3. Shared data and resources =. Programmable interrupt controller (PIC) OInterrupt handler: preserve the contents of regs, avoid I why not use OR gate! Dodon't know which device overwriting memory used by interrupted program.

Interrupt should preserve all regs used!! 包闷是有 I. compiler optimizations I. Shared linked list: while (busy) old\_head = head) head = new\_elt; intinite 100p interrupt! De volutile: volatile int busy =1; new\_eit->next=old\_heud butlethoud-next 对表机数 this value may change at any time, THE Evolutile: Palmays reload optimize it Vari @ more memory ops = slower program II. security(05): O keep user from crashing machine Oprevent information leaks from 0s ⇒ 17 separate stack for 0s(ker (3) Critical section: ACXIF STR should be short: Davoid delaying CLI: clear IF service by interrupt handler @ long delays crash system codebatomically; the entire critical section has either been executed STI: set IT for none executed (no moving ops infaut critical section) 4. multiprocessor: SMP(symmetric multiprocessor) memory banks why need lock: IF not cleared on other bus IN 210 bus processor/take too much time clearing all processor 面面 ② Spin\_lock: lock "1", unlock "0", pragram等新程的不執行其他 waiting locking must be atomic respect to other processors Attinterrupt handler | Spin\_lock\_irqsuve(Block, Hays) @ mask intr pushi %ebx mov! 8(%Pbp), %Pbx #Cbx + dak asm volatile("
mov! \$1, %Pax # euro!
Pushti #UIF twee movi \$1, 9,00x Heart 1 POPU 9/00 xchy %eax, (%ebx) ":"=y"(tlays) 片 止 dead lock PUP/ % Ebx spin\_unlock-irgrestore(&lack, tlass)):"memory"

为 unlock再 STI ("cc": condition spin-lock(&lock)

codes change. deadlocks a thread ulways hold the lock is maiting for an interrupt to tihish. But the interrupt is trying to obtain the lock and tail. thus the thread block and lock always belong to this thread. livelock; multiple threads all nead to acquire some same locks but none of them get all locks. They will release the locks they acquire and try for new, but never get all locks never belong to 解决法法律同间质高aquire locks。同一相划顺高 releuse locks。 B Semaphore 社行行Xed number 65 processor 访问同一tcritical section P(down):test/decrement 完計發取 V(up):increment 用完釋放 当一个程序等待 semaphore 时,积层式时值为,休眠。sleep,允许其他 未呈序在Processor 上运行 thus must not be used by interrupt had notices Used for system culls, 尤其long witical sections 同时用semaphor和laket,先acquire semaphore facquire spin lock 另先重写spin lock, semaphor sleep时搜它程序也要此lock与dead lack 5. reader/writer problemm: 尤i午无数reader,但仅| writer, 正在不reader Oreader | writter semaphores: Potshort critical sections/intrupt handlers Gadnit writer starvation (首有reuder请求,无法写) ② reader/writter semaphores: 用于system calls, 不 udmit writer starration, (writer清本日), new reader 相互在 writer后面) why we need synchronization? Oprotect Shared resources Oprevent interrupts from corrupting data 3 race condition (4) critical section (run completion)

write vector # 2 processor need to query all devices, not all devices support query @ priority, IR 7 81 (LI作器程) interrupt 产生到PIC INTRIC INT INTA INTA 险」中看灯L是否处理internut,比较 0 8259 IR & priority ( = sdoil nothing Processor PIL IRD INTI告诉CPU有interruption了生 INTA'、CPU 告诉PIC 已收到的to并给处理 Anor data bus ox11 ox10 ox10 ox10 and data port ADDREATA ROSPICESSON WILL read from PIC (USE IN) Cs's to tell PIC which CPU is RD/WR I ADDREOJA me's processor will write to PIC (use OUT) why need sp, (AS: when 支持更多记录, cascaded PIC Oxff secondary PIC: don't know the priority of the interruption in primary PIC (higher?) Oxf-primary PIC: don't know the high bits of vector numbers used by the secondary PIC nor which interrupt line of secondary PIC is being reported. SP': Used to identify whether PIC is the primary or a secondary PIC CAS': Used by the primary PIC to identity which secondary PIL should write to the data line 休先級: second PIC書室が primary PICBOIRLE TRO高代学 Priority: PO >Po 50>5171.757>PZ>P3>1.787

10 MPI

huser-level test humess Opros: Intaster development cycle II, protect your test machine from Crashing @cons: may not expose all bugs and may not work in her

```
×86寄存器 32 bit, 4 byte, byte addressable, 1 byte = 8 bit
1.寄存器: EAX, EBX, ECX, EDX, "E" extend =AX: 16bit
 AH: bit [3:4] [7:4], AL: bit [3:0], 重写低位高位不变
ESI: source index(string copy), EDI: destination index
EBP: base pointer (base of stack frame). Esp: stack pointer EIP: instruction pointer EFLAGS: tlags / condition codes
存储方式: little endian
                             》[0278]小地址 加多表示寄存器
                              0×56 1
0×34
0×12 ×5611
 0x12345678 > 0x78, 0x56 ... 0x12
                                           便于直接访问low bits
 位数小的在小内存
2. 提作: Darthmetic: ADD. SUB, NEG, INC, DEC
  色 logical: AMD, OR, NOT, XOR 才包括外行
  ②Shitt: SHL 左科多, SAR 算右科多,补符, SHR 逻估科多,补D
    ROL 循环左条号,ROR作环右条号
  OR DRL %ELX , %EBX # EBX + EBX OR EAX
  operation data type second source destination and first source
                                                                   ·dota
  Lilong 32bit, Wiword 16bit, Bibyte 8 bit
  田 immediate number 用字表示,最大支持32 bits
                                                     detault
  hex:$0x_, Octal:$0_, decimal:$_
                                               ~ can be 1,2,4,8
  @memory operand: displacement (SRI, SRZ, scale)
  Odisplacement + SRI+SRI* Scale, SRI不能是ESP, 可对1reg (, %e(x,4)
   MOVI src, dst # dst < M[src7,最多支持1个 memory reterence LEAL src, dst # dst < src, src为 memory reterence
  LEAL LABELTY, WEST #EST < LABELTY
  Geonditional code: sf: sign thag 强语1. 2F: zero thag 智证1
                                                                     jq
  CF: carry Hay 首尼carry Iborrow 设1, OF: overflow Hag 看结果
  PF: parity tlay 偶数介含到
  CMPL %EAX, %EBX # Hays & EBX-EAX
                                            2仅及Hags,不改EAX
  TESTL %EAX, %EBX # Hags & EBX AND EAX WEBX
 GMOV, LEA, NOT不改 Hags; ROL, ROR RODDE, CF; INC, PNC不及CF
                                                                  4.其他
  unsigned tell asb , signed tell ag. l
  CMPI & %EAX. %EBX ; jb DONE # DONE it %EAX > %EBX
 DStack operation i
  PPPUSHL %EAX # M[ESP-4] EAX, ESP ESP-4
   POPL %EAX # EAX + MIESP], ESP+ESP+4
   LEAVE # movi %ebp, %esp : popl %ebp
   RET # EIP < MIESPJ, ESP < ESP + 4
  (8) data size convension: Mov siz trom to
   movs BL %AH. %Ecx # Ecx < sign extend to 32 bit (AH)
   MOVZBL %AL, %EAX # EAX < zero extend to 32 bit (AL)
  (Passemble conventions: label: 声的用时加油用不为?
   .String NULL 83/€ . byte . word . long , quad < 64 bit float AX
 Omultiplication and division (64 bit: Eox: Eax; 32 bit ox: Ax 16 bit M)
   MULL WEBX # unsigned EDX : EAX * EAX * EDX STINEAX
   DIV %EBX #unsigned EAX & EDX: EAX/EBX & , EDX & remainder IMULL %E(X, %EBX #signed EBX & EBX *ECX | 9 quotient TOTAL
  IMULL $20,%Eox,%Ecx #signed Ecx < 20 *Eox 与高位音点 signed
  Dinput, output; independent IIO
                                         Sall data toltrom ALAXEAX Call 37 handlers
  IN PORT, Lest yeg UVI STURY, PUN (%OX), %AX # {AL < PLOX]
INB $ 0x40, %AL #AL < PLOX40] INW (%OX), %AX # {AH < PLOX+1]
   IN port, dest reg OUT src reg, port (port是86it 丰 就OX
  OUTB %AL, (%DX) #PEDXJ = AL OUTW %AX,68 # {PE68] = AL
 3. Calling convention
 D (改数参数从右往左压人栈
                                               ESP -> Nocal vari
   int tun(int key, int array, int size)
                                                EBP > Old EBP
  Reason: Dallow for a variable number of parameter return
          without requiring additional space for para
                                                        add r
          counts or sentinels
                                                        Key
                                                        array
        Q the argument's memory address is tixed
                                                        Size
          tor kernel, like 1st argument is at 8(% ebp)
  system call use reg instead of stack i
  Pros: rey taster, easier for RIW, reduce memory space
  cons: has number limit
```

```
100
Submutine return value: 32 bit : EAX : 64bit : EDX : EAX
 Caller saved reg: EAX, ECX, EDX, EFLAGS
 Callee saved reg: ESP, EBP, EBX, ESI, EPI
 [ Caller sequence]
                              [Callee sequence]
 I. save caller-saved rey (Push)
                              I. Push Hebpimovi Hesp, Hebp
 II, argument push 1 #$
                              II, save callee -saved rey. (push)
  亚, call 子程序
IV. argument pop that
                             1. make space for local vari
 v. restore culler-saved rey(pop)
                                 5461 $4, % esp
                                IV. 正常执行
to push argi
                              v. tear down local vari
    call tuncl
                             VI. restore callee-saved reg. (POP)
    add1 $4,0/085P
                             VII. LEAVE ; RET
int dispatcher (unsigned int and
                             to push 1 %0ebp
                                mov1 %085P, 9,86p
                       opera)
                                subl
                                       $4,%esp
 jumptable:
                                movl
                                       2 -41%ebp), %. eax
                                leave Faddl $4,90 esp
 long functitunes, tunes
 .text_disputcher:
                                ret
   mov1 12(%esp), %eax
   cmp1 $0, %eax
         bad-op
   (mp) $2, %eax
         bad_op
   imp * jumptuble(, %eux, 4)
 bad_opi mov1 $-1,9,eux
          eret #死有以EAVE
 O指针,结构体 long min long max
                          ラmm, EBX 存&mm
  merl %Ebx, 0(%EBX) # mm. min < Ebx 注意、每个行时以为数据太废
  mov1 % EAX, 4(% EBX) # mm. max + EAX
 data type alignment:
  struct pixel {
                                           Charil byte, int 4 byte
                     sizeot (Pixel)=12 bytes
    char redigreen;
                                          自动等最长对齐
                     red green
    int alpha;
                                        memory addr 整度要求
                     alpha
    char blue ? ? )
                                       inta multiple of 4
                     blue
 图为什么我们亲arguments 而且Ereuse ! argument 可能是完变
= Interrupt to Synchronization
I role of system software: Ovirtualization the Zillusion of
 multiple practically unlimited resources, 多有意识和在同一电影和行
 Eprotection : 15th accidential/malicious destruction of data
   by other program. Dabstraction: hide fundamentully
 asynchronous nature of processor/device interaction; provide
  simpler, more powerful intertaces.
 19system call: INT <8-bit imm > #push EIP, EIP < table [imm 8]
                               Dieser indirection;
                                 Drewite 05 only need change table
   3 Jump table (vector table) Supplication code doesn't change
 @exception: processor maps each problem to a vector #
 在Jumptable 调用(出铝情况:PSO、访问不存在内存,文件,或权限限)
Dinterrupt 计了断正常程序技术,处理特殊事件后到中间应
  type Igenorate by
                             asynchronous unexpected
interrupt | external state
                               yes
                                          485
                                                   interrupt
exception invalid opcode/operand
                                          yes
                                                  Descriptor Table
system call deliberate, via INT NO
                                        1 No
               exception X86 = INTR

NMI «non maskable interrupt

adda bus
 0x00~0x1F (32+1)
defined by Intel
                                             set: 右 interrupt
0x20~0x27
                IRRO
                         EFLAGS#
                     reg IF: interrupt enable tlag l cleur: mask interrupt
Primury 8254 PIC
               IRQ7
 0x28~0x2F
               IR @8
                        Independent IIO: use distinct instructions
 secondary 8259 Bi
               ZRRIS
                    vial separate IID prots from memory uddr
memory-mapped IIO: No new Instructions
lines addr set aside tor IIO
```

system

0x80