MIT 6.828 学习笔记3 Lab1实验报告

来源:互联网 发布:金庸状告江南 知乎 编辑:程序博客网 时间:2024/06/09 22:54


Exercise 3

  • At what point does the processor start executing 32-bit code? What exactly causes the switch from 16- to 32-bit mode?


ljmp    $PROT_MODE_CSEG, $protcseg


  • What is the last instruction of the boot loader executed, and what is the first instruction of the kernel it just loaded?


call   *0x10018

调用内核程序入口,所以这条指令是boot loader的最后一条指令,通过si命令可以得出内核的第一条指令,结果如下

(gdb) b *0x7d6bBreakpoint 1 at 0x7d6b(gdb) cContinuing.The target architecture is assumed to be i386=> 0x7d6b:  call   *0x10018Breakpoint 1, 0x00007d6b in ?? ()(gdb) si=> 0x10000c:    movw   $0x1234,0x4720x0010000c in ?? ()
  • Where is the first instruction of the kernel?


hiroshi@Hiroshi-PC:~/6.828/lab/obj/kern$ objdump -f kernelkernel:     文件格式 elf32-i386体系结构:i386, 标志 0x00000112EXEC_P, HAS_SYMS, D_PAGED起始地址 0x0010000c
  • How does the boot loader decide how many sectors it must read in order to fetch the entire kernel from disk? Where does it find this information?

通过Program Header Table中的信息来决定读取的扇区,利用objdump命令可以查看内核程序的段信息,结果如下

hiroshi@Hiroshi-PC:~/6.828/lab/obj/kern$ objdump -p kernelkernel:     文件格式 elf32-i386程序头:    LOAD off    0x00001000 vaddr 0xf0100000 paddr 0x00100000 align 2**12         filesz 0x0000712f memsz 0x0000712f flags r-x    LOAD off    0x00009000 vaddr 0xf0108000 paddr 0x00108000 align 2**12         filesz 0x0000a300 memsz 0x0000a944 flags rw-   STACK off    0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**4         filesz 0x00000000 memsz 0x00000000 flags rwx

Exercise 4

  • Download the code for pointers.c, run it, and make sure you understand where all of the printed values come from.


Exercise 5

  • Change the link address in boot/Makefrag to something wrong, run make clean, recompile the lab with make, and trace into the boot loader again to see what happens.

将地址改为0x7c04,由于BIOS会把boot loader固定加载到内存地址的0x7c00,在0x7c00处断点,执行如下指令时错误

(gdb) si[   0:7c2d] => 0x7c2d:  ljmp   $0x8,$0x7c360x00007c2d in ?? ()


ljmp    $PROT_MODE_CSEG, $protcseg


Exercise 6

  • Examine the 8 words of memory at 0x00100000 at the point the BIOS enters the boot loader, and then again at the point the boot loader enters the kernel. Why are they different? What is there at the second breakpoint?
(gdb) b *0x7c00Breakpoint 1 at 0x7c00(gdb) cContinuing.[   0:7c00] => 0x7c00:  cli    Breakpoint 1, 0x00007c00 in ?? ()(gdb) x/8x 0x1000000x100000:   0x00000000  0x00000000  0x00000000  0x000000000x100010:   0x00000000  0x00000000  0x00000000  0x00000000(gdb) b *0x7d6bBreakpoint 2 at 0x7d6b(gdb) cContinuing.The target architecture is assumed to be i386=> 0x7d6b:  call   *0x10018Breakpoint 2, 0x00007d6b in ?? ()(gdb) x/8x 0x1000000x100000:   0x1badb002  0x00000000  0xe4524ffe  0x7205c7660x100010:   0x34000004  0x0000b812  0x220f0011  0xc0200fd8


Exercise 7

  • Use QEMU and GDB to trace into the JOS kernel and stop at the movl %eax, %cr0. Examine memory at 0x00100000 and at 0xf0100000. Now, single step over that instruction using the stepi GDB command. Again, examine memory at 0x00100000 and at 0xf0100000. Make sure you understand what just happened.
=> 0x100025:    mov    %eax,%cr00x00100025 in ?? ()(gdb) x/8x 0x1000000x100000:   0x1badb002  0x00000000  0xe4524ffe  0x7205c7660x100010:   0x34000004  0x0000b812  0x220f0011  0xc0200fd8(gdb) x/8x 0xf01000000xf0100000 <_start+4026531828>: 0x00000000  0x00000000  0x00000000  0x000000000xf0100010 <entry+4>:   0x00000000  0x00000000  0x00000000  0x00000000(gdb) si=> 0x100028:    mov    $0xf010002f,%eax0x00100028 in ?? ()(gdb) x/8x 0x1000000x100000:   0x1badb002  0x00000000  0xe4524ffe  0x7205c7660x100010:   0x34000004  0x0000b812  0x220f0011  0xc0200fd8(gdb) x/8x 0xf01000000xf0100000 <_start+4026531828>: 0x1badb002  0x00000000  0xe4524ffe  0x7205c7660xf0100010 <entry+4>:   0x34000004  0x0000b812  0x220f0011  0xc0200fd8


movl    %eax, %cr0


  • What is the first instruction after the new mapping is established that would fail to work properly if the mapping weren’t in place? Comment out the movl %eax, %cr0 in kern/entry.S, trace into it, and see if you were right.


movl    %eax, %cr0


=> 0x10001d:    mov    %cr0,%eax0x0010001d in ?? ()(gdb) si=> 0x100020:    or     $0x80010001,%eax0x00100020 in ?? ()(gdb) si=> 0x100025:    mov    $0xf010002c,%eax0x00100025 in ?? ()(gdb) si=> 0x10002a:    jmp    *%eax0x0010002a in ?? ()(gdb) si=> 0xf010002c <relocated>:  add    %al,(%eax)relocated () at kern/entry.S:7474      movl    $0x0,%ebp          # nuke frame pointer(gdb) siRemote connection closed


qemu: fatal: Trying to execute code outside RAM or ROM at 0xf010002c


Exercise 8


  • Explain the interface between printf.c and console.c. Specifically, what function does console.c export? How is this function used by printf.c?


  • Explain the following from console.c


  • In the call to cprintf(), to what does fmt point? To what does ap point?List (in order of execution) each call to cons_putc, va_arg, and vcprintf. For cons_putc, list its argument as well. For va_arg, list what ap points to before and after the call. For vcprintf list the values of its two arguments.


  • What is the output? Explain how this output is arrived at in the step-by-step manner of the previous exercise.If the x86 were instead big-endian what would you set i to in order to yield the same output? Would you need to change 57616 to a different value?

输出为He110 World
ASCII码中,0x00 0x64 0x6c 0x72对应值为[NUL] d l r

  • In the following code, what is going to be printed after ‘y=’? (note: the answer is not a specific value.) Why does this happen?




if (!(c & ~0xFF))  // 如果没有颜色控制信息(后 8 位)    c |= 0x0100;    // 0x07 = 00000111 前景白 背景黑 不闪烁


15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 背景色 前景色 字符


if (!(c & ~0xFF)) {    char ch = c & 0xFF;    if (ch > 47 && ch < 58) {        c |= 0x0100;    } else if (ch > 64 && ch < 91) {        c |= 0x0200;    } else if (ch > 96 && ch < 123) {        c |= 0x0300;    } else {        c |= 0x0400;    }}


Exercise 9

  • Determine where the kernel initializes its stack, and exactly where in memory its stack is located. How does the kernel reserve space for its stack? And at which “end” of this reserved area is the stack pointer initialized to point to?


movl    $0x0,%ebpmovl    $(bootstacktop),%esp


bootstack:    .space      KSTKSIZE


Exercise 10

  • examine what happens each time it gets called after the kernel starts. How many 32-bit words does each recursive nesting level of test_backtrace push on the stack, and what are those words?


|    ...    ||   args1   ||  ret  eip || saved ebp | | saved ebx ||   args5   ||   args4   ||   args3   ||   args2   ||   args1   ||  ret  eip || saved ebp | | saved ebx ||    ...    |


Exercise 11

  • Implement the backtrace function as specified above.


printf("Stack backtrace:\n");uint32_t *ebp = (uint32_t *) read_ebp();cprintf("Stack backtrace:\n");while (ebp) {    cprintf(" ebp %08x eip %08x args ", ebp, ebp[1]);    for (int j = 2; j != 7; ++j) {        cprintf(" %08x", ebp[j]);       }    cprintf("\n");    ebp = (uint32_t *) (*ebp);}return 0;

Exercise 12

  • Complete the implementation of debuginfo_eip by inserting the call to stab_binsearch to find the line number for an address.Add a backtrace command to the kernel monitor.


info->eip_file = stabstr + stabs[lfile].n_strx;stab_binsearch(stabs, &lline, &rline, N_SLINE, addr);if (lline > rline) {    return -1;} else {    info->eip_line = stabs[rline].n_desc;}


struct Eipdebuginfo info;uint32_t *ebp = (uint32_t *) read_ebp();cprintf("Stack backtrace:\n");while (ebp) {    cprintf(" ebp %08x eip %08x args", ebp, ebp[1]);    for (int j = 2; j != 7; ++j) {        cprintf(" %08x", ebp[j]);       }    debuginfo_eip(ebp[1], &info);    cprintf("\n     %s:%d: %.*s+%d\n", info.eip_file, info.eip_line, info.eip_fn_namelen, info.eip_fn_name, ebp[1] - info.eip_fn_addr);    ebp = (uint32_t *) (*ebp);}

补充完后,make grade通过!

hurlex <四> 字符模式下的显卡驱动

0 0