diff options
| -rw-r--r-- | subx/010---vm.cc | 10 | ||||
| -rw-r--r-- | subx/056write.subx | 4 | ||||
| -rw-r--r-- | subx/057stop.subx | 210 |
3 files changed, 153 insertions, 71 deletions
diff --git a/subx/010---vm.cc b/subx/010---vm.cc index a3ca1a6c..ef23804f 100644 --- a/subx/010---vm.cc +++ b/subx/010---vm.cc @@ -293,6 +293,7 @@ void run_one_instruction() { cerr << "opcode: " << HEXBYTE << NUM(op) << '\n'; cerr << "registers at start: "; dump_registers(); +//? dump_stack(); } switch (op) { case 0xf4: // hlt @@ -363,6 +364,15 @@ void dump_registers() { cerr << " -- SF: " << SF << "; ZF: " << ZF << "; OF: " << OF << '\n'; } +void dump_stack() { + cerr << "stack:\n"; + for (uint32_t a = AFTER_STACK-4; a > Reg[ESP].u; a -= 4) + cerr << " 0x" << HEXWORD << a << " => 0x" << HEXWORD << read_mem_u32(a) << '\n'; + cerr << " 0x" << HEXWORD << Reg[ESP].u << " => 0x" << HEXWORD << read_mem_u32(Reg[ESP].u) << " <=== ESP\n"; + for (uint32_t a = Reg[ESP].u-4; a > Reg[ESP].u-40; a -= 4) + cerr << " 0x" << HEXWORD << a << " => 0x" << HEXWORD << read_mem_u32(a) << '\n'; +} + //: start tracking supported opcodes :(before "End Globals") map</*op*/string, string> Name; diff --git a/subx/056write.subx b/subx/056write.subx index c9303b56..fbe65c3c 100644 --- a/subx/056write.subx +++ b/subx/056write.subx @@ -45,7 +45,7 @@ write: # f : fd or (address stream), s : (address array byte) -> <void> 89/copy 3/mod/direct 5/rm32/EBP . . . 4/r32/ESP . . # copy ESP to EBP # if (f < 0x08000000) _write(f, s), return # f can't be a user-mode address, so treat it as a kernel file descriptor 81 7/subop/compare 1/mod/*+disp8 4/rm32/sib 5/base/EBP 4/index/none . . 8/disp8 0x08000000/imm32 # compare *(EBP+8) - 7f/jump-if-greater $write:else/disp8 + 7f/jump-if-greater $write:fake/disp8 # push args ff 6/subop/push 1/mod/*+disp8 4/rm32/sib 5/base/EBP 4/index/none . . 0xc/disp8 . # push *(EBP+12) ff 6/subop/push 1/mod/*+disp8 4/rm32/sib 5/base/EBP 4/index/none . . 8/disp8 . # push *(EBP+8) @@ -54,7 +54,7 @@ write: # f : fd or (address stream), s : (address array byte) -> <void> # discard args 81 0/subop/add 3/mod/direct 4/rm32/ESP . . . . . 8/imm32 # add to ESP eb/jump $write:end/disp8 -$write:else: +$write:fake: # otherwise, treat 'f' as a stream to append to # save registers 50/push-EAX diff --git a/subx/057stop.subx b/subx/057stop.subx index 8d574b96..4488c1d5 100644 --- a/subx/057stop.subx +++ b/subx/057stop.subx @@ -1,53 +1,29 @@ # stop: dependency-injected wrapper around the exit() syscall # -# We'd like to be able to write tests for functions calling exit() in production, -# and to make assertions about whether they exit() or not. +# We'd like to be able to write tests for functions that call exit(), and to +# make assertions about whether they exit() or not in a given situation. To +# achieve this we'll call exit() via a smarter wrapper called 'stop'. # -# The basic plan goes like this: `stop` will take an 'exit descriptor' that's -# opaque to callers. If it's null, it will call exit() directly. If it's not -# null, it'll be a pointer into the stack. `stop` will unwind the stack to -# that point, and use the value at that point as the address to 'return' to. +# In the context of a test, calling a function X that calls 'stop' (directly +# or through further intervening calls) will unwind the stack until X returns, +# so that we can say check any further assertions after the execution of X. To +# achieve this end, we'll pass the return address of X as a 'target' argument +# into X, plumbing it through to 'stop'. When 'stop' gets a non-null target it +# unwinds the stack until the target. If it gets a null target it calls +# exit(). # -# No other processor state will be restored. We won't bother with registers, -# signal handlers or anything else for now. A test function that wants to -# protect against exit will create an exit descriptor (directly, without -# wrapping function calls; the value of the stack pointer matters) and pass it -# in to the function under test. After the function under test returns, -# registers may be meaningless. The test function is responsible for determining -# that. +# We'd also like to get the exit status out of 'stop', so we'll combine the +# input target with an output status parameter into a type called 'exit-descriptor'. # -# to create an exit descriptor: -# store current value of ESP (say X) +# So the exit-descriptor looks like this: +# target : address # input return address for 'stop' to unwind to +# value : int # output exit status stop was called with # -# to exit in the presence of an exit descriptor: -# copy value at X -# ensure ESP is greater than X + 4 -# set ESP to X + 4 -# save exit status in the exit descriptor -# jump to X +# 'stop' thus takes two parameters: an exit-descriptor and the exit status. # -# caller after returning from a function that was passed in the exit -# descriptor: -# check the exit status in the exit descriptor -# if it's 0, exit() was not called -# registers are valid -# if it's non-zero (say 'n'), exit() was called with value n-1 -# registers are no longer valid -# -# An exit descriptor looks like this: -# target: address # containing the return address to restore stack to -# value: int # exit status if called -# -# It's illegal for the exit descriptor to be used after its creating function -# call returns. -# -# This is basically a poor man's setjmp/longjmp. But setjmp/longjmp is defined -# in libc, not in the kernel, so we need to implement it ourselves. Since our -# use case is simpler, only needing to simulate exit() in tests, our implementation -# is simpler as well. It's impossible to make setjmp/longjmp work safely in -# all C programs, so we won't even bother. Just support this one use case and -# stop (no pun intended). Anything else likely requires a more high-level -# language with support for continuations. +# We won't bother cleaning up any other processor state besides the stack, +# such as registers. Only ESP will have a well-defined value after 'stop' +# returns. (This is a poor man's setjmp/longjmp, if you know what that is.) == code @@ -56,52 +32,137 @@ # 1-3 bytes 3 bits 2 bits 3 bits 3 bits 3 bits 2 bits 2 bits 0/1/2/4 bytes 0/1/2/4 bytes # main: (manual test if this is the last file loaded) +#? e8/call test-stop-skips-returns-on-exit/disp32 e8/call run-tests/disp32 # 'run-tests' is a function created automatically by SubX. It calls all functions that start with 'test-'. # syscall(exit, Num-test-failures) - 8b/copy 0/mod/indirect 5/rm32/.disp32 . . 1/r32/EBX Num-test-failures/disp32 # copy *Num-test-failures to EBX + 8b/copy 0/mod/indirect 5/rm32/.disp32 . . 3/r32/EBX Num-test-failures/disp32 # copy *Num-test-failures to EBX b8/copy-to-EAX 1/imm32 cd/syscall 0x80/imm8 -# initialize an exit descriptor that has already been allocated by caller. -# invoking `stop` on the exit descriptor will return to the caller's stack frame. -create-exit-descriptor: # address -> () - # TODO +# Configure an exit-descriptor for a call pushing 'nbytes' bytes of args to +# the stack. +# Ugly that we need to know the size of args, but so it goes. +tailor-exit-descriptor: # ed : (address exit-descriptor), nbytes : int -> () + # prolog + 55/push-EBP + 89/copy 3/mod/direct 5/rm32/EBP . . . 4/r32/ESP . . # copy ESP to EBP + # save registers + 50/push-EAX + 51/push-ECX + # EAX = nbytes + 8b/copy 1/mod/*+disp8 4/rm32/sib 5/base/EBP 4/index/none . 0/r32/EAX 0xc/disp8 . # copy *(EBP+12) to EAX + # Let X be the value of ESP in the caller, before the call to tailor-exit-descriptor. + # The return address for a call in the caller's body will be at: + # X-8 if the caller takes 4 bytes of args for the exit-descriptor (add 4 bytes for the return address) + # X-12 if the caller takes 8 bytes of args + # ..and so on + # That's the value we need to return: X-nbytes-4 + # + # However, we also need to account for the perturbance to ESP caused by the + # call to tailor-exit-descriptor. It pushes 8 bytes of args followed by 4 + # bytes for the return address and 4 bytes to push EBP above. + # So EBP at this point is X-16. + # + # So the return address for the next call in the caller is: + # EBP+8 if the caller takes 4 bytes of args + # EBP+4 if the caller takes 8 bytes of args + # EBP if the caller takes 12 bytes of args + # EBP-4 if the caller takes 16 bytes of args + # ..and so on + # That's EBP+12-nbytes. + # option 1: 6 + 3 bytes +#? 2d/subtract 3/mod/direct 0/rm32/EAX . . . . . 8/imm32 # subtract from EAX +#? 8d/copy-address 0/mod/indirect 4/rm32/sib 5/base/EBP 0/index/EAX . 0/r32/EAX . . # copy EBP+EAX to EAX + # option 2: 2 + 4 bytes + f7 3/subop/negate 3/mod/direct 0/rm32/EAX . . . . . . # negate EAX + 8d/copy-address 1/mod/*+disp8 4/rm32/sib 5/base/EBP 0/index/EAX . 0/r32/EAX 0xc/disp8 . # copy EBP+EAX+12 to EAX + # copy EAX to ed->target + 8b/copy 1/mod/*+disp8 4/rm32/sib 5/base/EBP 4/index/none . 1/r32/ECX 8/disp8 . # copy *(EBP+8) to ECX + 89/copy 0/mod/indirect 1/rm32/ECX . . . 0/r32/EAX . . # copy EAX to *ECX + # initialize ed->value + c7/copy 1/mod/*+disp8 1/rm32/ECX . . . . 4/disp8 0/imm32 # copy to *(ECX+4) + # restore registers + 59/pop-to-ECX + 58/pop-to-EAX + # epilog + 89/copy 3/mod/direct 4/rm32/ESP . . . 5/r32/EBP . . # copy EBP to ESP + 5d/pop-to-EBP + c3/return -stop: # exit-descriptor, value - # TODO +stop: # ed : (address exit-descriptor), value : int + # no prolog; one way or another, we're going to clobber registers + # EAX = ed + 8b/copy 1/mod/*+disp8 4/rm32/sib 4/base/ESP 4/index/none . 0/r32/EAX 4/disp8 . # copy *(ESP+4) to EAX + # exit(value) if ed->target == 0 + 81 7/subop/compare 0/mod/indirect 0/rm32/EAX . . . . . 0/imm32 # compare *EAX + 75/jump-if-not-equal $stop:fake/disp8 + # syscall(exit, ed->value) + 8b/copy 1/mod/*+disp8 0/rm32/EAX . . . 3/r32/EBX 4/disp8 . # copy *(EAX+4) to EBX + b8/copy-to-EAX 1/imm32 + cd/syscall 0x80/imm8 +$stop:fake: + # ed->value = value+1 + 8b/copy 1/mod/*+disp8 4/rm32/sib 4/base/ESP 4/index/none . 1/r32/ECX 8/disp8 . # copy *(ESP+8) to ECX + 41/inc-ECX + 89/copy 1/mod/*+disp8 0/rm32/EAX . . . 1/r32/ECX 4/disp8 . # copy ECX to *(EAX+4) + # non-local jump to ed->target + 8b/copy 0/mod/indirect 0/rm32/EAX . . . 4/r32/ESP . . # copy *EAX to ESP + c3/return # doesn't return to caller test-stop-skips-returns-on-exit: - # call _test-stop-1 with its exit descriptor: the location of its return - # address. + # This looks like the standard prolog, but is here for different reasons. + # A function calling 'stop' can't rely on EBP persisting past the call. # - # This argument is currently uninitialized, but will be initialized in the - # 'call' instruction. - # - # The address passed in depends on the number of locals allocated on the - # stack. + # Use EBP here as a stable base to refer to locals and arguments from in the + # presence of push/pop/call instructions. + # *Don't* use EBP as a way to restore ESP. + 55/push-EBP + 89/copy 3/mod/direct 5/rm32/EBP . . . 4/r32/ESP . . # copy ESP to EBP + # Make room for an exit descriptor on the stack. That's almost always the + # right place for it, available only as long as it's legal to use. Once this + # containing function returns we'll need a new exit descriptor. + # var ed/EAX : (address exit-descriptor) + 81 5/subop/subtract 3/mod/direct 4/rm32/ESP . . . . . 8/imm32 # subtract from ESP + 8d/copy-address 0/mod/indirect 4/rm32/sib 4/base/ESP 4/index/none . 0/r32/EAX . . # copy ESP to EAX + # Size the exit-descriptor precisely for the next call below, to _test-stop-1. + # tailor-exit-descriptor(ed, 4) + # push args + 68/push 4/imm32/nbytes-of-args-for-_test-stop-1 + 50/push-EAX + # call + e8/call tailor-exit-descriptor/disp32 + # discard args + 81 0/subop/add 3/mod/direct 4/rm32/ESP . . . . . 8/imm32 # add to ESP + # call _test-stop-1(ed) # push arg - 8d/copy-address 1/mod/*+disp8 4/rm32/sib 4/base/ESP 4/index/none 0/r32/EAX -8/disp8 . # copy ESP-8 to EAX 50/push-EAX # call e8/call _test-stop-1/disp32 - # discard arg - 81 0/subop/add 3/mod/direct 4/rm32/ESP . . . . . 4/imm32 # add to ESP - # signal check passed: check-ints-equal(1, 1, msg) + ## registers except ESP may be clobbered at this point + # restore arg + 58/pop-to-EAX + # check that _test-stop-1 tried to call exit(1) + # check-ints-equal(ed->value, 2, msg) # i.e. stop was called with value 1 # push args 68/push "F - test-stop-skips-returns-on-exit"/imm32 - 68/push 1/imm32 - 68/push 1/imm32 + 68/push 2/imm32 + # push ed->value + ff 6/subop/push 1/mod/*+disp8 0/rm32/EAX . . . . 4/disp8 . # push *(EAX+4) # call e8/call check-ints-equal/disp32 # discard args 81 0/subop/add 3/mod/direct 4/rm32/ESP . . . . . 0xc/imm32 # add to ESP + # epilog + 5d/pop-to-EBP + # don't restore ESP from EBP; manually reclaim locals + 81 0/subop/add 3/mod/direct 4/rm32/ESP . . . . . 8/imm32 # add to ESP c3/return -_test-stop-1: # unwind-mark : address +_test-stop-1: # ed : (address exit-descriptor) # prolog 55/push-EBP 89/copy 3/mod/direct 5/rm32/EBP . . . 4/r32/ESP . . # copy ESP to EBP - # _test-stop-2(unwind-mark) + # _test-stop-2(ed) # push arg ff 6/subop/push 1/mod/*+disp8 4/rm32/sib 5/base/EBP 4/index/none . . 8/disp8 . # push *(EBP+8) # call @@ -123,7 +184,18 @@ _test-stop-1: # unwind-mark : address 5d/pop-to-EBP c3/return -_test-stop-2: # unwind-mark : address - # non-local jump to unwind-mark - 8b/copy 1/mod/*+disp8 4/rm32/sib 4/base/ESP 4/index/none 4/r32/ESP 4/disp8 # copy *(ESP+4) to ESP - c3/return # doesn't return to caller +_test-stop-2: # ed : (address exit-descriptor) + # prolog + 55/push-EBP + 89/copy 3/mod/direct 5/rm32/EBP . . . 4/r32/ESP . . # copy ESP to EBP + # call stop(ed, 1) + # push args + 68/push 1/imm32 + ff 6/subop/push 1/mod/*+disp8 4/rm32/sib 5/base/EBP 4/index/none . . 8/disp8 . # push *(EBP+8) + # call + e8/call stop/disp32 + ## should never get past this point + # epilog + 89/copy 3/mod/direct 4/rm32/ESP . . . 5/r32/EBP . . # copy EBP to ESP + 5d/pop-to-EBP + c3/return |