CS 630: Advanced Microcomputer Programming

1
CS 630 Advanced Microcomputer Programming

• Fall 2006
• Professor Allan B. Cruse
• University of San Francisco

2
Course Synopsis

• We study the IA32 processor architecture
• Its implemented in our Pentium 4 CPUs
• Also implemented in some earlier CPUs
• Not only Intel, but also by its competitors
  (e.g., present as legacy mode in AMD64)
• IA32 architecture adopted by newer Macs
• IA32 architecture continues in Core 2 Duo

3
Point-of-View

• For study purposes we can pretend were studying
  a bare machine (i.e., it just has standard PC
  hardware for doing I/O, and ROM-BIOS firmware
  supplied by vendor, but lacks any operating
  system software).
• So we get to build our own miniature OS
• Doing this will bring us face-to-face with the
  CPUs most fundamental capabilities

4
Methodology

• Our interactive computer classroom lets us take a
  hands on approach to our studies (i.e., we
  combine theory with practice)
• Typically well devote first part each class to a
  lecture about aspects of IA32 theory
• Then well take time in the second part of class
  for laboratory exercises that put the newly
  learned ideas into working code

5
Course prerequisites

• Experience with C / C programming
• Familiarity with use of Linux / UNIX OS
• Acquaintance with x86 assembly language
• Knowledge of the x86 general registers
• Awareness of the x86s instruction-set
• Understand the CPUs fetch-execute cycle
• Recall the ways memory is addressed

6
Review of System Components
Central Processing Unit
Main Memory
system bus
I/O device
I/O device
I/O device
I/O device
7
Review of the x86 API
CS
EAX
DS
EBX
ES
ECX
FS
EDX
GS
ESI
SS
EDI
Segment Registers (16-bits)
EBP
ESP
EIP
General Registers (32-bits)
EFLAGS
Program Control and Status Registers (32 bits)
8
Review of Instruction-Set

• Data-transfer instructions (mov, xchg, )
• Control-transfer instructions (jmp, call, )
• Arithmetic/Logic instructions (add, or, )
• Shift/Rotate instructions (shr, rol, )
• String-manipulation instructions (movs, )
• Processor-control instructions (cli, hlt, )
• Floating-point instructions (fldpi, fmul, )

9
Review Fetch-Execute Cycle
main memory
central processor
Temporary Storage (STACK)
ESP
Program Variables (DATA)
EAX
EAX
EAX
EAX
Program Instructions (TEXT)
EIP
the system bus
10
Steps in Fetch-Execute Cycle
Fetch next instruction
Advance instruction-pointer
Decode fetched instruction
Execute decoded instruction
INTR ?
Interrupt Service Routine
no
yes
11
Review of operand addressing

• Implicit addressing (e.g. pushf, cbw, scasb,
  cli, xlat, )
• Direct addressing (e.g., incl salary, movw
  0, counter, )
• Indirect addressing (e.g., add dx,
  0x14(ebx, esi, 2) )

12
Course Textbook

• Tom Shanley, Protected Mode Software
  Architecture, Addison-Wesley (1996)
• Initial reading assignment
• Week 1 Read Part One (Chapters 1-3)
• Week 2 Read Part Two (Chapters 4-5)

13
Instructor Contact Information

• Office Harney Science Center 212
• Hours Mon-Wed-Fri 1230pm-115pm and
  Tues-Thurs 615pm-715pm
• Phone (415) 422-6562
• Email cruse_at_usfca.edu
• Webpage lthttp//cs.usfca.edu/crusegt

14
CPU Execution Modes
POWER-ON / RESET
REAL MODE
PROTECTED MODE
VIRTUAL 8086 MODE
SYSTEM MANAGEMENT MODE
15
Early Intel Processors

• 1971 4004 (first 4-bit processor)
• 1972 8008 (first 8-bit processor)
• 1974 8080 (widely used by CP/M)
• 1978 8086/8088 (first 16-bit processor)
• 1982 80286 (introduced protected mode)
• 1985 80386 (first 32-bit processor)
• 1989 80486 (integrated floating-point)

16
Later Intel Processors

• 1993 Pentium processor (dual CPUs)
• 1995 Pentium Pro (for high-end servers)
• 1996 Pentium II (single-edge connector)
• 1998 Pentium II Xeon (multiple CPUs)
• 1999 Celeron (stripped down Pentium II)
• 1999 Pentium III (1GHz, 512K L2 cache)
• 1999 Pentium III Xeon (high-end servers)
• 2001 Pentium 4 (new SIMD instructions)

17
Even newer Intel Processors

• 2003 Pentium-M (mobile -- for laptops)
• 2005 Pentium-D (dual core -- for smp)
• 2006 Core 2 Duo (released this summer)
• Newest CPUs support EM64T and VT
• EM64T Extended Memory 64-bit Technology
• VT Intels Virtualization Technology

18
Backward Compatibility

• From its first commercial success onward,
  backward compatibility (i.e., support for the
  software legacy) has been viewed by Intel as an
  engineering design imperative
• So the first 16-bit processors (8086/8088), used
  in IBM-PCs, were designed in a way that would let
  them run the vast number of CP/M programs written
  for 8-bit 8080 CPU

19
Real Mode

• 8086/8088 had only one execution mode
• It used segmented memory-addressing
• Physical memory on 8086 was subdivided into
  overlapping segments of fixed-size
• The length of any segment was 64KB, to match
  the size of an 8080s address-space
• This scheme supported CP/M applications
• (Our Pentium CPUs continue that support)

20
64KB Memory-Segments

• Fixed-size segments partially overlap
• Segments start on paragraph boundaries
• Segment-registers serve as selectors

stack
data
SS
DS
code
CS
21
Real-Mode Address-Translation
16-bit segment-address
16-bit offset-address
0x1234
0x6789
Logical address
0x12340 0x06789 ---------------- 0x18AC9

x 16

20-bit bus-address
0x18AC9
Physical address
22
Protected Mode

• Any Pentium CPU starts up in Real Mode
• While in real mode, its behavior is like an 8086
  (i.e., any program can do anything it wants, as
  the CPUs protection mechanisms are disabled)
• But software can enter protected mode (on a
  80286 or higher) using a special instruction to
  modify a bit within a processor control-register
• Once in protected mode, the segment-sizes can be
  adjusted, accesses to physical memory (or to
  peripheral devices) can be restricted, and tasks
  can be isolated from interfering with one another

23
Enabling Protection
15 14 13 12 11 10 9 8 7
6 5 4 3 2 1 0
N E
E T
T S
E M
M P
P E
80286 Machine Status Word
Code-fragment that enables protection
smsw ax or 1, ax lmsw ax
PE (Protection Enabled) 0no, 1yes
24
Protected-Mode Segments

• Segments can have varying lengths
• Segments may, or may not, overlap
• Segments are assigned access-attributes

operating system
GS
stack
data
SS
code
DS
CS
25
Our bare machine

• If we want to do a hands on study of our CPU,
  without any operating system getting in our way,
  we have to begin by exploring Real Mode (its
  the CPUs startup state)
• We will need to devise a mechanism by which our
  program-code can get loaded into memory (since we
  wont have an OS)
• This means we must write a boot loader

26
Whats a boot loader

• A boot loader is a small program that is
  resident in the starting sector of a disk (or
  tape or other non-volatile storage medium)
• After testing and initializing the machines
  essential hardware devices, the startup program
  in the ROM-BIOS firmware will read the boot
  loader into memory, at an assigned location, and
  then jump there

27
PC ROM-BIOS BOOT_LOCN
ROM-BIOS
Vendors Firmware
No installed memory
Video Display Memory
VRAM
1-MB
Volatile Program Memory
RAM
0x00007E00
BOOT_LOCN
512 bytes
0x00007C00
IVT and BDA
8086 memory-map
28
Some Requirements

• A boot loader has to be 512 bytes in size
  (because it has to fit within a disk sector)
• Must begin with executable machine-code
• Must end with a special boot signature
• Depending on the type of storage medium, it may
  need to share its limited space with certain
  other data-structures (such as the partition
  table on a hard disk, or the Bios Parameter
  Block on a MS-DOS diskette)

29
Writing a boot loader

• Not practical to use a high-level language
• We need to use 8086 assembly language (our
  classroom/lab systems provides as)
• This assemblers syntax differs from the
  standard set by Intel and Microsoft, but it
  follows a tradition, established in 1970s at
  ATT, for its original versions of UNIX
• That as syntax is documented online

30
Using ROM-BIOS functions

• Our system firmware provides many basic
  service-functions that real mode programs can
  invoke (this includes boot-loaders)
• Video display functions
• Keyboard input functions
• Disk access functions
• System query functions
• A machine re-boot function

31
Example Write_String function

• Setup parameters in designated registers
• AH function ID-number (e.g. 0x13)
• AL cursor handling method (e.g. 0x01)
• BH display page-number (e.g., 0x00)
• BL color attributes (e.g., 0x0A)
• CX length of the character-string
• DH, DL row-number, column-number
• ESBP strings starting-address (segoff)
• Call BIOS via software interrupt (int-0x10)

32
Downloading a class demo

• You can download a program source-file from our
  CS 630 course-website to your own present
  working directory by using the Linux file-copy
  command, like this
• cp /home/web/cruse/cs630/bootmsw.s .
• (Here the final period-character (.) is the
  Linux shells symbol for your current
  directory).

33
Compiling and Installing

• Compiling our boot loader using as is a
  two-step operation (and requires use of a
  linker-script, named ldscript)
• as bootload.s o bootload.o
• ld bootload.o T ldscript o bootload.b
• Installing our bootloader into the starting
  sector of a floppy diskette is very simple
• dd ifbootload.b of/dev/fd0

34
No floppy drive!

• Our workstations no longer have diskette-drives,
  but we have devised alternatives
• Copy the bootloader to a hard disk partition
• Install the bootloader on a diskette-image file
• Tonight we can use the first alternative dd
  ifbootloader.b of/dev/sda4
• The grub menu includes an option that will let
  you boot from this cs630 partition

35
Executing a boot-loader

• You need to perform a system reboot
• Our classroom machines will load GRUB (the Linux
  GRand Unified Boot-loader)
• GRUB will display a menu of Boot Options
• You can choose boot from a disk-partition
• Or you can boot from a diskette-image file

36
In-class Exercise 1

• Look at our CS 630 class website
• lthttp//cs.usfca.edu/cruse/cs630gt
• Download, assemble, and install our
  demo bootmsw.s
• Copy the binary-executable (i.e., bootmsw.b)
  to the first sector of the hard-disks partition
  4
• dd ifbootmsw.b of/dev/sda4
• Reboot machine and use GRUBs menu to boot our
  demo-program from the cs630 partition

37
In-class Exercise 2

• Now modify our demo so it will permit a user to
  reboot just by pressing any key
• This exercise will require you to edit your copy
  of our demo-programs source-file (adding a few
  lines that invoke two further ROM-BIOS
  service-functions), and then reassemble, relink,
  and reinstall your work

38
A valuable Online Reference

• Professor Ralf Browns Interrupt List (see
  webpage link under Resources)
• It tells how to make BIOS system-calls, to
  perform numerous low-level services from within
  Real-Mode 8086 applications (such as boot
  loader programs)

39
Programming Details

• Its easy to include await keypress mov 0,
  ah function-ID int 0x16 BIOS keyboard
  service
• Its easy to include reboot system int 0x19
  BIOS reboot service