Linux operating system analysis (1)-How program works

Student ID: SA ××× 310 name: ×× Tao

Environment: opensuse 12.2 gcc4.7.1

1. GDBCommonDebug Command

To debug with GDB, add the-G parameter to the compilation command, for example

gcc -g main.c -o main

B linenum: breakpoint on line linenum

L display source code;

CTRL-D Exit GDB

Where displays the current running position

Print/d $ eax: The $ eax value is printed in decimal format./X is hexadecimal and/T is binary.

C: Execute to the next breakpoint

N next line

Layout split divides the current terminal into two halves. The source code and compilation are displayed. You can enter the debugging command below. The effect is as follows:

2. example. C program analysis

Program code:

#include <stdio.h>int g(int x){return x+3;}int f(int x){return g(x);}int main(void){printf("Hello\n");return f(8)+1;}

The following four steps are required to compile the source code into a binary file:Pre-processing (CPP) → compile (GCC or G ++) → assemble (AS) → Link (LD)
The programs used in each stage are in the GCC and binutils packages.

Use the GCC compilation parameters and the generated file.

2.1 pre-Compilation

gcc -E Example.c -o Example.cpp

The generated CPP file is as follows:

.........//a lot of extern statementextern char *ctermid (char *__s) __attribute__ ((__nothrow__ , __leaf__));# 910 "/usr/include/stdio.h" 3 4extern void flockfile (FILE *__stream) __attribute__ ((__nothrow__ , __leaf__));extern int ftrylockfile (FILE *__stream) __attribute__ ((__nothrow__ , __leaf__)) ;extern void funlockfile (FILE *__stream) __attribute__ ((__nothrow__ , __leaf__));# 940 "/usr/include/stdio.h" 3 4# 2 "Example.c" 2int g(int x){ return x+3;}int f(int x){ return g(x);}int main(void){ return f(8)+1;}

The main code is basically unchanged and many extern statements are added.

Analysis

The main functions of pre-compilation are as follows:
● Copy the files contained in the source file in the "include" format to the compiled source file.
● Replace the string defined by "# define" with the actual value.
● The code to be compiled is determined based on the conditions following "# If.

At this stage, the compiler compiles the header file stdio. h In the C source code to generate an extended C program. When a source file is compiled, the system will automatically reference the Preprocessing Program to process the preprocessing part of the source program. After the processing is completed, the system will automatically compile the source program.

2.2 compile

The compilation result is the compilation code.

gcc -S Example.c -o Example.s

The. s file is generated as follows:

. File "example. C ". text. globlg. typeg, @ functiong :. lfb0 :. cfi_startprocpushl % EBP; EBP register content pressure stack. cfi_def_cfa_offset 8. cfi_offset 5,-8 movl % ESP, % EBP; the ESP value is assigned to EBP to set the stack base address of the function .. Cfi_def_cfa_register 5movl8 (% EBP), % eax; Save the content that EBP + 8 points to memory to eaxaddl $3, % eax; add 3 and eax values, the result is saved to popl % EBP in eax; The content in EBP is output to stack. cfi_restore 5. cfi_def_cfa 4, 4ret. cfi_endproc.lfe0 :. sizeg ,. -G. globlf. typef, @ functionf :. lfb1 :. cfi_startprocpushl % EBP; EBP register content pressure stack. cfi_def_cfa_offset 8. cfi_offset 5,-8 movl % ESP, % EBP; the ESP value is assigned to EBP to set the stack base address of the function .. Cfi_def_cfa_register 5 subl $4, % ESP; move four units under ESP: movl8 (% EBP), % eax; Save the content of EBP + 8 pointing to memory to eaxmovl % eax, (% ESP); save eax to callg in memory referred to by ESP; call G Function leave; assign EBP value to ESP, pop the base address of the upper-level function stack in the previous stack to EBP, restore the base address of the original stack. cfi_restore 5. cfi_def_cfa 4, 4ret; the function returns to the upper-level call. cfi_endproc.lfe1 :. sizef ,. -F. globlmain. typemain, @ functionmain :. lfb2 :. cfi_startprocpushl % EBP; EBP register content pressure stack. cfi_def_cfa_offset 8. cfi_offset 5,-8 movl % ESP, % EBP; the ESP value is assigned to EBP and the stack base address of the function is set.. Cfi_def_cfa_register 5 subl $4, % ESP; four units move under ESP: movl $8, (% ESP); save 8 to the memory space callf pointed to by ESP; call the f function addl $1, % eax; Add the content of 1 and eax to leave; assign the EBP value to ESP, pop the base address of the upper-level function stack in the previous stack to EBP, restore the base address of the original stack. cfi_restore 5. cfi_def_cfa 4, 4ret; the function returns to the upper-level call. cfi_endproc.lfe2 :. sizemain ,. -Main. ident "GCC: (SuSE Linux) 4.7.1 20120723 [gcc-4_7-branch revision 189773]". section. comment. suse. opts, "Ms", @ progbits, 1. string "ospwg ". section. note. GNU-stack, "", @ progbits

Analysis

1st behavior GCC file information; 2nd lines mark the following section as a code segment; 3rd and 4 lines indicate the entry of the G function; 5th lines indicate the entry of the behavior entry; 6 ~ 20 behavior G Function body, analyzed later; 21 size of the code segment of the behavior F function; 22 and 23 lines indicate that this is the entry of the f function; 24 behavior entry ID, 25 to 41 is the Assembly implementation of F functions; 42 is the size of the code segment of F functions; 43 and 44 indicate that this is the main function entry; 45 is the behavior entry identifier, 46 to 62 are the Assembly implementation of the main function; 63 are the size of the code segment of the main function; 54 to 67 are the information left by GCC.

The memory usage during the running of the program is as follows:

To. the command starting with CFI is as follows. cfi_startproc is mainly used to roll back the stack (unwind) When an exception occurs. The rollback process is a level-1 CFA rollback until the exception is caught.

We will not discuss it here. For more information, see here.

Each function is called at the beginning

Pushl % EBP; EBP register content pressure stack, that is, save the stack base address movl % ESP, % EBP of the function's upper-level call function; esp value assigned to EBP, set the stack base address of the Function

The main function is to save the execution status of the current program.

Two other statements will also appear at the end of the function call:

Leave; assign the EBP value to ESP, pop the base address of the upper-level function stack in the previous stack to EBP, restore the base address of the original stack ret; function return, return to the upper-level call

Return to the status before execution after the function is executed.

Note that push and pop in assembly

The format of pop commands is:
Pop destination
The pop command stores the data with the specified length at the top of the stack to destination, and sets the ESP value so that it always points to the top position of the stack.

Push is the opposite.

Pushl % eax is equivalent

Subl $ 4% ESP

Movl % eax (% ESP)

Popl % eax is equivalent

Movl (% ESP) % eax

Addl % 4% ESP

2.3 assembly

After compilation, the. o file is obtained, and the terminal executes the command:

as Example.s -o Example.o

Enable it with vim on the terminal:

vim -b Example.o

In hexadecimal format, enter

 :%!xxd

The result is as follows (not fully displayed)

Analysis

The target file is the intermediate files that are compiled with the source code but are not linked. It contains the compiled machine command code and some information required for the link, such as symbol tables, debugging information, and strings.

You can view the information of the target file and execute it on the terminal.

file Example.o

Get:

Example. O: Elf 32-bit LSB relocatable, Intel 80386, Version 1 (sysv), not stripped

The relocatable indicates that the file is the relocable file type in elf.

2.4 Link

The linked file is an executable file, and there is no extension in Linux.

Terminal execution:

gcc Example.o -o Example

Run the following example on the terminal:

./Example

Running result:

,

Analysis

Run the file command to view the attributes of example:

file Example

Example: Elf 32-bit LSB executable, Intel 80386, Version 1 (sysv), dynamically linked (uses SHARED libs), for GNU/Linux 2.6.16, buildid [sha1] = kernel, not stripped

Executable indicates that the file is of the executable file type in elf.

Because the program does not have any print statements, the program exits after execution.

3. computer workflow-single task and multi-task temporarily discuss the simplest computer, including only the CPU, memory, and I/O control chip. If a user can only run one application at a time, the corresponding operating system is called a single task operating system, such as MS-dos. If you can run multiple applications (each application is called a task) at the same time, such an operating system is called a multitasking operating system, such as Windows 7 and Mac OS. In the earliest single-task computer, a user can run only one program at a time. The computer first loads the program to the memory from the external memory, and then runs the program commands in sequence, the next program can be loaded and executed only after the execution is complete. Since the CPU resources were very precious at that time, in order to make full use of them, there were many programs after which, when a program does not need to use the CPU for the moment, the monitoring program starts another program waiting for CPU resources to make full use of the CPU. The disadvantage is that the program runs without priority. After that, a time-sharing system emerged, and the program running mode turned into a cooperative mode, that is, each program runs for a period of time and takes the initiative to give up the CPU. The time-sharing system continues to develop into today's multi-task system-all programs run in a process mode at a lower level than the operating system permissions. Each process has its own independent space, the CPU is allocated by the operating system in a unified manner. Each process has the opportunity to obtain the CPU Based on the priority of the process. Multi-task implementation mainly relies on MMU (Memory Management Unit: Memory Management Unit ). The main task of MMU is to convert the virtual address (calculated by the compiler and the linker) of the program into the physical address of the memory (determined by the hardware circuit ). MMU can relocate the task address without moving the task in memory. The physical memory of a task is simply mapped to the virtual memory by activating or not activating the page table. 4. Reference Material: self-cultivation of programmers-links, loading and libraries
Computer systems: a programmer's perspective 3rd Edith