Linux Kernel Analysis-1: The Life of a computer program

First of all, the children who have assembled the computer should know that the computer is composed of CPU, memory, hard disk, motherboard, power supply, of course, playing games of children's shoes will also be obsessed with video cards (such as GTX980 Tactical nuclear graphics)

As long as these things are available, the computer can run.

But how do these things work together and let the program run?

First, we need to know something called the operating system, essentially, it is also a program, abstract, it can be seen as an environment. This environment to ensure that each program can work properly, normal rest, normal learning (hey, this is not normal!) ）

And we programmers just use the standard syntax to tell the operating system what we want the computer to do, for example, there is a C language code:

2. int g (int x)
4. {
6. return x + 3;
8. }
12. int f (int x)
14. {
16. return g (x);
18. }
22. int main (void)
24. {
26. return F (8) + 1;
28. }

How does this program work on a computer? We disassemble it and get the assembly code:

After simplification:

G:

PUSHL%EBP

MOVL%esp,%EBP

MOVL 8 (%EBP),%eax

Addl,%eax

POPL%EBP

Ret

F:

PUSHL%EBP

MOVL%esp,%EBP

Subl $4,%esp

MOVL 8 (%EBP),%eax

Movl%eax, (%ESP)

Call G

Leave

Ret

Main

PUSHL%EBP

MOVL%esp,%EBP

Subl $4,%esp

Movl $8, (%ESP)

Call F

Addl $,%eax

Leave

Ret

Let's first see the two assembly code for the entry point of the main function:

PUSHL%EBP

MOVL%ESP,%EBP

The PUSHL instruction is to put the value of the EBP register on the stack, save the value, and the MOVL instruction is to put the value of the ESP on the EBP, so that EBP gets a new value, this new value equals the value of esp.

So we know that both ESP and EBP begin to be equal, that is, to create a separate storage stack for the program (PS: We can think of EBP as the beginning of the stack, esp as the end of the stack, esp grows, and the stack grows, and vice versa)

In layman's terms, it was ebp and esp. they decided to open a new pit ...

Well, after opening a new pit, we're going to pits, and the C code behind calls the function f (8), which corresponds to the following three assembly code:

Subl $4,%esp

Movl $8, (%ESP)

Call F

First of all, the computer to the incoming parameter 8 pressure on the stack, to complete this operation, the first must first expand the stack space, as mentioned earlier, so that the ESP growth, how to grow it, first let the ESP register point to the address minus 4, and then put 8 into this extended space.

After calling call, called the F function, call is the equivalent of saving the current context and changing the address that the EIP points to (the location of the code snippet to be executed is changed).

So the current address of the EIP is pressed to the stack, then the address of the EIP points to the function F, the function f and the main function of the beginning part of the same work, in layman's terms, it also opened up a separate stack storage space (new pit), so, function f also sat up a mighty pits work.

In C, we see that the F function calls the G function, similar to the main function called the F function, first the computer expands the stack space and then presses the x into the push stack, but unlike the previous one, the computer does not press the value in the stack directly onto the stack, but instead makes a relay by the EAX register:

MOVL 8 (%EBP),%eax

Movl%eax, (%ESP)

Although the process is different, but the result is the same, then call Call,eip again jump to the G function there, open new pits and pits:

PUSHL%EBP

MOVL%esp,%EBP

MOVL 8 (%EBP),%eax

Addl,%eax

We start with the third assembly code, that is, the F function passed to the G parameter X is taken out and placed on the EAX register, fourth ADDL statement executed X+3

After Popl%ebp, that is, the value of the top of the stack to the EBP, we know that EBP is the beginning of the stack, the value of the EBP change also means to jump to a new stack.

And this new stack is the independent storage stack for function f.

The RET statement is equivalent to the value of the top of the popup stack on the EIP, and this popup value is exactly the address after function f calls the G function.

The program then returns to the function f and gets the return value (in the presence of the EAX register):

Leave

This statement represents the meaning of

MOVL%esp,%EBP

POPL%EBP

Returns to the previous isolated storage stack.

After RET, the EIP points to the next line of code where the main function calls the F function. That is x+1, since EAX is responsible for saving the results of the returned function, there are:

Addl $1,%eax

After the main function returns, after AH: I can't make up my story ...

Computer work, it can be said that the work of the operating system is to continuously execute a loop, the loop holds the context of the previous loop, the data, and then for the current loop to open up a context and storage space, so that the current loop work, if the current loop and start a new cycle then it will repeat the work, If the loop is complete and the new loop is not opened, the computer jumps to the previous loop. If you use a wheel analogy will be more appropriate, this wheel can be either forward or backward turn.

However, I prefer the construction and interpretation of computer programs, the programmer is like a magician, they write runes to produce a variety of magic, and the computer is a magic wand to achieve unlimited dreams.

Blackerxhunter

Original works reproduced please indicate the source

"Linux kernel Analysis" MOOC course, http://mooc.istudy.163.com/course/USTC-1000029000

Linux Kernel Analysis-1: The Life of a computer program