8th. Abnormal control Flow
8.1 Exceptions
An exception is one of the ECF, partially implemented by hardware, and partly by the operating system. Is the ECF located between the hardware and the operating system.
Exceptions can be divided into four categories: interrupts (interrupt), traps, faults (fault), termination (abort).
中断——来自处理器外部的I/O设备的信号的结果。中断处理程序——异步异常——由处理器外部I/O设备中的事件产生的。同步异常是执行一条指令的直接产物。中断通过向处理器芯片上的一个引脚发信号(高低电平),并将异常号放在系统总线上,以触发中断,很清楚。其中断处理程序完成后直接返回给下一条指令。陷阱——同步异常——完成处理后也返回到下一条指令。陷阱最重要的用途是在用户程序和内核之间提供一个像过程一样的接口,叫做系统调用。从程序员的角度来看,系统调用和普通的函数调用是一样的。但是它们的实现是非常不同的。普通函数在用户模式,系统调用在内核模式。syscall n指令,执行这条指令,会导致一个到异常处理程序的陷阱,就是跳到一个异常处理程序这个程序会对参数解码,并调用适当的内核程序,比如read,fork,execve,exit。故障——同步异常——对应的处理程序叫故障处理程序。如果处理程序可以修正这个错误(缺页异常),那么就返回到引起故障的指令,如果不能修正,就返回到内核的abort例程。终止——同步异常——对应的处理程序叫做终止处理程序,终止处理程序从不将控制返回,它会将控制返回给内核的abort例程。
LINUX/A32 system Call
Each system call corresponds to a unique integer number that corresponds to the offset of a jump table in the kernel.
The IA32 system call is provided through a trap instruction called int n.
The C program can invoke any system call directly through the Syscall function.
All Linux system calls are passed through a generic register instead of a stack,%EAX contains the system call number, and%EBX,%ECX,%edx, esi%,%edi, and%EBP contain up to 6 parameters. The stack pointer%esp is not available because the kernel overwrites it when it enters kernel mode.
8.2 Process
The context is made up of the state required for the program to run correctly. This state includes the code and data for the program stored in the memory, its stack, the contents of the general purpose register, the program counter, the environment variable, and the set of open file descriptors.
The context is a collection, each of its constituent parts is real, but these components are not put together, the concept of this collection is conceptually, the components are combined together, we call this set a context.
When we say that a program is executed in context, it is said that the components are assigned, placed there, and then start executing the code in the memory in these components.
The key abstraction that a process provides to an application:
一个独立的逻辑控制流,它提供了一个假象,好像我们的程序独占的使用处理器。一个私有的地址空间,它提供了一个假象,好像我们的程序独占的使用存储器系统。上下文是集合,进程其实是这个集合下实际一条一条执行代码的过程。进程包含上下文以及执行的过程。
the sequence of PC values is called Logical Control Flow .
处理的实际的PC序列称为物理控制流,物理控制流总包含多个逻辑流。
A process is a barrier between a program and a kernel, and a process is an abstraction of an application that kicks out the kernel and hardware and gives the application an illusion. The kernel and hardware provide the process of this function, the application is a process, the application does not know the kernel and the hardware, only knows the process.
The application does not have the concept of time and space, it knows only the process, but the process knows it itself, but the process does not let the application know.
Exception handlers, processes, signal handlers, threads, and Java processes are examples of logical flows.
The general phenomenon of concurrent execution of multiple streams is called concurrency .
The concept of a process and other processes running in turn is called multi-tasking .
Each time period in which a process executes part of its control flow is called a time slice. So multitasking is also called time sharding.
Two streams run concurrently on different processor cores or computers, which we call parallel streams .
The parallel stream must be a concurrent stream, and the concurrent stream is "Boss".
A process provides its own private address space for each program, the memory byte associated with an address in this space, which, in general, cannot be read or written by other processes, and in this sense the address space is private.
x86 the top of the Linux address space is reserved for the kernel. This part also contains the
代码数据栈
However, this is part of the kernel that will be used to represent the process execution instructions, such as when the system is called, which is the part of the space used.
At some point in the process execution, the kernel can decide to preempt the current process and restart a previously preempted process. This decision is called scheduling and is handled by code called the Scheduler in the kernel.
Context Switch:
保存当前进程的上下文。恢复某个先前被抢占的进程被保存的上下文。将控制传递给这个新恢复的进程。
8.3 System call Error
当UNIX系统级函数遇到错误时,它们典型地会返回-1,并设置全局整数变量errno来表示什么出错了。
8.4 Process Control
UNIX provides a large number of system calls that operate processes from a C program.
From the programmer's point of view, we can assume that the process is always in one of the following three states:
运行——在cpu上运行,或者,等待运行且最终会运行(会被内核调度)停止——进程被挂起(也就是被其他的进程抢占了),且不会被调度,但可以被信号唤醒终止——进程被永远的停止了,受到终止信号,或者从主程序返回,或者调用exit函数。
Fork function:
Called once and returned two times. The parent and child processes are independent processes that execute concurrently. Generally speaking, as programmers, we must not make any assumptions about the alternate execution of instructions in different processes. The same but separate address space. Share files.
When a process terminates for some reason, the kernel does not immediately purge it from the system. Instead, the process is persisted in a state that has been terminated. Until it is reclaimed by its parent process.
When the parent process recycles the terminated child process, the kernel passes the child process's exit state to the parent process. The terminated process is then discarded.
A process that has been terminated but not yet reclaimed is called a zombie process .
- If the parent process does not reclaim its dead child process, then the kernel will schedule another process to reclaim them, and the process is init. Its PID is 1. It is created by the kernel when the system is initialized.
A process can wait for its child process to terminate or stop by calling the waitpid function .
This function has three parameters:
pidstatusoptions。
Options=0, the process of calling this function hangs, that is, the process is not doing anything in the function, waiting, waiting for what, waiting for its child process to terminate, if one terminates, then the function returns, returns the PID of the terminating subprocess, and removes the child process from the system.
What are the waiting child processes? This is determined by the PID, Pid=-1, then is all the sub-process, PID is greater than 0, then is a child process, the current PID represents the child process.
Options=wnohang, if there is no terminating child process, then the function returns immediately, returning 0. Options=wuntraced is similar to options=0, but it also detects a stopped subprocess. Options=0 only detects aborted child processes. Also, this options does not remove the child process from the system. Options=wnohang| Wnuntraced is returned immediately, the return value is either a stop or terminate PID, or 0.
If the calling process has no child processes, then Waitpid returns-1 and sets errno to Echlild, and if the Waitpid function is interrupted by a signal, then it returns-1 and sets errno to Eintr.
Status is a pointer to the int type, and when Waitpid returns, it will have the corresponding value, but the encoding of this value seems more complex, and the C standard library provides some macros to handle it. wifexited (status) and so on.
The wait function is equivalent to Waitpid ( -1, &status, 0).
The execve function loads and runs a new program in the context of the current process. The fork is called two times back, Execve is called once, and never returned.
8.5 Signal
UNIX signaling is a higher-level form of software anomaly.
Linux supports 30 different kinds of exceptions.
Each type of signal corresponds to a system event. The underlying hardware exception is handled by the kernel exception handler, which, under normal circumstances, is not visible to the user process. The signal provides a mechanism to inform the user that the process has occurred with these exceptions.
发送信号——内核通过更新目的进程上下文中的某个状态,告诉目的进程,有一个信号来了。接受信号——当目的进程被内核强迫以某种方式对信号的发送做出反应时,目的进程就接收了信号。进程可以忽略、终止、捕获。
How to send a signal
/bin/kill键盘发送信号kill函数alarm函数。
Default behavior for receiving signals
进程终止进程终止并转储存储器进程停止直到被SIGCONT信号重启进程忽略该信号。
But the behavior of receiving signals can be not the default behavior by setting the signal handler.
When a program captures multiple signals, some minor problems arise.
The pending signal is blocked the--unix signal handler usually blocks the pending signal of the type being processed by the current handler. Pending signals are not queued-there is at most one pending signal for any type. System calls can be interrupted-system calls such as read, wait, accept, and so on, potentially block a process for a longer period of time, called a slow system call.
The parent process has its own signal handler, put it there, and then the parent process uses a read function, which executes for a period of time, during which time a signal is sent, so the control is transferred to the signal handler, which means that the control jumps from the read function to the signal handler. When the handler is finished, it returns, in some systems, returns, but the call to the read function no longer continues, but instead directly returns to the user an error. Of course, in other systems, such as Linux, it will return to the Read function to continue execution.
The signal processing semantics of the signal handler set by the Signal wrapper function:
1. only the type of signal that the handler is currently processing is blocked.
2. As with all signal implementations, the signal will not wait in line.
3. whenever possible, the interrupted system call will be restarted automatically.
4. Once the signal handler is set, it remains, knowing that the signal with the handler parameter is Sig_ IGN or SIG_DFL is called.
Synchronizing streams to avoid annoying concurrency errors
1. in general, the number of flows that may be interleaved is exponentially related to the number of instructions.
2. Synchronize and communicate in some way to get the largest possible staggered set, with the right results for each possible interleaving.
3. How to write concurrent streaming programs that read and write to the same storage location has plagued generations of computer scientists. For example, the issue of competition.
8.6 Non-local jump
C language provides a user-level exception control flow form- non-local jump .
Exception control flow, now think of this noun-very apt, control, is control, normal control movement is sequential, the linear control flow is not normal is the control jumped away, is abnormal, control jumped away, jump to where? Transferred to the exception handler, control how to jump away? Many methods, such as system calls--system calls appear to be at least sequential, such as read, are stopped in the Read function, and so on, the Read function is finished, in fact, the control is no longer in main, but through the read function to jump to the kernel. Also such as the signal, the process receives the signal, the trigger control jumps to the signal processing program.
This is also true of the non-local jump that is now spoken. The control jumped away.
The user-level exception control flow form, called a non-local jump, transfers control directly from one function to another currently executing function without having to go through a normal call-return sequence.
The SETJMP function saves the current calling environment in the env buffer for use by subsequent longjmp and returns 0. The calling environment includes program counters, stack pointers, and general purpose registers.
int setjmp (jmp_buf env); int sigsetjmp (setjmp_buf env,int savesigs);
The LONGJMP function resumes the calling environment from the env buffer and then triggers a return from the setjmp call that was last initialized with Env. The setjmp is then returned with a non-zero return value of retval.
void longjmp (Jmp_buf env,int retval); void siglongjmp (Sigjmp_buf env,int retval);
8.7 Tools for manipulating processes
STRACEpstoppmap/proc
20135210 Ellis--The basic design of information security system 11th Week study summary