IA-64 Instruction Set Execution

While the processor executes from the IA-64 instruction set (PSR.is is 0): • IA-64 instructions are fetched, decoded and executed by the processor.

• IA-64 instructions can access the entire IA-64 and IA-32 application register state. This includes IA-32 segment descriptors, selectors, general registers, physical floating-point registers, MMX technology registers, and Streaming SIMD Extension registers. See

Section 6.2 for a description of the register state mapping.

• Segmentation is disabled. No segmentation protection checks are applied nor are segment bases added to compute virtual addresses. All computed addresses are virtual addresses. • 264 virtual addresses can be generated and IA-64 memory management is used for all memory

and I/O references.

6.1.2

IA-32 Instruction Set Execution

While the processor is executing the IA-32 instruction set (PSR.is is 1) within the IA-64 System Environment, the IA-32 application architecture as defined by the Pentium® III processor is used, namely:

• IA-32 16/32-bit application level, MMX technology instructions, and Streaming SIMD Extension instructions are fetched, decoded, and executed by the processor. Instructions are confined to 32/16-bit operations.

• Only IA-32 application level register state is visible (i.e. IA-32 general registers, MMX technology registers, and Streaming SIMD Extension registers, selectors, EFLAGS, FP registers and FP control registers). IA-64 application and control state is not visible, e.g. branch, predicate, application, control, debug, test, and performance monitor registers. • IA-32, Real Mode, VM86 and Protected Mode segmentation is in effect. Segment protection

checks are applied and virtual addresses generated according to IA-32 segmentation rules. GDT and LDT segments are defined to support IA-32 segmented applications. Segmented 16- and 32-bit code is fully supported.

• Virtual addresses are confined to the lower 4G bytes of virtual region 0. IA-64 memory management is used to translate virtual to physical addresses for all IA-32 instruction set memory and I/O Port references.

• Instruction and Data memory references are forced to be little-endian. Memory ordering uses

Figure 6-1. Instruction Set Transition Model

000730 IA-32 Instruction Set

Intercepts, Exceptions, Software Interrupts

br.ia jmpe

IA-64 Instruction Set IA-64 System Environment

Interruptions rfi

• IA-32 operating system resources; IA-32 paging, MTRRs, IDT, control registers, debug registers and privileged instructions are superseded by IA-64 defined resources. All accesses to these resources result in an interception fault.

6.1.3

Instruction Set Transitions

The following section summarizes behavior for each instruction set transition. Detailed instruction description on JMPE (IA-32 instruction) and br.ia (IA-64 instruction) should be consulted for details.

Operating systems can disable instruction set transitions (JMPE and br.ia) by setting PSR.di to one. If PSR.di is one, execution of JMPE or br.ia results in a Disabled Instruction Set Transition Fault. System level instruction set transitions due to either rfi or an interruption ignore the state of PSR.di (defined in Volume2, Section 3.3.2).

6.1.3.1

JMPE Instruction

JMPEreg16/32;JMPE disp16/32 is used to jump and transfer control to the IA-64 instruction set. There are two forms; register indirect and absolute. The absolute form computes the virtual IA-64 target address as follows:

IP{31:0} =disp16/32 + CSD.base IP{63:32} = 0

The indirect form reads a 16/32-bit register location and then computes the IA-64 target address as follows:

IP{31:0} = [reg16/32] + CSD.base IP{63:32} = 0

IA-64 JMPE targets are forced to be 16-byte aligned, and are constrained to the lower 4G-bytes of the 64-bit virtual address space due to limited IA-32 addressability. If there are any pending IA-32 numeric exceptions, JMPE is nullified, and an IA-32 floating-point exception fault is generated. Transitions into the IA-64 instruction set do not change the privilege level of the processor.

6.1.3.2

Branch to IA Instruction

Unconditional branches to the IA-32 instruction set use the IA-64 defined indirect branch

mechanism. IA-32 targets are specified by a 32-bit virtual address target (not an effective address). The IA-32 virtual address is truncated to 32-bits. The br.ia branch hints should always be set to predicted static taken. The processor transitions to the IA-32 instruction set as follows:

IP{31:0} = BR[b]{31:0} IP{63:32} = 0

EIP{31:0} = IP{31:0} - CSD.base

Software should ensure the code segment descriptor and selector are properly loaded before issuing the branch. If the target EIP value exceeds the code segment limit or has a code segment privilege violation, an IA-32 GPFault(0) exception is reported on the target IA-32 instruction.

The processor does not ensure IA-64 instruction set generated writes into the IA-32 instruction stream are observed by the processor. For details, see “Self Modifying Code” on page 6-23. Before entering the IA-32 instruction set, IA-64 software must ensure all prior register stack frames have been flushed to memory. All registers left in the current and prior register stack frames are left in an undefined state after IA-32 instruction set execution. Software can not rely on the value of these registers across an instruction set transition. For details, see Volume2, “IA-64 Register Stack Engine” on page 6-24.

6.1.4

IA-32 Operating Mode Transitions

As described in Section 6.1.2, "IA-32 Instruction Set Execution", JMPE, br.ia, and rfi

instructions and interruptions can transition the processor between the two instruction set modes. Transitions are allowed between all major IA-32 modes and IA-64. As shown in Figure 6-2, br.ia

and rfi will transition the processor from the IA-64 instruction set into IA-32 VM86, Real Mode or Protected Mode. While JMPE and interruptions will transition the processor from either IA-32 VM86, Real Mode or Protected Mode into the IA-64 instruction set mode. Mode transitions between IA-32 Real Mode, Protected Mode and VM86 definitions are the same as those defined in the Intel Architecture Software Developer’s Manual.

IA-64 interface code is responsible for setting up and loading a consistent Protected Mode, Real Mode, or VM86 environment (e.g. loading segment selectors and descriptors, etc.) as defined in

“Segment Descriptor and Environment Integrity” on page 6-10. The processor applies additional segment descriptor checks to ensure operations are performed in a consistent manner.

Figure 6-2. Instruction Set Mode Transitions

IA-64 Instruction Set IA-32 Real Mode IA-32 VM86 IA-32 Protected Mode !PSR.is !PSR.is !PSR.is PSR.is & PSR.is & PSR.is & CR0.pe & !EFLAG.vm

CR0.pe & EFLAG.vm !CR0.pe

PSR.is &

CR0.pe & EFLAG.vm PSR.is & CR0.pe & !EFLAG.vm PSR.is & !CR0.pe Mode