20145216 Shi Yao "Information Security system Design Fundamentals" 6th Week Study Summary

20145216 Shi Yao "The basis of information security system Design" 6th week Study Summary teaching contents summary Fourth Processor architecture first section Y86 instruction set architecture

First, the programmer visible State

1. Meaning: Each instruction will read or modify some parts of the processor state

2. "Programmer": it can be the person who writes the program with assembly code, or it can be a compiler that produces machine-level code

3. Specific processor status: similar to IA32

• There are 8 program registers:%EAX,%ECX,%EDX,%EBX,%ESI,%EDI,%ESP,%EBP
• Each program register of the processor stores one word
• The register%ESP is used as a stack pointer by a stack, a stack, a call, and a return instruction. In other cases, the register does not have a fixed meaning or fixed value
• There are three one-bit condition codes: zf,sf,of, which hold the most recent arithmetic or the rocky instructions caused by the hero's information
• Program Counter PC holds the address of the currently executing instruction

4. Memory: Y86 program uses virtual address to refer to memory location, hardware and operating system software together to translate virtual address into physical or actual address

5. Status Code stat: it indicates the overall state of the program execution, indicating whether it is functioning correctly or that an exception has occurred.

Second, Y86 directive

The Y86 instruction set is basically a subset of the IA32 instruction set, including only four-byte integer operations, with less addressing and fewer operations.

Refer to the 232 page of the textbook for the reference and byte encoding of sinks.

1.MOVL instruction

IA32 's MOVL directive is divided into four types:

irmovl,rrmovl,mrmovl,rmmovl

The preceding two letters are in the format of the specified source operand and the destination operand explicitly, the first bit is the source operand, and the second bit is the destination operand.

(1) Number of source operations

Can be:

i-立即数r-寄存器m-存储器

(2) Purpose of operation

Can be:

r-寄存器m-存储器

※ The memory reference method here is a simple base address and offset form, and the addressing method does not support the scaling of the second variable address register and any register value.

※ Two operands cannot be from the memory, nor allow the immediate number to be transmitted to the memory.

2. Four integer operation instructions

addl 加subl 减andl 与xorl 异或

And they operate only on register data (as distinct from IA32, which also allows these operations on the memory data).

These instructions will set up three condition codes:

ZF-零 SF-符号OF-溢出

3. Seven Jump Commands--branch control

jmp 直接跳转jle（SF^OF）|ZF 有符号数≤jl SF^OF 有符号＜je ZF 相等/零jne ~ZF 不相等/非零jge ~(SF^OF) 有符号≥jg ~(SF^OF)&~ZF 有符号＞

4. Six Conditional delivery Instructions

cmovle cmovlcmovecmovnecmovgecmovg

The format of these instructions is the same as the register-transfer instruction RRMOVL, but the value of the destination register is updated only if the condition code satisfies the required constraint.

5.call and RET

The call instruction returns the address to the stack, and then jumps to the destination address, which is returned from such a procedure invocation.

6.PUSHL and POPL

Implement in-stack and out-stack

7.halt instruction

The halt instruction stops the execution of the instruction, which causes the processor to stop and the status code to be set to HLT.

The analogy ia32:hlt directive is similar, but the IA32 application does not allow this instruction because it causes the entire system to pause.

Third, byte-level encoding of instructions

Each instruction requires a range of 1-6 bytes, and the first byte of each instruction indicates the type of instruction.

1. First byte

This byte is divided into two parts, each part 4 bits:

• High four-bit: Code section, domain value is 0~0xb
• Low four-bit: Functional section, function values are only useful if one code is shared with a set of related directives

For example: the No. 233 page of the textbook, the function Code of the Y86 instruction set:

The code portion of the integer operation is 6, the functional part distinguishes ADDL,SUBL,ANDL,XORL

The code portion of the branch instruction is 7.

The code portion of the delivery instruction is 2.

It's important to note that RRMOVL is in the delivery instructions, which says they have the same instruction code.

Each of the 8 program registers has a corresponding register identifier for the 0~7, and the program register exists in a register file in the CPU, which is a small, random-access memory with the Register ID as the address.

When you need to indicate that no registers should be accessed, use the ID value 0xF to indicate

2. Some require extra bytes

(1) Additional Register indicator bytes

Specify one or two registers, such as RA or RB.

• Without a register operand, such as branch instruction and call instruction, there is no register designator byte.
• An instruction that requires only one register operand (IRMOVL,PUSHL,POPL) instructs the other register to subscript character to 0xF

(2) Additional 4-byte constant numbers

The use of this word:

1.irmovl的立即数数据2.rmmol和mrmovl的地址指示符的偏移量3.分支指令和调用指令的目的地址

Precautions

1.分支指令和调用指令的目的地址是一个绝对地址2.所有整数采用小端法编码

※ Important properties of instruction set: Byte encoding must have a unique explanation

Exercise 4.1: This problem only need to follow the instructions to encode the values of each bit to correspond, such as the first line, IRMOVL instruction is 30f, the purpose of the operation is%EBX, check the table is 3, the source operation is immediately number 15, converted to 16 into the xx xx 0f, the small-end method is expressed as 0f 00 00 00, combined together that is 30f30f000000.

Exercise 4.2: This problem should be careful to divide the numbers into different instructions.

Iv. Y86 Anomalies

1. Possible value of Status Code stat: (Stat describes the overall state of the program execution)

1. AOK 正常操作2. HLT 处理器执行halt指令3. ADR 遇到非法地址4. INS 遇到非法指令

2. When an exception occurs

The y86--processor stops running instructions, and in a more complete design, the processor typically calls an exception handler

V. Y86 procedures

See textbook 第238-239 page for specific examples

In contrast to the Y86 and IA32 codes, they are essentially the same, but:

The difference between 1.y86 and IA32

1.Y86有时需要两条指令来完成IA32一条指令就能完成的事2.Y86没有伸缩寻址模式

2. Note Some of the following:

(1) The command indicates where the code or data should be placed, and how it should be aligned

(2) to "." The beginning is the assembler command

(3) The only tool for creating Y86 code is the assembler, so programmers must perform tasks that would normally be done to compilers, linker, and runtime systems.

Vi. details of some Y86 directives

Specifically POPL and PUSHL, there are two different conventions when pressing/ejecting the stack pointer%esp:

1.压入/弹出%esp的原始值2.压入/弹出%esp-/+4后的值

After testing, it is found that the default press-in pops up the original values.

PUSHL There is ambiguity between the different x86 models, but POPL does not.

Section II Logic Design and hardware control Language HCL

First, the logic gate

1. The output generated by the logic gates is a Boolean function that equals their input bit value.

2. HCL expression corresponding to the logic gate:

AND &&OR ||NOT !

3. The logic gate operates only on the number of individual bits, not the entire word.

4. The logic gate is always active, and the input change output quickly follows the change.

Ii. combinational Circuits and HCl Boolean expressions

1. Limitations when building compute blocks (combinational circuits)

• Outputs of two or more logic gates cannot be connected together
• Must have no ring

2. The difference between logical expressions in combinational logic circuits and C language

• The output of the combined circuit will continue to respond to input changes, and the C language expression is evaluated only when it is encountered during execution
• The logic gate operates only on 0 and 1, the arguments in the C language expression can be any integer, 0 is false, not 0 is true
• The logical expression of C may be partially evaluated

Three, word-level combination circuit and HCL integer expression

There are a few bits and pieces of knowledge that need to be noticed:

• All word-level signals are declared as int, and the size of the word is not specified

• The multiplexed function is described by a case expression, in the following format:

  [  select_1 : expr_1  select_2 : expr_2  ……]

  Logically, these selection expressions are evaluated sequentially.

• The selection expression is 1 o'clock, which means that if no previous case is selected, select this case

• Allow non-mutex between different selection expressions

The sequential implementation of the third section Y86

SEQ Processor

First, the process is organized into stages

Six basic stages:

• Take a finger
• Decoding
• Perform
• Visit
• Write back
• Update pc

Each phase of the implementation of the content is shown in page 250, according to each step of the calculation of the topic in the 253-page Exercise 4.11, the most important thing to do this problem is to pay attention to the meaning of each character represents what, in order to do the correct calculation. This problem is not difficult, is a bit of trouble, more read more understanding.

Second, the realization of the SEQ stage

1. Taking the finger stage

Take the PC as the first byte and read 6 bytes.

• Two logical blocks (separated from the first byte, four bits each)

  icode-指令代码ifun-指令功能

• Three-bit signals (based on icode values)

  instr_valid-发现不合法的指令need_regids-包含寄存器指示符字节吗need_valC-包括常数字吗

The latter five bytes are the combined encoding of the Register designator byte and the constant number.

2. Decoding and writeback phase

All need to access the register file, according to the case of four ports, determine which register should be read to generate the signal Vala, VALB

3. Implementation phase

(1) including the Arithmetic/logic unit ALU, the output is Vale.

ALU常被用作加法器

(2) including the condition Code register

零，符号，溢出，产生信号set_cc

4. The stage of the visit

• Read or write program data.

Two data blocks generate the memory address and the value of the memory input evidence, and two generate control signals indicating whether to read or write.

• Based on the Icode,imemerror,instrvalid,dmem_error, the Status code stat is calculated from the results of the instruction execution.

5. Update PC Stage

The new value of the program counter is generated.

Y86 Simulator Installation

1. Installing the Bison and flex lexical analysis tools

In the first step you encounter a problem:

Through the internet Baidu, get two solutions:

• Terminal input Ps-aux, list process, find process containing apt-get, direct sudo kill PID solution
• To force the unlock, enter the following command:
  

  sudo rm /var/cache/apt/archives/locksudo rm /var/lib/dpkg/lock

Install the Bison and flex lexical analysis tools successfully:

2. Download SIM decompression, address http://csapp.cs.cmu.edu/public/students.html

Find the Chapter4 on the official website, you can see the source distribution project, download the required file. Then use the tar xf sim.tar command to unzip, and then entercd sim

3. The graphical interface needs to be installed TCL/TK

输入命令：sudo apt-get install tcl8.5-dev tk8.5-dev tcl8.5 tk8.5

4. Make changes to the file (open the Makefile folder in the file directory and modify it with Leafpad or other Notepad)

Guimode=-dhas_gui (Remove the original comment #)

tklibs=-l/usr/lib/-ltk8.5-ltcl8.5

tkinc=-i/usr/include/tcl8.5

5. Compiling

Under the Sim folder, right-click Open in Terminal, entermake clean;make

Problems encountered in the study

Question: The byte code I identified in Exercise 4.1 always has a discrepancy with the answer.

Solution: By looking at the answers, you find that you always forget to write in reverse order

Summary: These bytes appear in reverse order when the instruction is written in the disassembly format

Lab Building Exercises

Build Yis Environment:

Yis test:

To view the contents of the directory, you can see only. ys Files:

After compiling with the make all command:

After compiling and viewing the contents of the directory, you can see that there are already compiled. yo files, which can be viewed after VIM entry:

The code in Figure 4-7 of the No. 239 page of the textbook, called Asum.yo in the system, prints its contents on the screen:

It can be seen that the results are consistent with the 240 pages of the textbook.

Code Hosting

Links: Https://git.oschina.net/sjy519/linux-program-C/tree/master

Other (sentiment, thinking, etc., optional)

Through the previous weeks of learning the contents of the textbook, I feel that I am slowly accustomed to this independent solution after the practice of learning, although there are still a lot of problems, but their ability to solve problems compared to the previous improvement. For this week's study, I think that the logic of the calculation of the part of the study will be easier relative to other content, because last semester there is the basis of Verilog language, followed mainly by the installation of Y86 simulator spent more time, download SIM address always can not open, Later according to Zhangxiaohan classmate blog written steps to do, finally installed successfully.

Learning progress Bar /Cumulative) new/cumulative)

	lines of code (new	Blog volume (	Learning time (new/cumulative)	Important growth
Goal	3000 rows	30 Articles	300 hours
First week	0/0	1/2	25/40	Learn Linux basics and Core commands
Second week	0/0	0/2	0/40
Third week	300/300	3/5	40/80	Learn the vim, GCC, gdb instructions; Learn the information representation and processing
Week Five	200/500	1/6	45/125	Learn the machine-level representation of a program
Week Six	150/650	1/7	40/165	Learned the processor architecture

20145216 Shi Yao "Information Security system Design Fundamentals" 6th Week Study Summary