X86 memory segmentation

X86 memory segmentation

x86 memory segmentation refers to the implementation of memory segmentation on the x86 architecture. Memory is divided into portions that may be addressed by a single index register without changing a 16-bit segment selector. In real mode or V86 mode, a segment is always 64 kilobytes in size (using 16-bit offsets). In protected mode, a segment can have variable length.

Real mode

In 16-bit real mode, enabling applications to make use of multiple memory segments (in order to access more memory than available in any one 64K-segment) was quite complex, but was viewed as a necessary evil for all but the smallest tools (which could do with less memory). The root of the problem was that no appropriate address-arithmetic instructions suitable for flat addressing of the entire memory range were available. Flat addressing is possible by applying multiple instructions, which however leads to slower programs.

In real mode, the 16-bit segment selector was interpreted as the first 16 bits of a linear 20-bit address, with the remaining four being all zeros. The segment selector is always added with a 16-bit offset to yield a linear address. For instance, the segmented address 6EFh:1234h has a segment selector of 6EFh, which corresponds to the 20-bit linear address 6EF0h. To this we add the offset, yielding the linear address 6EF0h + 1234h = 8124h (cf. hexadecimal).

A single linear address can be mapped to many segmented addresses. For instance, the linear address above (8124h) can have the segmented addresses 6EFh:1234h, 812h:4h and 0h:8124h (and many more). This could be confusing to programmers accustomed to unique addressing schemes.

The effective 20-bit address space of real mode limited the addressable memory to 220 bytes, or 1,048,576 bytes.

Protected mode

In protected mode, segmentation is used as a virtual memory mechanism, providing memory isolation and contiguous addressing of non-contiguous physical memory.

On the 386 and later, programs issue logical (46-bit) addresses which go through the segmentation unit to be checked and translated into linear 32-bit addresses, before being sent to the paging unit (if enabled) which ultimately translates them into physical addresses (which are also 32-bit on the 386, but can be larger on more modern processors which support Physical Address Extension).

Detailed Segmentation Unit Workflow

A logical address consists of a 16-bit segment selector (supplying 13+1 address bits) and a 32-bit offset (16-bit on the 286). The segment selector must be located in one of the segment registers. That selector consists of a 2-bit Requested Privilege Level (RPL) where the lowest number is the highest privilege level, a 1-bit Table Indicator (TI), and a 13-bit index.

The processor accesses the 64-bit segment descriptor structure in the Global Descriptor Table if TI is 0 or in the Local Descriptor Table if TI is 1. It then performs the privilege check:

DPL < max (CPL,RPL)

where CPL is the current privilege level (lower 2 bits in CS), RPL is the requested privilege level from the segment selector, and DPL is the descriptor privilege level of the segment (found in the descriptor).

If the inequality is true, the processor generates a general protection fault (GP). Otherwise, address translation continues. This privilege check is done only when the segment register is loaded because segment descriptors are cached in hidden parts of the segment registers. The processor then takes the 32-bit or 16-bit offset and compares it against the segment limit specified in the segment descriptor. If it is larger, a GP fault is generated. Otherwise, the processor adds the segment base (32-bit or 24-bit, specified in descriptor) to the offset and this creates a linear address.


Logical addresses can be explicitly specified in x86 assembler language, e.g. (AT&T syntax):

movl $42, %fs:(%eax) ; Equivalent to M [fs:eax] <-42) in RTL

Usually, however, implied segments are used. All instruction fetches come from the code segment in the CS register. Most memory references come from data segment in the DS register. Processor stack references, either implicitly (e.g. push and pop instructions) or explicitly (memory accesses using the ESP or (E)BP registers) use the stack segment in the SS register. Finally, string instructions (e.g. stos, movs) also use the extra segment ES.

Segmentation cannot be turned off on x86 processors, so many operating systems use a flat memory model to make segmentation unnoticeable to programs. For instance, the Linux kernel sets up only 4 segments:Fact|date=February 2007

* __KERNEL_CS (Kernel code segment, base=0, limit=4GB, DPL=0) * __KERNEL_DS (Kernel data segment, base=0, limit=4GB, DPL=0) * __USER_CS (User code segment, base=0, limit=4GB, DPL=3) * __USER_DS (User data segment, base=0, limit=4GB, DPL=3)

Since the base is set to 0 in all cases and the limit 4 GiB, the segmentation unit does not affect the addresses the program issues before they arrive at the paging unit.

Segments can be defined to be either code, data, or system segments. Additional permission bits are present to make segments read only, read/write, execute, etc.

Note that code may always modify all segment registers "except" CS (the code segment). This is because the current privilege level (CPL) of the processor is stored in the lower 2 bits of the CS register. The only way to raise the processor privilege level (and reload CS) is through the lcall (far call) and int (interrupt) instructions. Similarly, the only way to lower the privilege level (and reload CS) is through lret (far return) and iret (interrupt return).

For more about segmentation, see the IA-32 manuals freely available on the AMD or Intel websites.

ee also

* Memory model
* THE multiprogramming system

External links

* [http://www.intel.com/products/processor/manuals/index.htm Home of the IA-32 Intel Architecture Software Developer's Manual]
* [http://mirror.href.com/thestarman/asm/debug/Segments.html The Segment:Offset Addressing Scheme]

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Memory segmentation — is the division of computer memory into segments or sections. Segments or sections are also used in object files of compiled programs when they are linked together into a program image, or the image is loaded into memory. In a computer system… …   Wikipedia

  • X86 assembly language — is the assembly language for the x86 class of processors, which includes Intel s Pentium series and AMD s Athlon series. Like all assembly languages, it uses short mnemonics to represent the fundamental operations that the CPU in a computer can… …   Wikipedia

  • Memory management — is the act of managing computer memory. The essential requirement of memory management is to provide ways to dynamically allocate portions of memory to programs at their request, and freeing it for reuse when no longer needed. This is critical to …   Wikipedia

  • Memory architecture — describes the methods used to implement electronic computer data storage in a manner that is a combination of the fastest, most reliable, most durable, and least expensive way to store and retrieve information. Depending on the specific… …   Wikipedia

  • Memory management unit — This 68451 MMU could be used with the Motorola 68010 A memory management unit (MMU), sometimes called paged memory management unit (PMMU), is a computer hardware component responsible for handling accesses to memory requested by the CPU. Its… …   Wikipedia

  • x86 — This article is about Intel microprocessor architecture in general. For the 32 bit generation of this architecture which is also called x86 , see IA 32. x86 Designer Intel, AMD Bits 16 bit, 32 bit, and/or 64 bit Introduced 1978 Design …   Wikipedia

  • Memory leak — A memory leak, in computer science (or leakage, in this context), occurs when a computer program consumes memory but is unable to release it back to the operating system. In object oriented programming, a memory leak happens when an object is… …   Wikipedia

  • Memory safety — Software Testing portal Memory safety is a concern in software development that aims to avoid software bugs that cause security vulnerabilities dealing with random access memory (RAM) access, such as buffer overflows and dangling pointers.… …   Wikipedia

  • Memory protection — is a way to control memory access rights on a computer, and is a part of most modern operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug… …   Wikipedia

  • X86 — Un processeur Intel 80486 SX 25 x86 est la dénomination de la famille de microprocesseurs compatibles avec le jeu d instructions de l Intel 8086. Les différents constructeurs de microprocesseurs pour PC se doivent de maintenir une compatibilité… …   Wikipédia en Français