Keep Coding, Keep Learning.: 2012

Sunday, September 30, 2012

Engineer's interpersonal relation with colleague.

This is the organized digest from "How to be star engineer" Article.

Don't just focus on self engineering technique. The most important thing is co-workers' recognition.
The stars were not standout because of what they had in their heads but because of how they used what they had.
Stars are made, not born.

9 key points:

Blazing trails:

only certain actions earn the initiative label.

Seeking out responsibility above and beyond job description.
Undertaking extra efforts for the benefit of co-workers or the larger group.
Stepping willingly into the gaps between job descriptions where important jobs pop-up, affording it, and doing the good job for them
Sticking tenaciously to an idea or project and following it through to successful implementation.

Knowing who knows:

Help the stars get unstuck for lake of knowledge is effective interpersonal networking.
Effective interpersonal networking.

Right people in them.
They are fast to response.

One to One and face to face communication is better to construct friendship.
Maintain self interpersonal networking within a group expert who share knowledge for mutual benefit.

Proactive self-management

Stars do much more than managing time and project to meet control. Stars proactively create opportunities, direct work choices
Despite the unsupportive manager, stars take every chance to enhance self value.

Never give up.

Getting the big picture

Solve self tunnel vision and jump out of the concrete viewpoint to world.
Stars' perspective grows out of getting enough experience to develop pattern recognition, expert's Intuition,

iWoz: Engineer should keep the view in gray side.
Adopt variety of perspectives to evaluate relative importance.

Help others solve problems

Valuable exposure to problems she would not have faced in her own work.
Build variety of view.

Know others' view.

Learn to do different job, and co-work with different groups.

Seek out the ability to smell nuances of perspective, and keep to cultivate its benefits.

The right kind of followership

Traditional follower:

How to tone the line.
Take orders without question.
not threaten the leader

Not only follow the leader's single trail, but also become the the other trail to help leader reach the goal.

Find what to do.
Think how to do.
Independent and decisive judgement.
Predict the coming danger.
Question about leaders' correctness.

The relation between Right and Wrong is not XOR.

Engineer should live in the gray area, not only black and white.
Find the goal between leader and follower.

Teamwork as joint ownership of a project

Co-work in star's view is a complex series of skills

goal-setting.
group commitments.
work activities.
schedules.
share group accomplishments with team members.
help everyone feel part of the team.
deal with conflict.
assist others in solving problems.

Small-I leadership

View leadership as a work strategy:

Build expertise and influence to convince to unite with each other.
Need efforts:

Help members build clear vision.
Work with high commitment and trust necessary to get the goal.
Finding the resource to get the goal.
Shepherding the project to successful completion.

The talent small-l leadership needs

Know everything about others
Know what's best for the followers and for the situation

Needs
Skill
Desire
Privilege

Peers will go along only if they believe a member of the group who wants to lead is acting in their interest as much as his or her own
The most different with Big-Leader

Refusal to assume they know everything about other people

Behavior

Asking first, even when they think they already kow.

Of course, reality can't satisfied any employee.

Wins a lot of influence and recognition by sincere offer to listen and meet partial needs.
Create the attitude: we're all-in-the-trenches-together.

Street smarts

Don't be evil!
Any large organization has legitimate competing interests.
Ability to mediate each other to get the goal.

Expertise in managing individual or group dynamics.
When to avoid conflicts.
When to meet them head on.
How to make allies out of potential.

Show and tell

Misunderstanding: Focus primarily on their image and their message, not on the audience.
Stars do: Know audience and shape message to them.
Prepare:

To deliver a message to a targeted audience(figure out the Composition of them).
Persuade listeners to accept the message.
Be proactive in deflecting criticism.

Thursday, August 23, 2012

"Trap Return"'s esp to trap frame in xv6 and JOS

這二個OS在返回時，有一個共同目標。即是把esp 指定在trapframe的地方。但二者的implementation方式，只差在一行。

xv6是利用stack push pop的相對位置，效率高，但需小心過程中esp的修改(但其實這部份在gcc/assembler 的x86 calling convention已經幫coder做掉了，由ebp 這個reg 保存了call instruction之前esp的值。

pushl %esp

call trap

addl $4, %esp

JOS是在trap return執行前灌給esp 其保存的trap frame 位置。優點是在中間的stack 操作，可以放心盡量使用，只要沒有破壞原本的trap frame 資料基本完整性即可。但差在效能上的多執行一個function call的動作。

void env_pop_tf (struct Trapframe *tf)

{

__asm __volatile ("movl %0,%%esp\n" "\tpopal\n" "\tpopl %%es\n" "\tpopl %%ds\n" "\taddl $0x8,%%esp\n" /* skip tf_trapno and tf_errcode */

"\tiret"::"g" (tf):"memory");

panic ("iret failed"); /* mostly to placate the compiler */

}

同一目標，二種實踐。

Monday, August 20, 2012

[TALK] Memory Allocation In Classic Monolithic Kernel and Classic Micro Kernel

Memory_AllocationUNIX_MINIX-COSCUP2012 from Hawx Chen

I presented the topic "Memory Allocation in UNIX(classic monolithic kernel) and MINIX(classic micro kernel)" at Taiwan COSCUP2012 with 907 attendees-JuluOS Workshop. I focus on memory allocation to show some differences between these 2 classic kernel.
Something through this presentation I want to convey sincerely is that

History is the way to show wisdom about design.
Start to implement OS: Focus on the most important stuff you want, keep others to be as simple as possible.
Join us to discuss OS, design OS, and implement OS.

Tuesday, July 24, 2012

Lab3 User Environment

[Preface] A Hope That My Crude Remarks May Draw Forth By Abler People
[前言]拋磚引玉

How to do the following lab3?

Read following list:

Lec4 JOS memory layout.
Lec5: Process Creation System call／Interrupt, and Exception Handling
~~Hw5~~ Hw4
Ch.9 of 80386 Programmer's Manual／Ch05 of the IA-32 Developer's Manual.
Lab3 assignment.

Dig everything unknown more:

Think about debugging!

Basic setup:

IDT.

Breakpoint exception.
System call exception.
Other exceptions.

Allocate the memory space for Env structure.

Be cared about address mapping.
Link each element in the right order.

Exercise 1 & 2 is done

More setup

Make programs run.

Setup the env's virtual memory mapping

Map only user level's need address mapping from kern_pgdir.
Load ELF file.
Stack.
Entry address.
Set the env's fields well

env_status/env_type...etc

Let user programs be capable of trapping into kernel.

Push the needed variable/registers into kernel stack!
Default error handling: Not supported exceptions.

Get PartA's grade.

Setup exception handlers:

Trap entries to support user's functionality.

page_fault_handler.
breakpoint handler.
Pass exercise 5&6

system call setup

Handle 0x30 IDT entry.

Organize the trap frame..
Push the right esp as the trap call's input parameter(trap frame address).

Dispatch the eax (syscall num) to the corresponding handler.

Extract parameters in the right slot.
Return value.

User level's this env assignment.
Pass exercise 7&8

kdebug.c not yet.

Protections

user_mem_check

permission.
legal contiguous memory coverage.

evilhello: address' permission setup must be right.
Pass All

Challenge implementation: fast system call

Read carefully about sysenter/sysexit/wrmsr/rdmsr in Intel manual.
Setup the following slot in the right vale.

MSR_IA32_SYSTEM_CS.

GDT must own the right order between ring0/ring3's cs ss

ring0:CS
ring0:SS
ring3:CS
ring3:SS

MSR_IA32_SYSTEM_EIP.
MSR_IA32_SYSTEM_ESP

library wrapper

Assign the right value into regs.

ebp(stack pointer used by sysenter).
esi (intruction pointer used by sysenter).
place arguments into the right registers.

Be careful about push/restore clobber registers.

Trap entry's handler

Before calling system call function.

push the needed vars into stack to organize the Trapframe.
push the organize trapframe pointer into stack

After calling system call function.

Assign the right value into regs.

edx(stack pointer used by sysenter).
ecx (intruction pointer used by sysenter).

Retroe the needed regs

Finish Fast Syscall Challenge

Sunday, June 3, 2012

Ch.5 Debugging

A lot of ways to improve design and development, but none of them could eliminate all bugs.

Reduce connection and interaction between software components

Information hiding
Abstraction
Interfaces
Language features to support above items

Integrity of a software design

Program proofs
Modeling
Requirement analysis
formal verification

Techniques to reduce debugging time

Good design
Good style
Boundary condition tests,
Assertions and sanity checks in the code
Defensive programming
Well-designed interfaces
Limited global data
Checking Tools

Debuggers

Debugger are system dependent
Programs are not well handled by debuggers, just by lower level approaches.

Multi-process/multi-thread programs
Operating systems
Distributed systems

Bug killer is always coders, not the debuggers!

Coders must own the blue graph in mind to find bugs.
Blind probing with a debugger shouldn't be productive.

Stepping through a program is less productive than thinking harder and adding output statements and self-checking code at critical places.

What's the lower level approach

Just print them!
Binary search

Data
Code

Debugging experience

Good clues, easy bugs

Look for familiar patterns

Common bugs have distinctive signatures
Example: Fail to initialize local varable

declaration
malloc/realloc

Examine the most recent change

Version control system is powerful here.

Don't make the same mistake twice

If it occurs, then it might have the same one somewhere else.

Debug it now, not later

As I was both the task leader and the RD, in the other words, I had to be responsible for tracking other's bugs/development progress, fixing my bugs, and keeping to write my modules. It had the blind spot that I couldn't distinguish priority clearly between bugs' severity level and development progress, deadline. I judged some un-crashed issue and weird behavior to be low priority. Sad! In the day of released version population, we were more painful to fix them. It was the terrible experience.

If I am just the developer, I will focus on fixing all bugs
If I am just the manager, I put the deadline in higher priority.
If I am both of them, I need much more experience to find the balance or the experienced advisor.

If you can't do it now, just list them on schedule in the most obvious place!

Get a stack trace

The trail of function call
Arguments
Line numbers

Read before typing

What you see in the source code is what you meant rather than what you wrote!

Take a break to jump out of the mental barrier

Resist the urge to start typing: thinking is a worthwhile alternative

Explain your code to someone else or puppet

Reorganize thought.

No clues, hard bugs

Make the bug reproducible

Decrease the time spent waiting for bug happened, then find it faster

Make the bug appeared on demand!

Divide and conquer

Narrow down the possibilities by creating the smallest input where bug still show up
Proceed by binary search

Code
Data

Study the numerology of failures

Failing examples give us the clue and point out the track to find bugs.

Display output to localize your search

Each message should be distinct so you can tell which one you are looking at.
Easy to use the message with other tools: like grep, string parser. compression tool.
Two pointer has the same value, or they are the same pointer?

%x, %p.

Write self-checking code

Check function

test conditions.
dump relevant variables, data structures.
abort the program.

Not only for debugging, leave check function during all stages of development.

Write a log file

Fixed format stream to the debugging output.
I/O to files: setbuf/setvbuf

Buffer

flush
When crashed...

core dump
final flush!

Unbuffer

overhead

Draw a picture

Figure out programs deeply by annotating the data structures with statistics and plotting it!

Use tools

Learn them in anytime and anywhere if needed!

Investment!

Keep records

When bug occurred, record them!

root cause.
where to be changed
related issues
Commit CL

One of the sources of test cases.

Non-reproducible bugs

Write outside of memory
All vars initialized
Double free

Compiler support option to assert immediately!

Work fine on my side, but fail on another side!

Environment!

Other people's bugs

Organize the program, and original parameters in and out!

Debugger could point out it!

Check the frequent changed section!
Point out other's bug?

Kindly discussion
Risk of credit and time!

Make sure the bug is new!
Platform bugs

Try tests on multiple systems and check platform/compiler definition

ex: shift operation filled with zero bits or sign bits?

Report them in nice format!

The best sample: The ones that need only a line or two of input on a plain vanilla system to demonstrate the fault, and includes the fix.

Summary

Classes of bugs

Good clues, easy bugs
No clues, hard bugs
Non-reproducible bugs
Other people's bugs

Steps

Look for familiar patterns
Examine the most recent change
Don't make the same mistake twice
Debug it now, not later
Get a stack trace
Read before typing
Explain your code to someone else or puppet
Make the bug reproducible
Divide and conquer
Study the numerology of failures
Display output to localize your search
Write self-checking code
Write a log file
Draw a picture
Use tools
Keep records

Make myself to fix bugs much more effectively in the next time.

Sunday, April 29, 2012

Lab2 Memory Management

[Preface] A Hope That My Crude Remarks May Draw Forth By Abler People

[前言]拋磚引玉

Outline:

Lab2 has 3 parts:

Physical page allocator.
Virtual page management.
Kernel page mapping installation.

Preparation:

Intel 80386 reference manual: Chap5, Chap6.
xv6: Chap 1.
JOS: test cases code: check_*()
Understand xv6 how to create temporary memory management to touch memory after 1MB.
Build the map about Segment and Page translation on x86 in mind.

Part 1: Physical page allocator

boot_alloc():

Divide physical memory into each 4KB pages.
It should account for booting memory overhead from NVRAM's status until now.

kernel image.
allocation data structure.

mem_init():

Here, just allocate the kernel page directory and set its attributes.

physical page allocation

page_init():

Calculate the free list.
Set up data structure.
Don't touch the reserved memory! But the reserve memory should be accounted.

page_alloc():

Just allocate one physical page.
ALLOC_ZERO handling.

page_free:

Just free one physical page.

Read code carefully to sync the thought between Judge code and lab code

check_page_free_list()
check_page_alloc()

GitHub Link

Physical page allocator.

Part 2: Virtual page management.

pgdir_walk()

Ask yourself: If i am a x86 cpu, how could I find the corresponding page?
If the new pte doesn't belong to any page table, then just allocate the new page table.
Return virtual address of PTE slot!
Consult the xv6 code.

virtual page allocation

page_insert()

Use pgdir_walk to find corresponding pte.
One physical page to map N virtual pages

pp->ref is N.

Remember permission assignment.
Return page table entry.

page_remove()

Decrease the count.

Be zero, then free the physical page by page_free.

Clear the pte!

page_lookup()

Return the corresponding virtual page's page structure.

by pgdir_walk and pa2page.

Read code carefully to sync the thought between Judge code and lab code

check_page()

GitHub Link:

check_page success

Part 3: kernel page mapping and installation.

boot_map_region()

Map the memory block into pages.

some extern symbols are already the virtual address in C language!

PADDR usage.
bootstack ,bootstacktop

Naming like virtual address, but it is extren variable in C to be Virtual address.

Read code carefully to sync the thought between Judge code and lab code

check_kern_pgdir()
check_page_installed_pgdir()

GitHub Link:

pass all

Discussion:

If __ALL_COUNT__ defined

When each PTE referenced, then It increases corresponding page table/directory's count.
Sample: __ALL_COUNT__ defined

page_table 3
page 1 1
page 2 1
page 3 1

Sample __ALL_COUNT__ not defined
- page_table 1
- page 1 1
- page 2 1
- page 3 1

GitHub Link

__ALL_COUNT__ compile option

Sunday, March 18, 2012

[Preface] A Hope That My Crude Remarks May Draw Forth By Abler People

By these articles and courses, I want to have much more discussion and make much more friends.
Share passion and fun about OS between you and me.

Dear Friends:
Hello. Each MIT 6.828 article is my transcripts about problem solving and some other interesting questions, After Lesson. Under the pressure of time and work, some questions have been answered by me, some not. This place is open for all masters and enthusiasts. Any questions or issues about OS and related domains are welcomed. Welcome!.

Hope that we can share delight of the journey.

Indent - My Coding Style

Coding Style不統一，是在跟人寫code中最大的不耐之一。
相對於使用文件說什麼哪邊有空白，哪邊要換行的，模模糊糊，令人無所適從。
不是不排，是不知從何排起，用人腦去記每個細項也很難做的100%對。

套一句 Knuth的名言
"A person does not really understand something until after teaching it to a computer"
在下就把自已習慣的coding style 極大部份是採用GNU的風格。
用indent 去令電腦懂我要排什麼樣的style，協作的一方也清楚多了。
也真的不習慣用已套裝好的指令還不知道各參數是什麼意思…。
因此就查個明明白白。列在下面，也有一些對indent各參數的說明。

也可以看看Berkerly/K&R...etc的風格
#man indent

目前的Macro還不知道怎麼做Indent，若有用Macro寫多行expression的情況下，還是各自為政…

My C coding style based on the GNU style.

indent -nbad -bap -nbc -bbo -bl -bli0 -bls -ncdb -ncdw

-nce -cp1 -cs -di1 -ndj -nfc1 -nfca -hnl -i4 -ip5

-lp -pcs -nprs -psl -saf -sai -saw -nsc -nsob -blf
-nut -ts4

-nbad: 宣告變數後無空行

-bap: 強迫在function body前必有空行

-nbc: each comma(逗行)前必換行

-bbo: 強迫在&& ||前換行

-bl: braces-{ 需在if(...)換到下一行

-blin: { 需在if(...) 換行時，縮入多少空白

-bls: 於struct name及{ 置入newline

-blf: 需在function def及{置入newline

-ncdb: Don't put comment delimeters on the blank line

-ncdw: do{...} while 其} while 之間會置入newline

-nce: } 及 else間會置入newline

-cp1: Put comments to the right of #else and #endif statements in column n

-cs: 於Type cast opertator及變數間會有空白

-di1: 於declaration時的type 及 Identitier中間會有1個空白(換行時亦會有1空白)

-ndj: 對declarations 後的comments 等同於其他位於statements後的comment

-nfc1:勿對第一行的comment做格式化

-nfca:勿對comment做格式化

-hnl: prefer use the input file to break the long line

-i4: indentation level to n spaces.

-ip5: for old coding style其引數宣告需內縮5格

-lp: 若(...)有斷行則對齊 left parenthesis

-pcs: 在function name被call時，其name及 (　之間不會有空白

-nprs: 於parentheses(括號)後無空白

-psl: 令procedure的type 及 name 為上下行

-saf: 令for及括號間有一個空白

-sai: 令if及括號間有一個空白

-saw: 令while及括號間有一個空白

-nsc: Do not put the '*' character at the left of comments

-nsob: Do'nt swallow optional blank lines
-nut: no tab
-ts4: 1 tab 為4spaces

Saturday, March 17, 2012

Lab1-Part C-2/2: The Kernel (Stack)

[Preface] A Hope That My Crude Remarks May Draw Forth By Abler People

[前言]拋磚引玉

Exercise9:

Something needed to know

Understand how did kernel perform its stack creation.

Discussion:

Determine where the kernel initializes its stack

At kern/entry.S

# Set the stack pointer
movl $(bootstacktop),%esp
f0100034: bc 00 00 11 f0 mov $0xf0110000,%esp

Where in memory its stack is located

as above: 0xf0110000

How does the kernel reserve space for its stack

.space KSTKSIZE

8*4096 bytes = 8192 stack frames each 4 bytes

At which "end" of this reserved area is the stack pointer initialized to point to?

bootstack

push data from bootstacktop to bootstack (each one put is -4)

Exercise10:

Something needed to know

To be familiar with x86 calling convention.

Each EBP pused into stack

the base pointer into the stack used by that function:

Each EIP pushed into stack

return instruction. : the instruction address to which control will return when the function returns.

Set breakpoint at test_backtrace

Examine what happens each time it gets called after the kernel starts
How many 32-bit words does each recursive nesting level of test_backtrace push on the stack what are those words?

EIP/ARGS/EBP
registers waited to be used

push its value in, before return, just pop out them.

Recursive Calling Stack

stack as linked list array

From current EIP
Old EIPs by finding EBP+4 pushed by gcc calling convention

Question

read_eip

Doesn't work if inlined
Putting at the end of the file seems to prevent inlining.

Exercise11:

Something needed to know

Based on Exercise10
Pointer usage

int*p

(int)p + 1 - 1base
(int)(p + 1) - 4base

GitHub Link

My Code.

Exercise12:

Something needed to know

Based on Exercise11
printf(%.*) usage
Stab format
Trace kern/kdebug.c

GitHub Link:

My Code.

Enjoy OS travel :)
#

Lab1-Part C -1/2: The Kernel (Taste of MM/Output)

[Preface] A Hope That My Crude Remarks May Draw Forth By Abler People
[前言]拋磚引玉

Exercise7:

Something needed to know.

Examine before and after Paging Enable.

brack at movl %eas,%cr0 to check 0x00100000/0xf0100000

x/20h 0x100000
0x100000: 0xb002 0x1bad 0x0000 0x0000 0x4ffe 0xe452 0xc766 0x72050
x100010: 0x0004 0x3400 0xb812 0x0000 0x0011 0x220f 0x0fd8 0xc020
0x100020: 0x010d 0x0100 0x0f80 0xc022
x/20h 0xf0100000
0xf0100000: 0xffff 0xffff 0xffff 0xffff 0xffff 0xffff 0xffff 0xffff
0xf0100010: 0xffff 0xffff 0xffff 0xffff 0xffff 0xffff 0xffff 0xffff
0xf0100020: 0xffff 0xffff 0xffff 0xffff

si then check again.
- x/20h 0x100000
  0x100000: 0xb002 0x1bad 0x0000 0x0000 0x4ffe 0xe452 0xc766 0x7205
  0x100010: 0x0004 0x3400 0xb812 0x0000 0x0011 0x220f 0x0fd8 0xc020
  0x100020: 0x010d 0x0100 0x0f80 0xc022
- x/20h 0xf0100000
  0x100000: 0xb002 0x1bad 0x0000 0x0000 0x4ffe 0xe452 0xc766 0x7205
  0x100010: 0x0004 0x3400 0xb812 0x0000 0x0011 0x220f 0x0fd8 0xc020
  0x100020: 0x010d 0x0100 0x0f80 0xc022
They are mapped.

Geuss where would be happaned, if mapping weren't in place by commenting out movl %eas,%cr0.

mov $relocated, %eax
jmp *%eax #<---Here
Why?

$relocate is addressed as 0xf0100025(by VMA:0xf0100000), but commenting out the line,enabling protected mode. It resulted in mapping failed.

No protected mode no mapping from 0xf010000c to 0x10000c(phy address) at view of entry address.

By the way, above code could be executed because the bootloader directly move/copy/jmp in real address. (know details by the following discussion)

Discussion:

How did kernel execute its start address at 0x10000c?

BIOS read disk's #0 sector(boot sector) and load them into ram:0x7C00 to execute
bootload read disk's #1 sector and load them into ram:0x100000 to execute

dd command put kernel into #1 sector.

bootloader jump to kernel's start entry address by ((void (*)(void)) (ELFHDR->e_entry))();

After Lesson:
- What did kernel.asm do from 0x100000 to 0x10000c

#

Exercise8:

Something needed to kow

Trace code to understand the following code's relateionship.

kern/printf.c

kernel internal API function

lib/printfmt.c

Utility to format output used by Kernel/User mode

kern/console.c

Driver

Accomplish to print "%o" for octal.

209 num = getuint(&ap, lflag);
210 base = 8;
211 goto number;

Discussion:

Interface between console.c and printf.c

Exported by inc/stdio.h

cputchar by printf.c
getchar;by readline.c
iscons ;by readline.c

Exported by inc/console.h

cons_init; by init.c
cons_getc;
kbd_intr
serial_intr

Roll up One Empty line.
check arguments

cprintf

fmt=0xf0101a69 "x:%d,y:%d,z:%d\n"
ap=0xf010ffe4 ("\001")
x/4w 0xf010ffe0
0xf010ffe0: 0xf0101a69 0x00000001 0x00000003 0x00000004
push order: arg4(0x0000004) arg3 arg2 arg1(0xf0101a69)

pop order is the reverse.

cons_putc/va_arg/vcprintf

order: vcprintf->va_arg->cons_putc
vcprintf:
- fmt=0xf0101a69 "x:%d,y:%d,z:%d\n"
- ap=0xf010ffe4 ("\001"
va_arg:

the next stack address to print

cons_putc:

the int type variable to be printed on Screen.

type translation and ASCII table

Output "He110 World"
57616 (Decimal) = E110 (Hex)
0x00646c72

0x72 :'r'
0x6c :'l'
0x64 :'d'
0x00 :'\0'

Note: little endian printed.

cprintf("x=%d y=%d",3)

y=%d in va_arg, it gets the next stack frame's value.

reverse order.

After Lesson:

Why is printfmt.c located in the separate lib directory?

GitHub Link

My Code

Lab1-Part B: Boot loader & Bootstrap

[Preface] A Hope That My Crude Remarks May Draw Forth By Abler People
[前言]拋磚引玉
Boot loader: 1st stage, don't need to depend on kernel
Bootstrap: 2nd stage, related about kernel image not part of the kernel code, do kernel uncompressing ...etc

Exercise3:

Something needed to know

Addressing methodology and its adv/disadv in real-mode/16-bit protected mode/32-bit protected mode

Trace boot loader:

.globl start : 為0x7c00
16bit ASM section is on
cli ; cld;
Set %ds,%es,%ss to 0
%cs is 0 set by BIOS CS:IP = 0000:7c00
Enable A20
lgdt gdtdesc //load global descriptor table
set %cr0 to Enable Protected mode
16 bit ASM is off
ljmp $0xb866,$0x87c32

CS is replaced as #8 slot at gdt table (PROT_MODE_CSEG)and plus 0xb866 base.
immed is 0x87c32

set %ds,%es,%fs,%gs,%ss as #10 at gdt table(PROT_MODE_DSEG)
set esp as 0x7c00 to form stack base address ; stack address: [ss:esp]
call bootmain(void)
call readseg((uint32_t) ELFHDR, SECTSIZE*8, 0); read in ELF headers
call readseg to read in every program header.
jump to kernel.

((void (*)(void)) (ELFHDR->e_entry))();

Trace readseg

end_pa = pa + memsize
round down it-physical address for loading program into ram by pa&= 0x(FFFFFE00) // ~(SECTSIZE-1)
Translate offset into Sector number

Note: The offset must start from #1, #0 is the boot sec

Read enough data by pa and sector number

Because paging is not enable, just direct map into memory. by $PROT_MODE_DSEG, %ax

Trace readsect

do IDE HardDisk read in data.

Reply for its questions

At what point does the processor start executing 32-bit code? What exactly causes the switch from 16- to 32-bit mode?

before long jump, and set cr0's 1st bit to 1

What is the last instruction of the boot loader executed, and what is the first instruction of the kernel it just loaded?

Last instruction in boot loader

In "C": ((void (*)(void)) (ELFHDR->e_entry))();
In "GAS": call *0x10018 to jmp at kernel's entry point 0x10000c

0x10018 is the byte address of at ELFHDR's #24 byte.

First Instruction in Kernel

movw $0x1234,0x472 //warm boot

Where is the first instruction of the kernel?

At kern/entry.S . .globl entry
0x10000c

How does the boot loader decide how many sectors it must read in order to fetch the entire kernel from disk? Where does it find this information?

由ELF info 穿針引線。

#man elf
readelf -l obj/kern/kernel

From its ELF header

get Program header's start offset: e_phoff
get how many are the program headers: e_phnum

由program header

readelf -l obj/kern/kernel

From program headers to do readseg

ph->p_pa : the address for prgram segment loaded into ram

On systems for which physical addressing is relevant, this member is reserved for the segment's physical address. Under BSD this member is not used and must be zero.

ph->p_memsz:

This member holds the number of bytes in the memory image of the segment. It may be zero.

ph->p_offset

This member holds the offset from the beginning of the file at which the first byte of the segment resides.

Discussion

Calling conventions gcc at i386

Saved by Caller

eax : contain return value
ecx: possibly trashed
edx: possibly trashed

Saved by Callee

ebp
ebx
esi
edi
must be saved before call

Sample
1. In bootmain, why did it need following instructions?
2. In readseg, ...

After Lesson:

Drivers. How did it execute IDE device I/O

Ans: Not Yet.

How to decide program headers?

LOAD //PT_LOAD
LOAD //PT_LOAD
GNU_STACK .//PT_GNU_SACK

Ans: By session's default orgnization.

In program header,

Why is memsz and filesz? Loading it totally is not better?
Why is GNU_Stack's Memsize zero?

Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x001000 0xf0100000 0x00100000 0x075b9 0x075b9 R E 0x1000
LOAD 0x009000 0xf0108000 0x00108000 0x0a300 0x0a960 RW 0x1000
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4

ljmp: how did it decide to do TSS related stuff

Guess: by segment descriptor's field.

References:

x86 IO address summary map
A20:

ljmp's printing

會抽換掉code segment
bootloader - switching processor to protected mode
ljmp syntax in gcc inline assembly

Why BIOS loads MBR into 0x7C00 in x86

#

Exercise4:

Just Read The C Programming Language K&R chap5.
Address Arithmetic. The Byte added to l-value is by its type.

c = (int *) ((char *) c + 1); //added by 1
b = (int *) a + 1;//added by 4

#

Exercise5:

Something needed to know

Change boo/Makefrag的-Ttext : 0x7c000 for link address
VMA: Link address. Expected address for it to rum.
LMA: Load address. Expected address for it to load into memory.
objdump -h:Display the contents of the section headers -See VMA/LMA.
objdump -f: Display the contents of the section headers -See entry_point for execution start address

objdump -f obj/boot/boot.out

start address 0x00007c00

objdump -h obj/boot/boot.out

VMA:0x00007c00
LMA:0x00007c00

Modify boot/Makefrag -Ttext to 0x8C00

Error happaned at ljmp $PROT_MODE_CSEG, $protcseg @ boot/boot.S
.Ttext .text/.org tell assembler its start address 0x8C00 , but BIOS load it into 0x7C00 that .gdt related data follow 0x7C00, at 0x7c64. When executing ljmp error happened instruction, it will use 0x8c64 by .Ttext claimed, but in reality it is loaded at 0x7C64 by BIOS.

After Lesson:

Modify -Ttext0x7900. How and Why did it change VMA/LAM not just only entry(.start)?

Ans: Not Yet.

How did CPU's chip view reject to execute ljmp instruction if gdt field was something wrong?

Ans: Not Yet.

#

Exercise6:

Something needed to know

Set 1st break point at 0x7c00

examine 0x100000

Set 2nd breakpoint at 0x10000c

examine 0x100000

Addresses for obj/kern/kernel

VMA:0xf0100000
LMA: 0x00100000
Entry: 0x10000c

Result

BIOS enter Bootloader

x/8h 0x100000: 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000

Bootloader enter OS Kernel

x/8h 0x100000: 0xb002 0x1bad 0x0000 0x0000 0x4ffe 0xe452 0xc766 0x7205
x8h 0x10000c: 0xc766 0x7205 0x0004 0x3400 0xb812 0x0000 0x0011 0x220f

Discussion: Why are they different?

By LMA's value
bootloader load kernel by claim form program header of kernel's elf info.

readelf -l obj/kern/kernel

Elf file type is EXEC (Executable file)
Entry point 0x10000c
VMA:0xf0100000
LMA:0x100000

Lab1-Part A: Boot a PC (BIOS Run)

[Preface] A Hope That My Crude Remarks May Draw Forth By Abler People

[前言]拋磚引玉

Exercise01:

Just read inline assembly
Ref Link Linux assemblers: A comparison of GAS and NASM

Exercise2:
Just run GDB for remote debugging by the given script. See the GAS code if you can.

Boot ASM code explanation.

[f000:fff0] 0xffff0: ljmp $0xf000,$0xe05b //For Real-Mode's ljmp
jmp 0xfc85e
%cr0 = %cr0 0x9ffffff 0 For follows

30 CD Cache disable Globally enables/disable the memory cache

29 NW Not-write through Globally enables/disable write-back caching
cli
cld
set port 0x70 = 0x8f

30	CD	Cache disable	Globally enables/disable the memory cache
29	NW	Not-write through	Globally enables/disable write-back caching

to enable NMI- Non Maskable Interrupt

port 0x71

RTC是否為0 此例中為0 故續往下exec

set %ss =0 and %esp = 0x7000

to form SS:[ESP] stack segment (PS: Code Segment: CS:[EIP])

mov $0xf4b2c, %edx

//for DMA controller setup section.

jmp 0xfc719
enable 0x92 ; System devices A20 line. fast A20

0xfc726: in     $0x71,%al
0xfc728: in     $0x92,%al
0xfc72a: or     $0x2,%al
0xfc72c: out    %al,$0x92

for (11.)

lidtw %cs:-0x31cc

set IDT

lgdtw %cs:-0x3188

set GDT

enable %Cr0's 1st bit.

Enable Protected Mode

0xfc744: ljmpl $0x8,$0xfc74c

//For Protected Mode's ljmp, 換code segment 並跳至其code segment 下的0xfc74c

set ds es ss fs gs 為0x10 from gdt
jmp to *%edx (look item.9)
out 0 to slave dma controller- port: 0xd
out 0 to master dma controller-port 0xda/0xd6/0xd4
jmp to 0x7c00

The address in ram to load the boot sector into.

After Lesson:

Question1: Why did not I find /boot/boot.S, /boot/main.c by GDB: info sources ; Its symbol
readelf -a obj/boot/main.o
Ans: That belongs to the boot loader placed on the #1 sector at disk. and load it into 0x7C00 to execute.
#

Question2: Where is the Code's symbol?
Ans: Symbol is in obj/boot/boot.out.$file obj/boot/boot.out
#

Question3: How to Assume It? when ljmp called show the following msg.
"The target architecture is assumed to be i386"
Ans: Not Yet.
#

Question4: In BIOS ROM code, when to set %cs value, so as to use for (item13/14)
Ans: %CS為0xf0000 因為是BIOS section.
#

Question5: How/What did MIT patch the QEMU?
Ans: Not Yet.
#

Question6: Why did BIOS need to switch to Protected Mode?
Ans: It wants to use the Protected Mode's functionality .
Like ljmp mem48 :In Real Address Mode or Virtual 8086 mode, the long pointer provides 16 bits for the CS register and 16 or 32 bits for the EIP register
Ref Link: bootloader - switching processor to protected mode By Stackoverflow
#

cr0

Bit	Name	Full Name	Description
31	PG	Paging	If 1, enable paging and use the CR3 register, else disable paging
30	CD	Cache disable	Globally enables/disable the memory cache
29	NW	Not-write through	Globally enables/disable write-back caching
18	AM	Alignment mask	Alignment check enabled if AM set, AC flag (in EFLAGS register) set, and privilege level is 3
16	WP	Write protect	Determines whether the CPU can write to pages marked read-only
5	NE	Numeric error	Enable internal x87 floating point error reporting when set, else enables PC style x87 error detection
4	ET	Extension type	On the 386, it allowed to specify whether the external math coprocessor was an 80287 or 80387
3	TS	Task switched	Allows saving x87 task context only after x87 instruction used after task switch
2	EM	Emulation	If set, no x87 floating point unit present, if clear, x87 FPU present
1	MP	Monitor co-processor	Controls interaction of WAIT/FWAIT instructions with TS flag in CR0
0	PE	Protected Mode Enable	If 1, system is in protected mode, else system is in real mode