processor exceptions
Download
Skip this Video
Download Presentation
Processor Exceptions

Loading in 2 Seconds...

play fullscreen
1 / 22

Processor Exceptions - PowerPoint PPT Presentation


  • 422 Views
  • Uploaded on

Processor Exceptions. A survey of the x86 exceptions and mechanism for handling faults, traps, and aborts. Types of exceptions. The CPU recognizes various kinds of processing errors (called ‘exceptions’): Those which are known before they have occurred (and which therefore can be prevented)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Processor Exceptions' - shana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
processor exceptions

Processor Exceptions

A survey of the x86 exceptions and mechanism for handling faults, traps, and aborts

types of exceptions
Types of exceptions
  • The CPU recognizes various kinds of processing errors (called ‘exceptions’):
      • Those which are known before they have occurred (and which therefore can be prevented)
      • Those which are known only after they’ve occurred (but for which corrective action can still be taken)
      • Those which were not forseen, and which do not permit any steps that would lead to recovery
  • We will need some more background for explaining these distinctions
more application registers
More ‘application’ registers
  • The 8087 NPX (numeric processor extension) introduced eight 80-bit registers (for doing floating-point arithmetic):
  • and the Pentium continues to implement these registers

80-bits

st0

st1

st2

st3

st4

st5

st6

st7

slide4

Control Register 0

31

0

P

G

C

D

N

W

A

M

W

P

N

E

E

T

=

1

T

S

E

M

M

P

P

E

These are

cache-related

These are

NPX-related

Legend:

PE = Protection Enabled (1=yes, 0=no)

MP = Math NPX Present (1=yes, 0=no)

EM = Emulate Math NPX (1=yes, 0=no)

TS = Task was Switched (1=yes, 0=no)

ET = NPX Extension-Type (1=387, 0=287)

NE = NPX Errors trapped (1=yes, 0=no)

WP = Write-Protect user-pages (1=yes, 0=no)

AM = Alignment-checking Mask (1=on, 0=off)

NW = Non-Write-through (1=yes, 0=no)

CD = Cache is Disabled (1=yes, 0=no)

PG = Paging is Enabled (1=yes, 0=no)

more system registers
More ‘system’ registers
  • We already mentioned Control Register 0, but there are also other system registers:

DR0

CR0

DR1

CR1

DR2

CR2

DR3

CR3

DR4

CR4

DR5

4 Control Registers

DR6

DR7

6 Debug Registers

= unimplemented register

before the fact errors
‘Before-the-fact’ errors
  • The CPU may fetch an instruction which it cannot correctly execute (due to an invalid operand or insufficient privilege-level, or to the instruction’s opcode not being defined)
  • A few examples are:
    • Attempting to perform a division by zero
    • Attempting to exceed memory-segment limits
    • Attempting to modify a ‘read-only’ segment
after the fact errors
‘After-the-fact’ errors
  • Also the cpu may perform some operation that results in an incorrect or illegal value (due to limits on the CPU register-sizes or to limits on the supported data-formats)
  • A few examples:
    • Add positive numbers, but get a negative total
    • Store an array-entry beyond the array-bounds
    • Take square-root of a real value less than 0.0
privileged instructions
“privileged” instructions
  • In Protected-Mode the instructions below can only be executed at ring0 (i.e., if the CPU’s Current Privilege Level is zero):
    • ‘MOV’ to/from a control-register (e.g., CR0)
    • ‘MOV’ to/from a debug-register (e.g., DR7)
    • Modifying a system segment-register (i.e., ‘LGDT’ / ’LIDT’ / ’LLDT’ / ’LTR’ / ’LMSW’ )
    • Cache-invalidates: ‘INVD’/‘INVLPG’/ WBINVD’
    • ‘CLTS’ or ‘HLT’
what happens if
What happens if…?
  • If protection rules are violated, or if errors result from computations, the processor will generate an ‘exception’ (i.e., it will save some information on the stack and transfer control to an ‘exception-handler’)
  • Different kinds of exceptions will trigger different exception-handling procedures
  • Gates in the IDT define the ‘entry-points’
faults traps and aborts
Faults, traps, and aborts
  • Intel classifies exceptions into categories, (according to whether or not it may be possible to ‘recover’ from the ‘error’):
    • ‘Faults’ are detected ‘before-the-fact’ (and generally indicate ‘recoverable’ errors)
    • ‘Traps’ are detected ‘after-the-fact’ (and indicate some corrective action is needed)
    • ‘Aborts’ are unrecoverable error-conditions
a fault example
A ‘fault’ example
  • Suppose an instruction tries to read from a ‘not-present’ data-segment: mov (%si),ax
  • The CPU generate exception-number 0xB
  • In case the corresponding IDT-descriptor is a 32-bit interrupt-gate (or trap-gate), the CPU will push at least four 32-bit values:
    • Current contents of the EFLAGS register
    • Current contents of registers CS and EIP
    • An ‘error-code’ (with info about DS register)
fault example continued
‘Fault’ example (continued)
  • If it is necessary to switch stacks (because of a change in the exception-handler’s code-segment privilege-level), then the ‘old’ stack’s address (i.e., registers SS and ESP) will also get pushed onto the ‘new’ stack
  • The fault-handler can take whatever actions are necessary to resolve the ‘not-present’ condition, then mark the data-segment as being ‘present’ and ‘restart’ execution of the prior instruction
what about not present gates
What about ‘not-present’ gates?
  • If an exception is generated, but the IDT’s gate-descriptor for that type of exception isn’t ‘present’, then the CPU generates a General Protection exception (INT-0x0D)
  • So by supplying one exception-handler for this ‘catch-all’ exception, you can ‘service’ nearly all of the various error-conditions (if you include code that distinguishes them)
error code formats
Error-Code Formats
  • The format of the error-code that the CPU pushes onto its stack depends upon which type of exception has been encountered
  • For General Protection exceptions, the error-code format looks like this:

3 2 1 0

15

segment selector index

T

I

I

N

T

E

X

T

TI=Table Indicator (0=GDT, 1=LDT) INT=Interrupt (1=yes, 0=no)

EXT=External-to-CPU event was cause of the exception (1=yes, 0=no)

stack frame layout 32bit
Stack Frame Layout (32bit)

SS

points to the old stack’s top

ESP

EFLAGS

CS

points to the faulting instruction

EIP

Error Code

SS:ESP = the new stack’s top

When the ‘fault’ exception uses a 32-bit Interrupt-Gate (or Trap-Gate)

slide16

Stack Frame Layout (16bit)

SS

points to the old stack’s top

SP

FLAGS

CS

points to the faulting instruction

IP

Error Code

SS:SP = the new stack’s top

When the ‘fault’ exception uses a 16-bit Interrupt-Gate (or Trap-Gate)

catalog of x86 exceptions
Catalog of x86 exceptions
  • 0x00: divide-overflow fault
  • 0x01: single-step trap or debug fault
  • 0x02: non-maskable interrupt (NMI) trap
  • 0x03: breakpoint trap
  • 0x04: integer overflow trap
  • 0x05: array bounds fault
  • 0x06: invalid opcode fault
  • 0x07: coprocessor unavailable fault
catalog continue
Catalog (continue)
  • 0x08: double-fault abort
  • 0x09: (reserved)
  • 0x0A: invalid TSS fault/abort
  • 0x0B: segment not present fault
  • 0x0C: stack fault
  • 0x0D: general protection exception fault
  • 0x0E: page fault
  • 0x0F: (reserved)
catalog continued again
Catalog (continued again)
  • 0x10: FPU floating-point error fault
  • 0x11: operand alignment-check fault
  • 0x12: machine-check exception abort
  • 0x13: SIMD floating-point exception fault
  • 0x14-0x1F: (reserved)
  • 0x20-0xFF: (user-defined interrupts)
  • NOTE: Only the following exceptions have error-codes: 0x8, 0xA, 0xB, 0xC, 0xD, 0xE
demo program whycrash s
Demo program: ‘whycrash.s’
  • To illustrate the processor’s response to exceptions, we created this short demo
  • It displays some diagnostic information (including the ‘error-code’) when the CPU triggers any exception-condition (all get routed through the IDT-gate for General Protection exceptions in this demo)
  • Can help us identify causes for a ‘crash’
in class exercise 1
In-class exercise #1
  • Try experimenting with your own examples of impermissible instructions
  • What if you try to store a value to the vram memory-segment using an address-offset larger than its 32KB segment-limit?
  • What if you try to load a segment-register with a selector-value that exceeds the size of your descriptor-table?
  • What if you try to ‘call’ to ring3 from ring0?
in class exercise 2
In-class exercise #2
  • What if you tried to load a selector for the wrong kind of descriptor:
      • e.g., putting a code-selector into register SS?
      • e.g., putting a data-selector into register CS?
      • e.g., putting a gate-descriptor into register DS?
  • What if you tried to execute an ‘undefined opcode’?
      • e.g., putting bytes 0xF, 0xB in instruction-stream
ad