CS 5600 Computer Systems Programs, Processes, and Threads • Programs • Processes • Context Switching • Protected Mode Execu<on • Inter-process Communicaon • Threads 2 Running Dynamic Code • One basic func<on of an OS is to execute and manage code dynamically, e.g.: – A command issued at a command line terminal – An icon double clicKed from the desKtop – Jobs/tasKs run as part of a batch system (MapReduce) • A process is the basic unit of a program in execu<on 3 Programs and Processes Process The running instan<aon of a program, stored in RAM Program An executable file in long-term One-to-many storage relaonship between program and processes 4 How to Run a Program? • When you double-clicK on an .exe, how does the OS turn the file on disK into a process? • What informaon must the .exe file contain in order to run as a program? 5 Program Formats • Programs obey specific file formats – CP/M and DOS: COM executables (*.com) – DOS: MZ executables (*.exe) • Named aer MarK Zbikowski, a DOS developer – Windows Portable Executable (PE, PE32+) (*.exe) • Modified version of Unix COFF executable format • PE files start with an MZ header. Why? – Unix/Linux: Executable and LinKable Format (ELF) – Mac OSX: Mach object file format (Mach-O) 6 test.c #include <stdio.h> int big_big_array[10 * 1024 * 1024]; char *a_string = "Hello, World!"; int a_var_with_value = 100; int main(void) { big_big_array[0] = 100; prin("%s\n", a_string); a_var_with_value += 20; prin("main is : %p\n", &main); return 0; } 7 ELF File Format • ELF Header – Contains compability info – Entry point of the executable code • Program header table – Lists all the segments in the file – Used to load and execute the program • Sec<on header table – Used by the linKer 8 • Entry point of executable code • What should EIP be set to ini<ally? ELF Header Format typedef struct { 1 unsigned char e_ident[EI_NIDENT]; Elf32_Half e_type; 5 Elf32_Half e_machine; ISA of executable code Elf32_Word e_version; Elf32_Addr e_entry; Offset of program headers Elf32_Off e_phoff; Elf32_Off e_shoff; Offset of sec<on headers 10 Elf32_Word e_flags; Elf32_Half e_ehsize; Elf32_Half e_phentsize; # of program headers Elf32_Half e_phnum; Elf32_Half e_shentsize; # of sec<on headers 15 Elf32_Half e_shnum; Elf32_Half e_shstrndx; } Elf32_Ehdr; 9 ELF Header Example $ gcc –g –o test test.c $ readelf --header test ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, li{le endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Advanced Micro Devices X86-64 Version: 0x1 Entry point address: 0x400460 Start of program headers: 64 (bytes into file) Start of sec<on headers: 5216 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 9 Size of sec<on headers: 64 (bytes) Number of sec<on headers: 36 Sec<on header string table index: 33 10 Inves<gang the Entry Point int main(void) { … prin("main is : %p\n", &main); return 0; } $ gcc -g -o test test.c $ readelf --headers ./test | grep Entry point' Entry point address: 0x400460 $ ./test Hello World! main is : 0x400544 11 Entry point != &main $ ./test • Most compilers insert extra Hello World! main is : 0x400544 code into compiled programs $ readelf --headers ./test | grep Entry point' • This code typically runs Entry point address: 0x400460 before and aer main() $ objdump --disassemble –M intel ./test … 0000000000400460 <_start>: 400460: 31 ed xor ebp,ebp 400462: 49 89 d1 mov r9,rdx 400465: 5e pop rsi 400466: 48 89 e2 mov rdx,rsp 400469: 48 83 e4 f0 and rsp,0xfffffffffffffff0 40046d: 50 push rax 40046e: 54 push rsp 40046f: 49 c7 c0 20 06 40 00 mov r8,0x400620 400476: 48 c7 c1 90 05 40 00 mov rcx,0x400590 40047d: 48 c7 c7 44 05 40 00 mov rdi,0x400544 400484: e8 c7 ff ff ff call 400450 <__libc_start_main@plt> … 12 Sec<ons and Segments Mul<ple sec<ons in • Secons are the various one segments pieces of code and data that get linKed together by the Segments compiler • Each segment contains one or more secons – Each segment contains sec<ons that are related • E.g. all code sec<ons – Segments are the basic units for the loader 13 Common Secons • Sec<ons are the various pieces of code and data that compose a program • Key secons: – .text – Executable code – .bss – Global variables ini<alized to zero – .data, .rodata – Ini<alized data and strings – .strtab – Names of func<ons and variables – .symtab – Debug symbols 14 String variable à .dataSec<on Example Empty 10 MB array à .bss int big_big_array[10*1024*1024]; char *a_string = "Hello, World!"; int a_var_with_value = 0x100; int main(void) { Ini<alized global variable à .data big_big_array[0] = 100; prin("%s\n", a_string); a_var_with_value += 20; … } String constant à .rodata Code à .text 15 $ readelf --headers ./test … Sec<on to Segment mapping: Segment Sec<ons... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build- id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_fra me_hdr .eh_frame 03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .ctors .dtors .jcr .dynamic .got … There are 36 sec<on headers, star<ng at offset 0x1460: Sec<on Headers: [Nr] Name Type Address Offset Size ES Flags Link Info Align [ 0] NULL 00000000 00000000 00000000 00 0 0 0 [ 1] .interp PROGBITS 00400238 00000238 0000001c 00 A 0 0 1 [ 2] .note.ABI-tag NOTE 00400254 00000254 00000020 00 A 0 0 4 [ 3] .note.gnu.build-I NOTE 00400274 00000274 00000024 00 A 0 0 4 [ 4] .gnu.hash GNU_HASH 00400298 00000298 0000001c 00 A 5 0 8 [ 5] .dynsym DYNSYM 004002b8 000002b8 00000078 18 A 6 1 8 [ 6] .dynstr STRTAB 00400330 00000330 00000044 00 A 0 0 1 [ 7] .gnu.version VERSYM 00400374 00000374 0000000a 02 A 5 0 2 … .text Example Header typedef struct { Elf32_Word p_type; Elf32_Off p_offset; Address to load 5 Elf32_Addr p_vaddr; secon in memory Elf32_Addr p_paddr; Elf32_Word p_filesz; Elf32_Word p_memsz; Offset of data in the file Elf32_Word p_flags; 10 Elf32_Word p_align; } How many bytes (in hex) Data for the are in the sec<on $program readelf --sec<ons ./test ... Sec<on Headers: Executable … [Nr] Name Type Address Offset Size ES Flags Link Info Align [13] .text PROGBITS 00400460 00000460 00000218 00 AX 0 0 16 … .bss Example Header int big_big_array[10*1024*1024]; typedef struct { Elf32_Word p_type; Offset of data in the file Elf32_Off p_offset; (No<ce the length = 0) 5 Elf32_Addr p_vaddr; Elf32_Addr p_paddr; Address to load Elf32_Word p_filesz; secon in memory Elf32_Word p_memsz; Elf32_Word p_flags; Contains 10 Elf32_Word p_align; no data } hex(4*10*1024*1024) = $ readelf --sec<ons ./test ... 0x2800020 Sec<on Headers: Writable … [Nr] Name Type Address Offset Size ES Flags Link Info Align [25] .bss NOBITS 00601040 00001034 02800020 00 WA 0 0 32 [26] .comment PROGBITS 00000000 00001034 000002a 01 MS 0 0 1 … Segments • Each segment contains one or more sec<ons – All of the sec<ons in a segment are related, e.g.: • All sec<ons contain compiled code • Or, all sec<ons contain ini<alized data • Or, all sec<ons contain debug informaon • … etc… • Segments are used by the loader to: – Place data and code in memory – Determine memory permissions (read/write/execute) 19 Segment Header typedef struct { Elf32_Word p_type; // Type of Segment Elf32_Off p_offset; // Offset for the segment 5 Elf32_Addr p_vaddr; // Locaon to load Elf32_Addr p_paddr; // the segmen<nto memory Elf32_Word p_filesz; // Size on disK Elf32_Word p_memsz; // Size in memory Elf32_Word p_flags; // Flags describing data 10 Elf32_Word p_align; } 20 $ readelf --segments ./test Elf file type is EXEC (Executable file) Entry point 0x400460 There are 9 program headers, star<ng at offset 64 Executable Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align PHDR 0x00000040 0x00400040 0x00400040 0x000001f8 0x000001f8 R E 8 INTERP 0x00000238 0x00400238 0x00400238 0x0000001c 0x0000001c R 1 LOAD 0x00000000 0x00400000 0x00400000 0x0000077c 0x0000077c R E 200000 LOAD 0x00000e28 0x00600e28 0x00600e28 0x0000020c 0x02800238 RW 200000 DYNAMIC 0x00000e50 0x00600e50 0x00600e50 0x00000190 0x00000190 RW 8 NOTE 0x00000254 0x00400254 0x00400254 0x00000044 0x00000044 R 4 GNU_EH_FRAME 0x000006a8 0x004006a8 0x004006a8 0x0000002c 0x0000002c R 4 GNU_STACK 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 RW 8 GNU_RELRO 0x00000e28 0x00600e28 0x00600e28 0x000001d8 0x000001d8 R 1 Sec<on to Segment mapping: Segment Sec<ons... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build- id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_fra me 03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 04 .dynamic … What About Stac Data? #include <stdio.h> $ strings –t d ./test 568 /lib64/ld-linux-x86-64.so.2 int big_big_array[10 * 1024 * 1024]; 817 __gmon_start__ char *a_string = "Hello, World!"; 832 libc.so.6 842 puts int a_var_with_value = 100; 847 prin 854 __libc_start_main int main(void) { 872 GLIBC_2.2.5 big_big_array[0] = 100; 1300 fff. 1314 = prin("%s\n", a_string); 1559 l$ L a_var_with_value += 20; 1564 t$(L 1569 |$0H prin("main is : %p\n", &main); 1676 Hello, World! return 0; 1690 main is : %p 1807 ;*3$" } 22 Single-Process Address Space • The stacK is used for local variables and func<on calls Memory – Grows downwards StacK • Heap is allocated dynamically (malloc/ new) – Grows upwards Heap • When the stacK and heap meet, there is no more memory leZ in the process .bss – Process will probably crash .rodata .data