Information Security System Design Foundation 11th Week study summary--20135308

Eighth. Abnormal control Flow

The control transfer sequence is called the control flow.

From one instruction to the next one is called transfer control.

Exception control Flow: The modern operating system responds to the system state by causing mutations in the control flow, known as abnormal control flows.

Exception Control Flow ECF: these mutations.

1.ECF is the basic mechanism that the operating system uses to implement I/O, processes, and virtual storage 2. Applications requesting service to the operating system by using an ECF form called a trap or system call 3.ECF is the basic mechanism for implementing concurrency in a computer system 4. Software anomaly Mechanism--c++ And Java have try,catch, and throw,c non-local jump is setjmp and longjmp

8.1 Exception 1. Exceptions are a form of exception control flow, partly implemented by hardware and partly by the operating system. Different depending on the system. Exception is mutation of control flow。 2. Anatomy of the Anomaly:

3. Exception Handling

The system assigns the exception number of a unique non-negative integer to each type of exception.

When the system starts, the operating system initializes a jump table called the exception table so that the entry K contains the address of the handler for the exception K .

The exception number is the index to the exception table, and the starting address of the exception table is placed in the special CPU register of the exception table base Register .

4. Categories of exceptions

Divided into four types: interrupts, traps, failures, and terminations

(1) Interrupt

• Occurs asynchronously

• The result of a signal from an I/O device outside the processor

• Return control to the next instruction

(2) Traps and system calls

• Traps are intentional exceptions.

• Is the result of executing an instruction

• The most important use: to provide a process-like interface between the user and the kernel, called the system call

(3) fault

• caused by an error condition and may be corrected by the fault handler

• When a fault occurs, the processor transfers control to the fault handler, if it can be corrected, returns the instruction that caused the failure, re-executes the instruction, or returns the Abort routine, terminating

• Typical example: Missing pages exception,

(4) Termination

• Is the result of unrecoverable fatal error

• Usually a few hardware errors

• Terminate example: Returns control to the abort routine,

Exceptions in the 3.LINUX/IA32 system

Up to 256 types of exceptions, 8:

(1) LINUX/IA32 failure and termination

• Division error/Floating point exception: Exception 0, select Abort program

• General Protection Fault/segment fault: Exception 13, select Abort Program

• Missing pages: Exception 14, re-executing the command that caused the failure

• Machine Check: Exception 18, do not return control to application

(2) LINUX/IA32 system call

The system invocation example is shown in 9:

8.2 Process

In the operating system layer: logical control flow, private address space, multitasking, concurrency, parallelism, context, context switching, scheduling.

A process is an executing instance of a program. Each program in the system is running in the context of a process.

The key abstraction that a process provides to an application: a) A separate logical control flow; b) a private address space

1. Logical Control Flow

A series of program counter (PC) values that uniquely correspond to instructions contained in the executable target file of the program, or that contain instructions in a shared object that is dynamically linked to the program at run time, the sequence of this PC value is called the logical control flow , or simply the logical flow .

• Example: three-process system,

The process uses the processor in turn. Each process executes its part of the stream, then is preempted (temporarily suspended), and then turns to other processes. For other programs that run in the context of the program, it appears to be using the processor exclusively.

2. Concurrent Streams

Concurrent flow: The execution of a logical flow in a concurrent stream overlaps with another stream in time.

Concurrency: The general phenomenon of concurrent execution of multiple streams is called concurrency.

Multitasking: Multiple processes concurrency is called multitasking.

Parallel: The concurrent stream is on a different CPU or computer.

3. Private address space

A process provides its own private address space for each program.

The process that runs the application code is initially in user mode. The only way the process changes from user mode to kernel mode is through exceptions.

• The process address space, shown in 11

4. User mode and kernel mode

You need to limit the instructions that an application can execute and the range of address spaces that can be accessed to implement process abstraction , which is provided through a pattern bit for a particular control register. When a pattern bit is set, the process runs in kernel mode , and the process can execute any instruction and access any memory location. When the mode bit is not set, the process runs in user mode , and the process does not allow the execution of privileged instructions and access to code and data within the kernel area of the address space. The user program must have access to the kernel code and data indirectly through the system call interface.

The process of the user program is initially in user mode and must be changed to kernel mode by an exception such as an interrupt, a failure, or a system call.

The smart mechanism of Linux--/proc the file system, which contains the contents of the kernel data structure in a readable form, running user-mode process access.

5. Context Switches

• Context switching: The operating system kernel uses exception control flows called context switches to achieve multitasking.

• Context switching mechanism:

• (1) Save the context of the current process;
• (2) Restore the context in which a previously preempted process was saved;

• (3) Transfer control to this newly restored process

• Dispatch: The scheduler in the kernel implements scheduling.

• Context switching may occur when the kernel performs context switching on behalf of the user.

• If a system call is blocked, the kernel can let the current process hibernate and switch to another process, such as a read system call, or sleep will display a request for the calling process to hibernate. In general, the kernel can also determine context switching, rather than returning control to the calling process, even if the system call is not blocked.

• Example: A context switch between process A and B, shown in 12

8.3 System invoke error handling

• In Linux, you can use the man syscalls to see a list of all system calls.

• When a system-level function encounters an error, it typically returns-1 and sets the global variable errno.

8.4 Process Control 1. Get process ID

#include <sys/types.h>#include <unistd.h>pid_t getpid(void); /*返回调用进程的PID*/pid_t getppid(void);    /*返回它的父进程的PID（创建调用进程的进程）*/

2. Creating and terminating processes

Three states of a process-run, stop, and terminate.

• Run: Either executing on the CPU, waiting to be executed, and eventually being dispatched by the kernel.

• Stop: The execution of the process is suspended and is not scheduled. Received SIGSTOP, SIGTSTP, Sidttin, Sigttou signal, the process stopped, received the Sigcont signal, the process began to run again.

• Terminate: Stop forever. This can be caused by receiving a signal to terminate the process, returning from the main program, and calling the Exit function.

Create a process

The parent process creates a new run child process by calling Fork: The parent process has the same (but separate) address space as the child process and has the same set of file-defying characters.

The fork function is defined as follows:

#include <sys/types.h>#include <unistd.h>pid_t fork(void);

The fork function is called once, returns two times, the parent-child process runs concurrently, cannot assume their order of execution, two processes have the same initial address space, but are independent of each other; they also share open files. Because there is the same program code, if you call fork three times, there will be eight processes.

3. Recycling of sub-processes

• When a process terminates, the kernel does not immediately purge it from the system. Instead, the process is kept in a state that has been terminated until it is reclaimed by its parent process.

• Zombie Process: A process that has been terminated but not yet reclaimed is called a zombie process. When the parent process recycles the terminated child process, the kernel passes the child process exit state to the parent process and discards the process. If the parent process has been terminated before recycling, then the zombie process is reclaimed by the Init process.

A process can wait for its child process to terminate or stop by calling the Waitpid function.

The WAITPID function is defined as follows:

#include <sys/types.h>#include <sys/wait.h>pid_t waitpid(pid_t pid, int *status, int options);

(1) Determining the members of a waiting set

The members of the wait collection are determined by the parameter PID:

• If pid>0: The Wait collection is a separate subprocess, the process ID equals the PID

• If pid=-1: The Wait collection is made up of all the child processes of the parent process

(2) Modifying the default behavior

Modify the default behavior by setting options to the various combinations of constants Wnohang and wuntraced:

(3) Check the exit status of the reclaimed child process--status (4) Let the process hibernate

The sleep function suspends a process for a specified period of time.

#include <unistd.h>unsigned int sleep(unsigned int secs);

The pause function lets the calling function hibernate

#include <unistd.h>int pause(void);

(5) Loading and running the program

• FileName: Executable target file

• argv: Parameter list

• ENVP: Environment List

015 16

8.5 signal

Between the operating system and the application: transferring signals between processes

A higher-level form of software exception, called a UNIX signal, allows a process to interrupt other processes.

1. Signal terminology (1) Send signal

Send signal:/bin/kill, kill function, keyboard, alarm function

• Send signal with kill function: Send Sigkill signal

• Send signal with alarm function: Send Sogalarm signal

(2) Receiving signal

The process can modify the default behavior associated with the signal by using the signal function. The only exceptions are sigstop and Sigkill, whose default behavior cannot be modified.

18

2. Send signal (1) Process Group

• Each process belongs to only one process group.

• The process group is identified by a positive integer process group ID.

• The GETPGRP function returns the current process group ID

• Setpgid function modifies itself or another process group

(2) Send signal with/bin/kill program

The/bin/kill program can send arbitrary signals to other processes, such as/bin/kill-9 15213

That is: Send signal 9 to process 15213

(3) Send a signal from the keyboard

At any time, there is at most one foreground job and 0 or more background jobs. The shell creates a separate process group for each job, and one job corresponds to a process group.

Figure 19

(4) Send a signal using the Kill function

Send Sigkill Signal

(5) Send signal with alarm function

Send Sogalarm Signal

3. Receiving signals

When the kernel returns from an exception handler and prepares to pass control to process p, he examines the set of non-blocked processing signals for process p. If the set is empty, then the kernel controls the next instruction in the logical control flow to P, and if the collection is nonempty, the kernel selects a signal K (usually the smallest K0) in the collection and forces p to receive the signal K. Receiving this signal triggers some kind of behavior in the process. Once the process has completed this behavior, the control passes back to the next instruction in the logical control flow of P.

Each signal type has a predetermined default behavior:

• Process termination

• Process termination and dump memory

• Process stopped until Sigcont model was restarted

• Process ignores this signal

4. Signal Processing problems

When a program captures multiple signals, some minor problems arise.

• The pending signal is blocked. UNIX signal handlers typically block pending signals of the type being processed by the current handler.

• Pending signals are not queued for processing. Any type at most has only one pending signal. Therefore, if a signal of two type K is transmitted to a destination process, and because the destination process is currently executing a signal K handler, so the signal K is blocked, then the second and the signal is simply discarded, he will not wait in line.

• System calls can be interrupted. System calls such as read, wait, and accept can potentially block a process for a long time, called a slow system call. In some systems, when the handler captures a signal, the interrupted slow system call no longer resumes when the signal handler returns, but immediately returns to the user an error condition and sets the errno to Eintr.

5. Portable Signal Processing

The signal processing semantics of the signal handler set by the Signal wrapper function:

• Only the type of signal that the handler is currently processing is blocked

• As with all signal implementations, the signal will not wait in line.

• The interrupted system call is automatically restarted whenever possible.

• Once the signal handler is set, it remains, knowing that the signal with the handler parameter is called by the SigIGN or SigDFL.

6. Block and suppress blocking signals explicitly

20

7. Synchronizing streams to avoid annoying concurrency errors

Synchronize and communicate in some way to get the largest possible staggered set, with the right results for every possible interleaving.

8.6 Non-local jump

The C language, the user-level exception control flow form, is provided through the setjmp and LONGJMP functions.

The Setjump function saves the current calling environment in the env buffer for use by subsequent longjmp and returns 0. The sig-function is a version of the setjmp and LONGJMP functions that can be used by a signal handler.

8.7 Tools for manipulating processes

Linux systems provide a number of useful tools for monitoring and manipulating processes:

STRACE：打印一个正在运行的程序和它的子进程调用的每个系统调用的轨迹。对于好奇的的工具。用-StatiC编译你的程序，能传到一个更干净的、不带学生而言，这是一个令人着迷有大量与共享库相关的输出的轨迹。PS：列出当前系统中的进程（包括僵死进程）TOP：打印出关于当前进程资源使用的信息。PMAP：显示进程的存储器映射。proc:一个虚拟文件系统，以ASCII文本格式输出大量内核数数据结构的内容，用户程序可 cat 2 / proc / load avg” , 观察在Linux系统上的平均负载。

Summarize

This week to learn more content, the front also read more understand, behind some chaos, I hope the teacher in class to talk about non-local jump knowledge, I still do not understand here.

Resources

Textbook: "In-depth understanding of computer systems"

Information Security System Design Foundation 11th Week study summary--20135308