MIPs exceptions and interruptions, similar to other architectures, such as Intel's ia32 architecture, interrupt/call gate/trap mechanism, have three main purposes:
1. provides a channel for switching from the user State to the kernel state, so that the program can access normally protected resources such as cp0 and kseg;
2. Handle some illegal operations, such as TLB Miss/address error;
3. handle external and internal interruptions. What is different from the ia32 architecture is that all interruptions come from exception no. 0.
In see mips run, the MIPs exception mechanism is called "precise exception ". In plain language, because an exception occurs during command execution, the commands executed before the exception occurs are undoubtedly valid. However, due to the high-level flow system structure of MIPs, when an abnormal command is executed, the subsequent command has completed the preparation for reading and decoding, and everything is ready, it is executed only when the ALU part is idle. When exceptions occur, these preparations are discarded. When the CPU returns from an exception, it re-reads and decodes it.
Therefore, we can ensure that when an exception occurs, all the commands will not be executed after the exception command. In this way, there is no need to worry about the delay slot instruction in the MIPs exception handling routine (exception handler.
The MIPs exception type, which has been mentioned earlier. To make it easier for readers to read, first give an overview and then explain some common exceptions.
MIPs exception types include:
0: interrupt, interrupted;
1: TLB modified, trying to modify the memory address mapped to read-only in TLB;
2: TLB Miss load, trying to read a virtual address that is not reflected in the physical address in TLB;
3: TLB misses the store and tries to store data to a virtual address not mapped to a physical address in TLB;
4: Address error load, trying to read information from a non-alignment address;
5: Address error store, which attempts to write information to a non-alignment address;
6: instruction bus error, which is generally a command cache error;
7: Data Bus error, which is generally a data cache error;
8: syscall, which is generated by the syscall command. In the operating system, a common method is to switch from user to kernel. It is similar to the "Call door" of ia32;
9: break point, which is generated by the break command. The most common BP command is generated by the compiler. A break point command is inserted during Division operations to throw error messages when division is 0. Therefore, if a break point exception is found when the problem is located and Its Exception Code is code 07, the division of 0 should be considered;
10: Ri, reserved command. This exception occurs when the CPU executes an unspecified command;
11: Co-processor unavilible. The coprocessor is unavailable. This exception is caused by an attempt to operate non-existing coprocessor. In particular, executing this command on a processor without a floating-point coprocessor can cause this exception. The operating system then calls the Lib library that simulates floating points to implement floating point operations of the software;
12: overflow, Arithmetic overflow. Only signed operations will cause this exception;
13: trap. This exception comes from the trap command. Similar to the syscall command, the trap command also causes an exception, but the trap command can be attached with some conditions, which can be used for debugging programs.
14: vcei, indicating that the Virtual Address consistency in the instruction cache is incorrect. (I don't know what's going on. I still need to be supplemented by experts)
15: Float Point exception, floating point exception;
16: Co-Processor 2 exception, coprocessor 2 exception;
17 ~ 22. For future extension;
23: Watch, memory breakpoint exception. It works when two registers watchlo/watchhi are set. When the virtual address of load/store matches with watchlo/watchhi, this exception occurs./* this local classic book "see MIPS run" makes a mistake, write the virtual address as a physical address */
24 ~ 30. reserved for future extension;
Among them, exception 0-5, 8-11, 13, 23 are common exception types.
Exception 0: interrupt, external interruption. It is the only asynchronous exception. The reason why an interruption occurs asynchronously is that, compared with other exceptions, the interruption is unpredictable in terms of time sequence, and it cannot be determined which stage the interruption occurs in the pipeline. The five-level assembly line design of MIPs is as follows:
If, RD, Alu, mem, WB. The interrupt control part of the MIPs processor is designed as follows: When an interrupt occurs, if the operation of the command has completed the mem stage, the execution of the command is completed. Otherwise, the pipeline's work on this command is discarded. Except NMI, all internal or external hardware interruptions (Hardware Interrupt) share this exception vector ). The counter/compare pair in the cp0 mentioned above triggers a hardware interruption when the counter Count value is equal to the Compare threshold value.
Exception 1: TLB modified, memory modification exception. If a TLB ing exists in a block and its attribute is set to read only, the processor will enter this exception when trying to modify the content of this memory. Obviously, this exception occurs in the memory stage. However, according to the "precise exception" principle, when an exception occurs, all operations in the ALU stage are invalid. That is to say, write operations to the memory address are not actually executed. This judgment principle also applies to memory read/write exceptions, including TLB Miss/address error/watch.
Exception 2/3: TLB Miss load/write. If you try to access the memory address not mapped in the TLB of MMU, this exception is triggered. In an operating system that supports Virtual Memory, this will trigger Page Swap of memory. The system exception handler will transfer the required memory pages from the virtual memory to the physical memory, and update the corresponding TLB table items.
Exception 4/5: Address error load/write. If you try to access a non-alignment address, for example, the address of the LW/SW command is not 4-byte aligned, or the LH/SH address is not 2-byte aligned, this exception is triggered. Generally, the operating system handles this exception in the exception handler by reading/writing the address twice separately. Although the general operating system kernel handles this exception and can finally complete the expected operation, it may cause user-to-kernel switching and abnormal exit, when such non-alignment operations are large, the program running efficiency will be seriously affected. Therefore, the compiler automatically considers the alignment when defining local and global variables, while the programmer needs to make special consideration for alignment when designing the data structure.
Exception 6/7: instruction/Data Bus error. The general cause is that the cache has accessed the cached memory space before initialization. Therefore, note that after the system is powered on and before the cache initialization, only the Uncached address space is accessed, that is, 0xa0000000-0xbfffffff. By default, the entry point for power-on Initialization is 0xbfc00000. (In some MIPs implementations, you can use an external hard line connection to modify the entry point address. To avoid unexpected problems, do not change the entry point address to an address other than the Uncached segment)
Exception 8: syscall, the formal entry for system calls, that is, the formal way to enter the kernel state in user mode. We can understand it in comparison to the Linux system calling 0x80 in x86. It is triggered by a dedicated Command syscall.
Exception 9: break point, which is an absolute breakpoint command. Similar to the syscall command, it is also triggered by the dedicated Command break. It indicates some exceptions of the system. programmers can add this command in some abnormal branches that should not appear to facilitate early detection and debugging. We can use the assert mechanism in advanced languages to simulate and understand it. The most common subtype of a break exception is 0x07, which is automatically added by the compiler during division computation. If the divisor is 0, run the break 0x07 command. In this way, when a zero division occurs, the system will throw an exception and execute coredump to help programmers locate the root cause of the zero division error.
Exception 10: Ri. If an unspecified command is executed, the system will encounter this exception.
Exception 11, co-processor unaviliable, the coprocessor to be accessed does not exist. For example, executing the CP2 operation on a CPU that does not implement CP2 triggers this exception.
Exception 12, overflow, and Arithmetic overflow. The command that causes this exception is limited to the symbolic operation in addition and subtraction, such as Add/addi. Therefore, generally, the compiler always compiles addition and subtraction operations into unsigned commands such as addiu. Because the MIPs processing exception requires a certain amount of overhead, this can avoid waste.
Exception 13, trap, condition breakpoint command. It is triggered by the trap series commands. Unlike the break command, this exception is triggered only when the conditions in the breakpoint command are met. We can understand the INT 3 breakpoint exception in x86.
Exception 14, vcei, (not clear! Who knows why ?)
Exceotion 15, float point exception, floating point coprocessor 1 exception. It is defined by CP1 and is related to the specific implementation of cp1. It is actually an exception entry reserved for CP1.
Exception 16: the exception of coprocessor 2, similar to the previous exception, is related to the specific implementation of CP2.
Exception 23, watch exception. As mentioned above, the watch register can monitor a memory segment. This exception is triggered when the memory segment is accessed/modified. In the exception handling routine, the exception stack can be used to determine where the memory is read/write. This exception is a powerful tool for locating unexpected Write Failures in memory.
When an exception occurs, the system switches from user to kernel. As mentioned above, access to some resources of the system (such as cp0 coprocessor and kernel segment memory) must be performed in the kernel state. Therefore, if you want to enable the system to enter the kernel state from the user State, an exception is required.
There are no many differences between MIPS Exception Handling and exception/interrupt/trap handling in other architectures. Generally, there are three sections:
1. Save the field register file ). Open up a region in the stack and store 32 General registers and related cp0 registers, such as status, badvaddr, and cause in this memory. It is particularly important that the EPC point to the command when an exception is thrown.
In this step, the General Register group should be saved first, followed by the epc0 registers of EPC/cause/status/badvaddr. Data transmission from cp0 to memory must pass through common registers. Generally, the protocol for programming is to use the K0 and K1 registers for temporary storage. Example: (applicable to 32-bit MIPS Mode)
SW zero, 0 (SP)
SW at, 4 (SP)
SW v0, 8 (SP)
...
SW Ra, 124 (SP)/* Save the General Register group first */
MFC K0, EPC
NOP/* MFC is too slow. Add a NOP in the delay slot */
SW K0, 128 (SP)
MFC K0, cause
NOP
SW K0, 132 (SP)
...
2. Exception Handling. The address error exception is used as an example. When an exception occurs, two non-alignment loading/storage commands are called Based on the saved badvaddr to read and write data to the memory address.
3. Return. Restores the content of the register group stored in the stack.
The action returned from the exception state is completed by hardware. It must complete three operations at the same time:
1. Recover the SR register; 2. Return to the address pointed to by the EPC register for further execution; 3. Return to the user State. As mentioned in "see MIPS run", if these three processes fail to be executed "atomically", a security vulnerability may occur, in some cases, the user may escalate the barrier set by the CPU kernel state, thus obtaining the Administrator permission illegally.
In mips I and MIPS II processors, use the RFE command to "recover from exceptions", that is, to recover the SR register and recover the system from the kernel state to the user State. However, this command does not return the executed command address to the abnormal command. This work should be executed by a previous Jr command. In this way, the relevant Assembly Code returned from the exception should be:
MFC K0, EPC
JR K0
RFE/* run in the delay slot of the previous Jr command to ensure atomicity */
In mips iii and later processors, returning from an exception does not require such a red tape. You only need an eret command to get everything ready.