# 第三章. :
### 目录
- [3.1 实验1的基础知识 ](#fundamental )
- [3.1.1 RISC-V程序的编译和链接 ](#subsec_compileandlink )
- [3.1.2 指定符号的逻辑地址 ](#subsec_lds )
- [3.1.3 代理内核的构造过程 ](#subsec_building )
- [3.1.4 代理内核的启动过程 ](#subsec_booting )
- [3.1.5 ELF文件( ) ](#subsec_elf )
- [3.1.6 spike的HTIF接口 ](#subsec_htif )
- [3.2 lab1_1 系统调用 ](#syscall )
- [给定应用 ](#lab1_1_app )
- [实验内容 ](#lab1_1_content )
- [实验指导 ](#lab1_1_guide )
- [3.3 lab1_2 异常处理 ](#exception )
- [给定应用 ](#lab1_2_app )
- [实验内容 ](#lab1_2_content )
- [实验指导 ](#lab1_2_guide )
- [3.4 lab1_3( ) ](#irq )
- [给定应用 ](#lab1_3_app )
- [实验内容 ](#lab1_3_content )
- [实验指导 ](#lab1_3_guide )
- [3.5 lab1_challenge1 挑战一:打印用户程序调用栈 ](#lab1_challenge1_backtrace )
- [给定应用 ](#lab1_challenge1_app )
- [实验内容 ](#lab1_challenge1_content )
- [实验指导 ](#lab1_challenge1_guide )
- [3.6 lab1_challenge2 挑战二:打印异常代码行 ](#lab1_challenge2_errorline )
- [给定应用 ](#lab1_challenge2_app )
- [实验内容 ](#lab1_challenge2_content )
- [实验指导 ](#lab1_challenge2_guide )
< a name = "fundamental" > < / a >
## 3.1 实验1的基础知识
本章我们将首先[获得代码](#subsec_preparecode),接下来介绍[程序的编译链接和ELF文件](#subsec_elfload)的基础知识, ,
< a name = "subsec_compileandlink" > < / a >
### 3.1.1 RISC-V程序的编译和链接
下面, , , , ( ) , ( ) , ( ) , , , ,
实际上, ( ) ( , ) , , , , ( ) ,
我们知道, : , ( ) ; , ( ) ; , ( )
- 编辑
例如, ( ) :
```c
1 #include < stdio.h >
2
3 int main()
4 {
5 printf( "Hello world!\n" );
6 return 0;
7 }
```
- 编译
使用交叉编译器对以上程序进行编译:
`$ riscv64-unknown-elf-gcc -c ./helloworld.c`
以上命令中`-c`开关告诉riscv64-unknown-elf-gcc命令只对源代码做编译, ,
该命令执行后, , :
```bash
$ file ./helloworld.o
./helloworld.o: ELF 64-bit LSB relocatable, UCB RISC-V, version 1 (SYSV), not stripped
```
可以看到, :
1. ELF 64-bit: 64位的ELF文件;
2. LSB: 低位有效, ;
3. relocatable: , ;
4. UCB RISC-V: ;
5. version 1 (SYSV): , ;
6. not stripped: ( ) ( ) , ,
- 链接
最后,我们对生成的目标文件进行链接:
`$ riscv64-unknown-elf-gcc -o ./helloworld ./helloworld.o`
该命令将在当前目录生成helloworld文件, :
```bash
$ file ./helloworld
./helloworld: ELF 64-bit LSB executable, UCB RISC-V, version 1 (SYSV), statically linked, not stripped
```
对比于helloworld.o文件, ( ) , , , , ( ) , , , , , ,
接下来, , :
```bash
$ riscv64-unknown-elf-readelf -h ./helloworld
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: RISC-V
Version: 0x1
Entry point address: 0x100c0
Start of program headers: 64 (bytes into file)
Start of section headers: 19440 (bytes into file)
Flags: 0x5, RVC, double-float ABI
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 2
Size of section headers: 64 (bytes)
Number of section headers: 15
Section header string table index: 14
```
从以上输出我们可以看到, ( ) , ( ) ,
接下来, :
```bash
$ riscv64-unknown-elf-readelf -S ./helloworld
There are 15 section headers, starting at offset 0x4bf0:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 00000000000100b0 000000b0
00000000000024ca 0000000000000000 AX 0 0 2
[ 2] .rodata PROGBITS 0000000000012580 00002580
0000000000000012 0000000000000000 A 0 0 8
[ 3] .eh_frame PROGBITS 0000000000013594 00002594
0000000000000004 0000000000000000 WA 0 0 4
[ 4] .init_array INIT_ARRAY 0000000000013598 00002598
0000000000000010 0000000000000008 WA 0 0 8
[ 5] .fini_array FINI_ARRAY 00000000000135a8 000025a8
0000000000000008 0000000000000008 WA 0 0 8
[ 6] .data PROGBITS 00000000000135b0 000025b0
0000000000000f58 0000000000000000 WA 0 0 8
[ 7] .sdata PROGBITS 0000000000014508 00003508
0000000000000040 0000000000000000 WA 0 0 8
[ 8] .sbss NOBITS 0000000000014548 00003548
0000000000000020 0000000000000000 WA 0 0 8
[ 9] .bss NOBITS 0000000000014568 00003548
0000000000000068 0000000000000000 WA 0 0 8
[10] .comment PROGBITS 0000000000000000 00003548
0000000000000011 0000000000000001 MS 0 0 1
[11] .riscv.attributes RISCV_ATTRIBUTE 0000000000000000 00003559
0000000000000035 0000000000000000 0 0 1
[12] .symtab SYMTAB 0000000000000000 00003590
0000000000000f48 0000000000000018 13 78 8
[13] .strtab STRTAB 0000000000000000 000044d8
0000000000000695 0000000000000000 0 0 1
[14] .shstrtab STRTAB 0000000000000000 00004b6d
000000000000007e 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
p (processor specific)
```
以上输出中比较重要的有:.text表示可执行节( ) , , , , ( , , , ) , , ( ) ;
由于helloworld是可执行程序, , ( ) , :
```bash
$ riscv64-unknown-elf-readelf -l ./helloworld
Elf file type is EXEC (Executable file)
Entry point 0x100c0
There are 2 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000010000 0x0000000000010000
0x0000000000002592 0x0000000000002592 R E 0x1000
LOAD 0x0000000000002594 0x0000000000013594 0x0000000000013594
0x0000000000000fb4 0x000000000000103c RW 0x1000
Section to Segment mapping:
Segment Sections...
00 .text .rodata
01 .eh_frame .init_array .fini_array .data .sdata .sbss .bss
```
以上输出表明, , ( ) ( ) , ( ) , , , , , ( ) , : ( ) ?
为了对helloworld文件进行进一步理解, ( ) , ( , ) :
```bash
$ riscv64-unknown-elf-objdump -D ./helloworld | less
./helloworld: file format elf64-littleriscv
Disassembly of section .text:
000000000001014e < main > :
1014e: 1141 addi sp,sp,-16
10150: e406 sd ra,8(sp)
10152: e022 sd s0,0(sp)
10154: 0800 addi s0,sp,16
10156: 67c9 lui a5,0x12
10158: 58078513 addi a0,a5,1408 # 12580 < __errno + 0xc >
1015c: 1c0000ef jal ra,1031c < puts >
10160: 4781 li a5,0
10162: 853e mv a0,a5
10164: 60a2 ld ra,8(sp)
10166: 6402 ld s0,0(sp)
10168: 0141 addi sp,sp,16
1016a: 8082 ret
...
```
实际上, , , , , , ?
另外, , , , , , ,
通过以上讲解, , , , ( ) ( , ) , ! ,
为了执行helloworld文件, : ) ; ) , ; , , , ,
< a name = "subsec_lds" > < / a >
### 3.1.2 指定符号的逻辑地址
编译器在链接过程中, ( ) , , , ( ) ( ) ,
那么, ? , , , , :
```bash
1 OUTPUT_ARCH( "riscv" )
2
3 ENTRY(main)
4
5 SECTIONS
6 {
7 . = 0x81000000;
8 . = ALIGN(0x1000);
9 .text : { *(.text) }
10 . = ALIGN(16);
11 .data : { *(.data) }
12 . = ALIGN(16);
13 .bss : { *(.bss) }
14 }
```
在该脚本中, ( ) ; ( ) , , ( , ) , ; ,
为了避免库函数的“干扰”, ( ) , :
```c
1 #include < stdio.h >
2
3 int main()
4 {
5 int global_var=0;
6 global_var = 1;
7 return 0;
8 }
```
采用以下命令对helloworld_with_lds.c进行编译:
`$ riscv64-unknown-elf-gcc -nostartfiles helloworld_with_lds.c -T helloworld_lds.lds -o helloworld_with_lds`
并对重新生成的helloworld_with_lds文件进行观察:
```bash
$ riscv64-unknown-elf-readelf -h ./helloworld_with_lds
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: RISC-V
Version: 0x1
Entry point address: 0x81000000
Start of program headers: 64 (bytes into file)
Start of section headers: 4424 (bytes into file)
Flags: 0x5, RVC, double-float ABI
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 1
Size of section headers: 64 (bytes)
Number of section headers: 7
Section header string table index: 6
```
以上的输出表明, ( ) , , :
```bash
$ riscv64-unknown-elf-objdump -D ./helloworld_with_lds | less
./helloworld_with_lds: file format elf64-littleriscv
Disassembly of section .text:
0000000081000000 < main > :
81000000: 1101 addi sp,sp,-32
81000002: ec22 sd s0,24(sp)
81000004: 1000 addi s0,sp,32
81000006: fe042623 sw zero,-20(s0)
8100000a: 4785 li a5,1
8100000c: fef42623 sw a5,-20(s0)
81000010: 4781 li a5,0
81000012: 853e mv a0,a5
81000014: 6462 ld s0,24(sp)
81000016: 6105 addi sp,sp,32
81000018: 8082 ret
...
```
可以看到, ( )
通过lds文件的办法控制程序中符号地址到逻辑地址的转换, ( ) , , ( ) ( ) ,
< a name = "subsec_building" > < / a >
### 3.1.3 代理内核的构造过程
这里我们讨论lab1_1中代理内核, ( ) , , , ,
我们首先观察lab1_1中位于根目录的Makefile文件( ) :
```makefile
8 CROSS_PREFIX := riscv64-unknown-elf-
9 CC := $(CROSS_PREFIX)gcc
10 AR := $(CROSS_PREFIX)ar
11 RANLIB := $(CROSS_PREFIX)ranlib
12
13 SRC_DIR := .
14 OBJ_DIR := obj
15 SPROJS_INCLUDE := -I.
16
...
26 #--------------------- utils -----------------------
27 UTIL_CPPS := util/*.c
28
29 UTIL_CPPS := $(wildcard $(UTIL_CPPS))
30 UTIL_OBJS := $(addprefix $(OBJ_DIR)/, $(patsubst %.c,%.o,$(UTIL_CPPS)))
31
32
33 UTIL_LIB := $(OBJ_DIR)/util.a
34
35 #--------------------- kernel -----------------------
36 KERNEL_LDS := kernel/kernel.lds
37 KERNEL_CPPS := \
38 kernel/*.c \
39 kernel/machine/*.c \
40 kernel/util/*.c
41
42 KERNEL_ASMS := \
43 kernel/*.S \
44 kernel/machine/*.S \
45 kernel/util/*.S
46
47 KERNEL_CPPS := $(wildcard $(KERNEL_CPPS))
48 KERNEL_ASMS := $(wildcard $(KERNEL_ASMS))
49 KERNEL_OBJS := $(addprefix $(OBJ_DIR)/, $(patsubst %.c,%.o,$(KERNEL_CPPS)))
50 KERNEL_OBJS += $(addprefix $(OBJ_DIR)/, $(patsubst %.S,%.o,$(KERNEL_ASMS)))
51
52 KERNEL_TARGET = $(OBJ_DIR)/riscv-pke
53
54
55 #--------------------- spike interface library -----------------------
56 SPIKE_INF_CPPS := spike_interface/*.c
57
58 SPIKE_INF_CPPS := $(wildcard $(SPIKE_INF_CPPS))
59 SPIKE_INF_OBJS := $(addprefix $(OBJ_DIR)/, $(patsubst %.c,%.o,$(SPIKE_INF_CPPS)))
60
61
62 SPIKE_INF_LIB := $(OBJ_DIR)/spike_interface.a
63
64
65 #--------------------- user -----------------------
66 USER_LDS := user/user.lds
67 USER_CPPS := user/*.c
68
70 USER_OBJS := $(addprefix $(OBJ_DIR)/, $(patsubst %.c,%.o,$(USER_CPPS)))
71
72 USER_TARGET := $(OBJ_DIR)/app_helloworld
73
74 #------------------------targets------------------------
75 $(OBJ_DIR):
76 @-mkdir -p $(OBJ_DIR)
77 @-mkdir -p $(dir $(UTIL_OBJS))
78 @-mkdir -p $(dir $(SPIKE_INF_OBJS))
79 @-mkdir -p $(dir $(KERNEL_OBJS))
80 @-mkdir -p $(dir $(USER_OBJS))
81
82 $(OBJ_DIR)/%.o : %.c
83 @echo "compiling" $<
84 @$(COMPILE) -c $< -o $ @
85
86 $(OBJ_DIR)/%.o : %.S
87 @echo "compiling" $<
88 @$(COMPILE) -c $< -o $ @
89
90 $(UTIL_LIB): $(OBJ_DIR) $(UTIL_OBJS)
91 @echo "linking " $@ ...
92 @$(AR) -rcs $@ $(UTIL_OBJS)
93 @echo "Util lib has been build into" \"$@\"
94
95 $(SPIKE_INF_LIB): $(OBJ_DIR) $(UTIL_OBJS) $(SPIKE_INF_OBJS)
96 @echo "linking " $@ ...
97 @$(AR) -rcs $@ $(SPIKE_INF_OBJS) $(UTIL_OBJS)
98 @echo "Spike lib has been build into" \"$@\"
99
100 $(KERNEL_TARGET): $(OBJ_DIR) $(UTIL_LIB) $(SPIKE_INF_LIB) $(KERNEL_OBJS) $(KERNEL_LDS)
101 @echo "linking" $@ ...
102 @$(COMPILE) $(KERNEL_OBJS) $(UTIL_LIB) $(SPIKE_INF_LIB) -o $@ -T $(KERNEL_LDS)
103 @echo "PKE core has been built into" \"$@\"
104
105 $(USER_TARGET): $(OBJ_DIR) $(UTIL_LIB) $(USER_OBJS) $(USER_LDS)
106 @echo "linking" $@ ...
107 @$(COMPILE) $(USER_OBJS) $(UTIL_LIB) -o $@ -T $(USER_LDS)
108 @echo "User app has been built into" \"$@\"
109
...
113 .DEFAULT_GOAL := $(all)
114
115 all: $(KERNEL_TARGET) $(USER_TARGET)
116 .PHONY:all
...
```
通过阅读该文件, , : , ) , , ,
- `$(OBJ_DIR)` : ( ) : , , , ;
- `$(UTIL_LIB)` : , , , , ( ) , ( ) ;
- `$(USER_OBJS)` : ( ) ( ) ;
- `$(USER_LDS)` : ( ) , ,
以上构造`$(USER_TARGET)`所依赖的目标全部完成后, , , ,
完成`$(USER_TARGET)`的构造后, , , : , , ,
- `$(SPIKE_INF_LIB)` : , , , , , , (
- `$(KERNEL_OBJS)` : , , ,
以上依赖目标全部构造完毕后, , , , :
- 1) ;
- 2) , ;
- 3) , ;
- 4)
< a name = "subsec_booting" > < / a >
### 3.1.4 代理内核的启动过程
在3.1.1中, , :
```bash
$ spike ./obj/riscv-pke ./obj/app_helloworld
In m_start, hartid:0
HTIF is available!
(Emulated) memory size: 2048 MB
Enter supervisor mode...
Application: ./obj/app_helloworld
Application program entry point (virtual address): 0x0000000081000000
Switching to user mode...
call do_syscall to accomplish the syscall and lab1_1 here.
System is shutting down with exit code -1.
```
可以看到, : , ; ;
那么代理内核是如何在spike模拟的RISC-V机器上启动的呢? , , , :
```bash
$ riscv64-unknown-elf-readelf -h ./obj/riscv-pke
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: RISC-V
Version: 0x1
Entry point address: 0x80000548
Start of program headers: 64 (bytes into file)
Start of section headers: 130760 (bytes into file)
Flags: 0x5, RVC, double-float ABI
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 2
Size of section headers: 64 (bytes)
Number of section headers: 18
Section header string table index: 17
$ riscv64-unknown-elf-readelf -l ./obj/riscv-pke
Elf file type is EXEC (Executable file)
Entry point 0x80000548
There are 2 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000001000 0x0000000080000000 0x0000000080000000
0x0000000000003564 0x0000000000003564 R E 0x1000
LOAD 0x0000000000005000 0x0000000080004000 0x0000000080004000
0x0000000000001411 0x00000000000098b8 RW 0x1000
Section to Segment mapping:
Segment Sections...
00 .text .rodata
01 .htif .data .bss
```
通过以上命令和输出,我们可以得知./obj/riscv-pke这个ELF文件的入口地址是0x80000548, ( ) , , ; ,
那么为什么./obj/riscv-pke的段首地址是0x80000000呢? , , ? , ( ) , ( , ) , , ! , , ( ) , , ,
另外,./obj/riscv-pke的入口地址0x80000548对应代码中的哪个函数呢? :
```bash
1 /* See LICENSE for license details. */
2
3 OUTPUT_ARCH( "riscv" )
4
5 ENTRY( _mentry )
6
7 SECTIONS
8 {
9
10 /*--------------------------------------------------------------------*/
11 /* Code and read-only segment */
12 /*--------------------------------------------------------------------*/
13
14 /* Begining of code and text segment, starts from DRAM_BASE to be effective before enabling paging */
15 . = 0x80000000;
16 _ftext = .;
17
18 /* text: Program code section */
19 .text :
20 {
21 *(.text)
22 *(.text.* )
23 *(.gnu.linkonce.t.* )
24 . = ALIGN(0x1000);
25
26 _trap_sec_start = .;
27 *(trapsec)
28 . = ALIGN(0x1000);
29 /* ASSERT(. - _trap_sec_start == 0x1000, "error: trap section larger than one page"); */
30 }
```
以上列出了部分kernel/kernel.lds的内容,
```bash
$ riscv64-unknown-elf-objdump -D ./obj/riscv-pke | grep _mentry
0000000080000548 < _mentry > :
```
我们进一步确定了代理内核的入口,
实际上_mentry函数是在kernel/machine/mentry.S文件中定义的:
```assembly
13 .globl _mentry
14 _mentry:
15 # [mscratch] = 0; mscratch points the stack bottom of machine mode computer
16 csrw mscratch, x0
17
18 # following codes allocate a 4096-byte stack for each HART, although we use only
19 # ONE HART in this lab.
20 la sp, stack0 # stack0 is statically defined in kernel/machine/minit.c
21 li a3, 4096 # 4096-byte stack
22 csrr a4, mhartid # [mhartid] = core ID
23 addi a4, a4, 1
24 mul a3, a3, a4
25 add sp, sp, a3 # re-arrange the stack points so that they don't overlap
26
27 # jump to mstart(), i.e., machine state start function in kernel/machine/minit.c
28 call m_start
```
它的执行将机器复位( ) ( ) ( ) , ( ) :
```c
68 void m_start(uintptr_t hartid, uintptr_t dtb) {
69 // init the spike file interface (stdin,stdout,stderr)
70 spike_file_init();
71 sprint("In m_start, hartid:%d\n", hartid);
72
73 // init HTIF (Host-Target InterFace) and memory by using the Device Table Blob (DTB)
74 init_dtb(dtb);
75
76 // set previous privilege mode to S (Supervisor), and will enter S mode after 'mret'
77 write_csr(mstatus, ((read_csr(mstatus) & ~MSTATUS_MPP_MASK) | MSTATUS_MPP_S));
78
79 // set M Exception Program Counter to sstart, for mret (requires gcc -mcmodel=medany)
80 write_csr(mepc, (uint64)s_start);
81
82 // delegate all interrupts and exceptions to supervisor mode.
83 delegate_traps();
84
85 // switch to supervisor mode and jump to s_start(), i.e., set pc to mepc
86 asm volatile("mret");
87 }
```
它的作用是首先初始化spike的客户机-主机接口( , ) , ( ) ; ( , ) ( ) , ( ) ; , ( ) ; , ( ) , ,
s_start函数在kernel/kernel.c文件中定义:
```c
30 int s_start(void) {
31 sprint("Enter supervisor mode...\n");
32 // Note: we use direct (i.e., Bare mode) for memory mapping in lab1.
33 // which means: Virtual Address = Physical Address
34 write_csr(satp, 0);
35
36 // the application code (elf) is first loaded into memory, and then put into execution
37 load_user_program(&user_app);
38
39 sprint("Switch to user mode...\n");
40 switch_to(&user_app);
41
42 return 0;
43 }
```
该函数的动作也非常简单: ( ) ( ) , ( ) ) , ( ) ,
以上过程中, ( ) ( ) , , , ( ) :
```c
19 typedef struct process {
20 // pointing to the stack used in trap handling.
21 uint64 kstack;
22 // trapframe storing the context of a (User mode) process.
23 trapframe* trapframe;
24 }process;
```
可以看到, , ( ) :
```C
6 typedef struct trapframe {
7 // space to store context (all common registers)
8 /* offset:0 */ riscv_regs regs;
9
10 // process's "user kernel" stack
11 /* offset:248 */ uint64 kernel_sp;
12 // pointer to smode_trap_handler
13 /* offset:256 */ uint64 kernel_trap;
14 // saved user process counter
15 /* offset:264 */ uint64 epc;
16 }trapframe;
```
该结构除了记录进程上下文的RISC-V机器的通用寄存器组( ) , ( , , )
回到switch_to()函数, :
```c
28 void switch_to(process* proc) {
29 assert(proc);
30 current = proc;
31
32 write_csr(stvec, (uint64)smode_trap_vector);
33 // set up trapframe values that smode_trap_vector will need when
34 // the process next re-enters the kernel.
35 proc->trapframe->kernel_sp = proc->kstack; // process's kernel stack
36 proc->trapframe->kernel_trap = (uint64)smode_trap_handler;
37
38 // set up the registers that strap_vector.S's sret will use
39 // to get to user space.
40
41 // set S Previous Privilege mode to User.
42 unsigned long x = read_csr(sstatus);
43 x & = ~SSTATUS_SPP; // clear SPP to 0 for user mode
44 x |= SSTATUS_SPIE; // enable interrupts in user mode
45
46 write_csr(sstatus, x);
47
48 // set S Exception Program Counter to the saved user pc.
49 write_csr(sepc, proc->trapframe->epc);
50
51 // switch to user mode with sret.
52 return_to_user(proc->trapframe);
53 }
```
可以看到, , ( ) :
```assembly
45 .globl return_to_user
46 return_to_user:
47 # save a0 in sscratch, so sscratch points to a trapframe now.
48 csrw sscratch, a0
49
50 # let [t6]=[a0]
51 addi t6, a0, 0
52
53 # restore all registers from trapframe, so as to resort the execution of a process
54 restore_all_registers
55
56 # return to user mode and user pc.
57 sret
```
其作用是恢复进程的上下文( ) , , ( ) , ( )
< a name = "subsec_elf" > < / a >
### 3.1.5 ELF文件( )
这里我们对load_user_program()函数进行讨论, :
```c
18 void load_user_program(process *proc) {
19 proc->trapframe = (trapframe *)USER_TRAP_FRAME;
20 memset(proc->trapframe, 0, sizeof(trapframe));
21 proc->kstack = USER_KSTACK;
22 proc->trapframe->regs.sp = USER_STACK;
23
24 load_bincode_from_host_elf(proc);
25 }
```
我们看到, , :
```c
103 void load_bincode_from_host_elf(struct process *p) {
104 arg_buf arg_bug_msg;
105
106 // retrieve command line arguements
107 size_t argc = parse_args(&arg_bug_msg);
108 if (!argc) panic("You need to specify the application program!\n");
109
110 sprint("Application: %s\n", arg_bug_msg.argv[0]);
111
112 //elf loading
113 elf_ctx elfloader;
114 elf_info info;
115
116 info.f = spike_file_open(arg_bug_msg.argv[0], O_RDONLY, 0);
117 info.p = p;
118 if (IS_ERR_VALUE(info.f)) panic("Fail on openning the input application program.\n");
119
120 // init elfloader
121 if (elf_init(& elfloader, & info) != EL_OK)
122 panic("fail to init elfloader.\n");
123
124 // load elf
125 if (elf_load(& elfloader) != EL_OK) panic("Fail on loading elf.\n");
126
127 // entry (virtual) address
128 p->trapframe->epc = elfloader.ehdr.entry;
129
130 // close host file
131 spike_file_close( info.f );
132
133 sprint("Application program entry point (virtual address): 0x%lx\n", p->trapframe->epc);
134 }
```
该函数的大致过程是:
- ( ) , , ;
- ( ) , ;
- ( ) ;
- ( ) , , ;
- ( )
该函数用到了同文件中的诸多工具函数,这些函数的细节请读者自行阅读相关代码,这里我们只贴我们认为重要的代码:
- spike_file_open/spike_file_close: , ,
- elf_init: , ;
- elf_load: ( ) :
```c
51 elf_status elf_load(elf_ctx *ctx) {
52 elf_prog_header ph_addr;
53 int i, off;
54 // traverse the elf program segment headers
55 for (i = 0, off = ctx->ehdr.phoff; i < ctx- > ehdr.phnum; i++, off += sizeof(ph_addr)) {
56 // read segment headers
57 if (elf_fpread(ctx, (void *)& ph_addr, sizeof(ph_addr), off) != sizeof(ph_addr)) return EL_EIO;
58
59 if (ph_addr.type != ELF_PROG_LOAD) continue;
60 if (ph_addr.memsz < ph_addr.filesz ) return EL_ERR ;
61 if (ph_addr.vaddr + ph_addr.memsz < ph_addr.vaddr ) return EL_ERR ;
62
63 // allocate memory before loading
64 void *dest = elf_alloc_mb(ctx, ph_addr.vaddr, ph_addr.vaddr, ph_addr.memsz);
65
66 // actual loading
67 if (elf_fpread(ctx, dest, ph_addr.memsz, ph_addr.off) != ph_addr.memsz)
68 return EL_EIO;
69 }
70
71 return EL_OK;
72 }
```
这个函数里, , ( , : ) , ,
```c
19 static void *elf_alloc_mb(elf_ctx *ctx, uint64 elf_pa, uint64 elf_va, uint64 size) {
20 // directly returns the virtual address as we are in the Bare mode in lab1
21 return (void *)elf_va;
22 }
```
但是, ( ) , ( ) ,
< a name = "subsec_htif" > < / a >
### 3.1.6 spike的HTIF接口
spike提供的HTIF( ) :
< img src = "pictures/htif.png" alt = "fig2_install_1" style = "zoom:100%;" / >
图2.1 HTIF的原理
我们知道spike是运行在主机( ) , ( ) , ( ) ( ) , ( , ) ; , , ; ,
spike基于HTIF内存的传递, ( ) , , , , ,
对于PKE实验而言, ( ) , ( ) , , , ! , ( ) ( ) ,
另外需要注意的是,**HTIF机制并不是纯粹为满足教学要求而写的“玩具”**。我们在ZedBoard这种开发板的PL( ) , , ( ) , ( )
< a name = "syscall" > < / a >
## 3.2 lab1_1 系统调用
< a name = "lab1_1_app" > < / a >
#### **给定应用**
- user/app_helloworld.c
```c
1 /*
2 * Below is the given application for lab1_1.
3 *
4 * You can build this app (as well as our PKE OS kernel) by command:
5 * $ make
6 *
7 * Or run this app (with the support from PKE OS kernel) by command:
8 * $ make run
9 */
10
11 #include "user_lib.h"
12
13 int main(void) {
14 printu("Hello world!\n");
15
16 exit(0);
17 }
```
应用实现的功能非常简单,即在屏幕上打印"Hello world!\n"。
- make后的直接运行结果:
```bash
$ spike ./obj/riscv-pke ./obj/app_helloworld
In m_start, hartid:0
HTIF is available!
(Emulated) memory size: 2048 MB
Enter supervisor mode...
Application: ./obj/app_helloworld
elf_load: ctx->ehdr.phoff = 64, ctx->ehdr.phnum =1, sizeof(ph_addr)=56.
elf_load: ph_addr.memsz = 744, ph_addr.off =4096.
Application program entry point (virtual address): 0x0000000081000000
Switching to user mode...
call do_syscall to accomplish the syscall and lab1_1 here.
System is shutting down with exit code -1.
```
从结果上来看,并未达到我们的预期结果,即在屏幕上输出"Hello world!\n"。
< a name = "lab1_1_content" > < / a >
#### **实验内容**
如输出提示所表示的那样, , :
```bash
$ spike ./obj/riscv-pke ./obj/app_helloworld
In m_start, hartid:0
HTIF is available!
(Emulated) memory size: 2048 MB
Enter supervisor mode...
Application: ./obj/app_helloworld
Application program entry point (virtual address): 0x0000000081000000
Switching to user mode...
Hello world!
User exit with code:0.
System is shutting down with exit code 0.
```
< a name = "lab1_1_guide" > < / a >
#### **实验指导**
lab1_1实验需要读者了解和掌握操作系统中系统调用机制的实现原理。从应用出发, : , , , :
```c
13 int do_user_call(uint64 sysnum, uint64 a1, uint64 a2, uint64 a3, uint64 a4, uint64 a5, uint64 a6,
14 uint64 a7) {
15 int ret;
16
17 // before invoking the syscall, arguments of do_user_call are already loaded into the argument
18 // registers (a0-a7) of our (emulated) risc-v machine.
19 asm volatile(
20 "ecall\n"
21 "sw a0, %0" // returns a 32-bit value
22 : "=m"(ret)
23 :
24 : "memory");
25
26 return ret;
27 }
```
我们发现, , , ( ) ( ) , ( ) ( ) :
```assembly
16 .globl smode_trap_vector
17 .align 4
18 smode_trap_vector:
19 # swap a0 and sscratch, so that points a0 to the trapframe of current process
20 csrrw a0, sscratch, a0
21
22 # save the context (user registers) of current process in its trapframe.
23 addi t6, a0 , 0
24 store_all_registers
25
26 # come back to save a0 register before entering trap handling in trapframe
27 csrr t0, sscratch
28 sd t0, 72(a0)
29
30 # use the "user kernel" stack (whose pointer stored in p->trapframe->kernel_sp)
31 ld sp, 248(a0)
32
33 # load the address of smode_trap_handler() from p->trapframe->kernel_trap
34 ld t0, 256(a0)
35
36 # jump to smode_trap_handler() that is defined in kernel/trap.c
37 jr t0
```
从以上代码我们可以看到, ( ) ( ) ; ( ) , ( , , , ) , , ; , ( ) , ( )
smode_trap_handler()函数的定义在kernel/strap.c文件中, :
```c
33 void smode_trap_handler(void) {
34 // make sure we are in User mode before entering the trap handling.
35 // we will consider other previous case in lab1_3 (interrupt).
36 if ((read_csr(sstatus) & SSTATUS_SPP) != 0) panic("usertrap: not from user mode");
37
38 assert(current);
39 // save user process counter.
40 current->trapframe->epc = read_csr(sepc);
41
42 // if the cause of trap is syscall from user application
43 if (read_csr(scause) == CAUSE_USER_ECALL) {
44 handle_syscall(current->trapframe);
45 } else {
46 sprint("smode_trap_handler(): unexpected scause %p\n", read_csr(scause));
47 sprint(" sepc=%p stval=%p\n", read_csr(sepc), read_csr(stval));
48 panic( "unexpected exception happened.\n" );
49 }
50
51 // continue the execution of current process.
52 switch_to(current);
53 }
```
该函数首先在第36行, ( ) , ( ) ; , ; ( ) , ( ) , ( , ) , ; ,
handle_syscall()函数的定义也在kernel/strap.c文件中:
```c
15 static void handle_syscall(trapframe *tf) {
16 // tf->epc points to the address that our computer will jump to after the trap handling.
17 // for a syscall, we should return to the NEXT instruction after its handling.
18 // in RV64G, each instruction occupies exactly 32 bits (i.e., 4 Bytes)
19 tf->epc += 4;
20
21 // TODO (lab1_1): remove the panic call below, and call do_syscall (defined in
22 // kernel/syscall.c) to conduct real operations of the kernel side for a syscall.
23 // IMPORTANT: return value should be returned to user app, or else, you will encounter
24 // problems in later experiments!
25 panic( "call do_syscall to accomplish the syscall and lab1_1 here.\n" );
26
27 }
```
看到第25行, , , , ! , ,
那么do_syscall()函数是在哪里定义的呢? , :
```c
38 long do_syscall(long a0, long a1, long a2, long a3, long a4, long a5, long a6, long a7) {
39 switch (a0) {
40 case SYS_user_print:
41 return sys_user_print((const char*)a1, a2);
42 case SYS_user_exit:
43 return sys_user_exit(a1);
44 default:
45 panic("Unknown syscall %ld \n", a0);
46 }
47 }
```
但是, , , ? ( , ) , , ? ,
除了实验内容之外, , ? ,
完成以上实验后,就能够获得以下结果输出了:
```bash
$ spike ./obj/riscv-pke ./obj/app_helloworld
In m_start, hartid:0
HTIF is available!
(Emulated) memory size: 2048 MB
Enter supervisor mode...
Application: ./obj/app_helloworld
Application program entry point (virtual address): 0x0000000081000000
Switching to user mode...
Hello world!
User exit with code:0.
System is shutting down with exit code 0.
```
**实验完毕后,记得提交修改(命令行中-m后的字符串可自行确定) , :
```bash
$ git commit -a -m "my work on lab1_1 is done."
```
< a name = "exception" > < / a >
## 3.3 lab1_2 异常处理
< a name = "lab1_2_app" > < / a >
#### **给定应用**
- user/app_illegal_instruction.c
```c
1 /*
2 * Below is the given application for lab1_2.
3 * This app attempts to issue M-mode instruction in U-mode, and consequently raises an exception.
4 */
5
6 #include "user_lib.h"
7 #include "util/types.h"
8
9 int main(void) {
10 printu("Going to hack the system by running privilege instructions.\n");
11 // we are now in U(user)-mode, but the "csrw" instruction requires M-mode privilege.
12 // Attempting to execute such instruction will raise illegal instruction exception.
13 asm volatile("csrw sscratch, 0");
14 exit(0);
15 }
```
( ) , ,
- ( , ) , :
```bash
//切换到lab1_2
$ git checkout lab1_2_exception
//继承lab1_1的答案
$ git merge lab1_1_syscall -m "continue to work on lab1_2"
//重新构造
$ make clean; make
//运行构造结果
$ spike ./obj/riscv-pke ./obj/app_illegal_instruction
In m_start, hartid:0
HTIF is available!
(Emulated) memory size: 2048 MB
Enter supervisor mode...
Application: ./obj/app_illegal_instruction
elf_load: ctx->ehdr.phoff = 64, ctx->ehdr.phnum =1, sizeof(ph_addr)=56.
elf_load: ph_addr.memsz = 800, ph_addr.off =4096.
Application program entry point (virtual address): 0x0000000081000000
Switching to user mode...
Going to hack the system by running privilege instructions.
call handle_illegal_instruction to accomplish illegal instruction interception of lab1_2.
System is shutting down with exit code -1.
```
以上输出中,由于篇幅的关系,我们隐藏了前三个命令的输出结果。
< a name = "lab1_2_content" > < / a >
#### **实验内容**
如输出所提示的那样, ,
```bash
$ spike ./obj/riscv-pke ./obj/app_illegal_instruction
In m_start, hartid:0
HTIF is available!
(Emulated) memory size: 2048 MB
Enter supervisor mode...
Application: ./obj/app_illegal_instruction
Application program entry point (virtual address): 0x0000000081000000
Switching to user mode...
Going to hack the system by running privilege instructions.
Illegal instruction!
System is shutting down with exit code -1.
```
< a name = "lab1_2_guide" > < / a >
#### **实验指导**
lab1_2实验需要读者了解和掌握操作系统中异常( ) , , ( ) :
显然, , ( ) , , , , , ( ) , , ?
通过[3.1.5](#subsec_booting)节的阅读, , ? , , :
```c
51 static void delegate_traps() {
52 if (!supports_extension('S')) {
53 // confirm that our processor supports supervisor mode. abort if not.
54 sprint("s mode is not supported.\n");
55 return;
56 }
57
58 uintptr_t interrupts = MIP_SSIP | MIP_STIP | MIP_SEIP;
59 uintptr_t exceptions = (1U < < CAUSE_MISALIGNED_FETCH ) | ( 1U < < CAUSE_FETCH_PAGE_FAULT ) |
60 (1U < < CAUSE_BREAKPOINT ) | ( 1U < < CAUSE_LOAD_PAGE_FAULT ) |
61 (1U < < CAUSE_STORE_PAGE_FAULT ) | ( 1U < < CAUSE_USER_ECALL ) ;
62
63 write_csr(mideleg, interrupts);
64 write_csr(medeleg, exceptions);
65 assert(read_csr(mideleg) == interrupts);
66 assert(read_csr(medeleg) == exceptions);
67 }
```
在第58--61行的代码中, , , ( , , ) ! , , ( ( ) ) :
```assembly
8 mtrapvec:
9 # swap a0 and mscratch
10 # so that a0 points to interrupt frame
11 csrrw a0, mscratch, a0
12
13 # save the registers in interrupt frame
14 addi t6, a0, 0
15 store_all_registers
16 # save the user a0 in itrframe->a0
17 csrr t0, mscratch
18 sd t0, 72(a0)
19
20 # use stack0 for sp
21 la sp, stack0
22 li a3, 4096
23 csrr a4, mhartid
24 addi a4, a4, 1
25 mul a3, a3, a4
26 add sp, sp, a3
27
28 // save the address of interrupt frame in the csr "mscratch"
29 csrw mscratch, a0
30
31 call handle_mtrap
32
33 // restore all registers
34 csrr t6, mscratch
35 restore_all_registers
36
37 mret
```
可以看到, , ( , ) , ( ) , ( ) , ,
接下来, ( ) , :
```c
20 void handle_mtrap() {
21 uint64 mcause = read_csr(mcause);
22 switch (mcause) {
23 case CAUSE_FETCH_ACCESS:
24 handle_instruction_access_fault();
25 break;
26 case CAUSE_LOAD_ACCESS:
27 handle_load_access_fault();
28 case CAUSE_STORE_ACCESS:
29 handle_store_access_fault();
30 break;
31 case CAUSE_ILLEGAL_INSTRUCTION:
32 // TODO (lab1_2): call handle_illegal_instruction to implement illegal instruction
33 // interception, and finish lab1_2.
34 panic( "call handle_illegal_instruction to accomplish illegal instruction interception for lab1_2.\n" );
35
36 break;
37 case CAUSE_MISALIGNED_LOAD:
38 handle_misaligned_load();
39 break;
40 case CAUSE_MISALIGNED_STORE:
41 handle_misaligned_store();
42 break;
43
44 default:
45 sprint("machine trap(): unexpected mscause %p\n", mcause);
46 sprint(" mepc=%p mtval=%p\n", read_csr(mepc), read_csr(mtval));
47 panic( "unexpected exception happened in M-mode.\n" );
48 break;
49 }
50 }
```
可以看到, , , ( ) , ,
需要注意的是, , , ( ) , ,
**实验完毕后,记得提交修改(命令行中-m后的字符串可自行确定) , :
```bash
$ git commit -a -m "my work on lab1_2 is done."
```
< a name = "irq" > < / a >
## 3.4 lab1_3 (外部)中断
< a name = "lab1_3_app" > < / a >
#### **给定应用**
- user/app_long_loop.c
```c
1 /*
2 * Below is the given application for lab1_3.
3 * This app performs a long loop, during which, timers are
4 * generated and pop messages to our screen.
5 */
6
7 #include "user_lib.h"
8 #include "util/types.h"
9
10 int main(void) {
11 printu("Hello world!\n");
12 int i;
13 for (i = 0; i < 100000000 ; + + i ) {
14 if (i % 5000000 == 0) printu("wait %d\n", i);
15 }
16
17 exit(0);
18
19 return 0;
20 }
```
应用的程序逻辑包含一个长度为100000000次的循环, , , ( ) , ( , , !
- ( , ) , :
```bash
//切换到lab1_3
$ git checkout lab1_3_irq
//继承lab1_2以及之前的答案
$ git merge lab1_2_exception -m "continue to work on lab1_3"
//重新构造
$ make clean; make
//运行构造结果
$ spike ./obj/riscv-pke ./obj/app_long_loop
In m_start, hartid:0
HTIF is available!
(Emulated) memory size: 2048 MB
Enter supervisor mode...
Application: ./obj/app_long_loop
Application program entry point (virtual address): 0x000000008100007e
Switching to user mode...
Hello world!
wait 0
wait 5000000
wait 10000000
Ticks 0
lab1_3: increase g_ticks by one, and clear SIP field in sip register.
System is shutting down with exit code -1.
```
以上输出中,由于篇幅的关系,我们隐藏了前三个命令的输出结果。
从以上程序的运行结果来看, , ( ) ! , , ( )
< a name = "lab1_3_content" > < / a >
#### 实验内容
完成PKE操作系统内核未完成的时钟中断处理过程,
实验完成后的运行结果:
```bash
$ spike ./obj/riscv-pke ./obj/app_long_loop
In m_start, hartid:0
HTIF is available!
(Emulated) memory size: 2048 MB
Enter supervisor mode...
Application: obj/app_long_loop
Application program entry point (virtual address): 0x000000008100007e
Switching to user mode...
Hello world!
wait 0
wait 5000000
wait 10000000
Ticks 0
wait 15000000
wait 20000000
Ticks 1
wait 25000000
wait 30000000
wait 35000000
Ticks 2
wait 40000000
wait 45000000
Ticks 3
wait 50000000
wait 55000000
wait 60000000
Ticks 4
wait 65000000
wait 70000000
Ticks 5
wait 75000000
wait 80000000
wait 85000000
Ticks 6
wait 90000000
wait 95000000
Ticks 7
User exit with code:0.
System is shutting down with exit code 0.
```
< a name = "lab1_3_guide" > < / a >
#### 实验指导
在[上一个实验](#exception)中, ( ) , , , :
- 在m_start函数( ) , :
```c
72 void timerinit(uintptr_t hartid) {
73 // fire timer irq after TIMER_INTERVAL from now.
74 *(uint64* )CLINT_MTIMECMP(hartid) = *(uint64* )CLINT_MTIME + TIMER_INTERVAL;
75
76 // enable machine-mode timer irq in MIE (Machine Interrupt Enable) csr.
77 write_csr(mie, read_csr(mie) | MIE_MTIE);
78 }
```
该函数首先在74行设置了下一次timer触发的时间, ( , ) , ( , ) , ( )
时钟中断触发后, :
```assembly
8 mtrapvec:
9 # swap a0 and mscratch
10 # so that a0 points to interrupt frame
11 csrrw a0, mscratch, a0
12
13 # save the registers in interrupt frame
14 addi t6, a0, 0
15 store_all_registers
16 # save the user a0 in itrframe->a0
17 csrr t0, mscratch
18 sd t0, 72(a0)
19
20 # use stack0 for sp
21 la sp, stack0
22 li a3, 4096
23 csrr a4, mhartid
24 addi a4, a4, 1
25 mul a3, a3, a4
26 add sp, sp, a3
27
28 // save the address of interrupt frame in the csr "mscratch"
29 csrw mscratch, a0
30
31 call handle_mtrap
32
33 // restore all registers
34 csrr t6, mscratch
35 restore_all_registers
36
37 mret
```
和lab1_2一样, , ( ) ,
```c
17 static void handle_timer() {
18 int cpuid = 0;
19 // setup the timer fired at next time (TIMER_INTERVAL from now)
20 *(uint64* )CLINT_MTIMECMP(cpuid) = *(uint64* )CLINT_MTIMECMP(cpuid) + TIMER_INTERVAL;
21
22 // setup a soft interrupt in sip (S-mode Interrupt Pending) to be handled in S-mode
23 write_csr(sip, SIP_SSIP);
24 }
25
26 //
27 // handle_mtrap calls cooresponding functions to handle an exception of a given type.
28 //
29 void handle_mtrap() {
30 uint64 mcause = read_csr(mcause);
31 switch (mcause) {
32 case CAUSE_MTIMER:
33 handle_timer();
34 break;
35 case CAUSE_FETCH_ACCESS:
36 handle_instruction_access_fault();
37 break;
38 case CAUSE_LOAD_ACCESS:
39 handle_load_access_fault();
40 case CAUSE_STORE_ACCESS:
41 handle_store_access_fault();
42 break;
43 case CAUSE_ILLEGAL_INSTRUCTION:
44 // TODO (lab1_2): call handle_illegal_instruction to implement illegal instruction
45 // interception, and finish lab1_2.
46 panic( "call handle_illegal_instruction to accomplish illegal instruction interception for lab1_2.\n" );
47
48 break;
49 case CAUSE_MISALIGNED_LOAD:
50 handle_misaligned_load();
51 break;
52 case CAUSE_MISALIGNED_STORE:
53 handle_misaligned_store();
54 break;
55
56 default:
57 sprint("machine trap(): unexpected mscause %p\n", mcause);
58 sprint(" mepc=%p mtval=%p\n", read_csr(mepc), read_csr(mtval));
59 panic( "unexpected exception happened in M-mode.\n" );
60 break;
61 }
62 }
```
而handle_timer()函数会( ) ( ) , ( , ) , , , , , ( )
那么为什么操作系统内核不在M态就完成对时钟中断的处理, ? , , , ( ) , ( ) , , , , ,
接下来, , :
```c
45 void smode_trap_handler(void) {
46 // make sure we are in User mode before entering the trap handling.
47 // we will consider other previous case in lab1_3 (interrupt).
48 if ((read_csr(sstatus) & SSTATUS_SPP) != 0) panic("usertrap: not from user mode");
49
50 assert(current);
51 // save user process counter.
52 current->trapframe->epc = read_csr(sepc);
53
54 // if the cause of trap is syscall from user application
55 uint64 cause = read_csr(scause);
56
57 if (cause == CAUSE_USER_ECALL) {
58 handle_syscall(current->trapframe);
59 } else if (cause == CAUSE_MTIMER_S_TRAP) { //soft trap generated by timer interrupt in M mode
60 handle_mtimer_trap();
61 } else {
62 sprint("smode_trap_handler(): unexpected scause %p\n", read_csr(scause));
63 sprint(" sepc=%p stval=%p\n", read_csr(sepc), read_csr(stval));
64 panic( "unexpected exception happened.\n" );
65 }
66
67 // continue the execution of current process.
68 switch_to(current);
69 }
```
我们看到, , , , ,
```c
31 static uint64 g_ticks = 0;
32 void handle_mtimer_trap() {
33 sprint("Ticks %d\n", g_ticks);
34 // TODO (lab1_3): increase g_ticks to record this "tick", and then clear the "SIP"
35 // field in sip register.
36 // hint: use write_csr to disable the SIP_SSIP bit in sip.
37 panic( "lab1_3: increase g_ticks by one, and clear SIP field in sip register.\n" );
38
39 }
```
至此,我们就知道为什么会在之前看到`lab1_3: increase g_ticks by one, and clear SIP field in sip register.`这样的输出了,
那么handle_mtimer_trap()需要完成哪些“后续动作”呢? , , , , , ; , , ( , ) ( ) , , , ,
**实验完毕后,记得提交修改(命令行中-m后的字符串可自行确定) , :
```bash
$ git commit -a -m "my work on lab1_3 is done."
```
< a name = "lab1_challenge1_backtrace" > < / a >
## 3.5 lab1_challenge1 打印用户程序调用栈(难度:★★☆☆☆)
< a name = "lab1_challenge1_app" > < / a >
#### **给定应用**
- user/app_print_backtrace.c
```c
1 /*
2 * Below is the given application for lab1_challenge1_backtrace.
3 * This app prints all functions before calling print_backtrace().
4 */
5
6 #include "user_lib.h"
7 #include "util/types.h"
8
9 void f8() { print_backtrace(7); }
10 void f7() { f8(); }
11 void f6() { f7(); }
12 void f5() { f6(); }
13 void f4() { f5(); }
14 void f3() { f4(); }
15 void f2() { f3(); }
16 void f1() { f2(); }
17
18 int main(void) {
19 printu("back trace the user app in the following:\n");
20 f1();
21 exit(0);
22 return 0;
23 }
```
以上程序在真正调用系统调用print_backtrace(7)之前的函数调用关系比复杂,图示起来有以下关系:
main -> f1 -> f2 -> f3 -> f4 -> f5 -> f6 -> f7 -> f8
print_backtrace(7)的作用是将以上用户程序的函数调用关系, , :
```bash
In m_start, hartid:0
HTIF is available!
(Emulated) memory size: 2048 MB
Enter supervisor mode...
Application: obj/app_print_backtrace
Application program entry point (virtual address): 0x0000000081000072
Switching to user mode...
back trace the user app in the following:
f8
f7
f6
f5
f4
f3
f2
User exit with code:0.
System is shutting down with exit code 0.
```
< a name = "lab1_challenge1_content" > < / a >
#### 实验内容
本实验为挑战实验, :
- ( , ) :
```bash
//切换到lab1_challenge1_backtrace
$ git checkout lab1_challenge1_backtrace
//继承lab1_3以及之前的答案
$ git merge lab1_3_irq -m "continue to work on lab1_challenge1"
```
注意:**不同于基础实验,挑战实验的基础代码具有更大的不完整性,可能无法直接通过构造过程。**例如,
- 本实验的具体要求为:
通过修改PKE内核, ( )
对于print_backtrace()函数的实现要求:
应用程序调用print_backtrace()时, ( ) , ; , ( )
- 讨论的简化
实验可以对中间函数, , ,
< a name = "lab1_challenge1_guide" > < / a >
#### 实验指导
为完成该挑战, :
- 系统调用路径上的完善,可参见[3.2](#syscall)中的知识;
- 在操作系统内核中获取用户程序的栈。这里需要注意的是, , ,
- 找到用户态栈后,我们需要了解用户态栈的结构。实际上,这一点在我们的第一章就有[举例](chapter1_riscv.md#call_stack_structure)来说明,读者可以回顾一下第一章的例子。另外,由于我们可以对讨论进行简化(即假设中间函数无参数),那么单次函数调用的栈深度我们也可以进行相应的假设;
- 通过用户栈找到函数的返回地址后, , ( ) , ( ) , ( ) , ,
**注意: , ,
**另外,后续的基础实验代码并不依赖挑战实验,所以读者可自行决定是否将自己的工作提交到本地代码仓库中(当然,提交到本地仓库是个好习惯,至少能保存自己的“作品”)。**
< a name = "lab1_challenge2_errorline" > < / a >
## 3.6 lab1_challenge2 打印异常代码行(难度:★★★★☆)
< a name = "lab1_challenge2_app" > < / a >
#### **给定应用**
- user/app_errorline.c( )
```c
1 /*
2 * Below is the given application for lab1_challenge2 (same as lab1_2).
3 * This app attempts to issue M-mode instruction in U-mode, and consequently raises an exception.
4 */
5
6 #include "user_lib.h"
7 #include "util/types.h"
8
9 int main(void) {
10 printu("Going to hack the system by running privilege instructions.\n");
11 // we are now in U(user)-mode, but the "csrw" instruction requires M-mode privilege.
12 // Attempting to execute such instruction will raise illegal instruction exception.
13 asm volatile("csrw sscratch, 0");
14 exit(0);
15 }
16
```
以上程序试图在用户态读取在内核态才能读取的寄存器sscratch, , ( ) , ,
```bash
In m_start, hartid:0
HTIF is available!
(Emulated) memory size: 2048 MB
Enter supervisor mode...
Application: obj/app_errorline
Application program entry point (virtual address): 0x0000000081000000
Switch to user mode...
Going to hack the system by running privilege instructions.
Runtime error at user/app_errorline.c:13
asm volatile("csrw sscratch, 0");
Illegal instruction!
System is shutting down with exit code -1.
```
< a name = "lab1_challenge2_content" > < / a >
#### 实验内容
本实验为挑战实验, :
- ( , ) ( , !
```bash
//切换到lab1_challenge2_errorline
$ git checkout lab1_challenge2_errorline
//继承lab1_3以及之前的答案
$ git merge lab1_3_irq -m "continue to work on lab1_challenge1"
```
注意:**不同于基础实验,挑战实验的基础代码具有更大的不完整性,可能无法直接通过构造过程。**同样,不同于基础实验,我们在代码中也并未专门地哪些地方的代码需要填写,哪些地方的代码无须填写。这样,我们留给读者更大的“想象空间”。
- 本实验的具体要求为: ( ) , ,
- 注意: ,
- 文件名规范:需要包含路径,如果是用户源程序发生的错误,路径为相对路径,如果是调用的标准库内发生的错误,路径为绝对路径。
- 为了降低挑战的难度, , , ; , , ;
- 函数调用结束后, , , , ; ; , , , , , ,
- 注意: , , ; ,
< a name = "lab1_challenge2_guide" > < / a >
#### 实验指导
* 为完成该挑战,需要利用用户程序编译时产生的**调试信息**, , , ,
* 你对内核代码的修改可能包含以下内容:
* 修改读取elf文件的代码, , ( )
* 在适当的位置调用debug_line段解析函数, ,
* 在异常中断处理函数中,通过相应寄存器找到触发异常的指令地址,然后在上述表中查找地址对应的源代码行号和文件名输出
**另外,后续的基础实验代码并不依赖挑战实验,所以读者可自行决定是否将自己的工作提交到本地代码仓库中(当然,提交到本地仓库是个好习惯,至少能保存自己的“作品”)。**
