x86 architecture et similia

Similar documents
W4118: PC Hardware and x86. Junfeng Yang

x86 Assembly Tutorial COS 318: Fall 2017

CS165 Computer Security. Understanding low-level program execution Oct 1 st, 2015

CS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017

6.828 Lecture Notes: x86 and PC architecture

CSCI 192 Engineering Programming 2. Assembly Language

CS241 Computer Organization Spring 2015 IA

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

UMBC. contain new IP while 4th and 5th bytes contain CS. CALL BX and CALL [BX] versions also exist. contain displacement added to IP.

x86 assembly CS449 Fall 2017

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

Hardware and Software Architecture. Chapter 2

Compiler Construction D7011E

Credits and Disclaimers

What is a Compiler? Compiler Construction SMD163. Why Translation is Needed: Know your Target: Lecture 8: Introduction to code generation

CS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016

IA32 Intel 32-bit Architecture

Project 1: Bootloader. COS 318 Fall 2015

Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86

Scott M. Lewandowski CS295-2: Advanced Topics in Debugging September 21, 1998

The Instruction Set. Chapter 5

CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College February 9, 2016

Assembly Language: Function Calls

CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College September 25, 2018

CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 21: Generating Pentium Code 10 March 08

Computer Processors. Part 2. Components of a Processor. Execution Unit The ALU. Execution Unit. The Brains of the Box. Processors. Execution Unit (EU)

X86 Review Process Layout, ISA, etc. CS642: Computer Security. Drew Davidson

Low-Level Essentials for Understanding Security Problems Aurélien Francillon

Assembly Language: Function Calls" Goals of this Lecture"

The x86 Architecture

Process Layout and Function Calls

Machine-level Representation of Programs. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Assembly Language: Function Calls" Goals of this Lecture"

Assembly Language: Function Calls. Goals of this Lecture. Function Call Problems

Introduction to IA-32. Jo, Heeseung

Question 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110

INTRODUCTION TO IA-32. Jo, Heeseung

Turning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p Use optimizations (-O) Put resulting binary in file p

Program Exploitation Intro

Module 3 Instruction Set Architecture (ISA)

EXPERIMENT WRITE UP. LEARNING OBJECTIVES: 1. Get hands on experience with Assembly Language Programming 2. Write and debug programs in TASM/MASM

Practical Malware Analysis

Assembly Language. Lecture 2 - x86 Processor Architecture. Ahmed Sallam

Reverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher

Credits and Disclaimers

CS642: Computer Security

CS 33: Week 3 Discussion. x86 Assembly (v1.0) Section 1G

Reverse Engineering II: The Basics

CPEG421/621 Tutorial

ECE 391 Exam 1 Review Session - Spring Brought to you by HKN

Systems I. Machine-Level Programming V: Procedures

Assembly Language. Lecture 2 x86 Processor Architecture

Assembly level Programming. 198:211 Computer Architecture. (recall) Von Neumann Architecture. Simplified hardware view. Lecture 10 Fall 2012

ICS143A: Principles of Operating Systems. Midterm recap, sample questions. Anton Burtsev February, 2017

Access. Young W. Lim Sat. Young W. Lim Access Sat 1 / 19

CS3210: Booting and x86. Taesoo Kim

Access. Young W. Lim Fri. Young W. Lim Access Fri 1 / 18

Instruction Set Architectures

COS 318: Operating Systems. Overview. Prof. Margaret Martonosi Computer Science Department Princeton University

CS3210: Booting and x86

Winter Compiler Construction T11 Activation records + Introduction to x86 assembly. Today. Tips for PA4. Today:

CSC 2400: Computing Systems. X86 Assembly: Function Calls"

Instruction Set Architectures

16.317: Microprocessor Systems Design I Fall 2014

Machine and Assembly Language Principles

Assembler Programming. Lecture 2

CSE2421 FINAL EXAM SPRING Name KEY. Instructions: Signature

CPS104 Recitation: Assembly Programming

Addressing Modes on the x86

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction

Machine Programming 1: Introduction

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2018 Lecture 4

The Microprocessor and its Architecture

x86 Assembly Crash Course Don Porter

MACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION

X86 Stack Calling Function POV

SYSC3601 Microprocessor Systems. Unit 2: The Intel 8086 Architecture and Programming Model

Moodle WILLINGDON COLLEGE SANGLI (B. SC.-II) Digital Electronics

Instruction Set Architectures

X86 Addressing Modes Chapter 3" Review: Instructions to Recognize"

BOOTSTRAP, PC BIOS, AND IA32 MEMORY MODES. CS124 Operating Systems Winter , Lecture 5

CS 16: Assembly Language Programming for the IBM PC and Compatibles

Complex Instruction Set Computer (CISC)

Basic Execution Environment

CSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs

Assembly Language Lab # 9

Homework / Exam. Return and Review Exam #1 Reading. Machine Projects. Labs. S&S Extracts , PIC Data Sheet. Start on mp3 (Due Class 19)

System calls and assembler

Ethical Hacking. Assembly Language Tutorial

Putting the pieces together

Buffer Overflow Attack

Software. Hardware. x86 basics. ISA View. a brief history of x86 10/6/15. Program, Application. Programming Language. Compiler/Interpreter

CSC 8400: Computer Systems. Machine-Level Representation of Programs

Assembly Language Programming Introduction

We can study computer architectures by starting with the basic building blocks. Adders, decoders, multiplexors, flip-flops, registers,...

Lab 3. The Art of Assembly Language (II)

Introduction to 8086 Assembly

Digital Forensics Lecture 3 - Reverse Engineering

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

How Software Executes

Transcription:

x86 architecture et similia 1 FREELY INSPIRED FROM CLASS 6.828, MIT

A full PC has: PC architecture 2 an x86 CPU with registers, execution unit, and memory management CPU chip pins include address and data signals memory disk keyboard display other resources: BIOS ROM, clock,...

CPU runs instructions: for(;;) { run next instruction } CPU 3 We will start with the original 16-bit 8086 CPU (1978)

CPU & Memory Needs work space: registers four 16-bit data registers: AX, CX, DX, BX each in two 8-bit halves, e.g. AH and AL very fast, very few More work space: memory CPU sends out address on address lines (wires, one bit per wire) Data comes back on data lines or data is written to data lines 4

CPU & Memory Add address registers: pointers into memory SP - stack pointer BP - frame base pointer SI -source index DI - destination index 5

IP (program counter) Instructions are in memory too! IP - instruction pointer (PC on PDP-11, everything else) increment after running each instruction can be modified d by CALL, RET, JMP, conditional i jumps 6

Flags 7 Want conditional jumps FLAGS - various condition codes whether last arithmetic operation overflowed... was positive/negative ii i... was [not] zero... carry/borrow on add/subtract... overflow... etc. whether interrupts are enabled direction of data copy instructions JP, JN, J[N]Z, J[N]C, J[N]O...

I/O Still not interesting - need I/O to interact with outside world Original PC architecture: use dedicated I/O space Works same as memory accesses but set I/O signal Only 1024 I/O addresses Memory-Mapped I/O Use normal physical memory addresses Gets around limited it size of I/O address space No need for special instructions System controller routes to appropriate device Works like magic memory: Addressed and accessed like memory, but...... does not behave like memory! Reads and writes can have side effects Read results can change due to external events 8

Example 9 Example: write a byte to line printer: #define DATA_PORT 0x378 #define dfi STATUS_PORT S 0x379 #define BUSY 0x80 #define CONTROL_PORT 0x37A #define STROBE 0x01 void lpt_putc(int c) { /* wait for printer to consume previous byte */ while((inb(status_port) & BUSY) == 0); /* put the byte on the parallel lines */ outb(data_port, c); /* tell the printer to look at the data */ outb(control_port, STROBE); outb(control_port, 0); }

More memory What if we want to use more than 2^16 bytes of memory? 808686 has 20-bit physical addresses, can have 1 Meg RAM each segment is a 2^16 byte window into physical memory virtual to physical translation: pa = va + seg*16 10 the segment is usually implicit, from a segment register CS - code segment (for fetches via IP) SS - stack segment (for load/store via SP and BP) DS - data segment (for load/store via other registers) ES - another data segment (destination for string operations) tricky: can't use the 16-bit address of a stack variable as a pointer (still need 20 bits to identify an address in memory) but a far pointer includes full segment:offset (16 + 16 bits)

More memory is needed But 8086's 16-bit addresses and data were still painfully small 80386 added support for 32-bit data and addresses (1985) boots in 16-bit mode, then switches to 32-bit mode registers are 32 bits wide, called EAX rather than AX 11 operands and addresses are also 32 bits, e.g. ADD does 32-bit arithmetic prefix 0x66 gets you 16-bit mode: MOVW is really 0x66 MOVW 80386 also changed segments and added paged memory...

Memory map x86 Physical Memory Map The physical address space mostly looks like ordinary RAM Except some low-memory addresses actually refer to other things Writes to VGA memory appear on the screen Reset or power-on jumps to ROM at 0x000ffff0 12

32-bit memory mapped devices 4Gb Unused Extended Memory 0x00100000 (1MB) BIOS ROM 0x000F0000 (960KB) 16-bit devices, expansion ROMs 0x000C0000 (768KB) VGA Display 0x000A0000 (640KB) Low Memory 13

Assembly 14 Two-operand instruction set Intel syntax: op dst, src AT&T (gcc/gas) syntax: op src, dst uses b, w, l suffix on instructions to specify size of operands Operands are registers, constant, memory via register, memory via constant Examples: AT&T syntax "C"-ish equivalent movl %eax, %edx edx = eax; register mode movl $0x123, %edx edx = 0x123; immediate movl 0x123, %edx edx = *(int32_t*)0x123; direct movl (%ebx), %edx edx = *(int32_t t*)ebx; indirect movl 4(%ebx), %edx edx = *(int32_t*)(ebx+4); displaced

Instruction classes Assembly (instr. classes) data movement: MOV, PUSH, POP,... arithmetic: TEST, SHL, ADD, AND,... i/o: IN, OUT,... control: JMP, JZ, JNZ, CALL, RET string: REP MOVSB,... system: IRET, INT 15

GCC (a particular compiler) 16 Example instruction What it does pushl %eax subl $4, %esp; movl %eax, (%esp) popl %eax movl (%esp), %eax; addl $4, %esp call $0x12345 pushl %eip; movl $0x12345, %eip ret popl p %eip

Examples 17 GCC dictates how the stack is used. Contract between caller and callee on x86: after call instruction: %eip points at first instruction of function %esp+4 points at first argument %esp points at return address after ret instruction: %eip contains return address %esp points at arguments pushed by caller called function may have trashed arguments %eax contains return value (or trash if function is void) %ecx, %edx may be trashed %ebp, %ebx, %esi, %edi must contain contents from time of call Terminology: %eax, %ecx, %edx are "caller save" registers %ebp, %ebx, %esi, %edi are "callee save" registers

GCC (cntd.) Functions can do anything that doesn't violate contract with the GCC 18

19

Compilation Compiling, linking, loading: Compiler takes C source code (ASCII text), produces assembly language (also ASCII text) Assembler takes assembly language (ASCII text), produces.o file (binary, machine-readable!) Linker takes multiple '.os, o's produces a single program image (binary) Loader loads the program image into memory at runtime and starts it executing 20

x86 & the OS 21 One way to think about an operating system interface is that it extends the hardware instructions i with a set of "instructions" i " that are implemented in software. These instructions are invoked using a system call instruction (INT and RETI on the x86). In this view, a task of the operating system is to provide each application with a virtual version of the interface; that is, it provides each application with a virtual computer. One of the challenges in an operating system is multiplexing the physical resources between the potentially many virtual computers. What makes the multiplexing typically complicated is an additional constraint: isolate the virtual computers well from each other.

Virtual x86 (the OS) 22 To give each application its own set of virtual processor, we need to virtualize the physical processors. One way to do is to multiplex the physical processor over time: the operating system runs one application for a while, then runs another application for while, etc. We can implement this solution as follows: when an application has run for its share of the processor, unload the state of the physical processor, save that state to be able to resume the application later, load in the state t for the next application, and resume it. What needs to be saved and restored? That depends on the processor, but for the x86: IP SP The other processor registers (eax, etc.) To enforce that a virtual processor doesn't keep a processor, the operating system can arrange for a periodic interrupt, and switch the processor in the interrupt routine.

Interrupt Big picture: kernel is trusted third-party that runs the machine. Only the kernel can execute privileged il instructions (e.g., changing MMU state). The processor enforces this protection through the ring bits in the code segment. If a user application i needs to carry out a privileged operation or other kernel-only service, it must ask the kernel nicely. How can a user program change to the kernel address space? How can the kernel transfer to a user address space? What happens when a device attached to the computer needs attention? These are the topics for today's lecture. 23

Continued 24 There are three kinds of events that must be handled by the kernel, not user programs: (1) a system call invoked by a user program, (2) an illegal instruction or other kind of bad processor state (memory fault, etc.). and (3) an interrupt from a hardware device. Although these three events are different, they all use the same mechanism to transfer control to the kernel. This mechanism consists sts of three steps that execute ecute as one atomic unit. (a) change the processor to kernel mode; (b) save the old processor somewhere (usually the kernel stack); and (c) change the processor state to the values set up as the official i kernel entry values. The exact implementation of this mechanism differs from processor to processor, but the idea is the same.

Mutual exclusion x86 Here is one way we can implement acquire and release using the x86 xchgl instruction: struct Lock { unsigned int locked; }; acquire(lock *lck) { while(tsl(&(lck->locked))!= 0) ; } release(lock *lck) { lck->locked = 0; } 25

int TSL(int *addr) { register int content = 1; // xchgl content, *addr // xchgl exchanges the values of its two operands, while // locking the memory bus to exclude other operations. asm volatile ("xchgl %0,%1" : "=r" (content), "=m" (*addr) : "0" (content), "m" (*addr)); return(content); } the instruction "XCHG %eax, (content)" works as follows: 1. freeze other CPUs' memory activity 2. temp := content 3. content := %eax 4. %eax := temp 5. un-freeze other CPUs xchg steps 1 and 5 make XCHG special: it is "locked" special signal lines on the inter-cpu bus, bus arbitration 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback