SPPU Microprocessor Unit 5 Study Notes.

markdown 2025-05-25

Unit 5: Multitasking and Virtual 8086 Mode in Intel

80386
Overview
Unit 5 of the SPPU Microprocessor course (Semester 4, Computer Engineering) focuses on the advanced
features of the Intel 80386 microprocessor, specifically multitasking and Virtual 8086 Mode. These topics
build on Units 3 (80386 architecture) and 4 (memory management), emphasizing how the 80386 supports
efficient task management and compatibility with legacy 8086 programs. The notes below are crafted for
exam preparation, covering all transcript topics, correcting errors using the Intel 80386 Programmer's
Reference Manual, and including practical examples, analogies, tables, and study tips tailored to SPPU
requirements.

1. Multitasking in 80386
Multitasking enables the 80386 to execute multiple programs (tasks) by rapidly switching between them,
giving the appearance of simultaneous execution. This is achieved through hardware support, ensuring
efficiency and security. The transcript defines multitasking as performing multiple tasks concurrently, like
listening to music while typing, and emphasizes its role in optimizing CPU time and enhancing user
experience.

1.1 Task State Segment (TSS)

The Task State Segment (TSS) is a special memory segment that stores a task’s complete state, enabling the
CPU to save and restore task contexts during switches. It is 104 bytes and divided into:

Dynamic Fields (updated during task switches):

General-purpose registers (EAX, EBX, ECX, EDX, ESI, EDI, EBP, ESP)
Segment registers (CS, DS, ES, FS, GS, SS)
Flags register (EFLAGS)
Instruction pointer (EIP)
Backlink (selector of the previous task’s TSS, updated for nested tasks)
Static Fields (read but not modified):
Local Descriptor Table (LDT) selector
CR3 (page directory base address, PDBR)
Stack pointers for privilege levels 0–2
T-bit (debug trap bit, triggers exception on task switch)
I/O map base address (controls I/O permissions)

Analogy: The TSS is like a student’s notebook for a specific subject, storing all notes (registers, flags) needed
to resume studying exactly where they left off.

Example: When switching from Task A (EIP=0x1000, EAX=0x1234) to Task B, the CPU saves Task A’s state to its
TSS and loads Task B’s state (e.g., EIP=0x2000, EAX=0x5678) from its TSS.

Table: TSS Structure

1/5
SPPU Microprocessor Unit 5 Study Notes.markdown 2025-05-25

Offset Field Size (Bytes) Type Description

0x00 Backlink 2 Dynamic Selector of previous task’s TSS

0x04 ESP0 4 Static Stack pointer for privilege level 0

0x08 SS0 2 Static Stack segment for privilege level 0

0x14 EIP 4 Dynamic Instruction pointer

0x18 EFLAGS 4 Dynamic Flags register

0x1C EAX 4 Dynamic General-purpose register

0x34 CR3 4 Static Page directory base address

0x66 LDT 2 Static Local Descriptor Table selector

0x68 T-bit 1 Static Debug trap bit

0x6A I/O Map Base 2 Static Base address of I/O permission bitmap

Correction: The transcript correctly identifies TSS fields but oversimplifies the I/O map base’s role. The Intel
80386 Manual clarifies it controls I/O access permissions, enhancing security.

1.2 TSS Descriptor

The TSS Descriptor resides in the Global Descriptor Table (GDT) and defines the TSS segment’s properties.

Type: 9 (available 32-bit TSS) or 11 (busy 32-bit TSS).

B-bit: Indicates task status (0=not busy, 1=busy).
LIMIT: Must be ≥103 to cover TSS fields; larger if I/O permission bitmap is included.
DPL: Descriptor Privilege Level, typically 0 for system tasks.
Base Address: Points to the TSS’s starting address in memory.

Study Tip: Memorize type codes (9, 11) and the B-bit’s role in preventing reentrant task switches.

Example: A TSS Descriptor at GDT index 5 has a base address of 0x10000 and LIMIT=104. The CPU uses this
to locate the TSS during a task switch.

1.3 Task Register (TR)

The Task Register (TR) is a 16-bit register holding the selector of the current task’s TSS Descriptor in the GDT.
It is loaded using the privileged LTR instruction.

Example: If Task A’s TSS Descriptor is at GDT index 5, TR holds (5 << 3) = 0x0028 (assuming RPL=0, TI=0).

Analogy: TR is like a library card pointing to the current book (TSS) being read by the CPU.

1.4 Task Gate Descriptor

A Task Gate Descriptor is a gate in the GDT or Interrupt Descriptor Table (IDT) that references a TSS
Descriptor, enabling secure task switches via interrupts or calls.

Type: 5 (task gate).

2/5
SPPU Microprocessor Unit 5 Study Notes.markdown 2025-05-25

Selector: Points to the target TSS Descriptor.

DPL: Controls access privilege.

Example: An interrupt vector pointing to a task gate causes a task switch to the referenced TSS, ensuring
protected access.

Analogy: A task gate is like a secure checkpoint at an airport, directing passengers (tasks) to their destination
(TSS) after verification.

1.5 Task Switching

Task Switching is the process of pausing one task and resuming another, managed by the CPU:

1. Trigger: Initiated by:

JMP/CALL to a TSS Descriptor or Task Gate.
Interrupt/exception pointing to a task gate.
IRET with Nested Task (NT) flag set.
2. Save State: Current task’s registers are saved to its TSS.
3. Load State: New task’s registers are loaded from its TSS.
4. Update TR: TR is set to the new TSS selector.
5. Update B-bit: New TSS Descriptor’s B-bit set to 1; old TSS’s B-bit cleared to 0.
6. Resume Execution: Execution continues at the new task’s EIP.

Example:

Task A (EIP=0x1000) executes JMP to Task B’s TSS Descriptor.

CPU saves Task A’s state to its TSS.
Loads Task B’s state (EIP=0x2000) from its TSS.
Updates TR and B-bits.
Execution resumes at 0x2000.

Analogy: Task switching is like a chef juggling multiple dishes, saving the state of one dish (e.g., ingredients
on a tray) before starting another.

1.6 Task Linking

Task Linking enables nested task switches, allowing a task to call another and return later.

Mechanism: Uses the backlink field in the TSS and NT flag in EFLAGS.
Process:
CALL to a TSS Descriptor sets NT=1 and stores the calling task’s TSS selector in the called task’s
backlink.
IRET with NT=1 switches back to the task in the backlink.
B-bit: Ensures the calling task remains busy, preventing reentrancy.

Example:

Task A calls Task B via CALL.

NT=1, Task B’s TSS backlink set to Task A’s TSS selector.
Task B executes IRET, switching back to Task A.

3/5
SPPU Microprocessor Unit 5 Study Notes.markdown 2025-05-25

Study Tip: Practice numerical problems on backlink selectors and NT flag transitions.

1.7 Task Address Space

Each task has its own Task Address Space, defined by:

LDT: Local Descriptor Table for task-specific segments.

CR3: Points to the task’s page directory for virtual memory.

This isolates tasks, preventing memory interference and enhancing security.

Example: Task A’s LDT defines its code/data segments, and CR3 maps its virtual addresses to physical
memory, separate from Task B.

Correction: The transcript mentions shared or separate address spaces but omits CR3’s role. The Intel 80386
Manual confirms CR3’s importance in paging.

2. Virtual 8086 Mode

Virtual 8086 Mode allows the 80386 to run 8086 programs in protected mode, emulating an 8086
environment while maintaining security.

2.1 Features

Emulation: Each virtual 8086 task operates in a 1 MB address space, mimicking 8086 real mode.
Protection: Paging isolates tasks, preventing unauthorized memory access.
I/O Control: I/O Privilege Level (IOPL) and I/O map in TSS control I/O operations.
Interrupt Handling: Interrupts are trapped by the OS for emulation or redirection.

Example: A DOS program runs in Virtual 8086 Mode, with the OS intercepting I/O instructions to ensure
system stability.

2.2 Memory Management

Address Generation: Segment registers (e.g., CS, DS) are used as in real mode, with linear address =
(segment << 4) + offset.
Paging: Linear addresses are mapped to physical memory via page tables, allowing the 80386’s 4 GB
address space to host multiple virtual 8086 tasks.
Limit: Only the lower 21 bits of the linear address are used, simulating the 8086’s 20-bit address space.

Example: A segment value of 0x1000 and offset 0x0100 generates a linear address of (0x1000 << 4) + 0x0100
= 0x100100, mapped via paging.

Table: Address Generation in Virtual 8086 Mode

Component Value Calculation Result

Segment 0x1000 Segment << 4 0x10000

Offset 0x0100 + Offset 0x100100

Linear Address - Mapped via page tables Physical address

4/5
SPPU Microprocessor Unit 5 Study Notes.markdown 2025-05-25

2.3 Entering and Leaving Virtual 8086 Mode

Entering:
Set VM bit in EFLAGS to 1.
Requires CPL=0 (kernel mode).
Done via task switch (loading TSS with VM=1) or IRET with VM=1.
Leaving:
Interrupt or exception triggers a task switch to a protected mode task, clearing VM to 0.
General Protection Fault if sensitive instructions (e.g., CLI, STI) are executed without sufficient
IOPL.

Example:

OS sets up a virtual 8086 task, sets VM=1, and switches to it.

An interrupt causes a task switch to a protected mode task, clearing VM.

Analogy: Entering Virtual 8086 Mode is like switching a modern computer to a “retro mode” to run old
software, with the OS acting as a supervisor to ensure safety.

Correction: The transcript simplifies entering/leaving mechanisms. The Intel 80386 Manual specifies CPL=0
requirement and interrupt-driven exits.

Study Tips
Diagrams: Practice drawing TSS, TSS Descriptor, and task switching flowcharts, as these are common in
SPPU exams.
Numerical Problems: Solve problems on GDT index calculations (e.g., TR selector = index << 3) and
address generation in Virtual 8086 Mode.
Past Papers: Review PYQs for questions like “Explain task switching with a diagram” or “Describe Virtual
8086 Mode features.”
Key Terms: Memorize definitions (e.g., TSS, B-bit, VM bit) and their roles.
Revision: Revisit Units 3 and 4 for segmentation and paging concepts, as they underpin Unit 5.

Key Citations
Intel 80386 Programmer's Reference Manual - Task State Segment
Intel 80386 Programmer's Reference Manual - Multitasking
Task State Segment - Wikipedia

5/5