6.828 Lecture Notes: x86 and PC architecture

Transcription

1 6.828 Lecture Ntes: x86 and PC architecture Outline PC architecture x86 instructin set gcc calling cnventins PC emulatin PC architecture A full PC has: an x86 CPU with registers, executin unit, and memry management CPU chip pins include address and data signals memry disk keybard display ther resurces: BIOS ROM, clck,... We will start with the riginal 16-bit 8086 CPU (1978) CPU runs instructins: fr(;;){ run next instructin Needs wrk space: registers fur 16-bit data registers: AX, CX, DX, BX each in tw 8-bit halves, e.g. AH and AL very fast, very few Mre wrk space: memry CPU sends ut address n address lines (wires, ne bit per wire) Data cmes back n data lines r data is written t data lines Add address registers: pinters int memry SP - stack pinter BP - frame base pinter SI - surce index DI - destinatin index Instructins are in memry t! IP - instructin pinter (PC n PDP-11, everything else) increment after running each instructin can be mdified by CALL, RET, JMP, cnditinal jumps Want cnditinal jumps FLAGS - varius cnditin cdes

2 whether last arithmetic peratin verflwed... was psitive/negative... was [nt] zer... carry/brrw n add/subtract... verflw... etc. whether interrupts are enabled directin f data cpy instructins JP, JN, J[N]Z, J[N]C, J[N]O... Still nt interesting - need I/O t interact with utside wrld Original PC architecture: use dedicated I/O space Wrks same as memry accesses but set I/O signal Only 1024 I/O addresses Example: write a byte t line printer: #define DATA_PORT 0x378 #define STATUS_PORT 0x379 #define BUSY 0x80 #define CONTROL_PORT 0x37A #define STROBE 0x01 vid lpt_putc(int c) { /* wait fr printer t cnsume previus byte */ while((inb(status_port) & BUSY) == 0) ; /* put the byte n the parallel lines */ utb(data_port, c); /* tell the printer t lk at the data */ utb(control_port, STROBE); utb(control_port, 0); Memry-Mapped I/O Use nrmal physical memry addresses Gets arund limited size f I/O address space N need fr special instructins System cntrller rutes t apprpriate device Wrks like ``magic'' memry: Addressed and accessed like memry, but des nt behave like memry! Reads and writes can have ``side effects'' Read results can change due t external events What if we want t use mre than 2^16 bytes f memry? 8086 has 20-bit physical addresses, can have 1 Meg RAM each segment is a 2^16 byte windw int physical memry virtual t physical translatin: pa = va + seg*16

3 the segment is usually implicit, frm a segment register CS - cde segment (fr fetches via IP) SS - stack segment (fr lad/stre via SP and BP) DS - data segment (fr lad/stre via ther registers) ES - anther data segment (destinatin fr string peratins) tricky: can't use the 16-bit address f a stack variable as a pinter but a far pinter includes full segment:ffset ( bits) But 8086's 16-bit addresses and data were still painfully small added supprt fr 32-bit data and addresses (1985) bts in 16-bit mde, bt.s switches t 32-bit mde registers are 32 bits wide, called EAX rather than AX perands and addresses are als 32 bits, e.g. ADD des 32-bit arithmetic prefix 0x66 gets yu 16-bit mde: MOVW is really 0x66 MOVW the.cde32 in bt.s tells assembler t generate 0x66 fr e.g. MOVW als changed segments and added paged memry... x86 Physical Memry Map The physical address space mstly lks like rdinary RAM Except sme lw-memry addresses actually refer t ther things Writes t VGA memry appear n the screen Reset r pwer-n jumps t ROM at 0x000ffff <- 0xFFFFFFFF (4GB) 32-bit memry mapped devices /\/\/\/\/\/\/\/\/\/\ /\/\/\/\/\/\/\/\/\/\ Unused <- depends n amunt f RAM Extended Memry <- 0x (1MB) BIOS ROM <- 0x000F0000 (960KB) 16-bit devices, expansin ROMs <- 0x000C0000 (768KB) VGA Display <- 0x000A0000 (640KB) Lw Memry

4 <- 0x x86 Instructin Set Tw-perand instructin set Intel syntax: p dst, src AT&T (gcc/gas) syntax: p src, dst uses b, w, l suffix n instructins t specify size f perands Operands are registers, cnstant, memry via register, memry via cnstant Examples: AT&T syntax "C"-ish equivalent mvl %eax, %edx edx = eax; register mde mvl $0x123, %edx edx = 0x123; immediate mvl 0x123, %edx edx = *(int32_t*)0x123; direct mvl (%ebx), %edx edx = *(int32_t*)ebx; indirect mvl 4(%ebx), %edx edx = *(int32_t*)(ebx+4); displaced Instructin classes data mvement: MOV, PUSH, POP,... arithmetic: TEST, SHL, ADD, AND,... i/: IN, OUT,... cntrl: JMP, JZ, JNZ, CALL, RET string: REP MOVSB,... system: IRET, INT Intel architecture manual Vlume 2 is the reference gcc x86 calling cnventins x86 dictates that stack grws dwn: Example instructin What it des pushl %eax subl $4, %esp mvl %eax, (%esp) ppl %eax mvl (%esp), %eax addl $4, %esp call $0x12345 pushl %eip (*) mvl $0x12345, %eip (*) ret ppl %eip (*)

5 (*) Nt real instructins GCC dictates hw the stack is used. Cntract between caller and callee n x86: after call instructin: %eip pints at first instructin f functin %esp+4 pints at first argument %esp pints at return address after ret instructin: %eip cntains return address %esp pints at arguments pushed by caller called functin may have trashed arguments %eax cntains return value (r trash if functin is vid) %ecx, %edx may be trashed %ebp, %ebx, %esi, %edi must cntain cntents frm time f call Terminlgy: %eax, %ecx, %edx are "caller save" registers %ebp, %ebx, %esi, %edi are "callee save" registers Functins can d anything that desn't vilate cntract. By cnventin, GCC des mre: each functin has a stack frame marked by %ebp, %esp arg 2 \ >- previus functin's stack frame arg 1 / ret %eip / +============+ saved %ebp \ %ebp-> lcal \ variables, >- current functin's stack frame etc. / %esp-> / %esp can mve t make stack frame bigger, smaller %ebp pints at saved %ebp frm previus functin, chain t walk stack functin prlgue: pushl %ebp mvl %esp, %ebp functin epilgue: mvl %ebp, %esp ppl %ebp

6 r leave Big example: C cde int main(vid) { return f(8)+1; } int f(int x) { return g(x); } int g(int x) { return x+3; } assembler _main: prlgue pushl %ebp mvl %esp, %ebp bdy pushl $8 call _f addl $1, %eax epilgue mvl %ebp, %esp ppl %ebp ret _f: prlgue pushl %ebp mvl %esp, %ebp bdy pushl 8(%esp) call _g epilgue mvl %ebp, %esp ppl %ebp ret _g: prlgue pushl %ebp mvl %esp, %ebp save %ebx pushl %ebx bdy mvl 8(%ebp), %ebx addl $3, %ebx mvl %ebx, %eax restre %ebx ppl %ebx epilgue mvl %ebp, %esp ppl %ebp ret

7 Super-small _g: _g: mvl 4(%esp), %eax addl $3, %eax ret Cmpiling, linking, lading: Cmpiler takes C surce cde (ASCII text), prduces assembly language (als ASCII text) Assembler takes assembly language (ASCII text), prduces. file (binary, machine-readable!) PC emulatin Linker takse multiple '.'s, prduces a single prgram image (binary) Lader lads the prgram image int memry at run-time and starts it executing Emulatr like Bchs wrks by ding exactly what a real PC wuld d, nly implemented in sftware rather than hardware! Runs as a nrmal prcess in a "hst" perating system (e.g., Linux) Uses nrmal prcess strage t hld emulated hardware state: e.g., Hld emulated CPU registers in glbal variables int32_t regs[8]; #define REG_EAX 1; #define REG_EBX 2; #define REG_ECX 3;... int32_t eip; int16_t segregs[4];... mallc a big chunk f (virtual) prcess memry t hld emulated PC's (physical) memry Execute instructins by simulating them in a lp: fr (;;) { read_instructin(); switch (decde_instructin_pcde()) { case OPCODE_ADD: int src = decde_src_reg(); int dst = decde_dst_reg(); regs[dst] = regs[dst] + regs[src]; break; case OPCODE_SUB: int src = decde_src_reg(); int dst = decde_dst_reg();

8 regs[dst] = regs[dst] - regs[src]; break;... eip += instructin_length; Simulate PC's physical memry map by decding emulated "physical" addresses just like a PC wuld: #define KB 1024 #define MB 1024*1024 #define LOW_MEMORY 640*KB #define EXT_MEMORY 10*MB uint8_t lw_mem[low_memory]; uint8_t ext_mem[ext_memory]; uint8_t bis_rm[64*kb]; uint8_t read_byte(uint32_t phys_addr) { if (phys_addr < LOW_MEMORY) return lw_mem[phys_addr]; else if (phys_addr >= 960*KB && phys_addr < 1*MB) return rm_bis[phys_addr - 960*KB]; else if (phys_addr >= 1*MB && phys_addr < 1*MB+EXT_MEMORY) { return ext_mem[phys_addr-1*mb]; else... vid write_byte(uint32_t phys_addr, uint8_t val) { if (phys_addr < LOW_MEMORY) lw_mem[phys_addr] = val; else if (phys_addr >= 960*KB && phys_addr < 1*MB) ; /* ignre attempted write t ROM! */ else if (phys_addr >= 1*MB && phys_addr < 1*MB+EXT_MEMORY) { ext_mem[phys_addr-1*mb] = val; else... Simulate I/O devices, etc., by detecting accesses t "special" memry and I/O space and emulating the crrect behavir: e.g., Reads/writes t emulated hard disk transfrmed int reads/writes f a file n the hst system Writes t emulated VGA display hardware transfrmed int drawing int an X windw

9 Reads frm emulated PC keybard transfrmed int reads frm X input event queue