’s B-bit cleared to 0.
6. Execute:
CPU resumes at new EIP.

Example Scenarios:

JMP Switch:
Task A (EIP=0x1000) jumps to Task B’s TSS Descriptor (GDT[6]).
Task A’s state saved (EIP=0x1000, EAX=0x1234).
Task B’s state loaded (EIP=0x2000, EAX=0x5678).
TR=0x0030, B-bits updated.
Interrupt Switch:
Interrupt 5 triggers a Task Gate (Selector=0x0028).
Current task saved; new task loaded from GDT[5].
Execution resumes at new EIP.

Analogy: Task switching is like a stage manager cuing actors (tasks) on and off stage, ensuring props (states)
are swapped smoothly.

Study Tip: Draw a flowchart of the task switch process, labeling each step with register updates.

1.6 Task Linking

Task Linking supports nested tasks using the backlink and NT flag.

CALL:
Sets NT=1 in EFLAGS.
Backlink in new TSS set to old TSS selector.
IRET:
If NT=1, switches to task in backlink, clears NT.

Example:

Task A (TR=0x0020) calls Task B (GDT[6]).

Task B’s TSS backlink=0x0020, NT=1, TR=0x0030.
Task B executes IRET, switching back to Task A (TR=0x0020).

Analogy: Task linking is like a phone call stack—calling a friend (new task) and hanging up (IRET) to return.

1.7 Task Address Space

Each task has an isolated Task Address Space:

LDT: Defines task-specific segments (code, data).

CR3: Points to the page directory, mapping virtual to physical addresses.

Example:

Task A: CR3=0x00010000, LDT selector=0x0040.

5/7
SPPU Microprocessor Unit 5 Detailed Study [Link] 2025-05-25

Task B: CR3=0x00020000, LDT selector=0x0048.

Paging ensures no overlap unless explicitly shared.

Analogy: The address space is like a private office for each task, with walls (paging) preventing interference.

2. Virtual 8086 Mode

Virtual 8086 Mode enables the 80386 to run 8086 programs in a protected environment, crucial for
backward compatibility.

2.1 Features

1 MB Address Space: Emulates 8086 real mode per task.

Protection: Paging isolates virtual tasks.
I/O Control: IOPL and I/O bitmap manage port access.
Interrupts: Trapped by OS for emulation or redirection.

Use Case: Running multiple DOS programs concurrently on an 80386 OS.

2.2 Memory Management

Address Calculation:
Linear address = (segment << 4) + offset.
32-bit result, but only lower 21 bits used (1 MB limit with wrap-around).
Paging:
Linear address mapped to physical address via page tables.
Multiple virtual 8086 tasks coexist in 4 GB space.

Detailed Example:

CS=0x1000, EIP=0x0100.
Linear address = (0x1000 << 4) + 0x0100 = 0x10000 + 0x0100 = 0x10100.
Page table maps 0x10100 to physical address (e.g., 0x00110100).

Table: Address Calculation

Step Value Calculation Result

Segment (CS) 0x1000 Segment << 4 0x10000

Offset (EIP) 0x0100 + Offset 0x10100

Linear Address 0x10100 Via page tables Physical

Analogy: Memory management is like a translator converting an old book’s page numbers (segment:offset)
to a modern library’s shelf location (physical address).

2.3 Entering and Leaving Virtual 8086 Mode

Entering:
VM Bit: Set to 1 in EFLAGS.

6/7
SPPU Microprocessor Unit 5 Detailed Study [Link] 2025-05-25

Requirements: CPL=0 (kernel mode).

Methods:
1. Task switch to TSS with VM=1 in EFLAGS.
2. IRET with VM=1 on stack.
Leaving:
Interrupt/exception switches to protected mode task, clearing VM.
Sensitive instructions (e.g., CLI, STI) trigger faults if IOPL < 3.

Step-by-Step Example:

1. OS creates TSS with EFLAGS=0x00020000 (VM=1).

2. Task switch loads TSS, setting VM=1.
3. Virtual 8086 task runs at CPL=3 (emulated).
4. Interrupt 13 occurs, IDT switches to protected mode task, VM=0.

Analogy: Entering Virtual 8086 Mode is like booting an old PC inside a virtual machine, with the OS as the
hypervisor.

Study Tip: Practice transitions (e.g., VM=0 to VM=1) with EFLAGS bit manipulations.

2.4 Benefits and Use Cases

Backward Compatibility: Runs 8086 software on 80386 systems.

Multitasking: Supports multiple DOS programs simultaneously.
Security: Protects system resources via paging and privilege checks.

Example: An OS runs three DOS games, each in a virtual 8086 task, isolated by paging and managed by a
protected mode kernel.

Study Tips
Diagrams: Sketch TSS layout, task switch sequences, and Virtual 8086 address translation.
Numericals: Calculate TR selectors (e.g., index 7 → 0x0038) and linear addresses (e.g., DS:0x2000 +
0x0100).
PYQs: Solve “Describe TSS with a diagram” or “Explain Virtual 8086 Mode memory management.”
Mnemonics: “EFLAGS” = Enable Flags Like Always Greatly Simplify (key bits: VM, NT, IF).

Key Citations
Intel 80386 Manual - TSS
Intel 80386 Manual - Multitasking

7/7