What Is Real Mode?

When the CPU is reset (reset) or powered on (power on), it starts in real mode, and the processor works in real mode. In real mode, the memory addressing mode is the same as 8086. The content of the 16-bit segment register is multiplied by 16 (10H) as the segment base address, plus the 16-bit offset address to form a 20-bit physical address. The maximum addressing space is 1MB. , The maximum segment is 64KB. You can use 32-bit instructions. A 32-bit x86 CPU is used as the high-speed 8086. In real mode, all segments are readable, writable, and executable.

The 286 architecture introduces a protection mode that allows hardware-level memory protection. However, using these new features requires additional software instructions that were not previously needed. Because the main design specifications of the x86 microprocessor are fully forward compatible with software written for all previous x86 chips, the boot of the 286 chip is in 'real mode'-that is, a mode to turn off the new memory protection feature , So you can run software designed for older microprocessors. Until now, even the latest x86 CPUs were able to run software written for any previous chip even when they were turned on in real mode.

Chinese name: Real-time mode
Chinese abbreviation: Real mode

Correspondence concept: Protection mode
Field: Computer operating system. Assembly language

Real mode basic concepts

Real mode in protected mode

Protected mode: 32-bit segments and offsets are used for addressing. The maximum addressing space is 4GB and the maximum segment is 4GB (Pentium Pre and later 64GB). In the protected mode, the CPU can enter the virtual 8086 mode, which is the real-mode program running environment in the protected mode.

Run command in real mode

What is the essence of the program running? In fact, it is very simple. It is the execution of instructions. Obviously, the CPU is the hardware guarantee for the instructions to be executed.

The 80x86 series uses the CS register and the IP register to notify the CPU of the instruction's location in memory.

Program instructions generally require various data during execution. The 80x86 series has DS, ES, FS, GS, SS, etc. to indicate the position of data segments in memory for different purposes.

The program may need to call the service subroutine of the system. The 80x86 series uses the interrupt mechanism to implement system services.

In general, these are the main contents required for a program to run in real mode (others such as jumps, returns, and port operations are relatively minor.)

Real mode protection mode

Protected mode --- Speaking from program operation

Regardless of the real mode or the protected mode, the fundamental problem is how the program runs in it.

Therefore, we should always think about this issue when learning the protection mode. As in real mode, the essence of program operation in protected mode is still "CPU executes instructions and manipulates related data", so various code segments, data segments, stack segments, interrupt service routines still exist in real mode, and functions, The effect remains the same.

So what's the biggest change in protected mode? The answer may vary from person to person. My answer is that the "address translation method" has changed the most.

Real mode comparison

First look at the address translation method in real mode. Suppose we store 0x1000 in ES and 0xFFFF in DI, then ES: DI = 0x1000 * 0x10 + 0xFFFF = 0x1FFFF, which is the well-known "left shift 4 bits plus bias shift".

So what if in protected mode? Assuming the above data is unchanged ES = 0x1000, DI = 0xFFFF, what is ES: DI now?

The formula is as follows: (Note: 0x1000 = 1000000000000b = 10 0000 0000 0 00) ES: DI = Segment base address given by 0x200 descriptor in the global descriptor table + 0xFFFF

Compare it now, it seems different. Take a closer look, it seems that there is no difference!

Why there is no difference, because my thought is that since the contents of ES are not real segment addresses, why is ES called "segment register" in real mode, and "selector" in protected mode? What do you think?

In fact, they are all a kind of mapping, but the mapping rules are different: in real mode, this "address translation method" is "shift 4 bits to the left"; in protected mode, it is "look up the global / local description table". The former is a system-defined mapping method, and the latter is a user-defined conversion method. And it affects "shadow register". From the function point of view, the former is an expression function and the latter is an enumerated function:

Real mode: F (es-> segment) = {segment | segment = es * 0x10}

Protection mode: F (es-> segment) = {segment | (es, segment) GDT / LDT}

Among them, GDT and LDT respectively represent the global descriptor table and the local descriptor table.

Real mode components

The most basic part of the protection mode is to add a corresponding mechanism around the change of the "address translation method".

Data segment

As mentioned earlier, the various code segments, data segments, stack segments, and interrupt service routines in real mode still exist. I will collectively refer to them as "data segments." This article will use this definition wherever data segments are mentioned.

Descriptors

In the protected mode, descriptors are introduced to describe various data segments. All descriptors are 8 bytes (0-7). The 5th byte describes the type of the descriptor. The type is different, and the structure of the descriptor is also different. different.

Several descriptors are grouped together to form a descriptor table, and the descriptor table itself is also a kind of data segment, and is also described using descriptors. From now on, "address translation" is done by the descriptor table, in this sense, the descriptor table is an address translation function table.

3.Selector

The selector is a 2-byte number with a total of 16 bits. The lowest 2 bits indicate the RPL, and the third bit indicates whether the table lookup is performed by GDT (Global Descriptor Table) or LDT (Local Descriptor Table). The address of the required descriptor in the descriptor table. (Note: 13 bits is just enough to address 8K items) With the above three concepts, you can work further. Now the program runs exactly as it does in real mode! !! !! Each segment register still gives a "segment value", but the conversion from this "false segment value" to the real segment address is no longer "shifted 4 bits to the left", but is done using a descriptor table. But now a new problem arises:

How does the system know where the GDT / LDT is in memory?

In order to solve this problem, it is obviously necessary to introduce a new register to indicate the location of GDT / LDT in memory. In the 80x86 series, two new registers GDTR and LDTR are introduced, where GDTR is used to indicate the segment address and segment limit of GDT in memory (that is, the size of the table). Therefore, GDTR is a 48-bit register, of which 32 bits represent the segment Address, 16 bits indicate segment limit (maximum 64K, each descriptor is 8 bytes, so there is a maximum of 64K / 8 = 8K descriptors). LDTR is used to indicate the location of LDT in memory, but because LDT is also a data segment, it must have a descriptor, and this descriptor must be placed in GDT. Therefore, LDTR uses the same as DS, ES, CS, etc. Mechanism, which stores only one "selector", and obtains the real memory address of the LDT by looking up the GDT table. By the way, there are interrupts to consider. In the 80x86 series, interrupt / trap descriptors are provided for interrupt services. These descriptors form the interrupt descriptor table (IDT), and a 48-bit full address register is used to store the IDT memory address. In theory, the IDT table can also have 8K entries, but because 80x86 only supports 256 interrupts, the IDT can actually only have a maximum of 256 entries (2K size).

Summary of real mode issues

Real Mode Basic Questions

The basic problems and core problems of the protected mode were introduced earlier. After solving the above problems, the program can run in the protected mode.

But it is well known that after 80286, multi-tasking hardware support was implemented in protected mode. My first reaction was: Why not support multitasking in real mode, is it impossible or unwilling?

After thinking about it, my answer is: multitasking can be achieved in real mode.

Because the key to multitasking is the descriptor, you can give additional descriptions about the data segment, such as permissions, and then perform corresponding control based on these additional information. The real mode lacks descriptors, but suppose we specify The first 2 bytes or several bytes of each segment are used to describe the additional attributes of the segment. I don't think it is essentially different from the mechanism using descriptors. If you add other mechanisms ... based on the above considerations, I tend to think that Tasks are functions independent of Protected Mode.

Let's analyze the task. What is the essence of the task? It's simple, it's the program! !!

The so-called task switching is actually a program switching! !!

The problem is clear now. In real mode, the programs run one after another, so the "environment" of the program does not have to be saved; in protected mode, a program may be suspended during execution and the next program is executed. What do we do? It is easy to think of the environment in which the program runs (think the save progress function of the game program), such as the value of each register.

Obviously, these "environment" data constitute a new type of data segment (ie, TSS). Continuing the previous idea,

Set a descriptor (TSS descriptor) for this type of data segment, place this type of descriptor in the GDT (cannot be placed in LDT, because 80x86 is not allowed :)), and finally add a TR register for table lookup. TR is a "selector" register, 16 bits.

Well, the basic task of task switching is to store the "environment" of the original task into the TSS data segment, update the TR register, the system will automatically check the GDT table to obtain and load the "environment" of the new task, and then go to the new task for execution.

Additional requirements for real mode

Why is it called additional requirements, because the task is not working well yet. As mentioned earlier, tasks are essentially programs, and different programs are written by different users. All these programs may use the same address space, and the task switching process generally does not include refreshing of memory data. It is not impossible. But if it is too wasteful to do that. Therefore, the paging mechanism must be introduced to effectively complete the support for multitasking.

The essence of paging is to realize the mapping of addresses in the program to physical addresses. This is also an "address translation" mechanism. The previous solution (that is, similar to the GDT) can also be used: First, a data table such as a page table is created. In 80x86, Using the two-level page table scheme, add a CR3 register to store the address of the first-level page table (also called the page directory) in memory. CR3 has a total of 32 bits. The lower 12 bits are always zero, and the upper 20 bits indicate the page. The memory address of the directory, so the page directory is always page-aligned. CR3 is stored in the TSS data segment as part of the task "environment" when the task is switched.

Of course, there must be a corresponding page fault interrupt mechanism and its related register CR2 (Page Fault Linear Address Register).

What's Added in Protected Mode?

1.Register GDR LDR IDR TR CR3

2.Data Segment Descriptor Table (GDT LDT) Task Data Segment (TSS) Page Table (Page Directory Secondary Page Table)

3. Mechanism permission detection (using the attribute bits of the selector / descriptor / page table entry)

Linear address to physical address mapping

Common nouns in real mode

What has appeared in the previous content is no longer explained.

1. The permissions determined by the permission bits in the RPL selector

2. CPL specifically refers to the authority determined by the authority bit in the selector in CS

3, EPL EPL = Max (RPL, CPL), that is, the larger the value of RPL and CPL, or the lower the level of authority

4, permissions determined by the permission bits in the DPL descriptor

5.PL refers to the above 4 privilege levels

6, task privileges = CPL

7, I / O privileges are determined by bits 13 and 14 of the EFLAGS register

8. Consistent code segment A special code segment that allows access when CPL> = DPL

Normal code segments are only accessible when CPL = DPL RPL <= DPL