{"id":100745,"date":"2019-01-20T23:00:00","date_gmt":"2019-01-21T14:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/?p=100745"},"modified":"2019-03-18T11:02:43","modified_gmt":"2019-03-18T18:02:43","slug":"20190121-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20190120-00\/?p=100745","title":{"rendered":"The Intel 80386, part 1: Introduction"},"content":{"rendered":"

Windows NT stopped supporting the Intel 80386 processor with Windows 4.0, which raised the minimum requirements to an Intel 80486. Therefore, the Intel 80386 technically falls into the category of “processor that Windows once supported but no longer does.” This series focuses on the portion of the x86 instruction set available on an 80386, although I will make notes about future extensions in a special chapter. <\/p>\n

The Intel 80386 is the next step in the evolution of the processor series that started with the Intel 8086 (which was itself inspired by the Intel 8080, which was in turn inspired by the Intel 8008). Even at this early stage, it had a long history, which helps to explain many of its strange corners. <\/p>\n

As with all the processor retrospective series, I’m going to focus on how Windows NT used the Intel 80386 in user mode because the original audience for all of these discussions was user-mode developers trying to get up to speed debugging their programs. Normally, this means that I omit instructions that you are unlikely to see in compiler-generated code. However, I’ll set aside a day to cover some of the legacy instructions that are functional but not used in practice. <\/p>\n

The Intel 80386 has eight integer registers, each 32 bits wide. <\/p>\n\n\n\n\n\n\n\n\n\n\n
Register<\/th>\nMeaning<\/th>\nPreserved?<\/th>\n<\/tr>\n
eax<\/var><\/td>\naccumulator<\/td>\nNo<\/td>\n<\/tr>\n
ebx<\/var><\/td>\nbase register<\/td>\nYes<\/td>\n<\/tr>\n
ecx<\/var><\/td>\ncount register<\/td>\nNo<\/td>\n<\/tr>\n
edx<\/var><\/td>\ndata register<\/td>\nNo<\/td>\n<\/tr>\n
esi<\/var><\/td>\nsource index<\/td>\nYes<\/td>\n<\/tr>\n
edi<\/var><\/td>\ndestination index<\/td>\nYes<\/td>\n<\/tr>\n
ebp<\/var><\/td>\nbase pointer<\/td>\nYes<\/td>\n<\/tr>\n
esp<\/var><\/td>\nstack pointer<\/td>\nSort of<\/td>\n<\/tr>\n<\/table>\n

The register names are rather unusual due to the history of the processor line<\/a>. That history also explains why the instruction encoding uses the non-alphabetical-order eax<\/var>, ecx<\/var>, edx<\/var>, ebx<\/var>. <\/p>\n

Also for historical reasons, there are also names for selected partial registers. <\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Register<\/th>\nMeaning<\/th>\n<\/tr>\n
ax<\/var><\/td>\nLower 16 bits of eax<\/var><\/td>\n<\/tr>\n
bx<\/var><\/td>\nLower 16 bits of ebx<\/var><\/td>\n<\/tr>\n
cx<\/var><\/td>\nLower 16 bits of ecx<\/var><\/td>\n<\/tr>\n
dx<\/var><\/td>\nLower 16 bits of edx<\/var><\/td>\n<\/tr>\n
si<\/var><\/td>\nLower 16 bits of esi<\/var><\/td>\n<\/tr>\n
di<\/var><\/td>\nLower 16 bits of edi<\/var><\/td>\n<\/tr>\n
bp<\/var><\/td>\nLower 16 bits of ebp<\/var><\/td>\n<\/tr>\n
sp<\/var><\/td>\nLower 16 bits of esp<\/var><\/td>\n<\/tr>\n
ah<\/var><\/td>\nUpper 8 bits of ax<\/var><\/td>\n<\/tr>\n
al<\/var><\/td>\nLower 8 bits of ax<\/var><\/td>\n<\/tr>\n
bh<\/var><\/td>\nUpper 8 bits of bx<\/var><\/td>\n<\/tr>\n
bl<\/var><\/td>\nLower 8 bits of bx<\/var><\/td>\n<\/tr>\n
ch<\/var><\/td>\nUpper 8 bits of cx<\/var><\/td>\n<\/tr>\n
cl<\/var><\/td>\nLower 8 bits of cx<\/var><\/td>\n<\/tr>\n
dh<\/var><\/td>\nUpper 8 bits of dx<\/var><\/td>\n<\/tr>\n
dl<\/var><\/td>\nLower 8 bits of dx<\/var><\/td>\n<\/tr>\n<\/table>\n

Operations on these register fragments affect only the indicated bits; the other bits of the 32-bit register remain unaffected. For example, storing a value into the ax<\/var> register leaves the most-significant 16 bits of the eax<\/var> register unchanged.¹ <\/p>\n

Windows NT requires that the stack be kept on an 4-byte boundary. There is no red zone. <\/p>\n

The 80386 also has eight 80-bit extended precision floating point registers named st0<\/var> through st7<\/var>. The floating point system is rather unusual: In addition to the fact that the registers are extended precision, the programming model for the floating point registers is as a stack. Values are pushed onto the floating point stack, operations are performed on the stack, and results are popped off. <\/p>\n

Floating point support is optional and is provided by the 80387 coprocessor chip, which runs concurrently with the main CPU. If a floating point instruction is executed on a system that lacks a floating point coprocessor, the floating point instruction traps, and the kernel emulates the instruction. <\/p>\n

There are also some non-integer registers which are difficult\/impossible to get to, but which still participate in user-mode instructions. <\/p>\n\n\n\n\n\n\n\n\n\n
Register<\/th>\nMeaning<\/th>\nNotes<\/th>\n<\/tr>\n
eip<\/var><\/td>\ninstruction pointer<\/td>\nprogram counter<\/td>\n<\/tr>\n
eflags<\/var><\/td>\nflags<\/td>\n<\/td>\n<\/tr>\n
cs<\/var><\/td>\ncode segment<\/td>\nDon’t worry about it<\/td>\n<\/tr>\n
ds<\/var><\/td>\ndata segment<\/td>\nDon’t worry about it<\/td>\n<\/tr>\n
es<\/var><\/td>\nextra segment<\/td>\nDon’t worry about it<\/td>\n<\/tr>\n
fs<\/var><\/td>\nF segment<\/td>\nFor TEB access<\/td>\n<\/tr>\n
gs<\/var><\/td>\nG segment<\/td>\nNot used<\/td>\n<\/tr>\n<\/table>\n

Windows NT uses the 80386 in flat mode, which means that applications see a contiguous 32-bit address space. The segment registers largely don’t come into play when in flat mode, with the exception of the fs<\/var> register, which we’ll learn about more when we get to the TEB. <\/p>\n

The flags register is updated by many instructions. We’ll learn more about flags when we study conditionals. <\/p>\n

The 80386 is unusual in that it supports multiple calling conventions. Common to all the calling conventions are the register preservation rules and the return value rules: The function return value is placed in eax<\/var>. If the return value is a 64-bit value, then the most significant 32 bits are returned in edx<\/var>. If the return value is a floating point value, it is returned in st0<\/var>, and possibly st1<\/var> (for complex numbers). <\/p>\n

Furthermore, link-time code generation is permitted to manufacture ad hoc calling conventions which may not even follow the register preservation rules. It’s crazy free-for-all time<\/i>. <\/p>\n

The architectural names for data sizes are as follows: <\/p>\n