Processor exceptions l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Processor Exceptions PowerPoint PPT Presentation


  • 349 Views
  • Uploaded on
  • Presentation posted in: General

Processor Exceptions. A survey of the x86 exceptions and mechanism for handling faults, traps, and aborts. Types of exceptions. The CPU recognizes various kinds of processing errors (called ‘exceptions’): Those which are known before they have occurred (and which therefore can be prevented)

Download Presentation

Processor Exceptions

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Processor exceptions l.jpg

Processor Exceptions

A survey of the x86 exceptions and mechanism for handling faults, traps, and aborts


Types of exceptions l.jpg

Types of exceptions

  • The CPU recognizes various kinds of processing errors (called ‘exceptions’):

    • Those which are known before they have occurred (and which therefore can be prevented)

    • Those which are known only after they’ve occurred (but for which corrective action can still be taken)

    • Those which were not forseen, and which do not permit any steps that would lead to recovery

  • We will need some more background for explaining these distinctions


  • More application registers l.jpg

    More ‘application’ registers

    • The 8087 NPX (numeric processor extension) introduced eight 80-bit registers (for doing floating-point arithmetic):

    • and the Pentium continues to implement these registers

    80-bits

    st0

    st1

    st2

    st3

    st4

    st5

    st6

    st7


    Slide4 l.jpg

    Control Register 0

    31

    0

    P

    G

    C

    D

    N

    W

    A

    M

    W

    P

    N

    E

    E

    T

    =

    1

    T

    S

    E

    M

    M

    P

    P

    E

    These are

    cache-related

    These are

    NPX-related

    Legend:

    PE = Protection Enabled (1=yes, 0=no)

    MP = Math NPX Present (1=yes, 0=no)

    EM = Emulate Math NPX (1=yes, 0=no)

    TS = Task was Switched (1=yes, 0=no)

    ET = NPX Extension-Type (1=387, 0=287)

    NE = NPX Errors trapped (1=yes, 0=no)

    WP = Write-Protect user-pages (1=yes, 0=no)

    AM = Alignment-checking Mask (1=on, 0=off)

    NW = Non-Write-through (1=yes, 0=no)

    CD = Cache is Disabled (1=yes, 0=no)

    PG = Paging is Enabled (1=yes, 0=no)


    More system registers l.jpg

    More ‘system’ registers

    • We already mentioned Control Register 0, but there are also other system registers:

    DR0

    CR0

    DR1

    CR1

    DR2

    CR2

    DR3

    CR3

    DR4

    CR4

    DR5

    4 Control Registers

    DR6

    DR7

    6 Debug Registers

    = unimplemented register


    Before the fact errors l.jpg

    ‘Before-the-fact’ errors

    • The CPU may fetch an instruction which it cannot correctly execute (due to an invalid operand or insufficient privilege-level, or to the instruction’s opcode not being defined)

    • A few examples are:

      • Attempting to perform a division by zero

      • Attempting to exceed memory-segment limits

      • Attempting to modify a ‘read-only’ segment


    After the fact errors l.jpg

    ‘After-the-fact’ errors

    • Also the cpu may perform some operation that results in an incorrect or illegal value (due to limits on the CPU register-sizes or to limits on the supported data-formats)

    • A few examples:

      • Add positive numbers, but get a negative total

      • Store an array-entry beyond the array-bounds

      • Take square-root of a real value less than 0.0


    Privileged instructions l.jpg

    “privileged” instructions

    • In Protected-Mode the instructions below can only be executed at ring0 (i.e., if the CPU’s Current Privilege Level is zero):

      • ‘MOV’ to/from a control-register (e.g., CR0)

      • ‘MOV’ to/from a debug-register (e.g., DR7)

      • Modifying a system segment-register (i.e., ‘LGDT’ / ’LIDT’ / ’LLDT’ / ’LTR’ / ’LMSW’ )

      • Cache-invalidates: ‘INVD’/‘INVLPG’/ WBINVD’

      • ‘CLTS’ or ‘HLT’


    What happens if l.jpg

    What happens if…?

    • If protection rules are violated, or if errors result from computations, the processor will generate an ‘exception’ (i.e., it will save some information on the stack and transfer control to an ‘exception-handler’)

    • Different kinds of exceptions will trigger different exception-handling procedures

    • Gates in the IDT define the ‘entry-points’


    Faults traps and aborts l.jpg

    Faults, traps, and aborts

    • Intel classifies exceptions into categories, (according to whether or not it may be possible to ‘recover’ from the ‘error’):

      • ‘Faults’ are detected ‘before-the-fact’ (and generally indicate ‘recoverable’ errors)

      • ‘Traps’ are detected ‘after-the-fact’ (and indicate some corrective action is needed)

      • ‘Aborts’ are unrecoverable error-conditions


    A fault example l.jpg

    A ‘fault’ example

    • Suppose an instruction tries to read from a ‘not-present’ data-segment:mov (%si),ax

    • The CPU generate exception-number 0xB

    • In case the corresponding IDT-descriptor is a 32-bit interrupt-gate (or trap-gate), the CPU will push at least four 32-bit values:

      • Current contents of the EFLAGS register

      • Current contents of registers CS and EIP

      • An ‘error-code’ (with info about DS register)


    Fault example continued l.jpg

    ‘Fault’ example (continued)

    • If it is necessary to switch stacks (because of a change in the exception-handler’s code-segment privilege-level), then the ‘old’ stack’s address (i.e., registers SS and ESP) will also get pushed onto the ‘new’ stack

    • The fault-handler can take whatever actions are necessary to resolve the ‘not-present’ condition, then mark the data-segment as being ‘present’ and ‘restart’ execution of the prior instruction


    What about not present gates l.jpg

    What about ‘not-present’ gates?

    • If an exception is generated, but the IDT’s gate-descriptor for that type of exception isn’t ‘present’, then the CPU generates a General Protection exception (INT-0x0D)

    • So by supplying one exception-handler for this ‘catch-all’ exception, you can ‘service’ nearly all of the various error-conditions (if you include code that distinguishes them)


    Error code formats l.jpg

    Error-Code Formats

    • The format of the error-code that the CPU pushes onto its stack depends upon which type of exception has been encountered

    • For General Protection exceptions, the error-code format looks like this:

    3 2 1 0

    15

    segment selector index

    T

    I

    I

    N

    T

    E

    X

    T

    TI=Table Indicator (0=GDT, 1=LDT) INT=Interrupt (1=yes, 0=no)

    EXT=External-to-CPU event was cause of the exception (1=yes, 0=no)


    Stack frame layout 32bit l.jpg

    Stack Frame Layout (32bit)

    SS

    points to the old stack’s top

    ESP

    EFLAGS

    CS

    points to the faulting instruction

    EIP

    Error Code

    SS:ESP = the new stack’s top

    When the ‘fault’ exception uses a 32-bit Interrupt-Gate (or Trap-Gate)


    Slide16 l.jpg

    Stack Frame Layout (16bit)

    SS

    points to the old stack’s top

    SP

    FLAGS

    CS

    points to the faulting instruction

    IP

    Error Code

    SS:SP = the new stack’s top

    When the ‘fault’ exception uses a 16-bit Interrupt-Gate (or Trap-Gate)


    Catalog of x86 exceptions l.jpg

    Catalog of x86 exceptions

    • 0x00: divide-overflow fault

    • 0x01: single-step trap or debug fault

    • 0x02: non-maskable interrupt (NMI) trap

    • 0x03: breakpoint trap

    • 0x04: integer overflow trap

    • 0x05: array bounds fault

    • 0x06: invalid opcode fault

    • 0x07: coprocessor unavailable fault


    Catalog continue l.jpg

    Catalog (continue)

    • 0x08: double-fault abort

    • 0x09: (reserved)

    • 0x0A: invalid TSS fault/abort

    • 0x0B: segment not present fault

    • 0x0C: stack fault

    • 0x0D: general protection exception fault

    • 0x0E: page fault

    • 0x0F: (reserved)


    Catalog continued again l.jpg

    Catalog (continued again)

    • 0x10: FPU floating-point error fault

    • 0x11: operand alignment-check fault

    • 0x12: machine-check exception abort

    • 0x13: SIMD floating-point exception fault

    • 0x14-0x1F: (reserved)

    • 0x20-0xFF: (user-defined interrupts)

    • NOTE: Only the following exceptions have error-codes: 0x8, 0xA, 0xB, 0xC, 0xD, 0xE


    Demo program whycrash s l.jpg

    Demo program: ‘whycrash.s’

    • To illustrate the processor’s response to exceptions, we created this short demo

    • It displays some diagnostic information (including the ‘error-code’) when the CPU triggers any exception-condition (all get routed through the IDT-gate for General Protection exceptions in this demo)

    • Can help us identify causes for a ‘crash’


    In class exercise 1 l.jpg

    In-class exercise #1

    • Try experimenting with your own examples of impermissible instructions

    • What if you try to store a value to the vram memory-segment using an address-offset larger than its 32KB segment-limit?

    • What if you try to load a segment-register with a selector-value that exceeds the size of your descriptor-table?

    • What if you try to ‘call’ to ring3 from ring0?


    In class exercise 2 l.jpg

    In-class exercise #2

    • What if you tried to load a selector for the wrong kind of descriptor:

      • e.g., putting a code-selector into register SS?

      • e.g., putting a data-selector into register CS?

      • e.g., putting a gate-descriptor into register DS?

  • What if you tried to execute an ‘undefined opcode’?

    • e.g.,putting bytes 0xF, 0xB in instruction-stream


  • Login