4.1 The 80386: first 32-bit x86
Released October 1985. The 80386 (later called i386 and finally just "386") was the first 32-bit x86 chip. The change from 16 to 32 bits unlocked everything modern about the x86 architecture.
Features:
- 32-bit registers (EAX, EBX, ECX, EDX, ESP, EBP, ESI, EDI), with the 16-bit AX/BX/CX/DX as the low halves and AH/AL etc. as further halves of those.
- 32-bit flat addressing in protected mode: 4 GB linear address space, no segment hassle.
- Paging with 4 KB pages, two-level page tables.
- Three operating modes:
- Real mode: acts like an 8086. Segmented, 1 MB, no protection.
- Protected mode: 32-bit flat, paging, four privilege rings (0–3).
- Virtual-8086 mode: runs 8086 code inside protected mode in a sandbox. (How DOS programs ran inside Windows 95.)
4.2 Paging in detail
The 386 introduced two-level paging that x86 still uses (now extended to four or five levels in long mode).
32-bit virtual address
┌──────────┬──────────┬──────────────┐
│ 10 bits │ 10 bits │ 12 bits │
│ PD idx │ PT idx │ offset │
└──────────┴──────────┴──────────────┘
│ │ │
│ │ └──→ offset within 4 KB page
│ │
│ └──→ index into 1024-entry Page Table → physical page #
│
└──→ index into 1024-entry Page Directory → physical addr of Page Table
Each table entry is 32 bits: 20-bit physical-page-number + flags
Flags: P (present), R/W, U/S (user/supervisor), A (accessed), D (dirty),
PCD/PWT (cache), PS (page size 4 MB), G (global)Total addressable: 1024 × 1024 × 4096 = 2³² = 4 GB. The CR3 control register holds the physical address of the current page directory; switching processes is just CR3 writing to point at a different page directory.
Why paging matters for security. Each page table entry has a U/S bit (user/supervisor). If user code touches a supervisor page, the CPU faults. Combined with separate per-process page tables, this gives process isolation — your browser cannot read your password manager's memory because it is not mapped into the browser's page tables. Modern Linux and Windows rely on this absolutely. Spectre and Meltdown are attacks that violate this guarantee through speculative execution side channels — a cautionary tale that even rock-solid privilege checks can leak through microarchitectural side doors.
4.3 Protection rings
Ring 0 ─── kernel
Ring 1 ─── (rarely used)
Ring 2 ─── (rarely used)
Ring 3 ─── user applicationsEvery code descriptor and data segment has a privilege level (DPL). Every instruction execution has a current privilege level (CPL). Calls to higher-privilege code go through controlled gates (call gates, interrupt gates) that the kernel sets up. Modern OSes use only ring 0 and ring 3, ignoring rings 1 and 2.
4.4 The 80486: cache and FPU on-chip
Released April 1989. Major additions:
- Integrated FPU. The 80386 needed a separate 80387 floating-point coprocessor; the 80486 brought it on-die. Floating-point work no longer required a second chip.
- 8 KB unified L1 cache on-die. First x86 with on-die cache. Hits run in 1 cycle; misses go to main memory.
- 5-stage pipeline (fetch, decode 1, decode 2, execute, write-back). The 80386 effectively had a 2-stage pipeline; the 486 went deeper.
- Burst-mode bus cycles for cache line fills (4 reads per cycle instead of one).
- More instructions per clock — the 486 averaged about 0.8 cycles per instruction for typical code, up from the 386's ~2.
4.5 Why the 486 mattered
Before the 486, x86 was widely seen as inferior to RISC architectures (MIPS, SPARC) for scientific and engineering work — slower, less elegant. The 486's pipelining, cache, and integrated FPU put x86 within reach of RISC performance at PC-friendly prices. Combined with high-volume PC manufacturing driving die costs down, this is the moment x86 won the desktop battle. Workstations that had cost 2,000 PCs that ran the same workloads almost as fast.