Reply by Robert Wessel●September 17, 20192019-09-17
On Tue, 17 Sep 2019 17:51:01 -0400, George Neuner
<gneuner2@comcast.net> wrote:
>On Tue, 17 Sep 2019 01:01:22 -0500, Robert Wessel
><robertwessel2@yahoo.com> wrote:
>
>>On Mon, 16 Sep 2019 14:57:38 -0400, George Neuner
>><gneuner2@comcast.net> wrote:
>>
>>>On Thu, 12 Sep 2019 10:37:40 +0200, David Brown
>>><david.brown@hesbynett.no> wrote:
>>>
>>>>On 11/09/2019 23:27, Paul Rubin wrote:
>>>>> Hul Tytus <ht@panix.com> writes:
>>>>>> Anyone know of a good handbook describing the machine code of Intel's
>>>>>> 386's? A page describing each instruction along with some text about
>>>>
>>>>I presume this is for some sort of history project?
>>>>
>>>>> I don't know if it's exactly the format you wanted, but I liked
>>>>> "Programming the 80386" by John Crawford and Patrick Gelsinger, who were
>>>>> involved with the 386's design. It did a good job of explaining how
>>>>> memory mapping, the protected mode segment registers, call gates for
>>>>> crossing privilege domains etc. all worked. I still don't understand
>>>>> why today's OS's don't use those features. They would also allow
>>>>> application programs to be set up like miniature OS's with protected
>>>>> memory regions, for things like in-memory databases.
>>>>>
>>>>
>>>>It is a /long/ time since I have read details of the 386 - you are
>>>>talking about a processor that was outdated over 25 years ago.
>>>>
>>>>However, if my memory and understanding is correct, many of these
>>>>advanced protection features were overly complex and extremely slow.
>>>
>>>That's true ... validating segment descriptors and segment limits when
>>>loading the segment selector took > 1000 cycles. This was so onerous
>>>that the i486 and later included a small cache of validated
>>>descriptors. But the cache never was large enough to help programs
>>>that needed to use many segments - IIRC, it held only 6 entries - and
>>>as time went on it shrank to just 2 entries.
>>
>>
>>Descriptor loading was slow, but I'm pretty sure it wasn't *that*
>>slow. It's hard to imagine what it could be doing for that long. I
>>remember times more like 40 clocks on a 286.
>
>Protected mode segment switching on the i286 was fairly quick, but the
>i386 (and later) behaved very differently.
>
>
>Loading a segment register in protected mode could result in a long
>sequence if the descriptor was not already in the descriptor cache:
>
> - read the descriptor from memory into the cache
> - validate the descriptor contents
>And on the i386 and later
> - set the "Accessed" bit in the descriptor
> - write back the modified descriptor to memory
>
>The i386 additionally performed an unnecessary limit check on the
>current offset value, but did not throw any faults when the check was
>done as part of the descriptor load - it just wasted additional
>cycles.
>
>Validating the descriptor was done in microcode and could take
>hundreds of cycles. The i286 did not define or check many of the
>descriptor's control bits, whereas the i386 and later defined and
>checked all the bits.
>
>The i286 did /not/ modify and write back the descriptor - the
>"Accessed" bit was defined for the i286 but was not set by the
>hardware [if the OS used it, it had to deal with it manually].
>The i386 and later automatically set the bit on load and wrote back
>the descriptor to memory. [The i486 and later had data caches to
>absorb the write, but the i386 did not.]
>
>The i286 and i386 had only one descriptor cache line per segment
>register, so they took the full descriptor load hit every time the
>register was modified. The caches became multi-way in later chips so
>as to (try to) keep already-validated descriptors available in case
>they were needed again.
>
>
>I know that the slowness of protected mode segment switching has been
>discussed at length in the past - if not here, then in the arch or x86
>forums. Unfortunately I can't easily locate an online reference for
>segment switch times. I figured Agner Fog would have something, but
>he doesn't seem to have benchmarked the system instructions. [Or if
>he has, I stupidly can't seem to find his results].
The Intel 386 reference (copy available on Bitsavers) say 18 or 19
clocks for a MOV to a segment register. As usual, that would be quite
optimistic and base on zero memory wait states, so would be rather
longer than that.
The Intel 486 manual says 9 clocks.
Perhaps you're thinking of a task switch via a task gate, which could
definitely be multiple hundreds of clocks.
Reply by George Neuner●September 17, 20192019-09-17
On Tue, 17 Sep 2019 01:01:22 -0500, Robert Wessel
<robertwessel2@yahoo.com> wrote:
>On Mon, 16 Sep 2019 14:57:38 -0400, George Neuner
><gneuner2@comcast.net> wrote:
>
>>On Thu, 12 Sep 2019 10:37:40 +0200, David Brown
>><david.brown@hesbynett.no> wrote:
>>
>>>On 11/09/2019 23:27, Paul Rubin wrote:
>>>> Hul Tytus <ht@panix.com> writes:
>>>>> Anyone know of a good handbook describing the machine code of Intel's
>>>>> 386's? A page describing each instruction along with some text about
>>>
>>>I presume this is for some sort of history project?
>>>
>>>> I don't know if it's exactly the format you wanted, but I liked
>>>> "Programming the 80386" by John Crawford and Patrick Gelsinger, who were
>>>> involved with the 386's design. It did a good job of explaining how
>>>> memory mapping, the protected mode segment registers, call gates for
>>>> crossing privilege domains etc. all worked. I still don't understand
>>>> why today's OS's don't use those features. They would also allow
>>>> application programs to be set up like miniature OS's with protected
>>>> memory regions, for things like in-memory databases.
>>>>
>>>
>>>It is a /long/ time since I have read details of the 386 - you are
>>>talking about a processor that was outdated over 25 years ago.
>>>
>>>However, if my memory and understanding is correct, many of these
>>>advanced protection features were overly complex and extremely slow.
>>
>>That's true ... validating segment descriptors and segment limits when
>>loading the segment selector took > 1000 cycles. This was so onerous
>>that the i486 and later included a small cache of validated
>>descriptors. But the cache never was large enough to help programs
>>that needed to use many segments - IIRC, it held only 6 entries - and
>>as time went on it shrank to just 2 entries.
>
>
>Descriptor loading was slow, but I'm pretty sure it wasn't *that*
>slow. It's hard to imagine what it could be doing for that long. I
>remember times more like 40 clocks on a 286.
Protected mode segment switching on the i286 was fairly quick, but the
i386 (and later) behaved very differently.
Loading a segment register in protected mode could result in a long
sequence if the descriptor was not already in the descriptor cache:
- read the descriptor from memory into the cache
- validate the descriptor contents
And on the i386 and later
- set the "Accessed" bit in the descriptor
- write back the modified descriptor to memory
The i386 additionally performed an unnecessary limit check on the
current offset value, but did not throw any faults when the check was
done as part of the descriptor load - it just wasted additional
cycles.
Validating the descriptor was done in microcode and could take
hundreds of cycles. The i286 did not define or check many of the
descriptor's control bits, whereas the i386 and later defined and
checked all the bits.
The i286 did /not/ modify and write back the descriptor - the
"Accessed" bit was defined for the i286 but was not set by the
hardware [if the OS used it, it had to deal with it manually].
The i386 and later automatically set the bit on load and wrote back
the descriptor to memory. [The i486 and later had data caches to
absorb the write, but the i386 did not.]
The i286 and i386 had only one descriptor cache line per segment
register, so they took the full descriptor load hit every time the
register was modified. The caches became multi-way in later chips so
as to (try to) keep already-validated descriptors available in case
they were needed again.
I know that the slowness of protected mode segment switching has been
discussed at length in the past - if not here, then in the arch or x86
forums. Unfortunately I can't easily locate an online reference for
segment switch times. I figured Agner Fog would have something, but
he doesn't seem to have benchmarked the system instructions. [Or if
he has, I stupidly can't seem to find his results].
George
Reply by ●September 17, 20192019-09-17
On Tue, 17 Sep 2019 01:01:22 -0500, Robert Wessel
<robertwessel2@yahoo.com> wrote:
>On Mon, 16 Sep 2019 14:57:38 -0400, George Neuner
><gneuner2@comcast.net> wrote:
>
>>On Thu, 12 Sep 2019 10:37:40 +0200, David Brown
>><david.brown@hesbynett.no> wrote:
>>
>>>On 11/09/2019 23:27, Paul Rubin wrote:
>>>> Hul Tytus <ht@panix.com> writes:
>>>>> Anyone know of a good handbook describing the machine code of Intel's
>>>>> 386's? A page describing each instruction along with some text about
>>>
>>>I presume this is for some sort of history project?
>>>
>>>> I don't know if it's exactly the format you wanted, but I liked
>>>> "Programming the 80386" by John Crawford and Patrick Gelsinger, who were
>>>> involved with the 386's design. It did a good job of explaining how
>>>> memory mapping, the protected mode segment registers, call gates for
>>>> crossing privilege domains etc. all worked. I still don't understand
>>>> why today's OS's don't use those features. They would also allow
>>>> application programs to be set up like miniature OS's with protected
>>>> memory regions, for things like in-memory databases.
>>>>
>>>
>>>It is a /long/ time since I have read details of the 386 - you are
>>>talking about a processor that was outdated over 25 years ago.
>>>
>>>However, if my memory and understanding is correct, many of these
>>>advanced protection features were overly complex and extremely slow.
>>
>>That's true ... validating segment descriptors and segment limits when
>>loading the segment selector took > 1000 cycles.
Sounds more about iAPX432, in which some instructions were real slow.
>This was so onerous
>>that the i486 and later included a small cache of validated
>>descriptors. But the cache never was large enough to help programs
>>that needed to use many segments - IIRC, it held only 6 entries - and
>>as time went on it shrank to just 2 entries.
>
>
>Descriptor loading was slow, but I'm pretty sure it wasn't *that*
>slow. It's hard to imagine what it could be doing for that long. I
>remember times more like 40 clocks on a 286.
Reply by Robert Wessel●September 17, 20192019-09-17
On Mon, 16 Sep 2019 14:57:38 -0400, George Neuner
<gneuner2@comcast.net> wrote:
>On Thu, 12 Sep 2019 10:37:40 +0200, David Brown
><david.brown@hesbynett.no> wrote:
>
>>On 11/09/2019 23:27, Paul Rubin wrote:
>>> Hul Tytus <ht@panix.com> writes:
>>>> Anyone know of a good handbook describing the machine code of Intel's
>>>> 386's? A page describing each instruction along with some text about
>>
>>I presume this is for some sort of history project?
>>
>>> I don't know if it's exactly the format you wanted, but I liked
>>> "Programming the 80386" by John Crawford and Patrick Gelsinger, who were
>>> involved with the 386's design. It did a good job of explaining how
>>> memory mapping, the protected mode segment registers, call gates for
>>> crossing privilege domains etc. all worked. I still don't understand
>>> why today's OS's don't use those features. They would also allow
>>> application programs to be set up like miniature OS's with protected
>>> memory regions, for things like in-memory databases.
>>>
>>
>>It is a /long/ time since I have read details of the 386 - you are
>>talking about a processor that was outdated over 25 years ago.
>>
>>However, if my memory and understanding is correct, many of these
>>advanced protection features were overly complex and extremely slow.
>
>That's true ... validating segment descriptors and segment limits when
>loading the segment selector took > 1000 cycles. This was so onerous
>that the i486 and later included a small cache of validated
>descriptors. But the cache never was large enough to help programs
>that needed to use many segments - IIRC, it held only 6 entries - and
>as time went on it shrank to just 2 entries.
Descriptor loading was slow, but I'm pretty sure it wasn't *that*
slow. It's hard to imagine what it could be doing for that long. I
remember times more like 40 clocks on a 286.
Reply by George Neuner●September 16, 20192019-09-16
On Thu, 12 Sep 2019 10:37:40 +0200, David Brown
<david.brown@hesbynett.no> wrote:
>On 11/09/2019 23:27, Paul Rubin wrote:
>> Hul Tytus <ht@panix.com> writes:
>>> Anyone know of a good handbook describing the machine code of Intel's
>>> 386's? A page describing each instruction along with some text about
>
>I presume this is for some sort of history project?
>
>> I don't know if it's exactly the format you wanted, but I liked
>> "Programming the 80386" by John Crawford and Patrick Gelsinger, who were
>> involved with the 386's design. It did a good job of explaining how
>> memory mapping, the protected mode segment registers, call gates for
>> crossing privilege domains etc. all worked. I still don't understand
>> why today's OS's don't use those features. They would also allow
>> application programs to be set up like miniature OS's with protected
>> memory regions, for things like in-memory databases.
>>
>
>It is a /long/ time since I have read details of the 386 - you are
>talking about a processor that was outdated over 25 years ago.
>
>However, if my memory and understanding is correct, many of these
>advanced protection features were overly complex and extremely slow.
That's true ... validating segment descriptors and segment limits when
loading the segment selector took > 1000 cycles. This was so onerous
that the i486 and later included a small cache of validated
descriptors. But the cache never was large enough to help programs
that needed to use many segments - IIRC, it held only 6 entries - and
as time went on it shrank to just 2 entries.
Another problem with segments was there were too few of them
available: 8K local (per process) segments is not really enough for
fine grain object protection, and 8K global segments is not a whole
lot when you consider all the uses the operating system might have.
But the biggest problem was that the segment selector was a visible
component of addressing. This may have been acceptible on the 8086,
but segments there were purely for addressing and had no protection
dimension. It became a debate issue starting with the i286, but that
chip had so many other issues that segment visibility was lost in the
noise.
When it was announced that the 80386 would include transparent paging,
many people hoped that its segmentation behavior would be rethought.
Segment advocates hoped that the conflation of segment selection with
addressing would be abandoned, that segments would become protection
domains only, that segments would be able to be defined and used more
dynamically, and that using them would be made much faster.
[I'm not taking any positions on this, I'm just recalling things I saw
in media and in Usenet discussions at the time.]
>In the days of the 386, there were four main classes of operating
>systems for it. One was DOS - still popular. Since MS at the time had
>close to zero concern for security or reliability, it used very little
>of the protection features, or memory mapping abilities. It did not
>even use 32-bit modes very much (32-bit DOS extenders were made by third
>parties). Then there was early Windows. Again, security and protection
>were not a concern for MS, though they used a couple of features to get
>multi-tasking of DOS programs. Then there was *nix type systems. These
>simply did not need the call gates and other bits and pieces for
>security - all they need are a distinction between user mode and kernel
>mode, and a way to switch between them. And they didn't need any
>"virtual" modes or other complications that the 386 provided to let you
>use old binaries on newer protected systems - you just compiled your
>*nix code anew for the new system.
>
>The complexities of the call gates and other features of the 386 were
>concepts from a bygone era by the time the 386 came out, and were never
>of use in the kind of systems used by the 386. And they have no use now
>either - modern protection rings and hardware virtualisation are
>massively more efficient, as well as being simpler and more flexible.
Agreed, the i286/i386 ring mechanism was complicated to use, but that
was because the protected segment mechanism itself was complicated to
use. And again, with only 8K global segments, there weren't enough
segments available to protect OS services using call gates unless you
seriously restricted the number of service entry points [there were a
few OSes that did].
YMMV,
George
Reply by David Brown●September 13, 20192019-09-13
On 13/09/2019 11:37, Mat Nieuwenhoven wrote:
> On Thu, 12 Sep 2019 10:37:40 +0200, David Brown wrote:
>
>> On 11/09/2019 23:27, Paul Rubin wrote:
>>> Hul Tytus <ht@panix.com> writes:
>>>> Anyone know of a good handbook describing the machine code of Intel's
>>>> 386's? A page describing each instruction along with some text about
>>
>> I presume this is for some sort of history project?
>>
>>>
>>> I don't know if it's exactly the format you wanted, but I liked
>>> "Programming the 80386" by John Crawford and Patrick Gelsinger, who were
>>> involved with the 386's design. It did a good job of explaining how
>>> memory mapping, the protected mode segment registers, call gates for
>>> crossing privilege domains etc. all worked. I still don't understand
>>> why today's OS's don't use those features. They would also allow
>>> application programs to be set up like miniature OS's with protected
>>> memory regions, for things like in-memory databases.
>>>
>>
>> It is a /long/ time since I have read details of the 386 - you are
>> talking about a processor that was outdated over 25 years ago.
>>
>> However, if my memory and understanding is correct, many of these
>> advanced protection features were overly complex and extremely slow.
>>
>> In the days of the 386, there were four main classes of operating
>> systems for it. One was DOS - still popular. Since MS at the time had
>> close to zero concern for security or reliability, it used very little
>> of the protection features, or memory mapping abilities. It did not
>> even use 32-bit modes very much (32-bit DOS extenders were made by third
>> parties). Then there was early Windows. Again, security and protection
>> were not a concern for MS, though they used a couple of features to get
>> multi-tasking of DOS programs. Then there was *nix type systems. These
>> simply did not need the call gates and other bits and pieces for
>> security - all they need are a distinction between user mode and kernel
>> mode, and a way to switch between them. And they didn't need any
>> "virtual" modes or other complications that the 386 provided to let you
>> use old binaries on newer protected systems - you just compiled your
>> *nix code anew for the new system.
>
>> The complexities of the call gates and other features of the 386 were
>> concepts from a bygone era by the time the 386 came out, and were never
>> of use in the kind of systems used by the 386. And they have no use now
>> either - modern protection rings and hardware virtualisation are
>> massively more efficient, as well as being simpler and more flexible.
>
> 32 bit OS/2 (and descendants like eCs or ArcaOS) definitely use the
> call gates. This caused problems with some virtual machines which did
> not expect that.
OS/2 was written by IBM (at least, those low-level bits were done by
IBM. Some of the other bits were done by MS). The IBM's came from a
background with bigger systems - mainframes - and liked this kind of
powerful hardware feature. So it doesn't surprise me that they used it.
> I don't know anything about the speed differences between call gates
> and more modern mechanisms.
> I don't think there were many compilers that supported segments in 32
> bit mode (maybe Watcom), so 32 bit is always flat mode. Segments gave
> you some protection too.
>
I think that is correct, in the days of the 386 at least. But I don't
know details there. My PC programming at that time was targetting
16-bit Windows or DOS (although I used OS/2 as the OS).
Reply by Mat Nieuwenhoven●September 13, 20192019-09-13
On Thu, 12 Sep 2019 10:37:40 +0200, David Brown wrote:
>On 11/09/2019 23:27, Paul Rubin wrote:
>> Hul Tytus <ht@panix.com> writes:
>>> Anyone know of a good handbook describing the machine code of Intel's
>>> 386's? A page describing each instruction along with some text about
>
>I presume this is for some sort of history project?
>
>>
>> I don't know if it's exactly the format you wanted, but I liked
>> "Programming the 80386" by John Crawford and Patrick Gelsinger, who were
>> involved with the 386's design. It did a good job of explaining how
>> memory mapping, the protected mode segment registers, call gates for
>> crossing privilege domains etc. all worked. I still don't understand
>> why today's OS's don't use those features. They would also allow
>> application programs to be set up like miniature OS's with protected
>> memory regions, for things like in-memory databases.
>>
>
>It is a /long/ time since I have read details of the 386 - you are
>talking about a processor that was outdated over 25 years ago.
>
>However, if my memory and understanding is correct, many of these
>advanced protection features were overly complex and extremely slow.
>
>In the days of the 386, there were four main classes of operating
>systems for it. One was DOS - still popular. Since MS at the time had
>close to zero concern for security or reliability, it used very little
>of the protection features, or memory mapping abilities. It did not
>even use 32-bit modes very much (32-bit DOS extenders were made by third
>parties). Then there was early Windows. Again, security and protection
>were not a concern for MS, though they used a couple of features to get
>multi-tasking of DOS programs. Then there was *nix type systems. These
>simply did not need the call gates and other bits and pieces for
>security - all they need are a distinction between user mode and kernel
>mode, and a way to switch between them. And they didn't need any
>"virtual" modes or other complications that the 386 provided to let you
>use old binaries on newer protected systems - you just compiled your
>*nix code anew for the new system.
>The complexities of the call gates and other features of the 386 were
>concepts from a bygone era by the time the 386 came out, and were never
>of use in the kind of systems used by the 386. And they have no use now
>either - modern protection rings and hardware virtualisation are
>massively more efficient, as well as being simpler and more flexible.
32 bit OS/2 (and descendants like eCs or ArcaOS) definitely use the
call gates. This caused problems with some virtual machines which did
not expect that.
I don't know anything about the speed differences between call gates
and more modern mechanisms.
I don't think there were many compilers that supported segments in 32
bit mode (maybe Watcom), so 32 bit is always flat mode. Segments gave
you some protection too.
Mat Nieuwenhoven
Reply by Hul Tytus●September 12, 20192019-09-12
Thanks Stefan, that should be easy to look at.
Hul
Stefan Reuther <stefan.news@arcor.de> wrote:
> Am 11.09.2019 um 23:06 schrieb Hul Tytus:
> > Anyone know of a good handbook describing the machine code of Intel's
> > 386's? A page describing each instruction along with some text about the
> > various sequences caused by interupts and descriptions of the various tables
> > and "descriptors" and special purpose registers and the effects of "protected
> > mode" is the hope. An older text that didn't describe the 64 bit versions
> > would be ok, maybe preferable.
> If you're really looking for just the 386 and not the gazillions of
> extensions to the Intel 32-bit architecture: in the 90's, we were
> passing around a file called "386intel.txt", titled "INTEL 80386
> PROGRAMMER'S REFERENCE MANUAL 1986", which explains pretty much
> everything about the 386.
> Set your text encoding to cp437, like in the old days.
> Stefan
Reply by Hul Tytus●September 12, 20192019-09-12
Thanks Paul, I take a look at it.
Hul
Paul Rubin <no.email@nospam.invalid> wrote:
> Hul Tytus <ht@panix.com> writes:
> > Anyone know of a good handbook describing the machine code of Intel's
> > 386's? A page describing each instruction along with some text about
> I don't know if it's exactly the format you wanted, but I liked
> "Programming the 80386" by John Crawford and Patrick Gelsinger, who were
> involved with the 386's design. It did a good job of explaining how
> memory mapping, the protected mode segment registers, call gates for
> crossing privilege domains etc. all worked. I still don't understand
> why today's OS's don't use those features. They would also allow
> application programs to be set up like miniature OS's with protected
> memory regions, for things like in-memory databases.
Reply by Stefan Reuther●September 12, 20192019-09-12
Am 11.09.2019 um 23:06 schrieb Hul Tytus:
> Anyone know of a good handbook describing the machine code of Intel's
> 386's? A page describing each instruction along with some text about the
> various sequences caused by interupts and descriptions of the various tables
> and "descriptors" and special purpose registers and the effects of "protected
> mode" is the hope. An older text that didn't describe the 64 bit versions
> would be ok, maybe preferable.
If you're really looking for just the 386 and not the gazillions of
extensions to the Intel 32-bit architecture: in the 90's, we were
passing around a file called "386intel.txt", titled "INTEL 80386
PROGRAMMER'S REFERENCE MANUAL 1986", which explains pretty much
everything about the 386.
A short search turns up this link for a copy:
http://cd.textfiles.com/freedom/CODE/TEXT/386INTEL.ZIP
Set your text encoding to cp437, like in the old days.
Stefan