Information Security System Design Foundation 11th Week study Summary
"Learning Time: 8h"
"Study content:" In-depth understanding of computer systems, chapter eighth "
First, knowledge carding
Section 8.1 (Entry-level introduction to the main exception)
1. Exception control flow (ECF)
- Concept: The simplest "smooth sequence" type of control flow is that adjacent instructions in the PC are also adjacent in memory. The abnormal control flow refers to the changes in the state of the internal program represented by the program variables, the change of the system state, and so on, which makes the control system make the reflection.
- Role:
- How the application interacts with the operating system implementation. Applications use the ECF form of system call to request services from the operating system;
- The basic mechanism of implementing concurrency;
- Provides software exception mechanism
- Wait a minute
2. Exceptions
- Cause: A change in the processor (event) triggers a burst control transfer from the application to the exception handler, which is the exception. For example: by 0, missing pages, memory access violations, breakpoints, arithmetic overflow, system calls, the signals of external I/O devices, and so on.
- Process: In any case, when the processor detects that an event occurs, it takes an indirect procedure call through a jump table called the exception table, to an operating system subroutine (exception handler) that specifically handles such time, and when exception handler processing is finished, there are three results:
- The handler will control the command that is being executed when the event occurs;
- The handler returns control to the next instruction that will be executed if no exception occurs;
- Handlers terminate programs that are terminal
3. Exception & Procedure Call
- At the time of the procedure call, the processor returns the address into the stack before jumping to the handler. However, depending on the type of exception, either the current instruction is returned or the next instruction is returned;
- Exceptions are similar to procedure calls, but differ in the data that is pressed into the stack. It pushes some additional processor state into the stack, and if it is a program that is transferred to the kernel, it is pressed into the kernel stack;
- Exception handlers run in kernel mode, meaning they have full access to all system resources
4. About the Exception table
Note: The exception table, whose entry k contains the address of the handler for exception K. Where the starting address of the exception table is placed in the exception table base register, and the exception number is an index in the exception table, which is equivalent to the offset address "
5. Interrupts (Exception type 1)
- Cause: The result of a signal from an I/O device
- Type: Asynchronous (not caused by any one instruction)
- Processing:
- I/O devices, such as timer chips, network controllers, etc., are signaled by a pin on the processor chip, and the anomaly number (the device that identifies the interrupt) is placed on the system bus;
- After the current instruction is complete, the processor notices the PIN voltage change, reads the abnormal signal from the system bus, and invokes the interrupt handler;
- Processing interrupts;
- The next instruction that the processor should execute when it returns (without interruption).
6. Traps (Exception type 2)
- Cause: Intentional exception, is the result of executing the instruction
- Type: Belongs to synchronization
- Processing:
- When the user program needs or wants to request services from the kernel (such as creating or terminating processes, reading files, etc.), execute syscall N (n is the service number you want to request).
- Handing control over to the processing procedure;
- Trap handlers run;
- After the handler finishes, return to the next instruction.
7. Fault (Exception type 3)
- Cause: caused by a potentially recoverable error condition
- Type: Belongs to synchronization, may be able to be repaired and then returned to the current instruction.
- Process:
- Current instruction causes failure;
- Control transferred to the handler;
- The fault handler runs, and if it can fix the error, it will control the command that caused the failure and then re-execute it; otherwise, the abort routine in the kernel is returned, and abort terminates the program that caused the failure.
8. Termination (Exception type 4)
- Cause: caused by an unrecoverable fatal error, usually a hardware error
- Type: Sync
- Process:
- Fatal hardware error occurred;
- Transfer control to handlers;
- The handler returns control to the abort routine, which terminates the application
Exceptions in the 9.LINUXIA32 system
- Failure and termination
- Division error: Occurs when the application attempts to divide by 0, or when the result of a division instruction is too large for the target operand; Unix chooses to terminate the program (typically reported as a floating-point exception)
- General fault protection: typically because a program references an undefined virtual storage area, or because the program tries to write a read-only text segment, Linux does not attempt to recover from this type of failure (typically reported as a segment failure)
- Page fault: The handler maps the corresponding pages of the virtual storage on the disk to a page in the physical memory and then restarts the command to execute the failure.
- Machine Check: Exception number 18, which occurs when a hardware error is checked in the execution of the instruction that caused the failure; no return control to the application
System calls to Linux provide hundreds of system calls, each with a corresponding integer number (that is, the offset in the kernel jump table); On the IA32 system, the system call is provided by an int n instruction
Examples Show
"Take the Hello program as an example"
int main(){ write(1,"hello world\n",13);//用系统调用来写write函数 exir(0);}
The first parameter of the Write function is to send the output to stdout, the second is the byte order to write, the third is the byte sequence length (counted, and the newline character is 12), while the string ends with Terminator.
"System call for Write function"
movl $4,%eax//write函数的编号movl $1,%ebx//以下是设置参数movl $string,%ecxmovl $len,%edxint $0x80//使用int来执行系统调用(系统调用的异常号是128)
10. Process
- Definition: An instance of an executing program. Each program in the system runs in the context of a process. The context is made up of the state required for the program to run correctly. This state includes code and data for the program that is placed in the memory.
- The process provides several key abstractions for the application:
- An independent logical control flow-provides the illusion of a program-exclusive processor;
- A private address space--Provides an illusion of a program-exclusive storage system;
11. Logical Control Flow
Each value in the process counter (PC) uniquely corresponds to the instruction contained in the executable target file of the program, or to a shared object that is dynamically linked to the program at run time. The sequence of this PC value is called the logical control flow.
Add: The process takes turns using the processor; Each process executes its part of the stream and then is suspended, and other processes execute.
For a program running in one of the process contexts, it looks like it is only taking up the processor (but if it is measured accurately, it may seem that it has been paused for a few short periods of time during execution for a process).
12. Concurrent Streams
- Introduction: There are many different forms of logic flow in computer system, such as exception handler, process, signal processing program, etc.
- Concept: The execution of one logical stream overlaps another stream in time, called concurrent flow, and the phenomenon of concurrent execution of multiple streams is called concurrency; a process and other processes run in turn, called multitasking, also called time shards.
- Contrast: If two streams are running concurrently on different processor cores or computers, we call them parallel streams.
13. Private address space
- On a machine with n-bit addresses, the address space is a collection of 2^n possible addresses.
- A process provides its own private address space for each program; In general, the memory byte associated with an address in this space is not readable or written by other processes (so it is private)
- Common structure of memory content:
- The bottom of the address space is left to the user program, including the usual text, data, etc.
- The top of the address space is reserved for the kernel (including code, data, and stacks that the kernel uses when executing instructions on behalf of the process)
14. Process Control
15. Wait for the child process to be recycled
Introduction: A process can wait for its child process to terminate or stop by calling the Waitpid function
#include<sys/types.h>#incldue<sys/wait.h>pid_t waitpid(pid_t pid,int *status,int options);//如果成功,返回子进程的PID,如果为WNOHANG,则为0,其他错误则为-1
Description: By default, when Options=0, waitpid suspends execution of the calling process until a child process in its waiting set terminates. If a process in the waiting set is terminated when it is just called, the Waitpid returns immediately. Both of these situations will cause the WAITPID function to return the PID of the child process that has been terminated and to remove the process.
- interpret
- determine the members of the waiting set
If pid>0, then the waiting set is a separate child process whose process ID equals the PID, and if pid<-1, then the waiting set is made up of all the child processes of the parent process.
- modifies the default behavior
You can modify the default behavior by setting the options to various combinations of constants Wnohang and wuntraced:
Wnohang: If any of the child processes in the collection are not yet terminated, return 0 immediately; wuntraced: Suspends execution of the calling process until one of the waiting sets becomes terminated or stopped, and then returns the pid; of the child process that caused the return
Wnohang| wuntraced: Returns immediately.
- checks the exit status of the reclaimed child process The
non-empty status parameter is placed on the status parameter's state information about the returned child process (Wait.h defines several macros for the status parameter)
Wifexited: Returns True if the child process terminates by calling the Exit function or a return-returning policy;
Wexitstatus: Returns the exit state of a normally terminated child process (defines the state when wifexited returns to true)
wifsingaled: Returns True if the child process is terminated because of an uncaught signal,
Wtermsig: Returns the number of the signal that caused the child process to terminate. This state is defined only when the wifsingaled is true.
- Error condition If the calling process has no child processes, then the WAITPID function returns-1, and the errno is set to echld;
If the Waitpid function is interrupted by a signal, then it returns-1 and sets errno to Eintr
Application examples
#include "csapp.h"#define N 2int main(){ int status,i; pid_t pid; for(i =0;i<N;i++) if((pid = fork())==0) exit(100+i); while((pid = waitpid(-1,&status,0))>0) { if(WIFEXITED(status)) printf("child %d terminated normally with exit status = %d\n",pid,WEXITSTATUS(status)); else printf("child %d terminated abnormally\n",pid); } if(errno != ECHILD) unix_error("waitpid error"); exit(0);}
- The parent process creates n child processes, and the child process exits with a unique exit state;
- The Waitpid function is blocked until a child process terminates and then enters the while loop test whether it is normally terminated;
- When all the child processes are reclaimed, the call to Waitpid returns 1, and the errno is set to Echild, and if it is not normal, an error message is output
16. Load and run the program
17. Non-local jump
- Introduction: C language provides a user-level exception control flow form, called non-local jump; It transfers a function to a function that is currently executing, and omits the call-return sequence step
Function: setjmp,longjmp
int setjmp(imp_buf env);返回0int sigsetjmp(sigjmp_buf env,int savesigs);void longjmp(jmp_buf env,int retval);void siglongjmp(sigjmp_buf env,int retval);
- Explanation: Use of the above two functions together
- The SETJMP function saves the current calling environment (including the PC, stack pointer, General Register) in the env buffer for use by the latter longjmp and returns 0;
- The LONGJMP function responds to the calling environment from the env buffer and then triggers a return from the SETJMP function call that started with the last env initialization.
- Application
- Used to allow immediate return from a deeply nested function call, rather than laboriously unraveling the stack
- Note: The main function calls setjmp to save the previous calling environment, and then calls the function Foo;foo to call bar; if one of the two functions encounters an error, it is returned from setjmp immediately by a longjmp call; setjmp non 0 return value indicates the type of error
- Application
- Used to branch a signal handler to a special code location instead of returning to the command where the signal has been interrupted
- Note: When the program first starts, call setjmp to save the context, then the main function enters the infinite processing loop; After the user types Ctrl-c, the shell sends a SIGINT signal to the process, which captures the signal and then the handler executes a non-local jump back to where the main function started
Ii. Exercises Answer P488 exercises 8.1
Consider three processes with the following start and end times: A (process) 0 (start time) 2 (end time)
B (Process) 1 (Start time) 4 (end time)
C (Process) 3 (Start time) 5 (end time)
Q: Is there concurrency between process 22?
"A&c: does not belong to; B&c: belongs to; A&b: Belongs to"
P497 Exercises 8.3
List all possible sequences for the following programs:
int main() { if(Fork() == 0) { printf("a"); fflush(stdout); } else { printf("b"); fflush(stdout); waitpid(-1,NULL,0); } printf("c"); fflush(stdout); exit(0); }
"The output sequence may be: ACBC,ABCC,BACC,BCAC"
P499 Exercises 8.4
int main(){ int status; pid_t pid; printf("Hello\n"); pid = fork(); printf("%d\n",!pid); if(pid != 0) { if(waitpid(-1,&status,0)>0) { if(WIFEXITED(status)!=0) { printf("%d\n",WEXITSTATUS(status)); } } } printf("Bye\n"); exit(2);}
Explanation: First the parent process runs, output "Hello", and then output! The PID is 0--> in if, because the created child process has not yet terminated, so the Waitpid function is blocked, and then switched to child process--Output 1, and bye, and then end---the parent process's waitpid function is executed, Then output the exit status of the child process
Third, learning experience
The content of this chapter is more, and some of the content is need to go through more than one of the scrutiny before you can gradually think about it, at the same time, because it involves the decomposition of some basic computer action, but also contains a lot of "strange" code, so for me, the content of this chapter is more challenging.
However, I am gratified that, by consulting other students, I find that my understanding of the code has improved greatly, and because of the increased understanding of the code, my grasp of the content of this chapter has been improved.
11th Week Study Summary