2.1 Fault command found

FAIL
Test output failed to match any acceptable form.

Acceptable output:
  do-nothing: exit(162)
Differences in `diff -u' format:
- do-nothing: exit(162)
+ Page fault at 0xc0000008: rights violation error reading page in user context.
+ do-nothing: dying due to interrupt 0x0e (#PF Page-Fault Exception).
+ Interrupt 0x0e (#PF Page-Fault Exception) at eip=0x80488ee
+  cr2=c0000008 error=00000005
+  eax=00000000 ebx=00000000 ecx=00000000 edx=00000000
+  esi=00000000 edi=00000000 esp=bfffffe4 ebp=bffffffc
+  cs=001b ds=0023 es=0023 ss=0023

1. Which virtual address the program tried to access from user space caused it to crash ？
   0xc0000008
2. What is the virtual address of the instruction that caused the crash ？
   0x80488ee
3. To investigate , Please use objdump Disassembly do-nothing Binary . What is the name of the function where the program crashed ？, And determine the instructions for program crash .

080488e8 <_start>:
 80488e8:       55                      push   %ebp
 80488e9:       89 e5                   mov    %esp,%ebp
 80488eb:       83 ec 18                sub    $0x18,%esp
 80488ee:       8b 45 0c                mov    0xc(%ebp),%eax    ;argv
 80488f1:       89 44 24 04             mov    %eax,0x4(%esp)
 80488f5:       8b 45 08                mov    0x8(%ebp),%eax    ;argc
 80488f8:       89 04 24                mov    %eax,(%esp)
 80488fb:       e8 94 f7 ff ff          call   8048094 <main>
 8048900:       89 04 24                mov    %eax,(%esp)
 8048903:       e8 d3 21 00 00          call   804aadb <exit>

4. Find the function you identified above C Code （ Tips ： It is executed in user space , So it is located in do-nothing.c or proj-pregame/src/lib or proj-pregame/src/lib/user One of the files in ）. about #3 Each instruction in the disassembly function in , Explain in a few words why it is necessary and / Or what it's trying to do . Tips ： See 80x86 Calling convention .
   towards main Function transfer parameters .80x86 All the function parameters of are passed through the stack , and 80x86_64 Before 6 Parameters are passed through registers .

//proj-pregame/src/lib/user/entry.c
#include <syscall.h>

int main(int, char* []);
void _start(int argc, char* argv[]);

void _start(int argc, char* argv[]) {
     exit(main(argc, argv)); }

5. Why are you #3 The instructions identified in attempt to access you in #1 Memory at the virtual address determined in ？ Don't use the value of a register to explain this ; We are looking for a higher level of explanation .
   At this time, the instruction wants to set the parameter argv As a call main The parameters of the function , and ebp Point to its old value ,ebp + 4 Point to return address ,ebp + 8 Point to argc,ebp + 12 Point to argv, Therefore, the instruction attempts to access the virtual address .

2.2 Single step debugging crash

6. Enter the process execution function . What is the name and address of the thread running this function ？ at present Pintos What other threads are there in ？ Copy their thread structure .
   The name is main, The address is 0xc000e000

pintos-debug: dumplist #0: 0xc000e000 {
    tid = 1, status = THREAD_RUNNING, name = "main", '\000' <repeats 11 times>, stack = 0xc000e
dbc "\001", priority = 31, allelem = {
    prev = 0xc0039cf8 <all_list>, next = 0xc0104020}, elem = {
    prev = 0xc0039ce8 <fifo_ready_list
>, next = 0xc0039cf0 <fifo_ready_list+8>}, pcb = 0xc010500c, magic = 3446325067}
pintos-debug: dumplist #1: 0xc0104000 {
    tid = 2, status = THREAD_BLOCKED, name = "idle", '\000' <repeats 11 times>, stack = 0xc0104
f14 "", priority = 0, allelem = {
    prev = 0xc000e020, next = 0xc0039d00 <all_list+8>}, elem = {
    prev = 0xc0039ce8 <fifo_ready_list>,
next = 0xc0039cf0 <fifo_ready_list+8>}, pcb = 0x0, magic = 3446325067}

7. What is the backtrace of the current thread ？ from GDB Copy backtracking as your answer , And copy the corresponding C Lines of code .

#0  process_execute (file_name=0xc0007d50 "do-nothing") at ../../userprog/process.c:55
#1  0xc0020a19 in run_task (argv=0xc0039bec <argv+12>) at ../../threads/init.c:317
#2  0xc0020b8f in run_actions (argv=0xc0039bec <argv+12>) at ../../threads/init.c:390
#3  0xc00203d9 in main () at ../../threads/init.c:138

process_wait(process_execute(task));
a->function(argv);
run_actions(argv);

8. stay start_process Set a breakpoint at and continue running to that point . What is the name and address of the thread running this function ？ at present Pintos What other threads are there in ？ Copy their structure threads .
   do-nothing,0xc010b000.

pintos-debug: dumplist #0: 0xc000e000 {
    tid = 1, status = THREAD_BLOCKED, name = "main", '\000' <repeats 11 times>, stack = 0xc000e
e7c "", priority = 31, allelem = {
    prev = 0xc0039cf8 <all_list>, next = 0xc0104020}, elem = {
    prev = 0xc003b718 <temporary+4>, next
= 0xc003b720 <temporary+12>}, pcb = 0xc010500c, magic = 3446325067}
pintos-debug: dumplist #1: 0xc0104000 {
    tid = 2, status = THREAD_BLOCKED, name = "idle", '\000' <repeats 11 times>, stack = 0xc0104
f14 "", priority = 0, allelem = {
    prev = 0xc000e020, next = 0xc010b020}, elem = {
    prev = 0xc0039ce8 <fifo_ready_list>, next = 0xc003
9cf0 <fifo_ready_list+8>}, pcb = 0x0, magic = 3446325067}
pintos-debug: dumplist #2: 0xc010b000 {
    tid = 3, status = THREAD_RUNNING, name = "do-nothing\000\000\000\000\000", stack = 0xc010bf
d4 "", priority = 31, allelem = {
    prev = 0xc0104020, next = 0xc0039d00 <all_list+8>}, elem = {
    prev = 0xc0039ce8 <fifo_ready_list>,
next = 0xc0039cf0 <fifo_ready_list+8>}, pcb = 0x0, magic = 3446325067}

9. Step by step start_process function , Until you cross the right load Call to . Be careful load Set up if_ The structure of the eip and esp Field . Print out if_ The value of the structure , Display values in hexadecimal （ Tips ： p/x if ）.

{
    edi = 0x0, esi = 0x0, ebp = 0x0, esp_dummy = 0x0, ebx = 0x0, edx = 0x0, ecx = 0x0, eax = 0x0, gs = 0x23, fs = 0x23, es = 0x2
3, ds = 0x23, vec_no = 0x0, error_code = 0x0, frame_pointer = 0x0, eip = 0x80488e8, cs = 0x1b, eflags = 0x202, esp = 0xc0000000, s
s = 0x23}

10. asm volatile The first instruction in the statement sets the stack pointer to if_ The bottom of the structure . The second instruction jumps to intr_exit. The comments in the code explain what happened here . Step by step asm volatile sentence , Then step through the instructions . When you step through iret When the command , Observe the function “ return ” To user space . Why does the processor switch mode when executing this function ？ Please feel free to act according to iret Time memory and / Or the value in the register to explain this point , as well as iret Function of instruction .

intr_exit:
 52│         /* Restore caller's registers. */
 53│         popal
 54│         popl %gs
 55│         popl %fs
 56│         popl %es
 57│         popl %ds
 58│
 59│         /* Discard `struct intr_frame' vec_no, error_code, 60│ frame_pointer members. */
 61│         addl $12, %esp