The segmentation and paging mechanisms provide in the support a wide variety of approaches to memory
management. When segmentation and paging are combined, segments can be mapped to pages in several ways.
To implement a flat (unsegmented) addressing environment, for example, all the code, data, and stack modules
can be mapped to one or more large segments (up to 4-GBytes) that share same range of linear addresses (see
Figure 3-2 in Section 3.2.2). Here, segments are essentially invisible to applications and the operating-system or
executive. If paging is used, the paging mechanism can map a single linear-address space (contained in a single
segment) into virtual memory. Alternatively, each program (or task) can have its own large linear-address space
(contained in its own segment), which is mapped into virtual memory through its own paging structures.
Segments can be smaller than the size of a page. If one of these segments is placed in a page which is not shared
with another segment, the extra memory is wasted. For example, a small data structure, such as a 1-Byte semaphore,
occupies 4 KBytes if it is placed in a page by itself. If many semaphores are used, it is more efficient to pack
them into a single page.
The Intel-64 and IA-32 architectures do not enforce correspondence between the boundaries of pages and
segments. A page can contain the end of one segment and the beginning of another. Similarly, a segment can
contain the end of one page and the beginning of another.
Memory-management software may be simpler and more efficient if it enforces some alignment between page and
segment boundaries. For example, if a segment which can fit in one page is placed in two pages, there may be
twice as much paging overhead to support access to that segment.
One approach to combining paging and segmentation that simplifies memory-management software is to give
each segment its own page table, as shown in Figure 4-13. This convention gives the segment a single entry in the
page directory, and this entry provides the access control information for paging the entire segment.
In protected mode, the Intel 64 and IA-32 architectures provide a protection mechanism that operates at both the
segment level and the page level. This protection mechanism provides the ability to limit access to certain
segments or pages based on privilege levels (four privilege levels for segments and two privilege levels for pages).
For example, critical operating-system code and data can be protected by placing them in more privileged
segments than those that contain applications code. The processor’s protection mechanism will then prevent application
code from accessing the operating-system code and data in any but a controlled, defined manner.
Segment and page protection can be used at all stages of software development to assist in localizing and detecting
design problems and bugs. It can also be incorporated into end-products to offer added robustness to operating
systems, utilities software, and applications software.
When the protection mechanism is used, each memory reference is checked to verify that it satisfies various
protection checks. All checks are made before the memory cycle is started; any violation results in an exception.
Because checks are performed in parallel with address translation, there is no performance penalty. The protection
checks that are performed fall into the following categories:
• Limit checks.
• Type checks.
• Privilege level checks.
• Restriction of addressable domain.
• Restriction of procedure entry-points.
• Restriction of instruction set.
All protection violation results in an exception being generated. See Chapter 6, “Interrupt and Exception Handling,”
for an explanation of the exception mechanism. This chapter describes the protection mechanism and the violations which lead to exceptions.
The following sections describe the protection mechanism available in protected mode. See Chapter 20, “8086
Emulation,” for information on protection in real-address and virtual-8086 mode.