Today’s puzzle is about some code behaving horribly wrong.<\/p>\n
Recently, I was working on some operating system project and hacking on the code to switch between privileged and non-privileged mode. I could switch modes successfully and intercept traps when in non-privileged mode.<\/p>\n
Then I wanted to check whether I could handle timer interrupts correctly, so I added this to my non-privileged code, to give the timer interrupt a chance to fire:<\/p>\n
\n volatile int i;\n for (i=0; i<10000; i++);\n<\/pre>\nTimer interrupts were handled correctly and eventually returned to the non-privileged code – but the delay code turned into an infinite loop!<\/p>\n
I changed to loop to count only to 10, and I changed it to count down instead of up, but the result remained the same. I looked at the generated assembly. It looked like this:<\/p>\n
\n movl $10, 0xfc(%ebp)\t\/\/ i = 10\n jmp 1f\t\t\t\/\/ goto 1\n2:\n movl 0xfc(%ebp), %eax\t\/\/ %eax = i\n decl %eax\t\t\/\/ %eax--\n movl %eax,0xfc(%ebp)\t\/\/ i = %eax\n1:\n movl 0xfc(%ebp), %eax\t\/\/ %eax = i\n testl %eax, %eax\t\t\/\/ if (%eax > 0)\n jg 2b\t\t\t\/\/ goto 2\n<\/pre>\nIt looked fine. On every timer interrupt, I dumped %eax, and it was stuck at 10. I debugged my pusha\/popa code to save and restore registers between modes, and it was okay. I debugged my flag handing code, and flags were fine.<\/p>\n
Then I replaced my C code with the generated assembly code and added instructions that copied the value of %eax before the “decl” into %ebx, and after the “decl” into %ecx and added a trap instruction right after that to have privileged mode print out the values of the three registers.<\/p>\n
\n movl $10, 0xfc(%ebp)\t\/\/ i = 10\n jmp 1f\t\t\t\/\/ goto 1\n2:\n movl 0xfc(%ebp), %eax\t\/\/ %eax = i\n movl %eax, %ebx \/\/ value before<\/font>\n decl %eax\t\t\/\/ %eax--\n movl %eax, %ecx \/\/ value after<\/font>\n TRAP<\/font>\n movl %eax,0xfc(%ebp)\t\/\/ i = %eax\n1:\n movl 0xfc(%ebp), %eax\t\/\/ %eax = i\n testl %eax, %eax\t\t\/\/ if (%eax > 0)\n jg 2b\t\t\t\/\/ goto 2\n<\/pre>\nThe result was %eax = %ebx = %ecx = 10. This is when I understood what was going on.<\/p>\n
Please share your comments below. \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"
Today’s puzzle is about some code behaving horribly wrong. Recently, I was working on some operating system project and hacking on the code to switch between privileged and non-privileged mode. I could switch modes successfully and intercept traps when in non-privileged mode. Then I wanted to check whether I could handle timer interrupts correctly, so … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,38],"tags":[],"class_list":["post-267","post","type-post","status-publish","format-standard","hentry","category-puzzle","category-x86"],"_links":{"self":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/posts\/267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=267"}],"version-history":[{"count":0,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/posts\/267\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}